Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Suricata CUDA GPU support

    Scheduled Pinned Locked Moved IDS/IPS
    5 Posts 4 Posters 5.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H Offline
      HittingSmoke
      last edited by

      The current Suricata package is not compiled with GPU acceleration support (–enable-cuda).

      Is there a reason this has not been enabled and can it be? Forgive me if this is a stupid question. I'm new to pfSense and just as new to BSD in general.

      I understand why pfSense would have not ever put any energy into supporting proprietary GPU drivers and I'm guessing that lack of support is the reason why there's no GPU support in the Suricata package. Wouldn't do much good without the required drivers.

      But if I felt like going through whatever effort would be required to get proprietary Nvidia drivers running on pfSense wouldn't it be possible to utilize the GPU for Suricata if it was compiled with support?

      1 Reply Last reply Reply Quote 0
      • D Offline
        doktornotor Banned
        last edited by

        And the target audience for this would be? Decommissioned buttcoin miner rigs?  :o :o :o

        1 Reply Last reply Reply Quote 0
        • H Offline
          HittingSmoke
          last edited by

          @doktornotor:

          And the target audience for this would be? Decommissioned buttcoin miner rigs?  :o :o :o

          People running pfSense on custom built machines, old workstations, or rack servers who also have an old Nvidia GPU with CUDA support laying around in a box.

          1 Reply Last reply Reply Quote 0
          • bmeeksB Online
            bmeeks
            last edited by

            As @doktornotor implied, the option was not enabled for the binary package because the anticipated user base was close to zero.  Most firewalls do not have high-end GPUs installed.  If you can wait a bit for pfSense 2.3 to go BETA and for some of the packages to get migrated to Bootstrap, then you could compile your own Suricata binary package and use it.  The same option for a custom package is also available for 2.2.x, but setting up a PBI builder is not for the faint-of-heart… ;D.

            Bill

            1 Reply Last reply Reply Quote 0
            • C Offline
              cFire
              last edited by

              I would be very happy with this actually. I have quite a bit of traffic going through some pfSense boxes and suricata struggles considerably when under very heavy traffic loads.
              Especially under conditions like a (fairly small scale) ddos where the volume is still below the line speed limit, suricata is simply not able to keep up with the number of packets it needs to process. Even a pretty low budget GPU will allow for a significant amount of processing to be offloaded to it. This option is considerably cheaper than having to upgrade the whole box to get faster and/or more CPU cores.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.