Fixing #12958 (Duplicated keys in -T json output)

[Daan De Meyer <daan.j.demeyer () gmail com>]

Hello,

Right now to use the tshark -T json output in a project I have to use a
streaming json parser in order to avoid values of duplicated keys being
overwritten. Using a standard json parser like JavaScript's JSON.parse()
results in only the last value of the duplicated key being available in the
resulting json. This is not ideal and I'd like to fix this bug so I can use
JSON.parse() instead of a streaming json parser to read tshark's json
output.

The way I work around the problem at the moment is by intercepting each
duplicated key/value before it gets overwritten and storing the value next
to the duplicated key values as an array with the same key with the
"_array" suffix.

I'd solve the problem in wireshark in a similar way. A duplicate key in the
current output would only be written once (in the object) and its value
would be a json array containing all different values for the key. A simple
suffix like "_array" or "s" could be added to the key in order to clearly
indicate the key has mulitple values.

My current workaround with a streaming json parser does the same thing and
this has worked for the ip, tcp, http and http/2 tshark json output.
However, I don't know if there are other protocols where this approach
would not work.

Would this be a good solution for the problem or am I missing something?

Regards,

Daan

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe