i've been modifying the tcp stack to add tcp eagers listeners and i'm
a little confused about something that i've started seeing.  i've
included two tcpdumps below, one from a normal tcp transaction
(without eager being turned on), labeled "normal tcp transaction", and
another one with eager turned on (and subsequently accepted) labeled
"mine".  they're both pretty much the same (if you ignore the
completely different seq, ack, and timestamp numbers) except that
"mine" has an extra ack in the packet sequence.  the only difference i
can see is the change in delay between the syn and the synack, whish
is due to a user space program sleeping for three seconds.

i'm not completely done yet (i'm stuck on what to do about the reset
packet) but i can mail diffs (really not much at all) to anyone who
wants to look at them, but you should note: i'm working on a 1.2
source tree (it's all i've got at home).

<normal tcp transaction>
10:17:14.256719 localhost.1024 > localhost.10000: S 33472001:33472001(0) win 16384 <mss 30720,nop,wscale 0,nop,nop,timestamp 523 0> [tos 0x10]
10:17:14.309076 localhost.10000 > localhost.1024: S 33536001:33536001(0) ack 33472002 win 16384 <mss 30720,nop,wscale 0,nop,nop,timestamp 523 523>
10:17:14.353941 localhost.1024 > localhost.10000: . ack 1 win 16384 <nop,nop,timestamp 523 523> [tos 0x10]
10:17:47.603405 localhost.10000 > localhost.1024: F 1:1(0) ack 1 win 16384 <nop,nop,timestamp 590 523>
10:17:47.632912 localhost.1024 > localhost.10000: . ack 2 win 16384 <nop,nop,timestamp 590 590> [tos 0x10]
10:17:47.720277 localhost.1024 > localhost.10000: F 1:1(0) ack 2 win 16384 <nop,nop,timestamp 590 590> [tos 0x10]
10:17:47.771369 localhost.10000 > localhost.1024: . ack 2 win 16384 <nop,nop,timestamp 590 590>

<mine>
10:23:10.083467 localhost.1025 > localhost.10000: S 79168001:79168001(0) win 16384 <mss 30720,nop,wscale 0,nop,nop,timestamp 1235 0> [tos 0x10]
10:23:13.179402 localhost.10000 > localhost.1025: S 79232001:79232001(0) ack 79168002 win 16384 <mss 30720,nop,wscale 0,nop,nop,timestamp 1241 1235>
10:23:13.229096 localhost.1025 > localhost.10000: . ack 1 win 16384 <nop,nop,timestamp 1241 1241> [tos 0x10]
10:23:13.274639 localhost.10000 > localhost.1025: . ack 1 win 16384 <nop,nop,timestamp 1241 1235>
10:23:43.423172 localhost.10000 > localhost.1025: F 1:1(0) ack 1 win 16384 <nop,nop,timestamp 1301 1235>
10:23:43.446602 localhost.1025 > localhost.10000: . ack 2 win 16384 <nop,nop,timestamp 1301 1301> [tos 0x10]
10:23:43.526479 localhost.1025 > localhost.10000: F 1:1(0) ack 2 win 16384 <nop,nop,timestamp 1302 1301> [tos 0x10]
10:23:43.554737 localhost.10000 > localhost.1025: . ack 2 win 16384 <nop,nop,timestamp 1302 1302>

also, if anyone wants to look at the tcpdump files that i got these
from (if it might help) i've got them lying around...

-- 
|-----< "CODE WARRIOR" >-----|
andrew@echonyc.com (TheMan)        * "ah!  i see you have the internet
codewarrior@daemon.org                               that goes *ping*!"
warfare@graffiti.com      * "information is power -- share the wealth."