I think it would be a good idea to add a flag to each state entry which gets set only when the state has seen the complete handshake, so states which have missed (part of) the TCP handshake can be clearly marked in pfctl -vss output.
It's a nice feature if pf can pick up ongoing connections (after a reboot, for instance), but this is going to cause more and more confusion (if not done intentionally) now that wscale becomes more prominent. Post-3.6, obviously :) Daniel
