packages

openwrt-mirror/packages

Fork 0

mirror of https://github.com/openwrt/packages.git synced 2025-12-21 17:04:32 +04:00

Commit Graph

Author	SHA1	Message	Date
Josef Schlehofer	8a3c7a69e6	vectorscan: remove vectorscan-headers package and add ABI version The vectorscan-headers package installed headers to the target device, but headers are only needed during the build process (via Build/InstallDev). - Rename vectorscan-runtime to vectorscan to simplify things - Add ABI_VERSION:=5 to track library soname versioning Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>	2025-10-11 14:53:01 +02:00
Josef Schlehofer	3a6f31cc0d	vectorscan: drop custom DEPENDS_COMMON There is no reason to have custom specific DEPENDS_COMMON, I dropped it and added it to DEPENDS. Simplified, easier to read and understand. Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>	2025-09-26 12:26:12 +02:00
John Audia	b6b2d1e305	vectorscan: new package for speeding up regex ops Vectorscan is fork of Hyperscan, a high-performance multiple regex matching library. It follows the regular expression syntax of the commonly-used libpcre library, but is a standalone library with its own C API. Currently ARM NEON/ASIMD and Power VSX are 100% functional. ARM SVE2 support is in ongoing with access to hardware now. More platforms will follow in the future. The performance difference of snort3 compiled against this is sizable for aarch64 confirmed on two different SoCs: Test SoC #1 flogic/glinet_gl-mt6000 IDS mode: Download speed wo/ vectorscan: 91.2 ±0.21 Mbit/s (n=3) Download speed using vectorscan: 331.0 ±27.34 Mbit/s (n=3) Gain of 3.6x IPS mode: Download speed wo/ vectorscan: 30.0 ±0.06 Mbit/s (n=3) Download speed using vectorscan: 52.9 ±0.78 Mbit/s (n=3) Gain of 1.8x Notes: * Data generated on snapshot build on 12-Apr-2024 using kernel 6.6.26, snort 3.1.84.0, vectorscan 5.4.11. * Speedtest script hitting the same server. * Snort rules file of was 37,917 lines/22 MB. * In all cases, single core CPU saturation occurred which speaks to the efficiency gains supplied by vectorscan. Test Soc #2 bcm2712/RPi5B IPS mode: Download speed wo/ vectorscan: 164.3 ±0.64 Mbit/s (n=3) Download speed using vectorscan: 232.8 ±0.26 Mbit/s (n=3) Gain of 1.4x Notes: * Data generated on snapshot build on 13-Apr-2024 using kernel 6.1.86, snort 3.1.84.0, vectorscan 5.4.11. * Google fiber speedtest (https://fiber.google.com/speedtest/) hitting the same server. * Snort rules contained 39,801 rules/22 MB. * In all cases, single core CPU saturation occurred which speaks to the efficiency gains supplied by vectorscan. Build system: x86/64 Build-tested: flogic/glinet_gl-mt6000, bcm2712/RPi5B, x86/64-glibc Run-tested: flogic/glinet_gl-mt6000, bcm2712/RPi5B, x86/64-glibc (Intel N150 based box) Co-authored-by: Tianling Shen <cnsztl@gmail.com> Co-authored-by: Jeffery To <jeffery.to@gmail.com> Signed-off-by: John Audia <therealgraysky@proton.me>	2025-09-20 06:52:48 +03:00

Author

SHA1

Message

Date

Josef Schlehofer

8a3c7a69e6

vectorscan: remove vectorscan-headers package and add ABI version

The vectorscan-headers package installed headers to the target device,
but headers are only needed during the build process (via Build/InstallDev).

- Rename vectorscan-runtime to vectorscan to simplify things
- Add ABI_VERSION:=5 to track library soname versioning

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>

2025-10-11 14:53:01 +02:00

Josef Schlehofer

3a6f31cc0d

vectorscan: drop custom DEPENDS_COMMON

There is no reason to have custom specific DEPENDS_COMMON,
I dropped it and added it to DEPENDS. Simplified, easier to read
and understand.

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>

2025-09-26 12:26:12 +02:00

John Audia

b6b2d1e305

vectorscan: new package for speeding up regex ops

Vectorscan is fork of Hyperscan, a high-performance multiple regex
matching library. It follows the regular expression syntax of the
commonly-used libpcre library, but is a standalone library with
its own C API.

Currently ARM NEON/ASIMD and Power VSX are 100% functional. ARM
SVE2 support is in ongoing with access to hardware now. More
platforms will follow in the future.

The performance difference of snort3 compiled against this is
sizable for aarch64 confirmed on two different SoCs:

Test SoC #1 flogic/glinet_gl-mt6000
IDS mode:
Download speed wo/ vectorscan: 91.2 ±0.21 Mbit/s (n=3)
Download speed using vectorscan: 331.0 ±27.34 Mbit/s (n=3)
Gain of 3.6x

IPS mode:
Download speed wo/ vectorscan: 30.0 ±0.06 Mbit/s (n=3)
Download speed using vectorscan: 52.9 ±0.78 Mbit/s (n=3)
Gain of 1.8x

Notes:
* Data generated on snapshot build on 12-Apr-2024 using kernel
  6.6.26, snort 3.1.84.0, vectorscan 5.4.11.
* Speedtest script hitting the same server.
* Snort rules file of was 37,917 lines/22 MB.
* In all cases, single core CPU saturation occurred which
  speaks to the efficiency gains supplied by vectorscan.

Test Soc #2 bcm2712/RPi5B

IPS mode:
Download speed wo/ vectorscan: 164.3 ±0.64 Mbit/s (n=3)
Download speed using vectorscan: 232.8 ±0.26 Mbit/s (n=3)
Gain of 1.4x

Notes:
* Data generated on snapshot build on 13-Apr-2024 using kernel
  6.1.86, snort 3.1.84.0, vectorscan 5.4.11.
* Google fiber speedtest (https://fiber.google.com/speedtest/)
  hitting the same server.
* Snort rules contained 39,801 rules/22 MB.
* In all cases, single core CPU saturation occurred which
  speaks to the efficiency gains supplied by vectorscan.

Build system: x86/64
Build-tested: flogic/glinet_gl-mt6000, bcm2712/RPi5B, x86/64-glibc
Run-tested: flogic/glinet_gl-mt6000, bcm2712/RPi5B, x86/64-glibc (Intel N150 based box)

Co-authored-by: Tianling Shen <cnsztl@gmail.com>
Co-authored-by: Jeffery To <jeffery.to@gmail.com>
Signed-off-by: John Audia <therealgraysky@proton.me>

2025-09-20 06:52:48 +03:00

3 Commits