Project

General

Profile

Feature #2746

Use Available Instruction Set Specialization (AVX2 and AVX512) in Hyperscan when available

Added by booble tins 3 months ago. Updated 3 months ago.

Status:
New
Priority:
Normal
Assignee:
Target version:
-
Effort:
Difficulty:
Label:

Description

https://redmine.openinfosecfoundation.org/issues/2010 provides some context.

The Hyperscan API makes the use of specialized instruction sets relatively straightforward. It provides hs_populate_platform() which returns an hs_platform_info, which can in turn be fed into the various hs_compile calls.

It looks like the HS module in Suricata is currently feeding NULL into these functions eg: hs_compile_multi()

    err = hs_compile_ext_multi((const char *const *)cd->expressions, cd->flags,
                               cd->ids, (const hs_expr_ext_t *const *)cd->ext,
                               cd->pattern_cnt, HS_MODE_BLOCK, NULL, &pd->hs_db,
                               &compile_err);

I'm no C programmer, but this looks like an improvement I should be able to add with context from issue 2010. I've assigned it to myself for now and will see if I can get it going. Reading over this presentation makes it sound like AVX2/512 will be beneficial.

Please advise if this is obviously more complicated than it appears to me.

History

#1

Updated by booble tins 3 months ago

booble tins wrote:

Please advise if this is obviously more complicated than it appears to me.

Significantly less complicated than expected. From:
https://intel.github.io/hyperscan/dev-reference/compilation.html#instr-specialization

If this argument is NULL, the database will be targeted at the current host platform.

I missed that on the first read, apologies for the waste of reading time!

#2

Updated by Victor Julien 3 months ago

Maybe it would be nice to see if we can print the used algo/instruction set to the user?

Also available in: Atom PDF