Wireshark-bugs: [Wireshark-bugs] [Bug 5541] Custom Window Size Column Shows Two Values and Doesn
Date: Mon, 3 Jan 2011 11:23:39 -0800 (PST)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5541

--- Comment #5 from Stephen Fisher <[email protected]> 2011-01-03 12:23:34 MST ---
The problem I had with the old implementation was that Wireshark showed the
scaled value without even putting the [Generated item] brackets around it, and
did not show the packet's actual value, leading to extra work and possible
confusion when trying to figure out the packet's actual value.

I also added more details in the TCP Window Scale option output to now look
like:

        Window scale: 8 (multiply by 256)
            Kind: Window Scale (3)
            Length: 3
            Shift count: 8
            [Multiplier: 256]

Each of these is filterable, with the ones specific to the window size option
being tcp.options.wscale.shift and tcp.options.wscale.multiplier.

Since the scaled value is generated and not directly based on data from the
packet, the scaled size now has the brackets:

    Window size: 258
    [Window size: 66048 (scaled)]

I understand the problems that arise by using the same field name for two
values such as when adding them to columns or ranges for display filters. 
Having 3 different field names seems to be getting too complicated, though.  

How about something like this:

...with scaling:

    Window size value: 258                       <--- tcp.window_size_value
    [Calculated window size: 66048 (scaled)]     <--- tcp.window_size

...without scaling:

    Window size value: 258                       <--- tcp.window_size_value
    [Calculated window size: 258]                <--- tcp.window_size

The change would be creating a new display filter for the actual value from the
packet and adding the word "Calculated" (or similar) to the other one.  The
calculated value would always be displayed and internally in Wireshark have a
default multiplier of 1 for when a different multiplier hasn't been seen.

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.