Suricata

We are seeing two related behaviors that are occurring even when we are not exceeding the stream reassembly memcap limit:

- The stream reassembly memcap exception policy can be applied despite not reaching the memcap
- We see the stats counter called segment_memcap_drop incrementing despite not reaching the memcap

We need Suricata to independently verify, but from my reading it appears that some non memory-related error handling within the stream reassembly can also be incorrectly counted as out-of-memory errors. The exception policy contains a comment [1] noting that all failures here are caused by a memcap hit, but I have found what look like two possible cases ([2] and [3]) where other unrelated error handling deeper down can cause this to happen. There may be other cases as well.

[1] https://github.com/OISF/suricata/blob/master-6.0.x/src/stream-tcp-reassemble.c#L1903-L1905
[2] https://github.com/OISF/suricata/blob/master-6.0.x/src/stream-tcp-list.c#L173
[3] https://github.com/OISF/suricata/blob/master-6.0.x/src/util-streaming-buffer.c#L703