[Snort-devel] Full regular expressions
gmeneghetti at ...414...
Fri May 25 08:47:23 EDT 2001
Some weeks ago I've posted a patch to enable full-regex in snort.
Now I'm having some time to port it to the current CVS tree, but before
starting this job I'd like to spend some words about the "speed"
question. It's clear that a full regex pattern match would make snort
slow, so I'm suggesting to fire full-regex pattern match in a
"PostProcessing" time. This means full-regex rules can't stay alone, but
should be in the form:
Now, when the regex pattern match is fired, it'd check if there were a
match in the previous "content", and then start the regex matching
Do you think this solution could be acceptable ?
If yes, any hint about coding the "if there were a match in the previous
More information about the Snort-devel