How is Suricata setup does it use Hyperscan or the others? I have read article that came out talking about how intel decided to make Hyperscan 5.5 and newer paid for instead of using bsd license. I was curious in how this would affect Ipfire as a whole in the future. I’M not sure where to post this
https://www.phoronix.com/news/Intel-Hyperscan-Now-Proprietary
Suricata automatically uses hyperscan if is has been installed and if the mpm-algo and spm-algo entries in suricata.yaml have been assigned a value of auto.
So if you are using an X86_64 architecture, suricata will automatically use the hyperscan capability.
Currently IPFire has hyperscan-5.4.0
There is a new update version of 5.4.2 with a range of bug fixes.
With Intel moving 5.5 and future versions to be proprietary, paid for options then IPFire will stop updating the hyperscan version after 5.4.2.
Thanks for raising this. I have not seen anything about this change, yet.
I created a ticket because we can most likely use Vectorscan, too:
https://bugzilla.ipfire.org/show_bug.cgi?id=13687
If we would lose Hyperscan, I don’t think that this would massively impact the IPS performance. We currently don’t have it on ARM and there is no noticeable difference to x86_64.
I think we should give vectorscan a try.
Your welcome . I only knew about it since i read the Opnsense forum for issues there having