[Snort-devel] Query on snort data structure
sihyungl at ...1359...
Mon Jan 31 05:55:56 EST 2005
We're developing our own network monitoring system, and trying to look at how snort is implemented beforehand. What I'm focusing on is to know how snort matches more than 3,000 rules when a packet comes in, and how the data structure that stores the rules looks like. Which parts of the source code would be good starting points to look at? I tried to read the code a little bit, but it wasn't easy.
Also, if you know any good documents that deal with the source code in detail, please let me know.
Thanks a lot in advance.
More information about the Snort-devel