Suricata Hyperscan question

How is Suricata setup does it use Hyperscan or the others? I have read article that came out talking about how intel decided to make Hyperscan 5.5 and newer paid for instead of using bsd license. I was curious in how this would affect Ipfire as a whole in the future. I’M not sure where to post this

1 Like

Suricata automatically uses hyperscan if is has been installed and if the mpm-algo and spm-algo entries in suricata.yaml have been assigned a value of auto.

So if you are using an X86_64 architecture, suricata will automatically use the hyperscan capability.

Currently IPFire has hyperscan-5.4.0

There is a new update version of 5.4.2 with a range of bug fixes.

With Intel moving 5.5 and future versions to be proprietary, paid for options then IPFire will stop updating the hyperscan version after 5.4.2.

1 Like

Thanks for raising this. I have not seen anything about this change, yet.

I created a ticket because we can most likely use Vectorscan, too:

If we would lose Hyperscan, I don’t think that this would massively impact the IPS performance. We currently don’t have it on ARM and there is no noticeable difference to x86_64.


I think we should give vectorscan a try.


Your welcome . I only knew about it since i read the Opnsense forum for issues there having