flush ordered coalesce of olde connections using a timeout

[david415]

trafficstars

Connections that receive out-of-order packets will try to coalesce these packets until they receive the "next sequence" that they've been waiting for; then these contiguous TCP segments are pushed to the "stream"... However we must set a limit to the amount of time we are willing to await the "next sequence"... and if max time has been reached we skip over this next sequence and flush contiguous coalesced packets up to the assembled stream.

Put it another way: gopacket.tcpassembly has got some excellent design... and in their API FlushOlderThan is used for this purpose.

[david415]

Space boundaries are obviously safer than time boundaries for avoiding a DoS. Therefore this ticket is very low priority.

[david415]

it turns out that we need to do this correctly to fix a bug with analyzing pcap files. it other words... a pcap file could represent a tcp stream with out of order packets... the "next Sequence" gap may never be filled... but we should still analyze those packets for injection overlap case. and further we should push the stream segments along our normal processing pipeline.

this eventual action of pushing uncoalesced out of order TCP stream segments should then be triggered by the timestamp that is paired with the packet. when processing a pcap file we will utilize the timestamp found in the pcap file, when doing live packet capture we can use the wall clock.