Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Potential Improvements related to PCRE library and usage.

From: Joel Esler <jesler () sourcefire com>
Date: Mon, 17 Oct 2011 13:41:53 -0400
On Oct 17, 2011, at 1:35 PM, snort user wrote:


http://www.inliniac.net/blog/2011/10/12/suricata-and-pcre-performance.html

The suricata team had documented certain performance gains with
regards to official PCRE release (version 8.20-RC3.)

In addition to the PCRE library, some change may also be required to
the arguments to the PCRE API as mentioned in the comments -

"Victor Julien says:
October 13, 2011 at 8:42 pm

To benefit fully from the JIT support some minor changes to Suricata
were needed. Nothing more than passing PCRE_STUDY_JIT_COMPILE to
pcre_study(). If the Snort devs do the same there’s a good chance it’s
performance increase will be bigger as well."

I was wondering if anyone is taking a look into this?


Yes.  We've been looking at it for some time.

Thanks.

--
Joel Esler
Senior Research Engineer, VRT
OpenSource Community Manager
Sourcefire
------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure contains a
definitive record of customers, application performance, security
threats, fraudulent activity and more. Splunk takes this data and makes
sense of it. Business sense. IT sense. Common sense.
http://p.sf.net/sfu/splunk-d2d-oct
_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel

Please visit http://blog.snort.org for the latest news about Snort!
Previous By Date Next
Previous By Thread Next

Current thread: