HTTP parser misses a number of important cases

[GoogleCodeExporter]

I realise this library probably isn't actively maintained, and was probably 
written for a fairly specific purpose.  Nonetheless, I feel it important to 
note for others who may be considering this library for parsing HTTP that the 
included HTTP parser misses a number of important cases.

Most notably, the parser does not handle chunked transfer encoding 
(http://en.wikipedia.org/wiki/Chunked_transfer_encoding) - the parser simply 
looks for a Content-Length header.  Also, the parser simply looks for the 
occurrence of "HTTP/1.1 " (yes, that's a space after the last 1) to find where 
the response starts.  It's technically possible for that string to occur 
elsewhere though in a request header, or if it's a POST request for example, it 
might be in the body of the request.  I don't know if the parser was designed 
with methods other than GET in mind, but the possibility of "HTTP/1.1 " 
appearing in a request header is still a valid concern.  

Summary:
Best I can tell, pcap-reconst provides what I assume is robust TCP 
reconstruction, but the included HTTP parser should not be relied upon for 
robust parsing of HTTP.

Original issue reported on code.google.com by bryce.m....@gmail.com on 2 Feb 2012 at 1:48

[GoogleCodeExporter]

I am evaluating this package. Is there a fix around this problem ?

Original comment by krishna....@softwingtech.com on 7 Dec 2012 at 12:08

[GoogleCodeExporter]

I needed something like this so I've forked the project and have fixed a lot of 
the bugs with HTTP parsing and tcp resequencing.  You can find the fork at 
https://github.com/cjneasbi/pcap-reconst .

Original comment by chris.neasbitt@gmail.com on 12 Feb 2013 at 10:22