stream: improve flow end payload logging

Use all available data, including un-ACK'd, when in flow timeout
mode.

Bug: #5276.

diff --git a/src/stream-tcp.c b/src/stream-tcp.c
index eea743d3c9bf129c89bafc24004145ca6a58c9c3..2bbcafccf272090943dad1c99c113e850d37ef5a 100644 (file)
--- a/src/stream-tcp.c
+++ b/src/stream-tcp.c
@@ -6341,9 +6341,16 @@ int StreamTcpSegmentForEach(const Packet *p, uint8_t flag, StreamSegmentCallback
     /* for IDS, return ack'd segments. For IPS all. */
     TcpSegment *seg;
     RB_FOREACH(seg, TCPSEG, &stream->seg_tree) {
-        if (!((stream_config.flags & STREAMTCP_INIT_FLAG_INLINE)
-                    || SEQ_LT(seg->seq, stream->last_ack)))
-            break;
+        if (!(stream_config.flags & STREAMTCP_INIT_FLAG_INLINE)) {
+            if (PKT_IS_PSEUDOPKT(p)) {
+                /* use un-ACK'd data as well */
+            } else {
+                /* in IDS mode, use ACK'd data */
+                if (SEQ_GEQ(seg->seq, stream->last_ack)) {
+                    break;
+                }
+            }
+        }
 
         const uint8_t *seg_data;
         uint32_t seg_datalen;