Re: [ChiSUG] Does Boyer-Moore Pattern Match Algorithm Still being used in current Snort?

[Joel Esler <jesler () sourcefire com>]

Thanks for writing, the best place to ask this question is Snort-devel.  You
don't need to repost it every day though.  I am sure one of the developers
will read it, if you post this on snort-devel, and be able to answer your
question.
J

2009/4/11 jiangzhw2008 <jiangzhw2008 () yeah net>

> Dear all,
>       I saw such sentences in "Snort user manual"(version for 2.7.0,July
> 16, 2007):
> "Whenever a content option pattern match is performed, the Boyer-Moore
> pattern match function is called and the (rather computationally expensive)
> testis performed against the packet contents."
>      1.Does it mean that the BM search method is still used in snort?As we
> know, snort currently uses the  AC-BNFA as default pattern matching
> algorithm.
>      2.There is a option named "lowmem" for search mehod ,then what is the
> algorithm used for lowmem and which file is it in the src?
>     Thanks a lot!
>     Best   reagards!
>     jiangzhw2008 () yeah net
>
>
> _______________________________________________
> ChiSUG mailing list
> ChiSUG () lists snort org
> https://lists.snort.org/mailman/listinfo/chisug


-- 
joel esler | Sourcefire | gtalk: jesler () sourcefire com | 302-223-5974

------------------------------------------------------------------------------
This SF.net email is sponsored by:
High Quality Requirements in a Collaborative Environment.
Download a free trial of Rational Requirements Composer Now!
http://p.sf.net/sfu/www-ibm-com

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users