Wireshark-dev: Re: [Wireshark-dev] Proposed changes to make tcp.ack and tcp.seq relative
From: Jasper Bongertz <jasper@xxxxxxxxxxxxxx>
Date: Tue, 5 May 2020 01:24:33 +0200
Hello Peter,

> A request was filed earlier to add a new "tcp.ack_rel" field to ensure
> that color filters can be created that always work on the relative
> sequence numbers independent of the "Relative sequence numbers" option.
> Instead of adding a new field, I propose to change the existing ones.

> My proposed change:

>  - Change the TCP sequence number-related fields to display the relative
>    numbers when available. Fallback to raw numbers if they are simply
>    not available (for example, when the "Analyze TCP sequence numbers"
>    preference is disabled).

To avoid cluttering the TCP tree with redundant fields: can we only show the
absolutes if the relatives are also displayed? I don't think it's useful to
show the absolutes twice.

>  - Modify the "Relative sequence numbers" preference to affect the
>    displayed value in the Info column only.

Good.

>  - The raw fields will always be available through the existing
>    tcp.ack_abs and tcp.seq_abs fields. Previously they were only visible
>    when "Relative sequence numbers" was disabled. This field was added
>    in Wireshark 3.2.

I guess you mean "were only visible when "Relative sequence numbers" was **enabled**?
At least that's what my Wireshark does, unless I'm not thinking straight right
now (at 1:30am, it's quite possible...) :-)

>  - Document these changes clearly in the release notes and corresponding
>    user guides if needed.
>
> Are there any objections to this change?

No, sounds like a good solution (the "document clearly" is indeed critical here,
I guess). And I hadn't even noticed the new way of displaying
the relative sequence numbers in 3.2 yet :-)

Cheers,
Jasper