[Bro-Dev] Better Handling of User Agents in Software Framework
Vlad Grigorescu
vlad at grigorescu.org
Tue Dec 15 07:18:27 PST 2015
The other question I was wondering about is: should this be a BIF?
Software::parse is a rather lengthy function, with a lot of string
manipulation, which gets called rather frequently. I suspect there'd be
some performance improvements for implementing this directly as a BIF.
On Mon, Dec 14, 2015 at 3:24 PM, Seth Hall <seth at icir.org> wrote:
>
> > On Dec 14, 2015, at 10:51 AM, Vlad Grigorescu <vlad at grigorescu.org>
> wrote:
> >
> > I'm not thrilled with those user agents are being handled right now, and
> I'm curious to get some thoughts. Take, for example the Safari user-agent
> string of:
>
> I think your proposal sounds reasonable. I’d go ahead and implement it
> and see what you think about overload situations since I can easily see the
> amount of software being tracked quickly get out of hand with that. After
> it’s implemented, get it running on several networks that are willing to
> run it and see if it causes problems for them. :)
>
> This could be a good time to also implement some better handling around
> software tracking to avoid obvious DoS issues by doing traffic that causes
> lots of state being tracked.
>
> .Seth
>
> --
> Seth Hall
> International Computer Science Institute
> (Bro) because everyone has a network
> http://www.bro.org/
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.icsi.berkeley.edu/pipermail/bro-dev/attachments/20151215/51194007/attachment.html
More information about the bro-dev
mailing list