On 12/13/2011 9:19 AM, Graham Leggett wrote: > > - mod_firehose: "tcpdump for httpd" > > Based originally on mod_dumpio.c, mod_firehose is an httpd filter that writes > the contents of a request and/or a response to a file or pipe in such a way > that the requests can be reconstructed later using a second dedicated tool > called "firehose". > > It was initially developed to help debug restful services that were secured > with client certificates and therefore opaque to other tools like tcpdump or > tcpflow, but was then subsequently used to record "dirty traffic" for > subsequent replay for the purposes of testing. > > The module and the corresponding firehose demultiplexer was used to uncover > some of the more tricky bugs in mod_cache, as well as protocol > inconsistencies in backend services, and would prove very useful to anyone > deploying restful services. We have also intended it to be used to create a > "dark live" environment, where live traffic can be split off and diverted to > a staging environment to test whether a software update works correctly.
A silly question perhaps, but was the tcpdump/wireshark file format considered? If not, was there a reason to invent a new representational format? It seems like the functionality you describe, at the httpd-internals visibility, emitted in a tcpdump-compatible representation, would be a godsend. All the GUI inspection tools already exist.
