zeek/scripts/policy/frameworks/files at d3f88ba9d19814076b02bde7ea81e70f4ef4f7c9 - Mirror/zeek

mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00

History

Jon Siwek d3f88ba9d1 Improve performance of MHR script, addresses BIT-1139. The MHR script involves a "when" statement which can be expensive due to the way it clones frames/vals. In this case, the fa_file record is expensive to clone, but this change works around that by unrolling only the necessary fields from it that are needed to populate a Notice::Info record. A drawback to this is that the full fa_file or connection records aren't available in the Notice::Info record when evaluating Notice::policy hooks for MHR hit notices (though they can possibly be recovered by using e.g. the lookup_connection() builtin_function).	2014-03-11 13:18:14 -05:00
..
detect-MHR.bro	Improve performance of MHR script, addresses BIT-1139.	2014-03-11 13:18:14 -05:00
hash-all-files.bro	Fix typos and formatting in the policy/frameworks docs	2013-10-21 01:23:08 -05:00

Jon Siwek d3f88ba9d1 Improve performance of MHR script, addresses BIT-1139.

The MHR script involves a "when" statement which can be expensive due to
the way it clones frames/vals.  In this case, the fa_file record is
expensive to clone, but this change works around that by unrolling only
the necessary fields from it that are needed to populate a Notice::Info
record.  A drawback to this is that the full fa_file or connection
records aren't available in the Notice::Info record when evaluating
Notice::policy hooks for MHR hit notices (though they can possibly be
recovered by using e.g. the lookup_connection() builtin_function).

2014-03-11 13:18:14 -05:00

detect-MHR.bro

Improve performance of MHR script, addresses BIT-1139.

2014-03-11 13:18:14 -05:00

hash-all-files.bro

Fix typos and formatting in the policy/frameworks docs

2013-10-21 01:23:08 -05:00