[
https://bro-tracker.atlassian.net/browse/BIT-1368?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=20404#comment-20404
]
Robin Sommer commented on BIT-1368:
-----------------------------------
I'm seeing significant performance improvements after this merge, like 4-7% on
the external tests (in a debug mode compile)
> File type identification fixes
> ------------------------------
>
> Key: BIT-1368
> URL: https://bro-tracker.atlassian.net/browse/BIT-1368
> Project: Bro Issue Tracker
> Issue Type: Problem
> Components: Bro
> Affects Versions: 2.4
> Reporter: Seth Hall
> Assignee: Robin Sommer
> Fix For: 2.4
>
>
> I have some changes nearly queued up for 2.4 release in the repository
> (topic/seth/more-file-type-ident-fixes) in the but a bit more work needs to
> be done.
> There may be one more breaking change to the files api coming in this branch
> too. Jon and I discussed some options and I think that creating a new event
> named file_sniff in place of the file_mime_type event makes sense. We can
> put the mime type and more "sniff" originated data in a record on that event
> so that we can extend it cleanly (and without breaking APIs) in the future.
> I think it will look something like this:
> ```
> type fa_sniff: record {
> ## Depth sniffed.
> depth: count &default=0;
> ## Sniffed mime type if one was discovered.
> mime_type: string &optional;
> };
> event file_sniff(f: fa_file, sniff: fa_sniff)
> {
> if ( sniff?$mime_type )
> {
> print sniff$mime_type;
> }
> }
> ```
> One other thing this branch will address is a performance degradation from
> certain file signatures interacting with each other poorly.
--
This message was sent by Atlassian JIRA
(v6.5-OD-01-120#65000)
_______________________________________________
bro-dev mailing list
bro-dev@bro.org
http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
