Closed metalix2 closed 4 months ago
git bisect bad b721d8113de7c07745460d08fedf2f34b439e91e is the first bad commit commit b721d8113de7c07745460d08fedf2f34b439e91e
diff --git a/utils/etterfilter/ef_syntax.l b/utils/etterfilter/ef_syntax.l
index e93bb24e..a2eb6df1 100644
--- a/utils/etterfilter/ef_syntax.l
+++ b/utils/etterfilter/ef_syntax.l
@@ -41,7 +41,7 @@
%option noinput
OFFSET [[:alnum:]]+\.[A-Za-z]+[\.[A-Za-z]+]*
-FUNCTION [a-z_]+\([^)]+\)
+FUNCTION [a-z_]+\((.*\".*\"[^)]*)*\)
CONST [0-9]+|0x[0-9a-fA-F]+|[A-Z6]+
STRING \"([^\0"\\]*(\\.[^\0"\\]*)*)\"
IPADDR \'[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\'
@koeppea reverting this works as workaround, but I suspect it will break parsing for random function...
any idea?
@metalix2 #1245 should fix this. Can you check?
looks not fixing to me...
root@host1:~# ettercap -v
ettercap 0.8.4-rc copyright 2001-2020 Ettercap Development Team
root@host1:~# etterfilter -dddd filter.ecf
OFFSET: ip.proto
offset
CONST: UDP
condition cmp eq
? CONDITION
OFFSET: tcp.src
offset
CONST: 67
condition cmp eq
? CONDITION
OFFSET: tcp.dst
offset
CONST: 68
condition cmp eq
? CONDITION
| OR
FUNCTION: exec("touch /tmp/raw_packet.log")
. function
FUNCTION: log(DATA.data, "/tmp/raw_packet.log")
. function
FUNCTION: exit()
. function
block_add single
block_add single
block_add single
# IF BLOCK
block_add if
# IF BLOCK
block_add if
+#?+#??+-+-@@?;?;?;..!!
etterfilter 0.8.4-rc copyright 2001-2020 Ettercap Development Team
14 protocol tables loaded:
DECODED DATA udp tcp esp gre icmp ipv6 ip arp wifi fddi tr eth
13 constants loaded:
VRRP OSPF GRE UDP TCP ESP ICMP6 ICMP PPTP PPPOE IP6 IP ARP
Parsing source file 'filter.ecf' done.
Unfolding the meta-tree done.
Converting labels to real offsets done.
Writing output to 'filter.ef' done.
-> Script encoded into 9 instructions.
Seems to compile correctly now š I'll check if it works in execution.
Seems to be working as it was before. The Exit()
command doesn't seem to close the ettercap instance is that was is expected? doesn't exit on v0.8.3.1
either.
You mean as the etterfilter command?
Message ID: @.***>
You mean as the etterfilter command?
this function causes the filter engine to stop executing the code. It is useful to stop the execution of the script on some circumstance checked by an 'if' statement.
Oh I see now it exits the expectation of the filter. So a bit like disabling a filter during the ettercap process?
Ah ok. I actually never used the exit function in a filter. So does the exit function work now again as before also or not?
So the question if we can close this issue or if I have to revisit the exit function.
Yeah it works, I finally under stand it's purpose it acts as a return/exit
in the filter script. š
It works.
ok I was missing the ";" at the end of the function :)
Hello š I've been playing around with filters and discovered on the latest branch etterfilters don't behave properly. The
drop
,kill
andexit
commands all fail to compile. The debug doesn't really share much. It works as expected on the previous release 0.8.3.1. I recompiled on the same host and tried another host. Issue seems to be on the latest branch.Debug
latest 0.8.4-rc
Previous Release