PcapFileEx.HTTP2.Analyzer (pcap_file_ex v0.5.5)

View Source

HTTP/2 stream reconstruction from TCP segments.

This module implements the core analysis algorithm that:

  1. Buffers TCP segments per direction
  2. Detects client via connection preface or stream semantics
  3. Parses HTTP/2 frames from buffers
  4. Tracks stream state and decodes headers via HPACK
  5. Builds complete and incomplete exchanges

Usage

The analyzer processes directional TCP segments and produces exchanges:

segments = [...] # DirectionalSegments from TCP reassembly
{:ok, complete, incomplete} = Analyzer.analyze(segments)

Mid-Connection Capture Support

When the connection preface is not captured:

  • Client identification falls back to stream ID semantics
  • SETTINGS frames are deferred until client is identified
  • Some HPACK dynamic table entries may be missing

Summary

Types

direction()
directional_segment()
endpoint()
option()

Functions

analyze(segments, opts \\ [])

Analyze directional TCP segments and extract HTTP/2 exchanges.

Types

direction()

@type direction() :: :a_to_b | :b_to_a

directional_segment()

@type directional_segment() :: %{
  flow_key: {endpoint(), endpoint()},
  direction: direction(),
  data: binary(),
  timestamp: DateTime.t()
}

endpoint()

@type endpoint() :: {tuple(), non_neg_integer()}

option()

@type option() ::
  {:decode_content, boolean()}
  | {:hosts_map, PcapFileEx.Endpoint.hosts_map()}
  | {:decoders, [PcapFileEx.Flows.Decoder.decoder_spec()]}
  | {:keep_binary, boolean()}

Functions

analyze(segments, opts \\ [])

@spec analyze([directional_segment()], [option()]) ::
  {:ok, [PcapFileEx.HTTP2.Exchange.t()],
   [PcapFileEx.HTTP2.IncompleteExchange.t()]}

Analyze directional TCP segments and extract HTTP/2 exchanges.

Returns {:ok, complete_exchanges, incomplete_exchanges}.

Options

  • :decode_content - When true (default), automatically decodes request and response bodies based on their Content-Type header. Multipart bodies are recursively decoded, JSON is parsed, and text is validated as UTF-8. When false, bodies are left as raw binaries and decoded_body is nil.
  • :hosts_map - Map of IP address strings to hostname strings for endpoint resolution.
  • :decoders - List of custom decoder specs (see PcapFileEx.Flows.Decoder)
  • :keep_binary - When true, preserve original binary in multipart parts' body_binary field when custom decoders are invoked (default: false)