stream: improve tracking with pkt loss in async

If 3whs SYN/ACK and ACK are missing we can still pick up the session if
in async-oneside mode.

-> syn
<- syn/ack <= missing
-> ack     <= missing
-> data

Bug 1190.

diff --git a/src/stream-tcp.c b/src/stream-tcp.c
index 662fcc2bf6628f080eec1a6450bff968e1097f3e..275d799f4a4c0cefcd541e8aa42e818f80d66324 100644 (file)
--- a/src/stream-tcp.c
+++ b/src/stream-tcp.c
@@ -1481,8 +1481,11 @@ static int StreamTcpPacketStateSynSent(ThreadVars *tv, Packet *p,
                 ,ssn, TCP_GET_SEQ(p), p->payload_len, TCP_GET_SEQ(p)
                 + p->payload_len, ssn->client.next_seq);
 
-        ssn->client.wscale = TCP_WSCALE_MAX;
-        ssn->server.wscale = TCP_WSCALE_MAX;
+        /* if SYN had wscale, assume it to be supported. Otherwise
+         * we know it not to be supported. */
+        if (ssn->flags & STREAMTCP_FLAG_SERVER_WSCALE) {
+            ssn->client.wscale = TCP_WSCALE_MAX;
+        }
 
         /* Set the timestamp values used to validate the timestamp of
          * received packets.*/
@@ -1501,6 +1504,9 @@ static int StreamTcpPacketStateSynSent(ThreadVars *tv, Packet *p,
             ssn->flags |= STREAMTCP_FLAG_SACKOK;
         }
 
+        StreamTcpReassembleHandleSegment(tv, stt->ra_ctx, ssn,
+                &ssn->client, p, pq);
+
     } else {
         SCLogDebug("ssn %p: default case", ssn);
     }