Hyperscan scanning in too much time

Question

• I am using a database that has a ten million lines signature to match PCAP packages. I finished the code with c++. It cost 100 seconds in matching one 200m PCAP package.
• Well, as I know, someone finished the project , and that cost only several seconds in matching one 200m PCAP package.
• This is my steps:

1. all my patterns look like this:

    id:1258808
    pattern:\x06\x62\x68\x69\x66\x72\x69\x03\x63\x6F\x6D\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 
    flag   :0

2. I use block mode.
3. func hs_scan()

    for (size_t i = 0; i < packets.size(); ++i) {
            const std::string pkt = packets[i];
            err = hs_scan(database, pkt.c_str(), pkt.length(), 0,
                                     scratch, onMatch, &matchCount);
            if (err != HS_SUCCESS) {
                cerr << "ERROR: Unable to scan packet. Exiting." << endl;
                exit(-1);
            }
        }

I am wondering where is my problem, and how to short the run time?

Answer 1

I figured out the problem, the cause of the slow is because I mixed too many different patterns of flags in my database. So I split the pattern by different flags, and it works amazingly. Thank u guys.