is a popular open-source network intrusion
detection/prevention system (NIDS/NIPS) which allows users to define sets of rules for
network traffic analysis and threat detection. These rules (and Snort's design) make
use of a number of pattern matching approaches, including bulk literal scanning and
regular expression matching.
The Hyperscan team is pleased to release a patch that adds support for using the Hyperscan
library to accelerate some of these pattern matching tasks in Snort.
The patch adds a Hyperscan integration in three places:
1. A new multi-pattern literal matcher (MPSE module) called "hyperscan".
2. A faster single-pattern content string matcher, replacing the Boyer-Moore approach used
3. A prefilter for PCRE, where Hyperscan is used as a prefilter check for regex options
before PCRE is run. Expressions that are expensive to evaluate in PCRE may be avoided
entirely depending on the result of the prefilter.
You can find the patch here, including a README with instructions for its use:
The patch is targeted at Snort 18.104.22.168 (the current version as of this post) and we
recommend using Hyperscan 4.2.0, the current release.
If you have questions, bug reports or other feedback, please don't hesitate to contact
us via this list or directly.