Tstat can produce a "log_http_complete" file which logs information from every 
HTTP request and response.
It is NOT generated by default, so it must be explicitly activated with
the directive in runtime.conf.

All the segments of the flow are checked for content, but only those containing
the HTTP Request and the HTTP Response messages are actually parsed to 
extract the information. For each Request/Response exchange (even on the same 
flow), only up to two segments in each direction are parsed.
For the first message on each side, the content is registered under 
either the method name (GET/POST/HEAD/PUT/...) for the requests, or the string
"HTTP" for the responses.
When the request header (or the response header) extends over more than one segment,
also the second one is parsed and its content is registered as "REQ2" for requests, 
and as "RES2" for responses.
If a relevant field was truncated in the first segment, the trailing content 
of the second segment is reported in the corresponding field of the "REQ2" and "RES2"
row. 

To reduce possible privacy issues, the fields "URL Path", "Referer", and "Location"
are subject to the "http_full_url" parameter.
By default "http_full_url = 0", the "URL Path" is always empty/invalid ("-"), and
only the base HTTP and HTTPS URLs (scheme+authority) are registered in the "Referer" and 
"Location" fields. URLs with different schemes are always removed.
Using "http_full_url = 1" the URL fields are truncated to the actual path part of the URL, 
removing any parameter after the '?' character. 
To record the complete fields, the directive "http_full_url = 2" must be used in
runtime.conf. 
The "http_full_url" parameter currently controls also the privacy issues associated 
to the "Cookie" and "Set-Cookie" fields, so that they are registered only 
if "http_full_url = 2"
(Rationale: if I'm not worried for the privacy in the URLs, I'm not worried for 
the privacy in the cookie-related fields)

The "log_http_complete" file differs from the other tstat log_* logs for two 
features:
- fields in each row are TAB separated and not space separated (this because 
some fields will contain spaces)
- C2S and S2C rows have different information, and a different number of fields. 

Special attention should be payed when postprocessing the log_http_complete file 
because, due to  the general regular expressions (that just exclude ASCII control 
characters) used to parse the headers, it is possible for non-ASCII characters to 
appear in the file. This includes both possibly harmless accented characters 
(e.g. in localized URLs or in the User Agent string), and generic non-ASCII values 
(e.g. in wrongly parsed REQ2 or RES2 segments due to packet misorderings or losses).

Here it follows a brief description of the columns.

############################################################################
# C2S # S2C # Short desc.            # Unit # Long description                       
############################################################################
#  1  #  1  # Client IP addr         # -     # IP addresses of the client (sending the request/receiving the response)
#  2  #  2  # Client TCP port        # -     # TCP port addresses for the client
#  3  #  3  # Server IP addr         # -     # IP addresses of the server (receiving the request/sending the response)
#  4  #  4  # Server TCP port        # -     # TCP port addresses for the server
#  5  #  5  # Segment time abs       # s     # Absolute time [s] (epoch) of the request/response 
############################################################################
#  6  #     # Request method         # -     # Request method (GET/POST/HEAD/...) or "REQ2" [*]
#  7  #     # Hostname               # -     # Value of the "Host:" HTTP request field
#  8  #     # FQDN                   # -     # DN-Hunter cached DNS name [^]
#  9  #     # URL Path               # -     # URL request path
# 10  #     # Referer                # -     # Value of the "Referer:" HTTP request field
# 11  #     # User agent             # -     # Value of the "User-Agent:" HTTP request field
# 12  #     # Cookie                 # -     # Value of the "Cookie:" HTTP request field
# 13  #     # Do Not Track           # -     # Value of the "DNT:" HTTP request field
############################################################################
#     #  6  # Response string        # -     # Response identifier (either "HTTP" or "RES2") [*]
#     #  7  # Response code          # -     # HTTP response code (2xx/3xx/4xx/5xx)
#     #  8  # Content len            # bytes # Value of the "Content-Length:" HTTP response field 
#     #  9  # Content type           # -     # Value of the "Content-Type:" HTTP response field
#     # 10  # Server                 # -     # Value of the "Server:" HTTP response field
#     # 11  # Range                  # -     # Value of the "Content-Range:" HTTP response field for partial content (Code 206)
#     # 12  # Location               # -     # Value of the "Location:" HTTP response field for redirected content (Code 302)
#     # 13  # Set Cookie             # -     # Value of the "Set-Cookie:" HTTP response field
############################################################################

[*] Column 6 can be used to distinguish between S2C Responses (for which there is either the string "HTTP"
or the string "RES2"), and C2S Requests (identified by a HTTP method (GET/POST/HEAD/...) or by the string "REQ2")
[^] The DN-Hunter FQDN is not included if DN-Hunter has been disabled at compilation time
