Merge remote-tracking branch 'origin/topic/timw/rename-binpac_bro'

* origin/topic/timw/rename-binpac_bro:
  Rename bro-bif.h to zeek-bif.h
  Fix uses of bro.pac to use zeek.pac
  Rename the bro-related binpac files to zeek

src/file_analysis/analyzer/pe/pe-analyzer.pac

@@ -6,7 +6,7 @@
 
 %header{
 zeek::VectorValPtr process_rvas(const RVAS* rvas);
-zeek::TableValPtr characteristics_to_bro(uint32_t c, uint8_t len);
+zeek::TableValPtr characteristics_to_zeek(uint32_t c, uint8_t len);
 %}
 
 %code{
@@ -20,7 +20,7 @@ zeek::VectorValPtr process_rvas(const RVAS* rva_table)
 	return rvas;
 	}
 
-zeek::TableValPtr characteristics_to_bro(uint32_t c, uint8_t len)
+zeek::TableValPtr characteristics_to_zeek(uint32_t c, uint8_t len)
 	{
 	uint64 mask = (len==16) ? 0xFFFF : 0xFFFFFFFF;
 	auto char_set = zeek::make_intrusive<zeek::TableVal>(zeek::id::count_set);
@@ -66,7 +66,7 @@ refine flow File += {
 			dh->Assign(16, zeek::val_mgr->Count(${h.AddressOfNewExeHeader}));
 
 			zeek::event_mgr.Enqueue(pe_dos_header,
-			    connection()->bro_analyzer()->GetFile()->ToVal(),
+			    connection()->zeek_analyzer()->GetFile()->ToVal(),
 			    std::move(dh));
 			}
 		return true;
@@ -76,7 +76,7 @@ refine flow File += {
 		%{
 		if ( pe_dos_code )
 			zeek::event_mgr.Enqueue(pe_dos_code,
-			    connection()->bro_analyzer()->GetFile()->ToVal(),
+			    connection()->zeek_analyzer()->GetFile()->ToVal(),
 			    zeek::make_intrusive<zeek::StringVal>(code.length(), (const char*) code.data())
 			    );
 		return true;
@@ -102,10 +102,10 @@ refine flow File += {
 			fh->Assign(2, zeek::val_mgr->Count(${h.PointerToSymbolTable}));
 			fh->Assign(3, zeek::val_mgr->Count(${h.NumberOfSymbols}));
 			fh->Assign(4, zeek::val_mgr->Count(${h.SizeOfOptionalHeader}));
-			fh->Assign(5, characteristics_to_bro(${h.Characteristics}, 16));
+			fh->Assign(5, characteristics_to_zeek(${h.Characteristics}, 16));
 
 			zeek::event_mgr.Enqueue(pe_file_header,
-			    connection()->bro_analyzer()->GetFile()->ToVal(),
+			    connection()->zeek_analyzer()->GetFile()->ToVal(),
 			    std::move(fh));
 			}
 
@@ -151,12 +151,12 @@ refine flow File += {
 			oh->Assign(19, zeek::val_mgr->Count(${h.size_of_headers}));
 			oh->Assign(20, zeek::val_mgr->Count(${h.checksum}));
 			oh->Assign(21, zeek::val_mgr->Count(${h.subsystem}));
-			oh->Assign(22, characteristics_to_bro(${h.dll_characteristics}, 16));
+			oh->Assign(22, characteristics_to_zeek(${h.dll_characteristics}, 16));
 
 			oh->Assign(23, process_rvas(${h.rvas}));
 
 			zeek::event_mgr.Enqueue(pe_optional_header,
-			    connection()->bro_analyzer()->GetFile()->ToVal(),
+			    connection()->zeek_analyzer()->GetFile()->ToVal(),
 			    std::move(oh));
 			}
 		return true;
@@ -185,10 +185,10 @@ refine flow File += {
 			section_header->Assign(6, zeek::val_mgr->Count(${h.non_used_ptr_to_line_nums}));
 			section_header->Assign(7, zeek::val_mgr->Count(${h.non_used_num_of_relocs}));
 			section_header->Assign(8, zeek::val_mgr->Count(${h.non_used_num_of_line_nums}));
-			section_header->Assign(9, characteristics_to_bro(${h.characteristics}, 32));
+			section_header->Assign(9, characteristics_to_zeek(${h.characteristics}, 32));
 
 			zeek::event_mgr.Enqueue(pe_section_header,
-			    connection()->bro_analyzer()->GetFile()->ToVal(),
+			    connection()->zeek_analyzer()->GetFile()->ToVal(),
 			    std::move(section_header)
 			    );
 			}

src/file_analysis/analyzer/pe/pe.pac

@@ -1,12 +1,12 @@
 %include binpac.pac
-%include bro.pac
+%include zeek.pac
 
 analyzer PE withcontext {
 	connection: MockConnection;
 	flow:       File;
 };
 
-connection MockConnection(bro_analyzer: BroFileAnalyzer) {
+connection MockConnection(zeek_analyzer: ZeekFileAnalyzer) {
 	upflow = File;
 	downflow = File;
 };
@@ -16,5 +16,5 @@ connection MockConnection(bro_analyzer: BroFileAnalyzer) {
 flow File {
 	flowunit = PE_File withcontext(connection, this);
 }
- 
+
 %include pe-analyzer.pac

src/file_analysis/analyzer/unified2/unified2-analyzer.pac

@@ -8,7 +8,7 @@
 %}
 
 %code{
-zeek::AddrValPtr binpac::Unified2::Flow::unified2_addr_to_bro_addr(std::vector<uint32_t>* a)
+zeek::AddrValPtr binpac::Unified2::Flow::unified2_addr_to_zeek_addr(std::vector<uint32_t>* a)
 	{
 	if ( a->size() == 1 )
 		{
@@ -42,7 +42,7 @@ zeek::ValPtr binpac::Unified2::Flow::to_port(uint16_t n, uint8_t p)
 refine flow Flow += {
 
 	%member{
-		zeek::AddrValPtr unified2_addr_to_bro_addr(std::vector<uint32_t>* a);
+		zeek::AddrValPtr unified2_addr_to_zeek_addr(std::vector<uint32_t>* a);
 		zeek::ValPtr to_port(uint16_t n, uint8_t p);
 	%}
 
@@ -80,14 +80,14 @@ refine flow Flow += {
 			ids_event->Assign(5, zeek::val_mgr->Count(${ev.signature_revision}));
 			ids_event->Assign(6, zeek::val_mgr->Count(${ev.classification_id}));
 			ids_event->Assign(7, zeek::val_mgr->Count(${ev.priority_id}));
-			ids_event->Assign(8, unified2_addr_to_bro_addr(${ev.src_ip}));
-			ids_event->Assign(9, unified2_addr_to_bro_addr(${ev.dst_ip}));
+			ids_event->Assign(8, unified2_addr_to_zeek_addr(${ev.src_ip}));
+			ids_event->Assign(9, unified2_addr_to_zeek_addr(${ev.dst_ip}));
 			ids_event->Assign(10, to_port(${ev.src_p}, ${ev.protocol}));
 			ids_event->Assign(11, to_port(${ev.dst_p}, ${ev.protocol}));
 			ids_event->Assign(17, zeek::val_mgr->Count(${ev.packet_action}));
 
 			zeek::event_mgr.Enqueue(::unified2_event,
-					connection()->bro_analyzer()->GetFile()->ToVal(),
+					connection()->zeek_analyzer()->GetFile()->ToVal(),
 					std::move(ids_event));
 			}
 		return true;
@@ -106,8 +106,8 @@ refine flow Flow += {
 			ids_event->Assign(5, zeek::val_mgr->Count(${ev.signature_revision}));
 			ids_event->Assign(6, zeek::val_mgr->Count(${ev.classification_id}));
 			ids_event->Assign(7, zeek::val_mgr->Count(${ev.priority_id}));
-			ids_event->Assign(8, unified2_addr_to_bro_addr(${ev.src_ip}));
-			ids_event->Assign(9, unified2_addr_to_bro_addr(${ev.dst_ip}));
+			ids_event->Assign(8, unified2_addr_to_zeek_addr(${ev.src_ip}));
+			ids_event->Assign(9, unified2_addr_to_zeek_addr(${ev.dst_ip}));
 			ids_event->Assign(10, to_port(${ev.src_p}, ${ev.protocol}));
 			ids_event->Assign(11, to_port(${ev.dst_p}, ${ev.protocol}));
 			ids_event->Assign(12, zeek::val_mgr->Count(${ev.impact_flag}));
@@ -117,7 +117,7 @@ refine flow Flow += {
 			ids_event->Assign(16, zeek::val_mgr->Count(${ev.vlan_id}));
 
 			zeek::event_mgr.Enqueue(::unified2_event,
-					connection()->bro_analyzer()->GetFile()->ToVal(),
+					connection()->zeek_analyzer()->GetFile()->ToVal(),
 					std::move(ids_event));
 			}
 
@@ -137,7 +137,7 @@ refine flow Flow += {
 			packet->Assign(5, to_stringval(${pkt.packet_data}));
 
 			zeek::event_mgr.Enqueue(::unified2_packet,
-					connection()->bro_analyzer()->GetFile()->ToVal(),
+					connection()->zeek_analyzer()->GetFile()->ToVal(),
 					std::move(packet));
 			}
 

src/file_analysis/analyzer/unified2/unified2.pac

@@ -1,13 +1,13 @@
 
 %include binpac.pac
-%include bro.pac
+%include zeek.pac
 
 analyzer Unified2 withcontext {
 	analyzer:   Unified2_Analyzer;
 	flow:       Flow;
 };
 
-analyzer Unified2_Analyzer(bro_analyzer: BroFileAnalyzer) {
+analyzer Unified2_Analyzer(zeek_analyzer: ZeekFileAnalyzer) {
 	downflow = Flow;
 	upflow   = Flow;
 };

src/file_analysis/analyzer/x509/x509-extension.pac

@@ -2,7 +2,7 @@
 # we just use it for the SignedCertificateTimestamp at the moment
 
 %include binpac.pac
-%include bro.pac
+%include zeek.pac
 
 %extern{
 #include "types.bif.h"
@@ -15,7 +15,7 @@ analyzer X509Extension withcontext {
 	flow:       SignedCertTimestampExt;
 };
 
-connection MockConnection(bro_analyzer: BroFileAnalyzer) {
+connection MockConnection(zeek_analyzer: ZeekFileAnalyzer) {
 	upflow = SignedCertTimestampExt;
 	downflow = SignedCertTimestampExt;
 };
@@ -39,7 +39,7 @@ refine connection MockConnection += {
 			return true;
 
 		zeek::event_mgr.Enqueue(x509_ocsp_ext_signed_certificate_timestamp,
-			bro_analyzer()->GetFile()->ToVal(),
+			zeek_analyzer()->GetFile()->ToVal(),
 			zeek::val_mgr->Count(version),
 			zeek::make_intrusive<zeek::StringVal>(logid.length(), reinterpret_cast<const char*>(logid.begin())),
 			zeek::val_mgr->Count(timestamp),