Re: Wu-Manber, Aho-Corasick, Boyer Moore.

[Matt Kettler <mkettler () evi-inc com>]

At 05:50 AM 6/10/2004, kinek wrote:
> Hey all,
>
> is it possible to select one of the multi-pattern-search-algorithms 
> sophisticated for one Protokol? So that
> for example the ICMP Packets are performed by Qu-Manber and UDP Packets by 
> Aho-Corasick.
> Are there other possibilities to differentiate the use of these algorithms?
>
> How can i select one specific multi-pattern-search-algorithms? (even if it 
> is not possible to differentiate the use of it)

It's not documented in the snort.conf file yet, but from the 2.1.2 source 
code of fpcreate.c:

   Search method is set using "config detect: search-method ac | mwm | auto"

Where ac is Aho-Chorasick, and mwm is Modified Wu-Manber.

It also seems to support "lowmem" which appears to end up using the Boyer 
Moore algorithm from looking at mpse.c (MPSE_LOWMEM results in the same 
behavior as MPSE_KTBM)

However, it doesn't appear that you can select which one on a per-protocol 
basis.



-------------------------------------------------------
This SF.Net email is sponsored by the new InstallShield X.
> From Windows to Linux, servers to mobile, InstallShield X is the
one installation-authoring solution that does it all. Learn more and
evaluate today! http://www.installshield.com/Dev2Dev/0504
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users