[Snort-users] Kernel space Snort. Proof of concept test succeeded.
Willem de Bruijn
wdebruij at ...1580...
Wed Sep 15 11:36:39 EDT 2004
> Was the user-mode Snort using Phil Wood's libpcap
> <http://public.lanl.gov/cpw/> or an older version without MMAP mode
we compared against regular (0.8.3) pcap, so Phil Wood's version should be
considerably faster. However, speed-ups can still be obtained by running in
the kernel due to fewer context switches and no need for copying a packet
into the memory mapped area.
More information about the Snort-users