TCP Retransmissions

Ordinarily, you're a terrible place to get code, /prog/, but I must yield.

I'm having trouble with AES encryption increasing on packet retransmissions, so I obviously must detect and discard retransmissions for encryption purposes. Since I'm using WinPcap, I figured that Ethereal would be a good place to go to see how it detects these events. I was wrong.

Example: http://pastebin.com/d165a8f15 ^[1]

I can't tell what the shit is going on with such ugly C code. Any of you have an enterprise-level solution to retransmission detection? Thanks for your time.

¹: As accessed on 4 JAN 09 at 10 PM CST. It will evaporate within 24 hours.

It will evaporate within 24 hours.
So it's just a Torch with no Reiji Maigo.

HOLY SHIT A REAL QUESTION
GO DO YOUR OWN HOMEWORK FAG
READ SICP. PROBLEM SOLVED.

I can't tell what the shit is going on with such ugly C code.
it could be much worse. it could be python or lisp. those languages are completely write-only.

>>3
It's not homework.

>>4
Yes, it could be. However, this does not justify it being hideous in the first place.

>>5
it's actually very readable code. if you can't figure it out you're an idiot.

>>6
One word: The unforgivable use of goto. Thread over.

>>7
Only faggots and sailors worry about the use of the almighty goto, and you don't look like much of a sailor so that kind of narrows it down...

Goto is very useful.
The point it when you can use conventional control structures you should use them and leave gotos to case when its required.
An algorithm with gotos replaced with equivalent structures will run slower(sometimes significantly,as goto skips parts of code which are run usually).

>>1
You just don't know how to read C:

#
        /* RETRANSMISSION/FAST RETRANSMISSION/OUT-OF-ORDER
#
         * If the segments contains data and if it does not advance
#
         * sequence number it must be either of these three.
#
         * Only test for this if we know what the seq number should be
#
         * (tcpd->fwd->nextseq)
#
         *
#
         * Note that a simple KeepAlive is not a retransmission
#
         */
#
        if( seglen>0
#
        &&  tcpd->fwd->nextseq
#
        &&  (LT_SEQ(seq, tcpd->fwd->nextseq)) ){
#
                guint32 t;
#
 
#
                if(tcpd->ta && (tcpd->ta->flags&TCP_A_KEEP_ALIVE) ){
#
                        goto finished_checking_retransmission_type;
#
                }
#
 
#
                /* If there were >=1 duplicate ACKs in the reverse direction
#
                 * (there might be duplicate acks missing from the trace)
#
                 * and if this sequence number matches those ACKs
#
                 * and if the packet occurs within 20ms of the last
#
                 * duplicate ack
#
                 * then this is a fast retransmission
#
                 */
#
                t=(pinfo->fd->abs_ts.secs-tcpd->rev->lastacktime.secs)*1000000000;
#
                t=t+(pinfo->fd->abs_ts.nsecs)-tcpd->rev->lastacktime.nsecs;
#
                if( tcpd->rev->dupacknum>=1
#
                &&  tcpd->rev->lastack==seq
#
                &&  t<20000000 ){
#
                        if(!tcpd->ta){
#
                                tcp_analyze_get_acked_struct(pinfo->fd->num, TRUE, tcpd);
#
                        }
#
                        tcpd->ta->flags|=TCP_A_FAST_RETRANSMISSION;
#
                        goto finished_checking_retransmission_type;
#
                }
#
 
#
                /* If the segment came <3ms since the segment with the highest
#
                 * seen sequence number, then it is an OUT-OF-ORDER segment.
#
                 *   (3ms is an arbitrary number)
#
                 */
#
                t=(pinfo->fd->abs_ts.secs-tcpd->fwd->nextseqtime.secs)*1000000000;
#
                t=t+(pinfo->fd->abs_ts.nsecs)-tcpd->fwd->nextseqtime.nsecs;
#
                if( t<3000000 ){
#
                        if(!tcpd->ta){
#
                                tcp_analyze_get_acked_struct(pinfo->fd->num, TRUE, tcpd);
#
                        }
#
                        tcpd->ta->flags|=TCP_A_OUT_OF_ORDER;
#
                        goto finished_checking_retransmission_type;
#
                }
#
 
#
                /* Then it has to be a generic retransmission */
#
                if(!tcpd->ta){
#
                        tcp_analyze_get_acked_struct(pinfo->fd->num, TRUE, tcpd);
#
                }
#
                tcpd->ta->flags|=TCP_A_RETRANSMISSION;
#
                nstime_delta(&tcpd->ta->rto_ts, &pinfo->fd->abs_ts, &tcpd->fwd->nextseqtime);
#
                tcpd->ta->rto_frame=tcpd->fwd->nextseqframe;
#
        }

You'll need to review all of the struct definitions and related functions to actually make any use of the code, but it provides a fairly concise example of the detection process.

>>9
An algorithm with gotos replaced with equivalent structures will run slower
Except for something called ``pipelining''. Sorry, bud.

>>9
When you can't use conventional control structures it's time to invent a new one, not to use gotos right there in the code.

>>12
You have been brainwashed.

freeyourmind

>>13
You don't think it would be better to solve the control problem once in a general way rather than pepper ad-hoc gotos around? Learn to abstract.

>>1-14
WHBT

>>15
WHBTO

Paste's 404. You need to keep a state for all TCP connections. Better yet, tunnel yer packets in UDP for graet justice.

>>11
Whut?

Both goto and if/else becomes jcc in ASM anyway. Which one is faster depends on the ASM-representation and could go either way, or if your compiler is good enough, neither way.

Also, modern CPUs use branch predictions to fill the pipeline.

>>18
A static Goto "label"  is far easier to pipeline then any of the control structures/conditionals which replace it.

>>18
Well, if your assuming x86 assembly, than all bets are off. Go ahead and make inapropriate generalizations from one particular ASM langugage. I won't stop you.

>>19
GET OUT

>> 20

Not to mention there are many pipelining/branch-prediction/whatever implementations for given architecture so microoptimizing for a particular one is a waste of time.

>> 21

NO U

>>22
a JMP 'static address' vs
JMP (conditional on boolean with checks).
The former can be predicted very well(if code reaches the place).
The latter depends on external variables.

>>23
EXPERT PROGRAMMER

>>23
The latter depends on external variables.
That's why it's called branch prediction, you fucking asspie. That's the whole point of the fucking thing. Damn trolls...

>>25
Its harder to predict an external variable then inline number(which can be pipelined directly).
Please read >>23 carefully.

>>26
Dear moron, branch prediction isn't about guessing where a branch will lead, it's about predicting wether or not a branch will be taken. Go get informed, you fucking cunt.

http://en.wikipedia.org/wiki/Branch_target_predictor

>>28
Branch target prediction is not the same as branch prediction

>>29
And i never claimed they are the same.
 Just that unconditional direct JMPs are faster.
Please read >>23 carefully.

>>30
JMP (conditional on boolean with checks)
What the fuck does that even mean? You use JCC 'jump offset' in a conditional jump, not JMP.

>>31
Its for clarity: see http://en.wikipedia.org/wiki/JMP_%28x86_instruction%29
There several kinds of JMP instruction beginning with J

Kriss Kross Gonna Make You  JMP JMP

Jxx     Jump if condition     (JA, JAE, JB, JBE, JC, JCXZ, JE, JG, JGE, JL, JLE, JNA, JNAE, JNB, JNBE, JNC, JNE, JNG, JNGE, JNL, JNLE, JNO, JNP, JNS, JNZ, JO, JP, JPE, JPO, JS, JZ)
JMP     Jump

>>32
EXPERT TROLL

Listing from http://www.laynetworks.com/assembly%20tutorials3.htm
Jump instructions

They are used to transfer the flow of the process to the indicated
operator.

JMP
JA (JNBE)
JAE (JNBE)
JB (JNAE)
JBE (JNA)
JE (JZ)
JNE (JNZ)
JG (JNLE)
JGE (JNL)
JL (JNGE)
JLE (JNG)
JC
JNC
JNO
JNP (JPO)
JNS
JO
JP (JPE)
JS

JMP INSTRUCTION

Purpose: Unconditional jump.

Syntax:

JMP destiny

This instruction is used to deviate the flow of a program without taking into account the actual conditions of the flags or of the data.

JA (JNBE) INSTRUCTION

Purpose: Conditional jump.

Syntax:

JA Label

After a comparison this command jumps if it is or jumps if it is not down or if not it is the equal.

This means that the jump is only done if the CF flag is deactivated or if the ZF flag is deactivated, that is that one of the two be equal to zero.

JAE (JNB) INSTRUCTION

Purpose: Conditional jump.

Syntax:

JAE label

It jumps if it is or it is the equal or if it is not down.

The jump is done if CF is deactivated.

JB (JNAE) INSTRUCTION

Purpose: Conditional jump.

Syntax:

JB label

It jumps if it is down, if it is not , or if it is the equal.

The jump is done if CF is activated.

JBE (JNA) INSTRUCTION

Purpose: Conditional jump.

Syntax:

JBE label

It jumps if it is down, the equal, or if it is not .

The jump is done if CF is activated or if ZF is activated, that any of them
be equal to 1.

JE (JZ) INSTRUCTION

Purpose: Conditional jump.

Syntax:

JE label

It jumps if it is the equal or if it is zero.

The jump is done if ZF is activated.

JNE (JNZ) INSTRUCTION

Purpose: Conditional jump.

Syntax:

JNE label

It jumps if it is not equal or zero.

The jump will be done if ZF is deactivated.

JG (JNLE) INSTRUCTION

Purpose: Conditional jump, and the sign is taken into account.

Syntax:

JG label

It jumps if it is larger, if it is not larger or equal.

The jump occurs if ZF = 0 or if OF = SF.

JGE (JNL) INSTRUCTION

Purpose: Conditional jump, and the sign is taken into account.

Syntax:

JGE label

It jumps if it is larger or less than, or equal to.

The jump is done if SF = OF


JL (JNGE) INSTRUCTION

Purpose: Conditional jump, and the sign is taken into account.

Syntax:

JL label

It jumps if it is less than or if it is not larger than or equal to.

The jump is done if SF is different than OF.

JLE (JNG) INSTRUCTION

Purpose: Conditional jump, and the sign is taken into account.

Syntax:

JLE label

It jumps if it is less than or equal to, or if it is not larger.

The jump is done if ZF = 1 or if SF is defferent than OF.

JC INSTRUCTION

Purpose: Conditional jump, and the flags are taken into account.

Syntax:

JC label

It jumps if there is cartage.

The jump is done if CF = 1

JNC INSTRUCTION

Purpose: Conditional jump, and the state of the flags is taken into
account.

Syntax:

JNC label

It jumps if there is no cartage.

The jump is done if CF = 0.

JNO INSTRUCTION

Purpose: Conditional jump, and the state of the flags is taken into
account.

Syntax:

JNO label

It jumps if there is no overflow.

The jump is done if OF = 0.

JNP (JPO) INSTRUCTION

Purpose: Conditional jump, and the state of the flags is taken into
account.

Syntax:

JNP label

It jumps if there is no parity or if the parity is uneven.

The jump is done if PF = 0.

JNS INSTRUCTION

Purpose: Conditional jump, and the state of the flags is taken into account.

Syntax:

JNP label

It jumps if the sign is deactivated.

The jump is done if SF = 0.

JO INSTRUCTION

Purpose: Conditional jump, and the state of the flags is taken into account.

Syntax:

JO label

It jumps if there is overflow.

The jump is done if OF = 1.

JP (JPE) INSTRUCTION

Purpose: Conditional jump, the state of the flags is taken into account.

Syntax:

JP label

It jumps if there is parity or if the parity is even.

The jump is done if PF = 1.

JS INSTRUCTION

Purpose: Conditional jump, and the state of the flags is taken into account.

Syntax:

JS label

It jumps if the sign is on.

The jump is done if SF = 1.

>>34
No shit, motherfucker. JMP (conditional on boolean with checks) still makes no fucking sense. Why don't you explain what the fuck you mean by that?

>>20
What about my assuming?

>>20
What about my assuming?

>>37
i meant to write:
JMP (conditional or boolean with checks)
Its just better looking then Jcc which is cryptic.