Comment # 4
on bug 12958
from Philippe Rosenfeld
(In reply to Martin Kacer from comment #3)
> If I understood it correctly all the cases are related to duplicated key in
> json output. RFC specification seems not be very clear about the duplicated
> keys. So it depends on the implementation of the json parser.
>
> Currently tshark output copy the structure of pdml output.
>
> 1. ip.addr and tcp.port issue
> I think we can ignore fields in json if they contain hide="yes" in pdml. =>
> This could fix the ip.addr and tcp.port issue and reduce the json size.
>
> 2. 104apci issue
> The 104apci layer seems to be included multiple times and it is in this way
> also interpreted in Wireshark GUI. Therefor I think the duplicated key is
> required in this case. To group it together into some array and we would
> need this information from dissectors. But correct me if I'm wrong or you
> see some better solution.
You are right!
1. Yes we can remove duplicate fields to reduce JSON size and to pass all JSON
validations :)
2. Yes. I tried to check the epan/print.c code and found that we need some
dissector code change to get this.
The big problem is that I reproduced the same behavior in other protocols like
MMS where multi layers per frame is frequent.
It will require a fix per protocol...
You are receiving this mail because:
- You are watching all bug changes.