[Snort-devel] Potential Improvements related to PCRE library and usage.

snort user snort.user at ...2499...
Mon Oct 17 13:35:08 EDT 2011


http://www.inliniac.net/blog/2011/10/12/suricata-and-pcre-performance.html

The suricata team had documented certain performance gains with
regards to official PCRE release (version 8.20-RC3.)

In addition to the PCRE library, some change may also be required to
the arguments to the PCRE API as mentioned in the comments -

"Victor Julien says:
October 13, 2011 at 8:42 pm

To benefit fully from the JIT support some minor changes to Suricata
were needed. Nothing more than passing PCRE_STUDY_JIT_COMPILE to
pcre_study(). If the Snort devs do the same there’s a good chance it’s
performance increase will be bigger as well."

I was wondering if anyone is taking a look into this?


Thanks




More information about the Snort-devel mailing list