Wireshark-dev: Re: [Wireshark-dev] packet-tcp.c (expert severity level of zero window)
From: "Jim Young" <sysjhy@xxxxxxxxxxxxxxx>
Date: Sun, 06 Apr 2008 16:35:21 -0400
Hello Sake,

>>> Sake Blok <sake@xxxxxxxxxx> 2008-04-06 15:13 >>>
>  I have no intention to create a war... now that we have met in person ;-)

I wish to second that sentiment.   It was truly a pleasure and an honor 
to meet you all!

> Regarding the enhancement request for a configurable severity framework.
> I'm not in favor for it. If the severities are well chosen and consistently
> categoried, it will only spread doubt about what a message really means.
> It is the knowledge of the environment that makes the interpretation.

But the experts can and often do legitimately disagree!  Context is 
everything.

I'm not advocating that users should take lightly the notion of changing the 
default severity levels of the expert info messages, but to be bombarded with 
advice that has no practical relevance in the face of local knowledge (the 
context) gets in the way seeing real problems.  

(Interestingly I think the Analyze ->  "Export Info Composite" dialog which
collapses similar message types to single entry makes it much easier to spot 
new messages so one could argue that its less necessary to be able to 
suppress, demote or promote the various expert info items.)

But I had an issue where an equipment vendor opted to generate 13 "Unknown 
TLV" warning messages in response to each and every ingress LLDP frame.  
While the vendor and I disagreed about whether or not they should have 
generated any warning messages in the first place, they did have a framework 
in place to help suppress these unnecessary/unwanted messages.  The expert 
info configuration framework I'm proposing (and have started working on) would
(hopefully) give the Wireshark user similar functionality.

Best Regards,

Jim Y.