Snoop layer over Ipsec (cont.)
set IV in the ACK to hash(IV).
the IPSEC seqno is assigned a new one at TCP sink.
when need to generate duplicate ACK (the received packet is out of order):
- TCP: dup tcp seqno, but new uid
- In our snoop version (for security reason):
Use the cached ACK for duplicate ACK, so exactly the same ACK as before.