Arne Welzel
Arne Welzel
> Fyi the migration of Jan's package is now complete: https://github.com/zeek/zeek-af_packet-plugin Rebased, updated, and moved the NEWS entry from the 5.1 section up into 5.2 now.
CI failed due to centos-7 being old enough to not have the `TP_STATUS_CSUM_VALID`. Proposed fix to the plugin here: https://github.com/zeek/zeek-af_packet-plugin/pull/43
@ckreibich - is there anything you're missing here before this could go in?
For reproducing smaller sizes might be easier. With 127k entries it takes 0.37sec with a asan/debug build. With 155k, it takes 3.8secs. The flamegraph produced with 155k entriesjust shows `InsertAndRelocate()`...
Yeah, that's an interesting thought, but it would be for the C++ side of things only, right? I had used the following Zeek implementation instead of the `copy()` bif (not...
Adding this here for thoughts: @ckreibich mentioned that an `analyzer_not_implemented` or `analyzer_todo` event came up in discussions with @vpax (?) to raise information from an analyzers to script land for...
> I looked over this high-level: I like the approach with the two new events and passing them records with fields set as a available. I'll go over in more...
@rsmmr - I've pushed a few more fixups. I'd rebase on top of master and squash it down and we could possibly chat with this is Zeek 5.1 or 5.2...
> Sorry, too late now for 5.1, but yeah, go ahead and rebase on master and then I'll take another look and we can wrap it up. @rsmmr - I...