Arne Welzel
Arne Welzel
> where the connectivity is naturally many-to-one from Zeek to that service (say because all workers need that connection) I see. I guess the alternative is to funnel everything through...
> Or is this an artifact when building a topology with forwarding disabled? I do need to admit I'm not familiar with `Broker::forward_messages`. Also not with `Broker::forward()`. The former is...
> It would be great if type_name is the type correct alias for each composite type (e.g., index_vec and count_set in the example above). This won't work generally I am...
Making a quick note. The HTTP rule matching does have a number of more issues: * Whenever a new mime entity starts or ends, the http-body matching state is reset....
Uff, as posted in #3622, `/^.{34817}CD001/` also tanks performance for HTTP only pcaps really badly. @rsmmr , @vpax, do you have an intuition what happens internally? Is it expected that...
Thanks @luguifang - did you capture this PCAP? Are we free to include it in the test suite? Very curious trace: * There's two SYN packets going out from the...
@Aoom-2023 , @verovaleros - thanks, would you have a pcap that you could share? Presumably you can filter this out given the large `missed_bytes` value or the ratio to `orig/resp_ip_bytes`...
As mentioned in #3654, deprecating "port" / "ports" points out that ports registered though `Analyzer::register_for_ports()` are not respected when used together with `replaces`. That's boiling down to InstantiateAnalyzer(), but tag...
> Comparing the return value to "" seems a bit awkward. Is there a use case where the resulting path is useful? Yeah, it would look better. It mostly came...
> I do agree that the new helper doesn't make the can_load() use-case obvious, but that also seemed relatively niche/advanced enough to allow for the != "" awkwardness. If you/anyone...