[Snort-devel] AC_BM

tlewis at ...255... tlewis at ...255...
Sun Jan 13 18:29:03 EST 2002

The string examinations within an ACBM stage have to procede in the
opposite direction from the direction of traversal.  So, if you want
to use strcmp and friends, which procede from left-to-right, then your
overall direction of travel has to be right-to-left.

In Hank's ACBM implementation, I wrote my own strcmp's that procede rtl;
my reasoning is that I want to be able to search on unbounded streams,
and that necessitates forward-progressing searches.

Why do you ask?

Todd Lewis
tlewis at ...255...

Q: How many marxists does it take to screw in a lightbulb?
A: None - the bulb contains the seeds of its own revolution. 

On Sun, 13 Jan 2002, Neil Desai wrote:

> Is there any good reason to match a packet from right to left like the AC_BM algoritm does? It seems to natural to me to search a packet from left to right. 
> Neil

More information about the Snort-devel mailing list