--On 31 August 2004 18:56 +0200 Willem de Bruijn <wdebruij at ...1580...> wrote:

> As for filters. we've already ported Aho-Corasick and
> Boyer-Moore-Horspool, a  sampler, etc.. For a conference paper we've
> pitted snort with BMH in the  kernel against regular snort and found
> quite considerable increases in  efficiency (some 50% less CPU
> utilization with an older version of the  software, better results are
> surely obtainable).

Was the user-mode Snort using Phil Wood's libpcap 
<http://public.lanl.gov/cpw/> or an older version without MMAP mode support?

