Skip to content
Permalink
Browse files

Performance improvements

  • Loading branch information...
sethhall committed Jun 15, 2018
1 parent 7a020db commit 6a054496e58a8f49254f3c9a9af580b340fc2864
Showing with 21 additions and 9 deletions.
  1. +21 −9 scripts/main.bro
@@ -21,18 +21,26 @@ export {

# Duration between polls of conn size after the ConnSize analyzer
# has triggered. You probably don't need to configure this.
const poll_interval = 500msecs &redef;
const poll_interval = 100msecs &redef;

# This indicates how many times the speed will be checked after the size
# limit is hit. You probably don't need to configure this.
const number_of_speed_polls = 5 &redef;
const number_of_speed_polls = 1 &redef;

# Only used internally so we don't need to keep doing the math.
global size_threshold_in_bytes = 0;

redef record connection += {
clburst_last_Mb: count &default=0;
clburst_last_ts: time &optional;
clburst_hit: bool &default=F;
};

event bro_init()
{
size_threshold_in_bytes = size_threshold * 1024 * 1024;
}

function speed_during_last_poll(c: connection): double
{
if ( ! c?$clburst_last_ts )
@@ -74,16 +82,20 @@ function size_callback(c: connection, cnt: count): interval
}
else
{
local size_threshold_in_bytes = size_threshold * 1024 * 1024;

# Set conn thresholds for the next jump up.
local next_orig_multiplier = double_to_count(floor(c$orig$size / size_threshold_in_bytes));
if ( next_orig_multiplier > 0 )
ConnThreshold::set_bytes_threshold(c, (next_orig_multiplier+1) * size_threshold_in_bytes, T);

{
# Later byte threshold checks are less often than the initial one
ConnThreshold::set_bytes_threshold(c, (next_orig_multiplier+3) * size_threshold_in_bytes, T);
}

local next_resp_multiplier = double_to_count(floor(c$resp$size / size_threshold_in_bytes));
if ( next_resp_multiplier > 0 )
ConnThreshold::set_bytes_threshold(c, (next_resp_multiplier+1) * size_threshold_in_bytes, F);
{
# Later byte threshold checks are less often than the initial one
ConnThreshold::set_bytes_threshold(c, (next_resp_multiplier+3) * size_threshold_in_bytes, F);
}

# end this polling
return -1sec;
@@ -96,8 +108,8 @@ event new_connection(c: connection)
# some other situations too?
if ( connection_exists(c$id) )
{
ConnThreshold::set_bytes_threshold(c, size_threshold * 1024 * 1024, T);
ConnThreshold::set_bytes_threshold(c, size_threshold * 1024 * 1024, F);
ConnThreshold::set_bytes_threshold(c, size_threshold_in_bytes, T);
ConnThreshold::set_bytes_threshold(c, size_threshold_in_bytes, F);
}
}

0 comments on commit 6a05449

Please sign in to comment.
You can’t perform that action at this time.