Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
zeek/scripts
History
Arne Welzel 7fac5837c3 iosource/pcap: Support configurable buffer size 
On Linux with a default ext4 or tmpfs filesystem, the default buffer size for
reading a pcap is chosen as 4k (strace/gdb validated). When reading large pcaps
containing raw data transfers, the syscall overhead for read becomes visible
in profiles. Support configurability of the buffer size and default to 128kb.

When processing a ~830M PCAP (16 UDP connections, each transferring ~50MB) in
bare mode, this change improves runtime from 1.39 sec to 1.29 sec. Increasing
the buffer further didn't provide a noticeable boost.
2023-10-10 15:08:51 +02:00
..
base iosource/pcap: Support configurable buffer size 2023-10-10 15:08:51 +02:00
policy Fix check for emailed notices 2023-09-01 13:23:45 -04:00
site telemetry: Disable metrics centralization by default 2023-06-21 20:13:55 +02:00
spicy Spicy: Support additional documentation tags inside EVT files. 2023-09-21 10:54:02 +02:00
zeekygen Exclude script from documentation that interferes with other locations. 2023-09-21 10:54:02 +02:00
CMakeLists.txt Use the same rules as cmake submodule to reformat Zeek 2023-05-09 08:31:43 -07:00
test-all-policy.zeek telemetry: Disable metrics centralization by default 2023-06-21 20:13:55 +02:00