Deprecate all BroType* in BifType:: namespace

Replaced with equivalently named IntrusivePtr in zeek::BifType::

NEWS

@@ -176,6 +176,10 @@ Deprecated Functionality
 
 - ``Scope::Lookup()`` is deprecated, use ``Scope::Find()``.
 
+- All generated ``BroType*`` names in the ``BifType::`` namespaces are
+  deprecated, but there's an equivalent name in ``zeek::BifType::`` of
+  ``IntrusivePtr`` type to use instead.
+
 Zeek 3.1.0
 ==========
 

aux/bifcl

@@ -1 +1 @@
-Subproject commit 970c09875a4bcfb61981d7b629e732f9a0f322ef
+Subproject commit 5afd05f72b52bd40637546203749fb7bed8dbc4d

src/TunnelEncapsulation.cc

@@ -18,7 +18,7 @@ EncapsulatingConn::EncapsulatingConn(Connection* c, BifEnum::Tunnel::Type t)
 
 IntrusivePtr<RecordVal> EncapsulatingConn::ToVal() const
 	{
-	auto rv = make_intrusive<RecordVal>(BifType::Record::Tunnel::EncapsulatingConn);
+	auto rv = make_intrusive<RecordVal>(zeek::BifType::Record::Tunnel::EncapsulatingConn);
 
 	auto id_val = make_intrusive<RecordVal>(zeek::id::conn_id);
 	id_val->Assign(0, make_intrusive<AddrVal>(src_addr));
@@ -26,7 +26,7 @@ IntrusivePtr<RecordVal> EncapsulatingConn::ToVal() const
 	id_val->Assign(2, make_intrusive<AddrVal>(dst_addr));
 	id_val->Assign(3, val_mgr->Port(ntohs(dst_port), proto));
 	rv->Assign(0, std::move(id_val));
-	rv->Assign(1, BifType::Enum::Tunnel::Type->GetVal(type));
+	rv->Assign(1, zeek::BifType::Enum::Tunnel::Type->GetVal(type));
 
 	rv->Assign(2, make_intrusive<StringVal>(uid.Base62("C").c_str()));
 

src/Val.cc

@@ -2033,16 +2033,16 @@ void TableVal::CallChangeFunc(const Val* index, Val* old_value, OnChangeType tpe
 		switch ( tpe )
 			{
 			case ELEMENT_NEW:
-				vl.emplace_back(BifType::Enum::TableChange->GetVal(BifEnum::TableChange::TABLE_ELEMENT_NEW));
+				vl.emplace_back(zeek::BifType::Enum::TableChange->GetVal(BifEnum::TableChange::TABLE_ELEMENT_NEW));
 				break;
 			case ELEMENT_CHANGED:
-				vl.emplace_back(BifType::Enum::TableChange->GetVal(BifEnum::TableChange::TABLE_ELEMENT_CHANGED));
+				vl.emplace_back(zeek::BifType::Enum::TableChange->GetVal(BifEnum::TableChange::TABLE_ELEMENT_CHANGED));
 				break;
 			case ELEMENT_REMOVED:
-				vl.emplace_back(BifType::Enum::TableChange->GetVal(BifEnum::TableChange::TABLE_ELEMENT_REMOVED));
+				vl.emplace_back(zeek::BifType::Enum::TableChange->GetVal(BifEnum::TableChange::TABLE_ELEMENT_REMOVED));
 				break;
 			case ELEMENT_EXPIRED:
-				vl.emplace_back(BifType::Enum::TableChange->GetVal(BifEnum::TableChange::TABLE_ELEMENT_EXPIRED));
+				vl.emplace_back(zeek::BifType::Enum::TableChange->GetVal(BifEnum::TableChange::TABLE_ELEMENT_EXPIRED));
 			}
 
 		for ( const auto& v : lv->Vals() )

src/analyzer/protocol/dce-rpc/dce_rpc-analyzer.pac

@@ -42,7 +42,7 @@ refine connection DCE_RPC_Conn += {
 			                                  ${header.is_orig},
 			                                  fid,
 			                                  ${header.PTYPE},
-			                                  BifType::Enum::DCE_RPC::PType->GetVal(${header.PTYPE}));
+			                                  zeek::BifType::Enum::DCE_RPC::PType->GetVal(${header.PTYPE}));
 			}
 		return true;
 		%}

src/analyzer/protocol/dhcp/dhcp-analyzer.pac

@@ -19,7 +19,7 @@ refine flow DHCP_Flow += {
 		%{
 		if ( ! options )
 			{
-			options = make_intrusive<RecordVal>(BifType::Record::DHCP::Options);
+			options = make_intrusive<RecordVal>(zeek::BifType::Record::DHCP::Options);
 			all_options = make_intrusive<VectorVal>(zeek::id::index_vec);
 			options->Assign(0, all_options);
 			}
@@ -53,7 +53,7 @@ refine flow DHCP_Flow += {
 			std::string mac_str = fmt_mac(${msg.chaddr}.data(), ${msg.chaddr}.length());
 			double secs = static_cast<double>(${msg.secs});
 
-			auto dhcp_msg_val = make_intrusive<RecordVal>(BifType::Record::DHCP::Msg);
+			auto dhcp_msg_val = make_intrusive<RecordVal>(zeek::BifType::Record::DHCP::Msg);
 			dhcp_msg_val->Assign(0, val_mgr->Count(${msg.op}));
 			dhcp_msg_val->Assign(1, val_mgr->Count(${msg.type}));
 			dhcp_msg_val->Assign(2, val_mgr->Count(${msg.xid}));

src/analyzer/protocol/dhcp/dhcp-options.pac

@@ -57,7 +57,7 @@ refine casetype OptionValue += {
 refine flow DHCP_Flow += {
 	function process_router_option(v: OptionValue): bool
 		%{
-		auto router_list = make_intrusive<VectorVal>(IntrusivePtr{NewRef{}, BifType::Vector::DHCP::Addrs});
+		auto router_list = make_intrusive<VectorVal>(zeek::BifType::Vector::DHCP::Addrs);
 		int num_routers = ${v.router_list}->size();
 		vector<uint32>* rlist = ${v.router_list};
 
@@ -91,7 +91,7 @@ refine casetype OptionValue += {
 refine flow DHCP_Flow += {
 	function process_timeserver_option(v: OptionValue): bool
 		%{
-		auto timeserver_list = make_intrusive<VectorVal>(IntrusivePtr{NewRef{}, BifType::Vector::DHCP::Addrs});
+		auto timeserver_list = make_intrusive<VectorVal>(zeek::BifType::Vector::DHCP::Addrs);
 		int num_servers = ${v.timeserver_list}->size();
 		vector<uint32>* rlist = ${v.timeserver_list};
 
@@ -125,7 +125,7 @@ refine casetype OptionValue += {
 refine flow DHCP_Flow += {
 	function process_nameserver_option(v: OptionValue): bool
 		%{
-		auto nameserver_list = make_intrusive<VectorVal>(IntrusivePtr{NewRef{}, BifType::Vector::DHCP::Addrs});
+		auto nameserver_list = make_intrusive<VectorVal>(zeek::BifType::Vector::DHCP::Addrs);
 		int num_servers = ${v.nameserver_list}->size();
 		vector<uint32>* rlist = ${v.nameserver_list};
 
@@ -159,7 +159,7 @@ refine casetype OptionValue += {
 refine flow DHCP_Flow += {
 	function process_dns_server_option(v: OptionValue): bool
 		%{
-		auto server_list = make_intrusive<VectorVal>(IntrusivePtr{NewRef{}, BifType::Vector::DHCP::Addrs});
+		auto server_list = make_intrusive<VectorVal>(zeek::BifType::Vector::DHCP::Addrs);
 		int num_servers = ${v.dns_server_list}->size();
 		vector<uint32>* rlist = ${v.dns_server_list};
 
@@ -298,7 +298,7 @@ refine casetype OptionValue += {
 refine flow DHCP_Flow += {
 	function process_ntpserver_option(v: OptionValue): bool
 		%{
-		auto ntpserver_list = make_intrusive<VectorVal>(IntrusivePtr{NewRef{}, BifType::Vector::DHCP::Addrs});
+		auto ntpserver_list = make_intrusive<VectorVal>(zeek::BifType::Vector::DHCP::Addrs);
 		int num_servers = ${v.ntpserver_list}->size();
 		vector<uint32>* rlist = ${v.ntpserver_list};
 
@@ -356,7 +356,7 @@ refine casetype OptionValue += {
 refine flow DHCP_Flow += {
 	function process_nbns_option(v: OptionValue): bool
 		%{
-		auto server_list = make_intrusive<VectorVal>(IntrusivePtr{NewRef{}, BifType::Vector::DHCP::Addrs});
+		auto server_list = make_intrusive<VectorVal>(zeek::BifType::Vector::DHCP::Addrs);
 		int num_servers = ${v.nbns}->size();
 		vector<uint32>* rlist = ${v.nbns};
 
@@ -625,7 +625,7 @@ refine casetype OptionValue += {
 refine flow DHCP_Flow += {
 	function process_client_id_option(v: OptionValue): bool
 		%{
-		RecordVal* client_id = new RecordVal(BifType::Record::DHCP::ClientID);
+		RecordVal* client_id = new RecordVal(zeek::BifType::Record::DHCP::ClientID);
 		client_id->Assign(0, val_mgr->Count(${v.client_id.hwtype}));
 		client_id->Assign(1, make_intrusive<StringVal>(fmt_mac(${v.client_id.hwaddr}.begin(), ${v.client_id.hwaddr}.length())));
 
@@ -685,7 +685,7 @@ refine casetype OptionValue += {
 refine flow DHCP_Flow += {
 	function process_client_fqdn_option(v: OptionValue): bool
 		%{
-		RecordVal* client_fqdn = new RecordVal(BifType::Record::DHCP::ClientFQDN);
+		RecordVal* client_fqdn = new RecordVal(zeek::BifType::Record::DHCP::ClientFQDN);
 		client_fqdn->Assign(0, val_mgr->Count(${v.client_fqdn.flags}));
 		client_fqdn->Assign(1, val_mgr->Count(${v.client_fqdn.rcode1}));
 		client_fqdn->Assign(2, val_mgr->Count(${v.client_fqdn.rcode2}));
@@ -743,14 +743,14 @@ refine flow DHCP_Flow += {
 
 	function process_relay_agent_inf_option(v: OptionValue): bool
 		%{
-		auto relay_agent_sub_opt = make_intrusive<VectorVal>(IntrusivePtr{NewRef{}, BifType::Vector::DHCP::SubOpts});
+		auto relay_agent_sub_opt = make_intrusive<VectorVal>(zeek::BifType::Vector::DHCP::SubOpts);
 
 		uint16 i = 0;
 
 		for ( auto ptrsubopt = ${v.relay_agent_inf}->begin();
 		      ptrsubopt != ${v.relay_agent_inf}->end(); ++ptrsubopt )
 			{
-			auto r = new RecordVal(BifType::Record::DHCP::SubOpt);
+			auto r = new RecordVal(zeek::BifType::Record::DHCP::SubOpt);
 			r->Assign(0, val_mgr->Count((*ptrsubopt)->code()));
 			r->Assign(1, to_stringval((*ptrsubopt)->value()));
 

src/analyzer/protocol/ftp/functions.bif

@@ -6,7 +6,7 @@ type ftp_port: record;
 
 static IntrusivePtr<Val> parse_port(const char* line)
 	{
-	auto r = make_intrusive<RecordVal>(BifType::Record::ftp_port);
+	auto r = make_intrusive<RecordVal>(zeek::BifType::Record::ftp_port);
 
 	int bytes[6];
 	if ( line && sscanf(line, "%d,%d,%d,%d,%d,%d",
@@ -49,7 +49,7 @@ static IntrusivePtr<Val> parse_port(const char* line)
 
 static IntrusivePtr<Val> parse_eftp(const char* line)
 	{
-	auto r = make_intrusive<RecordVal>(BifType::Record::ftp_port);
+	auto r = make_intrusive<RecordVal>(zeek::BifType::Record::ftp_port);
 
 	int net_proto = 0;	// currently not used
 	IPAddr addr;	// unspecified IPv6 address (all 128 bits zero)

src/analyzer/protocol/gtpv1/gtpv1-analyzer.pac

@@ -6,7 +6,7 @@
 %code{
 IntrusivePtr<RecordVal> BuildGTPv1Hdr(const GTPv1_Header* pdu)
 	{
-	auto rv = make_intrusive<RecordVal>(BifType::Record::gtpv1_hdr);
+	auto rv = make_intrusive<RecordVal>(zeek::BifType::Record::gtpv1_hdr);
 
 	rv->Assign(0, val_mgr->Count(pdu->version()));
 	rv->Assign(1, val_mgr->Bool(pdu->pt_flag()));
@@ -35,7 +35,7 @@ static IntrusivePtr<Val> BuildIMSI(const InformationElement* ie)
 
 static IntrusivePtr<Val> BuildRAI(const InformationElement* ie)
 	{
-	auto ev = make_intrusive<RecordVal>(BifType::Record::gtp_rai);
+	auto ev = make_intrusive<RecordVal>(zeek::BifType::Record::gtp_rai);
 	ev->Assign(0, val_mgr->Count(ie->rai()->mcc()));
 	ev->Assign(1, val_mgr->Count(ie->rai()->mnc()));
 	ev->Assign(2, val_mgr->Count(ie->rai()->lac()));
@@ -85,7 +85,7 @@ static IntrusivePtr<Val> BuildTraceType(const InformationElement* ie)
 
 Val* BuildEndUserAddr(const InformationElement* ie)
 	{
-	RecordVal* ev = new RecordVal(BifType::Record::gtp_end_user_addr);
+	RecordVal* ev = new RecordVal(zeek::BifType::Record::gtp_end_user_addr);
 	ev->Assign(0, val_mgr->Count(ie->end_user_addr()->pdp_type_org()));
 	ev->Assign(1, val_mgr->Count(ie->end_user_addr()->pdp_type_num()));
 
@@ -130,7 +130,7 @@ Val* BuildProtoConfigOptions(const InformationElement* ie)
 
 Val* BuildGSN_Addr(const InformationElement* ie)
 	{
-	RecordVal* ev = new RecordVal(BifType::Record::gtp_gsn_addr);
+	RecordVal* ev = new RecordVal(zeek::BifType::Record::gtp_gsn_addr);
 
 	int len = ie->gsn_addr()->value().length();
 	const uint8* d = ie->gsn_addr()->value().data();
@@ -156,7 +156,7 @@ Val* BuildMSISDN(const InformationElement* ie)
 
 Val* BuildQoS_Profile(const InformationElement* ie)
 	{
-	RecordVal* ev = new RecordVal(BifType::Record::gtp_qos_profile);
+	RecordVal* ev = new RecordVal(zeek::BifType::Record::gtp_qos_profile);
 
 	const u_char* d = (const u_char*) ie->qos_profile()->data().data();
 	int len = ie->qos_profile()->data().length();
@@ -190,7 +190,7 @@ Val* BuildOMC_ID(const InformationElement* ie)
 
 Val* BuildPrivateExt(const InformationElement* ie)
 	{
-	RecordVal* ev = new RecordVal(BifType::Record::gtp_private_extension);
+	RecordVal* ev = new RecordVal(zeek::BifType::Record::gtp_private_extension);
 
 	const uint8* d = ie->private_ext()->value().data();
 	int len = ie->private_ext()->value().length();
@@ -238,7 +238,7 @@ void CreatePDP_Request(const BroAnalyzer& a, const GTPv1_Header* pdu)
 	if ( ! ::gtpv1_create_pdp_ctx_request ) return;
 
 	auto rv = make_intrusive<RecordVal>(
-	  BifType::Record::gtp_create_pdp_ctx_request_elements);
+	  zeek::BifType::Record::gtp_create_pdp_ctx_request_elements);
 
 	const vector<InformationElement *> * v = pdu->create_pdp_ctx_request();
 
@@ -338,7 +338,7 @@ void CreatePDP_Response(const BroAnalyzer& a, const GTPv1_Header* pdu)
 	    return;
 
 	auto rv = make_intrusive<RecordVal>(
-	  BifType::Record::gtp_create_pdp_ctx_response_elements);
+	  zeek::BifType::Record::gtp_create_pdp_ctx_response_elements);
 
 	const vector<InformationElement *> * v = pdu->create_pdp_ctx_response();
 
@@ -407,7 +407,7 @@ void UpdatePDP_Request(const BroAnalyzer& a, const GTPv1_Header* pdu)
 	    return;
 
 	auto rv = make_intrusive<RecordVal>(
-	  BifType::Record::gtp_update_pdp_ctx_request_elements);
+	  zeek::BifType::Record::gtp_update_pdp_ctx_request_elements);
 
 	const vector<InformationElement *> * v = pdu->update_pdp_ctx_request();
 
@@ -485,7 +485,7 @@ void UpdatePDP_Response(const BroAnalyzer& a, const GTPv1_Header* pdu)
 	    return;
 
 	auto rv = make_intrusive<RecordVal>(
-	  BifType::Record::gtp_update_pdp_ctx_response_elements);
+	  zeek::BifType::Record::gtp_update_pdp_ctx_response_elements);
 
 	const vector<InformationElement *> * v = pdu->update_pdp_ctx_response();
 
@@ -545,7 +545,7 @@ void DeletePDP_Request(const BroAnalyzer& a, const GTPv1_Header* pdu)
 	    return;
 
 	auto rv = make_intrusive<RecordVal>(
-	  BifType::Record::gtp_delete_pdp_ctx_request_elements);
+	  zeek::BifType::Record::gtp_delete_pdp_ctx_request_elements);
 
 	const vector<InformationElement *> * v = pdu->delete_pdp_ctx_request();
 
@@ -579,7 +579,7 @@ void DeletePDP_Response(const BroAnalyzer& a, const GTPv1_Header* pdu)
 	    return;
 
 	auto rv = make_intrusive<RecordVal>(
-	  BifType::Record::gtp_delete_pdp_ctx_response_elements);
+	  zeek::BifType::Record::gtp_delete_pdp_ctx_response_elements);
 
 	const vector<InformationElement *> * v = pdu->delete_pdp_ctx_response();
 

src/analyzer/protocol/krb/krb-analyzer.pac

@@ -8,7 +8,7 @@ bool proc_error_arguments(RecordVal* rv, const std::vector<KRB_ERROR_Arg*>* args
 %code{
 RecordVal* proc_krb_kdc_options(const KRB_KDC_Options* opts)
 {
-	RecordVal* rv = new RecordVal(BifType::Record::KRB::KDC_Options);
+	RecordVal* rv = new RecordVal(zeek::BifType::Record::KRB::KDC_Options);
 
 	rv->Assign(0, val_mgr->Bool(opts->forwardable()));
 	rv->Assign(1, val_mgr->Bool(opts->forwarded()));
@@ -29,7 +29,7 @@ RecordVal* proc_krb_kdc_options(const KRB_KDC_Options* opts)
 
 RecordVal* proc_krb_kdc_req_arguments(KRB_KDC_REQ* msg, const BroAnalyzer bro_analyzer)
 {
-	RecordVal* rv = new RecordVal(BifType::Record::KRB::KDC_Request);
+	RecordVal* rv = new RecordVal(zeek::BifType::Record::KRB::KDC_Request);
 
 	rv->Assign(0, asn1_integer_to_val(msg->pvno()->data(), TYPE_COUNT));
 	rv->Assign(1, asn1_integer_to_val(msg->msg_type()->data(), TYPE_COUNT));
@@ -203,7 +203,7 @@ refine connection KRB_Conn += {
 		auto msg_type = binary_to_int64(${msg.msg_type.data.content});
 		auto make_arg = [this, msg]() -> IntrusivePtr<RecordVal>
 			{
-			auto rv = make_intrusive<RecordVal>(BifType::Record::KRB::KDC_Response);
+			auto rv = make_intrusive<RecordVal>(zeek::BifType::Record::KRB::KDC_Response);
 
 			rv->Assign(0, asn1_integer_to_val(${msg.pvno.data}, TYPE_COUNT));
 			rv->Assign(1, asn1_integer_to_val(${msg.msg_type.data}, TYPE_COUNT));
@@ -244,7 +244,7 @@ refine connection KRB_Conn += {
 		bro_analyzer()->ProtocolConfirmation();
 		if ( krb_error )
 			{
-			auto rv = make_intrusive<RecordVal>(BifType::Record::KRB::Error_Msg);
+			auto rv = make_intrusive<RecordVal>(zeek::BifType::Record::KRB::Error_Msg);
 			proc_error_arguments(rv.get(), ${msg.args1}, 0);
 			rv->Assign(4, asn1_integer_to_val(${msg.error_code}, TYPE_COUNT));
 			proc_error_arguments(rv.get(), ${msg.args2}, binary_to_int64(${msg.error_code.encoding.content}));
@@ -258,7 +258,7 @@ refine connection KRB_Conn += {
 		bro_analyzer()->ProtocolConfirmation();
 		if ( krb_ap_request )
 			{
-			auto rv = make_intrusive<RecordVal>(BifType::Record::KRB::AP_Options);
+			auto rv = make_intrusive<RecordVal>(zeek::BifType::Record::KRB::AP_Options);
 			rv->Assign(0, val_mgr->Bool(${msg.ap_options.use_session_key}));
 			rv->Assign(1, val_mgr->Bool(${msg.ap_options.mutual_required}));
 
@@ -289,7 +289,7 @@ refine connection KRB_Conn += {
 		bro_analyzer()->ProtocolConfirmation();
 		if ( krb_safe )
 			{
-			auto rv = make_intrusive<RecordVal>(BifType::Record::KRB::SAFE_Msg);
+			auto rv = make_intrusive<RecordVal>(zeek::BifType::Record::KRB::SAFE_Msg);
 
 			rv->Assign(0, asn1_integer_to_val(${msg.pvno.data}, TYPE_COUNT));
 			rv->Assign(1, asn1_integer_to_val(${msg.msg_type.data}, TYPE_COUNT));

src/analyzer/protocol/krb/krb-padata.pac

@@ -36,7 +36,7 @@ VectorVal* proc_padata(const KRB_PA_Data_Sequence* data, const BroAnalyzer bro_a
 				break;
 			case PA_PW_SALT:
 				{
-				RecordVal * type_val = new RecordVal(BifType::Record::KRB::Type_Value);
+				RecordVal * type_val = new RecordVal(zeek::BifType::Record::KRB::Type_Value);
 				type_val->Assign(0, val_mgr->Count(element->data_type()));
 				type_val->Assign(1, to_stringval(element->pa_data_element()->pa_pw_salt()->encoding()->content()));
 				vv->Assign(vv->Size(), type_val);
@@ -44,7 +44,7 @@ VectorVal* proc_padata(const KRB_PA_Data_Sequence* data, const BroAnalyzer bro_a
 				}
 			case PA_ENCTYPE_INFO:
 				{
-				RecordVal * type_val = new RecordVal(BifType::Record::KRB::Type_Value);
+				RecordVal * type_val = new RecordVal(zeek::BifType::Record::KRB::Type_Value);
 				type_val->Assign(0, val_mgr->Count(element->data_type()));
 				type_val->Assign(1, to_stringval(element->pa_data_element()->pf_enctype_info()->salt()));
 				vv->Assign(vv->Size(), type_val);
@@ -52,7 +52,7 @@ VectorVal* proc_padata(const KRB_PA_Data_Sequence* data, const BroAnalyzer bro_a
 				}
 			case PA_ENCTYPE_INFO2:
 				{
-				RecordVal * type_val = new RecordVal(BifType::Record::KRB::Type_Value);
+				RecordVal * type_val = new RecordVal(zeek::BifType::Record::KRB::Type_Value);
 				type_val->Assign(0, val_mgr->Count(element->data_type()));
 				type_val->Assign(1, to_stringval(element->pa_data_element()->pf_enctype_info2()->salt()));
 				vv->Assign(vv->Size(), type_val);
@@ -110,7 +110,7 @@ VectorVal* proc_padata(const KRB_PA_Data_Sequence* data, const BroAnalyzer bro_a
 				{
 				if ( ! is_error && element->pa_data_element()->unknown()->meta()->length() > 0 )
 					{
-					RecordVal * type_val = new RecordVal(BifType::Record::KRB::Type_Value);
+					RecordVal * type_val = new RecordVal(zeek::BifType::Record::KRB::Type_Value);
 					type_val->Assign(0, val_mgr->Count(element->data_type()));
 					type_val->Assign(1, to_stringval(element->pa_data_element()->unknown()->content()));
 					vv->Assign(vv->Size(), type_val);

src/analyzer/protocol/krb/krb-types.pac

@@ -47,7 +47,7 @@ VectorVal* proc_host_address_list(const BroAnalyzer a, const KRB_Host_Addresses*
 
 RecordVal* proc_host_address(const BroAnalyzer a, const KRB_Host_Address* addr)
 {
-	RecordVal* rv = new RecordVal(BifType::Record::KRB::Host_Address);
+	RecordVal* rv = new RecordVal(zeek::BifType::Record::KRB::Host_Address);
 	const auto& addr_bytes = addr->address()->data()->content();
 
 	switch ( binary_to_int64(addr->addr_type()->encoding()->content()) )
@@ -85,7 +85,7 @@ RecordVal* proc_host_address(const BroAnalyzer a, const KRB_Host_Address* addr)
 			break;
 		}
 
-	RecordVal* unk = new RecordVal(BifType::Record::KRB::Type_Value);
+	RecordVal* unk = new RecordVal(zeek::BifType::Record::KRB::Type_Value);
 	unk->Assign(0, asn1_integer_to_val(addr->addr_type(), TYPE_COUNT));
 	unk->Assign(1, to_stringval(addr_bytes));
 	rv->Assign(2, unk);
@@ -107,7 +107,7 @@ IntrusivePtr<VectorVal> proc_tickets(const KRB_Ticket_Sequence* list)
 
 IntrusivePtr<RecordVal> proc_ticket(const KRB_Ticket* ticket)
 	{
-	auto rv = make_intrusive<RecordVal>(BifType::Record::KRB::Ticket);
+	auto rv = make_intrusive<RecordVal>(zeek::BifType::Record::KRB::Ticket);
 
 	rv->Assign(0, asn1_integer_to_val(ticket->tkt_vno()->data(), TYPE_COUNT));
 	rv->Assign(1, to_stringval(ticket->realm()->data()->content()));

src/analyzer/protocol/modbus/modbus-analyzer.pac

@@ -16,7 +16,7 @@
 %code{
 	IntrusivePtr<VectorVal> bytestring_to_coils(const bytestring& coils, uint quantity)
 		{
-		auto modbus_coils = make_intrusive<VectorVal>(IntrusivePtr{NewRef{}, BifType::Vector::ModbusCoils});
+		auto modbus_coils = make_intrusive<VectorVal>(zeek::BifType::Vector::ModbusCoils);
 
 		for ( uint i = 0; i < quantity; i++ )
 			{
@@ -29,7 +29,7 @@
 
 	IntrusivePtr<RecordVal> HeaderToVal(ModbusTCP_TransportHeader* header)
 		{
-		auto modbus_header = make_intrusive<RecordVal>(BifType::Record::ModbusHeaders);
+		auto modbus_header = make_intrusive<RecordVal>(zeek::BifType::Record::ModbusHeaders);
 		modbus_header->Assign(0, val_mgr->Count(header->tid()));
 		modbus_header->Assign(1, val_mgr->Count(header->pid()));
 		modbus_header->Assign(2, val_mgr->Count(header->uid()));
@@ -209,7 +209,7 @@ refine flow ModbusTCP_Flow += {
 
 		if ( ::modbus_read_holding_registers_response )
 			{
-			auto t = make_intrusive<VectorVal>(IntrusivePtr{NewRef{}, BifType::Vector::ModbusRegisters});
+			auto t = make_intrusive<VectorVal>(zeek::BifType::Vector::ModbusRegisters);
 
 			for ( unsigned int i=0; i < ${message.registers}->size(); ++i )
 				{
@@ -253,7 +253,7 @@ refine flow ModbusTCP_Flow += {
 
 		if ( ::modbus_read_input_registers_response )
 			{
-			auto t = make_intrusive<VectorVal>(IntrusivePtr{NewRef{}, BifType::Vector::ModbusRegisters});
+			auto t = make_intrusive<VectorVal>(zeek::BifType::Vector::ModbusRegisters);
 
 			for ( unsigned int i=0; i < (${message.registers})->size(); ++i )
 				{
@@ -397,7 +397,7 @@ refine flow ModbusTCP_Flow += {
 
 		if ( ::modbus_write_multiple_registers_request )
 			{
-			auto t = make_intrusive<VectorVal>(IntrusivePtr{NewRef{}, BifType::Vector::ModbusRegisters});
+			auto t = make_intrusive<VectorVal>(zeek::BifType::Vector::ModbusRegisters);
 
 			for ( unsigned int i = 0; i < (${message.registers}->size()); ++i )
 				{
@@ -582,7 +582,7 @@ refine flow ModbusTCP_Flow += {
 
 		if ( ::modbus_read_write_multiple_registers_request )
 			{
-			auto t = make_intrusive<VectorVal>(IntrusivePtr{NewRef{}, BifType::Vector::ModbusRegisters});
+			auto t = make_intrusive<VectorVal>(zeek::BifType::Vector::ModbusRegisters);
 
 			for ( unsigned int i = 0; i < ${message.write_register_values}->size(); ++i )
 				{
@@ -614,7 +614,7 @@ refine flow ModbusTCP_Flow += {
 
 		if ( ::modbus_read_write_multiple_registers_response )
 			{
-			auto t = make_intrusive<VectorVal>(IntrusivePtr{NewRef{}, BifType::Vector::ModbusRegisters});
+			auto t = make_intrusive<VectorVal>(zeek::BifType::Vector::ModbusRegisters);
 
 			for ( unsigned int i = 0; i < ${message.registers}->size(); ++i )
 				{

src/analyzer/protocol/mqtt/commands/connack.pac

@@ -15,7 +15,7 @@ refine flow MQTT_Flow += {
 		%{
 		if ( mqtt_connack )
 			{
-			auto m = make_intrusive<RecordVal>(BifType::Record::MQTT::ConnectAckMsg);
+			auto m = make_intrusive<RecordVal>(zeek::BifType::Record::MQTT::ConnectAckMsg);
 			m->Assign(0, val_mgr->Count(${msg.return_code}));
 			m->Assign(1, val_mgr->Bool(${msg.session_present}));
 			BifEvent::enqueue_mqtt_connack(connection()->bro_analyzer(),

src/analyzer/protocol/mqtt/commands/connect.pac

@@ -44,7 +44,7 @@ refine flow MQTT_Flow += {
 		%{
 		if ( mqtt_connect )
 			{
-			auto m = make_intrusive<RecordVal>(BifType::Record::MQTT::ConnectMsg);
+			auto m = make_intrusive<RecordVal>(zeek::BifType::Record::MQTT::ConnectMsg);
 			m->Assign(0, make_intrusive<StringVal>(${msg.protocol_name.str}.length(),
 			                           reinterpret_cast<const char*>(${msg.protocol_name.str}.begin())));
 			m->Assign(1, val_mgr->Count(${msg.protocol_version}));

src/analyzer/protocol/mqtt/commands/publish.pac

@@ -23,7 +23,7 @@ refine flow MQTT_Flow += {
 		%{
 		if ( mqtt_publish )
 			{
-			auto m = make_intrusive<RecordVal>(BifType::Record::MQTT::PublishMsg);
+			auto m = make_intrusive<RecordVal>(zeek::BifType::Record::MQTT::PublishMsg);
 			m->Assign(0, val_mgr->Bool(${msg.dup}));
 			m->Assign(1, val_mgr->Count(${msg.qos}));
 			m->Assign(2, val_mgr->Bool(${msg.retain}));

src/analyzer/protocol/ntlm/ntlm-analyzer.pac

@@ -15,7 +15,7 @@ refine connection NTLM_Conn += {
 
 	function build_version_record(val: NTLM_Version): BroVal
 		%{
-		RecordVal* result = new RecordVal(BifType::Record::NTLM::Version);
+		RecordVal* result = new RecordVal(zeek::BifType::Record::NTLM::Version);
 		result->Assign(0, val_mgr->Count(${val.major_version}));
 		result->Assign(1, val_mgr->Count(${val.minor_version}));
 		result->Assign(2, val_mgr->Count(${val.build_number}));
@@ -26,7 +26,7 @@ refine connection NTLM_Conn += {
 
 	function build_av_record(val: NTLM_AV_Pair_Sequence, len: uint16): BroVal
 		%{
-		RecordVal* result = new RecordVal(BifType::Record::NTLM::AVs);
+		RecordVal* result = new RecordVal(zeek::BifType::Record::NTLM::AVs);
 		for ( uint i = 0; ; i++ )
 			{
 			if ( i >= ${val.pairs}->size() )
@@ -78,7 +78,7 @@ refine connection NTLM_Conn += {
 
 	function build_negotiate_flag_record(val: NTLM_Negotiate_Flags): BroVal
 		%{
-		RecordVal* flags = new RecordVal(BifType::Record::NTLM::NegotiateFlags);
+		RecordVal* flags = new RecordVal(zeek::BifType::Record::NTLM::NegotiateFlags);
 		flags->Assign(0, val_mgr->Bool(${val.negotiate_56}));
 		flags->Assign(1, val_mgr->Bool(${val.negotiate_key_exch}));
 		flags->Assign(2, val_mgr->Bool(${val.negotiate_128}));
@@ -110,7 +110,7 @@ refine connection NTLM_Conn += {
 		if ( ! ntlm_negotiate )
 			return true;
 
-		auto result = make_intrusive<RecordVal>(BifType::Record::NTLM::Negotiate);
+		auto result = make_intrusive<RecordVal>(zeek::BifType::Record::NTLM::Negotiate);
 		result->Assign(0, build_negotiate_flag_record(${val.flags}));
 
 		if ( ${val}->has_domain_name() )
@@ -134,7 +134,7 @@ refine connection NTLM_Conn += {
 		if ( ! ntlm_challenge )
 			return true;
 
-		auto result = make_intrusive<RecordVal>(BifType::Record::NTLM::Challenge);
+		auto result = make_intrusive<RecordVal>(zeek::BifType::Record::NTLM::Challenge);
 		result->Assign(0, build_negotiate_flag_record(${val.flags}));
 
 		if ( ${val}->has_target_name() )
@@ -158,7 +158,7 @@ refine connection NTLM_Conn += {
 		if ( ! ntlm_authenticate )
 			return true;
 
-		auto result = make_intrusive<RecordVal>(BifType::Record::NTLM::Authenticate);
+		auto result = make_intrusive<RecordVal>(zeek::BifType::Record::NTLM::Authenticate);
 		result->Assign(0, build_negotiate_flag_record(${val.flags}));
 
 		if ( ${val}->has_domain_name() > 0 )

src/analyzer/protocol/ntp/ntp-analyzer.pac

@@ -35,7 +35,7 @@ refine flow NTP_Flow += {
 	# This builds the standard msg record
 	function BuildNTPStdMsg(nsm: NTP_std_msg): BroVal
 		%{
-		RecordVal* rv = new RecordVal(BifType::Record::NTP::StandardMessage);
+		RecordVal* rv = new RecordVal(zeek::BifType::Record::NTP::StandardMessage);
 
 		rv->Assign(0, val_mgr->Count(${nsm.stratum}));
 		rv->Assign(1, make_intrusive<Val>(pow(2, ${nsm.poll}), TYPE_INTERVAL));
@@ -88,7 +88,7 @@ refine flow NTP_Flow += {
 	# This builds the control msg record
 	function BuildNTPControlMsg(ncm: NTP_control_msg): BroVal
 		%{
-		RecordVal* rv = new RecordVal(BifType::Record::NTP::ControlMessage);
+		RecordVal* rv = new RecordVal(zeek::BifType::Record::NTP::ControlMessage);
 
 		rv->Assign(0, val_mgr->Count(${ncm.OpCode}));
 		rv->Assign(1, val_mgr->Bool(${ncm.R}));
@@ -113,7 +113,7 @@ refine flow NTP_Flow += {
 	# This builds the mode7 msg record
 	function BuildNTPMode7Msg(m7: NTP_mode7_msg): BroVal
 		%{
-		RecordVal* rv = new RecordVal(BifType::Record::NTP::Mode7Message);
+		RecordVal* rv = new RecordVal(zeek::BifType::Record::NTP::Mode7Message);
 
 		rv->Assign(0, val_mgr->Count(${m7.request_code}));
 		rv->Assign(1, val_mgr->Bool(${m7.auth_bit}));
@@ -135,7 +135,7 @@ refine flow NTP_Flow += {
 		if ( ! ntp_message )
 			return false;
 
-		auto rv = make_intrusive<RecordVal>(BifType::Record::NTP::Message);
+		auto rv = make_intrusive<RecordVal>(zeek::BifType::Record::NTP::Message);
 		rv->Assign(0, val_mgr->Count(${msg.version}));
 		rv->Assign(1, val_mgr->Count(${msg.mode}));
 

src/analyzer/protocol/radius/radius-analyzer.pac

@@ -7,14 +7,14 @@ refine flow RADIUS_Flow += {
 		if ( ! radius_message )
 			return false;
 
-		auto result = make_intrusive<RecordVal>(BifType::Record::RADIUS::Message);
+		auto result = make_intrusive<RecordVal>(zeek::BifType::Record::RADIUS::Message);
 		result->Assign(0, val_mgr->Count(${msg.code}));
 		result->Assign(1, val_mgr->Count(${msg.trans_id}));
 		result->Assign(2, to_stringval(${msg.authenticator}));
 
 		if ( ${msg.attributes}->size() )
 			{
-			TableVal* attributes = new TableVal({NewRef{}, BifType::Table::RADIUS::Attributes});
+			TableVal* attributes = new TableVal(zeek::BifType::Table::RADIUS::Attributes);
 
 			for ( uint i = 0; i < ${msg.attributes}->size(); ++i )
 				{
@@ -32,7 +32,7 @@ refine flow RADIUS_Flow += {
 
 				else
 					{
-					auto attribute_list = make_intrusive<VectorVal>(IntrusivePtr{NewRef{}, BifType::Vector::RADIUS::AttributeList});
+					auto attribute_list = make_intrusive<VectorVal>(zeek::BifType::Vector::RADIUS::AttributeList);
 					attribute_list->Assign((unsigned int)0, std::move(val));
 					attributes->Assign(index.get(), std::move(attribute_list));
 					}

src/analyzer/protocol/rdp/rdp-analyzer.pac

@@ -61,7 +61,7 @@ refine flow RDP_Flow += {
 
 		if ( rdp_client_core_data )
 			{
-			auto ec_flags = make_intrusive<RecordVal>(BifType::Record::RDP::EarlyCapabilityFlags);
+			auto ec_flags = make_intrusive<RecordVal>(zeek::BifType::Record::RDP::EarlyCapabilityFlags);
 			ec_flags->Assign(0, val_mgr->Bool(${ccore.SUPPORT_ERRINFO_PDU}));
 			ec_flags->Assign(1, val_mgr->Bool(${ccore.WANT_32BPP_SESSION}));
 			ec_flags->Assign(2, val_mgr->Bool(${ccore.SUPPORT_STATUSINFO_PDU}));
@@ -72,7 +72,7 @@ refine flow RDP_Flow += {
 			ec_flags->Assign(7, val_mgr->Bool(${ccore.SUPPORT_DYNAMIC_TIME_ZONE}));
 			ec_flags->Assign(8, val_mgr->Bool(${ccore.SUPPORT_HEARTBEAT_PDU}));
 
-			auto ccd = make_intrusive<RecordVal>(BifType::Record::RDP::ClientCoreData);
+			auto ccd = make_intrusive<RecordVal>(zeek::BifType::Record::RDP::ClientCoreData);
 			ccd->Assign(0, val_mgr->Count(${ccore.version_major}));
 			ccd->Assign(1, val_mgr->Count(${ccore.version_minor}));
 			ccd->Assign(2, val_mgr->Count(${ccore.desktop_width}));
@@ -107,7 +107,7 @@ refine flow RDP_Flow += {
 		if ( ! rdp_client_security_data )
 			return false;
 
-		auto csd = make_intrusive<RecordVal>(BifType::Record::RDP::ClientSecurityData);
+		auto csd = make_intrusive<RecordVal>(zeek::BifType::Record::RDP::ClientSecurityData);
 		csd->Assign(0, val_mgr->Count(${csec.encryption_methods}));
 		csd->Assign(1, val_mgr->Count(${csec.ext_encryption_methods}));
 
@@ -124,11 +124,11 @@ refine flow RDP_Flow += {
 
 		if ( ${cnetwork.channel_def_array}->size() )
 			{
-			auto channels = make_intrusive<VectorVal>(IntrusivePtr{NewRef{}, BifType::Vector::RDP::ClientChannelList});
+			auto channels = make_intrusive<VectorVal>(zeek::BifType::Vector::RDP::ClientChannelList);
 
 			for ( uint i = 0; i < ${cnetwork.channel_def_array}->size(); ++i )
 				{
-				auto channel_def = make_intrusive<RecordVal>(BifType::Record::RDP::ClientChannelDef);
+				auto channel_def = make_intrusive<RecordVal>(zeek::BifType::Record::RDP::ClientChannelDef);
 
 				channel_def->Assign(0, to_stringval(${cnetwork.channel_def_array[i].name}));
 				channel_def->Assign(1, val_mgr->Count(${cnetwork.channel_def_array[i].options}));
@@ -161,7 +161,7 @@ refine flow RDP_Flow += {
 		if ( ! rdp_client_cluster_data )
 			return false;
 
-		auto ccld = make_intrusive<RecordVal>(BifType::Record::RDP::ClientClusterData);
+		auto ccld = make_intrusive<RecordVal>(zeek::BifType::Record::RDP::ClientClusterData);
 		ccld->Assign(0, val_mgr->Count(${ccluster.flags}));
 		ccld->Assign(1, val_mgr->Count(${ccluster.redir_session_id}));
 		ccld->Assign(2, val_mgr->Bool(${ccluster.REDIRECTION_SUPPORTED}));

src/analyzer/protocol/rpc/MOUNT.cc

@@ -139,7 +139,7 @@ bool MOUNT_Interp::RPC_BuildReply(RPC_CallInfo* c, BifEnum::rpc_status rpc_statu
 			// Otherwise DeliverRPC would complain about
 			// excess_RPC.
 			n = 0;
-			reply = BifType::Enum::MOUNT3::proc_t->GetVal(c->Proc()).release();
+			reply = zeek::BifType::Enum::MOUNT3::proc_t->GetVal(c->Proc()).release();
 			event = mount_proc_not_implemented;
 			}
 		else
@@ -199,9 +199,9 @@ zeek::Args MOUNT_Interp::event_common_vl(RPC_CallInfo *c,
 		auxgids->Assign(i, val_mgr->Count(c->AuxGIDs()[i]));
 		}
 
-	auto info = make_intrusive<RecordVal>(BifType::Record::MOUNT3::info_t);
+	auto info = make_intrusive<RecordVal>(zeek::BifType::Record::MOUNT3::info_t);
-	info->Assign(0, BifType::Enum::rpc_status->GetVal(rpc_status));
+	info->Assign(0, zeek::BifType::Enum::rpc_status->GetVal(rpc_status));
-	info->Assign(1, BifType::Enum::MOUNT3::status_t->GetVal(mount_status));
+	info->Assign(1, zeek::BifType::Enum::MOUNT3::status_t->GetVal(mount_status));
 	info->Assign(2, make_intrusive<Val>(c->StartTime(), TYPE_TIME));
 	info->Assign(3, make_intrusive<Val>(c->LastTime() - c->StartTime(), TYPE_INTERVAL));
 	info->Assign(4, val_mgr->Count(c->RPCLen()));
@@ -221,7 +221,7 @@ zeek::Args MOUNT_Interp::event_common_vl(RPC_CallInfo *c,
 EnumVal* MOUNT_Interp::mount3_auth_flavor(const u_char*& buf, int& n)
     {
 	BifEnum::MOUNT3::auth_flavor_t t = (BifEnum::MOUNT3::auth_flavor_t)extract_XDR_uint32(buf, n);
-	return BifType::Enum::MOUNT3::auth_flavor_t->GetVal(t).release();
+	return zeek::BifType::Enum::MOUNT3::auth_flavor_t->GetVal(t).release();
     }
 
 StringVal* MOUNT_Interp::mount3_fh(const u_char*& buf, int& n)
@@ -248,7 +248,7 @@ StringVal* MOUNT_Interp::mount3_filename(const u_char*& buf, int& n)
 
 RecordVal* MOUNT_Interp::mount3_dirmntargs(const u_char*& buf, int& n)
 	{
-	RecordVal* dirmntargs = new RecordVal(BifType::Record::MOUNT3::dirmntargs_t);
+	RecordVal* dirmntargs = new RecordVal(zeek::BifType::Record::MOUNT3::dirmntargs_t);
 	dirmntargs->Assign(0, mount3_filename(buf, n));
 	return dirmntargs;
 	}
@@ -256,7 +256,7 @@ RecordVal* MOUNT_Interp::mount3_dirmntargs(const u_char*& buf, int& n)
 RecordVal* MOUNT_Interp::mount3_mnt_reply(const u_char*& buf, int& n,
 		     BifEnum::MOUNT3::status_t status)
 	{
-	RecordVal* rep = new RecordVal(BifType::Record::MOUNT3::mnt_reply_t);
+	RecordVal* rep = new RecordVal(zeek::BifType::Record::MOUNT3::mnt_reply_t);
 
 	if ( status == BifEnum::MOUNT3::MNT3_OK )
 		{

src/analyzer/protocol/rpc/NFS.cc

@@ -251,7 +251,7 @@ bool NFS_Interp::RPC_BuildReply(RPC_CallInfo* c, BifEnum::rpc_status rpc_status,
 			// Otherwise DeliverRPC would complain about
 			// excess_RPC.
 			n = 0;
-			reply = BifType::Enum::NFS3::proc_t->GetVal(c->Proc()).release();
+			reply = zeek::BifType::Enum::NFS3::proc_t->GetVal(c->Proc()).release();
 			event = nfs_proc_not_implemented;
 			}
 		else
@@ -333,9 +333,9 @@ zeek::Args NFS_Interp::event_common_vl(RPC_CallInfo *c, BifEnum::rpc_status rpc_
 	for ( size_t i = 0; i < c->AuxGIDs().size(); ++i )
 		auxgids->Assign(i, val_mgr->Count(c->AuxGIDs()[i]));
 
-	auto info = make_intrusive<RecordVal>(BifType::Record::NFS3::info_t);
+	auto info = make_intrusive<RecordVal>(zeek::BifType::Record::NFS3::info_t);
-	info->Assign(0, BifType::Enum::rpc_status->GetVal(rpc_status));
+	info->Assign(0, zeek::BifType::Enum::rpc_status->GetVal(rpc_status));
-	info->Assign(1, BifType::Enum::NFS3::status_t->GetVal(nfs_status));
+	info->Assign(1, zeek::BifType::Enum::NFS3::status_t->GetVal(nfs_status));
 	info->Assign(2, make_intrusive<Val>(c->StartTime(), TYPE_TIME));
 	info->Assign(3, make_intrusive<Val>(c->LastTime()-c->StartTime(), TYPE_INTERVAL));
 	info->Assign(4, val_mgr->Count(c->RPCLen()));
@@ -366,7 +366,7 @@ StringVal* NFS_Interp::nfs3_fh(const u_char*& buf, int& n)
 
 RecordVal* NFS_Interp::nfs3_sattr(const u_char*& buf, int& n)
 	{
-	RecordVal* attrs = new RecordVal(BifType::Record::NFS3::sattr_t);
+	RecordVal* attrs = new RecordVal(zeek::BifType::Record::NFS3::sattr_t);
 
 	attrs->Assign(0, nullptr); // mode
 	int mode_set_it =  extract_XDR_uint32(buf, n);
@@ -397,7 +397,7 @@ RecordVal* NFS_Interp::nfs3_sattr(const u_char*& buf, int& n)
 
 RecordVal* NFS_Interp::nfs3_sattr_reply(const u_char*& buf, int& n, BifEnum::NFS3::status_t status)
 	{
-	RecordVal* rep = new RecordVal(BifType::Record::NFS3::sattr_reply_t);
+	RecordVal* rep = new RecordVal(zeek::BifType::Record::NFS3::sattr_reply_t);
 
 	if ( status == BifEnum::NFS3::NFS3ERR_OK )
 		{
@@ -415,7 +415,7 @@ RecordVal* NFS_Interp::nfs3_sattr_reply(const u_char*& buf, int& n, BifEnum::NFS
 
 RecordVal* NFS_Interp::nfs3_fattr(const u_char*& buf, int& n)
 	{
-	RecordVal* attrs = new RecordVal(BifType::Record::NFS3::fattr_t);
+	RecordVal* attrs = new RecordVal(zeek::BifType::Record::NFS3::fattr_t);
 
 	attrs->Assign(0, nfs3_ftype(buf, n));	// file type
 	attrs->Assign(1, ExtractUint32(buf, n));	// mode
@@ -438,18 +438,18 @@ RecordVal* NFS_Interp::nfs3_fattr(const u_char*& buf, int& n)
 EnumVal* NFS_Interp::nfs3_time_how(const u_char*& buf, int& n)
 	{
 	BifEnum::NFS3::time_how_t t = (BifEnum::NFS3::time_how_t)extract_XDR_uint32(buf, n);
-	return BifType::Enum::NFS3::time_how_t->GetVal(t).release();
+	return zeek::BifType::Enum::NFS3::time_how_t->GetVal(t).release();
 	}
 
 EnumVal* NFS_Interp::nfs3_ftype(const u_char*& buf, int& n)
 	{
 	BifEnum::NFS3::file_type_t t = (BifEnum::NFS3::file_type_t)extract_XDR_uint32(buf, n);
-	return BifType::Enum::NFS3::file_type_t->GetVal(t).release();
+	return zeek::BifType::Enum::NFS3::file_type_t->GetVal(t).release();
 	}
 
 RecordVal* NFS_Interp::nfs3_wcc_attr(const u_char*& buf, int& n)
 	{
-	RecordVal* attrs = new RecordVal(BifType::Record::NFS3::wcc_attr_t);
+	RecordVal* attrs = new RecordVal(zeek::BifType::Record::NFS3::wcc_attr_t);
 
 	attrs->Assign(0, ExtractUint64(buf, n));	// size
 	attrs->Assign(1, ExtractTime(buf, n));	// mtime
@@ -471,7 +471,7 @@ StringVal *NFS_Interp::nfs3_filename(const u_char*& buf, int& n)
 
 RecordVal *NFS_Interp::nfs3_diropargs(const u_char*& buf, int& n)
 	{
-	RecordVal *diropargs = new RecordVal(BifType::Record::NFS3::diropargs_t);
+	RecordVal *diropargs = new RecordVal(zeek::BifType::Record::NFS3::diropargs_t);
 
 	diropargs->Assign(0, nfs3_fh(buf, n));
 	diropargs->Assign(1, nfs3_filename(buf, n));
@@ -481,7 +481,7 @@ RecordVal *NFS_Interp::nfs3_diropargs(const u_char*& buf, int& n)
 
 RecordVal* NFS_Interp::nfs3_symlinkdata(const u_char*& buf, int& n)
 	{
-	RecordVal* symlinkdata = new RecordVal(BifType::Record::NFS3::symlinkdata_t);
+	RecordVal* symlinkdata = new RecordVal(zeek::BifType::Record::NFS3::symlinkdata_t);
 
 	symlinkdata->Assign(0, nfs3_sattr(buf, n));
 	symlinkdata->Assign(1, nfs3_nfspath(buf, n));
@@ -491,7 +491,7 @@ RecordVal* NFS_Interp::nfs3_symlinkdata(const u_char*& buf, int& n)
 
 RecordVal *NFS_Interp::nfs3_renameopargs(const u_char*& buf, int& n)
 	{
-	RecordVal *renameopargs = new RecordVal(BifType::Record::NFS3::renameopargs_t);
+	RecordVal *renameopargs = new RecordVal(zeek::BifType::Record::NFS3::renameopargs_t);
 
 	renameopargs->Assign(0, nfs3_fh(buf, n));
 	renameopargs->Assign(1, nfs3_filename(buf, n));
@@ -533,12 +533,12 @@ RecordVal* NFS_Interp::nfs3_pre_op_attr(const u_char*& buf, int& n)
 EnumVal *NFS_Interp::nfs3_stable_how(const u_char*& buf, int& n)
 	{
 	BifEnum::NFS3::stable_how_t stable = (BifEnum::NFS3::stable_how_t)extract_XDR_uint32(buf, n);
-	return BifType::Enum::NFS3::stable_how_t->GetVal(stable).release();
+	return zeek::BifType::Enum::NFS3::stable_how_t->GetVal(stable).release();
 	}
 
 RecordVal* NFS_Interp::nfs3_lookup_reply(const u_char*& buf, int& n, BifEnum::NFS3::status_t status)
 	{
-	RecordVal *rep = new RecordVal(BifType::Record::NFS3::lookup_reply_t);
+	RecordVal *rep = new RecordVal(zeek::BifType::Record::NFS3::lookup_reply_t);
 
 	if ( status == BifEnum::NFS3::NFS3ERR_OK )
 		{
@@ -557,7 +557,7 @@ RecordVal* NFS_Interp::nfs3_lookup_reply(const u_char*& buf, int& n, BifEnum::NF
 
 RecordVal *NFS_Interp::nfs3_readargs(const u_char*& buf, int& n)
 	{
-	RecordVal *readargs = new RecordVal(BifType::Record::NFS3::readargs_t);
+	RecordVal *readargs = new RecordVal(zeek::BifType::Record::NFS3::readargs_t);
 
 	readargs->Assign(0, nfs3_fh(buf, n));
 	readargs->Assign(1, ExtractUint64(buf, n));  // offset
@@ -569,7 +569,7 @@ RecordVal *NFS_Interp::nfs3_readargs(const u_char*& buf, int& n)
 RecordVal* NFS_Interp::nfs3_read_reply(const u_char*& buf, int& n, BifEnum::NFS3::status_t status,
 		bro_uint_t offset)
 	{
-	RecordVal *rep = new RecordVal(BifType::Record::NFS3::read_reply_t);
+	RecordVal *rep = new RecordVal(zeek::BifType::Record::NFS3::read_reply_t);
 
 	if (status == BifEnum::NFS3::NFS3ERR_OK)
 		{
@@ -591,7 +591,7 @@ RecordVal* NFS_Interp::nfs3_read_reply(const u_char*& buf, int& n, BifEnum::NFS3
 
 RecordVal* NFS_Interp::nfs3_readlink_reply(const u_char*& buf, int& n, BifEnum::NFS3::status_t status)
 	{
-	RecordVal *rep = new RecordVal(BifType::Record::NFS3::readlink_reply_t);
+	RecordVal *rep = new RecordVal(zeek::BifType::Record::NFS3::readlink_reply_t);
 
 	if (status == BifEnum::NFS3::NFS3ERR_OK)
 		{
@@ -608,7 +608,7 @@ RecordVal* NFS_Interp::nfs3_readlink_reply(const u_char*& buf, int& n, BifEnum::
 
 RecordVal* NFS_Interp::nfs3_link_reply(const u_char*& buf, int& n, BifEnum::NFS3::status_t status)
 	{
-	RecordVal* rep = new RecordVal(BifType::Record::NFS3::link_reply_t);
+	RecordVal* rep = new RecordVal(zeek::BifType::Record::NFS3::link_reply_t);
 
 	if ( status == BifEnum::NFS3::NFS3ERR_OK )
 		{
@@ -624,7 +624,7 @@ RecordVal* NFS_Interp::nfs3_link_reply(const u_char*& buf, int& n, BifEnum::NFS3
 
 RecordVal* NFS_Interp::nfs3_symlinkargs(const u_char*& buf, int& n)
 	{
-	RecordVal* symlinkargs = new RecordVal(BifType::Record::NFS3::symlinkargs_t);
+	RecordVal* symlinkargs = new RecordVal(zeek::BifType::Record::NFS3::symlinkargs_t);
 
 	symlinkargs->Assign(0, nfs3_diropargs(buf, n));
 	symlinkargs->Assign(1, nfs3_symlinkdata(buf, n));
@@ -634,7 +634,7 @@ RecordVal* NFS_Interp::nfs3_symlinkargs(const u_char*& buf, int& n)
 
 RecordVal* NFS_Interp::nfs3_sattrargs(const u_char*& buf, int& n)
 	{
-	RecordVal* sattrargs = new RecordVal(BifType::Record::NFS3::sattrargs_t);
+	RecordVal* sattrargs = new RecordVal(zeek::BifType::Record::NFS3::sattrargs_t);
 
 	sattrargs->Assign(0, nfs3_fh(buf, n));
 	sattrargs->Assign(1, nfs3_sattr(buf, n));
@@ -644,7 +644,7 @@ RecordVal* NFS_Interp::nfs3_sattrargs(const u_char*& buf, int& n)
 
 RecordVal* NFS_Interp::nfs3_linkargs(const u_char*& buf, int& n)
 	{
-	RecordVal* linkargs = new RecordVal(BifType::Record::NFS3::linkargs_t);
+	RecordVal* linkargs = new RecordVal(zeek::BifType::Record::NFS3::linkargs_t);
 
 	linkargs->Assign(0, nfs3_fh(buf, n));
 	linkargs->Assign(1, nfs3_diropargs(buf, n));
@@ -656,7 +656,7 @@ RecordVal *NFS_Interp::nfs3_writeargs(const u_char*& buf, int& n)
 	{
 	uint32_t bytes;
 	uint64_t offset;
-	RecordVal *writeargs = new RecordVal(BifType::Record::NFS3::writeargs_t);
+	RecordVal *writeargs = new RecordVal(zeek::BifType::Record::NFS3::writeargs_t);
 
 	writeargs->Assign(0, nfs3_fh(buf, n));
 	offset = extract_XDR_uint64(buf, n);
@@ -672,7 +672,7 @@ RecordVal *NFS_Interp::nfs3_writeargs(const u_char*& buf, int& n)
 
 RecordVal *NFS_Interp::nfs3_write_reply(const u_char*& buf, int& n, BifEnum::NFS3::status_t status)
 	{
-	RecordVal *rep = new RecordVal(BifType::Record::NFS3::write_reply_t);
+	RecordVal *rep = new RecordVal(zeek::BifType::Record::NFS3::write_reply_t);
 
 	if ( status == BifEnum::NFS3::NFS3ERR_OK )
 		{
@@ -697,7 +697,7 @@ RecordVal *NFS_Interp::nfs3_write_reply(const u_char*& buf, int& n, BifEnum::NFS
 
 RecordVal* NFS_Interp::nfs3_newobj_reply(const u_char*& buf, int& n, BifEnum::NFS3::status_t status)
 	{
-	RecordVal *rep = new RecordVal(BifType::Record::NFS3::newobj_reply_t);
+	RecordVal *rep = new RecordVal(zeek::BifType::Record::NFS3::newobj_reply_t);
 
 	if (status == BifEnum::NFS3::NFS3ERR_OK)
 		{
@@ -721,7 +721,7 @@ RecordVal* NFS_Interp::nfs3_newobj_reply(const u_char*& buf, int& n, BifEnum::NF
 
 RecordVal* NFS_Interp::nfs3_delobj_reply(const u_char*& buf, int& n)
 	{
-	RecordVal *rep = new RecordVal(BifType::Record::NFS3::delobj_reply_t);
+	RecordVal *rep = new RecordVal(zeek::BifType::Record::NFS3::delobj_reply_t);
 
 	// wcc_data
 	rep->Assign(0, nfs3_pre_op_attr(buf, n));
@@ -732,7 +732,7 @@ RecordVal* NFS_Interp::nfs3_delobj_reply(const u_char*& buf, int& n)
 
 RecordVal* NFS_Interp::nfs3_renameobj_reply(const u_char*& buf, int& n)
 	{
-	RecordVal *rep = new RecordVal(BifType::Record::NFS3::renameobj_reply_t);
+	RecordVal *rep = new RecordVal(zeek::BifType::Record::NFS3::renameobj_reply_t);
 
 	// wcc_data
 	rep->Assign(0, nfs3_pre_op_attr(buf, n));
@@ -745,7 +745,7 @@ RecordVal* NFS_Interp::nfs3_renameobj_reply(const u_char*& buf, int& n)
 
 RecordVal* NFS_Interp::nfs3_readdirargs(bool isplus, const u_char*& buf, int&n)
 	{
-	RecordVal *args = new RecordVal(BifType::Record::NFS3::readdirargs_t);
+	RecordVal *args = new RecordVal(zeek::BifType::Record::NFS3::readdirargs_t);
 
 	args->Assign(0, val_mgr->Bool(isplus));
 	args->Assign(1, nfs3_fh(buf, n));
@@ -762,14 +762,14 @@ RecordVal* NFS_Interp::nfs3_readdirargs(bool isplus, const u_char*& buf, int&n)
 RecordVal* NFS_Interp::nfs3_readdir_reply(bool isplus, const u_char*& buf,
 		int&n, BifEnum::NFS3::status_t status)
 	{
-	RecordVal *rep = new RecordVal(BifType::Record::NFS3::readdir_reply_t);
+	RecordVal *rep = new RecordVal(zeek::BifType::Record::NFS3::readdir_reply_t);
 
 	rep->Assign(0, val_mgr->Bool(isplus));
 
 	if ( status == BifEnum::NFS3::NFS3ERR_OK )
 		{
 		unsigned pos;
-		auto entries = make_intrusive<VectorVal>(IntrusivePtr{NewRef{}, BifType::Vector::NFS3::direntry_vec_t});
+		auto entries = make_intrusive<VectorVal>(zeek::BifType::Vector::NFS3::direntry_vec_t);
 
 		rep->Assign(1, nfs3_post_op_attr(buf,n));   // dir_attr
 		rep->Assign(2, ExtractUint64(buf,n));  // cookieverf
@@ -778,7 +778,7 @@ RecordVal* NFS_Interp::nfs3_readdir_reply(bool isplus, const u_char*& buf,
 
 		while ( extract_XDR_uint32(buf,n) )
 			{
-			RecordVal *entry = new RecordVal(BifType::Record::NFS3::direntry_t);
+			RecordVal *entry = new RecordVal(zeek::BifType::Record::NFS3::direntry_t);
 			entry->Assign(0, ExtractUint64(buf,n)); // fileid
 			entry->Assign(1, nfs3_filename(buf,n)); // fname
 			entry->Assign(2, ExtractUint64(buf,n)); // cookie

src/analyzer/protocol/rpc/Portmap.cc

@@ -296,7 +296,7 @@ void PortmapperInterp::Event(EventHandlerPtr f, Val* request, BifEnum::rpc_statu
 		}
 	else
 		{
-		vl.emplace_back(BifType::Enum::rpc_status->GetVal(status));
+		vl.emplace_back(zeek::BifType::Enum::rpc_status->GetVal(status));
 
 		if ( request )
 			vl.emplace_back(AdoptRef{}, request);

src/analyzer/protocol/rpc/RPC.cc

@@ -343,7 +343,7 @@ void RPC_Interpreter::Event_RPC_Dialogue(RPC_CallInfo* c, BifEnum::rpc_status st
 			val_mgr->Count(c->Program()),
 			val_mgr->Count(c->Version()),
 			val_mgr->Count(c->Proc()),
-			BifType::Enum::rpc_status->GetVal(status),
+			zeek::BifType::Enum::rpc_status->GetVal(status),
 			make_intrusive<Val>(c->StartTime(), TYPE_TIME),
 			val_mgr->Count(c->CallLen()),
 			val_mgr->Count(reply_len)
@@ -369,7 +369,7 @@ void RPC_Interpreter::Event_RPC_Reply(uint32_t xid, BifEnum::rpc_status status,
 		analyzer->EnqueueConnEvent(rpc_reply,
 			analyzer->ConnVal(),
 			val_mgr->Count(xid),
-			BifType::Enum::rpc_status->GetVal(status),
+			zeek::BifType::Enum::rpc_status->GetVal(status),
 			val_mgr->Count(reply_len)
 		);
 	}

src/analyzer/protocol/smb/smb-time.pac

@@ -32,7 +32,7 @@ IntrusivePtr<Val> time_from_lanman(SMB_time* t, SMB_date* d, uint16_t tz)
 IntrusivePtr<RecordVal> SMB_BuildMACTimes(uint64_t modify, uint64_t access,
                                           uint64_t create, uint64_t change)
 	{
-	auto r = make_intrusive<RecordVal>(BifType::Record::SMB::MACTimes);
+	auto r = make_intrusive<RecordVal>(zeek::BifType::Record::SMB::MACTimes);
 	r->Assign(0, filetime2brotime(modify));
 	r->Assign(1, filetime2brotime(access));
 	r->Assign(2, filetime2brotime(create));

src/analyzer/protocol/smb/smb1-com-negotiate.pac

@@ -35,13 +35,13 @@ refine connection SMB_Conn += {
 		%{
 		if ( smb1_negotiate_response )
 			{
-			auto response = make_intrusive<RecordVal>(BifType::Record::SMB1::NegotiateResponse);
+			auto response = make_intrusive<RecordVal>(zeek::BifType::Record::SMB1::NegotiateResponse);
 
 			switch ( ${val.word_count} )
 				{
 				case 0x01:
 					{
-					auto core = make_intrusive<RecordVal>(BifType::Record::SMB1::NegotiateResponseCore);
+					auto core = make_intrusive<RecordVal>(zeek::BifType::Record::SMB1::NegotiateResponseCore);
 					core->Assign(0, val_mgr->Count(${val.dialect_index}));
 
 					response->Assign(0, std::move(core));
@@ -50,15 +50,15 @@ refine connection SMB_Conn += {
 
 				case 0x0d:
 					{
-					auto security = make_intrusive<RecordVal>(BifType::Record::SMB1::NegotiateResponseSecurity);
+					auto security = make_intrusive<RecordVal>(zeek::BifType::Record::SMB1::NegotiateResponseSecurity);
 					security->Assign(0, val_mgr->Bool(${val.lanman.security_user_level}));
 					security->Assign(1, val_mgr->Bool(${val.lanman.security_challenge_response}));
 
-					auto raw = make_intrusive<RecordVal>(BifType::Record::SMB1::NegotiateRawMode);
+					auto raw = make_intrusive<RecordVal>(zeek::BifType::Record::SMB1::NegotiateRawMode);
 					raw->Assign(0, val_mgr->Bool(${val.lanman.raw_read_supported}));
 					raw->Assign(1, val_mgr->Bool(${val.lanman.raw_write_supported}));
 
-					auto lanman = make_intrusive<RecordVal>(BifType::Record::SMB1::NegotiateResponseLANMAN);
+					auto lanman = make_intrusive<RecordVal>(zeek::BifType::Record::SMB1::NegotiateResponseLANMAN);
 					lanman->Assign(0, val_mgr->Count(${val.word_count}));
 					lanman->Assign(1, val_mgr->Count(${val.dialect_index}));
 					lanman->Assign(2, std::move(security));
@@ -79,13 +79,13 @@ refine connection SMB_Conn += {
 
 				case 0x11:
 					{
-					auto security = make_intrusive<RecordVal>(BifType::Record::SMB1::NegotiateResponseSecurity);
+					auto security = make_intrusive<RecordVal>(zeek::BifType::Record::SMB1::NegotiateResponseSecurity);
 					security->Assign(0, val_mgr->Bool(${val.ntlm.security_user_level}));
 					security->Assign(1, val_mgr->Bool(${val.ntlm.security_challenge_response}));
 					security->Assign(2, val_mgr->Bool(${val.ntlm.security_signatures_enabled}));
 					security->Assign(3, val_mgr->Bool(${val.ntlm.security_signatures_required}));
 
-					auto capabilities = make_intrusive<RecordVal>(BifType::Record::SMB1::NegotiateCapabilities);
+					auto capabilities = make_intrusive<RecordVal>(zeek::BifType::Record::SMB1::NegotiateCapabilities);
 					capabilities->Assign(0, val_mgr->Bool(${val.ntlm.capabilities_raw_mode}));
 					capabilities->Assign(1, val_mgr->Bool(${val.ntlm.capabilities_mpx_mode}));
 					capabilities->Assign(2, val_mgr->Bool(${val.ntlm.capabilities_unicode}));
@@ -108,7 +108,7 @@ refine connection SMB_Conn += {
 					capabilities->Assign(16, val_mgr->Bool(${val.ntlm.capabilities_compressed_data}));
 					capabilities->Assign(17, val_mgr->Bool(${val.ntlm.capabilities_extended_security}));
 
-					auto ntlm = make_intrusive<RecordVal>(BifType::Record::SMB1::NegotiateResponseNTLM);
+					auto ntlm = make_intrusive<RecordVal>(zeek::BifType::Record::SMB1::NegotiateResponseNTLM);
 					ntlm->Assign(0, val_mgr->Count(${val.word_count}));
 					ntlm->Assign(1, val_mgr->Count(${val.dialect_index}));
 					ntlm->Assign(2, std::move(security));

src/analyzer/protocol/smb/smb1-com-session-setup-andx.pac

@@ -12,7 +12,7 @@ refine connection SMB_Conn += {
 		%{
 		if ( smb1_session_setup_andx_request )
 			{
-			auto request = make_intrusive<RecordVal>(BifType::Record::SMB1::SessionSetupAndXRequest);
+			auto request = make_intrusive<RecordVal>(zeek::BifType::Record::SMB1::SessionSetupAndXRequest);
 
 			request->Assign(0, val_mgr->Count(${val.word_count}));
 			switch ( ${val.word_count} ) {
@@ -31,7 +31,7 @@ refine connection SMB_Conn += {
 					break;
 				case 12:	// NT LM 0.12 with extended security
 					{
-					auto capabilities = make_intrusive<RecordVal>(BifType::Record::SMB1::SessionSetupAndXCapabilities);
+					auto capabilities = make_intrusive<RecordVal>(zeek::BifType::Record::SMB1::SessionSetupAndXCapabilities);
 				 	capabilities->Assign(0, val_mgr->Bool(${val.ntlm_extended_security.capabilities.unicode}));
 				 	capabilities->Assign(1, val_mgr->Bool(${val.ntlm_extended_security.capabilities.large_files}));
 				 	capabilities->Assign(2, val_mgr->Bool(${val.ntlm_extended_security.capabilities.nt_smbs}));
@@ -53,7 +53,7 @@ refine connection SMB_Conn += {
 
 				case 13: // NT LM 0.12 without extended security
 					{
-					auto capabilities = make_intrusive<RecordVal>(BifType::Record::SMB1::SessionSetupAndXCapabilities);
+					auto capabilities = make_intrusive<RecordVal>(zeek::BifType::Record::SMB1::SessionSetupAndXCapabilities);
 				 	capabilities->Assign(0, val_mgr->Bool(${val.ntlm_nonextended_security.capabilities.unicode}));
 				 	capabilities->Assign(1, val_mgr->Bool(${val.ntlm_nonextended_security.capabilities.large_files}));
 				 	capabilities->Assign(2, val_mgr->Bool(${val.ntlm_nonextended_security.capabilities.nt_smbs}));
@@ -90,7 +90,7 @@ refine connection SMB_Conn += {
 		%{
 		if ( smb1_session_setup_andx_response )
 			{
-			auto response = make_intrusive<RecordVal>(BifType::Record::SMB1::SessionSetupAndXResponse);
+			auto response = make_intrusive<RecordVal>(zeek::BifType::Record::SMB1::SessionSetupAndXResponse);
 			response->Assign(0, val_mgr->Count(${val.word_count}));
 
 			switch ( ${val.word_count} )

src/analyzer/protocol/smb/smb1-com-transaction-secondary.pac

@@ -5,7 +5,7 @@ refine connection SMB_Conn += {
 	if ( ! smb1_transaction_secondary_request )
 		return false;
 
-	auto args = make_intrusive<RecordVal>(BifType::Record::SMB1::Trans_Sec_Args);
+	auto args = make_intrusive<RecordVal>(zeek::BifType::Record::SMB1::Trans_Sec_Args);
 	args->Assign(0, val_mgr->Count(${val.total_param_count}));
 	args->Assign(1, val_mgr->Count(${val.total_data_count}));
 	args->Assign(2, val_mgr->Count(${val.param_count}));

src/analyzer/protocol/smb/smb1-com-transaction2-secondary.pac

@@ -5,7 +5,7 @@ refine connection SMB_Conn += {
 	if ( ! smb1_transaction2_secondary_request )
 		return false;
 
-	auto args = make_intrusive<RecordVal>(BifType::Record::SMB1::Trans2_Sec_Args);
+	auto args = make_intrusive<RecordVal>(zeek::BifType::Record::SMB1::Trans2_Sec_Args);
 	args->Assign(0, val_mgr->Count(${val.total_param_count}));
 	args->Assign(1, val_mgr->Count(${val.total_data_count}));
 	args->Assign(2, val_mgr->Count(${val.param_count}));

src/analyzer/protocol/smb/smb1-com-transaction2.pac

@@ -24,7 +24,7 @@ refine connection SMB_Conn += {
 		%{
 		if ( smb1_transaction2_request )
 			{
-			auto args = make_intrusive<RecordVal>(BifType::Record::SMB1::Trans2_Args);
+			auto args = make_intrusive<RecordVal>(zeek::BifType::Record::SMB1::Trans2_Args);
 			args->Assign(0, val_mgr->Count(${val.total_param_count}));
 			args->Assign(1, val_mgr->Count(${val.total_data_count}));
 			args->Assign(2, val_mgr->Count(${val.max_param_count}));
@@ -131,7 +131,7 @@ refine connection SMB_Conn += {
 		%{
 		if ( smb1_trans2_find_first2_request )
 			{
-			auto result = make_intrusive<RecordVal>(BifType::Record::SMB1::Find_First2_Request_Args);
+			auto result = make_intrusive<RecordVal>(zeek::BifType::Record::SMB1::Find_First2_Request_Args);
 			result->Assign(0, val_mgr->Count(${val.search_attrs}));
 			result->Assign(1, val_mgr->Count(${val.search_count}));
 			result->Assign(2, val_mgr->Count(${val.flags}));

src/analyzer/protocol/smb/smb1-protocol.pac

@@ -9,7 +9,7 @@
 %code{
 	IntrusivePtr<RecordVal> SMBHeaderVal(SMB_Header* hdr)
 		{
-		auto r = make_intrusive<RecordVal>(BifType::Record::SMB1::Header);
+		auto r = make_intrusive<RecordVal>(zeek::BifType::Record::SMB1::Header);
 
 		//unsigned int status = 0;
 		//

src/analyzer/protocol/smb/smb2-com-close.pac

@@ -20,7 +20,7 @@ refine connection SMB_Conn += {
 		%{
 		if ( smb2_close_response )
 			{
-			auto resp = make_intrusive<RecordVal>(BifType::Record::SMB2::CloseResponse);
+			auto resp = make_intrusive<RecordVal>(zeek::BifType::Record::SMB2::CloseResponse);
 
 			resp->Assign(0, val_mgr->Count(${val.alloc_size}));
 			resp->Assign(1, val_mgr->Count(${val.eof}));

src/analyzer/protocol/smb/smb2-com-create.pac

@@ -16,7 +16,7 @@ refine connection SMB_Conn += {
 
 		if ( smb2_create_request )
 			{
-			auto requestinfo = make_intrusive<RecordVal>(BifType::Record::SMB2::CreateRequest);
+			auto requestinfo = make_intrusive<RecordVal>(zeek::BifType::Record::SMB2::CreateRequest);
 			requestinfo->Assign(0, std::move(filename));
 			requestinfo->Assign(1, val_mgr->Count(${val.disposition}));
 			requestinfo->Assign(2, val_mgr->Count(${val.create_options}));
@@ -33,7 +33,7 @@ refine connection SMB_Conn += {
 		%{
 		if ( smb2_create_response )
 			{
-			auto responseinfo = make_intrusive<RecordVal>(BifType::Record::SMB2::CreateResponse);
+			auto responseinfo = make_intrusive<RecordVal>(zeek::BifType::Record::SMB2::CreateResponse);
 			responseinfo->Assign(0, BuildSMB2GUID(${val.file_id}));
 			responseinfo->Assign(1, val_mgr->Count(${val.eof}));
 			responseinfo->Assign(2, SMB_BuildMACTimes(${val.last_write_time},

src/analyzer/protocol/smb/smb2-com-negotiate.pac

@@ -39,7 +39,7 @@ refine connection SMB_Conn += {
 		%{
 		if ( smb2_negotiate_response )
 			{
-			auto nr = make_intrusive<RecordVal>(BifType::Record::SMB2::NegotiateResponse);
+			auto nr = make_intrusive<RecordVal>(zeek::BifType::Record::SMB2::NegotiateResponse);
 
 			nr->Assign(0, val_mgr->Count(${val.dialect_revision}));
 			nr->Assign(1, val_mgr->Count(${val.security_mode}));
@@ -48,7 +48,7 @@ refine connection SMB_Conn += {
 			nr->Assign(4, filetime2brotime(${val.server_start_time}));
 			nr->Assign(5, val_mgr->Count(${val.negotiate_context_count}));
 
-			auto cv = make_intrusive<VectorVal>(IntrusivePtr{NewRef{}, BifType::Vector::SMB2::NegotiateContextValues});
+			auto cv = make_intrusive<VectorVal>(zeek::BifType::Vector::SMB2::NegotiateContextValues);
 
 			if ( ${val.dialect_revision} == 0x0311 && ${val.negotiate_context_count} > 0 )
 				{

src/analyzer/protocol/smb/smb2-com-session-setup.pac

@@ -4,7 +4,7 @@ refine connection SMB_Conn += {
 		%{
 		if ( smb2_session_setup_request )
 			{
-			auto req = make_intrusive<RecordVal>(BifType::Record::SMB2::SessionSetupRequest);
+			auto req = make_intrusive<RecordVal>(zeek::BifType::Record::SMB2::SessionSetupRequest);
 			req->Assign(0, val_mgr->Count(${val.security_mode}));
 
 			BifEvent::enqueue_smb2_session_setup_request(bro_analyzer(),
@@ -20,12 +20,12 @@ refine connection SMB_Conn += {
 		%{
 		if ( smb2_session_setup_response )
 			{
-			auto flags = make_intrusive<RecordVal>(BifType::Record::SMB2::SessionSetupFlags);
+			auto flags = make_intrusive<RecordVal>(zeek::BifType::Record::SMB2::SessionSetupFlags);
 			flags->Assign(0, val_mgr->Bool(${val.flag_guest}));
 			flags->Assign(1, val_mgr->Bool(${val.flag_anonymous}));
 			flags->Assign(2, val_mgr->Bool(${val.flag_encrypt}));
 
-			auto resp = make_intrusive<RecordVal>(BifType::Record::SMB2::SessionSetupResponse);
+			auto resp = make_intrusive<RecordVal>(zeek::BifType::Record::SMB2::SessionSetupResponse);
 			resp->Assign(0, std::move(flags));
 
 			BifEvent::enqueue_smb2_session_setup_response(bro_analyzer(),

src/analyzer/protocol/smb/smb2-com-set-info.pac

@@ -93,11 +93,11 @@ refine connection SMB_Conn += {
 		%{
 		if ( smb2_file_fullea )
 			{
-			auto eas = make_intrusive<VectorVal>(IntrusivePtr{NewRef{}, BifType::Vector::SMB2::FileEAs});
+			auto eas = make_intrusive<VectorVal>(zeek::BifType::Vector::SMB2::FileEAs);
 
 			for ( auto i = 0u; i < ${val.ea_vector}->size(); ++i )
 				{
-				auto r = make_intrusive<RecordVal>(BifType::Record::SMB2::FileEA);
+				auto r = make_intrusive<RecordVal>(zeek::BifType::Record::SMB2::FileEA);
 				r->Assign(0, smb2_string2stringval(${val.ea_vector[i].ea_name}));
 				r->Assign(1, smb2_string2stringval(${val.ea_vector[i].ea_value}));
 
@@ -192,7 +192,7 @@ refine connection SMB_Conn += {
 		%{
 		if ( smb2_file_fscontrol )
 			{
-			auto r = make_intrusive<RecordVal>(BifType::Record::SMB2::Fscontrol);
+			auto r = make_intrusive<RecordVal>(zeek::BifType::Record::SMB2::Fscontrol);
 			r->Assign(0, val_mgr->Int(${val.free_space_start_filtering}));
 			r->Assign(1, val_mgr->Int(${val.free_space_start_threshold}));
 			r->Assign(2, val_mgr->Int(${val.free_space_stop_filtering}));

src/analyzer/protocol/smb/smb2-com-transform-header.pac

@@ -4,7 +4,7 @@ refine connection SMB_Conn += {
 		%{
 		if ( smb2_transform_header )
 			{
-			auto r = make_intrusive<RecordVal>(BifType::Record::SMB2::Transform_header);
+			auto r = make_intrusive<RecordVal>(zeek::BifType::Record::SMB2::Transform_header);
 			r->Assign(0, to_stringval(${hdr.signature}));
 			r->Assign(1, to_stringval(${hdr.nonce}));
 			r->Assign(2, val_mgr->Count(${hdr.orig_msg_size}));

src/analyzer/protocol/smb/smb2-com-tree-connect.pac

@@ -18,7 +18,7 @@ refine connection SMB_Conn += {
 
 		if ( smb2_tree_connect_response )
 			{
-			auto resp = make_intrusive<RecordVal>(BifType::Record::SMB2::TreeConnectResponse);
+			auto resp = make_intrusive<RecordVal>(zeek::BifType::Record::SMB2::TreeConnectResponse);
 			resp->Assign(0, val_mgr->Count(${val.share_type}));
 
 			BifEvent::enqueue_smb2_tree_connect_response(bro_analyzer(),

src/analyzer/protocol/smb/smb2-protocol.pac

@@ -11,7 +11,7 @@ IntrusivePtr<RecordVal> BuildSMB2ContextVal(SMB3_negotiate_context_value* ncv);
 %code{
 IntrusivePtr<RecordVal> BuildSMB2HeaderVal(SMB2_Header* hdr)
 	{
-	auto r = make_intrusive<RecordVal>(BifType::Record::SMB2::Header);
+	auto r = make_intrusive<RecordVal>(zeek::BifType::Record::SMB2::Header);
 	r->Assign(0, val_mgr->Count(${hdr.credit_charge}));
 	r->Assign(1, val_mgr->Count(${hdr.status}));
 	r->Assign(2, val_mgr->Count(${hdr.command}));
@@ -27,7 +27,7 @@ IntrusivePtr<RecordVal> BuildSMB2HeaderVal(SMB2_Header* hdr)
 
 IntrusivePtr<RecordVal> BuildSMB2GUID(SMB2_guid* file_id)
 	{
-	auto r = make_intrusive<RecordVal>(BifType::Record::SMB2::GUID);
+	auto r = make_intrusive<RecordVal>(zeek::BifType::Record::SMB2::GUID);
 	r->Assign(0, val_mgr->Count(${file_id.persistent}));
 	r->Assign(1, val_mgr->Count(${file_id._volatile}));
 	return r;
@@ -35,7 +35,7 @@ IntrusivePtr<RecordVal> BuildSMB2GUID(SMB2_guid* file_id)
 
 IntrusivePtr<RecordVal> smb2_file_attrs_to_bro(SMB2_file_attributes* val)
 	{
-	auto r = make_intrusive<RecordVal>(BifType::Record::SMB2::FileAttrs);
+	auto r = make_intrusive<RecordVal>(zeek::BifType::Record::SMB2::FileAttrs);
 	r->Assign(0, val_mgr->Bool(${val.read_only}));
 	r->Assign(1, val_mgr->Bool(${val.hidden}));
 	r->Assign(2, val_mgr->Bool(${val.system}));
@@ -56,7 +56,7 @@ IntrusivePtr<RecordVal> smb2_file_attrs_to_bro(SMB2_file_attributes* val)
 
 IntrusivePtr<RecordVal> BuildSMB2ContextVal(SMB3_negotiate_context_value* ncv)
 	{
-	auto r = make_intrusive<RecordVal>(BifType::Record::SMB2::NegotiateContextValue);
+	auto r = make_intrusive<RecordVal>(zeek::BifType::Record::SMB2::NegotiateContextValue);
 
 	r->Assign(0, val_mgr->Count(${ncv.context_type}));
 	r->Assign(1, val_mgr->Count(${ncv.data_length}));
@@ -64,7 +64,7 @@ IntrusivePtr<RecordVal> BuildSMB2ContextVal(SMB3_negotiate_context_value* ncv)
 	switch ( ${ncv.context_type} ) {
 	case SMB2_PREAUTH_INTEGRITY_CAPABILITIES:
 		{
-		auto rpreauth = make_intrusive<RecordVal>(BifType::Record::SMB2::PreAuthIntegrityCapabilities);
+		auto rpreauth = make_intrusive<RecordVal>(zeek::BifType::Record::SMB2::PreAuthIntegrityCapabilities);
 		rpreauth->Assign(0, val_mgr->Count(${ncv.preauth_integrity_capabilities.hash_alg_count}));
 		rpreauth->Assign(1, val_mgr->Count(${ncv.preauth_integrity_capabilities.salt_length}));
 
@@ -84,7 +84,7 @@ IntrusivePtr<RecordVal> BuildSMB2ContextVal(SMB3_negotiate_context_value* ncv)
 
 	case SMB2_ENCRYPTION_CAPABILITIES:
 		{
-		auto rencr = make_intrusive<RecordVal>(BifType::Record::SMB2::EncryptionCapabilities);
+		auto rencr = make_intrusive<RecordVal>(zeek::BifType::Record::SMB2::EncryptionCapabilities);
 		rencr->Assign(0, val_mgr->Count(${ncv.encryption_capabilities.cipher_count}));
 
 		auto c = make_intrusive<VectorVal>(zeek::id::index_vec);
@@ -102,7 +102,7 @@ IntrusivePtr<RecordVal> BuildSMB2ContextVal(SMB3_negotiate_context_value* ncv)
 
 	case SMB2_COMPRESSION_CAPABILITIES:
 		{
-		auto rcomp = make_intrusive<RecordVal>(BifType::Record::SMB2::CompressionCapabilities);
+		auto rcomp = make_intrusive<RecordVal>(zeek::BifType::Record::SMB2::CompressionCapabilities);
 		rcomp->Assign(0, val_mgr->Count(${ncv.compression_capabilities.alg_count}));
 
 		auto c = make_intrusive<VectorVal>(zeek::id::index_vec);

src/analyzer/protocol/snmp/snmp-analyzer.pac

@@ -44,7 +44,7 @@ AddrVal* network_address_to_val(const ASN1Encoding* na)
 
 Val* asn1_obj_to_val(const ASN1Encoding* obj)
 	{
-	RecordVal* rval = new RecordVal(BifType::Record::SNMP::ObjectValue);
+	RecordVal* rval = new RecordVal(zeek::BifType::Record::SNMP::ObjectValue);
 	uint8 tag = obj->meta()->tag();
 
 	rval->Assign(0, val_mgr->Count(tag));
@@ -92,13 +92,13 @@ Val* time_ticks_to_val(const TimeTicks* tt)
 
 IntrusivePtr<RecordVal> build_hdr(const Header* header)
 	{
-	auto rv = make_intrusive<RecordVal>(BifType::Record::SNMP::Header);
+	auto rv = make_intrusive<RecordVal>(zeek::BifType::Record::SNMP::Header);
 	rv->Assign(0, val_mgr->Count(header->version()));
 
 	switch ( header->version() ) {
 	case SNMPV1_TAG:
 		{
-		RecordVal* v1 = new RecordVal(BifType::Record::SNMP::HeaderV1);
+		RecordVal* v1 = new RecordVal(zeek::BifType::Record::SNMP::HeaderV1);
 		v1->Assign(0, asn1_octet_string_to_val(header->v1()->community()));
 		rv->Assign(1, v1);
 		}
@@ -106,7 +106,7 @@ IntrusivePtr<RecordVal> build_hdr(const Header* header)
 
 	case SNMPV2_TAG:
 		{
-		RecordVal* v2 = new RecordVal(BifType::Record::SNMP::HeaderV2);
+		RecordVal* v2 = new RecordVal(zeek::BifType::Record::SNMP::HeaderV2);
 		v2->Assign(0, asn1_octet_string_to_val(header->v2()->community()));
 		rv->Assign(2, v2);
 		}
@@ -124,7 +124,7 @@ IntrusivePtr<RecordVal> build_hdr(const Header* header)
 
 RecordVal* build_hdrV3(const Header* header)
 	{
-	RecordVal* v3 = new RecordVal(BifType::Record::SNMP::HeaderV3);
+	RecordVal* v3 = new RecordVal(zeek::BifType::Record::SNMP::HeaderV3);
 	const v3Header* v3hdr = header->v3();
 	const v3HeaderData* global_data = v3hdr->global_data();
 	bytestring const& flags = global_data->flags()->encoding()->content();
@@ -144,7 +144,7 @@ RecordVal* build_hdrV3(const Header* header)
 	if ( v3hdr->next()->tag() == ASN1_SEQUENCE_TAG )
 		{
 		const v3ScopedPDU* spdu = v3hdr->plaintext_pdu();
-		RecordVal* rv = new RecordVal(BifType::Record::SNMP::ScopedPDU_Context);
+		RecordVal* rv = new RecordVal(zeek::BifType::Record::SNMP::ScopedPDU_Context);
 		rv->Assign(0, asn1_octet_string_to_val(spdu->context_engine_id()));
 		rv->Assign(1, asn1_octet_string_to_val(spdu->context_name()));
 		v3->Assign(8, rv);
@@ -155,12 +155,12 @@ RecordVal* build_hdrV3(const Header* header)
 
 VectorVal* build_bindings(const VarBindList* vbl)
 	{
-	auto vv = make_intrusive<VectorVal>(IntrusivePtr{NewRef{}, BifType::Vector::SNMP::Bindings});
+	auto vv = make_intrusive<VectorVal>(zeek::BifType::Vector::SNMP::Bindings);
 
 	for ( size_t i = 0; i < vbl->bindings()->size(); ++i )
 		{
 		VarBind* vb = (*vbl->bindings())[i];
-		RecordVal* binding = new RecordVal(BifType::Record::SNMP::Binding);
+		RecordVal* binding = new RecordVal(zeek::BifType::Record::SNMP::Binding);
 		binding->Assign(0, asn1_oid_to_val(vb->name()->oid()));
 		binding->Assign(1, asn1_obj_to_val(vb->value()->encoding()));
 		vv->Assign(i, binding);
@@ -171,7 +171,7 @@ VectorVal* build_bindings(const VarBindList* vbl)
 
 IntrusivePtr<RecordVal> build_pdu(const CommonPDU* pdu)
 	{
-	auto rv = make_intrusive<RecordVal>(BifType::Record::SNMP::PDU);
+	auto rv = make_intrusive<RecordVal>(zeek::BifType::Record::SNMP::PDU);
 	rv->Assign(0, asn1_integer_to_val(pdu->request_id(), TYPE_INT));
 	rv->Assign(1, asn1_integer_to_val(pdu->error_status(), TYPE_INT));
 	rv->Assign(2, asn1_integer_to_val(pdu->error_index(), TYPE_INT));
@@ -181,7 +181,7 @@ IntrusivePtr<RecordVal> build_pdu(const CommonPDU* pdu)
 
 IntrusivePtr<RecordVal> build_trap_pdu(const TrapPDU* pdu)
 	{
-	auto rv = make_intrusive<RecordVal>(BifType::Record::SNMP::TrapPDU);
+	auto rv = make_intrusive<RecordVal>(zeek::BifType::Record::SNMP::TrapPDU);
 	rv->Assign(0, asn1_oid_to_val(pdu->enterprise()));
 	rv->Assign(1, network_address_to_val(pdu->agent_addr()));
 	rv->Assign(2, asn1_integer_to_val(pdu->generic_trap(), TYPE_INT));
@@ -193,7 +193,7 @@ IntrusivePtr<RecordVal> build_trap_pdu(const TrapPDU* pdu)
 
 IntrusivePtr<RecordVal> build_bulk_pdu(const GetBulkRequestPDU* pdu)
 	{
-	auto rv = make_intrusive<RecordVal>(BifType::Record::SNMP::BulkPDU);
+	auto rv = make_intrusive<RecordVal>(zeek::BifType::Record::SNMP::BulkPDU);
 	rv->Assign(0, asn1_integer_to_val(pdu->request_id(), TYPE_INT));
 	rv->Assign(1, asn1_integer_to_val(pdu->non_repeaters(), TYPE_COUNT));
 	rv->Assign(2, asn1_integer_to_val(pdu->max_repititions(), TYPE_COUNT));

src/analyzer/protocol/ssh/ssh-analyzer.pac

@@ -70,28 +70,28 @@ refine flow SSH_Flow += {
 		if ( ! ssh_capabilities )
 			return false;
 
-		auto result = make_intrusive<RecordVal>(BifType::Record::SSH::Capabilities);
+		auto result = make_intrusive<RecordVal>(zeek::BifType::Record::SSH::Capabilities);
 		result->Assign(0, name_list_to_vector(${msg.kex_algorithms.val}));
 		result->Assign(1, name_list_to_vector(${msg.server_host_key_algorithms.val}));
 
-		RecordVal* encryption_algs = new RecordVal(BifType::Record::SSH::Algorithm_Prefs);
+		RecordVal* encryption_algs = new RecordVal(zeek::BifType::Record::SSH::Algorithm_Prefs);
 		encryption_algs->Assign(0, name_list_to_vector(${msg.encryption_algorithms_client_to_server.val}));
 		encryption_algs->Assign(1, name_list_to_vector(${msg.encryption_algorithms_server_to_client.val}));
 		result->Assign(2, encryption_algs);
 
-		RecordVal* mac_algs = new RecordVal(BifType::Record::SSH::Algorithm_Prefs);
+		RecordVal* mac_algs = new RecordVal(zeek::BifType::Record::SSH::Algorithm_Prefs);
 		mac_algs->Assign(0, name_list_to_vector(${msg.mac_algorithms_client_to_server.val}));
 		mac_algs->Assign(1, name_list_to_vector(${msg.mac_algorithms_server_to_client.val}));
 		result->Assign(3, mac_algs);
 
-		RecordVal* compression_algs = new RecordVal(BifType::Record::SSH::Algorithm_Prefs);
+		RecordVal* compression_algs = new RecordVal(zeek::BifType::Record::SSH::Algorithm_Prefs);
 		compression_algs->Assign(0, name_list_to_vector(${msg.compression_algorithms_client_to_server.val}));
 		compression_algs->Assign(1, name_list_to_vector(${msg.compression_algorithms_server_to_client.val}));
 		result->Assign(4, compression_algs);
 
 		if ( ${msg.languages_client_to_server.len} || ${msg.languages_server_to_client.len} )
 			{
-			RecordVal* languages = new RecordVal(BifType::Record::SSH::Algorithm_Prefs);
+			RecordVal* languages = new RecordVal(zeek::BifType::Record::SSH::Algorithm_Prefs);
 			if ( ${msg.languages_client_to_server.len} )
 				languages->Assign(0, name_list_to_vector(${msg.languages_client_to_server.val}));
 			if ( ${msg.languages_server_to_client.len} )

src/analyzer/protocol/ssl/tls-handshake-analyzer.pac

@@ -161,7 +161,7 @@ refine connection Handshake_Conn += {
 			{
 			for ( unsigned int i = 0; i < supported_signature_algorithms->size(); ++i )
 				{
-				RecordVal* el = new RecordVal(BifType::Record::SSL::SignatureAndHashAlgorithm);
+				RecordVal* el = new RecordVal(zeek::BifType::Record::SSL::SignatureAndHashAlgorithm);
 				el->Assign(0, val_mgr->Count((*supported_signature_algorithms)[i]->HashAlgorithm()));
 				el->Assign(1, val_mgr->Count((*supported_signature_algorithms)[i]->SignatureAlgorithm()));
 				slist->Assign(i, el);
@@ -342,7 +342,7 @@ refine connection Handshake_Conn += {
 
 		if ( ssl_server_signature )
 			{
-			auto ha = make_intrusive<RecordVal>(BifType::Record::SSL::SignatureAndHashAlgorithm);
+			auto ha = make_intrusive<RecordVal>(zeek::BifType::Record::SSL::SignatureAndHashAlgorithm);
 
 			if ( ${kex.signed_params.uses_signature_and_hashalgorithm} )
 				{
@@ -414,7 +414,7 @@ refine connection Handshake_Conn += {
 		if ( ! ssl_extension_signed_certificate_timestamp )
 			return true;
 
-		auto ha = make_intrusive<RecordVal>(BifType::Record::SSL::SignatureAndHashAlgorithm);
+		auto ha = make_intrusive<RecordVal>(zeek::BifType::Record::SSL::SignatureAndHashAlgorithm);
 		ha->Assign(0, val_mgr->Count(digitally_signed_algorithms->HashAlgorithm()));
 		ha->Assign(1, val_mgr->Count(digitally_signed_algorithms->SignatureAlgorithm()));
 
@@ -442,7 +442,7 @@ refine connection Handshake_Conn += {
 
 		if ( ssl_server_signature )
 			{
-			auto ha = make_intrusive<RecordVal>(BifType::Record::SSL::SignatureAndHashAlgorithm);
+			auto ha = make_intrusive<RecordVal>(zeek::BifType::Record::SSL::SignatureAndHashAlgorithm);
 
 			if ( ${signed_params.uses_signature_and_hashalgorithm} )
 				{
@@ -498,7 +498,7 @@ refine connection Handshake_Conn += {
 			{
 			for ( auto&& identity : *(identities->identities()) )
 				{
-				RecordVal* el = new RecordVal(BifType::Record::SSL::PSKIdentity);
+				RecordVal* el = new RecordVal(zeek::BifType::Record::SSL::PSKIdentity);
 				el->Assign(0, make_intrusive<StringVal>(identity->identity().length(), (const char*) identity->identity().data()));
 				el->Assign(1, val_mgr->Count(identity->obfuscated_ticket_age()));
 				slist->Assign(slist->Size(), el);

src/analyzer/protocol/tcp/TCP.cc

@@ -1356,7 +1356,7 @@ int TCP_Analyzer::ParseTCPOptions(const struct tcphdr* tcp, bool is_orig)
 
 	if ( tcp_options )
 		{
-		auto option_list = make_intrusive<VectorVal>(IntrusivePtr{NewRef{}, BifType::Vector::TCP::OptionList});
+		auto option_list = make_intrusive<VectorVal>(zeek::BifType::Vector::TCP::OptionList);
 
 		auto add_option_data = [](RecordVal* rv, const u_char* odata, int olen)
 			{
@@ -1372,7 +1372,7 @@ int TCP_Analyzer::ParseTCPOptions(const struct tcphdr* tcp, bool is_orig)
 			{
 			auto kind = o[0];
 			auto length = kind < 2 ? 1 : o[1];
-			auto option_record = new RecordVal(BifType::Record::TCP::Option);
+			auto option_record = new RecordVal(zeek::BifType::Record::TCP::Option);
 			option_list->Assign(option_list->Size(), option_record);
 			option_record->Assign(0, val_mgr->Count(kind));
 			option_record->Assign(1, val_mgr->Count(length));

src/broker/Data.cc

@@ -1016,7 +1016,7 @@ broker::expected<broker::data> bro_broker::val_to_data(const Val* v)
 
 IntrusivePtr<RecordVal> bro_broker::make_data_val(Val* v)
 	{
-	auto rval = make_intrusive<RecordVal>(BifType::Record::Broker::Data);
+	auto rval = make_intrusive<RecordVal>(zeek::BifType::Record::Broker::Data);
 	auto data = val_to_data(v);
 
 	if  ( data )
@@ -1029,7 +1029,7 @@ IntrusivePtr<RecordVal> bro_broker::make_data_val(Val* v)
 
 IntrusivePtr<RecordVal> bro_broker::make_data_val(broker::data d)
 	{
-	auto rval = make_intrusive<RecordVal>(BifType::Record::Broker::Data);
+	auto rval = make_intrusive<RecordVal>(zeek::BifType::Record::Broker::Data);
 	rval->Assign(0, make_intrusive<DataVal>(move(d)));
 	return rval;
 	}
@@ -1039,72 +1039,72 @@ struct data_type_getter {
 
 	result_type operator()(broker::none)
 		{
-		return BifType::Enum::Broker::DataType->GetVal(BifEnum::Broker::NONE);
+		return zeek::BifType::Enum::Broker::DataType->GetVal(BifEnum::Broker::NONE);
 		}
 
 	result_type operator()(bool)
 		{
-		return BifType::Enum::Broker::DataType->GetVal(BifEnum::Broker::BOOL);
+		return zeek::BifType::Enum::Broker::DataType->GetVal(BifEnum::Broker::BOOL);
 		}
 
 	result_type operator()(uint64_t)
 		{
-		return BifType::Enum::Broker::DataType->GetVal(BifEnum::Broker::COUNT);
+		return zeek::BifType::Enum::Broker::DataType->GetVal(BifEnum::Broker::COUNT);
 		}
 
 	result_type operator()(int64_t)
 		{
-		return BifType::Enum::Broker::DataType->GetVal(BifEnum::Broker::INT);
+		return zeek::BifType::Enum::Broker::DataType->GetVal(BifEnum::Broker::INT);
 		}
 
 	result_type operator()(double)
 		{
-		return BifType::Enum::Broker::DataType->GetVal(BifEnum::Broker::DOUBLE);
+		return zeek::BifType::Enum::Broker::DataType->GetVal(BifEnum::Broker::DOUBLE);
 		}
 
 	result_type operator()(const std::string&)
 		{
-		return BifType::Enum::Broker::DataType->GetVal(BifEnum::Broker::STRING);
+		return zeek::BifType::Enum::Broker::DataType->GetVal(BifEnum::Broker::STRING);
 		}
 
 	result_type operator()(const broker::address&)
 		{
-		return BifType::Enum::Broker::DataType->GetVal(BifEnum::Broker::ADDR);
+		return zeek::BifType::Enum::Broker::DataType->GetVal(BifEnum::Broker::ADDR);
 		}
 
 	result_type operator()(const broker::subnet&)
 		{
-		return BifType::Enum::Broker::DataType->GetVal(BifEnum::Broker::SUBNET);
+		return zeek::BifType::Enum::Broker::DataType->GetVal(BifEnum::Broker::SUBNET);
 		}
 
 	result_type operator()(const broker::port&)
 		{
-		return BifType::Enum::Broker::DataType->GetVal(BifEnum::Broker::PORT);
+		return zeek::BifType::Enum::Broker::DataType->GetVal(BifEnum::Broker::PORT);
 		}
 
 	result_type operator()(const broker::timestamp&)
 		{
-		return BifType::Enum::Broker::DataType->GetVal(BifEnum::Broker::TIME);
+		return zeek::BifType::Enum::Broker::DataType->GetVal(BifEnum::Broker::TIME);
 		}
 
 	result_type operator()(const broker::timespan&)
 		{
-		return BifType::Enum::Broker::DataType->GetVal(BifEnum::Broker::INTERVAL);
+		return zeek::BifType::Enum::Broker::DataType->GetVal(BifEnum::Broker::INTERVAL);
 		}
 
 	result_type operator()(const broker::enum_value&)
 		{
-		return BifType::Enum::Broker::DataType->GetVal(BifEnum::Broker::ENUM);
+		return zeek::BifType::Enum::Broker::DataType->GetVal(BifEnum::Broker::ENUM);
 		}
 
 	result_type operator()(const broker::set&)
 		{
-		return BifType::Enum::Broker::DataType->GetVal(BifEnum::Broker::SET);
+		return zeek::BifType::Enum::Broker::DataType->GetVal(BifEnum::Broker::SET);
 		}
 
 	result_type operator()(const broker::table&)
 		{
-		return BifType::Enum::Broker::DataType->GetVal(BifEnum::Broker::TABLE);
+		return zeek::BifType::Enum::Broker::DataType->GetVal(BifEnum::Broker::TABLE);
 		}
 
 	result_type operator()(const broker::vector&)
@@ -1112,7 +1112,7 @@ struct data_type_getter {
 		// Note that Broker uses vectors to store record data, so there's
 		// no actual way to tell if this data was originally associated
 		// with a Bro record.
-		return BifType::Enum::Broker::DataType->GetVal(BifEnum::Broker::VECTOR);
+		return zeek::BifType::Enum::Broker::DataType->GetVal(BifEnum::Broker::VECTOR);
 		}
 };
 

src/broker/Manager.cc

@@ -699,7 +699,7 @@ bool Manager::AutoUnpublishEvent(const string& topic, Val* event)
 
 RecordVal* Manager::MakeEvent(val_list* args, Frame* frame)
 	{
-	auto rval = new RecordVal(BifType::Record::Broker::Event);
+	auto rval = new RecordVal(zeek::BifType::Record::Broker::Event);
 	auto arg_vec = make_intrusive<VectorVal>(vector_of_data_type);
 	rval->Assign(1, arg_vec);
 	Func* func = nullptr;
@@ -1351,7 +1351,7 @@ void Manager::ProcessError(broker::error err)
 		}
 
 	mgr.Enqueue(Broker::error,
-		BifType::Enum::Broker::ErrorCode->GetVal(ec),
+		zeek::BifType::Enum::Broker::ErrorCode->GetVal(ec),
 		make_intrusive<StringVal>(msg)
 	);
 	}

src/broker/Store.h

@@ -26,9 +26,9 @@ EnumVal* query_status(bool success);
  */
 inline IntrusivePtr<RecordVal> query_result()
 	{
-	auto rval = make_intrusive<RecordVal>(BifType::Record::Broker::QueryResult);
+	auto rval = make_intrusive<RecordVal>(zeek::BifType::Record::Broker::QueryResult);
 	rval->Assign(0, query_status(false));
-	rval->Assign(1, make_intrusive<RecordVal>(BifType::Record::Broker::Data));
+	rval->Assign(1, make_intrusive<RecordVal>(zeek::BifType::Record::Broker::Data));
 	return rval;
 	}
 
@@ -39,7 +39,7 @@ inline IntrusivePtr<RecordVal> query_result()
  */
 inline IntrusivePtr<RecordVal> query_result(IntrusivePtr<RecordVal> data)
 	{
-	auto rval = make_intrusive<RecordVal>(BifType::Record::Broker::QueryResult);
+	auto rval = make_intrusive<RecordVal>(zeek::BifType::Record::Broker::QueryResult);
 	rval->Assign(0, query_status(true));
 	rval->Assign(1, std::move(data));
 	return rval;

src/broker/comm.bif

@@ -123,7 +123,7 @@ function Broker::__peers%(%): PeerInfos
 
 		auto ps = (BifEnum::Broker::PeerStatus)p.status;
 		peer_info->Assign(0, endpoint_info);
-		peer_info->Assign(1, BifType::Enum::Broker::PeerStatus->GetVal(ps));
+		peer_info->Assign(1, zeek::BifType::Enum::Broker::PeerStatus->GetVal(ps));
 
 		rval->Assign(i, peer_info);
 		++i;

src/broker/data.bif

@@ -146,7 +146,7 @@ function Broker::__set_iterator_next%(it: opaque of Broker::SetIterator%): bool
 function Broker::__set_iterator_value%(it: opaque of Broker::SetIterator%): Broker::Data
 	%{
 	auto set_it = static_cast<bro_broker::SetIterator*>(it);
-	auto rval = make_intrusive<RecordVal>(BifType::Record::Broker::Data);
+	auto rval = make_intrusive<RecordVal>(zeek::BifType::Record::Broker::Data);
 
 	if ( set_it->it == set_it->dat.end() )
 		{
@@ -204,7 +204,7 @@ function Broker::__table_insert%(t: Broker::Data, key: any, val: any%): Broker::
 	if ( ! k )
 		{
 		builtin_error("invalid Broker data conversion for key argument");
-		return make_intrusive<RecordVal>(BifType::Record::Broker::Data);
+		return make_intrusive<RecordVal>(zeek::BifType::Record::Broker::Data);
 		}
 
 	auto v = bro_broker::val_to_data(val);
@@ -212,7 +212,7 @@ function Broker::__table_insert%(t: Broker::Data, key: any, val: any%): Broker::
 	if ( ! v )
 		{
 		builtin_error("invalid Broker data conversion for value argument");
-		return make_intrusive<RecordVal>(BifType::Record::Broker::Data);
+		return make_intrusive<RecordVal>(zeek::BifType::Record::Broker::Data);
 		}
 
 	try
@@ -225,7 +225,7 @@ function Broker::__table_insert%(t: Broker::Data, key: any, val: any%): Broker::
 	catch (const std::out_of_range&)
 		{
 		table[std::move(*k)] = std::move(*v);
-		return make_intrusive<RecordVal>(BifType::Record::Broker::Data);
+		return make_intrusive<RecordVal>(zeek::BifType::Record::Broker::Data);
 		}
 	%}
 
@@ -239,13 +239,13 @@ function Broker::__table_remove%(t: Broker::Data, key: any%): Broker::Data
 	if ( ! k )
 		{
 		builtin_error("invalid Broker data conversion for key argument");
-		return make_intrusive<RecordVal>(BifType::Record::Broker::Data);
+		return make_intrusive<RecordVal>(zeek::BifType::Record::Broker::Data);
 		}
 
 	auto it = table.find(*k);
 
 	if ( it == table.end() )
-		return make_intrusive<RecordVal>(BifType::Record::Broker::Data);
+		return make_intrusive<RecordVal>(zeek::BifType::Record::Broker::Data);
 	else
 		{
 		auto rval = bro_broker::make_data_val(move(it->second));
@@ -264,13 +264,13 @@ function Broker::__table_lookup%(t: Broker::Data, key: any%): Broker::Data
 	if ( ! k )
 		{
 		builtin_error("invalid Broker data conversion for key argument");
-		return make_intrusive<RecordVal>(BifType::Record::Broker::Data);
+		return make_intrusive<RecordVal>(zeek::BifType::Record::Broker::Data);
 		}
 
 	auto it = table.find(*k);
 
 	if ( it == table.end() )
-		return make_intrusive<RecordVal>(BifType::Record::Broker::Data);
+		return make_intrusive<RecordVal>(zeek::BifType::Record::Broker::Data);
 	else
 		return bro_broker::make_data_val(it->second);
 	%}
@@ -300,9 +300,9 @@ function Broker::__table_iterator_next%(it: opaque of Broker::TableIterator%): b
 function Broker::__table_iterator_value%(it: opaque of Broker::TableIterator%): Broker::TableItem
 	%{
 	auto ti = static_cast<bro_broker::TableIterator*>(it);
-	auto rval = make_intrusive<RecordVal>(BifType::Record::Broker::TableItem);
+	auto rval = make_intrusive<RecordVal>(zeek::BifType::Record::Broker::TableItem);
-	auto key_val = new RecordVal(BifType::Record::Broker::Data);
+	auto key_val = new RecordVal(zeek::BifType::Record::Broker::Data);
-	auto val_val = new RecordVal(BifType::Record::Broker::Data);
+	auto val_val = new RecordVal(zeek::BifType::Record::Broker::Data);
 	rval->Assign(0, key_val);
 	rval->Assign(1, val_val);
 
@@ -367,7 +367,7 @@ function Broker::__vector_replace%(v: Broker::Data, idx: count, d: any%): Broker
 		}
 
 	if ( idx >= vec.size() )
-		return make_intrusive<RecordVal>(BifType::Record::Broker::Data);
+		return make_intrusive<RecordVal>(zeek::BifType::Record::Broker::Data);
 
 	auto rval = bro_broker::make_data_val(move(vec[idx]));
 	vec[idx] = std::move(*item);
@@ -380,7 +380,7 @@ function Broker::__vector_remove%(v: Broker::Data, idx: count%): Broker::Data
 	                                                          TYPE_VECTOR, frame);
 
 	if ( idx >= vec.size() )
-		return make_intrusive<RecordVal>(BifType::Record::Broker::Data);
+		return make_intrusive<RecordVal>(zeek::BifType::Record::Broker::Data);
 
 	auto rval = bro_broker::make_data_val(move(vec[idx]));
 	vec.erase(vec.begin() + idx);
@@ -393,7 +393,7 @@ function Broker::__vector_lookup%(v: Broker::Data, idx: count%): Broker::Data
 	                                                          TYPE_VECTOR, frame);
 
 	if ( idx >= vec.size() )
-		return make_intrusive<RecordVal>(BifType::Record::Broker::Data);
+		return make_intrusive<RecordVal>(zeek::BifType::Record::Broker::Data);
 
 	return bro_broker::make_data_val(vec[idx]);
 	%}
@@ -423,7 +423,7 @@ function Broker::__vector_iterator_next%(it: opaque of Broker::VectorIterator%):
 function Broker::__vector_iterator_value%(it: opaque of Broker::VectorIterator%): Broker::Data
 	%{
 	auto vi = static_cast<bro_broker::VectorIterator*>(it);
-	auto rval = make_intrusive<RecordVal>(BifType::Record::Broker::Data);
+	auto rval = make_intrusive<RecordVal>(zeek::BifType::Record::Broker::Data);
 
 	if ( vi->it == vi->dat.end() )
 		{
@@ -472,7 +472,7 @@ function Broker::__record_lookup%(r: Broker::Data, idx: count%): Broker::Data
 	                                                        TYPE_RECORD, frame);
 
 	if ( idx >= v.size() || caf::get_if<broker::none>(&v[idx]) )
-		return make_intrusive<RecordVal>(BifType::Record::Broker::Data);
+		return make_intrusive<RecordVal>(zeek::BifType::Record::Broker::Data);
 
 	return bro_broker::make_data_val(v[idx]);
 	%}
@@ -502,7 +502,7 @@ function Broker::__record_iterator_next%(it: opaque of Broker::RecordIterator%):
 function Broker::__record_iterator_value%(it: opaque of Broker::RecordIterator%): Broker::Data
 	%{
 	auto ri = static_cast<bro_broker::RecordIterator*>(it);
-	auto rval = make_intrusive<RecordVal>(BifType::Record::Broker::Data);
+	auto rval = make_intrusive<RecordVal>(zeek::BifType::Record::Broker::Data);
 
 	if ( ri->it == ri->dat.end() )
 		{

src/file_analysis/AnalyzerSet.cc

@@ -22,7 +22,7 @@ AnalyzerSet::AnalyzerSet(File* arg_file) : file(arg_file)
 	{
 	auto t = make_intrusive<TypeList>();
 	t->Append(file_mgr->GetTagType());
-	t->Append({NewRef{}, BifType::Record::Files::AnalyzerArgs});
+	t->Append(zeek::BifType::Record::Files::AnalyzerArgs);
 	analyzer_hash = new CompositeHash(std::move(t));
 	analyzer_map.SetDeleteFunc(analyzer_del_func);
 	}

src/file_analysis/analyzer/extract/functions.bif

@@ -10,8 +10,8 @@ module FileExtract;
 ## :zeek:see:`FileExtract::set_limit`.
 function FileExtract::__set_limit%(file_id: string, args: any, n: count%): bool
 	%{
-	using BifType::Record::Files::AnalyzerArgs;
+	using zeek::BifType::Record::Files::AnalyzerArgs;
-	auto rv = args->AsRecordVal()->CoerceTo(AnalyzerArgs);
+	auto rv = args->AsRecordVal()->CoerceTo(AnalyzerArgs.get());
 	bool result = file_mgr->SetExtractionLimit(file_id->CheckString(), rv.get(), n);
 	return val_mgr->Bool(result);
 	%}

src/file_analysis/analyzer/pe/pe-analyzer.pac

@@ -42,7 +42,7 @@ refine flow File += {
 		%{
 		if ( pe_dos_header )
 			{
-			auto dh = make_intrusive<RecordVal>(BifType::Record::PE::DOSHeader);
+			auto dh = make_intrusive<RecordVal>(zeek::BifType::Record::PE::DOSHeader);
 			dh->Assign(0, make_intrusive<StringVal>(${h.signature}.length(), (const char*) ${h.signature}.data()));
 			dh->Assign(1, val_mgr->Count(${h.UsedBytesInTheLastPage}));
 			dh->Assign(2, val_mgr->Count(${h.FileSizeInPages}));
@@ -92,7 +92,7 @@ refine flow File += {
 		%{
 		if ( pe_file_header )
 			{
-			auto fh = make_intrusive<RecordVal>(BifType::Record::PE::FileHeader);
+			auto fh = make_intrusive<RecordVal>(zeek::BifType::Record::PE::FileHeader);
 			fh->Assign(0, val_mgr->Count(${h.Machine}));
 			fh->Assign(1, make_intrusive<Val>(static_cast<double>(${h.TimeDateStamp}), TYPE_TIME));
 			fh->Assign(2, val_mgr->Count(${h.PointerToSymbolTable}));
@@ -120,7 +120,7 @@ refine flow File += {
 
 		if ( pe_optional_header )
 			{
-			auto oh = make_intrusive<RecordVal>(BifType::Record::PE::OptionalHeader);
+			auto oh = make_intrusive<RecordVal>(zeek::BifType::Record::PE::OptionalHeader);
 
 			oh->Assign(0, val_mgr->Count(${h.magic}));
 			oh->Assign(1, val_mgr->Count(${h.major_linker_version}));
@@ -162,7 +162,7 @@ refine flow File += {
 		%{
 		if ( pe_section_header )
 			{
-			auto section_header = make_intrusive<RecordVal>(BifType::Record::PE::SectionHeader);
+			auto section_header = make_intrusive<RecordVal>(zeek::BifType::Record::PE::SectionHeader);
 
 			// Strip null characters from the end of the section name.
 			u_char* first_null = (u_char*) memchr(${h.name}.data(), 0, ${h.name}.length());

src/file_analysis/analyzer/unified2/unified2-analyzer.pac

@@ -66,7 +66,7 @@ refine flow Flow += {
 		%{
 		if ( ::unified2_event )
 			{
-			auto ids_event = make_intrusive<RecordVal>(BifType::Record::Unified2::IDSEvent);
+			auto ids_event = make_intrusive<RecordVal>(zeek::BifType::Record::Unified2::IDSEvent);
 			ids_event->Assign(0, val_mgr->Count(${ev.sensor_id}));
 			ids_event->Assign(1, val_mgr->Count(${ev.event_id}));
 			ids_event->Assign(2, make_intrusive<Val>(ts_to_double(${ev.ts}), TYPE_TIME));
@@ -92,7 +92,7 @@ refine flow Flow += {
 		%{
 		if ( ::unified2_event )
 			{
-			auto ids_event = make_intrusive<RecordVal>(BifType::Record::Unified2::IDSEvent);
+			auto ids_event = make_intrusive<RecordVal>(zeek::BifType::Record::Unified2::IDSEvent);
 			ids_event->Assign(0, val_mgr->Count(${ev.sensor_id}));
 			ids_event->Assign(1, val_mgr->Count(${ev.event_id}));
 			ids_event->Assign(2, make_intrusive<Val>(ts_to_double(${ev.ts}), TYPE_TIME));
@@ -123,7 +123,7 @@ refine flow Flow += {
 		%{
 		if ( ::unified2_packet )
 			{
-			auto packet = make_intrusive<RecordVal>(BifType::Record::Unified2::Packet);
+			auto packet = make_intrusive<RecordVal>(zeek::BifType::Record::Unified2::Packet);
 			packet->Assign(0, val_mgr->Count(${pkt.sensor_id}));
 			packet->Assign(1, val_mgr->Count(${pkt.event_id}));
 			packet->Assign(2, val_mgr->Count(${pkt.event_second}));

src/file_analysis/analyzer/x509/X509.cc

@@ -117,7 +117,7 @@ IntrusivePtr<RecordVal> file_analysis::X509::ParseCertificate(X509Val* cert_val,
 	char buf[2048]; // we need a buffer for some of the openssl functions
 	memset(buf, 0, sizeof(buf));
 
-	auto pX509Cert = make_intrusive<RecordVal>(BifType::Record::X509::Certificate);
+	auto pX509Cert = make_intrusive<RecordVal>(zeek::BifType::Record::X509::Certificate);
 	BIO *bio = BIO_new(BIO_s_mem());
 
 	pX509Cert->Assign(0, val_mgr->Count((uint64_t) X509_get_version(ssl_cert) + 1));
@@ -286,7 +286,7 @@ void file_analysis::X509::ParseBasicConstraints(X509_EXTENSION* ex)
 		{
 		if ( x509_ext_basic_constraints )
 			{
-			auto pBasicConstraint = make_intrusive<RecordVal>(BifType::Record::X509::BasicConstraints);
+			auto pBasicConstraint = make_intrusive<RecordVal>(zeek::BifType::Record::X509::BasicConstraints);
 			pBasicConstraint->Assign(0, val_mgr->Bool(constr->ca));
 
 			if ( constr->pathlen )
@@ -417,7 +417,7 @@ void file_analysis::X509::ParseSAN(X509_EXTENSION* ext)
 			}
 		}
 
-		auto sanExt = make_intrusive<RecordVal>(BifType::Record::X509::SubjectAlternativeName);
+		auto sanExt = make_intrusive<RecordVal>(zeek::BifType::Record::X509::SubjectAlternativeName);
 
 		if ( names != nullptr )
 			sanExt->Assign(0, names);

src/file_analysis/analyzer/x509/X509Common.cc

@@ -269,7 +269,7 @@ void file_analysis::X509Common::ParseExtension(X509_EXTENSION* ex, const EventHa
 	if ( ! ext_val )
 		ext_val = make_intrusive<StringVal>(0, "");
 
-	auto pX509Ext = make_intrusive<RecordVal>(BifType::Record::X509::Extension);
+	auto pX509Ext = make_intrusive<RecordVal>(zeek::BifType::Record::X509::Extension);
 	pX509Ext->Assign(0, make_intrusive<StringVal>(name));
 
 	if ( short_name and strlen(short_name) > 0 )

src/file_analysis/analyzer/x509/functions.bif

@@ -13,7 +13,7 @@
 // construct an error record
 IntrusivePtr<RecordVal> x509_result_record(uint64_t num, const char* reason, Val* chainVector = nullptr)
 	{
-	auto rrecord = make_intrusive<RecordVal>(BifType::Record::X509::Result);
+	auto rrecord = make_intrusive<RecordVal>(zeek::BifType::Record::X509::Result);
 
 	rrecord->Assign(0, val_mgr->Int(num));
 	rrecord->Assign(1, make_intrusive<StringVal>(reason));

src/file_analysis/file_analysis.bif

@@ -41,8 +41,8 @@ function Files::__set_reassembly_buffer%(file_id: string, max: count%): bool
 ## :zeek:see:`Files::add_analyzer`.
 function Files::__add_analyzer%(file_id: string, tag: Files::Tag, args: any%): bool
 	%{
-	using BifType::Record::Files::AnalyzerArgs;
+	using zeek::BifType::Record::Files::AnalyzerArgs;
-	auto rv = args->AsRecordVal()->CoerceTo(AnalyzerArgs);
+	auto rv = args->AsRecordVal()->CoerceTo(AnalyzerArgs.get());
 	bool result = file_mgr->AddAnalyzer(file_id->CheckString(),
 	                                    file_mgr->GetComponentTag(tag), rv.get());
 	return val_mgr->Bool(result);
@@ -51,8 +51,8 @@ function Files::__add_analyzer%(file_id: string, tag: Files::Tag, args: any%): b
 ## :zeek:see:`Files::remove_analyzer`.
 function Files::__remove_analyzer%(file_id: string, tag: Files::Tag, args: any%): bool
 	%{
-	using BifType::Record::Files::AnalyzerArgs;
+	using zeek::BifType::Record::Files::AnalyzerArgs;
-	auto rv = args->AsRecordVal()->CoerceTo(AnalyzerArgs);
+	auto rv = args->AsRecordVal()->CoerceTo(AnalyzerArgs.get());
 	bool result = file_mgr->RemoveAnalyzer(file_id->CheckString(),
 	                                       file_mgr->GetComponentTag(tag) , rv.get());
 	return val_mgr->Bool(result);

src/input/Manager.cc

@@ -225,9 +225,9 @@ ReaderBackend* Manager::CreateBackend(ReaderFrontend* frontend, EnumVal* tag)
 bool Manager::CreateStream(Stream* info, RecordVal* description)
 	{
 	RecordType* rtype = description->GetType()->AsRecordType();
-	if ( ! ( same_type(rtype, BifType::Record::Input::TableDescription, false)
+	if ( ! ( same_type(rtype, zeek::BifType::Record::Input::TableDescription.get(), false)
-		|| same_type(rtype, BifType::Record::Input::EventDescription, false)
+		|| same_type(rtype, zeek::BifType::Record::Input::EventDescription.get(), false)
-		|| same_type(rtype, BifType::Record::Input::AnalysisDescription, false) ) )
+		|| same_type(rtype, zeek::BifType::Record::Input::AnalysisDescription.get(), false) ) )
 		{
 		reporter->Error("Stream description argument not of right type for new input stream");
 		return false;
@@ -311,7 +311,7 @@ bool Manager::CreateStream(Stream* info, RecordVal* description)
 bool Manager::CreateEventStream(RecordVal* fval)
 	{
 	RecordType* rtype = fval->GetType()->AsRecordType();
-	if ( ! same_type(rtype, BifType::Record::Input::EventDescription, false) )
+	if ( ! same_type(rtype, zeek::BifType::Record::Input::EventDescription.get(), false) )
 		{
 		reporter->Error("EventDescription argument not of right type");
 		return false;
@@ -344,13 +344,13 @@ bool Manager::CreateEventStream(RecordVal* fval)
 		return false;
 		}
 
-	if ( ! same_type(args[1].get(), BifType::Enum::Input::Event, false) )
+	if ( ! same_type(args[1].get(), zeek::BifType::Enum::Input::Event.get(), false) )
 		{
 		reporter->Error("Input stream %s: Event's second attribute must be of type Input::Event", stream_name.c_str());
 		return false;
 		}
 
-	if ( ! same_type(args[0].get(), BifType::Record::Input::EventDescription, false) )
+	if ( ! same_type(args[0].get(), zeek::BifType::Record::Input::EventDescription.get(), false) )
 		{
 		reporter->Error("Input stream %s: Event's first attribute must be of type Input::EventDescription", stream_name.c_str());
 		return false;
@@ -464,7 +464,7 @@ bool Manager::CreateEventStream(RecordVal* fval)
 bool Manager::CreateTableStream(RecordVal* fval)
 	{
 	RecordType* rtype = fval->GetType()->AsRecordType();
-	if ( ! same_type(rtype, BifType::Record::Input::TableDescription, false) )
+	if ( ! same_type(rtype, zeek::BifType::Record::Input::TableDescription.get(), false) )
 		{
 		reporter->Error("TableDescription argument not of right type");
 		return false;
@@ -572,13 +572,13 @@ bool Manager::CreateTableStream(RecordVal* fval)
 			return false;
 			}
 
-		if ( ! same_type(args[0].get(), BifType::Record::Input::TableDescription, false) )
+		if ( ! same_type(args[0].get(), zeek::BifType::Record::Input::TableDescription.get(), false) )
 			{
 			reporter->Error("Input stream %s: Table event's first attribute must be of type Input::TableDescription", stream_name.c_str());
 			return false;
 			}
 
-		if ( ! same_type(args[1].get(), BifType::Enum::Input::Event, false) )
+		if ( ! same_type(args[1].get(), zeek::BifType::Enum::Input::Event.get(), false) )
 			{
 			reporter->Error("Input stream %s: Table event's second attribute must be of type Input::Event", stream_name.c_str());
 			return false;
@@ -719,13 +719,13 @@ bool Manager::CheckErrorEventTypes(const std::string& stream_name, const Func* e
 		return false;
 		}
 
-	if ( table && ! same_type(args[0].get(), BifType::Record::Input::TableDescription, false) )
+	if ( table && ! same_type(args[0].get(), zeek::BifType::Record::Input::TableDescription.get(), false) )
 		{
 		reporter->Error("Input stream %s: Error event's first attribute must be of type Input::TableDescription", stream_name.c_str());
 		return false;
 		}
 
-	if ( ! table && ! same_type(args[0].get(), BifType::Record::Input::EventDescription, false) )
+	if ( ! table && ! same_type(args[0].get(), zeek::BifType::Record::Input::EventDescription.get(), false) )
 		{
 		reporter->Error("Input stream %s: Error event's first attribute must be of type Input::EventDescription", stream_name.c_str());
 		return false;
@@ -737,7 +737,7 @@ bool Manager::CheckErrorEventTypes(const std::string& stream_name, const Func* e
 		return false;
 		}
 
-	if ( ! same_type(args[2].get(), BifType::Enum::Reporter::Level, false) )
+	if ( ! same_type(args[2].get(), zeek::BifType::Enum::Reporter::Level.get(), false) )
 		{
 		reporter->Error("Input stream %s: Error event's third attribute must be of type Reporter::Level", stream_name.c_str());
 		return false;
@@ -750,7 +750,7 @@ bool Manager::CreateAnalysisStream(RecordVal* fval)
 	{
 	RecordType* rtype = fval->GetType()->AsRecordType();
 
-	if ( ! same_type(rtype, BifType::Record::Input::AnalysisDescription, false) )
+	if ( ! same_type(rtype, zeek::BifType::Record::Input::AnalysisDescription.get(), false) )
 		{
 		reporter->Error("AnalysisDescription argument not of right type");
 		return false;
@@ -1072,7 +1072,7 @@ void Manager::SendEntry(ReaderFrontend* reader, Value* *vals)
 
 	else if ( i->stream_type == EVENT_STREAM )
 		{
-		EnumVal* type = BifType::Enum::Input::Event->GetVal(BifEnum::Input::EVENT_NEW).release();
+		EnumVal* type = zeek::BifType::Enum::Input::Event->GetVal(BifEnum::Input::EVENT_NEW).release();
 		readFields = SendEventStreamEvent(i, type, vals);
 		}
 
@@ -1177,9 +1177,9 @@ int Manager::SendEntryTable(Stream* i, const Value* const *vals)
 		if ( ! pred_convert_error )
 			{
 			if ( updated )
-				ev = BifType::Enum::Input::Event->GetVal(BifEnum::Input::EVENT_CHANGED).release();
+				ev = zeek::BifType::Enum::Input::Event->GetVal(BifEnum::Input::EVENT_CHANGED).release();
 			else
-				ev = BifType::Enum::Input::Event->GetVal(BifEnum::Input::EVENT_NEW).release();
+				ev = zeek::BifType::Enum::Input::Event->GetVal(BifEnum::Input::EVENT_NEW).release();
 
 			bool result;
 			if ( stream->num_val_fields > 0 ) // we have values
@@ -1278,13 +1278,13 @@ int Manager::SendEntryTable(Stream* i, const Value* const *vals)
 		else if ( updated )
 			{ // in case of update send back the old value.
 			assert ( stream->num_val_fields > 0 );
-			ev = BifType::Enum::Input::Event->GetVal(BifEnum::Input::EVENT_CHANGED).release();
+			ev = zeek::BifType::Enum::Input::Event->GetVal(BifEnum::Input::EVENT_CHANGED).release();
 			assert ( oldval != nullptr );
 			SendEvent(stream->event, 4, stream->description->Ref(), ev, predidx, oldval.release());
 			}
 		else
 			{
-			ev = BifType::Enum::Input::Event->GetVal(BifEnum::Input::EVENT_NEW).release();
+			ev = zeek::BifType::Enum::Input::Event->GetVal(BifEnum::Input::EVENT_NEW).release();
 			if ( stream->num_val_fields == 0 )
 				{
 				Ref(stream->description);
@@ -1347,7 +1347,7 @@ void Manager::EndCurrentSend(ReaderFrontend* reader)
 			val = stream->tab->Lookup(idx.get());
 			assert(val != nullptr);
 			predidx = ListValToRecordVal(idx.get(), stream->itype, &startpos);
-			ev = BifType::Enum::Input::Event->GetVal(BifEnum::Input::EVENT_REMOVED).release();
+			ev = zeek::BifType::Enum::Input::Event->GetVal(BifEnum::Input::EVENT_REMOVED).release();
 			}
 
 		if ( stream->pred )
@@ -1454,7 +1454,7 @@ void Manager::Put(ReaderFrontend* reader, Value* *vals)
 
 	else if ( i->stream_type == EVENT_STREAM )
 		{
-		EnumVal* type = BifType::Enum::Input::Event->GetVal(BifEnum::Input::EVENT_NEW).release();
+		EnumVal* type = zeek::BifType::Enum::Input::Event->GetVal(BifEnum::Input::EVENT_NEW).release();
 		readFields = SendEventStreamEvent(i, type, vals);
 		}
 
@@ -1591,9 +1591,9 @@ int Manager::PutTable(Stream* i, const Value* const *vals)
 			else
 				{
 				if ( updated )
-					ev = BifType::Enum::Input::Event->GetVal(BifEnum::Input::EVENT_CHANGED).release();
+					ev = zeek::BifType::Enum::Input::Event->GetVal(BifEnum::Input::EVENT_CHANGED).release();
 				else
-					ev = BifType::Enum::Input::Event->GetVal(BifEnum::Input::EVENT_NEW).release();
+					ev = zeek::BifType::Enum::Input::Event->GetVal(BifEnum::Input::EVENT_NEW).release();
 
 				bool result;
 				if ( stream->num_val_fields > 0 ) // we have values
@@ -1632,14 +1632,14 @@ int Manager::PutTable(Stream* i, const Value* const *vals)
 					{
 					// in case of update send back the old value.
 					assert ( stream->num_val_fields > 0 );
-					ev = BifType::Enum::Input::Event->GetVal(BifEnum::Input::EVENT_CHANGED).release();
+					ev = zeek::BifType::Enum::Input::Event->GetVal(BifEnum::Input::EVENT_CHANGED).release();
 					assert ( oldval != nullptr );
 					SendEvent(stream->event, 4, stream->description->Ref(),
 					          ev, predidx, oldval.release());
 					}
 				else
 					{
-					ev = BifType::Enum::Input::Event->GetVal(BifEnum::Input::EVENT_NEW).release();
+					ev = zeek::BifType::Enum::Input::Event->GetVal(BifEnum::Input::EVENT_NEW).release();
 					if ( stream->num_val_fields == 0 )
 						SendEvent(stream->event, 4, stream->description->Ref(),
 								ev, predidx);
@@ -1724,7 +1724,7 @@ bool Manager::Delete(ReaderFrontend* reader, Value* *vals)
 					Unref(predidx);
 				else
 					{
-					EnumVal* ev = BifType::Enum::Input::Event->GetVal(BifEnum::Input::EVENT_REMOVED).release();
+					EnumVal* ev = zeek::BifType::Enum::Input::Event->GetVal(BifEnum::Input::EVENT_REMOVED).release();
 
 					streamresult = CallPred(stream->pred, 3, ev, predidx, IntrusivePtr{val}.release());
 
@@ -1743,7 +1743,7 @@ bool Manager::Delete(ReaderFrontend* reader, Value* *vals)
 				{
 				Ref(idxval);
 				assert(val != nullptr);
-				EnumVal* ev = BifType::Enum::Input::Event->GetVal(BifEnum::Input::EVENT_REMOVED).release();
+				EnumVal* ev = zeek::BifType::Enum::Input::Event->GetVal(BifEnum::Input::EVENT_REMOVED).release();
 				SendEvent(stream->event, 4, stream->description->Ref(), ev, idxval, IntrusivePtr{val}.release());
 				}
 			}
@@ -1758,7 +1758,7 @@ bool Manager::Delete(ReaderFrontend* reader, Value* *vals)
 
 	else if ( i->stream_type == EVENT_STREAM  )
 		{
-		EnumVal* type = BifType::Enum::Input::Event->GetVal(BifEnum::Input::EVENT_REMOVED).release();
+		EnumVal* type = zeek::BifType::Enum::Input::Event->GetVal(BifEnum::Input::EVENT_REMOVED).release();
 		readVals = SendEventStreamEvent(i, type, vals);
 		success = true;
 		}
@@ -2715,15 +2715,15 @@ void Manager::ErrorHandler(const Stream* i, ErrorType et, bool reporter_send, co
 		switch (et)
 			{
 			case ErrorType::INFO:
-				ev = BifType::Enum::Reporter::Level->GetVal(BifEnum::Reporter::INFO).release();
+				ev = zeek::BifType::Enum::Reporter::Level->GetVal(BifEnum::Reporter::INFO).release();
 				break;
 
 			case ErrorType::WARNING:
-				ev = BifType::Enum::Reporter::Level->GetVal(BifEnum::Reporter::WARNING).release();
+				ev = zeek::BifType::Enum::Reporter::Level->GetVal(BifEnum::Reporter::WARNING).release();
 				break;
 
 			case ErrorType::ERROR:
-				ev = BifType::Enum::Reporter::Level->GetVal(BifEnum::Reporter::ERROR).release();
+				ev = zeek::BifType::Enum::Reporter::Level->GetVal(BifEnum::Reporter::ERROR).release();
 				break;
 
 			default:

src/iosource/Packet.cc

@@ -627,7 +627,7 @@ IntrusivePtr<RecordVal> Packet::ToRawPktHdrVal() const
 		{
 		// Ethernet header layout is:
 		//    dst[6bytes] src[6bytes] ethertype[2bytes]...
-		l2_hdr->Assign(0, BifType::Enum::link_encap->GetVal(BifEnum::LINK_ETHERNET));
+		l2_hdr->Assign(0, zeek::BifType::Enum::link_encap->GetVal(BifEnum::LINK_ETHERNET));
 		l2_hdr->Assign(3, FmtEUI48(data + 6));	// src
 		l2_hdr->Assign(4, FmtEUI48(data));  	// dst
 
@@ -644,12 +644,12 @@ IntrusivePtr<RecordVal> Packet::ToRawPktHdrVal() const
 			l3 = BifEnum::L3_ARP;
 		}
 	else
-		l2_hdr->Assign(0, BifType::Enum::link_encap->GetVal(BifEnum::LINK_UNKNOWN));
+		l2_hdr->Assign(0, zeek::BifType::Enum::link_encap->GetVal(BifEnum::LINK_UNKNOWN));
 
 	l2_hdr->Assign(1, val_mgr->Count(len));
 	l2_hdr->Assign(2, val_mgr->Count(cap_len));
 
-	l2_hdr->Assign(8, BifType::Enum::layer3_proto->GetVal(l3));
+	l2_hdr->Assign(8, zeek::BifType::Enum::layer3_proto->GetVal(l3));
 
 	pkt_hdr->Assign(0, l2_hdr);
 

src/logging/Manager.cc

@@ -231,7 +231,7 @@ bool Manager::CreateStream(EnumVal* id, RecordVal* sval)
 	{
 	RecordType* rtype = sval->GetType()->AsRecordType();
 
-	if ( ! same_type(rtype, BifType::Record::Log::Stream, false) )
+	if ( ! same_type(rtype, zeek::BifType::Record::Log::Stream.get(), false) )
 		{
 		reporter->Error("sval argument not of right type");
 		return false;
@@ -534,7 +534,7 @@ bool Manager::AddFilter(EnumVal* id, RecordVal* fval)
 	{
 	RecordType* rtype = fval->GetType()->AsRecordType();
 
-	if ( ! same_type(rtype, BifType::Record::Log::Filter, false) )
+	if ( ! same_type(rtype, zeek::BifType::Record::Log::Filter.get(), false) )
 		{
 		reporter->Error("filter argument not of right type");
 		return false;
@@ -1514,7 +1514,7 @@ bool Manager::FinishedRotation(WriterFrontend* writer, const char* new_name, con
 		return true;
 
 	// Create the RotationInfo record.
-	auto info = make_intrusive<RecordVal>(BifType::Record::Log::RotationInfo);
+	auto info = make_intrusive<RecordVal>(zeek::BifType::Record::Log::RotationInfo);
 	info->Assign(0, winfo->type->Ref());
 	info->Assign(1, make_intrusive<StringVal>(new_name));
 	info->Assign(2, make_intrusive<StringVal>(winfo->writer->Info().path));

src/supervisor/Supervisor.cc

@@ -1104,7 +1104,7 @@ std::string Supervisor::NodeConfig::ToJSON() const
 
 IntrusivePtr<RecordVal> Supervisor::NodeConfig::ToRecord() const
 	{
-	auto rt = BifType::Record::Supervisor::NodeConfig;
+	const auto& rt = zeek::BifType::Record::Supervisor::NodeConfig;
 	auto rval = make_intrusive<RecordVal>(rt);
 	rval->Assign(rt->FieldOffset("name"), make_intrusive<StringVal>(name));
 
@@ -1140,10 +1140,10 @@ IntrusivePtr<RecordVal> Supervisor::NodeConfig::ToRecord() const
 		auto& name = e.first;
 		auto& ep = e.second;
 		auto key = make_intrusive<StringVal>(name);
-		auto ept = BifType::Record::Supervisor::ClusterEndpoint;
+		const auto& ept = zeek::BifType::Record::Supervisor::ClusterEndpoint;
 		auto val = make_intrusive<RecordVal>(ept);
 
-		val->Assign(ept->FieldOffset("role"), BifType::Enum::Supervisor::ClusterRole->GetVal(ep.role));
+		val->Assign(ept->FieldOffset("role"), zeek::BifType::Enum::Supervisor::ClusterRole->GetVal(ep.role));
 		val->Assign(ept->FieldOffset("host"), make_intrusive<AddrVal>(ep.host));
 		val->Assign(ept->FieldOffset("p"), val_mgr->Port(ep.port, TRANSPORT_TCP));
 
@@ -1158,7 +1158,7 @@ IntrusivePtr<RecordVal> Supervisor::NodeConfig::ToRecord() const
 
 IntrusivePtr<RecordVal> Supervisor::Node::ToRecord() const
 	{
-	auto rt = BifType::Record::Supervisor::NodeStatus;
+	const auto& rt = zeek::BifType::Record::Supervisor::NodeStatus;
 	auto rval = make_intrusive<RecordVal>(rt);
 
 	rval->Assign(rt->FieldOffset("node"), config.ToRecord());
@@ -1314,8 +1314,8 @@ void Supervisor::SupervisedNode::Init(zeek::Options* options) const
 
 IntrusivePtr<RecordVal> Supervisor::Status(std::string_view node_name)
 	{
-	auto rval = make_intrusive<RecordVal>(BifType::Record::Supervisor::Status);
+	auto rval = make_intrusive<RecordVal>(zeek::BifType::Record::Supervisor::Status);
-	const auto& tt = BifType::Record::Supervisor::Status->GetFieldType("nodes");
+	const auto& tt = zeek::BifType::Record::Supervisor::Status->GetFieldType("nodes");
 	auto node_table_val = new TableVal(cast_intrusive<TableType>(tt));
 	rval->Assign(0, node_table_val);
 

src/supervisor/supervisor.bif

@@ -24,7 +24,7 @@ function Supervisor::__status%(node: string%): Supervisor::Status
 	if ( ! zeek::supervisor_mgr )
 		{
 		builtin_error("supervisor mode not enabled");
-		return make_intrusive<RecordVal>(BifType::Record::Supervisor::Status);
+		return make_intrusive<RecordVal>(zeek::BifType::Record::Supervisor::Status);
 		}
 
 	return zeek::supervisor_mgr->Status(node->CheckString());
@@ -84,7 +84,7 @@ function Supervisor::__node%(%): Supervisor::NodeConfig
 	if ( ! zeek::Supervisor::ThisNode() )
 		{
 		builtin_error("not a supervised process");
-		auto rt = BifType::Record::Supervisor::NodeConfig;
+		const auto& rt = zeek::BifType::Record::Supervisor::NodeConfig;
 		auto rval = make_intrusive<RecordVal>(rt);
 		rval->Assign(rt->FieldOffset("name"), new StringVal("<invalid>"));
 		return rval;

src/zeek.bif

@@ -3397,7 +3397,7 @@ function get_current_packet%(%) : pcap_packet
 		pkt->Assign(2, val_mgr->Count(0));
 		pkt->Assign(3, val_mgr->Count(0));
 		pkt->Assign(4, val_mgr->EmptyString());
-		pkt->Assign(5, BifType::Enum::link_encap->GetVal(BifEnum::LINK_UNKNOWN));
+		pkt->Assign(5, zeek::BifType::Enum::link_encap->GetVal(BifEnum::LINK_UNKNOWN));
 		return pkt;
 		}
 
@@ -3406,7 +3406,7 @@ function get_current_packet%(%) : pcap_packet
 	pkt->Assign(2, val_mgr->Count(p->cap_len));
 	pkt->Assign(3, val_mgr->Count(p->len));
 	pkt->Assign(4, make_intrusive<StringVal>(p->cap_len, (const char*)p->data));
-	pkt->Assign(5, BifType::Enum::link_encap->GetVal(p->link_type));
+	pkt->Assign(5, zeek::BifType::Enum::link_encap->GetVal(p->link_type));
 
 	return pkt;
 	%}