Wireshark · Wireshark-dev: Re: [Wireshark-dev] packet-tcp.c (expert severity level of zero window)

[Ulf Lamping <ulf.lamping@xxxxxx>]

Jim Young schrieb:
> Hello Ulf,
> > > > Ulf Lamping <ulf.lamping@xxxxxx> 2008-04-05 16:16 >>>
> > > >         
> > Having less messages at higher severity levels is a lot easier to work 
> > with the expert infos, compared to dumped with all kinds of stuff.
> >
> > As I wouldn't call myself a real TCP expert, what do others think?
> >     
> The logic/reasoning behind the various "expert" info levels was raised 
> several times during Sharkfest by Laura.
>   
Would have been interesting to join the discussions, but I was mostly on 
the developer track :-)
> Regarding the severity level for this particular case, I would tend to 
> side with you, but I'm no TCP expert and ...
>
>   "One man's trash is another man's treasure."  (and visa-versa) ;-)
>
> I've experienced situations where one person's "error" might only 
> warrant a "note" or "chat" (if even that) in my particular situation.  
> But I've also had situations (using other "expert" systems) where 
> something they consider a "chat" or "note" is actually an indication 
> of a much more severe problem.
>   
Yes, I'm perfectly aware of such problems.

In a simliar situation, namely a debug trace output, something that I 
like to call the "severity wars" happened more than once. A developer 
interested in one area raised "his" trace output severity levels to 
better see "his problems". The next developer raised his output even 
more to still see something. This ended up with lot's of fatal and error 
outputs that wasn't even really warnings - and a "cleanup session" was 
done to come back to a reasonable level for all the output.

Same probably may happen with the Wireshark severity levels as people 
seem to be actually using it now.
> I started thinking about the need for an expert info configuration 
> framework to allow the Wireshark user to tune the expert system to 
> their specific needs.   This hypothetical configuration framework would 
> not only allow you to enable/disable individual expert message types, 
> but would allow the user to set which severity level the individual 
> messages should be reported as.
>   
For example, you could have profiles like: "embedded system", "home 
network", "high performance network", ... or whatever else makes sense.
> Anyone think the idea of a expert info configuration framework is 
> worthwhile submitting as a feature request?
>   
Of course you can, but the old open source problem applies: Who is gonna 
implement it? :-)

Regards, ULFL