Re: [Wireshark-dev] JSON as mime type

Wed, 21 Jan 2015 08:11:13 -0800 

It doesn't look like that's enough. A MIME file type is read by 
wiretap/mime-file.c, and it appears to look for a magic string at the beginning 
of the file to decide it's a mime file type. Since a json file won't match any 
of those magic strings, the file won't be opened as a mime file type.

I don't know how good the jsmn parse check is, but I suppose you could call it 
from within mime_file_open() after the magic check doesn't match, by reading in 
the whole file into string and trying the jsmn parse. Does jsmn parse() return 
false if it can't parse the *entire* string as JSON,  or will it return true if 
it can parse even just the first newline-terminated line as JSON?

BTW, there's a bug in dissect_json_heur() in packet-json.c, where it calls 
tvb_get_string_enc() as ENC_ASCII, because I believe JSON is UTF-8 not ASCII.

-hadriel


On Jan 21, 2015, at 5:57 AM, Dario Lombardo <dario.lombardo...@gmail.com> wrote:

> Hi list,
> 
> Now that the json dissector has became heuristic, I was trying to make 
> wireshark open a native json file, like it is able to do it with xml.
> What is necessary to make it work other than add a line like 
> 
> heur_dissector_add("wtap_file", dissect_json_heur, proto_json);
> 
> in the json dissector? I tried to read native file dissectors (like the 
> file-png.c) and non-native (like packet-xml.c), but a went to a dead end.
> Anyone can help?
> Thanks.
> Dario.
> ___________________________________________________________________________
> Sent via:    Wireshark-dev mailing list <wireshark-dev@wireshark.org>
> Archives:    http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>             mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@wireshark.org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Reply via email to