Merge pull request #263 from vlvkobal/fix-build

Author: vlvkobal

.github/workflows/wireshark-release.yml

@@ -12,9 +12,9 @@ jobs:
     - name: checkout
       uses: actions/checkout@v4
     - name: build
-      run:  cd wireshark/build-scripts && sudo apt update -y && sudo apt install ninja-build -y && sudo ./linux_build.sh 4.4.0
+      run:  cd wireshark/build-scripts && sudo apt update -y && sudo apt install ninja-build -y && sudo ./linux_build.sh v4.6.0
     - name: rename artifact
-      run: cp ./wireshark/build-scripts/wireshark-4.4.0/build/run/plugins/4.4/epan/ja4.so ja4.so.linux
+      run: cp ./wireshark/build-scripts/v4.6.0/build/run/plugins/4.6/epan/ja4.so ja4.so.linux
     - name: upload-linux-ja4
       uses: actions/upload-artifact@v4
       with:
@@ -27,9 +27,9 @@ jobs:
     - name: checkout
       uses: actions/checkout@v4
     - name: build
-      run:  cd wireshark/build-scripts && ./macos_build.sh 4.4.0
+      run:  cd wireshark/build-scripts && ./macos_build.sh v4.6.0
     - name: rename artifact
-      run: cp ./wireshark/build-scripts/wireshark-4.4.0/build/run/Wireshark.app/Contents/PlugIns/wireshark/4-4/epan/ja4.so ja4.so.macos
+      run: cp ./wireshark/build-scripts/v4.6.0/build/run/Wireshark.app/Contents/PlugIns/wireshark/4-6/epan/ja4.so ja4.so.macos
     - name: upload-macos-ja4
       uses: actions/upload-artifact@v4
       with:
@@ -52,7 +52,7 @@ jobs:
       uses: actions/checkout@v4
       with:
           repository: wireshark/wireshark
-          ref: release-4.4
+          ref: v4.6.0
           path: wireshark/build-scripts/wireshark
     - name: add ja4 plugin
       run: copy -r wireshark/source wireshark/build-scripts/wireshark/plugins/epan/ja4
@@ -88,7 +88,7 @@ jobs:
       run: cmake --build . --config RelWithDebInfo
       working-directory: wireshark/build-scripts/wireshark/build
     - name: rename artifact
-      run: cp wireshark/build-scripts/wireshark/build/run/RelWithDebInfo/plugins/4.4/epan/ja4.dll ja4.dll
+      run: cp wireshark/build-scripts/wireshark/build/run/RelWithDebInfo/plugins/4.6/epan/ja4.dll ja4.dll
     - name: upload-windows-ja4
       uses: actions/upload-artifact@v4
       with:

.github/workflows/wireshark-test.yml

@@ -2,11 +2,6 @@ name: Wireshark - Test
 
 on:
   push:
-    branches: [main]
-    paths:
-      - '.github/workflows/wireshark-test.yml'
-      - 'wireshark/**'
-  pull_request:
     paths:
       - '.github/workflows/wireshark-test.yml'
       - 'wireshark/**'
@@ -22,6 +17,7 @@ jobs:
 
       - name: Install required packages
         run: |
+          sudo add-apt-repository ppa:wireshark-dev/stable
           sudo apt update
           sudo apt upgrade -y
           sudo apt -y install \
@@ -38,8 +34,8 @@ jobs:
             | head -n1 \
             | sed -E 's/.* ([0-9]+\.[0-9]+\.[0-9]+).*/\1/')
           PLUGIN_VERSION=$(echo "$TSHARK_VERSION" | cut -d. -f1,2)
-          sudo ./linux_build.sh $TSHARK_VERSION
-          sudo cp wireshark-$TSHARK_VERSION/build/run/plugins/$PLUGIN_VERSION/epan/ja4.so /usr/lib/x86_64-linux-gnu/wireshark/plugins/$PLUGIN_VERSION/epan
+          sudo ./linux_build.sh v$TSHARK_VERSION
+          sudo cp v$TSHARK_VERSION/build/run/plugins/$PLUGIN_VERSION/epan/ja4.so /usr/lib/x86_64-linux-gnu/wireshark/plugins/$PLUGIN_VERSION/epan
         working-directory: wireshark/build-scripts
 
       - name: Run tests

wireshark/README.md

@@ -54,13 +54,13 @@ You can also find binaries for the previous versions of Wireshark in the [binari
 
 ## Building
 
-Navigate to the `build-scripts` directory and run the script corresponding to your system. For example, `linux_build.sh` for Linux. The script will automatically clone Wireshark and build the plugin. The resulting binary can be found in `wireshark-4.4.0/build/run/plugins/4.4/epan/`. It will be named `ja4.so` on Linux or macOS and `ja4.dll` on Windows.
+Navigate to the `build-scripts` directory and run the script corresponding to your system. For example, `linux_build.sh` for Linux. The script will automatically clone Wireshark and build the plugin. The resulting binary can be found in `<relese-tag>/build/run/plugins/4.6/epan/`. It will be named `ja4.so` on Linux or macOS and `ja4.dll` on Windows.
 
 ## Installing JA4+ Plugin
 
 ### Installing Wireshark
 
-The plugin has been tested with Wireshark versions 4.4.0 and 4.2.0 on macOS and Windows, and version 4.0.6 on Linux.
+The plugin has been tested with Wireshark versions 4.6.0, 4.4.0 and, 4.2.0 on macOS and Windows, and version 4.0.6 on Linux.
 
 #### Linux
 
@@ -88,11 +88,11 @@ You can use the `tshark` CLI tool as well. Refer to [Installing tshark](../READM
 
 1. Move and rename `ja4.so` to the global Wireshark plugins directory:  
    ```bash
-   sudo mv ja4.so.linux /usr/lib/x86_64-linux-gnu/wireshark/plugins/4.4/epan/ja4.so
+   sudo mv ja4.so.linux /usr/lib/x86_64-linux-gnu/wireshark/plugins/4.6/epan/ja4.so
    ```
    or  
    ```bash
-   sudo mv ja4.so.linux /usr/lib/wireshark/plugins/4.4/epan/ja4.so
+   sudo mv ja4.so.linux /usr/lib/wireshark/plugins/4.6/epan/ja4.so
    ```
    *(The exact location depends on your system's distribution and Wireshark installation.)*
 2. Start Wireshark.
@@ -113,7 +113,7 @@ You can use the `tshark` CLI tool as well. Refer to [Installing tshark](../READM
 
 1. Copy `ja4.dll` to the global Wireshark plugins directory:  
    ```txt
-   C:\Program Files\Wireshark\plugins\4.4\epan\
+   C:\Program Files\Wireshark\plugins\4.6\epan\
    ```
 2. Start Wireshark.
 

wireshark/build-scripts/linux_build.sh

@@ -7,19 +7,19 @@
 
 VER=$1
 
-if [ -x $VER ]
-then echo "Enter a wireshark version (supported versions) => 4.0.3, 4.0.6, 4.0.10, 4.2.0"; exit
+if [ -z $VER ]
+then echo "Enter a wireshark version (e.g. wireshark-4.4.0, v4.6.0)"; exit
 fi
 
-if [ ! -d wireshark-$VER ]
+if [ ! -d $VER ]
 then
-	echo "fetching wireshark sources with tag => tags/wireshark-$VER"
-	git clone -o upstream --branch wireshark-$VER https://gitlab.com/wireshark/wireshark.git --depth=5000
-	mv wireshark wireshark-$VER
+	echo "fetching wireshark sources with tag => tags/$VER"
+	git clone -o upstream --branch $VER https://gitlab.com/wireshark/wireshark.git --depth=5000
+	mv wireshark $VER
 fi
 
-cd wireshark-$VER
-git checkout tags/wireshark-$VER
+cd $VER
+git checkout tags/$VER
 rm -rf ./plugins/epan/ja4
 cp -r ../../source ./plugins/epan/ja4
 mv CMakeListsCustom.txt.example CMakeListsCustom.txt

wireshark/build-scripts/macos_build.sh

@@ -7,23 +7,24 @@
 
 VER=$1
 
-if [ -x $VER ]
-then echo "Enter a wireshark version (supported versions) => 4.0.3, 4.0.6, 4.0.10, 4.2.0"; exit
+if [ -z $VER ]
+then echo "Enter a wireshark version (e.g. wireshark-4.4.0, v4.6.0)"; exit
 fi
 
-if [ ! -d wireshark-$VER ]
+if [ ! -d $VER ]
   then
-    echo "fetching wireshark sources with tag => tags/wireshark-$VER"
-    git clone -o upstream --branch wireshark-$VER https://gitlab.com/wireshark/wireshark.git --depth=5000
-    mv wireshark wireshark-$VER
-    cd wireshark-$VER
-    git checkout tags/wireshark-$VER
+    echo "fetching wireshark sources with tag => tags/$VER"
+    git clone -o upstream --branch $VER https://gitlab.com/wireshark/wireshark.git --depth=5000
+    mv wireshark $VER
+    cd $VER
+    git checkout tags/$VER
 
     # Prep for macos using wireshark's prep script
     ./tools/macos-setup-brew.sh
+    brew install speexdsp
     brew install qt5
   else
-    cd wireshark-$VER
+    cd $VER
 fi
 
 rm -rf ./plugins/epan/ja4

wireshark/test/testdata/CVE-2018-6794.pcap.json

@@ -1,7 +1,6 @@
 [
   {
     "_index": "packets-2018-01-17",
-    "_type": "doc",
     "_score": null,
     "_source": {
       "layers": {
@@ -16,7 +15,6 @@
   },
   {
     "_index": "packets-2018-01-17",
-    "_type": "doc",
     "_score": null,
     "_source": {
       "layers": {
@@ -31,7 +29,6 @@
   },
   {
     "_index": "packets-2018-01-17",
-    "_type": "doc",
     "_score": null,
     "_source": {
       "layers": {
@@ -52,7 +49,6 @@
   },
   {
     "_index": "packets-2018-01-17",
-    "_type": "doc",
     "_score": null,
     "_source": {
       "layers": {
@@ -67,7 +63,6 @@
   },
   {
     "_index": "packets-2018-01-17",
-    "_type": "doc",
     "_score": null,
     "_source": {
       "layers": {
@@ -82,7 +77,6 @@
   },
   {
     "_index": "packets-2018-01-17",
-    "_type": "doc",
     "_score": null,
     "_source": {
       "layers": {
@@ -103,7 +97,6 @@
   },
   {
     "_index": "packets-2018-01-17",
-    "_type": "doc",
     "_score": null,
     "_source": {
       "layers": {
@@ -118,7 +111,6 @@
   },
   {
     "_index": "packets-2018-01-17",
-    "_type": "doc",
     "_score": null,
     "_source": {
       "layers": {

wireshark/test/testdata/badcurveball.pcap.json

@@ -1,7 +1,6 @@
 [
   {
     "_index": "packets-2020-01-17",
-    "_type": "doc",
     "_score": null,
     "_source": {
       "layers": {
@@ -16,7 +15,6 @@
   },
   {
     "_index": "packets-2020-01-17",
-    "_type": "doc",
     "_score": null,
     "_source": {
       "layers": {
@@ -31,7 +29,6 @@
   },
   {
     "_index": "packets-2020-01-17",
-    "_type": "doc",
     "_score": null,
     "_source": {
       "layers": {
@@ -49,7 +46,6 @@
   },
   {
     "_index": "packets-2020-01-17",
-    "_type": "doc",
     "_score": null,
     "_source": {
       "layers": {
@@ -69,7 +65,6 @@
   },
   {
     "_index": "packets-2020-01-17",
-    "_type": "doc",
     "_score": null,
     "_source": {
       "layers": {

wireshark/test/testdata/browsers-x509.pcapng.json

@@ -1,7 +1,6 @@
 [
   {
     "_index": "packets-2023-08-09",
-    "_type": "doc",
     "_score": null,
     "_source": {
       "layers": {
@@ -16,7 +15,6 @@
   },
   {
     "_index": "packets-2023-08-09",
-    "_type": "doc",
     "_score": null,
     "_source": {
       "layers": {
@@ -31,7 +29,6 @@
   },
   {
     "_index": "packets-2023-08-09",
-    "_type": "doc",
     "_score": null,
     "_source": {
       "layers": {
@@ -57,7 +54,6 @@
   },
   {
     "_index": "packets-2023-08-09",
-    "_type": "doc",
     "_score": null,
     "_source": {
       "layers": {
@@ -81,7 +77,6 @@
   },
   {
     "_index": "packets-2023-08-09",
-    "_type": "doc",
     "_score": null,
     "_source": {
       "layers": {
@@ -96,7 +91,6 @@
   },
   {
     "_index": "packets-2023-08-09",
-    "_type": "doc",
     "_score": null,
     "_source": {
       "layers": {
@@ -111,7 +105,6 @@
   },
   {
     "_index": "packets-2023-08-09",
-    "_type": "doc",
     "_score": null,
     "_source": {
       "layers": {
@@ -129,7 +122,6 @@
   },
   {
     "_index": "packets-2023-08-09",
-    "_type": "doc",
     "_score": null,
     "_source": {
       "layers": {
@@ -149,7 +141,6 @@
   },
   {
     "_index": "packets-2023-08-09",
-    "_type": "doc",
     "_score": null,
     "_source": {
       "layers": {
@@ -173,7 +164,6 @@
   },
   {
     "_index": "packets-2023-08-09",
-    "_type": "doc",
     "_score": null,
     "_source": {
       "layers": {
@@ -188,7 +178,6 @@
   },
   {
     "_index": "packets-2023-08-09",
-    "_type": "doc",
     "_score": null,
     "_source": {
       "layers": {
@@ -203,7 +192,6 @@
   },
   {
     "_index": "packets-2023-08-09",
-    "_type": "doc",
     "_score": null,
     "_source": {
       "layers": {
@@ -221,7 +209,6 @@
   },
   {
     "_index": "packets-2023-08-09",
-    "_type": "doc",
     "_score": null,
     "_source": {
       "layers": {
@@ -243,7 +230,6 @@
   },
   {
     "_index": "packets-2023-08-09",
-    "_type": "doc",
     "_score": null,
     "_source": {
       "layers": {
@@ -267,7 +253,6 @@
   },
   {
     "_index": "packets-2023-08-09",
-    "_type": "doc",
     "_score": null,
     "_source": {
       "layers": {