question about bro's performance

hello :
    firstly, I am sorry for my english :slight_smile: .
    I have some questions on bro:

    1. I see the introduction in bro overview: Bro targets high-speed
(Gbps). I am surprised and doubt it.
       bro captures packets through libpcap and BPF filter,but libpcap
isn't high performance.
       that's the reason why zero copying and DMA tech are used in IDS field.
      bro analyses events by policy scripts.there is a problem that
script's performance is lower than binary
      programs.I didn't test bro's performance , maybe I am wrong.
    2. I konw bro supports to define signature in regular expression.I
want to konw how does bro support
       regular expressions: by perl or do it yourself.
    3. Is there realtime alarm function in bro? I sometimes want to
see the current network status on
       screen,instead of viewing bro's report file.

    many many thinks