Skip whitespaces between HTTP method and URL. (#1271)

* be less case-restrictive, RFC2616 wants it that way

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>

2 files changed, 8 insertions, 0 deletions

diff --git a/tests/pcap/http-manipulated.pcap b/tests/pcap/http-manipulated.pcap
new file mode 100644
index 000000000..908d6895d
--- /dev/null
+++ b/tests/pcap/http-manipulated.pcap
diff --git a/tests/result/http-manipulated.pcap.out b/tests/result/http-manipulated.pcap.out
new file mode 100644
index 000000000..c8ec82f6b
--- /dev/null
+++ b/tests/result/http-manipulated.pcap.out
@@ -0,0 +1,8 @@
+Guessed flow protos:	0
+
+DPI Packets (TCP):	12	(6.00 pkts/flow)
+
+HTTP	328	959347	2
+
+	1	TCP 192.168.0.20:33684 <-> 192.168.0.7:8080 [proto: 7/HTTP][cat: Web/5][156 pkts/9409 bytes <-> 162 pkts/948709 bytes][Goodput ratio: 10/99][6.10 sec][Host: www.lan][bytes ratio: -0.980 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 49/1 6005/73 537/6][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 60/5856 440/29254 45/5036][URL: www.lan:8080/aaaaaaaaaaaaaaaaaaaaaaaa_very_long_uri][StatusCode: 200][Content-Type: text/html][User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:81.0) Gecko/20100101 Firefox/81.0][Risk: ** Known protocol on non standard port **][Risk Score: 10][PLAIN TEXT (GET                  /aaaaaaaaa)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,88]
+	2	TCP 192.168.0.20:33632 <-> 192.168.0.7:8080 [proto: 7/HTTP][cat: Web/5][6 pkts/412 bytes <-> 4 pkts/817 bytes][Goodput ratio: 18/71][0.00 sec][Host: wwww.lan][bytes ratio: -0.330 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 0/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 69/204 130/631 28/246][URL: wwww.lan:8080/][StatusCode: 200][Content-Type: text/html][User-Agent: curl/7.64.0][Risk: ** Known protocol on non standard port **][Risk Score: 10][PLAIN TEXT (GET / HTTP/1.1)][Plen Bins: 0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]