Package: suricata Version: 3.1.3-3 Severity: wishlist Dear Suricata maintainers,
I spent some time last week to assess how much effort it would be to enable Hyperscan support for Debian's suricata packages. Robert Haist has been so kind to provide a package for Hyperscan, available on the currently supported architectures. I would consider it quite useful to provide a performance- optimised variant of Suricata on architectures that support it, and make use of Robert's work bringing Hyperscan into Debian (surely with Suricata in mind). My first approach was to add an additional binary package identical to the current one, except with a runtime dependency on libhyperscan4 and Hyperscan support enabled while the original 'suricata' package stays as it is, with no explicit Hyperscan support built in. This would keep Suricata available in principle on architectures unsupported by Hyperscan. Both packages Conflict: with each other to prevent simultaneous installation. Please find the necessary changes in the 'hyperscan' branch of my personal Suricata repo [1]. Arturo suggested that it might be cleaner to reduce redundancy by just switching out the /usr/bin/suricata binary with a separate one linked against libhyperscan, e.g. via a diversion. I implemented this approach in my 'hyperscan-with-diversion' branch in the same repo [2] and I think this might indeed be a better way to accomplish what I was trying to do, keeping changes as minimal as possible. I would be curious to learn what the maintainers' and community thoughts are, and would appreciate any comments you might have. By the way, to make sure that backports to Jessie are not blocked by a missing Hyperscan dependency, I have prepared a backport for the latest Hyperscan in Debian, and it was accepted from backports NEW this morning. Thanks and kind regards Sascha [1] https://anonscm.debian.org/cgit/users/satta/suricata.git/log/?h=hyperscan [2] https://anonscm.debian.org/cgit/users/satta/suricata.git/log/?h=hyperscan-with-diversion
