Skip to content

perf: poison non-HTTP flows to avoid repeated parse-fail-clear cycles #18

Closed
#42
Closed
perf: poison non-HTTP flows to avoid repeated parse-fail-clear cycles#18
#42
Labels
enhancementNew feature or requestinfrastructureBuild, perf, toolingprotocol:httpHTTP protocol analysis
@Zious11

Description

@Zious11
Zious11
opened on Apr 7, 2026

Summary

When the HTTP analyzer receives TCP data from non-HTTP streams (SMTP, MySQL, binary protocols), it attempts to parse, fails, clears the buffer, and repeats on every subsequent data chunk. This wastes CPU on captures with many non-HTTP TCP flows.

Proposed Fix

Add a poisoned: bool field to HttpFlowState. After the first parse error on a flow, set poisoned = true and skip all future data for that flow. Track a non_http_flows: u64 counter in the summary.

Context

Found in HTTP analyzer error handling review.

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or requestinfrastructureBuild, perf, toolingprotocol:httpHTTP protocol analysis

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions