The other question I was wondering about is: should this be a BIF? Software::parse is a rather lengthy function, with a lot of string manipulation, which gets called rather frequently. I suspect there'd be some performance improvements for implementing this directly as a BIF.
On Mon, Dec 14, 2015 at 3:24 PM, Seth Hall <[email protected]> wrote: > > > On Dec 14, 2015, at 10:51 AM, Vlad Grigorescu <[email protected]> > wrote: > > > > I'm not thrilled with those user agents are being handled right now, and > I'm curious to get some thoughts. Take, for example the Safari user-agent > string of: > > I think your proposal sounds reasonable. I’d go ahead and implement it > and see what you think about overload situations since I can easily see the > amount of software being tracked quickly get out of hand with that. After > it’s implemented, get it running on several networks that are willing to > run it and see if it causes problems for them. :) > > This could be a good time to also implement some better handling around > software tracking to avoid obvious DoS issues by doing traffic that causes > lots of state being tracked. > > .Seth > > -- > Seth Hall > International Computer Science Institute > (Bro) because everyone has a network > http://www.bro.org/ > >
_______________________________________________ bro-dev mailing list [email protected] http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
