Skip to content

Refactor nettrace reader to allow opening larger files (#17009)

David Perry requested to merge boolean263/wireshark:nettrace-refactor into master

The old behaviour of the 3GPP 32.423 nettrace reader is to read the entire file into memory at once; provide the XML tree as the first packet; and then parse individual <msg> elements into data for subsequent packets. It did this by writing to a temporary pcapng file and parsing that.

This change eliminates the fake first packet with the entire file contents, so the limit on the file size is effectively removed. Users wishing to see the original data can view the nettrace file in a text editor, or using the File Format view in Wireshark.

It also removes the intermediary pcapng file, and writes "Exported PDU" packets directly into wiretap's read buffer. The old functions create_temp_pcapng_file() and write_packet_data() had logic that has been relocated largely unchanged into the new function nettrace_msg_to_packet().

Also includes some "code smell" fixes:

  • Removes some #defines that were copied from epan/exported_pdu.h, and uses them directly from that file
  • Removes some magic numbers that were explicitly from epan/exported_pdu.h, and uses macros from that file
  • Where a constant string was used in eg. a strstr() and the subsequent line had a magic constant for the length of that string, replace the string with a static const guchar [] and use sizeof() on it to show where the length calculation comes from (this change should have no performance impact on modern optimizing compilers)
  • Use direct pointer math instead of indexing into a byte array when generating the exported-pdu data
  • Use g_strstr_len() and similar in place of strstr() to remove the need to insert string terminators into the data

Resolves #17009 (closed).

Possible follow-up changes related to this MR:

  • The code to generate exported-pdu data largely duplicates what's in epan/exported_pdu.h; but see https://www.wireshark.org/lists/wireshark-dev/202012/msg00017.html
  • The code to parse a ISO 8601 date-time string into a nstime_t resembles code in tvb_get_string_time() (epan/tvbuff.c); perhaps code from both places could be rationalized into wsutil/nstime.c

Merge request reports