stream: improve overlap detection

Improve detection of overlapping different data. Keep some data around
even if it was already ACK'd to check if packets have overlap.

diff --git a/src/stream-tcp-list.c b/src/stream-tcp-list.c
index a9c7cc7cd294c34e3e65aabb940fde9cb39a3167..ae9c50b4a5e8fb69700b10767e6dfceb25436565 100644 (file)
--- a/src/stream-tcp-list.c
+++ b/src/stream-tcp-list.c
@@ -687,6 +687,18 @@ static inline uint64_t GetLeftEdge(TcpSession *ssn, TcpStream *stream)
             last_ack_abs += delta;
         }
         left_edge = MIN(left_edge, last_ack_abs);
+
+    /* if we're told to look for overlaps with different data we should
+     * consider data that is ack'd as well. Injected packets may have
+     * been ack'd or injected packet may be too late. */
+    } else if (check_overlap_different_data) {
+        uint32_t window = stream->window ? stream->window : 4096;
+        if (window < left_edge)
+            left_edge -= window;
+        else
+            left_edge = 0;
+
+        SCLogDebug("stream:%p left_edge %"PRIu64, stream, left_edge);
     }
 
     if (left_edge > 0) {