Does hyper scan support gzip pcap ?

[sadegh01]

Does Hyperscan support gzip webpages ? I run a test on www.bing.com with ./pcapscan [pattern] [pcap file] and hyperscan Couldn't find 'Legal' or any pattern
It would be grate if you help me .
best regards

[jviiret]

Hyperscan itself is solely a regex matching engine; it does not implement anything to do with network protocols and it does not do any decoding/transformation of the data being scanned -- that job is for the calling application.

The pcapscan example code is a very minimal example intended to demonstrate and benchmark Hyperscan against some data in streaming mode; all it does is pick packets up out of the PCAP file, assign them to flows based on the five-tuple on the packet headers, and pass them to hs_scan_stream() for scanning.

To do what you ask, you will need to write an application (or extend pcapscan) to do correct TCP stream ordering/reassembly/flow assignment, then HTTP decode and decompression, then pass the decompressed data stream to Hyperscan to be scanned.