Design goals
The concept and idea of what became Snort 3 was started in 2005 under the name SnortSP (short for Snort Security Platform). The name suggests that the authors were trying to build a platform for the next-generation IDS/IPS. Later, this project was internally dubbed Snort++. As this project progressed, many of its features were pulled into the mainline Snort releases. However, the architectural changes could not be incorporated into Snort 2.x as these were foundational changes. These are the changes that have been packaged as Snort 3, which we will discuss in this section.
The main design goals of Snort 3 were as follows:
- High performance.
- Modular and pluggable architecture.
- Better configurability.
- Efficiency.
High performance
Snort has historically been a single-threaded monolithic program. This meant that, at any time, one Snort program would process and analyze only one packet (or one stream) at a time. This became a challenge as the...
