Hi Arturo and Robert, >> FYI, I have tried building the hyperscan package with a current git >> snapshot from upstream's 'develop' branch [1]. After adding some new >> build-deps (mostly libsqlite3) and patching out a duplicated Boost >> header, the package builds fine for 4.4. I have also checked whether the >> current Suricata in stretch can be built from source against the new >> Hyperscan version and starts up properly, which is the case. > > Good news, great! :-)
Yay :) BTW, It hasn't escaped our notice that there is a new 'hs_valid_platform()' function in Hyperscan 4.4 which checks at runtime whether the executing CPU has SSSE3 support. This may help to no longer require a Hyperscan-specific Debian package for Suricata: if Suricata could check at runtime whether Hyperscan can be used -- and fall back to the classic BM/AC matchers if not -- we can just depend on and use libhyperscan4 for all archs on which Hyperscan is available by default. I wonder what your thoughts are? To test this, I have started working on a proof-of-concept patch for Suricata to do exactly that. Upstream might be interested as well? >> It looks like there probably isn't going to be much friction w.r.t. this >> new version, assuming that the release won't diverge a lot any more from >> the current upstream 'develop' branch. > > Thanks for your work Sascha, it's really appreciated :-) Always happy to help. As you might have noticed, the 4.4 release was just accepted into unstable. Cheers Sascha
