Wireshark-dev: Re: [Wireshark-dev] tshark problem with grouped AVP:s?
From: Jeff Morriss <jeff.morriss.ws@xxxxxxxxx>
Date: Thu, 14 Nov 2013 16:39:37 -0500
On 11/14/13 11:14, Anders Broman wrote:
Hi,

The following tshark parameters ” -Y diameter -z
proto,colinfo,diameter.Experimental-Result-Code,diameter.Experimental-Result-Code”
yields no result where as

-Y diameter -z proto,colinfo,diameter.Result-Code,diameter.Result-Code

Does the only difference seems to be that the first one is grouped.
Looking at the code I can’t see why it shouldn’t work – ideas?

After a bit of digging I can find that I can fix the problem by commenting out the (Vendor=ETSI) Experimental-Result-Code AVP from
diameter/etsie2e4.xml .

I suppose (but I'm out of time to check now) that the problem is that we're getting 2 hf's with the same abbreviation and the "filter" portion of that command is picking the 2nd but the "field" portion is choosing the 1st. Or something like that?