From 8d81f0e2eebf3a0be3d223af092199788f3944c4 Mon Sep 17 00:00:00 2001 From: John Audia Date: Tue, 2 Sep 2025 06:21:37 -0400 Subject: [PATCH] snort3: replace hyperscan with vectorscan in deps * Replacement of hyperscan-runtime reference with vectorscan-runtime * Added support for all aarch64 targets which I believe is exhaustive For x86 and x86/64, I found that vectorscan is truly a drop-in replacement for hyperscan as assessed by speedtests with snort3 running on my Intel N150 PC. CPU load during the test with each condition was nearly saturating on a single core for both cases on a symmetrical Gbps line. Using: https://www.waveform.com/tools/bufferbloat in IPS mode: Download speed w/ hyperscan: 950-960 Mbit/s (n=2) Download speed w/ vectorscan: 942-960 Mbit/s (n=2) Using: https://www.speedtest.net in IPS mode: Download speed w/ hyperscan: 996-1002 Mbit/s (n=2) Download speed w/ vectorscan: 993-988 Mbit/s (n=2) Build system: x86/64 Build-tested: x86/64-glibc Run-tested: x86/64-glibc (Intel N150 based box running snort3) Signed-off-by: John Audia --- net/snort3/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/snort3/Makefile b/net/snort3/Makefile index a010eefdec..292b79de8c 100644 --- a/net/snort3/Makefile +++ b/net/snort3/Makefile @@ -24,8 +24,8 @@ include $(INCLUDE_DIR)/cmake.mk ifeq ($(filter $(ARCH),mips mips64 mipsel powerpc),) EXTRA_DEPENDS += +gperftools-runtime endif -ifeq ($(filter $(ARCH),x86_64),$(ARCH)) - EXTRA_DEPENDS += +hyperscan-runtime +ifeq ($(filter $(ARCH),x86_64 aarch64),$(ARCH)) + EXTRA_DEPENDS += +vectorscan-runtime CMAKE_OPTIONS += -DHS_INCLUDE_DIRS=$(STAGING_DIR)/usr/include/hs endif -- 2.30.2