Pull request #3280: detection_filter: update dev notes to show multithreaded behavior

Merge in SNORT/snort3 from ~MMATIRKO/snort3:dev-notes-df to master

Squashed commit of the following:

commit b1f85411b8978cb61d634f815ce960e6e54d560f
Author: Michael Matirko <mmatirko@cisco.com>
Date:   Thu Feb 17 11:59:55 2022 -0500

    detection_filter: update dev notes to show multithreaded behavior

diff --git a/src/filters/dev_notes.txt b/src/filters/dev_notes.txt
index 73b75091b9dd2996d8ce2838d3b113fe489afd64..1d62ff216faf03981d80a4fa23ecc62ebe570d2b 100644 (file)
--- a/src/filters/dev_notes.txt
+++ b/src/filters/dev_notes.txt
@@ -1,10 +1,13 @@
 A collection of several different event and detection filtering function.
 The types of filters implemented here include:
 
-Detection Filter - One of the last steps of the rule evaluation process.  A
+Detection Filter - One of the last steps of the rule evaluation process. A
 detection filter can prevent a rule from firing based on a simple
 threshold.  For example, only generate an alert if the filter has been
-evaluated N times in M time period.
+evaluated N times in M time period. Events are accumulated into a
+multithreaded hash structure, to allow for real-time eventing as soon
+as the threshold value is crossed, regardless of which thread(s) processed
+the prior, non-eventing packets.
 
 Rate Filter - Based on configuration options, generically track multiple
 occurrences of the same event/address tuples.  The configuration can