Snort mailing list archives

Re: About Sort Pattern Matching

From: "J. Hellenthal via Snort-devel" <snort-devel () lists snort org>
Date: Fri, 13 Sep 2019 06:40:03 -0500

You could be hitting the dynamic .so rules. Off the top of my head loaded via either the config or dynamically from 
/usr/local/.... IIRC

-- 
 J. Hellenthal

The fact that there's a highway to Hell but only a stairway to Heaven says a lot about anticipated traffic volume.

On Sep 13, 2019, at 02:17, Mûħąɱɱɐɖ Yăşїѓ via Snort-devel <snort-devel () lists snort org> wrote:


Dear All,
Can you guys tell me where exactly [function in which file] does snort performs "content" option match of a rule with 
input packet data? I have disabled all the rules but one in local.rules which has "content:Bahria" rule option and 
want to calculate time for that single match against varying length packets.

-- 
Regards, 
Muhammad Yasir
_______________________________________________
Snort-devel mailing list
Snort-devel () lists snort org
https://lists.snort.org/mailman/listinfo/snort-devel

Please visit http://blog.snort.org for the latest news about Snort!

_______________________________________________
Snort-devel mailing list
Snort-devel () lists snort org
https://lists.snort.org/mailman/listinfo/snort-devel

Please visit http://blog.snort.org for the latest news about Snort!

Current thread:

About Sort Pattern Matching Mûħąɱɱɐɖ Yăşїѓ via Snort-devel (Sep 13)
- Re: About Sort Pattern Matching J. Hellenthal via Snort-devel (Sep 13)
- Re: About Sort Pattern Matching Russ Combs (rucombs) via Snort-devel (Sep 16)