Snort mailing list archives

What are the possible search-method directives?

From: JP Vossen <vossenjp () netaxs com>
Date: Mon, 5 May 2003 01:12:02 -0400 (EDT)

Anyone know what the different "config detection: search-method"s are?

The only one I could find documented (sort of) is lowmem.  The other options
seem to be: ac and mwm, but there is no indication what they are or which is
the default if you don't specify. Searching the FAQ, Snort manual, SourceFire
White paper PDFs, the archives and Google all failed (thought I didn't spend a
large amount of time on it).

Even the code seems confused:
        snort-2.0.0/src/parser.c:

        if( !strcasecmp(args[i],"search-method") )
        [...]
                   FatalError("%s (%d)=> Invalid argument to 'search-method'"
                              ".  Must be either 'mwm' or 'ac'.\n",
                              file_name, file_line);
No mention of lowmem...


        snort-2.0.0/src/mpse.h

        /*
        *  Pattern Matching Methods
        */
        #define MPSE_MWM      1
        #define MPSE_AC       2
        #define MPSE_KTBM     3
        #define MPSE_LOWMEM   4
        #define MPSE_AUTO     5

There are case statements for all 5 in mpse.c, yet auto is not an allowable
option in the Snort.conf...  'Course, I really don't know squat about c code,
so...


TIA,
JP
------------------------------|:::======|--------------------------------
JP Vossen, CISSP              |:::======|                jp () jpsdomain org
My Account, My Opinions       |=========|       http://www.jpsdomain.org/
------------------------------|=========|--------------------------------
"The software said it requires Windows 98 or better, so I installed
Linux..."



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

What are the possible search-method directives? JP Vossen (May 04)
- Re: What are the possible search-method directives? Erek Adams (May 05)
  - Re: What are the possible search-method directives? JP Vossen (May 05)
    - Re: What are the possible search-method directives? Erek Adams (May 05)