> Does anyone know of work that involves placing hard limits on the amount > of time bro is able to spend processing individual packets? Can you sketch your use case? Different concerns (in particular, adversarial threats versus performance problems) have different implications. Vern