Wireshark-dev: Re: [Wireshark-dev] packet-tcp.c (expert severity level of zero window)
Hello Sake,
>>> Sake Blok <sake@xxxxxxxxxx> 2008-04-06 15:13 >>>
> I have no intention to create a war... now that we have met in person ;-)
I wish to second that sentiment. It was truly a pleasure and an honor
to meet you all!
> Regarding the enhancement request for a configurable severity framework.
> I'm not in favor for it. If the severities are well chosen and consistently
> categoried, it will only spread doubt about what a message really means.
> It is the knowledge of the environment that makes the interpretation.
But the experts can and often do legitimately disagree! Context is
everything.
I'm not advocating that users should take lightly the notion of changing the
default severity levels of the expert info messages, but to be bombarded with
advice that has no practical relevance in the face of local knowledge (the
context) gets in the way seeing real problems.
(Interestingly I think the Analyze -> "Export Info Composite" dialog which
collapses similar message types to single entry makes it much easier to spot
new messages so one could argue that its less necessary to be able to
suppress, demote or promote the various expert info items.)
But I had an issue where an equipment vendor opted to generate 13 "Unknown
TLV" warning messages in response to each and every ingress LLDP frame.
While the vendor and I disagreed about whether or not they should have
generated any warning messages in the first place, they did have a framework
in place to help suppress these unnecessary/unwanted messages. The expert
info configuration framework I'm proposing (and have started working on) would
(hopefully) give the Wireshark user similar functionality.
Best Regards,
Jim Y.