Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
zeek/scripts/base
History
Arne Welzel 7fac5837c3 iosource/pcap: Support configurable buffer size 
On Linux with a default ext4 or tmpfs filesystem, the default buffer size for
reading a pcap is chosen as 4k (strace/gdb validated). When reading large pcaps
containing raw data transfers, the syscall overhead for read becomes visible
in profiles. Support configurability of the buffer size and default to 128kb.

When processing a ~830M PCAP (16 UDP connections, each transferring ~50MB) in
bare mode, this change improves runtime from 1.39 sec to 1.29 sec. Increasing
the buffer further didn't provide a noticeable boost.
2023-10-10 15:08:51 +02:00
..
files Add extract_limit_includes_missing option for file extraction 2023-09-14 12:11:42 -07:00
frameworks http: Prevent request/response de-synchronization and unbounded state growth 2023-08-28 15:02:58 +02:00
misc Revert "Merge remote-tracking branch 'origin/topic/vern/at-if-analyze'" 2023-05-31 09:20:33 +02:00
packet-protocols PPP: Add PPP analyzer to handle LINKTYPE_PPP (0x9) 2023-08-23 16:41:19 +02:00
protocols ftp: Do not log non-pending commands 2023-09-12 12:00:36 -07:00
utils all: Fix typos identified by typos pre-commit hook 2023-06-13 17:57:32 +02:00
init-bare.zeek iosource/pcap: Support configurable buffer size 2023-10-10 15:08:51 +02:00
init-default.zeek Do not load Spicy scripts if Spicy is not available. 2023-05-16 10:21:21 +02:00
init-frameworks-and-bifs.zeek Do not load Spicy scripts if Spicy is not available. 2023-05-16 10:21:21 +02:00
init-supervisor.zeek Establish a separate init script when using the supervisor 2021-07-08 13:12:53 -07:00