For sequence number purposes, ... the FIN is considered to occur after the last actual data octet in a segment in which it occurs.
When a segment with a FIN flag is detected, PcapTools::TcpProcessor currently ends stream reassembly without processing data from that segment. This causes the reassembled stream to be truncated when a segment containing data with a FIN flag is encountered.
This pull request changes the order of processing such that the data is appended to the stream prior to checking for and processing the FIN and RST flags.
A TCP segment that has the FIN flag set may also contain data. The following segment contains 848 octets of data and has the FIN flag set:
RFC 793 states that:
When a segment with a FIN flag is detected,
PcapTools::TcpProcessorcurrently ends stream reassembly without processing data from that segment. This causes the reassembled stream to be truncated when a segment containing data with a FIN flag is encountered.This pull request changes the order of processing such that the data is appended to the stream prior to checking for and processing the FIN and RST flags.