https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6816
Summary: Wireshark should allow filter based on grouped/nested
AVP for Diameter
Product: Wireshark
Version: 1.6.0
Platform: x86
OS/Version: Windows 7
Status: NEW
Severity: Enhancement
Priority: Low
Component: Wireshark
AssignedTo: bugzilla-admin@xxxxxxxxxxxxx
ReportedBy: ved.vedant@xxxxxxxxx
Build Information:
Version 1.6.0 (SVN Rev 37592 from /trunk-1.6)
Copyright 1998-2011 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled (64-bit) with GTK+ 2.22.1, with GLib 2.26.1, with WinPcap (version
unknown), with libz 1.2.5, without POSIX capabilities, without libpcre, without
SMI, with c-ares 1.7.1, with Lua 5.1, without Python, with GnuTLS 2.10.3, with
Gcrypt 1.4.6, without Kerberos, with GeoIP, with PortAudio V19-devel (built Jun
7 2011), with AirPcap.
Running on 64-bit Windows 7 Service Pack 1, build 7601, with WinPcap version
4.1.2 (packet.dll version 4.1.0.2001), based on libpcap version 1.0 branch
1_0_rel0b (20091008), GnuTLS 2.10.3, Gcrypt 1.4.6, without AirPcap.
Built using Microsoft Visual C++ 9.0 build 21022
Wireshark is Open Source Software released under the GNU General Public
License.
Check the man page and http://www.wireshark.org for more information.
--
Wireshark doesn't allow filtering based on grouped/nested AVP for Diameter
Lets take the example of AVP Result-Code(268), this AVP can occur twice in an
Credit Control Answer (CCA) - at the start of CCA and also inside
Multiple-Services-Credit-Control (AVP Code 456). Please note that Result-Code
vale can be different at these two places.
The only filter I can apply within Wireshark is "diameter.Result-Code", this
means I can't look for a specific value of Result-Code AVP within MSCC.
It will be a good enhancement to support a grouped/nested filter such as
"diameter.MSCC.Result-Code"
Below is small example for this
AVP: Result-Code(268) has value 2001(DIAMETER_SUCCESS) and 4012
(DIAMETER_CREDIT_LIMIT_REACHED)
Diameter Protocol
Version: 0x01
Length: 216
Flags: 0x40
Command Code: 272 Credit-Control
ApplicationId: 4
Hop-by-Hop Identifier: 0x4fe00617
End-to-End Identifier: 0x5dfef45e
AVP: Session-Id(263) l=40 f=-M- val=64303
AVP: Result-Code(268) l=12 f=-M- val=DIAMETER_SUCCESS (2001)
AVP Code: 268 Result-Code
AVP Flags: 0x40
AVP Length: 12
Result-Code: DIAMETER_SUCCESS (2001)
AVP: Origin-Host(264) l=20 f=-M- val=test01
AVP: Origin-Realm(296) l=18 f=-M- val=abc.com
AVP: Auth-Application-Id(258) l=12 f=-M- val=Diameter Credit Control (4)
AVP: CC-Request-Type(416) l=12 f=-M- val=UPDATE_REQUEST (2)
AVP: CC-Request-Number(415) l=12 f=-M- val=1
AVP: Origin-State-Id(278) l=12 f=-M- val=1327925141
AVP: Event-Timestamp(55) l=12 f=-M- val=Feb 8, 2012 10:43:47.000000000 UTC
AVP: Multiple-Services-Credit-Control(456) l=32 f=-M-
AVP Code: 456 Multiple-Services-Credit-Control
AVP Flags: 0x40
AVP Length: 32
Multiple-Services-Credit-Control:
000001b04000000c0000015e0000010c4000000c00000fac
AVP: Rating-Group(432) l=12 f=-M- val=350
AVP: Result-Code(268) l=12 f=-M- val=DIAMETER_CREDIT_LIMIT_REACHED
(4012)
AVP Code: 268 Result-Code
AVP Flags: 0x40
AVP Length: 12
Result-Code: DIAMETER_CREDIT_LIMIT_REACHED (4012)
AVP: Credit-Control-Failure-Handling(427) l=12 f=-M- val=TERMINATE (0)
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.