Hmm... I never used a hardware accelerator. So I cannot speak for
it. :)
I think my main point is whether or not a good idea to mix the
protocol patterns with the C code. Isn't it nice that I just write the
pattern for a new protocol without writing C code, and just add that
pattern into a pattern file. Then the packet inspection engine can
support that protocol instantly. That's what L7 filter does. Another
example is the snort IDS sensor. The sensor engine implementation is
seperated from the signature file (pattern). So you just need to
update the signature/pattern file without changing or recompiling your
detection engine.
With the current OpenDPI implementation, you have to recompile it
whenever you modify the pattern of a protocol, remove, or add a new
one.
thanks
Haidong
On Oct 21, 10:41 am, Joel Ebrahimi <
joel.ebrah...@gmail.com> wrote:
> Actually this is not the case. Many of the packet accelerating technologies
> are designed for user space applications. This provides the
> most flexibility. Since L7-filter is a kernel level application it does not
> benefit from many or the appliances or cards that are on the market. Also
> user space applications can use regex accelerators as well
> // Joel .
>