Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] Diameter parsing

From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Wed, 21 May 2008 20:09:47 -0700

On May 21, 2008, at 5:16 PM, Cloud Strife wrote:

I know its off topic but I need some clarifications. I just want to have a general overview on how to parse DIAMETER packets. I have recently parsed RADIUS packets using ethereal/wireshark and freeradius source codes as guide. In DIAMETER, it is very different. Checking on ethereal/wireshark and opendiameter source code, there seems a need to have an XML parser? Why is that?

So that it can read the DIAMETER dictionary that specifies what the names and types of the values for particular AVPs are.

If all you need to do with a DIAMETER AVP is report

	its AVP code, as a number;

	whether it needs to be encrypted;

	whether it's mandatory;

	whether it's vendor-specific;

	its length;

	its value, as an uninterpreted sequence of bytes;

then you don't need an XML parser.

Otherwise, either you need an XML parser to read the dictionary that gives you, for a given AVP code, an indication of what the AVP's name is and what data type it has, or you need to translate the XML dictionary into some other form and have code to read it in *that* form, or you need to hard-code that information (as Wireshark used to do before we added our own XML parser so that we didn't have to fall back on hard coding if libxml wasn't present).

Isn't it just extract this data/value from this byte to that byte like in RADIUS?

The RADIUS dissector in current versions of Wireshark *isn't* like that; that dissector also reads a dictionary to tell it how to interpret AVPs. The RADIUS dictionary is, however, in FreeRADIUS format; that's a simple text format, not an XML-based format.