Beefy Boxes and Bandwidth Generously Provided by pair Networks
There's more than one way to do things
 
PerlMonks  

Re^2: Check if a scalar contains a complete HTTP request

by FloydATC (Deacon)
on May 20, 2017 at 11:02 UTC ( [id://1190713]=note: print w/replies, xml ) Need Help??


in reply to Re: Check if a scalar contains a complete HTTP request
in thread Check if a scalar contains a complete HTTP request

Handling of the non-blocking sockets is not the issue, data from each client already flows beautifully into buffers thanks to IO::Select/sysread/syswrite and that bit works like a charm. It's just that I have about 60-70 lines of code just to grab HTTP requests from those buffers and besides being an eyesore I'm pretty sure it will fall over pretty soon if exposed to the real world.

The main loop for each client/server socket pair kind of goes like this:
  1. Read from sockets that can be read from
  2. Fill inspection buffer with data from client
  3. If a buffer has been modified, see if it contains a HTTP request, complete with content (possibly chunked)
  4. If a HTTP request was found, remove it from the inspection buffer and allow/deny it
  5. Write allowed data to sockets that can be written to

This is for SSL inspection if you didn't already guess, the prototype works but I'm trying to make it more robust.

-- FloydATC

I got 99 problems, most of them have to do with printers.

  • Comment on Re^2: Check if a scalar contains a complete HTTP request

Replies are listed 'Best First'.
Re^3: Check if a scalar contains a complete HTTP request
by Marshall (Canon) on May 20, 2017 at 16:14 UTC
    I guess I'm a bit lost here because this looks like the wrong application for a select server. Why aren't you using a normal TCP client/server model? What does this have to do with SSL inspection? Just curious..
[reply]

      Short answer: Because traffic over tcp/443 can be a lot more than just HTTP request/response transactions that follow a predictable pattern, and it's the non-HTTP traffic that really interests me. This means I have to quickly and reliably filter out the actual HTTP traffic.

      -- FloydATC

      I got 99 problems, most of them have to do with printers.

[reply]
        Ok, I am getting a better idea of your objective. Thanks for the explanation!
        I am curious... why WireShark doesn't already do what you want? I did a quick search and found that there is a !HTTP filter (filter out HTTP traffic) and that capturing with that program's filter might get the job done? I suspect that Wireshark is very performant C code. Maybe some Perl program to post process the WireShark output might work? I don't know, but an idea...
[reply]

In Section Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: note [id://1190713]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others making s'mores by the fire in the courtyard of the Monastery: (2)
As of 2024-04-20 15:22 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found