Michael Tüxen schrieb:
Hi Sake,
I agree with Ulf here. Announcing a zero window is a valid
behaviour of a receiver. It just means that flow control
has kicked in.
I've already changed the TCP expert infos as I've suggested in my
previous mail. Now let the edit wars begin ... ;-)
For me an error is something that has to be changed. For
the this is not true in this situation.
However, I think it is important to use these levels
in a consistent way between different dissectors, so
I would like to know what others think how an error
should be defined. I'm planning to add expert info to
the SCTP dissector
I would see errors only for very serious stuff (more WS internal), like
a malformed packet, dissector bug or something like that.
I just wanted to keep the number of severity levels short, so they are
easier to apply for developers and understand for users. If there's need
for an error level beside the warn/note/chat for a normal dissector
output, it might be an idea to add a fatal (or internal) error for the
stuff above and use error for normal dissectors as well. However, I'm
not a friend of this as it will complicate things.
When I started to add expert infos to the TCP dissector (I wouldn't call
myself a TCP expert), I've just used the level I thought was right. As
I've tried out many capture files, my first guess turned out to be wrong
in many cases, so I've just tweaked the levels so it looked better. I'm
still not sure about the levels for all of the messages, e.g. what's the
right severity for a "fast retransmission"?
I see all this still as a work in progress, especially when new
dissectors will add expert stuff this might bring up new questions ...
Regards, ULFL
