PcapFileEx.Flows.ProtocolDetector (pcap_file_ex v0.5.5)

View Source

Detects HTTP protocol version from TCP flow data.

Inspects the initial bytes of a TCP flow to determine whether it's HTTP/2 (h2c prior-knowledge), HTTP/1.x, or unknown.

Detection Strategy

  1. HTTP/2: Match the connection preface "PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n"
  2. HTTP/1: Match request methods (GET, POST, etc.) or response (HTTP/)
  3. Unknown: Any other content

Example

data = "GET /index.html HTTP/1.1\r\nHost: example.com\r\n\r\n"
:http1 = ProtocolDetector.detect(data)

data = "PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n" <> settings_frame
:http2 = ProtocolDetector.detect(data)

data = <<0x16, 0x03, 0x01, ...>>  # TLS handshake
:unknown = ProtocolDetector.detect(data)

Summary

Types

protocol()

Functions

detect(data)

Detects the HTTP protocol version from flow data.

http1?(data)

Checks if data looks like HTTP/1.x request or response.

http2?(arg1)

Checks if data starts with HTTP/2 connection preface.

http2_preface()

Returns the HTTP/2 connection preface.

http2_preface_size()

Returns the size of the HTTP/2 connection preface in bytes.

Types

protocol()

@type protocol() :: :http1 | :http2 | :unknown

Functions

detect(data)

@spec detect(binary()) :: protocol()

Detects the HTTP protocol version from flow data.

Examines the beginning of the data to identify the protocol.

Parameters

  • data - Binary data from the start of a TCP flow

Returns

  • :http2 - HTTP/2 connection preface detected
  • :http1 - HTTP/1.x request or response detected
  • :unknown - Neither HTTP/1 nor HTTP/2 detected

Examples

iex> PcapFileEx.Flows.ProtocolDetector.detect("GET / HTTP/1.1\r\n")
:http1

iex> PcapFileEx.Flows.ProtocolDetector.detect("HTTP/1.1 200 OK\r\n")
:http1

iex> PcapFileEx.Flows.ProtocolDetector.detect("PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n")
:http2

iex> PcapFileEx.Flows.ProtocolDetector.detect(<<0, 1, 2, 3>>)
:unknown

http1?(data)

@spec http1?(binary()) :: boolean()

Checks if data looks like HTTP/1.x request or response.

Examples

iex> PcapFileEx.Flows.ProtocolDetector.http1?("GET / HTTP/1.1\r\n")
true

iex> PcapFileEx.Flows.ProtocolDetector.http1?("HTTP/1.1 200 OK\r\n")
true

iex> PcapFileEx.Flows.ProtocolDetector.http1?("PRI * HTTP/2.0")
false

http2?(arg1)

@spec http2?(binary()) :: boolean()

Checks if data starts with HTTP/2 connection preface.

Examples

iex> PcapFileEx.Flows.ProtocolDetector.http2?("PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n")
true

iex> PcapFileEx.Flows.ProtocolDetector.http2?("GET / HTTP/1.1")
false

http2_preface()

@spec http2_preface() :: binary()

Returns the HTTP/2 connection preface.

http2_preface_size()

@spec http2_preface_size() :: non_neg_integer()

Returns the size of the HTTP/2 connection preface in bytes.