Parsing of large user configuration files for a Dissector (Using UAT, JSON or XML)

["Peimann, Jannis" <jannis.peimann () continental-corporation com>]

Hello together,

currently I investigate the various possibilities in Wireshark to parse large user created config files for my VLAN PDU 
dissector.
Each PDU has it’s on configuration with several columns and multiple rows, so files getting large with an increasing 
number of PDUs.

The idea is to check the performance differences between the different possibilities of config files (UAT .csv like, 
xml and json).
I think it is important to mention that it is not important to change the entries during the runtime of Wireshark, like 
it is possible with so called UATs (User Access Tables).


In the following I would like to give you an overview what I know so far, maybe you could correct me if I’m wrong or 
missed something.


  1.  User Access Tables (UAT):
I am already able to work with this kind of configuration files. For this I took a look inside packet-someip.c and did 
it the same way.
UATs are only meant for short tables of user data, there is no quick access and I have to iterate through them each 
time to fetch the record I am looking for.
For this I was looking in the uat.h and uat.c files.
This files are formatted like *.csv files.


  1.  JSON Files:
I saw that Wireshark has its own JSON Dissector but this is more for reading in JSON messages/ message-files and 
displaying them in a nice way or export them in JSON format.
I took a look on the following files: packet-json.c, wsjson.c and wsjson.h, jsmn.c and jsmn.h. Also at json_dumper.c.
Is there a recommended way to read in a JSON Configuration File instead of an UAT Configuration File, and do nearly the 
same, or do I have to implemented this on my own?


  1.  XML Files:
The Diameter Dissector is working with .xml files in the diameter directory.
For this I took a look on the following files: packet-diameter.c, packet-diameter.h, diam_dict.l, diam_dict.h and 
packet-diameter_3gpp.h
For me it seams possible to adapt this concept used here and change it for my own needs.
Do you think it is realistic? Maybe there is an more easy way, that you would prefer.


In general my question is:
Is there a native preferred Wireshark way to read in large configuration files for dissectors, without the need to 
change them during runtime?
If so, what would be that way?
Or do I have to implement something like this on my own? Would be great if a framework for this is already inside 
Wireshark, that doesn’t need much time to understand.


Thanks in advance for your help. I searched the Readmes for that, but was not able to find something for parsing 
different Configuration File formats.


Best regards,

Jannis Peimann


___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe