Index: configure.in =================================================================== RCS file: /cvsroot/ettercap/ettercap_ng/configure.in,v retrieving revision 1.134 diff -u -p -u -p -r1.134 configure.in --- configure.in 5 Nov 2004 10:00:57 -0000 1.134 +++ configure.in 6 Aug 2005 01:31:53 -0000 @@ -875,7 +875,8 @@ AC_CONFIG_FILES( Makefile plug-ins/search_promisc/Makefile plug-ins/smb_clear/Makefile plug-ins/smb_down/Makefile - plug-ins/stp_mangler/Makefile) + plug-ins/stp_mangler/Makefile + plug-ins/ttl_watch/Makefile) AC_OUTPUT Index: plug-ins/Makefile.am =================================================================== RCS file: /cvsroot/ettercap/ettercap_ng/plug-ins/Makefile.am,v retrieving revision 1.28 diff -u -p -u -p -r1.28 Makefile.am --- plug-ins/Makefile.am 25 Oct 2004 21:26:33 -0000 1.28 +++ plug-ins/Makefile.am 6 Aug 2005 01:31:53 -0000 @@ -30,6 +30,7 @@ SUBDIRS = arp_cop \ search_promisc \ smb_clear \ smb_down \ - stp_mangler + stp_mangler \ + ttl_watch # vim:ts=4:noexpandtab diff -uNr /tmp/empty/Makefile.am plug-ins/ttl_watch/Makefile.am --- /tmp/empty/Makefile.am 1969-12-31 16:00:00.000000000 -0800 +++ plug-ins/ttl_watch/Makefile.am 2005-08-05 18:09:41.695572262 -0700 @@ -0,0 +1,18 @@ + +# $Id: Makefile.am,v 1.9 2004/01/03 11:07:42 alor Exp $ + +include $(top_srcdir)/Makefile.am.common + +pkglib_LTLIBRARIES = ec_ttl_watch.la + +ec_ttl_watch_la_CFLAGS = @PL_CFLAGS@ + +ec_ttl_watch_la_SOURCES = ttl_watch.c + +ec_ttl_watch_la_LDFLAGS = @PL_LDFLAGS@ -module -avoid-version + +LIBS = +ec_ttl_watch_la_LIBS = + +# vim:ts=4:noexpandtab + diff -uNr /tmp/empty/ttl_watch.c plug-ins/ttl_watch/ttl_watch.c --- /tmp/empty/ttl_watch.c 1969-12-31 16:00:00.000000000 -0800 +++ plug-ins/ttl_watch/ttl_watch.c 2005-08-05 18:37:37.420885664 -0700 @@ -0,0 +1,151 @@ +/* + ttl_watch -- ettercap plugin -- tracks TTLs for every connection + + Copyright (C) 2005 Kees Cook + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + +*/ + + +#include /* required for global variables */ +#include /* required for plugin ops */ +#include +#include + +#include +#include + +/* prototypes is required for -Wmissing-prototypes */ + +/* + * this function must be present. + * it is the entry point of the plugin + */ +int plugin_load(void *); + +/* additional functions */ +static int ttl_watch_init(void *); +static int ttl_watch_fini(void *); + +/* workers */ +static void find_ttl(struct packet_object *po); + +/* structures */ +static unsigned int ttl[256]; + +/* plugin operations */ + +struct plugin_ops ttl_watch_ops = { + /* ettercap version MUST be the global EC_VERSION */ + ettercap_version: EC_VERSION, + /* the name of the plugin */ + name: "ttl_watch", + /* a short description of the plugin (max 50 chars) */ + info: "Counts TTLs seen on the wire", + /* the plugin version. */ + version: "1.0", + /* activation function */ + init: &ttl_watch_init, + /* deactivation function */ + fini: &ttl_watch_fini, +}; + +/**********************************************************/ + +/* this function is called on plugin load */ +int plugin_load(void *handle) +{ + DEBUG_MSG("ttl_watch plugin load function"); + /* + * in this fuction we MUST call the registration procedure that will set + * up the plugin according to the plugin_ops structure. + * the returned value MUST be the same as plugin_register() + * the opaque pointer params MUST be passed to plugin_register() + */ + return plugin_register(handle, &ttl_watch_ops); +} + +/*********************************************************/ + +static int ttl_watch_init(void *ttl_watch) +{ + /* the control is given to this function + * and ettercap is suspended until its return. + * + * you can create a thread and return immediately + * and then kill it in the fini function. + * + * you can also set an hook point with + * hook_add(), in this case you have to set the + * plugin type to PL_HOOK. + */ + int i; + + for (i=0;i<256;i++) { + ttl[i]=0; + } + + hook_add(HOOK_PACKET_IP, &find_ttl); + + USER_MSG("TTL_WATCH: plugin running...\n"); + + /* return PLUGIN_FINISHED if the plugin has terminated + * its execution. + * return PLUGIN_RUNNING if it has spawned a thread or it + * is hooked to an ettercap hookpoint and + * it needs to be deactivated with the fini method. + */ + return PLUGIN_RUNNING; +} + + +static int ttl_watch_fini(void *ttl_watch) +{ + /* + * called to terminate a plugin. + * usually to kill threads created in the + * init function or to remove hook added + * previously. + */ + hook_del(HOOK_PACKET_IP, &find_ttl); + + USER_MSG("TTL_WATCH: plugin finalization\n"); + return PLUGIN_FINISHED; +} + +static void find_ttl(struct packet_object *po) +{ + int i; + + if (!po) return; + + // add our TTL + ttl[po->L3.ttl]++; + + USER_MSG("TTL: "); + for (i=0;i<256;i++) { + if (ttl[i]>0) { + USER_MSG("%d:%d ",i,ttl[i]); + } + } + USER_MSG("\n"); +} + + +/* EOF */ + +// vim:ts=3:expandtab +