Re: Proposed changes to make tcp.ack and tcp.seq relative

[Jasper Bongertz <jasper () packet-foo com>]

Hello Peter,

Tuesday, May 5, 2020, 1:46:13 AM, you wrote:

> > To avoid cluttering the TCP tree with redundant fields: can we only show the
> > absolutes if the relatives are also displayed? I don't think it's useful to
> > show the absolutes twice.

> Sure! The fields will be hidden in the view, but you will still be able
> to use them in filter expressions.

Good, I like it.

> On a related note, to address one of the use cases that prompted for the
> new field, I added expert info to mark connections where the server
> accepted TCP Fast Open (TFO) data. Is that useful to have?

Yes, that's useful to have, absolutely.

Would it be possible to mark TFO connections when they were NOT accepted as
well? That could be helpful, because right now I am not sure how I would find
failed TFO connections (except looking for SYN/ACK packets that fail). Or is
there an expert info that tells me that a connection used TFO and I can use the
field existence of the "accepted" TFO to check for it's absence to find failed
connections?
Unfortunately I have no example pcap for that scenario, so maybe this
functionality has to come as a later patch?

Cheers,
Jasper


___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe