A year or more ago I abandoned a way towards (3) (similar to what I
did for radius dictionary) a while ago, due to a personal lack of
diameter use after switching jobs and a stall about how to handle
recursion in attribute_groups.
I will be able to get back into it in September (I'll be off-contract
and unable to move from Rome). Please remind me then or as an
alternative I could send the work-in-progress for someone else to deal
with it.
BTW In an early MATE prototype (befor having it defining fields for
every user defined element) I used string fields like mate.pdu_avp ==
"avp_name=string_repr_of_value", those allow to actually filter. I
thought about this "quick and dirty" solution for radius before
writing its dictionary support.
On 7/10/07, Martin Mathieson <martin.r.mathieson@xxxxxxxxxxxxxx> wrote:
OK, I just implemented (2) with change 22284.
You should be able to right-click on a whole AVP that matches the code
you're interested in, choose 'Prepare as Filter | Selected', edit the
last 4 bytes and apply it.
Martin
On 7/10/07, Martin Mathieson <martin.r.mathieson@xxxxxxxxxxxxxx> wrote:
> There are several ways this could be tackled:
>
> (1) A script. Export capture to PDML, parse output and match/check
> them yourself
> (2) We could add a new filterable field, diameter.avp, whose type was
> hex data. You could right-click to create a filter for that AVP, then
> edit the last word to check for the value you want (you could sort of
> do this now, but it would only filter at a fixed position within the
> message)
> (3) The diameter dissector could be changed to generate filterable
> fields for each AVP. Then you could filter on e.g.
>
> diameter.avp.Role-of-Node.value == 1
>
> I could do (2), but I'm not volunteering for (3).
>
> Martin
>
> On 7/10/07, Abhik Sarkar <sarkar.abhik@xxxxxxxxx> wrote:
> > Hi Christian,
> >
> > As you are probably aware, version 0.99.6 came out a few days back
> > which I am sure has several fixes, including those for the diameter
> > dissector. Have you tried using the latest version?
> >
> > Hope this helps,
> > Abhik.
> >
> > On 7/10/07, cco <cristian.constantin@xxxxxxxxx> wrote:
> > > hi!
> > >
> > > has anyone tested a filter like this:
> > >
> > > (diameter.avp.code == 829) && (diameter.avp.data.uint32 == 1)
> > >
> > > is it suppossed to work? is it actually working in your config/ver?
> > > in my version, it does not in the sense that it will always show all the
> > > diameter commands having an avp with the code 829 but _not_ the ones
> > > in which this avp has the value 1.
> > >
> > > I am using Version 0.99.4 / linux
> > >
> > > thanks!
> > > bye now!
> > > cristian
> > > _______________________________________________
> > > Wireshark-dev mailing list
> > > Wireshark-dev@xxxxxxxxxxxxx
> > > http://www.wireshark.org/mailman/listinfo/wireshark-dev
> > >
> > _______________________________________________
> > Wireshark-dev mailing list
> > Wireshark-dev@xxxxxxxxxxxxx
> > http://www.wireshark.org/mailman/listinfo/wireshark-dev
> >
>
_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev
--
This information is top security. When you have read it, destroy yourself.
-- Marshall McLuhan
