This article discusses the challenges of decoding HTTP/2 traffic and how eBPF (extended Berkeley Packet Filter) can be used to solve this problem. It explains why Wireshark fails to decode HTTP/2 due to the binary framing of packets and the complexity added by HPACK. The article then introduces eBPF uprobes as a solution, allowing developers to observe HTTP/2 implementation and read header content directly from application memory. It provides code examples and demonstrates how to trace HTTP/2 activity using eBPF uprobes.
Sort: