Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: JSON as mime type

From: Hadriel Kaplan <hadrielk () yahoo com>
Date: Wed, 21 Jan 2015 11:10:11 -0500

It doesn't look like that's enough. A MIME file type is read by wiretap/mime-file.c, and it appears to look for a magic 
string at the beginning of the file to decide it's a mime file type. Since a json file won't match any of those magic 
strings, the file won't be opened as a mime file type.

I don't know how good the jsmn parse check is, but I suppose you could call it from within mime_file_open() after the 
magic check doesn't match, by reading in the whole file into string and trying the jsmn parse. Does jsmn parse() return 
false if it can't parse the *entire* string as JSON,  or will it return true if it can parse even just the first 
newline-terminated line as JSON?

BTW, there's a bug in dissect_json_heur() in packet-json.c, where it calls tvb_get_string_enc() as ENC_ASCII, because I 
believe JSON is UTF-8 not ASCII.

-hadriel


On Jan 21, 2015, at 5:57 AM, Dario Lombardo <dario.lombardo.ml () gmail com> wrote:


Hi list,

Now that the json dissector has became heuristic, I was trying to make wireshark open a native json file, like it is 
able to do it with xml.
What is necessary to make it work other than add a line like 

heur_dissector_add("wtap_file", dissect_json_heur, proto_json);

in the json dissector? I tried to read native file dissectors (like the file-png.c) and non-native (like 
packet-xml.c), but a went to a dead end.
Anyone can help?
Thanks.
Dario.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
            mailto:wireshark-dev-request () wireshark org?subject=unsubscribe


___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: