feat(protocols): refactor protocol utilities into centralized protocols module

- Created ts/detection module for unified protocol detection
- Implemented TLS and HTTP detectors with fragmentation support
- Moved TLS detection logic from existing code to centralized module
- Updated RouteConnectionHandler to use ProtocolDetector for both TLS and HTTP
- Refactored ACME HTTP parsing to use detection module
- Added comprehensive tests for detection functionality
- Eliminated duplicate protocol detection code across codebase

This centralizes all non-destructive protocol detection into a single module,
improving code organization and reducing duplication between ACME and routing.

certs/static-route/meta.json

@@ -1,5 +1,5 @@
 {
-  "expiryDate": "2025-10-18T13:15:48.916Z",
-  "issueDate": "2025-07-20T13:15:48.916Z",
-  "savedAt": "2025-07-20T13:15:48.916Z"
+  "expiryDate": "2025-10-19T22:36:33.093Z",
+  "issueDate": "2025-07-21T22:36:33.093Z",
+  "savedAt": "2025-07-21T22:36:33.094Z"
 }

changelog.md

@@ -1,5 +1,14 @@
 # Changelog
 
+## 2025-07-21 - 21.1.0 - feat(protocols)
+Refactor protocol utilities into centralized protocols module
+
+- Moved TLS utilities from `ts/tls/` to `ts/protocols/tls/`
+- Created centralized protocol modules for HTTP, WebSocket, Proxy, and TLS
+- Core utilities now delegate to protocol modules for parsing and utilities
+- Maintains backward compatibility through re-exports in original locations
+- Improves code organization and separation of concerns
+
 ## 2025-07-22 - 21.0.0 - BREAKING_CHANGE(forwarding)
 Remove legacy forwarding module
 

package.json

@@ -1,6 +1,6 @@
 {
   "name": "@push.rocks/smartproxy",
-  "version": "21.0.0",
+  "version": "21.1.0",
   "private": false,
   "description": "A powerful proxy package with unified route-based configuration for high traffic management. Features include SSL/TLS support, flexible routing patterns, WebSocket handling, advanced security options, and automatic ACME certificate management.",
   "main": "dist_ts/index.js",

test/test.detection.ts

@@ -0,0 +1,131 @@
+import { expect, tap } from '@git.zone/tstest/tapbundle';
+import * as smartproxy from '../ts/index.js';
+
+tap.test('Protocol Detection - TLS Detection', async () => {
+  // Test TLS handshake detection
+  const tlsHandshake = Buffer.from([
+    0x16, // Handshake record type
+    0x03, 0x01, // TLS 1.0
+    0x00, 0x05, // Length: 5 bytes
+    0x01, // ClientHello
+    0x00, 0x00, 0x01, 0x00 // Handshake length and data
+  ]);
+  
+  const detector = new smartproxy.detection.TlsDetector();
+  expect(detector.canHandle(tlsHandshake)).toEqual(true);
+  
+  const result = detector.detect(tlsHandshake);
+  expect(result).toBeDefined();
+  expect(result?.protocol).toEqual('tls');
+  expect(result?.connectionInfo.tlsVersion).toEqual('TLSv1.0');
+});
+
+tap.test('Protocol Detection - HTTP Detection', async () => {
+  // Test HTTP request detection
+  const httpRequest = Buffer.from(
+    'GET /test HTTP/1.1\r\n' +
+    'Host: example.com\r\n' +
+    'User-Agent: TestClient/1.0\r\n' +
+    '\r\n'
+  );
+  
+  const detector = new smartproxy.detection.HttpDetector();
+  expect(detector.canHandle(httpRequest)).toEqual(true);
+  
+  const result = detector.detect(httpRequest);
+  expect(result).toBeDefined();
+  expect(result?.protocol).toEqual('http');
+  expect(result?.connectionInfo.method).toEqual('GET');
+  expect(result?.connectionInfo.path).toEqual('/test');
+  expect(result?.connectionInfo.domain).toEqual('example.com');
+});
+
+tap.test('Protocol Detection - Main Detector TLS', async () => {
+  const tlsHandshake = Buffer.from([
+    0x16, // Handshake record type
+    0x03, 0x03, // TLS 1.2
+    0x00, 0x05, // Length: 5 bytes
+    0x01, // ClientHello
+    0x00, 0x00, 0x01, 0x00 // Handshake length and data
+  ]);
+  
+  const result = await smartproxy.detection.ProtocolDetector.detect(tlsHandshake);
+  expect(result.protocol).toEqual('tls');
+  expect(result.connectionInfo.tlsVersion).toEqual('TLSv1.2');
+});
+
+tap.test('Protocol Detection - Main Detector HTTP', async () => {
+  const httpRequest = Buffer.from(
+    'POST /api/test HTTP/1.1\r\n' +
+    'Host: api.example.com\r\n' +
+    'Content-Type: application/json\r\n' +
+    'Content-Length: 2\r\n' +
+    '\r\n' +
+    '{}'
+  );
+  
+  const result = await smartproxy.detection.ProtocolDetector.detect(httpRequest);
+  expect(result.protocol).toEqual('http');
+  expect(result.connectionInfo.method).toEqual('POST');
+  expect(result.connectionInfo.path).toEqual('/api/test');
+  expect(result.connectionInfo.domain).toEqual('api.example.com');
+});
+
+tap.test('Protocol Detection - Unknown Protocol', async () => {
+  const unknownData = Buffer.from('UNKNOWN PROTOCOL DATA\r\n');
+  
+  const result = await smartproxy.detection.ProtocolDetector.detect(unknownData);
+  expect(result.protocol).toEqual('unknown');
+  expect(result.isComplete).toEqual(true);
+});
+
+tap.test('Protocol Detection - Fragmented HTTP', async () => {
+  const connectionId = 'test-connection-1';
+  
+  // First fragment
+  const fragment1 = Buffer.from('GET /test HT');
+  let result = await smartproxy.detection.ProtocolDetector.detectWithConnectionTracking(
+    fragment1,
+    connectionId
+  );
+  expect(result.protocol).toEqual('http');
+  expect(result.isComplete).toEqual(false);
+  
+  // Second fragment
+  const fragment2 = Buffer.from('TP/1.1\r\nHost: example.com\r\n\r\n');
+  result = await smartproxy.detection.ProtocolDetector.detectWithConnectionTracking(
+    fragment2,
+    connectionId
+  );
+  expect(result.protocol).toEqual('http');
+  expect(result.isComplete).toEqual(true);
+  expect(result.connectionInfo.method).toEqual('GET');
+  expect(result.connectionInfo.path).toEqual('/test');
+  expect(result.connectionInfo.domain).toEqual('example.com');
+});
+
+tap.test('Protocol Detection - HTTP Methods', async () => {
+  const methods = ['GET', 'POST', 'PUT', 'DELETE', 'PATCH', 'HEAD', 'OPTIONS'];
+  
+  for (const method of methods) {
+    const request = Buffer.from(
+      `${method} /test HTTP/1.1\r\n` +
+      'Host: example.com\r\n' +
+      '\r\n'
+    );
+    
+    const detector = new smartproxy.detection.HttpDetector();
+    const result = detector.detect(request);
+    expect(result?.connectionInfo.method).toEqual(method);
+  }
+});
+
+tap.test('Protocol Detection - Invalid Data', async () => {
+  // Binary data that's not a valid protocol
+  const binaryData = Buffer.from([0xFF, 0xFE, 0xFD, 0xFC, 0xFB]);
+  
+  const result = await smartproxy.detection.ProtocolDetector.detect(binaryData);
+  expect(result.protocol).toEqual('unknown');
+});
+
+tap.start();

ts/core/utils/proxy-protocol.ts

@@ -1,161 +1,44 @@
 import * as plugins from '../../plugins.js';
 import { logger } from './logger.js';
+import { ProxyProtocolParser as ProtocolParser, type IProxyInfo, type IProxyParseResult } from '../../protocols/proxy/index.js';
 
-/**
- * Interface representing parsed PROXY protocol information
- */
-export interface IProxyInfo {
-  protocol: 'TCP4' | 'TCP6' | 'UNKNOWN';
-  sourceIP: string;
-  sourcePort: number;
-  destinationIP: string;
-  destinationPort: number;
-}
-
-/**
- * Interface for parse result including remaining data
- */
-export interface IProxyParseResult {
-  proxyInfo: IProxyInfo | null;
-  remainingData: Buffer;
-}
+// Re-export types from protocols for backward compatibility
+export type { IProxyInfo, IProxyParseResult } from '../../protocols/proxy/index.js';
 
 /**
  * Parser for PROXY protocol v1 (text format)
  * Spec: https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt
+ * 
+ * This class now delegates to the protocol parser but adds 
+ * smartproxy-specific features like socket reading and logging
  */
 export class ProxyProtocolParser {
-  static readonly PROXY_V1_SIGNATURE = 'PROXY ';
-  static readonly MAX_HEADER_LENGTH = 107; // Max length for v1 header
-  static readonly HEADER_TERMINATOR = '\r\n';
+  static readonly PROXY_V1_SIGNATURE = ProtocolParser.PROXY_V1_SIGNATURE;
+  static readonly MAX_HEADER_LENGTH = ProtocolParser.MAX_HEADER_LENGTH;
+  static readonly HEADER_TERMINATOR = ProtocolParser.HEADER_TERMINATOR;
   
   /**
    * Parse PROXY protocol v1 header from buffer
    * Returns proxy info and remaining data after header
    */
   static parse(data: Buffer): IProxyParseResult {
-    // Check if buffer starts with PROXY signature
-    if (!data.toString('ascii', 0, 6).startsWith(this.PROXY_V1_SIGNATURE)) {
-      return {
-        proxyInfo: null,
-        remainingData: data
-      };
-    }
-    
-    // Find header terminator
-    const headerEndIndex = data.indexOf(this.HEADER_TERMINATOR);
-    if (headerEndIndex === -1) {
-      // Header incomplete, need more data
-      if (data.length > this.MAX_HEADER_LENGTH) {
-        // Header too long, invalid
-        throw new Error('PROXY protocol header exceeds maximum length');
-      }
-      return {
-        proxyInfo: null,
-        remainingData: data
-      };
-    }
-    
-    // Extract header line
-    const headerLine = data.toString('ascii', 0, headerEndIndex);
-    const remainingData = data.slice(headerEndIndex + 2); // Skip \r\n
-    
-    // Parse header
-    const parts = headerLine.split(' ');
-    
-    if (parts.length < 2) {
-      throw new Error(`Invalid PROXY protocol header format: ${headerLine}`);
-    }
-    
-    const [signature, protocol] = parts;
-    
-    // Validate protocol
-    if (!['TCP4', 'TCP6', 'UNKNOWN'].includes(protocol)) {
-      throw new Error(`Invalid PROXY protocol: ${protocol}`);
-    }
-    
-    // For UNKNOWN protocol, ignore addresses
-    if (protocol === 'UNKNOWN') {
-      return {
-        proxyInfo: {
-          protocol: 'UNKNOWN',
-          sourceIP: '',
-          sourcePort: 0,
-          destinationIP: '',
-          destinationPort: 0
-        },
-        remainingData
-      };
-    }
-    
-    // For TCP4/TCP6, we need all 6 parts
-    if (parts.length !== 6) {
-      throw new Error(`Invalid PROXY protocol header format: ${headerLine}`);
-    }
-    
-    const [, , srcIP, dstIP, srcPort, dstPort] = parts;
-    
-    // Validate and parse ports
-    const sourcePort = parseInt(srcPort, 10);
-    const destinationPort = parseInt(dstPort, 10);
-    
-    if (isNaN(sourcePort) || sourcePort < 0 || sourcePort > 65535) {
-      throw new Error(`Invalid source port: ${srcPort}`);
-    }
-    
-    if (isNaN(destinationPort) || destinationPort < 0 || destinationPort > 65535) {
-      throw new Error(`Invalid destination port: ${dstPort}`);
-    }
-    
-    // Validate IP addresses
-    const protocolType = protocol as 'TCP4' | 'TCP6' | 'UNKNOWN';
-    if (!this.isValidIP(srcIP, protocolType)) {
-      throw new Error(`Invalid source IP for ${protocol}: ${srcIP}`);
-    }
-    
-    if (!this.isValidIP(dstIP, protocolType)) {
-      throw new Error(`Invalid destination IP for ${protocol}: ${dstIP}`);
-    }
-    
-    return {
-      proxyInfo: {
-        protocol: protocol as 'TCP4' | 'TCP6',
-        sourceIP: srcIP,
-        sourcePort,
-        destinationIP: dstIP,
-        destinationPort
-      },
-      remainingData
-    };
+    // Delegate to protocol parser
+    return ProtocolParser.parse(data);
   }
   
   /**
    * Generate PROXY protocol v1 header
    */
   static generate(info: IProxyInfo): Buffer {
-    if (info.protocol === 'UNKNOWN') {
-      return Buffer.from(`PROXY UNKNOWN\r\n`, 'ascii');
-    }
-    
-    const header = `PROXY ${info.protocol} ${info.sourceIP} ${info.destinationIP} ${info.sourcePort} ${info.destinationPort}\r\n`;
-    
-    if (header.length > this.MAX_HEADER_LENGTH) {
-      throw new Error('Generated PROXY protocol header exceeds maximum length');
-    }
-    
-    return Buffer.from(header, 'ascii');
+    // Delegate to protocol parser
+    return ProtocolParser.generate(info);
   }
   
   /**
    * Validate IP address format
    */
   private static isValidIP(ip: string, protocol: 'TCP4' | 'TCP6' | 'UNKNOWN'): boolean {
-    if (protocol === 'TCP4') {
-      return plugins.net.isIPv4(ip);
-    } else if (protocol === 'TCP6') {
-      return plugins.net.isIPv6(ip);
-    }
-    return false;
+    return ProtocolParser.isValidIP(ip, protocol);
   }
   
   /**

ts/core/utils/websocket-utils.ts

@@ -1,12 +1,13 @@
 /**
  * WebSocket utility functions
+ * 
+ * This module provides smartproxy-specific WebSocket utilities
+ * and re-exports protocol utilities from the protocols module
  */
 
-/**
- * Type for WebSocket RawData that can be different types in different environments
- * This matches the ws library's type definition
- */
-export type RawData = Buffer | ArrayBuffer | Buffer[] | any;
+// Import and re-export from protocols
+import { getMessageSize as protocolGetMessageSize, toBuffer as protocolToBuffer } from '../../protocols/websocket/index.js';
+export type { RawData } from '../../protocols/websocket/index.js';
 
 /**
  * Get the length of a WebSocket message regardless of its type
@@ -15,35 +16,9 @@ export type RawData = Buffer | ArrayBuffer | Buffer[] | any;
  * @param data - The data message from WebSocket (could be any RawData type)
  * @returns The length of the data in bytes
  */
-export function getMessageSize(data: RawData): number {
-  if (typeof data === 'string') {
-    // For string data, get the byte length
-    return Buffer.from(data, 'utf8').length;
-  } else if (data instanceof Buffer) {
-    // For Node.js Buffer
-    return data.length;
-  } else if (data instanceof ArrayBuffer) {
-    // For ArrayBuffer
-    return data.byteLength;
-  } else if (Array.isArray(data)) {
-    // For array of buffers, sum their lengths
-    return data.reduce((sum, chunk) => {
-      if (chunk instanceof Buffer) {
-        return sum + chunk.length;
-      } else if (chunk instanceof ArrayBuffer) {
-        return sum + chunk.byteLength;
-      }
-      return sum;
-    }, 0);
-  } else {
-    // For other types, try to determine the size or return 0
-    try {
-      return Buffer.from(data).length;
-    } catch (e) {
-      console.warn('Could not determine message size', e);
-      return 0;
-    }
-  }
+export function getMessageSize(data: import('../../protocols/websocket/index.js').RawData): number {
+  // Delegate to protocol implementation
+  return protocolGetMessageSize(data);
 }
 
 /**
@@ -52,30 +27,7 @@ export function getMessageSize(data: RawData): number {
  * @param data - The data message from WebSocket (could be any RawData type)
  * @returns A Buffer containing the data
  */
-export function toBuffer(data: RawData): Buffer {
-  if (typeof data === 'string') {
-    return Buffer.from(data, 'utf8');
-  } else if (data instanceof Buffer) {
-    return data;
-  } else if (data instanceof ArrayBuffer) {
-    return Buffer.from(data);
-  } else if (Array.isArray(data)) {
-    // For array of buffers, concatenate them
-    return Buffer.concat(data.map(chunk => {
-      if (chunk instanceof Buffer) {
-        return chunk;
-      } else if (chunk instanceof ArrayBuffer) {
-        return Buffer.from(chunk);
-      }
-      return Buffer.from(chunk);
-    }));
-  } else {
-    // For other types, try to convert to Buffer or return empty Buffer
-    try {
-      return Buffer.from(data);
-    } catch (e) {
-      console.warn('Could not convert message to Buffer', e);
-      return Buffer.alloc(0);
-    }
-  }
+export function toBuffer(data: import('../../protocols/websocket/index.js').RawData): Buffer {
+  // Delegate to protocol implementation
+  return protocolToBuffer(data);
 }

ts/detection/detectors/http-detector.ts

@@ -0,0 +1,281 @@
+/**
+ * HTTP protocol detector
+ */
+
+import type { IProtocolDetector } from '../models/interfaces.js';
+import type { IDetectionResult, IDetectionOptions, IConnectionInfo, THttpMethod } from '../models/detection-types.js';
+import { extractLine, isPrintableAscii, BufferAccumulator } from '../utils/buffer-utils.js';
+import { parseHttpRequestLine, parseHttpHeaders, extractDomainFromHost, isHttpMethod } from '../utils/parser-utils.js';
+
+/**
+ * HTTP detector implementation
+ */
+export class HttpDetector implements IProtocolDetector {
+  /**
+   * Minimum bytes needed to identify HTTP method
+   */
+  private static readonly MIN_HTTP_METHOD_SIZE = 3; // GET
+  
+  /**
+   * Maximum reasonable HTTP header size
+   */
+  private static readonly MAX_HEADER_SIZE = 8192;
+  
+  /**
+   * Fragment tracking for incomplete headers
+   */
+  private static fragmentedBuffers = new Map<string, BufferAccumulator>();
+  
+  /**
+   * Detect HTTP protocol from buffer
+   */
+  detect(buffer: Buffer, options?: IDetectionOptions): IDetectionResult | null {
+    // Check if buffer is too small
+    if (buffer.length < HttpDetector.MIN_HTTP_METHOD_SIZE) {
+      return null;
+    }
+    
+    // Quick check: first bytes should be printable ASCII
+    if (!isPrintableAscii(buffer, Math.min(20, buffer.length))) {
+      return null;
+    }
+    
+    // Try to extract the first line
+    const firstLineResult = extractLine(buffer, 0);
+    if (!firstLineResult) {
+      // No complete line yet
+      return {
+        protocol: 'http',
+        connectionInfo: { protocol: 'http' },
+        isComplete: false,
+        bytesNeeded: buffer.length + 100 // Estimate
+      };
+    }
+    
+    // Parse the request line
+    const requestLine = parseHttpRequestLine(firstLineResult.line);
+    if (!requestLine) {
+      // Not a valid HTTP request line
+      return null;
+    }
+    
+    // Initialize connection info
+    const connectionInfo: IConnectionInfo = {
+      protocol: 'http',
+      method: requestLine.method,
+      path: requestLine.path,
+      httpVersion: requestLine.version
+    };
+    
+    // Check if we want to extract headers
+    if (options?.extractFullHeaders !== false) {
+      // Look for the end of headers (double CRLF)
+      const headerEndSequence = Buffer.from('\r\n\r\n');
+      const headerEndIndex = buffer.indexOf(headerEndSequence);
+      
+      if (headerEndIndex === -1) {
+        // Headers not complete yet
+        const maxSize = options?.maxBufferSize || HttpDetector.MAX_HEADER_SIZE;
+        if (buffer.length >= maxSize) {
+          // Headers too large, reject
+          return null;
+        }
+        
+        return {
+          protocol: 'http',
+          connectionInfo,
+          isComplete: false,
+          bytesNeeded: buffer.length + 200 // Estimate
+        };
+      }
+      
+      // Extract all header lines
+      const headerLines: string[] = [];
+      let currentOffset = firstLineResult.nextOffset;
+      
+      while (currentOffset < headerEndIndex) {
+        const lineResult = extractLine(buffer, currentOffset);
+        if (!lineResult) {
+          break;
+        }
+        
+        if (lineResult.line.length === 0) {
+          // Empty line marks end of headers
+          break;
+        }
+        
+        headerLines.push(lineResult.line);
+        currentOffset = lineResult.nextOffset;
+      }
+      
+      // Parse headers
+      const headers = parseHttpHeaders(headerLines);
+      connectionInfo.headers = headers;
+      
+      // Extract domain from Host header
+      const hostHeader = headers['host'];
+      if (hostHeader) {
+        connectionInfo.domain = extractDomainFromHost(hostHeader);
+      }
+      
+      // Calculate remaining buffer
+      const bodyStartIndex = headerEndIndex + 4; // After \r\n\r\n
+      const remainingBuffer = buffer.length > bodyStartIndex 
+        ? buffer.slice(bodyStartIndex) 
+        : undefined;
+      
+      return {
+        protocol: 'http',
+        connectionInfo,
+        remainingBuffer,
+        isComplete: true
+      };
+    } else {
+      // Just extract Host header for domain
+      let currentOffset = firstLineResult.nextOffset;
+      const maxLines = 50; // Reasonable limit
+      
+      for (let i = 0; i < maxLines && currentOffset < buffer.length; i++) {
+        const lineResult = extractLine(buffer, currentOffset);
+        if (!lineResult) {
+          // Need more data
+          return {
+            protocol: 'http',
+            connectionInfo,
+            isComplete: false,
+            bytesNeeded: buffer.length + 50
+          };
+        }
+        
+        if (lineResult.line.length === 0) {
+          // End of headers
+          break;
+        }
+        
+        // Quick check for Host header
+        if (lineResult.line.toLowerCase().startsWith('host:')) {
+          const colonIndex = lineResult.line.indexOf(':');
+          const hostValue = lineResult.line.slice(colonIndex + 1).trim();
+          connectionInfo.domain = extractDomainFromHost(hostValue);
+          
+          // If we only needed the domain, we can return early
+          return {
+            protocol: 'http',
+            connectionInfo,
+            isComplete: true
+          };
+        }
+        
+        currentOffset = lineResult.nextOffset;
+      }
+      
+      // If we reach here, no Host header found yet
+      return {
+        protocol: 'http',
+        connectionInfo,
+        isComplete: false,
+        bytesNeeded: buffer.length + 100
+      };
+    }
+  }
+  
+  /**
+   * Check if buffer can be handled by this detector
+   */
+  canHandle(buffer: Buffer): boolean {
+    if (buffer.length < HttpDetector.MIN_HTTP_METHOD_SIZE) {
+      return false;
+    }
+    
+    // Check if first bytes could be an HTTP method
+    const firstWord = buffer.slice(0, Math.min(10, buffer.length)).toString('ascii').split(' ')[0];
+    return isHttpMethod(firstWord);
+  }
+  
+  /**
+   * Get minimum bytes needed for detection
+   */
+  getMinimumBytes(): number {
+    return HttpDetector.MIN_HTTP_METHOD_SIZE;
+  }
+  
+  /**
+   * Quick check if buffer starts with HTTP method
+   */
+  static quickCheck(buffer: Buffer): boolean {
+    if (buffer.length < 3) {
+      return false;
+    }
+    
+    // Check common HTTP methods
+    const start = buffer.slice(0, 7).toString('ascii');
+    return start.startsWith('GET ') ||
+           start.startsWith('POST ') ||
+           start.startsWith('PUT ') ||
+           start.startsWith('DELETE ') ||
+           start.startsWith('HEAD ') ||
+           start.startsWith('OPTIONS') ||
+           start.startsWith('PATCH ') ||
+           start.startsWith('CONNECT') ||
+           start.startsWith('TRACE ');
+  }
+  
+  /**
+   * Handle fragmented HTTP detection with connection tracking
+   */
+  static detectWithFragments(
+    buffer: Buffer,
+    connectionId: string,
+    options?: IDetectionOptions
+  ): IDetectionResult | null {
+    const detector = new HttpDetector();
+    
+    // Try direct detection first
+    const directResult = detector.detect(buffer, options);
+    if (directResult && directResult.isComplete) {
+      // Clean up any tracked fragments for this connection
+      this.fragmentedBuffers.delete(connectionId);
+      return directResult;
+    }
+    
+    // Handle fragmentation
+    let accumulator = this.fragmentedBuffers.get(connectionId);
+    if (!accumulator) {
+      accumulator = new BufferAccumulator();
+      this.fragmentedBuffers.set(connectionId, accumulator);
+    }
+    
+    accumulator.append(buffer);
+    const fullBuffer = accumulator.getBuffer();
+    
+    // Check size limit
+    const maxSize = options?.maxBufferSize || this.MAX_HEADER_SIZE;
+    if (fullBuffer.length > maxSize) {
+      // Too large, clean up and reject
+      this.fragmentedBuffers.delete(connectionId);
+      return null;
+    }
+    
+    // Try detection on accumulated buffer
+    const result = detector.detect(fullBuffer, options);
+    
+    if (result && result.isComplete) {
+      // Success - clean up
+      this.fragmentedBuffers.delete(connectionId);
+      return result;
+    }
+    
+    return result;
+  }
+  
+  /**
+   * Clean up old fragment buffers
+   */
+  static cleanupFragments(maxAge: number = 5000): void {
+    // TODO: Add timestamp tracking to BufferAccumulator for cleanup
+    // For now, just clear if too many connections
+    if (this.fragmentedBuffers.size > 1000) {
+      this.fragmentedBuffers.clear();
+    }
+  }
+}

ts/detection/detectors/tls-detector.ts

@@ -0,0 +1,259 @@
+/**
+ * TLS protocol detector
+ */
+
+// TLS detector doesn't need plugins imports
+import type { IProtocolDetector } from '../models/interfaces.js';
+import type { IDetectionResult, IDetectionOptions, IConnectionInfo } from '../models/detection-types.js';
+import { readUInt16BE, readUInt24BE, BufferAccumulator } from '../utils/buffer-utils.js';
+import { tlsVersionToString } from '../utils/parser-utils.js';
+
+// Import from protocols
+import { TlsRecordType, TlsHandshakeType, TlsExtensionType } from '../../protocols/tls/index.js';
+
+// Import TLS utilities for SNI extraction from protocols
+import { SniExtraction } from '../../protocols/tls/sni/sni-extraction.js';
+import { ClientHelloParser } from '../../protocols/tls/sni/client-hello-parser.js';
+
+/**
+ * TLS detector implementation
+ */
+export class TlsDetector implements IProtocolDetector {
+  /**
+   * Minimum bytes needed to identify TLS (record header)
+   */
+  private static readonly MIN_TLS_HEADER_SIZE = 5;
+  
+  /**
+   * Fragment tracking for incomplete handshakes
+   */
+  private static fragmentedBuffers = new Map<string, BufferAccumulator>();
+  
+  /**
+   * Detect TLS protocol from buffer
+   */
+  detect(buffer: Buffer, options?: IDetectionOptions): IDetectionResult | null {
+    // Check if buffer is too small
+    if (buffer.length < TlsDetector.MIN_TLS_HEADER_SIZE) {
+      return null;
+    }
+    
+    // Check if this is a TLS record
+    if (!this.isTlsRecord(buffer)) {
+      return null;
+    }
+    
+    // Extract basic TLS info
+    const recordType = buffer[0];
+    const tlsMajor = buffer[1];
+    const tlsMinor = buffer[2];
+    const recordLength = readUInt16BE(buffer, 3);
+    
+    // Initialize connection info
+    const connectionInfo: IConnectionInfo = {
+      protocol: 'tls',
+      tlsVersion: tlsVersionToString(tlsMajor, tlsMinor) || undefined
+    };
+    
+    // If it's a handshake, try to extract more info
+    if (recordType === TlsRecordType.HANDSHAKE && buffer.length >= 6) {
+      const handshakeType = buffer[5];
+      
+      // For ClientHello, extract SNI and other info
+      if (handshakeType === TlsHandshakeType.CLIENT_HELLO) {
+        // Check if we have the complete handshake
+        const totalRecordLength = recordLength + 5; // Including TLS header
+        if (buffer.length >= totalRecordLength) {
+          // Extract SNI using existing logic
+          const sni = SniExtraction.extractSNI(buffer);
+          if (sni) {
+            connectionInfo.domain = sni;
+            connectionInfo.sni = sni;
+          }
+          
+          // Parse ClientHello for additional info
+          const parseResult = ClientHelloParser.parseClientHello(buffer);
+          if (parseResult.isValid) {
+            // Extract ALPN if present
+            const alpnExtension = parseResult.extensions.find(
+              ext => ext.type === TlsExtensionType.APPLICATION_LAYER_PROTOCOL_NEGOTIATION
+            );
+            
+            if (alpnExtension) {
+              connectionInfo.alpn = this.parseAlpnExtension(alpnExtension.data);
+            }
+            
+            // Store cipher suites if needed
+            if (parseResult.cipherSuites && options?.extractFullHeaders) {
+              connectionInfo.cipherSuites = this.parseCipherSuites(parseResult.cipherSuites);
+            }
+          }
+          
+          // Return complete result
+          return {
+            protocol: 'tls',
+            connectionInfo,
+            remainingBuffer: buffer.length > totalRecordLength 
+              ? buffer.subarray(totalRecordLength) 
+              : undefined,
+            isComplete: true
+          };
+        } else {
+          // Incomplete handshake
+          return {
+            protocol: 'tls',
+            connectionInfo,
+            isComplete: false,
+            bytesNeeded: totalRecordLength
+          };
+        }
+      }
+    }
+    
+    // For other TLS record types, just return basic info
+    return {
+      protocol: 'tls',
+      connectionInfo,
+      isComplete: true,
+      remainingBuffer: buffer.length > recordLength + 5 
+        ? buffer.subarray(recordLength + 5) 
+        : undefined
+    };
+  }
+  
+  /**
+   * Check if buffer can be handled by this detector
+   */
+  canHandle(buffer: Buffer): boolean {
+    return buffer.length >= TlsDetector.MIN_TLS_HEADER_SIZE && 
+           this.isTlsRecord(buffer);
+  }
+  
+  /**
+   * Get minimum bytes needed for detection
+   */
+  getMinimumBytes(): number {
+    return TlsDetector.MIN_TLS_HEADER_SIZE;
+  }
+  
+  /**
+   * Check if buffer contains a valid TLS record
+   */
+  private isTlsRecord(buffer: Buffer): boolean {
+    const recordType = buffer[0];
+    
+    // Check for valid record type
+    const validTypes = [
+      TlsRecordType.CHANGE_CIPHER_SPEC,
+      TlsRecordType.ALERT,
+      TlsRecordType.HANDSHAKE,
+      TlsRecordType.APPLICATION_DATA,
+      TlsRecordType.HEARTBEAT
+    ];
+    
+    if (!validTypes.includes(recordType)) {
+      return false;
+    }
+    
+    // Check TLS version bytes (should be 0x03 0x0X)
+    if (buffer[1] !== 0x03) {
+      return false;
+    }
+    
+    // Check record length is reasonable
+    const recordLength = readUInt16BE(buffer, 3);
+    if (recordLength > 16384) { // Max TLS record size
+      return false;
+    }
+    
+    return true;
+  }
+  
+  /**
+   * Parse ALPN extension data
+   */
+  private parseAlpnExtension(data: Buffer): string[] {
+    const protocols: string[] = [];
+    
+    if (data.length < 2) {
+      return protocols;
+    }
+    
+    const listLength = readUInt16BE(data, 0);
+    let offset = 2;
+    
+    while (offset < Math.min(2 + listLength, data.length)) {
+      const protoLength = data[offset];
+      offset++;
+      
+      if (offset + protoLength <= data.length) {
+        const protocol = data.subarray(offset, offset + protoLength).toString('ascii');
+        protocols.push(protocol);
+        offset += protoLength;
+      } else {
+        break;
+      }
+    }
+    
+    return protocols;
+  }
+  
+  /**
+   * Parse cipher suites
+   */
+  private parseCipherSuites(data: Buffer): number[] {
+    const suites: number[] = [];
+    
+    for (let i = 0; i + 1 < data.length; i += 2) {
+      const suite = readUInt16BE(data, i);
+      suites.push(suite);
+    }
+    
+    return suites;
+  }
+  
+  /**
+   * Handle fragmented TLS detection with connection tracking
+   */
+  static detectWithFragments(
+    buffer: Buffer, 
+    connectionId: string,
+    options?: IDetectionOptions
+  ): IDetectionResult | null {
+    const detector = new TlsDetector();
+    
+    // Try direct detection first
+    const directResult = detector.detect(buffer, options);
+    if (directResult && directResult.isComplete) {
+      // Clean up any tracked fragments for this connection
+      this.fragmentedBuffers.delete(connectionId);
+      return directResult;
+    }
+    
+    // Handle fragmentation
+    let accumulator = this.fragmentedBuffers.get(connectionId);
+    if (!accumulator) {
+      accumulator = new BufferAccumulator();
+      this.fragmentedBuffers.set(connectionId, accumulator);
+    }
+    
+    accumulator.append(buffer);
+    const fullBuffer = accumulator.getBuffer();
+    
+    // Try detection on accumulated buffer
+    const result = detector.detect(fullBuffer, options);
+    
+    if (result && result.isComplete) {
+      // Success - clean up
+      this.fragmentedBuffers.delete(connectionId);
+      return result;
+    }
+    
+    // Check timeout
+    if (options?.timeout) {
+      // TODO: Implement timeout handling
+    }
+    
+    return result;
+  }
+}

ts/detection/index.ts

@@ -0,0 +1,22 @@
+/**
+ * Centralized Protocol Detection Module
+ * 
+ * This module provides unified protocol detection capabilities for
+ * both TLS and HTTP protocols, extracting connection information
+ * without consuming the data stream.
+ */
+
+// Main detector
+export * from './protocol-detector.js';
+
+// Models
+export * from './models/detection-types.js';
+export * from './models/interfaces.js';
+
+// Individual detectors
+export * from './detectors/tls-detector.js';
+export * from './detectors/http-detector.js';
+
+// Utilities
+export * from './utils/buffer-utils.js';
+export * from './utils/parser-utils.js';

ts/detection/models/detection-types.ts

@@ -0,0 +1,102 @@
+/**
+ * Type definitions for protocol detection
+ */
+
+/**
+ * Supported protocol types that can be detected
+ */
+export type TProtocolType = 'tls' | 'http' | 'unknown';
+
+/**
+ * HTTP method types
+ */
+export type THttpMethod = 'GET' | 'POST' | 'PUT' | 'DELETE' | 'PATCH' | 'HEAD' | 'OPTIONS' | 'CONNECT' | 'TRACE';
+
+/**
+ * TLS version identifiers
+ */
+export type TTlsVersion = 'SSLv3' | 'TLSv1.0' | 'TLSv1.1' | 'TLSv1.2' | 'TLSv1.3';
+
+/**
+ * Connection information extracted from protocol detection
+ */
+export interface IConnectionInfo {
+  /**
+   * The detected protocol type
+   */
+  protocol: TProtocolType;
+  
+  /**
+   * Domain/hostname extracted from the connection
+   * - For TLS: from SNI extension
+   * - For HTTP: from Host header
+   */
+  domain?: string;
+  
+  /**
+   * HTTP-specific fields
+   */
+  method?: THttpMethod;
+  path?: string;
+  httpVersion?: string;
+  headers?: Record<string, string>;
+  
+  /**
+   * TLS-specific fields
+   */
+  tlsVersion?: TTlsVersion;
+  sni?: string;
+  alpn?: string[];
+  cipherSuites?: number[];
+}
+
+/**
+ * Result of protocol detection
+ */
+export interface IDetectionResult {
+  /**
+   * The detected protocol type
+   */
+  protocol: TProtocolType;
+  
+  /**
+   * Extracted connection information
+   */
+  connectionInfo: IConnectionInfo;
+  
+  /**
+   * Any remaining buffer data after detection headers
+   * This can be used to continue processing the stream
+   */
+  remainingBuffer?: Buffer;
+  
+  /**
+   * Whether the detection is complete or needs more data
+   */
+  isComplete: boolean;
+  
+  /**
+   * Minimum bytes needed for complete detection (if incomplete)
+   */
+  bytesNeeded?: number;
+}
+
+/**
+ * Options for protocol detection
+ */
+export interface IDetectionOptions {
+  /**
+   * Maximum bytes to buffer for detection (default: 8192)
+   */
+  maxBufferSize?: number;
+  
+  /**
+   * Timeout for detection in milliseconds (default: 5000)
+   */
+  timeout?: number;
+  
+  /**
+   * Whether to extract full headers or just essential info
+   */
+  extractFullHeaders?: boolean;
+}

ts/detection/models/interfaces.ts

@@ -0,0 +1,115 @@
+/**
+ * Interface definitions for protocol detection components
+ */
+
+import type { IDetectionResult, IDetectionOptions } from './detection-types.js';
+
+/**
+ * Interface for protocol detectors
+ */
+export interface IProtocolDetector {
+  /**
+   * Detect protocol from buffer data
+   * @param buffer The buffer to analyze
+   * @param options Detection options
+   * @returns Detection result or null if protocol cannot be determined
+   */
+  detect(buffer: Buffer, options?: IDetectionOptions): IDetectionResult | null;
+  
+  /**
+   * Check if buffer potentially contains this protocol
+   * @param buffer The buffer to check
+   * @returns True if buffer might contain this protocol
+   */
+  canHandle(buffer: Buffer): boolean;
+  
+  /**
+   * Get the minimum bytes needed for detection
+   */
+  getMinimumBytes(): number;
+}
+
+/**
+ * Interface for connection tracking during fragmented detection
+ */
+export interface IConnectionTracker {
+  /**
+   * Connection identifier
+   */
+  id: string;
+  
+  /**
+   * Accumulated buffer data
+   */
+  buffer: Buffer;
+  
+  /**
+   * Timestamp of first data
+   */
+  startTime: number;
+  
+  /**
+   * Current detection state
+   */
+  state: 'detecting' | 'complete' | 'failed';
+  
+  /**
+   * Partial detection result (if any)
+   */
+  partialResult?: Partial<IDetectionResult>;
+}
+
+/**
+ * Interface for buffer accumulator (handles fragmented data)
+ */
+export interface IBufferAccumulator {
+  /**
+   * Add data to accumulator
+   */
+  append(data: Buffer): void;
+  
+  /**
+   * Get accumulated buffer
+   */
+  getBuffer(): Buffer;
+  
+  /**
+   * Get buffer length
+   */
+  length(): number;
+  
+  /**
+   * Clear accumulated data
+   */
+  clear(): void;
+  
+  /**
+   * Check if accumulator has enough data
+   */
+  hasMinimumBytes(minBytes: number): boolean;
+}
+
+/**
+ * Detection events
+ */
+export interface IDetectionEvents {
+  /**
+   * Emitted when protocol is successfully detected
+   */
+  detected: (result: IDetectionResult) => void;
+  
+  /**
+   * Emitted when detection fails
+   */
+  failed: (error: Error) => void;
+  
+  /**
+   * Emitted when detection times out
+   */
+  timeout: () => void;
+  
+  /**
+   * Emitted when more data is needed
+   */
+  needMoreData: (bytesNeeded: number) => void;
+}

ts/detection/protocol-detector.ts

@@ -0,0 +1,222 @@
+/**
+ * Main protocol detector that orchestrates detection across different protocols
+ */
+
+import type { IDetectionResult, IDetectionOptions, IConnectionInfo } from './models/detection-types.js';
+import { TlsDetector } from './detectors/tls-detector.js';
+import { HttpDetector } from './detectors/http-detector.js';
+
+/**
+ * Main protocol detector class
+ */
+export class ProtocolDetector {
+  /**
+   * Connection tracking for fragmented detection
+   */
+  private static connectionTracking = new Map<string, {
+    startTime: number;
+    protocol?: 'tls' | 'http' | 'unknown';
+  }>();
+  
+  /**
+   * Detect protocol from buffer data
+   * 
+   * @param buffer The buffer to analyze
+   * @param options Detection options
+   * @returns Detection result with protocol information
+   */
+  static async detect(
+    buffer: Buffer, 
+    options?: IDetectionOptions
+  ): Promise<IDetectionResult> {
+    // Quick sanity check
+    if (!buffer || buffer.length === 0) {
+      return {
+        protocol: 'unknown',
+        connectionInfo: { protocol: 'unknown' },
+        isComplete: true
+      };
+    }
+    
+    // Try TLS detection first (more specific)
+    const tlsDetector = new TlsDetector();
+    if (tlsDetector.canHandle(buffer)) {
+      const tlsResult = tlsDetector.detect(buffer, options);
+      if (tlsResult) {
+        return tlsResult;
+      }
+    }
+    
+    // Try HTTP detection
+    const httpDetector = new HttpDetector();
+    if (httpDetector.canHandle(buffer)) {
+      const httpResult = httpDetector.detect(buffer, options);
+      if (httpResult) {
+        return httpResult;
+      }
+    }
+    
+    // Neither TLS nor HTTP
+    return {
+      protocol: 'unknown',
+      connectionInfo: { protocol: 'unknown' },
+      isComplete: true
+    };
+  }
+  
+  /**
+   * Detect protocol with connection tracking for fragmented data
+   * 
+   * @param buffer The buffer to analyze
+   * @param connectionId Unique connection identifier
+   * @param options Detection options
+   * @returns Detection result with protocol information
+   */
+  static async detectWithConnectionTracking(
+    buffer: Buffer,
+    connectionId: string,
+    options?: IDetectionOptions
+  ): Promise<IDetectionResult> {
+    // Initialize or get connection tracking
+    let tracking = this.connectionTracking.get(connectionId);
+    if (!tracking) {
+      tracking = { startTime: Date.now() };
+      this.connectionTracking.set(connectionId, tracking);
+    }
+    
+    // Check timeout
+    if (options?.timeout) {
+      const elapsed = Date.now() - tracking.startTime;
+      if (elapsed > options.timeout) {
+        // Timeout - clean up and return unknown
+        this.connectionTracking.delete(connectionId);
+        TlsDetector.detectWithFragments(Buffer.alloc(0), connectionId); // Force cleanup
+        HttpDetector.detectWithFragments(Buffer.alloc(0), connectionId); // Force cleanup
+        
+        return {
+          protocol: 'unknown',
+          connectionInfo: { protocol: 'unknown' },
+          isComplete: true
+        };
+      }
+    }
+    
+    // If we already know the protocol, use the appropriate detector
+    if (tracking.protocol === 'tls') {
+      const result = TlsDetector.detectWithFragments(buffer, connectionId, options);
+      if (result && result.isComplete) {
+        this.connectionTracking.delete(connectionId);
+      }
+      return result || {
+        protocol: 'unknown',
+        connectionInfo: { protocol: 'unknown' },
+        isComplete: true
+      };
+    } else if (tracking.protocol === 'http') {
+      const result = HttpDetector.detectWithFragments(buffer, connectionId, options);
+      if (result && result.isComplete) {
+        this.connectionTracking.delete(connectionId);
+      }
+      return result || {
+        protocol: 'unknown',
+        connectionInfo: { protocol: 'unknown' },
+        isComplete: true
+      };
+    }
+    
+    // First time detection - try to determine protocol
+    // Quick checks first
+    if (buffer.length > 0) {
+      // TLS always starts with specific byte values
+      if (buffer[0] >= 0x14 && buffer[0] <= 0x18) {
+        tracking.protocol = 'tls';
+        const result = TlsDetector.detectWithFragments(buffer, connectionId, options);
+        if (result) {
+          if (result.isComplete) {
+            this.connectionTracking.delete(connectionId);
+          }
+          return result;
+        }
+      }
+      // HTTP starts with ASCII text
+      else if (HttpDetector.quickCheck(buffer)) {
+        tracking.protocol = 'http';
+        const result = HttpDetector.detectWithFragments(buffer, connectionId, options);
+        if (result) {
+          if (result.isComplete) {
+            this.connectionTracking.delete(connectionId);
+          }
+          return result;
+        }
+      }
+    }
+    
+    // Can't determine protocol yet
+    return {
+      protocol: 'unknown',
+      connectionInfo: { protocol: 'unknown' },
+      isComplete: false,
+      bytesNeeded: 10 // Need more data to determine protocol
+    };
+  }
+  
+  /**
+   * Clean up old connection tracking entries
+   * 
+   * @param maxAge Maximum age in milliseconds (default: 30 seconds)
+   */
+  static cleanupConnections(maxAge: number = 30000): void {
+    const now = Date.now();
+    const toDelete: string[] = [];
+    
+    for (const [connectionId, tracking] of this.connectionTracking.entries()) {
+      if (now - tracking.startTime > maxAge) {
+        toDelete.push(connectionId);
+      }
+    }
+    
+    for (const connectionId of toDelete) {
+      this.connectionTracking.delete(connectionId);
+      // Also clean up detector-specific buffers
+      TlsDetector.detectWithFragments(Buffer.alloc(0), connectionId); // Force cleanup
+      HttpDetector.detectWithFragments(Buffer.alloc(0), connectionId); // Force cleanup
+    }
+    
+    // Also trigger cleanup in detectors
+    HttpDetector.cleanupFragments(maxAge);
+  }
+  
+  /**
+   * Extract domain from connection info
+   * 
+   * @param connectionInfo Connection information from detection
+   * @returns The domain/hostname if found
+   */
+  static extractDomain(connectionInfo: IConnectionInfo): string | undefined {
+    // For both TLS and HTTP, domain is stored in the domain field
+    return connectionInfo.domain;
+  }
+  
+  /**
+   * Create a connection ID from connection parameters
+   * 
+   * @param params Connection parameters
+   * @returns A unique connection identifier
+   */
+  static createConnectionId(params: {
+    sourceIp?: string;
+    sourcePort?: number;
+    destIp?: string;
+    destPort?: number;
+    socketId?: string;
+  }): string {
+    // If socketId is provided, use it
+    if (params.socketId) {
+      return params.socketId;
+    }
+    
+    // Otherwise create from connection tuple
+    const { sourceIp = 'unknown', sourcePort = 0, destIp = 'unknown', destPort = 0 } = params;
+    return `${sourceIp}:${sourcePort}-${destIp}:${destPort}`;
+  }
+}

ts/detection/utils/buffer-utils.ts

@@ -0,0 +1,141 @@
+/**
+ * Buffer manipulation utilities for protocol detection
+ */
+
+// Import from protocols
+import { HttpParser } from '../../protocols/http/index.js';
+
+/**
+ * BufferAccumulator class for handling fragmented data
+ */
+export class BufferAccumulator {
+  private chunks: Buffer[] = [];
+  private totalLength = 0;
+  
+  /**
+   * Append data to the accumulator
+   */
+  append(data: Buffer): void {
+    this.chunks.push(data);
+    this.totalLength += data.length;
+  }
+  
+  /**
+   * Get the accumulated buffer
+   */
+  getBuffer(): Buffer {
+    if (this.chunks.length === 0) {
+      return Buffer.alloc(0);
+    }
+    if (this.chunks.length === 1) {
+      return this.chunks[0];
+    }
+    return Buffer.concat(this.chunks, this.totalLength);
+  }
+  
+  /**
+   * Get current buffer length
+   */
+  length(): number {
+    return this.totalLength;
+  }
+  
+  /**
+   * Clear all accumulated data
+   */
+  clear(): void {
+    this.chunks = [];
+    this.totalLength = 0;
+  }
+  
+  /**
+   * Check if accumulator has minimum bytes
+   */
+  hasMinimumBytes(minBytes: number): boolean {
+    return this.totalLength >= minBytes;
+  }
+}
+
+/**
+ * Read a big-endian 16-bit integer from buffer
+ */
+export function readUInt16BE(buffer: Buffer, offset: number): number {
+  if (offset + 2 > buffer.length) {
+    throw new Error('Buffer too short for UInt16BE read');
+  }
+  return (buffer[offset] << 8) | buffer[offset + 1];
+}
+
+/**
+ * Read a big-endian 24-bit integer from buffer
+ */
+export function readUInt24BE(buffer: Buffer, offset: number): number {
+  if (offset + 3 > buffer.length) {
+    throw new Error('Buffer too short for UInt24BE read');
+  }
+  return (buffer[offset] << 16) | (buffer[offset + 1] << 8) | buffer[offset + 2];
+}
+
+/**
+ * Find a byte sequence in a buffer
+ */
+export function findSequence(buffer: Buffer, sequence: Buffer, startOffset = 0): number {
+  if (sequence.length === 0) {
+    return startOffset;
+  }
+  
+  const searchLength = buffer.length - sequence.length + 1;
+  for (let i = startOffset; i < searchLength; i++) {
+    let found = true;
+    for (let j = 0; j < sequence.length; j++) {
+      if (buffer[i + j] !== sequence[j]) {
+        found = false;
+        break;
+      }
+    }
+    if (found) {
+      return i;
+    }
+  }
+  return -1;
+}
+
+/**
+ * Extract a line from buffer (up to CRLF or LF)
+ */
+export function extractLine(buffer: Buffer, startOffset = 0): { line: string; nextOffset: number } | null {
+  // Delegate to protocol parser
+  return HttpParser.extractLine(buffer, startOffset);
+}
+
+/**
+ * Check if buffer starts with a string (case-insensitive)
+ */
+export function startsWithString(buffer: Buffer, str: string, offset = 0): boolean {
+  if (offset + str.length > buffer.length) {
+    return false;
+  }
+  
+  const bufferStr = buffer.slice(offset, offset + str.length).toString('utf8');
+  return bufferStr.toLowerCase() === str.toLowerCase();
+}
+
+/**
+ * Safe buffer slice that doesn't throw on out-of-bounds
+ */
+export function safeSlice(buffer: Buffer, start: number, end?: number): Buffer {
+  const safeStart = Math.max(0, Math.min(start, buffer.length));
+  const safeEnd = end === undefined 
+    ? buffer.length 
+    : Math.max(safeStart, Math.min(end, buffer.length));
+    
+  return buffer.slice(safeStart, safeEnd);
+}
+
+/**
+ * Check if buffer contains printable ASCII
+ */
+export function isPrintableAscii(buffer: Buffer, length?: number): boolean {
+  // Delegate to protocol parser
+  return HttpParser.isPrintableAscii(buffer, length);
+}

ts/detection/utils/parser-utils.ts

@@ -0,0 +1,77 @@
+/**
+ * Parser utilities for protocol detection
+ * Now delegates to protocol modules for actual parsing
+ */
+
+import type { THttpMethod, TTlsVersion } from '../models/detection-types.js';
+import { HttpParser, HTTP_METHODS, HTTP_VERSIONS } from '../../protocols/http/index.js';
+import { tlsVersionToString as protocolTlsVersionToString } from '../../protocols/tls/index.js';
+
+// Re-export constants for backward compatibility
+export { HTTP_METHODS, HTTP_VERSIONS };
+
+/**
+ * Parse HTTP request line
+ */
+export function parseHttpRequestLine(line: string): {
+  method: THttpMethod;
+  path: string;
+  version: string;
+} | null {
+  // Delegate to protocol parser
+  const result = HttpParser.parseRequestLine(line);
+  return result ? {
+    method: result.method as THttpMethod,
+    path: result.path,
+    version: result.version
+  } : null;
+}
+
+/**
+ * Parse HTTP header line
+ */
+export function parseHttpHeader(line: string): { name: string; value: string } | null {
+  // Delegate to protocol parser
+  return HttpParser.parseHeaderLine(line);
+}
+
+/**
+ * Parse HTTP headers from lines
+ */
+export function parseHttpHeaders(lines: string[]): Record<string, string> {
+  // Delegate to protocol parser
+  return HttpParser.parseHeaders(lines);
+}
+
+/**
+ * Convert TLS version bytes to version string
+ */
+export function tlsVersionToString(major: number, minor: number): TTlsVersion | null {
+  // Delegate to protocol parser
+  return protocolTlsVersionToString(major, minor) as TTlsVersion;
+}
+
+/**
+ * Extract domain from Host header value
+ */
+export function extractDomainFromHost(hostHeader: string): string {
+  // Delegate to protocol parser
+  return HttpParser.extractDomainFromHost(hostHeader);
+}
+
+/**
+ * Validate domain name
+ */
+export function isValidDomain(domain: string): boolean {
+  // Delegate to protocol parser
+  return HttpParser.isValidDomain(domain);
+}
+
+/**
+ * Check if string is a valid HTTP method
+ */
+export function isHttpMethod(str: string): str is THttpMethod {
+  // Delegate to protocol parser
+  return HttpParser.isHttpMethod(str) && (str as THttpMethod) !== undefined;
+}
+

ts/index.ts

@@ -34,4 +34,6 @@ export type { IAcmeOptions } from './proxies/smart-proxy/models/interfaces.js';
 // Modular exports for new architecture
 // Certificate module has been removed - use SmartCertManager instead
 export * as tls from './tls/index.js';
-export * as routing from './routing/index.js';
+export * as routing from './routing/index.js';
+export * as detection from './detection/index.js';
+export * as protocols from './protocols/index.js';

ts/protocols/http/constants.ts

@@ -0,0 +1,219 @@
+/**
+ * HTTP Protocol Constants
+ */
+
+/**
+ * HTTP methods
+ */
+export const HTTP_METHODS = [
+  'GET', 'POST', 'PUT', 'DELETE', 'PATCH', 'HEAD', 'OPTIONS', 'CONNECT', 'TRACE'
+] as const;
+
+export type THttpMethod = typeof HTTP_METHODS[number];
+
+/**
+ * HTTP version strings
+ */
+export const HTTP_VERSIONS = ['HTTP/1.0', 'HTTP/1.1', 'HTTP/2', 'HTTP/3'] as const;
+
+export type THttpVersion = typeof HTTP_VERSIONS[number];
+
+/**
+ * HTTP status codes
+ */
+export enum HttpStatus {
+  // 1xx Informational
+  CONTINUE = 100,
+  SWITCHING_PROTOCOLS = 101,
+  PROCESSING = 102,
+  EARLY_HINTS = 103,
+  
+  // 2xx Success
+  OK = 200,
+  CREATED = 201,
+  ACCEPTED = 202,
+  NON_AUTHORITATIVE_INFORMATION = 203,
+  NO_CONTENT = 204,
+  RESET_CONTENT = 205,
+  PARTIAL_CONTENT = 206,
+  MULTI_STATUS = 207,
+  ALREADY_REPORTED = 208,
+  IM_USED = 226,
+  
+  // 3xx Redirection
+  MULTIPLE_CHOICES = 300,
+  MOVED_PERMANENTLY = 301,
+  FOUND = 302,
+  SEE_OTHER = 303,
+  NOT_MODIFIED = 304,
+  USE_PROXY = 305,
+  TEMPORARY_REDIRECT = 307,
+  PERMANENT_REDIRECT = 308,
+  
+  // 4xx Client Error
+  BAD_REQUEST = 400,
+  UNAUTHORIZED = 401,
+  PAYMENT_REQUIRED = 402,
+  FORBIDDEN = 403,
+  NOT_FOUND = 404,
+  METHOD_NOT_ALLOWED = 405,
+  NOT_ACCEPTABLE = 406,
+  PROXY_AUTHENTICATION_REQUIRED = 407,
+  REQUEST_TIMEOUT = 408,
+  CONFLICT = 409,
+  GONE = 410,
+  LENGTH_REQUIRED = 411,
+  PRECONDITION_FAILED = 412,
+  PAYLOAD_TOO_LARGE = 413,
+  URI_TOO_LONG = 414,
+  UNSUPPORTED_MEDIA_TYPE = 415,
+  RANGE_NOT_SATISFIABLE = 416,
+  EXPECTATION_FAILED = 417,
+  IM_A_TEAPOT = 418,
+  MISDIRECTED_REQUEST = 421,
+  UNPROCESSABLE_ENTITY = 422,
+  LOCKED = 423,
+  FAILED_DEPENDENCY = 424,
+  TOO_EARLY = 425,
+  UPGRADE_REQUIRED = 426,
+  PRECONDITION_REQUIRED = 428,
+  TOO_MANY_REQUESTS = 429,
+  REQUEST_HEADER_FIELDS_TOO_LARGE = 431,
+  UNAVAILABLE_FOR_LEGAL_REASONS = 451,
+  
+  // 5xx Server Error
+  INTERNAL_SERVER_ERROR = 500,
+  NOT_IMPLEMENTED = 501,
+  BAD_GATEWAY = 502,
+  SERVICE_UNAVAILABLE = 503,
+  GATEWAY_TIMEOUT = 504,
+  HTTP_VERSION_NOT_SUPPORTED = 505,
+  VARIANT_ALSO_NEGOTIATES = 506,
+  INSUFFICIENT_STORAGE = 507,
+  LOOP_DETECTED = 508,
+  NOT_EXTENDED = 510,
+  NETWORK_AUTHENTICATION_REQUIRED = 511,
+}
+
+/**
+ * HTTP status text mapping
+ */
+export const HTTP_STATUS_TEXT: Record<HttpStatus, string> = {
+  // 1xx
+  [HttpStatus.CONTINUE]: 'Continue',
+  [HttpStatus.SWITCHING_PROTOCOLS]: 'Switching Protocols',
+  [HttpStatus.PROCESSING]: 'Processing',
+  [HttpStatus.EARLY_HINTS]: 'Early Hints',
+  
+  // 2xx
+  [HttpStatus.OK]: 'OK',
+  [HttpStatus.CREATED]: 'Created',
+  [HttpStatus.ACCEPTED]: 'Accepted',
+  [HttpStatus.NON_AUTHORITATIVE_INFORMATION]: 'Non-Authoritative Information',
+  [HttpStatus.NO_CONTENT]: 'No Content',
+  [HttpStatus.RESET_CONTENT]: 'Reset Content',
+  [HttpStatus.PARTIAL_CONTENT]: 'Partial Content',
+  [HttpStatus.MULTI_STATUS]: 'Multi-Status',
+  [HttpStatus.ALREADY_REPORTED]: 'Already Reported',
+  [HttpStatus.IM_USED]: 'IM Used',
+  
+  // 3xx
+  [HttpStatus.MULTIPLE_CHOICES]: 'Multiple Choices',
+  [HttpStatus.MOVED_PERMANENTLY]: 'Moved Permanently',
+  [HttpStatus.FOUND]: 'Found',
+  [HttpStatus.SEE_OTHER]: 'See Other',
+  [HttpStatus.NOT_MODIFIED]: 'Not Modified',
+  [HttpStatus.USE_PROXY]: 'Use Proxy',
+  [HttpStatus.TEMPORARY_REDIRECT]: 'Temporary Redirect',
+  [HttpStatus.PERMANENT_REDIRECT]: 'Permanent Redirect',
+  
+  // 4xx
+  [HttpStatus.BAD_REQUEST]: 'Bad Request',
+  [HttpStatus.UNAUTHORIZED]: 'Unauthorized',
+  [HttpStatus.PAYMENT_REQUIRED]: 'Payment Required',
+  [HttpStatus.FORBIDDEN]: 'Forbidden',
+  [HttpStatus.NOT_FOUND]: 'Not Found',
+  [HttpStatus.METHOD_NOT_ALLOWED]: 'Method Not Allowed',
+  [HttpStatus.NOT_ACCEPTABLE]: 'Not Acceptable',
+  [HttpStatus.PROXY_AUTHENTICATION_REQUIRED]: 'Proxy Authentication Required',
+  [HttpStatus.REQUEST_TIMEOUT]: 'Request Timeout',
+  [HttpStatus.CONFLICT]: 'Conflict',
+  [HttpStatus.GONE]: 'Gone',
+  [HttpStatus.LENGTH_REQUIRED]: 'Length Required',
+  [HttpStatus.PRECONDITION_FAILED]: 'Precondition Failed',
+  [HttpStatus.PAYLOAD_TOO_LARGE]: 'Payload Too Large',
+  [HttpStatus.URI_TOO_LONG]: 'URI Too Long',
+  [HttpStatus.UNSUPPORTED_MEDIA_TYPE]: 'Unsupported Media Type',
+  [HttpStatus.RANGE_NOT_SATISFIABLE]: 'Range Not Satisfiable',
+  [HttpStatus.EXPECTATION_FAILED]: 'Expectation Failed',
+  [HttpStatus.IM_A_TEAPOT]: "I'm a teapot",
+  [HttpStatus.MISDIRECTED_REQUEST]: 'Misdirected Request',
+  [HttpStatus.UNPROCESSABLE_ENTITY]: 'Unprocessable Entity',
+  [HttpStatus.LOCKED]: 'Locked',
+  [HttpStatus.FAILED_DEPENDENCY]: 'Failed Dependency',
+  [HttpStatus.TOO_EARLY]: 'Too Early',
+  [HttpStatus.UPGRADE_REQUIRED]: 'Upgrade Required',
+  [HttpStatus.PRECONDITION_REQUIRED]: 'Precondition Required',
+  [HttpStatus.TOO_MANY_REQUESTS]: 'Too Many Requests',
+  [HttpStatus.REQUEST_HEADER_FIELDS_TOO_LARGE]: 'Request Header Fields Too Large',
+  [HttpStatus.UNAVAILABLE_FOR_LEGAL_REASONS]: 'Unavailable For Legal Reasons',
+  
+  // 5xx
+  [HttpStatus.INTERNAL_SERVER_ERROR]: 'Internal Server Error',
+  [HttpStatus.NOT_IMPLEMENTED]: 'Not Implemented',
+  [HttpStatus.BAD_GATEWAY]: 'Bad Gateway',
+  [HttpStatus.SERVICE_UNAVAILABLE]: 'Service Unavailable',
+  [HttpStatus.GATEWAY_TIMEOUT]: 'Gateway Timeout',
+  [HttpStatus.HTTP_VERSION_NOT_SUPPORTED]: 'HTTP Version Not Supported',
+  [HttpStatus.VARIANT_ALSO_NEGOTIATES]: 'Variant Also Negotiates',
+  [HttpStatus.INSUFFICIENT_STORAGE]: 'Insufficient Storage',
+  [HttpStatus.LOOP_DETECTED]: 'Loop Detected',
+  [HttpStatus.NOT_EXTENDED]: 'Not Extended',
+  [HttpStatus.NETWORK_AUTHENTICATION_REQUIRED]: 'Network Authentication Required',
+};
+
+/**
+ * Common HTTP headers
+ */
+export const HTTP_HEADERS = {
+  // Request headers
+  HOST: 'host',
+  USER_AGENT: 'user-agent',
+  ACCEPT: 'accept',
+  ACCEPT_LANGUAGE: 'accept-language',
+  ACCEPT_ENCODING: 'accept-encoding',
+  AUTHORIZATION: 'authorization',
+  CACHE_CONTROL: 'cache-control',
+  CONNECTION: 'connection',
+  CONTENT_TYPE: 'content-type',
+  CONTENT_LENGTH: 'content-length',
+  COOKIE: 'cookie',
+  
+  // Response headers
+  SET_COOKIE: 'set-cookie',
+  LOCATION: 'location',
+  SERVER: 'server',
+  DATE: 'date',
+  EXPIRES: 'expires',
+  LAST_MODIFIED: 'last-modified',
+  ETAG: 'etag',
+  
+  // CORS headers
+  ACCESS_CONTROL_ALLOW_ORIGIN: 'access-control-allow-origin',
+  ACCESS_CONTROL_ALLOW_METHODS: 'access-control-allow-methods',
+  ACCESS_CONTROL_ALLOW_HEADERS: 'access-control-allow-headers',
+  
+  // Security headers
+  STRICT_TRANSPORT_SECURITY: 'strict-transport-security',
+  X_CONTENT_TYPE_OPTIONS: 'x-content-type-options',
+  X_FRAME_OPTIONS: 'x-frame-options',
+  X_XSS_PROTECTION: 'x-xss-protection',
+  CONTENT_SECURITY_POLICY: 'content-security-policy',
+} as const;
+
+/**
+ * Get HTTP status text
+ */
+export function getStatusText(status: HttpStatus): string {
+  return HTTP_STATUS_TEXT[status] || 'Unknown';
+}

ts/protocols/http/index.ts

@@ -0,0 +1,8 @@
+/**
+ * HTTP Protocol Module
+ * Generic HTTP protocol knowledge and parsing utilities
+ */
+
+export * from './constants.js';
+export * from './types.js';
+export * from './parser.js';

ts/protocols/http/parser.ts

@@ -0,0 +1,219 @@
+/**
+ * HTTP Protocol Parser
+ * Generic HTTP parsing utilities
+ */
+
+import { HTTP_METHODS, type THttpMethod, type THttpVersion } from './constants.js';
+import type { IHttpRequestLine, IHttpHeader } from './types.js';
+
+/**
+ * HTTP parser utilities
+ */
+export class HttpParser {
+  /**
+   * Check if string is a valid HTTP method
+   */
+  static isHttpMethod(str: string): str is THttpMethod {
+    return HTTP_METHODS.includes(str as THttpMethod);
+  }
+  
+  /**
+   * Parse HTTP request line
+   */
+  static parseRequestLine(line: string): IHttpRequestLine | null {
+    const parts = line.trim().split(' ');
+    
+    if (parts.length !== 3) {
+      return null;
+    }
+    
+    const [method, path, version] = parts;
+    
+    // Validate method
+    if (!this.isHttpMethod(method)) {
+      return null;
+    }
+    
+    // Validate version
+    if (!version.startsWith('HTTP/')) {
+      return null;
+    }
+    
+    return {
+      method: method as THttpMethod,
+      path,
+      version: version as THttpVersion
+    };
+  }
+  
+  /**
+   * Parse HTTP header line
+   */
+  static parseHeaderLine(line: string): IHttpHeader | null {
+    const colonIndex = line.indexOf(':');
+    
+    if (colonIndex === -1) {
+      return null;
+    }
+    
+    const name = line.slice(0, colonIndex).trim();
+    const value = line.slice(colonIndex + 1).trim();
+    
+    if (!name) {
+      return null;
+    }
+    
+    return { name, value };
+  }
+  
+  /**
+   * Parse HTTP headers from lines
+   */
+  static parseHeaders(lines: string[]): Record<string, string> {
+    const headers: Record<string, string> = {};
+    
+    for (const line of lines) {
+      const header = this.parseHeaderLine(line);
+      if (header) {
+        // Convert header names to lowercase for consistency
+        headers[header.name.toLowerCase()] = header.value;
+      }
+    }
+    
+    return headers;
+  }
+  
+  /**
+   * Extract domain from Host header value
+   */
+  static extractDomainFromHost(hostHeader: string): string {
+    // Remove port if present
+    const colonIndex = hostHeader.lastIndexOf(':');
+    if (colonIndex !== -1) {
+      // Check if it's not part of IPv6 address
+      const beforeColon = hostHeader.slice(0, colonIndex);
+      if (!beforeColon.includes(']')) {
+        return beforeColon;
+      }
+    }
+    return hostHeader;
+  }
+  
+  /**
+   * Validate domain name
+   */
+  static isValidDomain(domain: string): boolean {
+    // Basic domain validation
+    if (!domain || domain.length > 253) {
+      return false;
+    }
+    
+    // Check for valid characters and structure
+    const domainRegex = /^(?!-)[A-Za-z0-9-]{1,63}(?<!-)(\.[A-Za-z0-9-]{1,63})*$/;
+    return domainRegex.test(domain);
+  }
+  
+  /**
+   * Extract line from buffer
+   */
+  static extractLine(buffer: Buffer, offset: number = 0): { line: string; nextOffset: number } | null {
+    // Look for CRLF
+    const crlfIndex = buffer.indexOf('\r\n', offset);
+    if (crlfIndex === -1) {
+      // Look for just LF
+      const lfIndex = buffer.indexOf('\n', offset);
+      if (lfIndex === -1) {
+        return null;
+      }
+      
+      return {
+        line: buffer.slice(offset, lfIndex).toString('utf8'),
+        nextOffset: lfIndex + 1
+      };
+    }
+    
+    return {
+      line: buffer.slice(offset, crlfIndex).toString('utf8'),
+      nextOffset: crlfIndex + 2
+    };
+  }
+  
+  /**
+   * Check if buffer contains printable ASCII
+   */
+  static isPrintableAscii(buffer: Buffer, length?: number): boolean {
+    const checkLength = Math.min(length || buffer.length, buffer.length);
+    
+    for (let i = 0; i < checkLength; i++) {
+      const byte = buffer[i];
+      // Allow printable ASCII (32-126) plus tab (9), LF (10), and CR (13)
+      if (byte < 32 || byte > 126) {
+        if (byte !== 9 && byte !== 10 && byte !== 13) {
+          return false;
+        }
+      }
+    }
+    
+    return true;
+  }
+  
+  /**
+   * Quick check if buffer starts with HTTP method
+   */
+  static quickCheck(buffer: Buffer): boolean {
+    if (buffer.length < 3) {
+      return false;
+    }
+    
+    // Check common HTTP methods
+    const start = buffer.slice(0, 7).toString('ascii');
+    return start.startsWith('GET ') ||
+           start.startsWith('POST ') ||
+           start.startsWith('PUT ') ||
+           start.startsWith('DELETE ') ||
+           start.startsWith('HEAD ') ||
+           start.startsWith('OPTIONS') ||
+           start.startsWith('PATCH ') ||
+           start.startsWith('CONNECT') ||
+           start.startsWith('TRACE ');
+  }
+  
+  /**
+   * Parse query string
+   */
+  static parseQueryString(queryString: string): Record<string, string> {
+    const params: Record<string, string> = {};
+    
+    if (!queryString) {
+      return params;
+    }
+    
+    // Remove leading '?' if present
+    if (queryString.startsWith('?')) {
+      queryString = queryString.slice(1);
+    }
+    
+    const pairs = queryString.split('&');
+    for (const pair of pairs) {
+      const [key, value] = pair.split('=');
+      if (key) {
+        params[decodeURIComponent(key)] = value ? decodeURIComponent(value) : '';
+      }
+    }
+    
+    return params;
+  }
+  
+  /**
+   * Build query string from params
+   */
+  static buildQueryString(params: Record<string, string>): string {
+    const pairs: string[] = [];
+    
+    for (const [key, value] of Object.entries(params)) {
+      pairs.push(`${encodeURIComponent(key)}=${encodeURIComponent(value)}`);
+    }
+    
+    return pairs.length > 0 ? '?' + pairs.join('&') : '';
+  }
+}

ts/protocols/http/types.ts

@@ -0,0 +1,70 @@
+/**
+ * HTTP Protocol Type Definitions
+ */
+
+import type { THttpMethod, THttpVersion, HttpStatus } from './constants.js';
+
+/**
+ * HTTP request line structure
+ */
+export interface IHttpRequestLine {
+  method: THttpMethod;
+  path: string;
+  version: THttpVersion;
+}
+
+/**
+ * HTTP response line structure
+ */
+export interface IHttpResponseLine {
+  version: THttpVersion;
+  status: HttpStatus;
+  statusText: string;
+}
+
+/**
+ * HTTP header structure
+ */
+export interface IHttpHeader {
+  name: string;
+  value: string;
+}
+
+/**
+ * HTTP message structure (base for request and response)
+ */
+export interface IHttpMessage {
+  headers: Record<string, string>;
+  body?: Buffer;
+}
+
+/**
+ * HTTP request structure
+ */
+export interface IHttpRequest extends IHttpMessage {
+  method: THttpMethod;
+  path: string;
+  version: THttpVersion;
+  query?: Record<string, string>;
+}
+
+/**
+ * HTTP response structure  
+ */
+export interface IHttpResponse extends IHttpMessage {
+  status: HttpStatus;
+  statusText: string;
+  version: THttpVersion;
+}
+
+/**
+ * Parsed URL structure
+ */
+export interface IParsedUrl {
+  protocol?: string;
+  hostname?: string;
+  port?: number;
+  path?: string;
+  query?: string;
+  fragment?: string;
+}

ts/protocols/index.ts

@@ -0,0 +1,11 @@
+/**
+ * Protocol-specific modules for smartproxy
+ * 
+ * This directory contains generic protocol knowledge separated from
+ * smartproxy-specific implementation details.
+ */
+
+export * as tls from './tls/index.js';
+export * as http from './http/index.js';
+export * as proxy from './proxy/index.js';
+export * as websocket from './websocket/index.js';

ts/protocols/proxy/index.ts

@@ -0,0 +1,7 @@
+/**
+ * PROXY Protocol Module
+ * HAProxy PROXY protocol implementation
+ */
+
+export * from './types.js';
+export * from './parser.js';

ts/protocols/proxy/parser.ts

@@ -0,0 +1,183 @@
+/**
+ * PROXY Protocol Parser
+ * Implementation of HAProxy PROXY protocol v1 (text format)
+ * Spec: https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt
+ */
+
+import type { IProxyInfo, IProxyParseResult, TProxyProtocol } from './types.js';
+
+/**
+ * PROXY protocol parser
+ */
+export class ProxyProtocolParser {
+  static readonly PROXY_V1_SIGNATURE = 'PROXY ';
+  static readonly MAX_HEADER_LENGTH = 107; // Max length for v1 header
+  static readonly HEADER_TERMINATOR = '\r\n';
+  
+  /**
+   * Parse PROXY protocol v1 header from buffer
+   * Returns proxy info and remaining data after header
+   */
+  static parse(data: Buffer): IProxyParseResult {
+    // Check if buffer starts with PROXY signature
+    if (!data.toString('ascii', 0, 6).startsWith(this.PROXY_V1_SIGNATURE)) {
+      return {
+        proxyInfo: null,
+        remainingData: data
+      };
+    }
+    
+    // Find header terminator
+    const headerEndIndex = data.indexOf(this.HEADER_TERMINATOR);
+    if (headerEndIndex === -1) {
+      // Header incomplete, need more data
+      if (data.length > this.MAX_HEADER_LENGTH) {
+        // Header too long, invalid
+        throw new Error('PROXY protocol header exceeds maximum length');
+      }
+      return {
+        proxyInfo: null,
+        remainingData: data
+      };
+    }
+    
+    // Extract header line
+    const headerLine = data.toString('ascii', 0, headerEndIndex);
+    const remainingData = data.slice(headerEndIndex + 2); // Skip \r\n
+    
+    // Parse header
+    const parts = headerLine.split(' ');
+    
+    if (parts.length < 2) {
+      throw new Error(`Invalid PROXY protocol header format: ${headerLine}`);
+    }
+    
+    const [signature, protocol] = parts;
+    
+    // Validate protocol
+    if (!['TCP4', 'TCP6', 'UNKNOWN'].includes(protocol)) {
+      throw new Error(`Invalid PROXY protocol: ${protocol}`);
+    }
+    
+    // For UNKNOWN protocol, ignore addresses
+    if (protocol === 'UNKNOWN') {
+      return {
+        proxyInfo: {
+          protocol: 'UNKNOWN',
+          sourceIP: '',
+          sourcePort: 0,
+          destinationIP: '',
+          destinationPort: 0
+        },
+        remainingData
+      };
+    }
+    
+    // For TCP4/TCP6, we need all 6 parts
+    if (parts.length !== 6) {
+      throw new Error(`Invalid PROXY protocol header format: ${headerLine}`);
+    }
+    
+    const [, , srcIP, dstIP, srcPort, dstPort] = parts;
+    
+    // Validate and parse ports
+    const sourcePort = parseInt(srcPort, 10);
+    const destinationPort = parseInt(dstPort, 10);
+    
+    if (isNaN(sourcePort) || sourcePort < 0 || sourcePort > 65535) {
+      throw new Error(`Invalid source port: ${srcPort}`);
+    }
+    
+    if (isNaN(destinationPort) || destinationPort < 0 || destinationPort > 65535) {
+      throw new Error(`Invalid destination port: ${dstPort}`);
+    }
+    
+    // Validate IP addresses
+    const protocolType = protocol as TProxyProtocol;
+    if (!this.isValidIP(srcIP, protocolType)) {
+      throw new Error(`Invalid source IP for ${protocol}: ${srcIP}`);
+    }
+    
+    if (!this.isValidIP(dstIP, protocolType)) {
+      throw new Error(`Invalid destination IP for ${protocol}: ${dstIP}`);
+    }
+    
+    return {
+      proxyInfo: {
+        protocol: protocolType,
+        sourceIP: srcIP,
+        sourcePort,
+        destinationIP: dstIP,
+        destinationPort
+      },
+      remainingData
+    };
+  }
+  
+  /**
+   * Generate PROXY protocol v1 header
+   */
+  static generate(info: IProxyInfo): Buffer {
+    if (info.protocol === 'UNKNOWN') {
+      return Buffer.from(`PROXY UNKNOWN\r\n`, 'ascii');
+    }
+    
+    const header = `PROXY ${info.protocol} ${info.sourceIP} ${info.destinationIP} ${info.sourcePort} ${info.destinationPort}\r\n`;
+    
+    if (header.length > this.MAX_HEADER_LENGTH) {
+      throw new Error('Generated PROXY protocol header exceeds maximum length');
+    }
+    
+    return Buffer.from(header, 'ascii');
+  }
+  
+  /**
+   * Validate IP address format
+   */
+  static isValidIP(ip: string, protocol: TProxyProtocol): boolean {
+    if (protocol === 'TCP4') {
+      return this.isIPv4(ip);
+    } else if (protocol === 'TCP6') {
+      return this.isIPv6(ip);
+    }
+    return false;
+  }
+  
+  /**
+   * Check if string is valid IPv4
+   */
+  static isIPv4(ip: string): boolean {
+    const parts = ip.split('.');
+    if (parts.length !== 4) return false;
+    
+    for (const part of parts) {
+      const num = parseInt(part, 10);
+      if (isNaN(num) || num < 0 || num > 255 || part !== num.toString()) {
+        return false;
+      }
+    }
+    return true;
+  }
+  
+  /**
+   * Check if string is valid IPv6
+   */
+  static isIPv6(ip: string): boolean {
+    // Basic IPv6 validation
+    const ipv6Regex = /^(([0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))$/;
+    return ipv6Regex.test(ip);
+  }
+  
+  /**
+   * Create a connection ID string for tracking
+   */
+  static createConnectionId(connectionInfo: {
+    sourceIp?: string;
+    sourcePort?: number;
+    destIp?: string;
+    destPort?: number;
+  }): string {
+    const { sourceIp, sourcePort, destIp, destPort } = connectionInfo;
+    return `${sourceIp}:${sourcePort}-${destIp}:${destPort}`;
+  }
+}

ts/protocols/proxy/types.ts

@@ -0,0 +1,53 @@
+/**
+ * PROXY Protocol Type Definitions
+ * Based on HAProxy PROXY protocol specification
+ */
+
+/**
+ * PROXY protocol version
+ */
+export type TProxyProtocolVersion = 'v1' | 'v2';
+
+/**
+ * Connection protocol type
+ */
+export type TProxyProtocol = 'TCP4' | 'TCP6' | 'UNKNOWN';
+
+/**
+ * Interface representing parsed PROXY protocol information
+ */
+export interface IProxyInfo {
+  protocol: TProxyProtocol;
+  sourceIP: string;
+  sourcePort: number;
+  destinationIP: string;
+  destinationPort: number;
+}
+
+/**
+ * Interface for parse result including remaining data
+ */
+export interface IProxyParseResult {
+  proxyInfo: IProxyInfo | null;
+  remainingData: Buffer;
+}
+
+/**
+ * PROXY protocol v2 header format
+ */
+export interface IProxyV2Header {
+  signature: Buffer;
+  versionCommand: number;
+  family: number;
+  length: number;
+}
+
+/**
+ * Connection information for PROXY protocol
+ */
+export interface IProxyConnectionInfo {
+  sourceIp?: string;
+  sourcePort?: number;
+  destIp?: string;
+  destPort?: number;
+}

ts/protocols/tls/alerts/tls-alert.ts

@@ -1,4 +1,4 @@
-import * as plugins from '../../plugins.js';
+import * as plugins from '../../../plugins.js';
 import { TlsAlertLevel, TlsAlertDescription, TlsVersion } from '../utils/tls-utils.js';
 
 /**

ts/protocols/tls/index.ts

@@ -0,0 +1,37 @@
+/**
+ * TLS Protocol Module
+ * Contains generic TLS protocol knowledge including parsers, constants, and utilities
+ */
+
+// Export all sub-modules
+export * from './alerts/index.js';
+export * from './sni/index.js';
+export * from './utils/index.js';
+
+// Re-export main utilities and types for convenience
+export { 
+  TlsUtils,
+  TlsRecordType,
+  TlsHandshakeType,
+  TlsExtensionType,
+  TlsAlertLevel,
+  TlsAlertDescription,
+  TlsVersion
+} from './utils/tls-utils.js';
+export { TlsAlert } from './alerts/tls-alert.js';
+export { ClientHelloParser } from './sni/client-hello-parser.js';
+export { SniExtraction } from './sni/sni-extraction.js';
+
+// Export tlsVersionToString helper
+export function tlsVersionToString(major: number, minor: number): string | null {
+  if (major === 0x03) {
+    switch (minor) {
+      case 0x00: return 'SSLv3';
+      case 0x01: return 'TLSv1.0';
+      case 0x02: return 'TLSv1.1';
+      case 0x03: return 'TLSv1.2';
+      case 0x04: return 'TLSv1.3';
+    }
+  }
+  return null;
+}

ts/protocols/tls/sni/index.ts

@@ -0,0 +1,6 @@
+/**
+ * TLS SNI (Server Name Indication) protocol utilities
+ */
+
+export * from './client-hello-parser.js';
+export * from './sni-extraction.js';

ts/protocols/tls/utils/tls-utils.ts

@@ -1,4 +1,4 @@
-import * as plugins from '../../plugins.js';
+import * as plugins from '../../../plugins.js';
 
 /**
  * TLS record types as defined in various RFCs

ts/protocols/websocket/constants.ts

@@ -0,0 +1,60 @@
+/**
+ * WebSocket Protocol Constants
+ * Based on RFC 6455
+ */
+
+/**
+ * WebSocket opcode types
+ */
+export enum WebSocketOpcode {
+  CONTINUATION = 0x0,
+  TEXT = 0x1,
+  BINARY = 0x2,
+  CLOSE = 0x8,
+  PING = 0x9,
+  PONG = 0xa,
+}
+
+/**
+ * WebSocket close codes
+ */
+export enum WebSocketCloseCode {
+  NORMAL_CLOSURE = 1000,
+  GOING_AWAY = 1001,
+  PROTOCOL_ERROR = 1002,
+  UNSUPPORTED_DATA = 1003,
+  NO_STATUS_RECEIVED = 1005,
+  ABNORMAL_CLOSURE = 1006,
+  INVALID_FRAME_PAYLOAD_DATA = 1007,
+  POLICY_VIOLATION = 1008,
+  MESSAGE_TOO_BIG = 1009,
+  MISSING_EXTENSION = 1010,
+  INTERNAL_ERROR = 1011,
+  SERVICE_RESTART = 1012,
+  TRY_AGAIN_LATER = 1013,
+  BAD_GATEWAY = 1014,
+  TLS_HANDSHAKE = 1015,
+}
+
+/**
+ * WebSocket protocol version
+ */
+export const WEBSOCKET_VERSION = 13;
+
+/**
+ * WebSocket magic string for handshake
+ */
+export const WEBSOCKET_MAGIC_STRING = '258EAFA5-E914-47DA-95CA-C5AB0DC85B11';
+
+/**
+ * WebSocket headers
+ */
+export const WEBSOCKET_HEADERS = {
+  UPGRADE: 'upgrade',
+  CONNECTION: 'connection',
+  SEC_WEBSOCKET_KEY: 'sec-websocket-key',
+  SEC_WEBSOCKET_VERSION: 'sec-websocket-version',
+  SEC_WEBSOCKET_ACCEPT: 'sec-websocket-accept',
+  SEC_WEBSOCKET_PROTOCOL: 'sec-websocket-protocol',
+  SEC_WEBSOCKET_EXTENSIONS: 'sec-websocket-extensions',
+} as const;

ts/protocols/websocket/index.ts

@@ -0,0 +1,8 @@
+/**
+ * WebSocket Protocol Module
+ * WebSocket protocol utilities and constants
+ */
+
+export * from './constants.js';
+export * from './types.js';
+export * from './utils.js';

ts/protocols/websocket/types.ts

@@ -0,0 +1,53 @@
+/**
+ * WebSocket Protocol Type Definitions
+ */
+
+import type { WebSocketOpcode, WebSocketCloseCode } from './constants.js';
+
+/**
+ * WebSocket frame header
+ */
+export interface IWebSocketFrameHeader {
+  fin: boolean;
+  rsv1: boolean;
+  rsv2: boolean;
+  rsv3: boolean;
+  opcode: WebSocketOpcode;
+  masked: boolean;
+  payloadLength: number;
+  maskingKey?: Buffer;
+}
+
+/**
+ * WebSocket frame
+ */
+export interface IWebSocketFrame {
+  header: IWebSocketFrameHeader;
+  payload: Buffer;
+}
+
+/**
+ * WebSocket close frame payload
+ */
+export interface IWebSocketClosePayload {
+  code: WebSocketCloseCode;
+  reason?: string;
+}
+
+/**
+ * WebSocket handshake request headers
+ */
+export interface IWebSocketHandshakeHeaders {
+  upgrade: string;
+  connection: string;
+  'sec-websocket-key': string;
+  'sec-websocket-version': string;
+  'sec-websocket-protocol'?: string;
+  'sec-websocket-extensions'?: string;
+  [key: string]: string | undefined;
+}
+
+/**
+ * Type for WebSocket raw data (matching ws library)
+ */
+export type RawData = Buffer | ArrayBuffer | Buffer[] | any;

ts/protocols/websocket/utils.ts

@@ -0,0 +1,98 @@
+/**
+ * WebSocket Protocol Utilities
+ */
+
+import * as crypto from 'crypto';
+import { WEBSOCKET_MAGIC_STRING } from './constants.js';
+import type { RawData } from './types.js';
+
+/**
+ * Get the length of a WebSocket message regardless of its type
+ * (handles all possible WebSocket message data types)
+ */
+export function getMessageSize(data: RawData): number {
+  if (typeof data === 'string') {
+    // For string data, get the byte length
+    return Buffer.from(data, 'utf8').length;
+  } else if (data instanceof Buffer) {
+    // For Node.js Buffer
+    return data.length;
+  } else if (data instanceof ArrayBuffer) {
+    // For ArrayBuffer
+    return data.byteLength;
+  } else if (Array.isArray(data)) {
+    // For array of buffers, sum their lengths
+    return data.reduce((sum, chunk) => {
+      if (chunk instanceof Buffer) {
+        return sum + chunk.length;
+      } else if (chunk instanceof ArrayBuffer) {
+        return sum + chunk.byteLength;
+      }
+      return sum;
+    }, 0);
+  } else {
+    // For other types, try to determine the size or return 0
+    try {
+      return Buffer.from(data).length;
+    } catch (e) {
+      return 0;
+    }
+  }
+}
+
+/**
+ * Convert any raw WebSocket data to Buffer for consistent handling
+ */
+export function toBuffer(data: RawData): Buffer {
+  if (typeof data === 'string') {
+    return Buffer.from(data, 'utf8');
+  } else if (data instanceof Buffer) {
+    return data;
+  } else if (data instanceof ArrayBuffer) {
+    return Buffer.from(data);
+  } else if (Array.isArray(data)) {
+    // For array of buffers, concatenate them
+    return Buffer.concat(data.map(chunk => {
+      if (chunk instanceof Buffer) {
+        return chunk;
+      } else if (chunk instanceof ArrayBuffer) {
+        return Buffer.from(chunk);
+      }
+      return Buffer.from(chunk);
+    }));
+  } else {
+    // For other types, try to convert to Buffer or return empty Buffer
+    try {
+      return Buffer.from(data);
+    } catch (e) {
+      return Buffer.alloc(0);
+    }
+  }
+}
+
+/**
+ * Generate WebSocket accept key from client key
+ */
+export function generateAcceptKey(clientKey: string): string {
+  const hash = crypto.createHash('sha1');
+  hash.update(clientKey + WEBSOCKET_MAGIC_STRING);
+  return hash.digest('base64');
+}
+
+/**
+ * Validate WebSocket upgrade request
+ */
+export function isWebSocketUpgrade(headers: Record<string, string>): boolean {
+  const upgrade = headers['upgrade'];
+  const connection = headers['connection'];
+  
+  return upgrade?.toLowerCase() === 'websocket' && 
+         connection?.toLowerCase().includes('upgrade');
+}
+
+/**
+ * Generate random WebSocket key for client handshake
+ */
+export function generateWebSocketKey(): string {
+  return crypto.randomBytes(16).toString('base64');
+}

ts/proxies/http-proxy/models/http-types.ts

@@ -1,4 +1,6 @@
 import * as plugins from '../../../plugins.js';
+// Import from protocols for consistent status codes
+import { HttpStatus as ProtocolHttpStatus, getStatusText as getProtocolStatusText } from '../../../protocols/http/index.js';
 
 /**
  * HTTP-specific event types
@@ -10,34 +12,33 @@ export enum HttpEvents {
   REQUEST_ERROR = 'request-error',
 }
 
-/**
- * HTTP status codes as an enum for better type safety
- */
-export enum HttpStatus {
-  OK = 200,
-  MOVED_PERMANENTLY = 301,
-  FOUND = 302,
-  TEMPORARY_REDIRECT = 307,
-  PERMANENT_REDIRECT = 308,
-  BAD_REQUEST = 400,
-  UNAUTHORIZED = 401,
-  FORBIDDEN = 403,
-  NOT_FOUND = 404,
-  METHOD_NOT_ALLOWED = 405,
-  REQUEST_TIMEOUT = 408,
-  TOO_MANY_REQUESTS = 429,
-  INTERNAL_SERVER_ERROR = 500,
-  NOT_IMPLEMENTED = 501,
-  BAD_GATEWAY = 502,
-  SERVICE_UNAVAILABLE = 503,
-  GATEWAY_TIMEOUT = 504,
-}
+
+// Re-export for backward compatibility with subset of commonly used codes
+export const HttpStatus = {
+  OK: ProtocolHttpStatus.OK,
+  MOVED_PERMANENTLY: ProtocolHttpStatus.MOVED_PERMANENTLY,
+  FOUND: ProtocolHttpStatus.FOUND,
+  TEMPORARY_REDIRECT: ProtocolHttpStatus.TEMPORARY_REDIRECT,
+  PERMANENT_REDIRECT: ProtocolHttpStatus.PERMANENT_REDIRECT,
+  BAD_REQUEST: ProtocolHttpStatus.BAD_REQUEST,
+  UNAUTHORIZED: ProtocolHttpStatus.UNAUTHORIZED,
+  FORBIDDEN: ProtocolHttpStatus.FORBIDDEN,
+  NOT_FOUND: ProtocolHttpStatus.NOT_FOUND,
+  METHOD_NOT_ALLOWED: ProtocolHttpStatus.METHOD_NOT_ALLOWED,
+  REQUEST_TIMEOUT: ProtocolHttpStatus.REQUEST_TIMEOUT,
+  TOO_MANY_REQUESTS: ProtocolHttpStatus.TOO_MANY_REQUESTS,
+  INTERNAL_SERVER_ERROR: ProtocolHttpStatus.INTERNAL_SERVER_ERROR,
+  NOT_IMPLEMENTED: ProtocolHttpStatus.NOT_IMPLEMENTED,
+  BAD_GATEWAY: ProtocolHttpStatus.BAD_GATEWAY,
+  SERVICE_UNAVAILABLE: ProtocolHttpStatus.SERVICE_UNAVAILABLE,
+  GATEWAY_TIMEOUT: ProtocolHttpStatus.GATEWAY_TIMEOUT,
+} as const;
 
 /**
  * Base error class for HTTP-related errors
  */
 export class HttpError extends Error {
-  constructor(message: string, public readonly statusCode: HttpStatus = HttpStatus.INTERNAL_SERVER_ERROR) {
+  constructor(message: string, public readonly statusCode: number = HttpStatus.INTERNAL_SERVER_ERROR) {
     super(message);
     this.name = 'HttpError';
   }
@@ -61,7 +62,7 @@ export class CertificateError extends HttpError {
  * Error related to server operations
  */
 export class ServerError extends HttpError {
-  constructor(message: string, public readonly code?: string, statusCode: HttpStatus = HttpStatus.INTERNAL_SERVER_ERROR) {
+  constructor(message: string, public readonly code?: string, statusCode: number = HttpStatus.INTERNAL_SERVER_ERROR) {
     super(message, statusCode);
     this.name = 'ServerError';
   }
@@ -93,7 +94,7 @@ export class NotFoundError extends HttpError {
 export interface IRedirectConfig {
   source: string;           // Source path or pattern
   destination: string;      // Destination URL  
-  type: HttpStatus;         // Redirect status code
+  type: number;             // Redirect status code
   preserveQuery?: boolean;  // Whether to preserve query parameters
 }
 
@@ -115,30 +116,12 @@ export interface IRouterConfig {
  */
 export type HttpMethod = 'GET' | 'POST' | 'PUT' | 'DELETE' | 'PATCH' | 'HEAD' | 'OPTIONS' | 'CONNECT' | 'TRACE';
 
+
 /**
  * Helper function to get HTTP status text
  */
-export function getStatusText(status: HttpStatus): string {
-  const statusTexts: Record<HttpStatus, string> = {
-    [HttpStatus.OK]: 'OK',
-    [HttpStatus.MOVED_PERMANENTLY]: 'Moved Permanently',
-    [HttpStatus.FOUND]: 'Found',
-    [HttpStatus.TEMPORARY_REDIRECT]: 'Temporary Redirect',
-    [HttpStatus.PERMANENT_REDIRECT]: 'Permanent Redirect',
-    [HttpStatus.BAD_REQUEST]: 'Bad Request',
-    [HttpStatus.UNAUTHORIZED]: 'Unauthorized',
-    [HttpStatus.FORBIDDEN]: 'Forbidden',
-    [HttpStatus.NOT_FOUND]: 'Not Found',
-    [HttpStatus.METHOD_NOT_ALLOWED]: 'Method Not Allowed',
-    [HttpStatus.REQUEST_TIMEOUT]: 'Request Timeout',
-    [HttpStatus.TOO_MANY_REQUESTS]: 'Too Many Requests',
-    [HttpStatus.INTERNAL_SERVER_ERROR]: 'Internal Server Error',
-    [HttpStatus.NOT_IMPLEMENTED]: 'Not Implemented',
-    [HttpStatus.BAD_GATEWAY]: 'Bad Gateway',
-    [HttpStatus.SERVICE_UNAVAILABLE]: 'Service Unavailable',
-    [HttpStatus.GATEWAY_TIMEOUT]: 'Gateway Timeout',
-  };
-  return statusTexts[status] || 'Unknown';
+export function getStatusText(status: number): string {
+  return getProtocolStatusText(status as ProtocolHttpStatus);
 }
 
 // Legacy interfaces for backward compatibility

ts/proxies/smart-proxy/models/interfaces.ts

@@ -195,4 +195,11 @@ export interface IConnectionRecord {
   
   // NFTables tracking
   nftablesHandled?: boolean; // Whether this connection is being handled by NFTables at kernel level
+  
+  // HTTP-specific information (extracted from protocol detection)
+  httpInfo?: {
+    method?: string;
+    path?: string;
+    headers?: Record<string, string>;
+  };
 }

ts/proxies/smart-proxy/route-connection-handler.ts

@@ -10,6 +10,7 @@ import { WrappedSocket } from '../../core/models/wrapped-socket.js';
 import { getUnderlyingSocket } from '../../core/models/socket-types.js';
 import { ProxyProtocolParser } from '../../core/utils/proxy-protocol.js';
 import type { SmartProxy } from './smart-proxy.js';
+import { ProtocolDetector } from '../../detection/index.js';
 
 /**
  * Handles new connection processing and setup logic with support for route-based configuration
@@ -301,11 +302,27 @@ export class RouteConnectionHandler {
     });
 
     // Handler for processing initial data (after potential PROXY protocol)
-    const processInitialData = (chunk: Buffer) => {
+    const processInitialData = async (chunk: Buffer) => {
+      // Use ProtocolDetector to identify protocol
+      const connectionId = ProtocolDetector.createConnectionId({
+        sourceIp: record.remoteIP,
+        sourcePort: socket.remotePort,
+        destIp: socket.localAddress,
+        destPort: socket.localPort,
+        socketId: record.id
+      });
+      
+      const detectionResult = await ProtocolDetector.detectWithConnectionTracking(
+        chunk,
+        connectionId,
+        { extractFullHeaders: false } // Only extract essential info for routing
+      );
+      
       // Block non-TLS connections on port 443
-      if (!this.smartProxy.tlsManager.isTlsHandshake(chunk) && localPort === 443) {
-        logger.log('warn', `Non-TLS connection ${connectionId} detected on port 443. Terminating connection - only TLS traffic is allowed on standard HTTPS port.`, {
-          connectionId,
+      if (localPort === 443 && detectionResult.protocol !== 'tls') {
+        logger.log('warn', `Non-TLS connection ${record.id} detected on port 443. Terminating connection - only TLS traffic is allowed on standard HTTPS port.`, {
+          connectionId: record.id,
+          detectedProtocol: detectionResult.protocol,
           message: 'Terminating connection - only TLS traffic is allowed on standard HTTPS port.',
           component: 'route-handler'
         });
@@ -318,71 +335,78 @@ export class RouteConnectionHandler {
         return;
       }
 
-      // Check if this looks like a TLS handshake
+      // Extract domain and protocol info
       let serverName = '';
-      if (this.smartProxy.tlsManager.isTlsHandshake(chunk)) {
+      if (detectionResult.protocol === 'tls') {
         record.isTLS = true;
+        serverName = detectionResult.connectionInfo.domain || '';
+        
+        // Lock the connection to the negotiated SNI
+        record.lockedDomain = serverName;
 
-        // Check for ClientHello to extract SNI
-        if (this.smartProxy.tlsManager.isClientHello(chunk)) {
-          // Create connection info for SNI extraction
-          const connInfo = {
-            sourceIp: record.remoteIP,
-            sourcePort: socket.remotePort || 0,
-            destIp: socket.localAddress || '',
-            destPort: socket.localPort || 0,
-          };
-
-          // Extract SNI
-          serverName = this.smartProxy.tlsManager.extractSNI(chunk, connInfo) || '';
-
-          // Lock the connection to the negotiated SNI
-          record.lockedDomain = serverName;
-
-          // Check if we should reject connections without SNI
-          if (!serverName && this.smartProxy.settings.allowSessionTicket === false) {
-            logger.log('warn', `No SNI detected in TLS ClientHello for connection ${connectionId}; sending TLS alert`, {
-              connectionId,
-              component: 'route-handler'
-            });
-            if (record.incomingTerminationReason === null) {
-              record.incomingTerminationReason = 'session_ticket_blocked_no_sni';
-              this.smartProxy.connectionManager.incrementTerminationStat(
-                'incoming',
-                'session_ticket_blocked_no_sni'
-              );
-            }
-            const alert = Buffer.from([0x15, 0x03, 0x03, 0x00, 0x02, 0x01, 0x70]);
-            try {
-              // Count the alert bytes being sent
-              record.bytesSent += alert.length;
-              if (this.smartProxy.metricsCollector) {
-                this.smartProxy.metricsCollector.recordBytes(record.id, 0, alert.length);
-              }
-              
-              socket.cork();
-              socket.write(alert);
-              socket.uncork();
-              socket.end();
-            } catch {
-              socket.end();
-            }
-            this.smartProxy.connectionManager.cleanupConnection(record, 'session_ticket_blocked_no_sni');
-            return;
+        // Check if we should reject connections without SNI
+        if (!serverName && this.smartProxy.settings.allowSessionTicket === false) {
+          logger.log('warn', `No SNI detected in TLS ClientHello for connection ${record.id}; sending TLS alert`, {
+            connectionId: record.id,
+            component: 'route-handler'
+          });
+          if (record.incomingTerminationReason === null) {
+            record.incomingTerminationReason = 'session_ticket_blocked_no_sni';
+            this.smartProxy.connectionManager.incrementTerminationStat(
+              'incoming',
+              'session_ticket_blocked_no_sni'
+            );
           }
-
-          if (this.smartProxy.settings.enableDetailedLogging) {
-            logger.log('info', `TLS connection with SNI`, {
-              connectionId,
-              serverName: serverName || '(empty)',
-              component: 'route-handler'
-            });
+          const alert = Buffer.from([0x15, 0x03, 0x03, 0x00, 0x02, 0x01, 0x70]);
+          try {
+            // Count the alert bytes being sent
+            record.bytesSent += alert.length;
+            if (this.smartProxy.metricsCollector) {
+              this.smartProxy.metricsCollector.recordBytes(record.id, 0, alert.length);
+            }
+            
+            socket.cork();
+            socket.write(alert);
+            socket.uncork();
+            socket.end();
+          } catch {
+            socket.end();
           }
+          this.smartProxy.connectionManager.cleanupConnection(record, 'session_ticket_blocked_no_sni');
+          return;
+        }
+
+        if (this.smartProxy.settings.enableDetailedLogging) {
+          logger.log('info', `TLS connection with SNI`, {
+            connectionId: record.id,
+            serverName: serverName || '(empty)',
+            component: 'route-handler'
+          });
+        }
+      } else if (detectionResult.protocol === 'http') {
+        // For HTTP, extract domain from Host header
+        serverName = detectionResult.connectionInfo.domain || '';
+        
+        // Store HTTP-specific info for later use
+        record.httpInfo = {
+          method: detectionResult.connectionInfo.method,
+          path: detectionResult.connectionInfo.path,
+          headers: detectionResult.connectionInfo.headers
+        };
+        
+        if (this.smartProxy.settings.enableDetailedLogging) {
+          logger.log('info', `HTTP connection detected`, {
+            connectionId: record.id,
+            domain: serverName || '(no host header)',
+            method: detectionResult.connectionInfo.method,
+            path: detectionResult.connectionInfo.path,
+            component: 'route-handler'
+          });
         }
       }
 
       // Find the appropriate route for this connection
-      this.routeConnection(socket, record, serverName, chunk);
+      this.routeConnection(socket, record, serverName, chunk, detectionResult);
     };
 
     // First data handler to capture initial TLS handshake or PROXY protocol
@@ -454,7 +478,8 @@ export class RouteConnectionHandler {
     socket: plugins.net.Socket | WrappedSocket,
     record: IConnectionRecord,
     serverName: string,
-    initialChunk?: Buffer
+    initialChunk?: Buffer,
+    detectionResult?: any // Using any temporarily to avoid circular dependency issues
   ): void {
     const connectionId = record.id;
     const localPort = record.localPort;
@@ -635,7 +660,7 @@ export class RouteConnectionHandler {
     // Handle the route based on its action type
     switch (route.action.type) {
       case 'forward':
-        return this.handleForwardAction(socket, record, route, initialChunk);
+        return this.handleForwardAction(socket, record, route, initialChunk, detectionResult);
 
       case 'socket-handler':
         logger.log('info', `Handling socket-handler action for route ${route.name}`, {
@@ -738,7 +763,8 @@ export class RouteConnectionHandler {
     socket: plugins.net.Socket | WrappedSocket,
     record: IConnectionRecord,
     route: IRouteConfig,
-    initialChunk?: Buffer
+    initialChunk?: Buffer,
+    detectionResult?: any // Using any temporarily to avoid circular dependency issues
   ): void {
     const connectionId = record.id;
     const action = route.action as IRouteAction;
@@ -819,14 +845,11 @@ export class RouteConnectionHandler {
     // Create context for target selection
     const targetSelectionContext = {
       port: record.localPort,
-      path: undefined, // Will be populated from HTTP headers if available
-      headers: undefined, // Will be populated from HTTP headers if available
-      method: undefined // Will be populated from HTTP headers if available
+      path: record.httpInfo?.path,
+      headers: record.httpInfo?.headers,
+      method: record.httpInfo?.method
     };
     
-    // TODO: Extract path, headers, and method from initialChunk if it's HTTP
-    // For now, we'll select based on port only
-    
     const selectedTarget = this.selectTarget(action.targets, targetSelectionContext);
     if (!selectedTarget) {
       logger.log('error', `No matching target found for connection ${connectionId}`, {

ts/proxies/smart-proxy/tls-manager.ts

@@ -1,5 +1,6 @@
 import * as plugins from '../../plugins.js';
 import { SniHandler } from '../../tls/sni/sni-handler.js';
+import { ProtocolDetector, TlsDetector } from '../../detection/index.js';
 import type { SmartProxy } from './smart-proxy.js';
 
 /**

ts/proxies/smart-proxy/utils/route-helpers.ts

@@ -21,6 +21,7 @@
 import * as plugins from '../../../plugins.js';
 import type { IRouteConfig, IRouteMatch, IRouteAction, IRouteTarget, TPortRange, IRouteContext } from '../models/route-types.js';
 import { mergeRouteConfigs } from './route-utils.js';
+import { ProtocolDetector, HttpDetector } from '../../../detection/index.js';
 
 /**
  * Create an HTTP-only route configuration
@@ -956,83 +957,91 @@ export const SocketHandlers = {
   
   /**
    * HTTP redirect handler
+   * Now uses the centralized detection module for HTTP parsing
    */
   httpRedirect: (locationTemplate: string, statusCode: number = 301) => (socket: plugins.net.Socket, context: IRouteContext) => {
-    let buffer = '';
+    const connectionId = ProtocolDetector.createConnectionId({
+      socketId: context.connectionId || `${Date.now()}-${Math.random()}`
+    });
     
-    socket.once('data', (data) => {
-      buffer += data.toString();
+    socket.once('data', async (data) => {
+      // Use detection module for parsing
+      const detectionResult = await ProtocolDetector.detectWithConnectionTracking(
+        data,
+        connectionId,
+        { extractFullHeaders: false } // We only need method and path
+      );
       
-      const lines = buffer.split('\r\n');
-      const requestLine = lines[0];
-      const [method, path] = requestLine.split(' ');
+      if (detectionResult.protocol === 'http' && detectionResult.connectionInfo.path) {
+        const method = detectionResult.connectionInfo.method || 'GET';
+        const path = detectionResult.connectionInfo.path || '/';
+        
+        const domain = context.domain || 'localhost';
+        const port = context.port;
+        
+        let finalLocation = locationTemplate
+          .replace('{domain}', domain)
+          .replace('{port}', String(port))
+          .replace('{path}', path)
+          .replace('{clientIp}', context.clientIp);
+        
+        const message = `Redirecting to ${finalLocation}`;
+        const response = [
+          `HTTP/1.1 ${statusCode} ${statusCode === 301 ? 'Moved Permanently' : 'Found'}`,
+          `Location: ${finalLocation}`,
+          'Content-Type: text/plain',
+          `Content-Length: ${message.length}`,
+          'Connection: close',
+          '',
+          message
+        ].join('\r\n');
+        
+        socket.write(response);
+      } else {
+        // Not a valid HTTP request, close connection
+        socket.write('HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n');
+      }
       
-      const domain = context.domain || 'localhost';
-      const port = context.port;
-      
-      let finalLocation = locationTemplate
-        .replace('{domain}', domain)
-        .replace('{port}', String(port))
-        .replace('{path}', path)
-        .replace('{clientIp}', context.clientIp);
-      
-      const message = `Redirecting to ${finalLocation}`;
-      const response = [
-        `HTTP/1.1 ${statusCode} ${statusCode === 301 ? 'Moved Permanently' : 'Found'}`,
-        `Location: ${finalLocation}`,
-        'Content-Type: text/plain',
-        `Content-Length: ${message.length}`,
-        'Connection: close',
-        '',
-        message
-      ].join('\r\n');
-      
-      socket.write(response);
       socket.end();
+      // Clean up detection state
+      ProtocolDetector.cleanupConnections();
     });
   },
   
   /**
    * HTTP server handler for ACME challenges and other HTTP needs
+   * Now uses the centralized detection module for HTTP parsing
    */
   httpServer: (handler: (req: { method: string; url: string; headers: Record<string, string>; body?: string }, res: { status: (code: number) => void; header: (name: string, value: string) => void; send: (data: string) => void; end: () => void }) => void) => (socket: plugins.net.Socket, context: IRouteContext) => {
-    let buffer = '';
     let requestParsed = false;
+    const connectionId = ProtocolDetector.createConnectionId({
+      socketId: context.connectionId || `${Date.now()}-${Math.random()}`
+    });
     
-    socket.on('data', (data) => {
+    const processData = async (data: Buffer) => {
       if (requestParsed) return; // Only handle the first request
       
-      buffer += data.toString();
+      // Use HttpDetector for parsing
+      const detectionResult = await ProtocolDetector.detectWithConnectionTracking(
+        data,
+        connectionId,
+        { extractFullHeaders: true }
+      );
       
-      // Check if we have a complete HTTP request
-      const headerEndIndex = buffer.indexOf('\r\n\r\n');
-      if (headerEndIndex === -1) return; // Need more data
-      
-      requestParsed = true;
-      
-      // Parse the HTTP request
-      const headerPart = buffer.substring(0, headerEndIndex);
-      const bodyPart = buffer.substring(headerEndIndex + 4);
-      
-      const lines = headerPart.split('\r\n');
-      const [method, url] = lines[0].split(' ');
-      
-      const headers: Record<string, string> = {};
-      for (let i = 1; i < lines.length; i++) {
-        const colonIndex = lines[i].indexOf(':');
-        if (colonIndex > 0) {
-          const name = lines[i].substring(0, colonIndex).trim().toLowerCase();
-          const value = lines[i].substring(colonIndex + 1).trim();
-          headers[name] = value;
-        }
+      if (detectionResult.protocol !== 'http' || !detectionResult.isComplete) {
+        // Not a complete HTTP request yet
+        return;
       }
       
-      // Create request object
+      requestParsed = true;
+      const connInfo = detectionResult.connectionInfo;
+      
+      // Create request object from detection result
       const req = {
-        method: method || 'GET',
-        url: url || '/',
-        headers,
-        body: bodyPart
+        method: connInfo.method || 'GET',
+        url: connInfo.path || '/',
+        headers: connInfo.headers || {},
+        body: detectionResult.remainingBuffer?.toString() || ''
       };
       
       // Create response object
@@ -1093,13 +1102,20 @@ export const SocketHandlers = {
           res.send('Internal Server Error');
         }
       }
-    });
+    };
+    
+    socket.on('data', processData);
     
     socket.on('error', () => {
       if (!requestParsed) {
         socket.end();
       }
     });
+    
+    socket.on('close', () => {
+      // Clean up detection state
+      ProtocolDetector.cleanupConnections();
+    });
   }
 };
 

ts/tls/index.ts

@@ -1,22 +1,18 @@
 /**
- * TLS module providing SNI extraction, TLS alerts, and other TLS-related utilities
+ * TLS module for smartproxy
+ * Re-exports protocol components and provides smartproxy-specific functionality
  */
 
-// Export TLS alert functionality
-export * from './alerts/tls-alert.js';
+// Re-export all protocol components from protocols/tls
+export * from '../protocols/tls/index.js';
 
-// Export SNI handling
+// Export smartproxy-specific SNI handler
 export * from './sni/sni-handler.js';
-export * from './sni/sni-extraction.js';
-export * from './sni/client-hello-parser.js';
-
-// Export TLS utilities
-export * from './utils/tls-utils.js';
 
 // Create a namespace for SNI utilities
 import { SniHandler } from './sni/sni-handler.js';
-import { SniExtraction } from './sni/sni-extraction.js';
-import { ClientHelloParser } from './sni/client-hello-parser.js';
+import { SniExtraction } from '../protocols/tls/sni/sni-extraction.js';
+import { ClientHelloParser } from '../protocols/tls/sni/client-hello-parser.js';
 
 // Export utility objects for convenience
 export const SNI = {
@@ -30,4 +26,4 @@ export const SNI = {
   // Convenience functions
   extractSNI: SniHandler.extractSNI,
   processTlsPacket: SniHandler.processTlsPacket,
-};
+};

ts/tls/sni/sni-handler.ts

@@ -4,15 +4,15 @@ import {
   TlsHandshakeType,
   TlsExtensionType,
   TlsUtils
-} from '../utils/tls-utils.js';
+} from '../../protocols/tls/utils/tls-utils.js';
 import {
   ClientHelloParser,
   type LoggerFunction
-} from './client-hello-parser.js';
+} from '../../protocols/tls/sni/client-hello-parser.js';
 import {
   SniExtraction,
   type ConnectionInfo
-} from './sni-extraction.js';
+} from '../../protocols/tls/sni/sni-extraction.js';
 
 /**
  * SNI (Server Name Indication) handler for TLS connections.