A year or more ago I abandoned a way towards (3) (similar to what I did for radius dictionary) a while ago, due to a personal lack of diameter use after switching jobs and a stall about how to handle recursion in attribute_groups.
I will be able to get back into it in September (I'll be off-contract and unable to move from Rome). Please remind me then or as an alternative I could send the work-in-progress for someone else to deal with it. BTW In an early MATE prototype (befor having it defining fields for every user defined element) I used string fields like mate.pdu_avp == "avp_name=string_repr_of_value", those allow to actually filter. I thought about this "quick and dirty" solution for radius before writing its dictionary support. On 7/10/07, Martin Mathieson <[EMAIL PROTECTED]> wrote: > OK, I just implemented (2) with change 22284. > You should be able to right-click on a whole AVP that matches the code > you're interested in, choose 'Prepare as Filter | Selected', edit the > last 4 bytes and apply it. > > Martin > > On 7/10/07, Martin Mathieson <[EMAIL PROTECTED]> wrote: > > There are several ways this could be tackled: > > > > (1) A script. Export capture to PDML, parse output and match/check > > them yourself > > (2) We could add a new filterable field, diameter.avp, whose type was > > hex data. You could right-click to create a filter for that AVP, then > > edit the last word to check for the value you want (you could sort of > > do this now, but it would only filter at a fixed position within the > > message) > > (3) The diameter dissector could be changed to generate filterable > > fields for each AVP. Then you could filter on e.g. > > > > diameter.avp.Role-of-Node.value == 1 > > > > I could do (2), but I'm not volunteering for (3). > > > > Martin > > > > On 7/10/07, Abhik Sarkar <[EMAIL PROTECTED]> wrote: > > > Hi Christian, > > > > > > As you are probably aware, version 0.99.6 came out a few days back > > > which I am sure has several fixes, including those for the diameter > > > dissector. Have you tried using the latest version? > > > > > > Hope this helps, > > > Abhik. > > > > > > On 7/10/07, cco <[EMAIL PROTECTED]> wrote: > > > > hi! > > > > > > > > has anyone tested a filter like this: > > > > > > > > (diameter.avp.code == 829) && (diameter.avp.data.uint32 == 1) > > > > > > > > is it suppossed to work? is it actually working in your config/ver? > > > > in my version, it does not in the sense that it will always show all the > > > > diameter commands having an avp with the code 829 but _not_ the ones > > > > in which this avp has the value 1. > > > > > > > > I am using Version 0.99.4 / linux > > > > > > > > thanks! > > > > bye now! > > > > cristian > > > > _______________________________________________ > > > > Wireshark-dev mailing list > > > > Wireshark-dev@wireshark.org > > > > http://www.wireshark.org/mailman/listinfo/wireshark-dev > > > > > > > _______________________________________________ > > > Wireshark-dev mailing list > > > Wireshark-dev@wireshark.org > > > http://www.wireshark.org/mailman/listinfo/wireshark-dev > > > > > > _______________________________________________ > Wireshark-dev mailing list > Wireshark-dev@wireshark.org > http://www.wireshark.org/mailman/listinfo/wireshark-dev > -- This information is top security. When you have read it, destroy yourself. -- Marshall McLuhan _______________________________________________ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev
