Enhancement Idea: "TCP SACK" instead of "TCP Dup ACK"

[Josh Clark <josh () je-clark com>]

Good afternoon,

I'd like to put some work in to address a pain point I have with Wireshark.
Often in troubleshooting, someone will point to several consecutive rows
labelled "TCP Dup ACK" and wonder how much packet loss I must have to cause
so many duplicate ACKs to be sent. I then have to tell them about SACKs.

To resolve this, I'd like to replace the TCP Dup ACK label with a TCP SACK
label when appropriate.

The little bit of research I've done has led me to an understanding that
most of the work would be done in /epan/dissectors/packet-tcp.c and the
associate .h. I think the scope of the work would look like:

1. Add a boolean to the tcp_acked struct for presence of an SLE or SRE field
2. Add a static void tcp_sequence_number_analysis_print_selective()
function that should mostly be a copy of the print_duplicate
3. Possibly change the coloring rules on the baked-in Default profile to
distinguish duplicate vs selective

I would appreciate your comments on my plan, and your assistance getting me
off the ground in making some edits.

Regards,

Josh Clark

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe