Wireshark-dev: [Wireshark-dev] Enhancement Idea: "TCP SACK" instead of "TCP Dup ACK"
Good afternoon,
I'd like to put some work in to address a pain point I have with Wireshark. Often in troubleshooting, someone will point to several consecutive rows labelled "TCP Dup ACK" and wonder how much packet loss I must have to cause so many duplicate ACKs to be sent. I then have to tell them about SACKs.
To resolve this, I'd like to replace the TCP Dup ACK label with a TCP SACK label when appropriate.
The little bit of research I've done has led me to an understanding that most of the work would be done in /epan/dissectors/packet-tcp.c and the associate .h. I think the scope of the work would look like:
1. Add a boolean to the tcp_acked struct for presence of an SLE or SRE field
2. Add a static void tcp_sequence_number_analysis_print_selective() function that should mostly be a copy of the print_duplicate
3. Possibly change the coloring rules on the baked-in Default profile to distinguish duplicate vs selective
I would appreciate your comments on my plan, and your assistance getting me off the ground in making some edits.
Regards,
Josh Clark
