I created PR https://github.com/FoxIO-LLC/ja4/pull/97 where I managed to build plugin on Linux out of tree. Many distibutions (in my case Debian) provide wireshark-dev package with headers and SO which makes possible to skip build of whole wireshark and build the plugin just in two seconds. Also a useful feature is to install plugin into user's home directory.
Also I made some kind of abstraction layer which works around breaking change in API since version of 4.2.0 - the field_info.value member became a pointer. So I managed to build it against 4.0ish branch.
ftypes-int.h header is internal and is not available in out-of-tree builds. Not sure why you need it - it seems that accessors need to be used if so. Maybe it is required on 4.2.0, but without it I've successesfully built against 4.0 - so I put this include under ifdef. Feel free to delete it if it is not needed.
And honestly I have no idea if out-of-tree builds work on Mac.
Hi there!
I created PR https://github.com/FoxIO-LLC/ja4/pull/97 where I managed to build plugin on Linux out of tree. Many distibutions (in my case Debian) provide wireshark-dev package with headers and SO which makes possible to skip build of whole wireshark and build the plugin just in two seconds. Also a useful feature is to install plugin into user's home directory.
Also I made some kind of abstraction layer which works around breaking change in API since version of 4.2.0 - the field_info.value member became a pointer. So I managed to build it against 4.0ish branch.
ftypes-int.h header is internal and is not available in out-of-tree builds. Not sure why you need it - it seems that accessors need to be used if so. Maybe it is required on 4.2.0, but without it I've successesfully built against 4.0 - so I put this include under ifdef. Feel free to delete it if it is not needed.
And honestly I have no idea if out-of-tree builds work on Mac.