Skip to content

perf: poison non-HTTP flows to avoid repeated parse-fail-clear cycles#42

Merged
Zious11 merged 3 commits intodevelopfrom
worktree-poison-non-http-flows
Apr 8, 2026
Merged

perf: poison non-HTTP flows to avoid repeated parse-fail-clear cycles#42
Zious11 merged 3 commits intodevelopfrom
worktree-poison-non-http-flows

Conversation

@Zious11
Copy link
Copy Markdown
Owner

@Zious11 Zious11 commented Apr 7, 2026

Summary

  • Add per-direction poisoning to HttpFlowState to skip non-HTTP TCP flows after repeated parse failures
  • Use POISON_THRESHOLD (3 consecutive errors) to tolerate mid-stream joins where initial segments are body data
  • Track non_http_flows per flow (not per direction) and poisoned_bytes_skipped for observability
  • Reduces parse_errors from 14 to 3 on http-full.cap fixture (the 3 remaining are legitimate first-attempt failures before threshold is reached)

Fixes #18

Test plan

  • test_parse_error_poisons_direction_after_threshold — 3 errors poison, 4th data skipped
  • test_single_error_does_not_poison — 1 error below threshold, next valid request parses
  • test_poison_request_does_not_affect_response — direction independence
  • test_non_http_flows_counts_per_flow_not_direction — counter accuracy
  • test_poison_cleared_after_flow_close — poison doesn't persist across flow reuse
  • All 135 tests pass
  • cargo fmt clean
  • Code reviewer: fixed double-counting, added threshold, added tests
  • Silent-failure-hunter: added poisoned_bytes_skipped counter, threshold for mid-stream tolerance

Zious11 added 2 commits April 7, 2026 16:20
@Zious11
perf: poison non-HTTP flows to avoid repeated parse-fail-clear cycles
a6581b9 
Add per-direction poisoned flag to HttpFlowState. After the first
parse error on a direction with no prior successful parse, mark it
poisoned and skip all future buffering/parsing for that direction.

- request_poisoned / response_poisoned bools on HttpFlowState
- non_http_flows counter in HttpAnalyzer, surfaced in summarize()
- Updated test to verify poisoned direction skips subsequent data

Reduces parse_errors from 14 to 2 on http-full.cap fixture.

Fixes #18
@Zious11
fix: address review findings for HTTP flow poisoning
b86dc93 
- Add POISON_THRESHOLD (3 errors) before poisoning to tolerate
  mid-stream joins where first segments are body data
- Fix non_http_flows double-counting: use per-flow counted_as_non_http
  flag so counter increments once per flow, not once per direction
- Add poisoned_bytes_skipped counter for observability of discarded data
- Add tests: threshold behavior, direction independence, flow counter
  accuracy, poison cleared after flow close
@Zious11 Zious11 requested a review from Copilot April 7, 2026 21:29
Copilot AI reviewed Apr 7, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR improves HTTP analyzer performance on non-HTTP TCP streams by “poisoning” a flow direction after repeated header-parse failures, preventing repeated parse-fail-clear cycles and adding summary counters for observability.

Changes:

  • Add per-direction poisoning state and counters to HttpFlowState (with a POISON_THRESHOLD of 3).
  • Skip future data for poisoned directions while tracking non_http_flows and poisoned_bytes_skipped.
  • Expand HTTP analyzer tests to cover poisoning threshold behavior, per-direction independence, per-flow counting, and reset on flow close.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 4 comments.

File Description
src/analyzer/http.rs Introduces per-direction poisoning logic and new summary metrics to avoid repeated parsing on non-HTTP traffic.
tests/http_analyzer_tests.rs Adds/updates unit tests validating poisoning threshold, direction independence, per-flow counting, and cleanup on close.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@Zious11
fix: reset error counter on success, add poisoned_bytes_skipped accessor
ce747db 
- Reset request_error_count/response_error_count to 0 on successful
  parse so poisoning is based on consecutive errors, not total errors
- Add poisoned_bytes_skipped() accessor for test observability
- Assert poisoned_bytes_skipped increments correctly in test
@Zious11 Zious11 merged commit 4282188 into develop Apr 8, 2026
4 checks passed
@Zious11 Zious11 deleted the worktree-poison-non-http-flows branch April 8, 2026 03:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

perf: poison non-HTTP flows to avoid repeated parse-fail-clear cycles

2 participants

@Zious11