[Snort-devel] RE: [Snort-sigs] First attempt at writing a sig

Jeff Nathan jeff at ...835...
Tue Jan 11 11:34:13 EST 2005


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


On Jan 6, 2005, at 1:20 AM, Martin Roesch wrote:

> Hi Joel,
>
> That's exactly why, it's a lot faster and more compact to just use 
> nice little 32-bit ints and do all the string handling "heavy lifting" 
> as a post process.  Unified was designed with one primary driver in 
> mind: speed.  It sucks to have to manage the sid-msg.map, but it's 
> there for performance reasons...
>
> I suppose if I was really cool I could have snort auto-generate the 
> sid-msg.map file at start time based on the loaded rule set, but I'm 
> not that cool (at least not this week)...
>
>      -Marty
>
> P.S. What letters of the alphabet do we have left to use for this 
> one...?
>

a, G, H, J, j, M and Q

- -Jeff

[...]

> -- 
> Martin Roesch - Founder/CTO, Sourcefire Inc. - +1-410-290-1616
> Sourcefire - Discover.  Determine.  Defend.
> roesch at ...402... - http://www.sourcefire.com
> Snort: Open Source Network IDS - http://www.snort.org
>
>
>
> -------------------------------------------------------
> The SF.Net email is sponsored by: Beat the post-holiday blues
> Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek.
> It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-devel
>

- --
Packets gone wild.
http://nemesis.sourceforge.net
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)

iD8DBQFB5CoaEqr8+Gkj0/0RAiwGAKCEpaQrAMGVjkpC4109G5bbGwrkLwCghOXf
opLwtmBC6CokgH0KXqkfAKY=
=RjWW
-----END PGP SIGNATURE-----





More information about the Snort-devel mailing list