First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

invalid json request to tshark

I've upgraded wireshark 3.4 -> 3.6 and the protocol for sharkd has changed. I am doing cat contrib/info.json | socat UNIX-CONNECT:/tmp/sharkd.sock - which returns

 {"jsonrpc":"2.0","id":0,"error":`{"code":-32600,"message":"Invalid JSON(2)"}}`

I can't find how it is invalid.

for the following info.json:

 {
   "jsonrpc": "2.0"
  , "id": 1
  , "method":"info"
}

I've got a similar issue with the following json

{
    "method":"load"
  , "jsonrpc": "2.0"
  , "id" : 1
  , "params" : {
      "file": "/home/teto/tcp/client_2_cleaned.pcapng"
  }
}

NB: the doc at https://wiki.wireshark.org/Developmen... seems out of date

teto's avatar
3
teto
asked 2021-12-31 10:13:04 +0000
edit flag offensive 0 remove flag close merge delete

Comments

There have been several changes to the Wiki since the move to Gitlab in 2020.
There used to be links from the old to the new but looks like they got dropped when the old wiki was turned into a static site. Current wiki here:
sharkd

Chuckc's avatar Chuckc (2021-12-31 15:13:58 +0000) edit
more
  • delete

thanks for the link, looks like it is the same outdated documentation. I dont mind because I tend to look at the source anyway and the sharkd*.c files are easy to read. So I've dived a bit deeper and if I convert info.json to a one line string it works :s so it seems newlines are not accepted by sharkd ?!

teto's avatar teto (2021-12-31 15:51:14 +0000) edit
more
  • delete

17235: sharkd: Align the API with JSON-RPC 2.0
Maybe @PaulOfford has input on the changes?

Chuckc's avatar Chuckc (2021-12-31 15:59:40 +0000) edit
more
  • delete 
$ ./sharkd -v | head -2
Sharkd (Wireshark) 3.5.0rc0-2079-g4ddae6850824 (Git commit d71813fb0a05)

$ cat /tmp/info.json
{
   "jsonrpc": "2.0"
  , "id": 1
  , "method":"info"
}
$ cat /tmp/info.json | ./sharkd -
Hello in child.
invalid JSON(2) -> closing
$
$ cat /tmp/info_1_line.json
{ "jsonrpc": "2.0" , "id": 1 , "method":"info" }
$
$ cat /tmp/info_1_line.json | ./sharkd -
Hello in child.
sanity check(4): no "req".
$
Chuckc's avatar Chuckc (2021-12-31 16:25:22 +0000) edit
more
  • delete

thanks for trying. You should try my instructions with 3.6 though as the protocol changed, "req" is the old protocol.

teto's avatar teto (2021-12-31 16:28:48 +0000) edit
more
  • delete
add a comment see more comments

2 Answers

0

sharkd-requests
The entire requests must be on a single line

Chuckc's avatar
3k
Chuckc
answered 2021-12-31 16:45:04 +0000
edit flag offensive 0 remove flag delete link
more

Comments

If you want to transform multiline json to single line json, you could use jq.

$ cat info.json 
{
   "jsonrpc": "2.0"
  , "id": 1
  , "method":"info"
}
$ jq -c "." info.json 
{"jsonrpc":"2.0","id":1,"method":"info"}
rickhg12hs's avatar rickhg12hs (2021-12-31 17:31:31 +0000) edit
more
  • delete

I used cat contrib/load-pcap.json | tr -d '\n' instead. I found another issue: the order of parameters in the json file matters ! if you pass the "params" before the "method" for isntance, you get an error :s

teto's avatar teto (2021-12-31 22:02:39 +0000) edit
more
  • delete
add a comment see more comments
0

I had no idea that this had been merged. I waited a couple of months and then assumed it wasn’t going to be accepted. I’m really pleased it’s now merged.

I didn’t really change the parser code; I just carried over the parser from the previous version. I was trying to keep the number of code line changes to a minimum. The old version didn’t support multi line commands and so neither does the new version.

It’s also true that the method must come before the parameters and I think that is down to me. It was quite tricky to differentiate between methods and parameters using the existing parser.

The bottom line is that the parser needs re-writing. The workaround is keep the method and parameters in order.

PaulOfford's avatar
141
PaulOfford
answered 2022-01-01 07:46:26 +0000
edit flag offensive 0 remove flag delete link
more

Comments

thanks for working on it. I seem to find other issues like a simple status is taken into account but then displays an error :/ 

➜ cat status.json | socat UNIX-CONNECT:/tmp/sharkd.sock -   
{"jsonrpc":"2.0","id":1,"result":{"frames":0,"duration":0.000000000}}
{"jsonrpc":"2.0","id":1,"error":{"code":-32600,"message":"Invalid JSON(1)"}}

with { "method": "status" , "jsonrpc": "2.0" , "id" : 1}

Also even after successfully loading a pcap, I can't get any result for a frame or analyze request: {"jsonrpc":"2.0","id":1,"result":{"frames":0,"protocols":[]} It's as if nothing was loaded. Do you know a software out there that leverages sharkd so that I can compare my implementation. Should the id be increased for each request ? what does the ":id" field stand for ?

teto's avatar teto (2022-01-01 22:47:35 +0000) edit
more
  • delete
add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer