Wireshark-dev: Re: [Wireshark-dev] packet-tcp.c (expert severity level of zero window)
From: Ulf Lamping <[email protected]>
Date: Sun, 06 Apr 2008 19:51:20 +0200
Michael Tüxen schrieb:
Hi Sake,

I agree with Ulf here. Announcing a zero window is a valid
behaviour of a receiver. It just means that flow control
has kicked in.
I've already changed the TCP expert infos as I've suggested in my previous mail. Now let the edit wars begin ... ;-)
For me an error is something that has to be changed. For
the this is not true in this situation.

However, I think it is important to use these levels
in a consistent way between different dissectors, so
I would like to know what others think how an error
should be defined. I'm planning to add expert info to
the SCTP dissector
I would see errors only for very serious stuff (more WS internal), like a malformed packet, dissector bug or something like that.
I just wanted to keep the number of severity levels short, so they are 
easier to apply for developers and understand for users. If there's need 
for an error level beside the warn/note/chat for a normal dissector 
output, it might be an idea to add a fatal (or internal) error for the 
stuff above and use error for normal dissectors as well. However, I'm 
not a friend of this as it will complicate things.
When I started to add expert infos to the TCP dissector (I wouldn't call 
myself a TCP expert), I've just used the level I thought was right. As 
I've tried out many capture files, my first guess turned out to be wrong 
in many cases, so I've just tweaked the levels so it looked better. I'm 
still not sure about the levels for all of the messages, e.g. what's the 
right severity for a "fast retransmission"?
I see all this still as a work in progress, especially when new 
dissectors will add expert stuff this might bring up new questions ...
Regards, ULFL