app-layer/tcp: don't use un-ACK'd data

Still use un-ACK'd data in unclean shutdown. This means any state
before TCP_CLOSED, or TCP_CLOSED that was caused by a RST.

diff --git a/src/stream-tcp-reassemble.c b/src/stream-tcp-reassemble.c
index 5546811d7d57334bdb256f95df743f4515a98b2a..9c4371cb03d683d6f8b3bbc8a07f624a37943304 100644 (file)
--- a/src/stream-tcp-reassemble.c
+++ b/src/stream-tcp-reassemble.c
@@ -1034,14 +1034,20 @@ static inline bool CheckGap(TcpSession *ssn, TcpStream *stream, Packet *p)
     return false;
 }
 
-static inline uint32_t AdjustToAcked(const Packet *p, const TcpStream *stream,
+static inline uint32_t AdjustToAcked(const Packet *p,
+        const TcpSession *ssn, const TcpStream *stream,
         const uint64_t app_progress, const uint32_t data_len)
 {
     uint32_t adjusted = data_len;
 
     /* get window of data that is acked */
     if (StreamTcpInlineMode() == FALSE) {
-        if (p->flags & PKT_PSEUDO_STREAM_END) {
+        SCLogDebug("ssn->state %s", StreamTcpStateAsString(ssn->state));
+        if ((ssn->state < TCP_CLOSED ||
+                    (ssn->state == TCP_CLOSED &&
+                     (ssn->flags & STREAMTCP_FLAG_CLOSED_BY_RST) != 0)) &&
+                (p->flags & PKT_PSEUDO_STREAM_END))
+        {
             // fall through, we use all available data
         } else {
             uint64_t last_ack_abs = STREAM_BASE_OFFSET(stream);
@@ -1132,7 +1138,7 @@ static int ReassembleUpdateAppLayer (ThreadVars *tv,
                 *stream, &(*stream)->sb, mydata_len, app_progress);
 
         /* get window of data that is acked */
-        mydata_len = AdjustToAcked(p, *stream, app_progress, mydata_len);
+        mydata_len = AdjustToAcked(p, ssn, *stream, app_progress, mydata_len);
         if (mydata_len == 0)
             SCReturnInt(0);