I'm trying to benchmark my Multi-Pattern Search Engine against other algorithms included with snort3.
I'm trying to figure out what files from the repository I need to modify, and where should I add my files.
I'm only interested in the third part of the pipeline (Aho-Corasick-like), not the fourth one (PCRE-like).
This thesis helped me a bit, especially Appendix A starting from page 145. Unfortunately, Snort's codebase layout has changed a bit in the last 15 years.
The engine implementations seem to reside in src/search_engines. Some implementations, like the NFA-AC don't seem to inherit from an interface like a more recent one does (Hyperscan).
Does my search engine need to support all of the functionalities found in the PatternDescriptor from src/framework/mpse.h?
How do I let snort know which engine to choose? My guess is that I have to modify config detection: search-method ac-split from snort.conf, but I'm not sure with what, since it wouldn't be the actual name of the search engine file.
Is there a more concrete resource on how to achieve this? Thank you!