stream: improve flow end payload logging

Use all available data, including un-ACK'd, when in flow timeout
mode.

Bug: #5276.
(cherry picked from commit c40df43609becc467e86d756098829b3174c80c7)

diff --git a/src/stream-tcp.c b/src/stream-tcp.c
index 98ae70ee5c899a8c7eb3a6996d7146013d18417c..e9dfecfc0ef26fc9b6d1876887b15f6e46895b96 100644 (file)
--- a/src/stream-tcp.c
+++ b/src/stream-tcp.c
@@ -6269,9 +6269,16 @@ int StreamTcpSegmentForEach(const Packet *p, uint8_t flag, StreamSegmentCallback
     /* for IDS, return ack'd segments. For IPS all. */
     TcpSegment *seg;
     RB_FOREACH(seg, TCPSEG, &stream->seg_tree) {
-        if (!((stream_config.flags & STREAMTCP_INIT_FLAG_INLINE)
-                    || SEQ_LT(seg->seq, stream->last_ack)))
-            break;
+        if (!(stream_config.flags & STREAMTCP_INIT_FLAG_INLINE)) {
+            if (PKT_IS_PSEUDOPKT(p)) {
+                /* use un-ACK'd data as well */
+            } else {
+                /* in IDS mode, use ACK'd data */
+                if (SEQ_GEQ(seg->seq, stream->last_ack)) {
+                    break;
+                }
+            }
+        }
 
         const uint8_t *seg_data;
         uint32_t seg_datalen;