On 01/02/11 13:01, GÃspÃr Lajos wrote: > The string match is much like a toy and not a real help in the iptables. > (Sorry, I do not really "believe" in this match. But also I understand > the need for such match. Sometimes it can be very usefull.) As already > mentioned before, the main problem is the fragmentation. fragmentation is not a problem for algorithms like knuth-pratt-morris, which is implemented in textsearch. boyer-moore is faster but if the text is splitted among fragments, it won't find a matching. segmentation is a problem for textsearch, it wouldn't be hard to extend the string matching to make it flow-based. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
