Releases: FoxIO-LLC/ja4
Releases · FoxIO-LLC/ja4
ja4-wireshark-plugins-2025.08.07.35
Add ja4l_delta and ja4ls_delta derived fields to JA4 wireshark plugin…
ja4-wireshark-plugins-2025.08.05.37: Wireshark: minor tweaks to wmem_strbuf use (#241)
Minor changes to some cases of how wmem strbufs are used. There is minimal performance benefit, but hopefully improved code clarity. Replace `wmem_strbuf_append_printf(buf, "%s", str)` with `wmem_strbuf_append(buf, str)`. Replace `wmem_strbuf_append_printf(buf, "%c", c)` with `wmem_strbuf_append_c(buf, c)`. These changes avoid the overhead of parsing a printf format string when it's redundant. Use `wmem_strbuf_dup()` to duplicate a strbuf instead of `wmem_strbuf_new(..., wmem_strbuf_get_str(oldbuf))` for slight improvement in readability. (This change may cause a conflict with #240 that is trivial to resolve.) Use `wmem_strbuf_finalize()` when getting the final value of a strbuf. For strings allocated in the file scope, this reduces the memory used by the final string. The function is effectively a no-op for strings allocated in the packet scope, but still makes clear to future readers when a string is expected to undergo no further changes.
ja4-wireshark-plugins-2025.08.05.35
Update copyright year (#242)
v0.18.7
Update README.md
ja4-wireshark-plugins-2025.07.29.13
Update README.md
ja4-wireshark-plugins-2025.07.28.11: Add JA4D fingerprint to Wireshark plugin (#238)
* Add ja4d fingerprint * Handle special cases * Add pcap files for testing * Handle empty options * Remove pcap files
v0.18.6
Added Google Cloud to vendor list
ja4-wireshark-plugins-2025.05.27.13
Remove unused functions (#231)
ja4-wireshark-plugins-2025.05.27.12
Remove unused functions (#231)
ja4-wireshark-plugins-2025.05.26.58: Wireshark: avoid wmem_packet_scope() (#229)
Remove all references to `wmem_packet_scope()`. This protects the plugin against [planned improvements][1] to Wireshark memory management. In `dissect_ja4()` and `init_ja4_data()`, directly replace `wmem_packet_scope()` with `pinfo->pool`. The two are effectively the same. For `decode_http_lang()` and `wmem_list_to_str()`, add an argument to the function signature which is a `wmem_allocator_t *`. Call `decode_http_lang()` with `pinfo->pool` as the value for this argument. `wmem_list_to_str()` only seems to be called by `ja4()` and `ja4_r()`, and neither of those currently appear to be called by anything. For now, I've made them pass `wmem_file_scope()` for the new argument of `wmem_list_to_str()` since that's the scope they use for most of their other work. [1]: https://lists.wireshark.org/archives/wireshark-dev/202107/msg00052.html