vectorscan: new package for speeding up regex ops
Vectorscan is fork of Hyperscan, a high-performance multiple regex
matching library. It follows the regular expression syntax of the
commonly-used libpcre library, but is a standalone library with
its own C API.
Currently ARM NEON/ASIMD and Power VSX are 100% functional. ARM
SVE2 support is in ongoing with access to hardware now. More
platforms will follow in the future.
The performance difference of snort3 compiled against this is
sizable for aarch64 confirmed on two different SoCs:
Test SoC #1 flogic/glinet_gl-mt6000
IDS mode:
Download speed wo/ vectorscan: 91.2 ±0.21 Mbit/s (n=3)
Download speed using vectorscan: 331.0 ±27.34 Mbit/s (n=3)
Gain of 3.6x
IPS mode:
Download speed wo/ vectorscan: 30.0 ±0.06 Mbit/s (n=3)
Download speed using vectorscan: 52.9 ±0.78 Mbit/s (n=3)
Gain of 1.8x
Notes:
* Data generated on snapshot build on 12-Apr-2024 using kernel
6.6.26, snort 3.1.84.0, vectorscan 5.4.11.
* Speedtest script hitting the same server.
* Snort rules file of was 37,917 lines/22 MB.
* In all cases, single core CPU saturation occurred which
speaks to the efficiency gains supplied by vectorscan.
Test Soc #2 bcm2712/RPi5B
IPS mode:
Download speed wo/ vectorscan: 164.3 ±0.64 Mbit/s (n=3)
Download speed using vectorscan: 232.8 ±0.26 Mbit/s (n=3)
Gain of 1.4x
Notes:
* Data generated on snapshot build on 13-Apr-2024 using kernel
6.1.86, snort 3.1.84.0, vectorscan 5.4.11.
* Google fiber speedtest (https://fiber.google.com/speedtest/)
hitting the same server.
* Snort rules contained 39,801 rules/22 MB.
* In all cases, single core CPU saturation occurred which
speaks to the efficiency gains supplied by vectorscan.
Build system: x86/64
Build-tested: flogic/glinet_gl-mt6000, bcm2712/RPi5B, x86/64-glibc
Run-tested: flogic/glinet_gl-mt6000, bcm2712/RPi5B, x86/64-glibc (Intel N150 based box)
Co-authored-by: Tianling Shen <[email protected]>
Co-authored-by: Jeffery To <[email protected]>
Signed-off-by: John Audia <[email protected]>
projects / feed / packages.git / commit