Wireshark-dev: Re: [Wireshark-dev] packet-tcp.c (expert severity level of zero window)
From: Ulf Lamping <[email protected]>
Date: Sun, 06 Apr 2008 01:05:01 +0200
Jim Young schrieb:
Hello Ulf,
Ulf Lamping <[email protected]> 2008-04-05 16:16 >>>
Having less messages at higher severity levels is a lot easier to work with the expert infos, compared to dumped with all kinds of stuff.
As I wouldn't call myself a real TCP expert, what do others think?
The logic/reasoning behind the various "expert" info levels was raised several times during Sharkfest by Laura.
Would have been interesting to join the discussions, but I was mostly on the developer track :-)
Regarding the severity level for this particular case, I would tend to side with you, but I'm no TCP expert and ...
  "One man's trash is another man's treasure."  (and visa-versa) ;-)

I've experienced situations where one person's "error" might only warrant a "note" or "chat" (if even that) in my particular situation. But I've also had situations (using other "expert" systems) where something they consider a "chat" or "note" is actually an indication of a much more severe problem.
Yes, I'm perfectly aware of such problems.

In a simliar situation, namely a debug trace output, something that I like to call the "severity wars" happened more than once. A developer interested in one area raised "his" trace output severity levels to better see "his problems". The next developer raised his output even more to still see something. This ended up with lot's of fatal and error outputs that wasn't even really warnings - and a "cleanup session" was done to come back to a reasonable level for all the output.
Same probably may happen with the Wireshark severity levels as people 
seem to be actually using it now.
I started thinking about the need for an expert info configuration framework to allow the Wireshark user to tune the expert system to their specific needs. This hypothetical configuration framework would not only allow you to enable/disable individual expert message types, but would allow the user to set which severity level the individual messages should be reported as.
For example, you could have profiles like: "embedded system", "home network", "high performance network", ... or whatever else makes sense.
Anyone think the idea of a expert info configuration framework is worthwhile submitting as a feature request?
Of course you can, but the old open source problem applies: Who is gonna implement it? :-)
Regards, ULFL