Ask Your Question

Revision history [back]

Lua script for statistics from Diameter 3GPP

Hi experts,

I'm trying to create a lua script to go through a Diameter pcap, gather information interesting for me and generate a statistic.

This is partially successful, working script can be found in GitHub but I'm still having some doubts

Field.new() and multiple occurrences of an AVP

I'm using Field.new() to retrieve AVPs, for example:

local rrField = Field.new("diameter.3GPP-Reporting-Reason")
local toField = Field.new("diameter.CC-Total-Octets")

But in a single packet there might be multiple occurrences of an AVP. Of course, I can access them as an array from

local rrFields = {rrField()}
local toFields = {toField()}

But I'm missing a reference where from the AVP was retrieved. A a good example is Result-Code AVP:

image description

It this single Diameter message it occurs three times, but in result I'm getting just an array of three 2001's without a good understanding on which level this appeared.

Situation is becoming even more messy when a single package contains multiple Diameter messages. Then I even cannot figure from which message the AVP is.

Function tap.packet(pinfo, tvb, tapdata) does not populate tapdata

Another idea was to dig into tapdata. If I understood correctly 11.4.1.5. listener.packet, the tapdata (aka tapinfo) shall be populated with dissected data, right? Hence I should be able to parse the message.

However, regardless how hard I try, tapdata always is unset (i.e. nil). In GitHub code

       tap = Listener.new("diameter", filter)

but I also experimented with the 3rd parameter, setting it to true (hoping for generating all fields, even in cost of performance penalty). No luck.

Question

  • Is this approach right? Or should I use other ways - such as chained dissectors or post dissector? But it was not clear to me if I can access dissected data to the level I need?

Any help will be very much appreciated.

Thank you in advance and best regards, Jarek

Lua script for statistics from Diameter 3GPP

Hi experts,

I'm trying to create a lua script to go through a Diameter pcap, gather information interesting for me and generate a statistic.

This is partially successful, working script can be found in GitHub but I'm still having some doubts

Field.new() and multiple occurrences of an AVP

I'm using Field.new() to retrieve AVPs, for example:

local rrField = Field.new("diameter.3GPP-Reporting-Reason")
local toField = Field.new("diameter.CC-Total-Octets")

But in a single packet there might be multiple occurrences of an AVP. Of course, I can access them as an array from

local rrFields = {rrField()}
local toFields = {toField()}

But I'm missing a reference where from the AVP was retrieved. A a good example is Result-Code AVP:

image description

It this single Diameter message it occurs three times, but in result I'm getting just an array of three 2001's without a good understanding on which level this appeared.

Situation is becoming even more messy when a single package contains multiple Diameter messages. Then I even cannot figure from which message the AVP is.

Function tap.packet(pinfo, tvb, tapdata) does not populate tapdata

Another idea was to dig into tapdata. If I understood correctly 11.4.1.5. listener.packet, the tapdata (aka tapinfo) shall be populated with dissected data, right? Hence I should be able to parse the message.

However, regardless how hard I try, tapdata always is unset (i.e. nil). In GitHub code

       tap = Listener.new("diameter", filter)

but I also experimented with the 3rd parameter, setting it to true (hoping for generating all fields, even in cost of performance penalty). No luck.

Question

  • Is this approach right? Or should I use other ways - such as chained dissectors or post dissector? But it was not clear to me if I can access dissected data to the level I need?

Any help will be very much appreciated.

Thank you in advance and best regards, Jarek

Lua script for statistics from Diameter 3GPP

Hi experts,

I'm trying to create a lua script to go through a Diameter pcap, gather information interesting for me and generate a statistic.

This is partially successful, working script can be found in GitHub but I'm still having some doubts

Field.new() and multiple occurrences of an AVP

I'm using Field.new() to retrieve AVPs, for example:

local rrField = Field.new("diameter.3GPP-Reporting-Reason")
local toField = Field.new("diameter.CC-Total-Octets")

But in a single packet there might be multiple occurrences of an AVP. Of course, I can access them as an array from

local rrFields = {rrField()}
local toFields = {toField()}

But I'm missing a reference where from the AVP was retrieved. A a good example is Result-Code AVP:

image description

It this single Diameter message it occurs three times, but in result I'm getting just an array of three 2001's without a good understanding on which level this appeared.

Situation is becoming even more messy when a single package contains multiple Diameter messages. Then I even cannot figure from which message the AVP is.

Function tap.packet(pinfo, tvb, tapdata) does not populate tapdata

Another idea was to dig into tapdata. If I understood correctly 11.4.1.5. listener.packet, the tapdata (aka tapinfo) shall be populated with dissected data, right? Hence I should be able to parse the message.

However, regardless how hard I try, tapdata always is unset (i.e. nil). In GitHub code

       tap = Listener.new("diameter", filter)

but I also experimented with the 3rd parameter, setting it to true (hoping for generating all fields, even in cost of performance penalty). No luck.

Question

  • Is this approach right? Or should I use other ways - such as chained dissectors or post dissector? But it was not clear to me if I can access dissected data to the level I need?

Any help will be very much appreciated.

Thank you in advance and best regards, Jarek

Lua script for statistics from Diameter 3GPP

Hi experts,

I'm trying to create a lua script to go through a Diameter pcap, gather information interesting for me and generate a statistic.

This is partially successful, working script can be found in GitHub but I'm still having some doubts

Field.new() and multiple occurrences of an AVP

I'm using Field.new() to retrieve AVPs, for example:

local rrField = Field.new("diameter.3GPP-Reporting-Reason")
local toField = Field.new("diameter.CC-Total-Octets")

But in a single packet there might be multiple occurrences of an AVP. Of course, I can access them as an array from

local rrFields = {rrField()}
local toFields = {toField()}

But I'm missing a reference where from the AVP was retrieved. A a good example is Result-Code AVP:

image description

It this single Diameter message it occurs three times, but in result I'm getting just an array of three 2001's without a good understanding on which level this appeared.

Situation is becoming even more messy when a single package contains multiple Diameter messages. Then I even cannot figure from which message the AVP is.

Function tap.packet(pinfo, tvb, tapdata) does not populate tapdata

Another idea was to dig into tapdata. If I understood correctly 11.4.1.5. listener.packet, the tapdata (aka tapinfo) shall be populated with dissected data, right? Hence I should be able to parse the message.

However, regardless how hard I try, tapdata always is unset (i.e. nil). In GitHub code

       tap = Listener.new("diameter", filter)

but I also experimented with the 3rd parameter, setting it to true (hoping for generating all fields, even in cost of performance penalty). No luck.

Question

  • Is this approach right? Or should I use other ways - such as chained dissectors or post dissector? But it was not clear to me if I can access dissected data to the level I need?

Any help will be very much appreciated.

Thank you in advance and best regards, Jarek