Project

General

Profile

Actions

Feature #2010

closed

Suricata should confirm SSSE3 presence at runtime when built with Hyperscan support

Added by Sascha Steinbiss almost 6 years ago. Updated almost 6 years ago.

Status:
Closed
Priority:
Normal
Target version:
Effort:
Difficulty:
Label:

Description

Dear Suricata team,

I noticed that the recently released Hyperscan 4.4 [1] introduces a new API function hs_valid_platform() to check whether the host provides the SSSE3 instruction set required by Hyperscan. With this in mind it would be nice if Suricata -- when compiled with HS support -- could check at runtime whether Hyperscan can be used, and fall back to the classic BM/AC matchers if not. This would, for instance, make life easier for downstream packagers, who would no longer need to distribute an additional non-Hyperscan-enabled binary for users without SSSE3. Indeed that is what we are currently doing in Debian.

I have started working on a proof-of-concept patch for Suricata to disable HS support at runtime when Suricata was built against Hyperscan 4.4 and SSSE3 support is not detected. The behaviour on earlier Hyperscan versions and builds without Hyperscan support should be unaffected. The code has been tested on amd64 systems with and without SSSE3 (the latter within a QEMU VM with -cpu qemu64,-ssse3 set), and I can confirm that the patched version builds, starts up and stays up with the default ruleset and also emits the expected debug messages.

I'd be happy to receive comments on the code in my feature branch in Git [2]. I tried to keep my changes as minimal as possible.

Many thanks and best regards
Sascha

[1] https://github.com/01org/hyperscan/releases/tag/v4.4.0
[2] https://github.com/inliniac/suricata/compare/master...satta:hs_valid_platform

Actions

Also available in: Atom PDF