Ask Your Question

Revision history [back]

tcpd->rev->is_first_ack

Hi experts,

   For the TCP Analysis, What is "tcpd->rev->is_first_ack"? In which scenarios will it be used?

/* WINDOW FULL
 * If we know the window scaling
 * and if this segment contains data and goes all the way to the
 * edge of the advertised window
 * then we mark it as WINDOW FULL
 * SYN/RST/FIN packets are never WINDOW FULL
 */
if( seglen>0
&&  tcpd->rev->win_scale!=-1
&&  (seq+seglen)==(tcpd->rev->tcp_analyze_seq_info->lastack+(tcpd->rev->window<<(tcpd->rev->is_first_ack?0:(tcpd->rev->win_scale==-2?0:tcpd->rev->win_scale))))
&&  (flags&(TH_SYN|TH_FIN|TH_RST))==0 ) {
    if(!tcpd->ta) {
        tcp_analyze_get_acked_struct(pinfo->num, seq, ack, TRUE, tcpd);
    }
    tcpd->ta->flags|=TCP_A_WINDOW_FULL;
}

Regards, 7ACE

tcpd->rev->is_first_ack

Hi experts,

 
For the TCP Analysis, What is "tcpd->rev->is_first_ack"? In which scenarios will it be used?
used?
  
/* WINDOW FULL
 * If we know the window scaling
 * and if this segment contains data and goes all the way to the
 * edge of the advertised window
 * then we mark it as WINDOW FULL
 * SYN/RST/FIN packets are never WINDOW FULL
 */
if( seglen>0
&&  tcpd->rev->win_scale!=-1
&&  (seq+seglen)==(tcpd->rev->tcp_analyze_seq_info->lastack+(tcpd->rev->window<<(tcpd->rev->is_first_ack?0:(tcpd->rev->win_scale==-2?0:tcpd->rev->win_scale))))
&&  (flags&(TH_SYN|TH_FIN|TH_RST))==0 ) {
    if(!tcpd->ta) {
        tcp_analyze_get_acked_struct(pinfo->num, seq, ack, TRUE, tcpd);
    }
    tcpd->ta->flags|=TCP_A_WINDOW_FULL;
}

 
Regards, 7ACE