Snort mailing list archives
Re: Order of stream_size and dsize checks?
From: snort user <snort.user () gmail com>
Date: Fri, 21 Mar 2014 14:22:12 -0400
Joel - Could you please explain how the placing of stream_size or dsize will speed up evaluation of the rule? I can see that placing it upfront will eliminate evaluation of the more expensive options such as content or pcre, but is there some other aspect that will make the rule evaluation more faster with these rule options placed upfront? Thanks On Fri, Mar 21, 2014 at 2:11 PM, Joel Esler (jesler) <jesler () cisco com>wrote:
You bring up a good point though, Harley, which is basically, if you put those checks first in the rule (before the content match) it can speed up the evaluation of the traffic by that rule. -- *Joel Esler* Open Source Manager Threat Intelligence Team Lead Vulnerability Research Team On Mar 21, 2014, at 12:06 PM, Steven Sturges < steve.sturges () sourcefire com> wrote: Rule options are evaluated in the order specified in the rule. On 3/21/14, 11:56 AM, Harley H wrote: Hello, Are stream_size and dsize checked following any or all content matches or are they performed first? -Harley ------------------------------------------------------------------------------ Learn Graph Databases - Download FREE O'Reilly Book "Graph Databases" is the definitive new guide to graph databases and their applications. Written by three acclaimed leaders in the field, this first edition is now available. Download your free book today! http://p.sf.net/sfu/13534_NeoTech _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort! ------------------------------------------------------------------------------ Learn Graph Databases - Download FREE O'Reilly Book "Graph Databases" is the definitive new guide to graph databases and their applications. Written by three acclaimed leaders in the field, this first edition is now available. Download your free book today! http://p.sf.net/sfu/13534_NeoTech _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort! ------------------------------------------------------------------------------ Learn Graph Databases - Download FREE O'Reilly Book "Graph Databases" is the definitive new guide to graph databases and their applications. Written by three acclaimed leaders in the field, this first edition is now available. Download your free book today! http://p.sf.net/sfu/13534_NeoTech _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
------------------------------------------------------------------------------ Learn Graph Databases - Download FREE O'Reilly Book "Graph Databases" is the definitive new guide to graph databases and their applications. Written by three acclaimed leaders in the field, this first edition is now available. Download your free book today! http://p.sf.net/sfu/13534_NeoTech
_______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Order of stream_size and dsize checks? Harley H (Mar 21)
- Re: Order of stream_size and dsize checks? Steven Sturges (Mar 21)
- Re: Order of stream_size and dsize checks? Joel Esler (jesler) (Mar 21)
- Re: Order of stream_size and dsize checks? snort user (Mar 21)
- Re: Order of stream_size and dsize checks? Steven Sturges (Mar 21)
- Re: Order of stream_size and dsize checks? Joel Esler (jesler) (Mar 21)
- Re: Order of stream_size and dsize checks? Joshua Kinard (Mar 21)
- Re: Order of stream_size and dsize checks? Joel Esler (jesler) (Mar 21)
- Re: Order of stream_size and dsize checks? Steven Sturges (Mar 21)