Options to reduce data included in CONNECTED relationship

[Djent-]

The atomic operations for updating the data_size, etc. properties which reference the relationship on both sides of the assignment operator cause a significant slowdown and cannot be cached.

Users may find the speedup worth it for large datasets or live capture (#18) if the following properties could be disabled:

• data_size
• first_seen
• last_seen
• service

If we were also able to follow an entire TCP stream, this could also increase performance as we could then have the CONNECTED relationship include the source port rather than a separate relationship for the returning data. As more websites move to QUIC (as Google has) this may be less meaningful unless there is a similar way to follow the stream

[broosa]

I think following per stream would be beneficial either way. With regards to UDP streams, I think for each bidirectional port/host combo. Following that should add some performance gains.