[Snort-users] What are the possible search-method directives?

Erek Adams erek at ...950...
Mon May 5 05:13:05 EDT 2003


On Mon, 5 May 2003, JP Vossen wrote:

> Anyone know what the different "config detection: search-method"s are?

ac:  Aho-Corasick based algorithm
mwm:  Mu-Wanber based algorithm
lowmem:  Save memory, using an less effecient algorithm

http://marc.theaimsgroup.com/?l=snort-devel&m=103427225029674&w=2

[...snip...]

> Even the code seems confused:

[...snip...]

Not confused, you just looked in the wrong place.  Check fpcreate.c:

   199  /*
   200     Search method is set using "config detect: search-method ac |
   200  mwm | auto"
   201  */
   202  int fpSetDetectSearchMethod( char * method )
   203  {
   204          if( !strcasecmp(method,"ac") )
   205          {
   206             fpDetect.search_method = MPSE_AC ;
   207             return 0;
   208          }
   209
   210          if( !strcasecmp(method,"mwm") )
   211          {
   212             fpDetect.search_method = MPSE_MWM ;
   213             return 0;
   214          }
   215
   216          if( !strcasecmp(method,"lowmem") )
   217          {
   218             fpDetect.search_method = MPSE_LOWMEM ;
   219             return 0;
   220          }
   221      return 1;
   222  }


Cheers!

-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson




More information about the Snort-users mailing list