Suricata

The current git master supports FNAME and FCOMMENT gzip extensions. Support for FEXTRA and FHCRC is missing: http://www.gzip.org/zlib/rfc-gzip.html

If a gzip stream is encountered that contains an unsupported flag, the "http.gzip_decompression_failed" app layer event is set.

Support needs to be added to libhtp, not Suricata itself.

When complete, patches need to be submitted to upstream libhtp.