I have noticed HyperScan is being incorporated in the upcoming Snort 3.0.
Is there any chance Inel will release the patches for Snort 2.9.X?
It is still a bit of a time until 3.0 becomes stable :(
Jaime Nebrera - CTO
We've just pushed the Hyperscan 4.1.0 to the master branch on https://github.com/01org/hyperscan
The ChangeLog for this release from CHANGELOG.md:
- Update version of PCRE used by testing tools as a syntax and semantic reference to PCRE 8.38.
- Small updates to fix warnings identified by Coverity.
- Clean up and unify exception handling behaviour across GPR and SIMD NFA models.
- Fix bug in handling of bounded repeat triggers with large gaps between them for sparse repeat model.
- Correctly reject POSIX collating elements ([.ch.], [=ch=]) in the parser. These are not supported by Hyperscan.
- Add support for quoted sequences (\Q...\E) inside character classes.
- Simplify FDR literal matcher runtime by removing some static specialization.
- Fix handling of the POSIX [:graph:], [:print:] and [:punct:] character classes to match the behaviour of PCRE 8.38 in both standard operation and with the UCP flag set. (Note: some bugs were fixed in this area in PCRE 8.38.) Previously Hyperscan's behaviour was the same as versions of PCRE before 8.34.
- Improve performance when compiling pattern sets that include a large number of similar bounded repeat constructs. (github issue #9)