LocutusOfBorg
commented
5 months ago git bisect bad b721d8113de7c07745460d08fedf2f34b439e91e is the first bad commit commit b721d8113de7c07745460d08fedf2f34b439e91e
Closed metalix2 closed 4 months ago
LocutusOfBorg
commented
5 months ago git bisect bad b721d8113de7c07745460d08fedf2f34b439e91e is the first bad commit commit b721d8113de7c07745460d08fedf2f34b439e91e
LocutusOfBorg
commented
5 months ago diff --git a/utils/etterfilter/ef_syntax.l b/utils/etterfilter/ef_syntax.l
index e93bb24e..a2eb6df1 100644
--- a/utils/etterfilter/ef_syntax.l
+++ b/utils/etterfilter/ef_syntax.l
@@ -41,7 +41,7 @@
%option noinput
OFFSET [[:alnum:]]+\.[A-Za-z]+[\.[A-Za-z]+]*
-FUNCTION [a-z_]+\([^)]+\)
+FUNCTION [a-z_]+\((.*\".*\"[^)]*)*\)
CONST [0-9]+|0x[0-9a-fA-F]+|[A-Z6]+
STRING \"([^\0"\\]*(\\.[^\0"\\]*)*)\"
IPADDR \'[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\'@koeppea reverting this works as workaround, but I suspect it will break parsing for random function...
LocutusOfBorg
commented
5 months ago any idea?
koeppea
commented
5 months ago @metalix2 #1245 should fix this. Can you check?
LocutusOfBorg
commented
5 months ago looks not fixing to me...
metalix2
commented
5 months ago root@host1:~# ettercap -v
ettercap 0.8.4-rc copyright 2001-2020 Ettercap Development Team
root@host1:~# etterfilter -dddd filter.ecf
OFFSET: ip.proto
offset
CONST: UDP
condition cmp eq
? CONDITION
OFFSET: tcp.src
offset
CONST: 67
condition cmp eq
? CONDITION
OFFSET: tcp.dst
offset
CONST: 68
condition cmp eq
? CONDITION
| OR
FUNCTION: exec("touch /tmp/raw_packet.log")
. function
FUNCTION: log(DATA.data, "/tmp/raw_packet.log")
. function
FUNCTION: exit()
. function
block_add single
block_add single
block_add single
# IF BLOCK
block_add if
# IF BLOCK
block_add if
+#?+#??+-+-@@?;?;?;..!!
etterfilter 0.8.4-rc copyright 2001-2020 Ettercap Development Team
14 protocol tables loaded:
DECODED DATA udp tcp esp gre icmp ipv6 ip arp wifi fddi tr eth
13 constants loaded:
VRRP OSPF GRE UDP TCP ESP ICMP6 ICMP PPTP PPPOE IP6 IP ARP
Parsing source file 'filter.ecf' done.
Unfolding the meta-tree done.
Converting labels to real offsets done.
Writing output to 'filter.ef' done.
-> Script encoded into 9 instructions.
Seems to compile correctly now š I'll check if it works in execution.
metalix2
commented
5 months ago Seems to be working as it was before. The Exit() command doesn't seem to close the ettercap instance is that was is expected? doesn't exit on v0.8.3.1 either.
koeppea
commented
5 months ago You mean as the etterfilter command?
Message ID: @.***>
metalix2
commented
4 months ago You mean as the etterfilter command?
this function causes the filter engine to stop executing the code. It is useful to stop the execution of the script on some circumstance checked by an 'if' statement.
Oh I see now it exits the expectation of the filter. So a bit like disabling a filter during the ettercap process?
koeppea
commented
4 months ago Ah ok. I actually never used the exit function in a filter. So does the exit function work now again as before also or not?
So the question if we can close this issue or if I have to revisit the exit function.
metalix2
commented
4 months ago Yeah it works, I finally under stand it's purpose it acts as a return/exit in the filter script. š
It works.
LocutusOfBorg
commented
4 months ago ok I was missing the ";" at the end of the function :)
Hello š I've been playing around with filters and discovered on the latest branch etterfilters don't behave properly. The
drop,killandexitcommands all fail to compile. The debug doesn't really share much. It works as expected on the previous release 0.8.3.1. I recompiled on the same host and tried another host. Issue seems to be on the latest branch.Debug
latest 0.8.4-rc
Previous Release