[Bro-Dev] Better Handling of User Agents in Software Framework
vlad at grigorescu.org
Tue Dec 15 07:18:27 PST 2015
The other question I was wondering about is: should this be a BIF?
Software::parse is a rather lengthy function, with a lot of string
manipulation, which gets called rather frequently. I suspect there'd be
some performance improvements for implementing this directly as a BIF.
On Mon, Dec 14, 2015 at 3:24 PM, Seth Hall <seth at icir.org> wrote:
> > On Dec 14, 2015, at 10:51 AM, Vlad Grigorescu <vlad at grigorescu.org>
> > I'm not thrilled with those user agents are being handled right now, and
> I'm curious to get some thoughts. Take, for example the Safari user-agent
> string of:
> I think your proposal sounds reasonable. I’d go ahead and implement it
> and see what you think about overload situations since I can easily see the
> amount of software being tracked quickly get out of hand with that. After
> it’s implemented, get it running on several networks that are willing to
> run it and see if it causes problems for them. :)
> This could be a good time to also implement some better handling around
> software tracking to avoid obvious DoS issues by doing traffic that causes
> lots of state being tracked.
> Seth Hall
> International Computer Science Institute
> (Bro) because everyone has a network
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the bro-dev