Ask for validation of nftables rule for throttling SCTP/DIAMETER AIRs

I'm trying to build an nftables rule which can throttle SCTP traffic which contains DIAMETER. I would further like to only drop Authentication Information Requests (AIR). So in general everything should pass, except AIRs which exceeds a certain limit/threshold. This is my current version: nft add rule filter input ip daddr 1.2.3.4 sctp @th,64,32 0x0000013e limit rate over 10/second drop The idea is that @th,64,32 matches the 32-bit field (DIAMETER command code) starting at byte offset 64 from the SCTP payload and 0x0000013e is the hexadecimal for 318 (Authentication Information Request). I've tried to decode things from Wireshark, but not entirely sure. Also not sure how to test it in a good way. Can anyone validate, edit and/or help me with testing it?