Wireshark: use int64_t for timediff (#161)

Change the return value of `timediff()` from a `long` to a `int64_t` for improved portability. Removes the need for typecasting its return value in `printf`-type functions. Also use Wireshark's built-in `nstime_delta()` function to calculate the actual time difference. Closes #133
FoxIO-LLC · Sep 10, 2024 · 170d01c · 170d01c
1 parent 0aec93c
commit 170d01c
Showing 1 changed file with 7 additions and 14 deletions.
diff --git a/wireshark/source/packet-ja4.c b/wireshark/source/packet-ja4.c
@@ -243,18 +243,11 @@ wmem_map_t *conn_hash = NULL; // = wmem_map_new(wmem_file_scope(), g_direct_hash
 wmem_map_t *quic_conn_hash = NULL; // Added for JA4L on quic
 wmem_map_t *packet_table = NULL;
 
-static long timediff(nstime_t *current, nstime_t *prev)
+static int64_t timediff(nstime_t *current, nstime_t *prev)
 {
     nstime_t result;
-    result.secs  = current->secs  - prev->secs;
-    result.nsecs = current->nsecs - prev->nsecs;
-    if (result.nsecs < 0) {
-        --result.secs;
-        result.nsecs += 1000000000L;
-    }
-    float nsecs = ((float)result.nsecs / 1000000000);
-    long diff = result.secs + (((nsecs - floor(nsecs))> 0.5) ? 1 : 0);
-    return diff;
+    nstime_delta(&result, current, prev);
+    return (int64_t)(round(nstime_to_sec(&result)));
 }
 
 pkt_info_t *packet_table_lookup (int frame_number) {
@@ -673,15 +666,15 @@ char *ja4t (ja4t_info_t *data, conn_info_t *conn) {
 	if ((conn != NULL) && (conn->syn_ack_count > 1)) {
 		wmem_strbuf_append_printf(display, "%c", '_');
 		for (int i=1; i<conn->syn_ack_count; i++) {
-			long diff = timediff(&conn->syn_ack_times[i], &conn->syn_ack_times[i-1]);
-			wmem_strbuf_append_printf(display, "%" PRId64, (long long) diff); 
+			int64_t diff = timediff(&conn->syn_ack_times[i], &conn->syn_ack_times[i-1]);
+			wmem_strbuf_append_printf(display, "%" PRId64, diff);
 			if (i < (conn->syn_ack_count - 1)) {
 				wmem_strbuf_append_printf(display, "%c", '-');
 			}
 		}
 		if (!nstime_is_zero(&conn->rst_time)) {
-			long diff = timediff(&conn->rst_time, &conn->syn_ack_times[conn->syn_ack_count-1]);
-			wmem_strbuf_append_printf(display, "-R%" PRId64, (long long) diff); 
+			int64_t diff = timediff(&conn->rst_time, &conn->syn_ack_times[conn->syn_ack_count-1]);
+			wmem_strbuf_append_printf(display, "-R%" PRId64, diff);
 		}
 	}