Wireshark-dev: [Wireshark-dev] Parsing of large user configuration files for a Dissector (Using
Date: Wed, 8 Apr 2020 10:44:00 +0000

Hello together,

 

currently I investigate the various possibilities in Wireshark to parse large user created config files for my VLAN PDU dissector.

Each PDU has it’s on configuration with several columns and multiple rows, so files getting large with an increasing number of PDUs.

 

The idea is to check the performance differences between the different possibilities of config files (UAT .csv like, xml and json).

I think it is important to mention that it is not important to change the entries during the runtime of Wireshark, like it is possible with so called UATs (User Access Tables).

 

 

In the following I would like to give you an overview what I know so far, maybe you could correct me if I’m wrong or missed something.

 

  1. User Access Tables (UAT):

I am already able to work with this kind of configuration files. For this I took a look inside packet-someip.c and did it the same way.

UATs are only meant for short tables of user data, there is no quick access and I have to iterate through them each time to fetch the record I am looking for.

For this I was looking in the uat.h and uat.c files.

This files are formatted like *.csv files.

 

  1. JSON Files:

I saw that Wireshark has its own JSON Dissector but this is more for reading in JSON messages/ message-files and displaying them in a nice way or export them in JSON format.

I took a look on the following files: packet-json.c, wsjson.c and wsjson.h, jsmn.c and jsmn.h. Also at json_dumper.c.

Is there a recommended way to read in a JSON Configuration File instead of an UAT Configuration File, and do nearly the same, or do I have to implemented this on my own?

 

  1. XML Files:

The Diameter Dissector is working with .xml files in the diameter directory.

For this I took a look on the following files: packet-diameter.c, packet-diameter.h, diam_dict.l, diam_dict.h and packet-diameter_3gpp.h

For me it seams possible to adapt this concept used here and change it for my own needs.

Do you think it is realistic? Maybe there is an more easy way, that you would prefer.

 

 

In general my question is:

Is there a native preferred Wireshark way to read in large configuration files for dissectors, without the need to change them during runtime?

If so, what would be that way?

Or do I have to implement something like this on my own? Would be great if a framework for this is already inside Wireshark, that doesn’t need much time to understand.

 

 

Thanks in advance for your help. I searched the Readmes for that, but was not able to find something for parsing different Configuration File formats.

 

 

Best regards,

 

Jannis Peimann