search

Ettercap / ettercap

Ettercap Project
http://www.ettercap-project.org
GNU General Public License v2.0
2.32k stars 488 forks source link

Missing IPv4 Flag values in ettercap-0.8.2 #705

Closed dogbert2 closed 9 years ago

dogbert2 commented 9 years ago

Hello All,

In reviewing source code in ettercap, I found in directory

'src/interfaces/text', file 'ec_text_display.c', there are three missing flag values, URG (for URGENT), ECE (for Explicit Congestion Notification Echo), and CWR (Congestion Window Reduced) where the other five flags are already defined.

Additionally, the array for flags has been increased from 8 to 10 to acommodate the new flag values, plus the string is actually null terminated in the final step.

The patch file below should address/correct this issue:

--- ec_text_display.c.orig      2015-09-13 11:35:53.592000000 -0700
+++ ec_text_display.c   2015-09-13 16:08:25.580000000 -0700
@@ -83,7 +83,7 @@

    char tmp1[MAX_ASCII_ADDR_LEN];
    char tmp2[MAX_ASCII_ADDR_LEN];
-   char flags[8];
+   char flags[10];
    char *p = flags;
    char proto[5];

@@ -106,6 +106,10 @@
    if (po->L4.flags & TH_RST) *p++ = 'R';
    if (po->L4.flags & TH_ACK) *p++ = 'A';
    if (po->L4.flags & TH_PSH) *p++ = 'P';
+   if (po->L4.flags & TH_URG) *p++ = 'U';
+   if (po->L4.flags & TH_ECE) *p++ = 'E'; /* rfc 2481/3168 */
+   if (po->L4.flags & TH_CWR) *p++ = 'C'; /* rfc 2481/3168 */
+   *p++ = '\0';

    /* determine the proto */
    switch(po->L4.proto) {


In reviewing source code in ettercap-0.8.2, I found in directory

'include', file 'ec_proto.h', that two TCP flags are missing (Explicit Congestion Notification Echo and Congestion Window Reduced (per RFC 2481/3168).

The patch file below adds the additonal flags:

--- ec_proto.h.orig     2015-09-13 15:42:00.298000000 -0700
+++ ec_proto.h  2015-09-13 15:45:46.766000000 -0700
@@ -73,6 +73,8 @@
    TH_PSH = 0x08,
    TH_ACK = 0x10,
    TH_URG = 0x20,
+   TH_ECE = 0x40, /* rfc 2481/3168 */
+   TH_CWR = 0x80  /* rfc 2481/3168 */
 };

 /* ICMP types */

In reviewing source code in ettercap-0.8.2, I found in directory

'src/protocols', file 'ec_tcp.c', that tcp TCP flags are missing (Explicit Congestion Notification Echo and Congestion Window Reduced (per RFC 2481/3168).

The patch file below adds the additonal flags:

--- ec_tcp.c.orig       2015-09-13 15:49:51.506000000 -0700
+++ ec_tcp.c    2015-09-13 15:51:59.761000000 -0700
@@ -49,6 +49,8 @@
 #define TH_PSH  0x08
 #define TH_ACK  0x10
 #define TH_URG  0x20
+#define TH_ECE  0x40    /* rfc 2481/3168 */
+#define TH_CWR  0x80    /* rfc 2481/3168 */
    u_int16  win;        /* window */
    u_int16  csum;       /* checksum */
    u_int16  urp;        /* urgent pointer */

Bill Parker (wp02855 at gmail dot com)

LocutusOfBorg commented 9 years ago

Added in #703 thanks!