Understanding the Snort Rule Engine

["Rinka Singh \(VLabs\) via Snort-devel" <snort-devel () lists snort org>]

Hi everyone,
First - I apologize for the cross-posting.  I sent the following mail to 
snort-sig too as I wasn't sure what would be the best list.

I needed some help/advice as I'm trying to explore if it makes sense to 
run snort (specifically the rule processing) on a parallel machine.

I'm trying to figure out how the snort rule engine works (take the ICMP 
plug-in as an example).  I mean, how are the rulese validated, optimized 
and finally how are they then executed - are they executed in sequence 
or would rules be optimized out.

I couldn't find any documentation that would help me understand this.  
Please can someone point me at documentation/inputs that would help me 
understand this.

Thanks in advance.

--
Rinka Singh
For each good idea, ten thousand idiotic ones must be posed, sifted,
sniffed, tried & discarded. A mind afraid to toy with the ridiculous
will never come up with the brilliantly original.        -David Brin
....................................................................

_______________________________________________
Snort-devel mailing list
Snort-devel () lists snort org
https://lists.snort.org/mailman/listinfo/snort-devel

Please visit http://blog.snort.org for the latest news about Snort!