Wireshark pedantry fixes #128
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Changes that hopefully bring the Wireshark plugin closer to the standard against which core Wireshark dissectors are held. Tested on an in-tree Linux build of Wireshark 4.2's `master` branch. Change return type of `timediff()` from `int` to `long` to prevent compiler warning about shortening a `long` into an `int`. (Such warnings are fatal for core dissectors.) Tweak printf-style functions which use the return value of `timediff()` to use the `PRId64` format specifier, due to the previous change. Add include of `<wireshark.h>` (see which for its use). Remove redundant and unused header includes. Replace "forbidden" API call (as defined by Wireshark's `tools/checkAPIs.pl`) `isascii()` with `g_ascii_isalnum()`, and replace `isspace()` with `g_ascii_isspace()`. Replace uses of `get_value_ptr(field)->value.uinteger` with `fvalue_get_uinteger(get_value_ptr(field))` for consistency with other places in this plugin, and to insulate against recent Wireshark changes which have removed the `value.uinteger` member in favour of `value.uinteger64`. With these changes, the plugin compiles without warnings, and passes all of the checks made by Wireshark's `tools/check_dissector.py` except for `tools/checkfiltername.pl` which doesn't like that the field names all start with `ja4.ja4` ; this seems acceptable given JA4's naming conventions.
noeltimothy
approved these changes
Jun 18, 2024
Boolean263
added a commit
to Boolean263/ja4
that referenced
this pull request
Dec 10, 2024
Fix a crash when fetching `ssh.direction` caused by using the wrong function in FoxIO-LLC#128. `fvalue_get_uinteger()` doesn't support the `FT_BOOLEAN` field, but `fvalue_get_uinteger64()` does. Fix a crash in `locate_tree()` when the first child of the passed-in tree is non-null but has a null `finfo` member. These fixes allow the plugin to pass the test suite on the current main branch (`master`) of Wireshark when built as an in-tree plugin.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Changes that hopefully bring the Wireshark plugin closer to the standard against which core Wireshark dissectors are held. Tested on an in-tree Linux build of Wireshark 4.2's
masterbranch.Change return type of
timediff()frominttolongto prevent compiler warning about shortening alonginto anint. (Such warnings are fatal for core dissectors.)Tweak printf-style functions which use the return value of
timediff()to use thePRId64format specifier, due to the previous change.Add include of
<wireshark.h>(see which for its use). Remove redundant and unused header includes.Replace "forbidden" API call (as defined by Wireshark's
tools/checkAPIs.pl)isascii()withg_ascii_isalnum(), and replaceisspace()withg_ascii_isspace().Replace uses of
get_value_ptr(field)->value.uintegerwithfvalue_get_uinteger(get_value_ptr(field))for consistency with other places in this plugin, and to insulate against recent Wireshark changes which have removed thevalue.uintegermember in favour ofvalue.uinteger64.With these changes, the plugin compiles without warnings, and passes all of the checks made by Wireshark's
tools/check_dissector.pyexcept fortools/checkfiltername.plwhich doesn't like that the field names all start withja4.ja4; this seems acceptable given JA4's naming conventions.