Re: [Bro-Dev] Performance Enhancements

2017-10-06 Thread Jim Mellander
Interesting info. The > order of magnitude difference in time between BaseList::remove & BaseList::removenth suggests the possibility that the for loop in BaseList::remove is falling off the end in many cases (i.e. attempting to remove an item that doesn't exist). Maybe thats whats broken. On

Re: [Bro-Dev] design summary: porting Bro scripts to use Broker

2017-10-06 Thread Robin Sommer
Nice! On Fri, Oct 06, 2017 at 16:53 +, you wrote: > # contains topic prefixes > const Cluster::manager_subscriptions: set[string] > > # contains (topic string, event name) pairs > const Cluster::manager_publications: set[string, string] I'm wondering if we can

Re: [Bro-Dev] Performance Enhancements

2017-10-06 Thread Azoff, Justin S
> On Oct 6, 2017, at 5:59 PM, Jim Mellander wrote: > > I particularly like the idea of an allocation pool that per-packet > information can be stored, and reused by the next packet. > > There also are probably some optimizations of frequent operations now that > we're in

Re: [Bro-Dev] Performance Enhancements

2017-10-06 Thread Jim Mellander
I particularly like the idea of an allocation pool that per-packet information can be stored, and reused by the next packet. There also are probably some optimizations of frequent operations now that we're in a 64-bit world that could prove useful - the one's complement checksum calculation in

Re: [Bro-Dev] design summary: porting Bro scripts to use Broker

2017-10-06 Thread Azoff, Justin S
> On Oct 6, 2017, at 12:53 PM, Siwek, Jon wrote: > > I want to check if there’s any feedback on the approach I’m planning to take > when porting over Bro’s scripts to use Broker. There’s two major areas to > consider: (1) how users specify network topology e.g. either

[Bro-Dev] design summary: porting Bro scripts to use Broker

2017-10-06 Thread Siwek, Jon
I want to check if there’s any feedback on the approach I’m planning to take when porting over Bro’s scripts to use Broker. There’s two major areas to consider: (1) how users specify network topology e.g. either for traditional cluster configuration or manually connecting Bro instances and (2)

Re: [Bro-Dev] Performance Enhancements

2017-10-06 Thread Azoff, Justin S
> On Oct 6, 2017, at 12:10 AM, Clark, Gilbert wrote: > > I'll note that one of the challenges with profiling is that there are the bro > scripts, and then there is the bro engine. The scripting layer has a > completely different set of optimizations that might make sense