stream: improve retransmission detection

Consider packets starting before last_ack and ending after it also
to be retransmissions. This way we can see if they are having
different data.

diff --git a/src/stream-tcp.c b/src/stream-tcp.c
index a4dcf41443eeb10944325a15ee2e0cf99c76b04f..9dce70709ee3307034a1890bea8de4402a87efdf 100644 (file)
--- a/src/stream-tcp.c
+++ b/src/stream-tcp.c
@@ -798,6 +798,13 @@ static int StreamTcpPacketIsRetransmission(TcpStream *stream, Packet *p)
     if (p->payload_len == 0)
         SCReturnInt(0);
 
+    /* retransmission of already partially ack'd data */
+    if (SEQ_LT(TCP_GET_SEQ(p), stream->last_ack) && SEQ_GT((TCP_GET_SEQ(p) + p->payload_len), stream->last_ack))
+    {
+        StreamTcpSetEvent(p, STREAM_PKT_RETRANSMISSION);
+        SCReturnInt(1);
+    }
+
     /* retransmission of already ack'd data */
     if (SEQ_LEQ((TCP_GET_SEQ(p) + p->payload_len), stream->last_ack)) {
         StreamTcpSetEvent(p, STREAM_PKT_RETRANSMISSION);
@@ -810,8 +817,8 @@ static int StreamTcpPacketIsRetransmission(TcpStream *stream, Packet *p)
         SCReturnInt(2);
     }
 
-    SCLogDebug("seq %u payload_len %u => %u, last_ack %u", TCP_GET_SEQ(p),
-            p->payload_len, (TCP_GET_SEQ(p) + p->payload_len), stream->last_ack);
+    SCLogDebug("seq %u payload_len %u => %u, last_ack %u, next_seq %u", TCP_GET_SEQ(p),
+            p->payload_len, (TCP_GET_SEQ(p) + p->payload_len), stream->last_ack, stream->next_seq);
     SCReturnInt(0);
 }