Wireshark-dev: [Wireshark-dev] Changing the JSON library and making it required
From: Peter Wu <peter@xxxxxxxxxxxxx>
Date: Wed, 14 Nov 2018 13:42:23 +0100
Hi,

A patch is currently being proposed to add a dependency on a JSON
library (json-glib): https://code.wireshark.org/review/28494

Wireshark currently depends on a JSON decoder (jsmn, bundled) encoder
and encoder (json-glib, extra dependency). History:

- v1.99.2rc0-753-gf53be88408 initially added the JSMN parser to enable
  validation in the JSON heuristics dissector to check for valid JSON
  (parsed tokens are ignored).
- v1.99.3rc0-172-gbd911096bd added a new JSON file dissector, again
  again useo f the jsmn parser is limited to validity checking.
- v2.3.0rc0-2126-ge2930f3b78 added sharkd which uses jsmn for parsing
  commands.
- v2.9.0rc0-201-g511c2e166a added the "tshark -G elastic-mapping"
  command which needs a JSON writer, currently provided by json-glib.

It turns out that json-glib has quite some dependencies. It additionally
depends on GIO and GObject, both of them have additional transitive
dependencies (libffi, libresolv on Linux, potentially libselinux and
libmount depending on GLib configuration). This is a hurdle for oss-fuzz
which requires libraries to be statically linked:
https://github.com/google/oss-fuzz/blob/master/docs/fuzzer_environment.md

I would like to reduce avoidable dependencies, especially if a feature
becomes mandatory. Therefore I am proposing to replace json-glib.
Requirements:

- easy to integrate with oss-fuzz (no large dependencies).
- available through supported platforms (macOS brew,
  Debian/Ubuntu/RHEL/...).
- Reasonable, stable API/ABI.

There are tons of C libraries, here is a brief survey:

- json-glib https://wiki.gnome.org/Projects/JsonGlib
  Has extra dependencies.
  Available since: Ubuntu 14.04, CentOS 6
  Required by 2 brew packages: https://brewformulas.org/Json-glib
  Docs: https://developer.gnome.org/json-glib/1.2/

- json-c https://github.com/json-c/json-c
  Symbols have been removed which required an ABI bump:
  https://abi-laboratory.pro/?view=timeline&l=json-c
  Ubuntu 14.04-16.04 has libjson-c2, Ubuntu >= 17.10 has libjson-c3.
  Required by 8 brew packages: https://brewformulas.org/Json-c
  Docs: http://json-c.github.io/json-c/

- jansson https://github.com/akheron/jansson
  Available since: Ubuntu 14.04, CentOS 6
  Required by 3 brew packages: https://brewformulas.org/Json-c
  Docs and Example: https://jansson.readthedocs.io/en/2.11/tutorial.html

- Avoid external JSON libraries and write/bundle our own JSON encoder.
  epan/proto.c has a fixed structure, so all we need is a library
  routine that can encode a string for JSON. sharkd already has a
  json_puts_string for this purpose which we might reuse.

The last option looks very appealing... Any objections against such a
transition?
-- 
Kind regards,
Peter Wu
https://lekensteyn.nl