mirror of
https://github.com/zeek/zeek.git
synced 2025-10-05 16:18:19 +00:00
d3f88ba9d1
The MHR script involves a "when" statement which can be expensive due to the way it clones frames/vals. In this case, the fa_file record is expensive to clone, but this change works around that by unrolling only the necessary fields from it that are needed to populate a Notice::Info record. A drawback to this is that the full fa_file or connection records aren't available in the Notice::Info record when evaluating Notice::policy hooks for MHR hit notices (though they can possibly be recovered by using e.g. the lookup_connection() builtin_function). |
||
|---|---|---|
| .. | ||
| files | ||
| frameworks | ||
| misc | ||
| protocols | ||
| utils | ||
| init-bare.bro | ||
| init-default.bro | ||