[Snort-devel] Potential Improvements related to PCRE library and usage.

Joel Esler jesler at ...402...
Mon Oct 17 13:41:53 EDT 2011

On Oct 17, 2011, at 1:35 PM, snort user wrote:

> http://www.inliniac.net/blog/2011/10/12/suricata-and-pcre-performance.html
> The suricata team had documented certain performance gains with
> regards to official PCRE release (version 8.20-RC3.)
> In addition to the PCRE library, some change may also be required to
> the arguments to the PCRE API as mentioned in the comments -
> "Victor Julien says:
> October 13, 2011 at 8:42 pm
> To benefit fully from the JIT support some minor changes to Suricata
> were needed. Nothing more than passing PCRE_STUDY_JIT_COMPILE to
> pcre_study(). If the Snort devs do the same there’s a good chance it’s
> performance increase will be bigger as well."
> I was wondering if anyone is taking a look into this?

Yes.  We've been looking at it for some time.


Joel Esler
Senior Research Engineer, VRT
OpenSource Community Manager

More information about the Snort-devel mailing list