6 files changed, 28 insertions, 9 deletions

diff --git a/configure.seed b/configure.seed
index 44305cf8b..dd7720b9d 100644
--- a/configure.seed
+++ b/configure.seed
@@ -13,10 +13,18 @@ AS_IF([test "${with_sanitizer+set}" = set],[
 
 LT_INIT
 
-AC_PROG_CC(clang gcc)
-AM_PROG_CC_C_O(clang gcc)
-AC_PROG_CXX(clang++ g++)
-AC_PROG_CC_STDC(clang gcc)
+SYSTEM=`uname -s`
+if test $SYSTEM = "Darwin"; then
+  AC_PROG_CC(clang gcc)
+  AM_PROG_CC_C_O(clang gcc)
+  AC_PROG_CXX(clang++ g++)
+  AC_PROG_CC_STDC(clang gcc)
+else
+  AC_PROG_CC
+  AM_PROG_CC_C_O
+  AC_PROG_CXX
+  AC_PROG_CC_STDC
+fi
 AC_LANG_WERROR
 AX_PTHREAD
 
@@ -78,10 +86,6 @@ else
 fi
 
 MACHINE=`uname -m`
-SYSTEM=`uname -s`
-if test $SYSTEM = "Darwin"; then
- CC=clang
-fi
 
 CUSTOM_NDPI=
 
diff --git a/fuzz/fuzz_ndpi_reader.c b/fuzz/fuzz_ndpi_reader.c
index 32318718f..3d35cf89b 100644
--- a/fuzz/fuzz_ndpi_reader.c
+++ b/fuzz/fuzz_ndpi_reader.c
@@ -118,28 +118,33 @@ int main(int argc, char ** argv)
 
   if (fseek(pcap_file, 0, SEEK_END) != 0) {
     perror("fseek(SEEK_END) failed");
+    fclose(pcap_file);
     return 1;
   }
 
   pcap_file_size = ftell(pcap_file);
   if (pcap_file_size < 0) {
     perror("ftell failed");
+    fclose(pcap_file);
     return 1;
   }
 
   if (fseek(pcap_file, 0, SEEK_SET) != 0) {
     perror("fseek(0, SEEK_SET)  failed");
+    fclose(pcap_file);
     return 1;
   }
 
   pcap_buffer = malloc(pcap_file_size);
   if (pcap_buffer == NULL) {
     perror("malloc failed");
+    fclose(pcap_file);
     return 1;
   }
 
   if (fread(pcap_buffer, sizeof(*pcap_buffer), pcap_file_size, pcap_file) != pcap_file_size) {
     perror("fread failed");
+    fclose(pcap_file);
     return 1;
   }
 
diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c
index dd6d39c88..9ac26785c 100644
--- a/src/lib/protocols/http.c
+++ b/src/lib/protocols/http.c
@@ -805,6 +805,13 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct
         return;
       }
 
+      /* try to get some additional request header info even if the packet may not be HTTP */
+      ndpi_parse_packet_line_info(ndpi_struct, flow);
+      if (packet->http_num_headers > 0) {
+        check_content_type_and_change_protocol(ndpi_struct, flow);
+        return;
+      }
+
       NDPI_EXCLUDE_PROTO(ndpi_struct, flow);
       http_bitmask_exclude_other(flow);
       return;
diff --git a/tests/do.sh b/tests/do.sh
index bb187d40a..13014a7aa 100755
--- a/tests/do.sh
+++ b/tests/do.sh
@@ -9,7 +9,7 @@ PCAPS=`cd pcap; /bin/ls *.pcap`
 
 fuzzy_testing() {
 	if [ -f ../fuzz/fuzz_ndpi_reader ]; then
-		../fuzz/fuzz_ndpi_reader -max_total_time=${MAX_TOTAL_TIME:-592} -print_pcs=1 -workers=${FUZZY_WORKERS:-0} -jobs=${FUZZY_JOBS:-0} pcap/
+		../fuzz/fuzz_ndpi_reader -max_total_time="${MAX_TOTAL_TIME:-592}" -print_pcs=1 -workers="${FUZZY_WORKERS:-0}" -jobs="${FUZZY_JOBS:-0}" pcap/
 	fi
 }
 
diff --git a/tests/pcap/http-lines-split.pcap b/tests/pcap/http-lines-split.pcap
new file mode 100644
index 000000000..01570c76c
--- /dev/null
+++ b/tests/pcap/http-lines-split.pcap
diff --git a/tests/result/http-lines-split.pcap.out b/tests/result/http-lines-split.pcap.out
new file mode 100644
index 000000000..99f6f1415
--- /dev/null
+++ b/tests/result/http-lines-split.pcap.out
@@ -0,0 +1,3 @@
+HTTP	14	2503	1
+
+	1	TCP 192.168.0.1:39236 <-> 192.168.0.20:31337 [proto: 7/HTTP][cat: Web/5][7 pkts/481 bytes <-> 7 pkts/2022 bytes][Goodput ratio: 14/81][0.00 sec][Host: toni.lan][bytes ratio: -0.616 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 0/1 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 69/289 92/1514 12/503][URL: toni.lan:31337/][StatusCode: 200][User-Agent: uclient-fetch][Risk: ** Known protocol on non standard port **** HTTP Suspicious User-Agent **][PLAIN TEXT (GET / HTTP/1.1)][Plen Bins: 40,20,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0]