Wireshark-dev: Re: [Wireshark-dev] filters & diameter
From: "Luis EG Ontanon" <luis.ontanon@xxxxxxxxx>
Date: Wed, 11 Jul 2007 17:46:45 +0200
On 7/11/07, Martin Mathieson <martin.r.mathieson@xxxxxxxxxxxxxx> wrote:
On 7/10/07, Luis EG Ontanon <luis.ontanon@xxxxxxxxx> wrote:
I wondered if MATE or the LUA support could make this kind of
filtering possible, but dynamically creating filters is obviously the
right way to do it.
In MATE there's no way (mate fields are unmodifiable strings
containing the text representation of another field).

But Lua could do (since you added diameter.avp): a postdissector
fetches the diameter.avp finfos gets the tvb of them and redissects
each field.

A dictionary parser in lua should be easy to write (there's ton's of
xml parsers written for every purpose arrount to start from)...

But I fully agree that dynamically creating filters is obviously the
right way to do it... and C does it better.

The issue that blocked me was on how to handle Group AVPs, I cannot
just ignore them (e.g. an hypotetical group {addr,prt} could lead to
server.addr and server.prt vs client.addr and client.prt and they
should be different), Group AVPs lead to recursion (if the recurring
subgroup is non Mandatory it might be possible to have them but
http://tools.ietf.org/html/rfc3588#section-4.4 says nothing about it)

--
This information is top security. When you have read it, destroy yourself.
-- Marshall McLuhan