To know which application generates monitored traffic it is not enough to know TCP/IP address and port but a look inside HTTP header is required.
HTTP header is analyzed against a collection of strings. Each string is associated with some protocol, like facebook, google chat, etc.
String search is a slow operation and to be made fast could leverage smart algorithms and HW optimization technics.
Install binary prerequisites
yum install ragel libstdc++-static
Download Hyperscan sources
tar -xf v4.7.0.tar.gz
Download boost headers
tar -xf boost_1_67_0.tar.gz
cp -r boost_1_67_0/boost hyperscan-4.7.0/include
Build and install Hyperscan shared library
Just follow the instruction from here.
cmake -DBUILD_SHARED_LIBS=true ..
Link DPDK app against Hyperscan
Modify Makefile as follows.
CFLAGS += -I/usr/local/include/hs/
LDFLAGS += -lhs