Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Regarding set wise pattern matcher

From: "Hui Cao (huica)" <huica () cisco com>
Date: Wed, 5 Mar 2014 15:13:01 +0000


Hi Sri,

You can find the pattern matcher from this file: snort/src/sfutil/bnfa_search.c

Best,
Hui.

From: sri harsha <sriharsha9992 () gmail com<mailto:sriharsha9992 () gmail com>>
Date: Wednesday, March 5, 2014 at 7:40 AM
To: "snort-devel () lists sourceforge net<mailto:snort-devel () lists sourceforge net>" <snort-devel () lists 
sourceforge net<mailto:snort-devel () lists sourceforge net>>
Subject: [Snort-devel] Regarding set wise pattern matcher

 Hi,

     I am using SNORT IDS and i am very much interested in its detection process. Snort uses set wise boyer moore 
horspool algorithm.

    I am unable to locate the implementation of the algorithm in its source file. It would be really helpful if you can 
help me with explanation of this set wise detection engine.

   In which source file is the implementation given ??

   At what stage and for what purpose are AC and BMH algorithms used ??

   Thank you in advance.


regards,
sri harsha

------------------------------------------------------------------------------
Subversion Kills Productivity. Get off Subversion & Make the Move to Perforce.
With Perforce, you get hassle-free workflows. Merge that actually works. 
Faster operations. Version large binaries.  Built-in WAN optimization and the
freedom to use Git, Perforce or both. Make the move to Perforce.
http://pubads.g.doubleclick.net/gampad/clk?id=122218951&iu=/4140/ostg.clktrk
_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel
Archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel

Please visit http://blog.snort.org for the latest news about Snort!
Previous By Date Next
Previous By Thread Next

Current thread: