[Bro-Dev] [JIRA] (BIT-1141) Investigate further improvements to file analysis performance

Jon Siwek (JIRA) jira at bro-tracker.atlassian.net
Mon Apr 28 07:19:07 PDT 2014 

    [ https://bro-tracker.atlassian.net/browse/BIT-1141?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16300#comment-16300 ] 

Jon Siwek commented on BIT-1141:
--------------------------------

{quote}
I'm actually wondering about performance here as set/map can potentially
be expensive in particular for small sizes (compared to using a vector
for example), and these will be instantiated and manipulated quite often.
Put differently: I wouldn't be sure that using a set here is necessarily faster overall than a list as long as there's just a few elements in there. Were you able to confirm that?
{quote}

It can be questionable -- in other places I've tried replacing lists with sets/maps and have measured some performance decrease.  But in this case, the difference seemed negligible... I think it was a slight improvement possibly because file signatures will now more commonly have multiple matches where before only a single protocol signature would match.  Code-wise, it did simplify things, though I guess that's only a minor/weak argument for the change.

{quote}
Baseline/tests.m57-long/http.log: some MIME types change from
text/html to text/plain, is that expected? (Update: Ah, is that the bof_buffer_size change?)
{quote}

Yes, that was from the change to restrict how much data may be fed in the the file MIME signature matching stuff to be no greater than the bof_buffer_size field -- as that's the original intent and also the way it's documented.

> Investigate further improvements to file analysis performance
> -------------------------------------------------------------
>
>                 Key: BIT-1141
>                 URL: https://bro-tracker.atlassian.net/browse/BIT-1141
>             Project: Bro Issue Tracker
>          Issue Type: Problem
>          Components: Bro
>            Reporter: Robin Sommer
>            Assignee: Jon Siwek
>             Fix For: 2.3
>
>
> Some further ideas for measuring and improving the performance of maintaining the handles were floating around.  



--
This message was sent by Atlassian JIRA
(v6.3-OD-03-012#6321)

More information about the bro-dev mailing list