[ https://bro-tracker.atlassian.net/browse/BIT-1368?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=20404#comment-20404 ]
Robin Sommer commented on BIT-1368: ----------------------------------- I'm seeing significant performance improvements after this merge, like 4-7% on the external tests (in a debug mode compile) > File type identification fixes > ------------------------------ > > Key: BIT-1368 > URL: https://bro-tracker.atlassian.net/browse/BIT-1368 > Project: Bro Issue Tracker > Issue Type: Problem > Components: Bro > Affects Versions: 2.4 > Reporter: Seth Hall > Assignee: Robin Sommer > Fix For: 2.4 > > > I have some changes nearly queued up for 2.4 release in the repository > (topic/seth/more-file-type-ident-fixes) in the but a bit more work needs to > be done. > There may be one more breaking change to the files api coming in this branch > too. Jon and I discussed some options and I think that creating a new event > named file_sniff in place of the file_mime_type event makes sense. We can > put the mime type and more "sniff" originated data in a record on that event > so that we can extend it cleanly (and without breaking APIs) in the future. > I think it will look something like this: > ``` > type fa_sniff: record { > ## Depth sniffed. > depth: count &default=0; > ## Sniffed mime type if one was discovered. > mime_type: string &optional; > }; > event file_sniff(f: fa_file, sniff: fa_sniff) > { > if ( sniff?$mime_type ) > { > print sniff$mime_type; > } > } > ``` > One other thing this branch will address is a performance degradation from > certain file signatures interacting with each other poorly. -- This message was sent by Atlassian JIRA (v6.5-OD-01-120#65000) _______________________________________________ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev