TCP Retransmissions

Ordinarily, you're a terrible place to get code, /prog/, but I must yield.

I'm having trouble with AES encryption increasing on packet retransmissions, so I obviously must detect and discard retransmissions for encryption purposes. Since I'm using WinPcap, I figured that Ethereal would be a good place to go to see how it detects these events. I was wrong.

Example: http://pastebin.com/d165a8f15 ^[1]

I can't tell what the shit is going on with such ugly C code. Any of you have an enterprise-level solution to retransmission detection? Thanks for your time.

¹: As accessed on 4 JAN 09 at 10 PM CST. It will evaporate within 24 hours.

It will evaporate within 24 hours.
So it's just a Torch with no Reiji Maigo.

HOLY SHIT A REAL QUESTION
GO DO YOUR OWN HOMEWORK FAG
READ SICP. PROBLEM SOLVED.

I can't tell what the shit is going on with such ugly C code.
it could be much worse. it could be python or lisp. those languages are completely write-only.

>>3
It's not homework.

>>4
Yes, it could be. However, this does not justify it being hideous in the first place.

>>5
it's actually very readable code. if you can't figure it out you're an idiot.

>>6
One word: The unforgivable use of goto. Thread over.

>>7
Only faggots and sailors worry about the use of the almighty goto, and you don't look like much of a sailor so that kind of narrows it down...

Goto is very useful.
The point it when you can use conventional control structures you should use them and leave gotos to case when its required.
An algorithm with gotos replaced with equivalent structures will run slower(sometimes significantly,as goto skips parts of code which are run usually).

>>1
You just don't know how to read C:

#
        /* RETRANSMISSION/FAST RETRANSMISSION/OUT-OF-ORDER
#
         * If the segments contains data and if it does not advance
#
         * sequence number it must be either of these three.
#
         * Only test for this if we know what the seq number should be
#
         * (tcpd->fwd->nextseq)
#
         *
#
         * Note that a simple KeepAlive is not a retransmission
#
         */
#
        if( seglen>0
#
        &&  tcpd->fwd->nextseq
#
        &&  (LT_SEQ(seq, tcpd->fwd->nextseq)) ){
#
                guint32 t;
#
 
#
                if(tcpd->ta && (tcpd->ta->flags&TCP_A_KEEP_ALIVE) ){
#
                        goto finished_checking_retransmission_type;
#
                }
#
 
#
                /* If there were >=1 duplicate ACKs in the reverse direction
#
                 * (there might be duplicate acks missing from the trace)
#
                 * and if this sequence number matches those ACKs
#
                 * and if the packet occurs within 20ms of the last
#
                 * duplicate ack
#
                 * then this is a fast retransmission
#
                 */
#
                t=(pinfo->fd->abs_ts.secs-tcpd->rev->lastacktime.secs)*1000000000;
#
                t=t+(pinfo->fd->abs_ts.nsecs)-tcpd->rev->lastacktime.nsecs;
#
                if( tcpd->rev->dupacknum>=1
#
                &&  tcpd->rev->lastack==seq
#
                &&  t<20000000 ){
#
                        if(!tcpd->ta){
#
                                tcp_analyze_get_acked_struct(pinfo->fd->num, TRUE, tcpd);
#
                        }
#
                        tcpd->ta->flags|=TCP_A_FAST_RETRANSMISSION;
#
                        goto finished_checking_retransmission_type;
#
                }
#
 
#
                /* If the segment came <3ms since the segment with the highest
#
                 * seen sequence number, then it is an OUT-OF-ORDER segment.
#
                 *   (3ms is an arbitrary number)
#
                 */
#
                t=(pinfo->fd->abs_ts.secs-tcpd->fwd->nextseqtime.secs)*1000000000;
#
                t=t+(pinfo->fd->abs_ts.nsecs)-tcpd->fwd->nextseqtime.nsecs;
#
                if( t<3000000 ){
#
                        if(!tcpd->ta){
#
                                tcp_analyze_get_acked_struct(pinfo->fd->num, TRUE, tcpd);
#
                        }
#
                        tcpd->ta->flags|=TCP_A_OUT_OF_ORDER;
#
                        goto finished_checking_retransmission_type;
#
                }
#
 
#
                /* Then it has to be a generic retransmission */
#
                if(!tcpd->ta){
#
                        tcp_analyze_get_acked_struct(pinfo->fd->num, TRUE, tcpd);
#
                }
#
                tcpd->ta->flags|=TCP_A_RETRANSMISSION;
#
                nstime_delta(&tcpd->ta->rto_ts, &pinfo->fd->abs_ts, &tcpd->fwd->nextseqtime);
#
                tcpd->ta->rto_frame=tcpd->fwd->nextseqframe;
#
        }

You'll need to review all of the struct definitions and related functions to actually make any use of the code, but it provides a fairly concise example of the detection process.

>>9
An algorithm with gotos replaced with equivalent structures will run slower
Except for something called ``pipelining''. Sorry, bud.

>>9
When you can't use conventional control structures it's time to invent a new one, not to use gotos right there in the code.

>>12
You have been brainwashed.

freeyourmind

>>13
You don't think it would be better to solve the control problem once in a general way rather than pepper ad-hoc gotos around? Learn to abstract.

>>1-14
WHBT

>>15
WHBTO

Paste's 404. You need to keep a state for all TCP connections. Better yet, tunnel yer packets in UDP for graet justice.

>>11
Whut?

Both goto and if/else becomes jcc in ASM anyway. Which one is faster depends on the ASM-representation and could go either way, or if your compiler is good enough, neither way.

Also, modern CPUs use branch predictions to fill the pipeline.

>>18
A static Goto "label"  is far easier to pipeline then any of the control structures/conditionals which replace it.

>>18
Well, if your assuming x86 assembly, than all bets are off. Go ahead and make inapropriate generalizations from one particular ASM langugage. I won't stop you.

>>19
GET OUT

>> 20

Not to mention there are many pipelining/branch-prediction/whatever implementations for given architecture so microoptimizing for a particular one is a waste of time.

>> 21

NO U

>>22
a JMP 'static address' vs
JMP (conditional on boolean with checks).
The former can be predicted very well(if code reaches the place).
The latter depends on external variables.

>>23
EXPERT PROGRAMMER

>>23
The latter depends on external variables.
That's why it's called branch prediction, you fucking asspie. That's the whole point of the fucking thing. Damn trolls...

>>25
Its harder to predict an external variable then inline number(which can be pipelined directly).
Please read >>23 carefully.

>>26
Dear moron, branch prediction isn't about guessing where a branch will lead, it's about predicting wether or not a branch will be taken. Go get informed, you fucking cunt.

http://en.wikipedia.org/wiki/Branch_target_predictor

>>28
Branch target prediction is not the same as branch prediction

>>29
And i never claimed they are the same.
 Just that unconditional direct JMPs are faster.
Please read >>23 carefully.

>>30
JMP (conditional on boolean with checks)
What the fuck does that even mean? You use JCC 'jump offset' in a conditional jump, not JMP.

>>31
Its for clarity: see http://en.wikipedia.org/wiki/JMP_%28x86_instruction%29
There several kinds of JMP instruction beginning with J

Kriss Kross Gonna Make You  JMP JMP

Jxx     Jump if condition     (JA, JAE, JB, JBE, JC, JCXZ, JE, JG, JGE, JL, JLE, JNA, JNAE, JNB, JNBE, JNC, JNE, JNG, JNGE, JNL, JNLE, JNO, JNP, JNS, JNZ, JO, JP, JPE, JPO, JS, JZ)
JMP     Jump

>>32
EXPERT TROLL

Listing from http://www.laynetworks.com/assembly%20tutorials3.htm
Jump instructions

They are used to transfer the flow of the process to the indicated
operator.

JMP
JA (JNBE)
JAE (JNBE)
JB (JNAE)
JBE (JNA)
JE (JZ)
JNE (JNZ)
JG (JNLE)
JGE (JNL)
JL (JNGE)
JLE (JNG)
JC
JNC
JNO
JNP (JPO)
JNS
JO
JP (JPE)
JS

JMP INSTRUCTION

Purpose: Unconditional jump.

Syntax:

JMP destiny

This instruction is used to deviate the flow of a program without taking into account the actual conditions of the flags or of the data.

JA (JNBE) INSTRUCTION

Purpose: Conditional jump.

Syntax:

JA Label

After a comparison this command jumps if it is or jumps if it is not down or if not it is the equal.

This means that the jump is only done if the CF flag is deactivated or if the ZF flag is deactivated, that is that one of the two be equal to zero.

JAE (JNB) INSTRUCTION

Purpose: Conditional jump.

Syntax:

JAE label

It jumps if it is or it is the equal or if it is not down.

The jump is done if CF is deactivated.

JB (JNAE) INSTRUCTION

Purpose: Conditional jump.

Syntax:

JB label

It jumps if it is down, if it is not , or if it is the equal.

The jump is done if CF is activated.

JBE (JNA) INSTRUCTION

Purpose: Conditional jump.

Syntax:

JBE label

It jumps if it is down, the equal, or if it is not .

The jump is done if CF is activated or if ZF is activated, that any of them
be equal to 1.

JE (JZ) INSTRUCTION

Purpose: Conditional jump.

Syntax:

JE label

It jumps if it is the equal or if it is zero.

The jump is done if ZF is activated.

JNE (JNZ) INSTRUCTION

Purpose: Conditional jump.

Syntax:

JNE label

It jumps if it is not equal or zero.

The jump will be done if ZF is deactivated.

JG (JNLE) INSTRUCTION

Purpose: Conditional jump, and the sign is taken into account.

Syntax:

JG label

It jumps if it is larger, if it is not larger or equal.

The jump occurs if ZF = 0 or if OF = SF.

JGE (JNL) INSTRUCTION

Purpose: Conditional jump, and the sign is taken into account.

Syntax:

JGE label

It jumps if it is larger or less than, or equal to.

The jump is done if SF = OF


JL (JNGE) INSTRUCTION

Purpose: Conditional jump, and the sign is taken into account.

Syntax:

JL label

It jumps if it is less than or if it is not larger than or equal to.

The jump is done if SF is different than OF.

JLE (JNG) INSTRUCTION

Purpose: Conditional jump, and the sign is taken into account.

Syntax:

JLE label

It jumps if it is less than or equal to, or if it is not larger.

The jump is done if ZF = 1 or if SF is defferent than OF.

JC INSTRUCTION

Purpose: Conditional jump, and the flags are taken into account.

Syntax:

JC label

It jumps if there is cartage.

The jump is done if CF = 1

JNC INSTRUCTION

Purpose: Conditional jump, and the state of the flags is taken into
account.

Syntax:

JNC label

It jumps if there is no cartage.

The jump is done if CF = 0.

JNO INSTRUCTION

Purpose: Conditional jump, and the state of the flags is taken into
account.

Syntax:

JNO label

It jumps if there is no overflow.

The jump is done if OF = 0.

JNP (JPO) INSTRUCTION

Purpose: Conditional jump, and the state of the flags is taken into
account.

Syntax:

JNP label

It jumps if there is no parity or if the parity is uneven.

The jump is done if PF = 0.

JNS INSTRUCTION

Purpose: Conditional jump, and the state of the flags is taken into account.

Syntax:

JNP label

It jumps if the sign is deactivated.

The jump is done if SF = 0.

JO INSTRUCTION

Purpose: Conditional jump, and the state of the flags is taken into account.

Syntax:

JO label

It jumps if there is overflow.

The jump is done if OF = 1.

JP (JPE) INSTRUCTION

Purpose: Conditional jump, the state of the flags is taken into account.

Syntax:

JP label

It jumps if there is parity or if the parity is even.

The jump is done if PF = 1.

JS INSTRUCTION

Purpose: Conditional jump, and the state of the flags is taken into account.

Syntax:

JS label

It jumps if the sign is on.

The jump is done if SF = 1.

>>34
No shit, motherfucker. JMP (conditional on boolean with checks) still makes no fucking sense. Why don't you explain what the fuck you mean by that?

>>20
What about my assuming?

>>20
What about my assuming?

>>37
i meant to write:
JMP (conditional or boolean with checks)
Its just better looking then Jcc which is cryptic.

>>40
So fucking what? The target will be inlined in Jcc just as in JMP.  No fucking target prediction.

There is difference:
example JMP :
"This instruction is used to deviate the flow of a program without taking into account the actual conditions of the flags or of the data."
exmaple JA Label
"This means that the jump is only done if the CF flag is deactivated or if the ZF flag is deactivated, that is that one of the two be equal to zero."

Which one is faster?

>>42
With branch prediction, none is faster.

>>43
Its faster to inline direct JMPs then predict what conditional/boolean JMP will do.

>>42
Also what the fuck does that have to do with gotos being faster than regular control structures anyway? You must be talking about using goto to leave inner loops or shit like that. That doesn't have anything to do with JMP being faster than Jcc. Just fucking die already, you fucking /g/-dwelling troll.

>>18 says "Both goto and if/else becomes jcc in ASM anyway"
Which is plain wrong. Goto can compile to direct JMPs
in QBasic:
goto "end"
goto 20;

"You must be talking about using goto to leave inner loops or shit like that." Thats just like >>18 thinks

>>44
Why the fuck would you even make that comparison? What the fuck is your fucking point anyway? Also why don't you fucking write clearly, you fucking asspie? Is Enlish not your 1st language or something? God damn...

>>47
English is my third language, however due constant practice i write very well.

>>46
My god, you fucking robot. What the fuck do you mean by gotos being faster than control structures then?

>>48
Oh, believe me, you don't. Not even close.

>>49
I'm not sure if its worth explaining if you can't understand what i say.see http://en.wikipedia.org/wiki/Goto
this post quoted:
http://kerneltrap.org/node/553/2131

"Used over short distances with well-documented labels, a "goto" can be more
effective, faster, and cleaner than a series of complex flags or other
constructs. The "goto" may also be safer and more intuitive than the
alternative. A "break" is a goto; a "continue" is a "goto" -- these are
statements that move the point of execution explicitly.
"

>>51
That's what I said in >>45, you cunt.

another quote from above:
That said, I have used exactly two "goto" statements in all the lines of C,
C++, Fortran 95, and (yes) COBOL I've written since leaving BASIC and
Fortran IV behind. In one case, a single "goto" doubled the speed of a
time-critical application; in the other case, "goto" shortens a segment of
code by half and makes the algorithm much clearer. I would not use a goto
willy-nilly for the fun of it -- unless I was entering an obfuscated code
contest ;)

We keep lowering the bar for technical prowess, it seems; if something has
the potential to be used "wrong", high-minded designers remove the offending
syntax rather than find or train competent programmers. This is why Java
removes pointers (among other things) -- it's not that pointers aren't
useful or efficient, it's that they require discipline from programmers.

Just because something is dogma doesn't mean it is absolute truth. If
anything, dogma should be sniffed quite carefully, since it tends to be
rather rank if you get close enough. Removing goto is a religious choice,
not a technical one.

I could draw parallels with idiotic laws in general society, but this
message is already marginal for this list.

STOP. TALKING. TO. HIM. YOU. STUPID. FUCKERS.

STOP SEEING HIS POSTS YOU STUPID FUCKERS

    STOP SEEING MY POSTS YOU STUPID FUCKERS

STOP PEEING MY GHOSTS YOU STUPID FUCKERS

Why don't you use a JAVASCRIPT-based solution if you want to stop seeing them?

Meanwhile, back on the farm
>>1
Trying to read and understand code can often be difficult for large or complicated projects (I tried to read through parts of ffmpeg once open source? more like why the fuck do I need to document anything?).

Try running the project through Doxygen to make it easier to to cross-reference. of course that didn't make ffmpeg any easier to understand

There's also a program I ran across once whose sole purpose was for reading, browsing, and cross-referencing C/C++ code. Don't have the link on my atm.

>>59
learn c, problem solved.

This thread has been closed and replaced with the following thread:

Subject: Discharges
Name: Leah Culver
Email: leah@vox.com

Body:

Hi guys, I know that you are mostly guys, but I hope there is at least one girl here that is able to help me. I have been having vaginal discharges recently. The discharge is a green-ish color and smells like cottage cheese mixed with coffee. Any help appreciated.

>>60
Brilliant, I managed to learn C in the last hour and can now read this <http://cekirdek.pardus.org.tr/~ismail/ffmpeg-docs/mdec_8c-source.html>; with perfect clarity. My understanding of the code is deep and insightful. Why, I already identified dozens of bugs and can see the purpose of meaning within the delimiters.

0/10

It doesn't matter anyway because reconstructing a tcp data stream is fucking trivial.  You don't ``detect retransmissions'', you just copy down the byte ranges you see and consume everything up to the first hole.

>>64
Not really debug, just maintain the integrity of.

Currently, I check the current packet in any given direction for being exactly the same as the previous packet in the same directional sequence, but this does not seem to be enough.

>>66
I tried creating a class that contains 20 sequence numbers (arbitrary number that I figured was "good enough") and each time I receive a packet, I assign the sequence number to this array.

When I receive the 20th packet, it resets the index so it should be a rolling window.

However, when I check for matches of the current sequence number, it would seem that either it fails or somehow the code skips that if.

I've had it check to see if there's a match for the direction of the packet and I've had a single unit for sequence testing. Neither works. It's supposed to be: If a sequence number matches, then nothing happens until it gets the next packet.

What does happen is the encryption breaks nearly immediately. So either sequence numbers are matching when they aren't supposed to or they aren't matching when they are.

Logically, it's structured in the way that <capture device> <-> <session encryption/decryption/distribution> <-> <data interfacing>.

This means that it doesn't account for packets that don't get fed into the session. Ideas?

>>67
First line may be a bit ambiguous. I only assign sequence numbers if no matches are found first.

Not really. Testing on my home network connecting to an enterprise network at the moment. Interestingly enough, the stream that goes from here to there breaks first 100% of the time with my last version.

I moved the code to the dispatch spot instead of a higher scope and it seems to be faring much better. I also increased the number to 200.

However, I still have increased issues with just plain not dispatching any more packets period. On a positive note, it doesn't seem like the encryption is falsely increasing .. in my limited testing.

>>70
Still yields broken streams. I don't think this particular implementation of sequence checking is going to work out.

>>68
Are you assigning your own sequence numbers? You need to use the TCP sequence number from the TCP header to detect retransmissions.

>>73
I was using the TCP sequence numbers.

>>74
EXPERT TCP PROGRAMMER

Are you GAY?
Are you a NIGGER?
Are you a GAY NIGGER?

If you answered "Yes" to all of the above questions, then GNAA (GAY NIGGER ASSOCIATION OF AMERICA) might be exactly what you've been looking for!

<-- check em dubz

bump