> Other than order I don't see any way to distinguish the first ack from > the 100th.
If perfect recognition is neccessary, a suitable in-kernel module would be able to remember there are sequence numbers from the SYNs (conntrack already does that), and pinpoint that ACK by looking at its sequence numbers, seeing that they are next to the one from the SYNs. > Now, you could say that if the tcp data length is greater than zero, then > the packet is either *not* valid, or is *not* the third packet (although > there was at one point a proposed tcp-like protocol that had data in the > third packet, to keep down latency on short duration sessions, but I believe > it's still considered evil in tcp-land). That was called T/TCP, there were some problems hindering wide deploying, if I remember correctly - and it would have permitted sending data already along with the SYN packets, the third ACK having also a FIN, and thus a full request/response connection in three packets. best regards Patrick
