Wireshark-bugs: [Wireshark-bugs] [Bug 12958] New: Wrong JSON format returned by new -T json feat
Date: Wed, 28 Sep 2016 07:54:37 +0000
Bug ID | 12958 |
---|---|
Summary | Wrong JSON format returned by new -T json feature |
Product | Wireshark |
Version | 2.2.0 |
Hardware | x86 |
OS | All |
Status | UNCONFIRMED |
Severity | Major |
Priority | Low |
Component | Dissection engine (libwireshark) |
Assignee | [email protected] |
Reporter | [email protected] |
Created attachment 14954 [details] The protocol 104 pcap example Build Information: Both windows and Debian problem On Windows: =========== Version 2.2.0 (v2.2.0-0-g5368c50 from master-2.2) Copyright 1998-2016 Gerald Combs <[email protected]> and contributors. License GPLv2+: GNU GPL version 2 or later <http://www.gnu.org/licenses/old-licenses/gpl-2.0.html> This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Compiled (64-bit) with Qt 5.3.2, with WinPcap (4_1_3), with GLib 2.42.0, with zlib 1.2.8, with SMI 0.4.8, with c-ares 1.11.0, with Lua 5.2.4, with GnuTLS 3.2.15, with Gcrypt 1.6.2, with MIT Kerberos, with GeoIP, with QtMultimedia, with AirPcap. Running on 64-bit Windows 7 Service Pack 1, build 7601, with locale English_United States.1252, with WinPcap version 4.1.3 (packet.dll version 4.1.0.2980), based on libpcap version 1.0 branch 1_0_rel0b (20091008), with GnuTLS 3.2.15, with Gcrypt 1.6.2, without AirPcap. Intel(R) Core(TM) i5-5200U CPU @ 2.20GHz (with SSE4.2), with 16259MB of physical memory. Built using Microsoft Visual C++ 12.0 build 40629 Wireshark is Open Source Software released under the GNU General Public License. Check the man page and http://www.wireshark.org for more information. On Debian: ========== TShark (Wireshark) 2.2.0 (v2.2.0-1160-gae596fa from unknown) Copyright 1998-2016 Gerald Combs <[email protected]> and contributors. License GPLv2+: GNU GPL version 2 or later <http://www.gnu.org/licenses/old-licenses/gpl-2.0.html> This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Compiled (64-bit) with libpcap, with POSIX capabilities (Linux), with libnl 3, with GLib 2.42.1, with zlib 1.2.8, with SMI 0.4.8, with c-ares 1.10.0, with Lua 5.2.3, with GnuTLS 3.3.8, with Gcrypt 1.6.3, with MIT Kerberos, with GeoIP. Running on Linux 3.16.0-4-amd64, with locale en_US.utf8, with libpcap version 1.6.2, with GnuTLS 3.3.8, with Gcrypt 1.6.3, with zlib 1.2.8. Intel(R) Xeon(R) CPU E5-2670 0 @ 2.60GHz (with SSE4.2) Built using gcc 4.9.2. -- JSON format does not support same key name at the same level. So we cannot use the same PDML epan/print.c code and convert it to JSON epam/print.c code without big changes. For example the attached file iec104.pcap file gives the attached iec104.json file that is not passing JSON validation ( for example at site: http://jsonlint.com/) The first family error is: SyntaxError: Duplicate key 'ip.addr' on line 66 This is due that in the ip dissector, not like in the ethernet dissector, ip.src and ip.dst or not separated sub nodes of ip but at the same level, so we have twice the ip.addr entries: one for ip.dst and one for ip.src. Same problem in the tcp layer SyntaxError: Duplicate key 'tcp.port' on line 74 Maybe there is the same problem in the udp layer, I did not checked. The third family problem that is for all other protocols: SyntaxError: Duplicate key '104apci' on line 236 This IP frame contains multi same layers information: we have twice 104apci and twice 104asdu. Import note: The same bug occurs for MMS, and other protocols JSON is expected an array containing several object with the same name: >From site: http://www.w3schools.com/js/js_json_intro.asp The following JSON {"employees":[ {"firstName":"John", "lastName":"Doe"}, {"firstName":"Anna", "lastName":"Smith"}, {"firstName":"Peter", "lastName":"Jones"} ]} is equal to the following XML: <employees> <employee> <firstName>John</firstName> <lastName>Doe</lastName> </employee> <employee> <firstName>Anna</firstName> <lastName>Smith</lastName> </employee> <employee> <firstName>Peter</firstName> <lastName>Jones</lastName> </employee> </employees>
You are receiving this mail because:
- You are watching all bug changes.
- Follow-Ups:
- [Wireshark-bugs] [Bug 12958] Wrong JSON format returned by new -T json feature
- From: bugzilla-daemon
- [Wireshark-bugs] [Bug 12958] Wrong JSON format returned by new -T json feature
- From: bugzilla-daemon
- [Wireshark-bugs] [Bug 12958] Wrong JSON format returned by new -T json feature
- From: bugzilla-daemon
- [Wireshark-bugs] [Bug 12958] Wrong JSON format returned by new -T json feature
- Prev by Date: [Wireshark-bugs] [Bug 12956] checkAPIs.pl sees shadow variable where there is none
- Next by Date: [Wireshark-bugs] [Bug 12958] Wrong JSON format returned by new -T json feature
- Previous by thread: [Wireshark-bugs] [Bug 12957] Buildbot crash output: randpkt-2016-09-27-25510.pcap
- Next by thread: [Wireshark-bugs] [Bug 12958] Wrong JSON format returned by new -T json feature
- Index(es):
- Get Wireshark
- Download
- Code of Conduct