Hello, My name is Tom Uffner. I am an expert C programmer and sysadmin, with a heavy focus on network security. I can do what I think you are asking, and I can suggest some ways of improving on your algorithm. As added bonuses, English is my native language, I have a name that you can spell and pronounce, and I am willing to provide what I think you are asking for within your $30 budget.
I looked at your code, and I could use either the pcap_loop()/pcap_dispatch method that you started with but commented out, or the pcap_next_ex() method it currently uses. I could add a substantial efficiency boost by only capturing the packets you need (the ones w/ SYN/ACK/FIN/RST flags set). And I can implement the ring buffer (aka Circular Queue) you specify in your project description.
But you need to talk to me first, to nail down exactly what the deliverables are, and whether or not you want to expand the scope a bit and get something more useful.
Please don't take this as an insult, but your approach seems somewhat naive. If it was easy, we could just block packets w/ the Evil Bit set ;-) (see RFC 3514). The syn-flood attack is so effective because it is impossible to look at any arbitrary set of packets and know if they are part of an attack until after the fact. Take a look at the paper "A Comparison of SYN Flood Detection Algorithms" by Matt Beaumont-Gay. UCLA CS for some detection methods that have been tried.
In any case, please contact me, I'd like to discuss this project.