[Snort-devel] Regarding set wise pattern matcher

Hui Cao (huica) huica at ...3461...
Wed Mar 5 10:13:01 EST 2014

Hi Sri,

You can find the pattern matcher from this file: snort/src/sfutil/bnfa_search.c


From: sri harsha <sriharsha9992 at ...2499...<mailto:sriharsha9992 at ...2499...>>
Date: Wednesday, March 5, 2014 at 7:40 AM
To: "snort-devel at lists.sourceforge.net<mailto:snort-devel at ...362....net>" <snort-devel at lists.sourceforge.net<mailto:snort-devel at ...2763...rge.net>>
Subject: [Snort-devel] Regarding set wise pattern matcher


     I am using SNORT IDS and i am very much interested in its detection process. Snort uses set wise boyer moore horspool algorithm.

    I am unable to locate the implementation of the algorithm in its source file. It would be really helpful if you can help me with explanation of this set wise detection engine.

   In which source file is the implementation given ??

   At what stage and for what purpose are AC and BMH algorithms used ??

   Thank you in advance.

sri harsha
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20140305/05843133/attachment.html>

More information about the Snort-devel mailing list