[Snort-users] [ChiSUG] Does Boyer-Moore Pattern Match Algorithm Still being used in current Snort?

Joel Esler jesler at ...1935...
Sun Apr 12 09:16:51 EDT 2009


Thanks for writing, the best place to ask this question is Snort-devel.  You
don't need to repost it every day though.  I am sure one of the developers
will read it, if you post this on snort-devel, and be able to answer your
question.
J

2009/4/11 jiangzhw2008 <jiangzhw2008 at ...14518...>

> Dear all,
>       I saw such sentences in "Snort user manual"(version for 2.7.0,July
> 16, 2007):
> "Whenever a content option pattern match is performed, the Boyer-Moore
> pattern match function is called and the (rather computationally expensive)
> testis performed against the packet contents."
>      1.Does it mean that the BM search method is still used in snort?As we
> know, snort currently uses the  AC-BNFA as default pattern matching
> algorithm.
>      2.There is a option named "lowmem" for search mehod ,then what is the
> algorithm used for lowmem and which file is it in the src?
>     Thanks a lot!
>     Best   reagards!
>     jiangzhw2008 at ...14518...
>
>
> _______________________________________________
> ChiSUG mailing list
> ChiSUG at ...13603...
> https://lists.snort.org/mailman/listinfo/chisug
>
>


-- 
joel esler | Sourcefire | gtalk: jesler at ...1935... | 302-223-5974
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20090412/a3d83943/attachment.html>


More information about the Snort-users mailing list