[Oisf-devel] Pattern match algorithms
Robert Kerr
rob at rkerr.co.uk
Wed Jul 21 19:20:20 UTC 2010
Hi,
I was wondering if the different pattern match algorithms are documented
anywhere? The default seems to be b2g, but are there cases where b3g
would be better? or wumanber? With snort the different algorithms mostly
seem to be a time/memory trade off - the AC based algorithms being
faster but more memory intensive. With suricata you seem to be able to
tune the hash_size and bf_size for most of the algorithms. Is it safe to
assume a bigger hash_size/bf_size means more speed?
--
Robert Kerr
More information about the Oisf-devel
mailing list