On Sep 3, 2008, at 11:42 PM, Emre UZUNCA wrote:
When bundling is used for SCTP messages, filter conditions are
checked in the full SCTP message content. For example, if 2 M3UA
messages are bundled in a single SCTP message, the filter specifed
as (m3ua.protocol_data_opc == 10000) && (m3ua.protocol_data_dpc==
10001) is satisfied when the first M3UA message has
m3ua.protocol_data_opc == 10000 and the second has
m3ua.protocol_data_dpc== 10001. Is there a way to make the filter
check only the same M3UA message contents?
Unfortunately, no.
This can't be handled by the proposed {n} operator, unless you allow
that operator to have "n" in it rather than just specific numbers, e.g.
m3ua{n}.protocol_data_opc == 10000 && m3ua{n}.protocol_data_dpc ==
10001
where "n" is what's used there, rather than a specific number.
(I attached the {n} to "m3ua" rather than to "protocol_data_opc" - I
could imagine, for example, protocol A, a single PDU of which can
contain one or more PDUs of protocol B, and where a PDU of protocol B
could contain multiple instances of field C - the expression "B{2}.C
== 15" would match if any of the instances of C in the 2nd protocol-B
PDU are equal to 15, while "B.C{2} == 15" would match if the 2nd
instance of C in any of the protocol-B PDUs is equal to 15.)
