Rick Gudmundson wrote:
I'm playing around with a customized diameter profile with respect to
the columns. I'm getting different results between the command code and
the result code.
If I add a new custom column for the result code, it gets presented as
its enumerated value. So instead of 2001 it prints "DIAMETER_SUCCESS".
If I do the same for the command code, it instead prints 280 instead of
Device-WatchdogAnswer. The difference is that the result code is an AVP
while the command code is a fixed three bytes in the diameter protocol.
I'd like to change my presentation, if possible, to print the text
version of the command code, but I'm not sure where to find that part of
the code within Wireshark.
I don't think it can be made to work like you want.
You get result codes listed as strings because (eventually) the hf_
entry for the AVP can be registered with a (single) value_string in the
FIELDCONVERT field. That is, there's only one possible value for any
given result-code number.
This is also why you can enter a display filter like:
diameter.Result-Code == "DIAMETER_SUCCESS"
Command codes, OTOH, have numerous name spaces, depending on the
VendorID. In order to know the integer<->string mapping you need to
know both the Command Code and the Vendor ID. Wireshark can't (AFAIK)
handle the fact that, to look up the string value for command code 42,
you need to also know the VendorID.
(Wireshark can, when building the protocol tree, show you the
appropriate string for a given VendorID+CommandCode because the
dissector has access to both fields before generating the string
presentation.)
