doc: reorganize hyperscan guide

OISF · Sep 28, 2016 · 3ab405d · 3ab405d
1 parent 99d5bf4
commit 3ab405d
Show file tree

Hide file tree

Showing 2 changed files with 30 additions and 32 deletions.
diff --git a/doc/userguide/performance/hyperscan.rst b/doc/userguide/performance/hyperscan.rst
@@ -1,16 +1,39 @@
-Hyperscan guide for Ubuntu
-==========================
+Hyperscan
+=========
 
 Introduction
-============
+~~~~~~~~~~~~
 
 "Hyperscan is a high-performance multiple regex matching library." https://01.org/hyperscan
 
 In Suricata it can be used to perform multi pattern matching (mpm). Support was implemented by Justin Viiret and Jim Xu from Intel: https://github.com/inliniac/suricata/pull/1965, https://redmine.openinfosecfoundation.org/issues/1704
 
+Compilation
+~~~~~~~~~~~
+
+It's possible to pass --with-libhs-includes=/usr/local/include/hs/ --with-libhs-libraries=/usr/local/lib/, although by default this shouldn't be necessary. Suricata should pick up Hyperscan's pkg-config file automagically.
+
+When Suricata's compilation succeeded, you should have:
+
+::
+
+
+  suricata --build-info|grep Hyperscan
+    Hyperscan support:                       yes
+
+
+Using Hyperscan
+~~~~~~~~~~~~~~~
+
+To use the hyperscan support edit your suricata.yaml. Change the mpm-algo and spm-algo values to 'hs'.
+
+Alternatively, use this commandline option: --set mpm-algo=hs --set spm-algo=hs
+
+
 
-Installation
-============
+
+Ubuntu Hyperscan Installation
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 To use Suricata with Hyperscan support, install dependencies:
 
@@ -35,7 +58,7 @@ On Ubuntu 15.10 or 16.04+, simply do:
 
 
 Trusty
-~~~~~~
+------
 
 Trusty has 1.57, so it's too old. We can grab a newer libboost version, but we *don't* install it system wide. It's only the headers we care about during compilation of Hyperscan.
 
@@ -111,28 +134,3 @@ Note that you may have to add /usr/local/lib to your ld search path
   echo "/usr/local/lib" | sudo tee --append /etc/ld.so.conf.d/usrlocal.conf
   sudo ldconfig
 
-Suricata
---------
-
-Compilation
-~~~~~~~~~~~
-
-Suricata's installation is now quite standard.
-
-It's possible to pass --with-libhs-includes=/usr/local/include/hs/ --with-libhs-libraries=/usr/local/lib/, although by default this shouldn't be necessary. Suricata should pick up Hyperscan's pkg-config file automagically.
-
-When Suricata's compilation succeeded, you should have:
-
-::
-
-
-  suricata --build-info|grep Hyperscan
-    Hyperscan support:                       yes
-
-
-Using Hyperscan
-~~~~~~~~~~~~~~~
-
-To use the hyperscan support edit your suricata.yaml and change the mpm-algo value to 'hs'.
-
-Alternatively, use this commandline option: --set mpm-algo=hs
diff --git a/doc/userguide/performance/tuning-considerations.rst b/doc/userguide/performance/tuning-considerations.rst
@@ -15,7 +15,7 @@ Suggested setting: 1000 or higher. Max is ~65000.
 mpm-algo: <ac|hs|ac-bs|ac-ks>
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
-Controls the pattern matcher algorithm. AC is the default. On supported platforms, :doc:`performance/hyperscan` is the best option.
+Controls the pattern matcher algorithm. AC is the default. On supported platforms, :doc:`performance/Hyperscan` is the best option.
 
 detect.profile: <low|medium|high|custom>
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~