ReactOS 0.4.16-dev-477-g6ada597
fuzz_common.c File Reference
#include "fuzz_common.h"
#include "lwip/altcp_tcp.h"
#include "lwip/dns.h"
#include "lwip/init.h"
#include "lwip/netif.h"
#include "lwip/sys.h"
#include "lwip/timeouts.h"
#include "lwip/udp.h"
#include "netif/etharp.h"
#include "lwip/apps/httpd.h"
#include "lwip/apps/snmp.h"
#include "lwip/apps/lwiperf.h"
#include "lwip/apps/mdns.h"
#include <string.h>
#include <stdio.h>
Include dependency graph for fuzz_common.c:

Go to the source code of this file.

Macros

#define FUZZ_DEBUG   LWIP_DBG_OFF
 
#define FUZZ_DUMP_PCAP   0
 
#define pcap_dump_rx_packet(p)
 
#define pcap_dump_tx_packet(p)
 
#define pcap_dump_init()
 
#define pcap_dump_stop()
 

Functions

static err_t lwip_tx_func (struct netif *netif, struct pbuf *p)
 
static err_t testif_init (struct netif *netif)
 
static void input_pkt (struct netif *netif, const u8_t *data, size_t len)
 
static void input_pkts (enum lwip_fuzz_type type, struct netif *netif, const u8_t *data, size_t len)
 
int lwip_fuzztest (int argc, char **argv, enum lwip_fuzz_type type, u32_t test_apps)
 

Variables

static u8_t pktbuf [200000]
 
static const u8_tremfuzz_ptr
 
static size_t remfuzz_len
 

Macro Definition Documentation

◆ FUZZ_DEBUG

#define FUZZ_DEBUG   LWIP_DBG_OFF

Definition at line 62 of file fuzz_common.c.

◆ FUZZ_DUMP_PCAP

#define FUZZ_DUMP_PCAP   0

Set this to 1 and define FUZZ_DUMP_PCAP_FILE to dump tx and rx packets into a pcap file. At the same time, packet info is written via LWIP_DEBUGF so packets can be matched to other events for debugging them.

Definition at line 75 of file fuzz_common.c.

◆ pcap_dump_init

#define pcap_dump_init ( )

Definition at line 151 of file fuzz_common.c.

◆ pcap_dump_rx_packet

#define pcap_dump_rx_packet (   p)

Definition at line 149 of file fuzz_common.c.

◆ pcap_dump_stop

#define pcap_dump_stop ( )

Definition at line 152 of file fuzz_common.c.

◆ pcap_dump_tx_packet

#define pcap_dump_tx_packet (   p)

Definition at line 150 of file fuzz_common.c.

Function Documentation

◆ input_pkt()

static void input_pkt ( struct netif netif,
const u8_t data,
size_t  len 
)
static

Definition at line 190 of file fuzz_common.c.

191{
192 struct pbuf *p, *q;
193 err_t err;
194
195 if (len > 0xFFFF) {
196 printf("pkt too big (%#zX bytes)\n", len);
197 return;
198 }
199
201 LWIP_ASSERT("alloc failed", p);
202 for(q = p; q != NULL; q = q->next) {
203 MEMCPY(q->payload, data, q->len);
204 data += q->len;
205 }
206 remfuzz_ptr += len;
207 remfuzz_len -= len;
209 err = netif->input(p, netif);
210 if (err != ERR_OK) {
211 pbuf_free(p);
212 }
213}
#define NULL
Definition: types.h:112
#define LWIP_ASSERT(message, assertion)
Definition: debug.h:116
#define printf
Definition: freeldr.h:97
#define pcap_dump_rx_packet(p)
Definition: fuzz_common.c:149
static size_t remfuzz_len
Definition: fuzz_common.c:59
static const u8_t * remfuzz_ptr
Definition: fuzz_common.c:58
GLint GLenum GLsizei GLsizei GLsizei GLint GLsizei const GLvoid * data
Definition: gl.h:1950
GLdouble GLdouble GLdouble GLdouble q
Definition: gl.h:2063
GLfloat GLfloat p
Definition: glext.h:8902
GLenum GLsizei len
Definition: glext.h:6722
uint16_t u16_t
Definition: arch.h:127
s8_t err_t
Definition: err.h:96
@ ERR_OK
Definition: err.h:55
struct pbuf * pbuf_alloc(pbuf_layer layer, u16_t length, pbuf_type type)
Definition: pbuf.c:224
u8_t pbuf_free(struct pbuf *p)
Definition: pbuf.c:727
@ PBUF_POOL
Definition: pbuf.h:167
@ PBUF_RAW
Definition: pbuf.h:111
#define MEMCPY(DST, SRC, BYTES)
Definition: macros.h:231
#define err(...)
struct define * next
Definition: compiler.c:65
Definition: netif.h:269
netif_input_fn input
Definition: netif.h:297
Definition: pbuf.h:186

Referenced by input_pkts().

◆ input_pkts()

static void input_pkts ( enum lwip_fuzz_type  type,
struct netif netif,
const u8_t data,
size_t  len 
)
static

Definition at line 215 of file fuzz_common.c.

216{
219
220 if (type == LWIP_FUZZ_SINGLE) {
222 } else {
223 const u16_t max_packet_size = 1514;
224 const size_t minlen = sizeof(u16_t) + (type == LWIP_FUZZ_MULTIPACKET_TIME ? sizeof(u32_t) : 0);
225
226 while (remfuzz_len > minlen) {
227 u16_t frame_len;
228#ifdef LWIP_FUZZ_SYS_NOW
229 u32_t external_delay = 0;
230#endif
232#ifdef LWIP_FUZZ_SYS_NOW
233 /* Extract external delay time from fuzz pool */
234 memcpy(&external_delay, remfuzz_ptr, sizeof(u32_t));
235 external_delay = ntohl(external_delay);
236#endif
237 remfuzz_ptr += sizeof(u32_t);
238 remfuzz_len -= sizeof(u32_t);
239 }
240 memcpy(&frame_len, remfuzz_ptr, sizeof(u16_t));
241 remfuzz_ptr += sizeof(u16_t);
242 remfuzz_len -= sizeof(u16_t);
243 frame_len = ntohs(frame_len) & 0x7FF;
244 frame_len = LWIP_MIN(frame_len, max_packet_size);
245 if (frame_len > remfuzz_len) {
246 frame_len = (u16_t)remfuzz_len;
247 }
248 if (frame_len != 0) {
250#ifdef LWIP_FUZZ_SYS_NOW
251 /* Update total external delay time, and check timeouts */
252 sys_now_offset += external_delay;
253 LWIP_DEBUGF(FUZZ_DEBUG, ("fuzz: sys_now_offset += %u -> %u\n", external_delay, sys_now_offset));
254#endif
255 sys_check_timeouts();
256 }
257 input_pkt(netif, remfuzz_ptr, frame_len);
258 /* Check timeouts again */
259 sys_check_timeouts();
260 }
261 }
262 }
263}
#define LWIP_MIN(x, y)
Definition: def.h:66
#define LWIP_DEBUGF(debug, message)
Definition: debug.h:158
#define FUZZ_DEBUG
Definition: fuzz_common.c:62
static void input_pkt(struct netif *netif, const u8_t *data, size_t len)
Definition: fuzz_common.c:190
@ LWIP_FUZZ_SINGLE
Definition: fuzz_common.h:43
@ LWIP_FUZZ_MULTIPACKET_TIME
Definition: fuzz_common.h:45
GLuint GLuint GLsizei GLenum type
Definition: gl.h:1545
uint32_t u32_t
Definition: arch.h:129
#define memcpy(s1, s2, n)
Definition: mkisofs.h:878
#define ntohl(x)
Definition: module.h:205
#define ntohs(x)
Definition: module.h:210

Referenced by lwip_fuzztest().

◆ lwip_fuzztest()

int lwip_fuzztest ( int  argc,
char **  argv,
enum lwip_fuzz_type  type,
u32_t  test_apps 
)

Definition at line 576 of file fuzz_common.c.

577{
578 struct netif net_test;
579 ip4_addr_t addr;
580 ip4_addr_t netmask;
581 ip4_addr_t gw;
582 size_t len;
583 err_t err;
584 ip_addr_t remote_addr; /* a IPv4 addr of the destination */
585 struct eth_addr remote_mac = ETH_ADDR(0x28, 0x00, 0x00, 0x22, 0x2b, 0x38); /* a MAC addr of the destination */
586
588 lwip_init();
589
590 IP4_ADDR(&addr, 172, 30, 115, 84);
591 IP4_ADDR(&netmask, 255, 255, 255, 0);
592 IP4_ADDR(&gw, 172, 30, 115, 1);
593
594 netif_add(&net_test, &addr, &netmask, &gw, &net_test, testif_init, ethernet_input);
597
598 if (test_apps & LWIP_FUZZ_STATICARP) {
599 /* Add the ARP entry */
600 IP_ADDR4(&remote_addr, 172, 30, 115, 37);
601 etharp_add_static_entry(&(remote_addr.u_addr.ip4), &remote_mac);
602 }
603
604#if LWIP_IPV6
605 nd6_tmr(); /* tick nd to join multicast groups */
606#endif
607 dns_setserver(0, &net_test.gw);
608
609 if (test_apps & LWIP_FUZZ_DEFAULT) {
610 /* initialize apps */
611 httpd_init();
613 mdns_resp_init();
614 mdns_resp_add_netif(&net_test, "hostname");
615 snmp_init();
616 }
617 if (test_apps & LWIP_FUZZ_TCP_CLIENT) {
618 tcp_client_pcb = altcp_tcp_new_ip_type(IPADDR_TYPE_ANY);
619 LWIP_ASSERT("Error: altcp_new() failed", tcp_client_pcb != NULL);
620 tcp_remote_port = 80;
621 err = altcp_connect(tcp_client_pcb, &remote_addr, tcp_remote_port, tcp_client_connected);
622 LWIP_ASSERT("Error: altcp_connect() failed", err == ERR_OK);
623 altcp_recv(tcp_client_pcb, tcp_client_recv);
624 altcp_err(tcp_client_pcb, tcp_client_err);
625 altcp_poll(tcp_client_pcb, tcp_client_poll, 10);
626 altcp_sent(tcp_client_pcb, tcp_client_sent);
627 }
628 if (test_apps & LWIP_FUZZ_TCP_SERVER) {
629 tcp_server_pcb = altcp_tcp_new_ip_type(IPADDR_TYPE_ANY);
630 LWIP_ASSERT("Error: altcp_new() failed", tcp_server_pcb != NULL);
631 altcp_setprio(tcp_server_pcb, TCP_PRIO_MIN);
632 tcp_local_port = 80;
633 err = altcp_bind(tcp_server_pcb, IP_ANY_TYPE, tcp_local_port);
634 LWIP_ASSERT("Error: altcp_bind() failed", err == ERR_OK);
635 tcp_server_pcb = altcp_listen(tcp_server_pcb);
636 LWIP_ASSERT("Error: altcp_listen() failed", err == ERR_OK);
637 altcp_accept(tcp_server_pcb, tcp_server_accept);
638 }
639 if (test_apps & LWIP_FUZZ_UDP_CLIENT) {
640 udp_client_pcb = udp_new();
641 udp_new_ip_type(IPADDR_TYPE_ANY);
642 udp_recv(udp_client_pcb, udp_client_recv, NULL);
643 udp_remote_port = 161;
644 udp_connect(udp_client_pcb, &remote_addr, udp_remote_port);
645 }
646 if (test_apps & LWIP_FUZZ_UDP_SERVER) {
647 udp_server_pcb = udp_new();
648 udp_new_ip_type(IPADDR_TYPE_ANY);
649 udp_local_port = 161;
650 udp_bind(udp_server_pcb, IP_ANY_TYPE, udp_local_port);
651 udp_recv(udp_server_pcb, udp_server_recv, NULL);
652 }
653
654 if(argc > 1) {
655 FILE* f;
656 const char* filename;
657 printf("reading input from file... ");
658 fflush(stdout);
659 filename = argv[1];
660 LWIP_ASSERT("invalid filename", filename != NULL);
661 f = fopen(filename, "rb");
662 LWIP_ASSERT("open failed", f != NULL);
663 len = fread(pktbuf, 1, sizeof(pktbuf), f);
664 fclose(f);
665 printf("testing file: \"%s\"...\r\n", filename);
666 } else {
667 len = fread(pktbuf, 1, sizeof(pktbuf), stdin);
668 }
670
672 return 0;
673}
static int argc
Definition: ServiceArgs.c:12
#define altcp_accept
Definition: altcp.h:169
#define altcp_connect
Definition: altcp.h:177
#define altcp_poll
Definition: altcp.h:172
#define altcp_sent
Definition: altcp.h:171
#define altcp_listen
Definition: altcp.h:181
#define altcp_setprio
Definition: altcp.h:196
#define altcp_err
Definition: altcp.h:173
#define altcp_recv
Definition: altcp.h:170
#define altcp_tcp_new_ip_type
Definition: altcp.h:160
#define altcp_bind
Definition: altcp.h:176
void httpd_init(void)
static u8_t pktbuf[200000]
Definition: fuzz_common.c:57
static void input_pkts(enum lwip_fuzz_type type, struct netif *netif, const u8_t *data, size_t len)
Definition: fuzz_common.c:215
#define pcap_dump_stop()
Definition: fuzz_common.c:152
static err_t testif_init(struct netif *netif)
Definition: fuzz_common.c:164
#define pcap_dump_init()
Definition: fuzz_common.c:151
#define LWIP_FUZZ_UDP_CLIENT
Definition: fuzz_common.h:54
#define LWIP_FUZZ_UDP_SERVER
Definition: fuzz_common.h:53
#define LWIP_FUZZ_DEFAULT
Definition: fuzz_common.h:49
#define LWIP_FUZZ_STATICARP
Definition: fuzz_common.h:50
#define LWIP_FUZZ_TCP_CLIENT
Definition: fuzz_common.h:52
#define LWIP_FUZZ_TCP_SERVER
Definition: fuzz_common.h:51
GLfloat f
Definition: glext.h:7540
GLenum const GLvoid * addr
Definition: glext.h:9621
#define IP_ANY_TYPE
Definition: ip_addr.h:461
@ IPADDR_TYPE_ANY
Definition: ip_addr.h:60
void lwip_init(void)
Definition: init.c:339
struct netif * netif_add(struct netif *netif, void *state, netif_init_fn init, netif_input_fn input)
Definition: netif.c:287
void netif_set_link_up(struct netif *netif)
Definition: netif.c:1018
void netif_set_up(struct netif *netif)
Definition: netif.c:871
#define stdout
Definition: stdio.h:99
_Check_return_opt_ _CRTIMP int __cdecl fflush(_Inout_opt_ FILE *_File)
_Check_return_opt_ _CRTIMP size_t __cdecl fread(_Out_writes_bytes_(_ElementSize *_Count) void *_DstBuf, _In_ size_t _ElementSize, _In_ size_t _Count, _Inout_ FILE *_File)
_Check_return_ _CRTIMP FILE *__cdecl fopen(_In_z_ const char *_Filename, _In_z_ const char *_Mode)
#define stdin
Definition: stdio.h:98
_Check_return_opt_ _CRTIMP int __cdecl fclose(_Inout_ FILE *_File)
const char * filename
Definition: ioapi.h:137
ip6_addr_t ip_addr_t
Definition: ip_addr.h:344
#define f
Definition: ke_i.h:83
#define ETH_ADDR(b0, b1, b2, b3, b4, b5)
Definition: ethernet.h:69
void * lwiperf_start_tcp_server_default(lwiperf_report_fn report_fn, void *report_arg)
#define argv
Definition: mplay32.c:18
static struct netif net_test
Definition: test_netif.c:12

Referenced by main().

◆ lwip_tx_func()

static err_t lwip_tx_func ( struct netif netif,
struct pbuf p 
)
static

Definition at line 156 of file fuzz_common.c.

157{
161 return ERR_OK;
162}
#define pcap_dump_tx_packet(p)
Definition: fuzz_common.c:150
#define LWIP_UNUSED_ARG(x)
Definition: arch.h:373

Referenced by testif_init().

◆ testif_init()

static err_t testif_init ( struct netif netif)
static

Definition at line 164 of file fuzz_common.c.

165{
166 netif->name[0] = 'f';
167 netif->name[1] = 'z';
168 netif->output = etharp_output;
170 netif->mtu = 1500;
171 netif->hwaddr_len = 6;
173
174 netif->hwaddr[0] = 0x00;
175 netif->hwaddr[1] = 0x23;
176 netif->hwaddr[2] = 0xC1;
177 netif->hwaddr[3] = 0xDE;
178 netif->hwaddr[4] = 0xD0;
179 netif->hwaddr[5] = 0x0D;
180
181#if LWIP_IPV6
182 netif->output_ip6 = ethip6_output;
183 netif_create_ip6_linklocal_address(netif, 1);
185#endif
186
187 return ERR_OK;
188}
static err_t lwip_tx_func(struct netif *netif, struct pbuf *p)
Definition: fuzz_common.c:156
#define NETIF_FLAG_ETHARP
Definition: netif.h:97
#define NETIF_FLAG_MLD6
Definition: netif.h:107
#define NETIF_FLAG_IGMP
Definition: netif.h:104
#define NETIF_FLAG_BROADCAST
Definition: netif.h:87
u8_t flags
Definition: netif.h:354
char name[2]
Definition: netif.h:356
u8_t hwaddr[NETIF_MAX_HWADDR_LEN]
Definition: netif.h:350
u16_t mtu
Definition: netif.h:344
netif_linkoutput_fn linkoutput
Definition: netif.h:308
u8_t hwaddr_len
Definition: netif.h:352

Referenced by lwip_fuzztest().

Variable Documentation

◆ pktbuf

u8_t pktbuf[200000]
static

Definition at line 57 of file fuzz_common.c.

Referenced by lwip_fuzztest(), and test_ip_pktinfo().

◆ remfuzz_len

size_t remfuzz_len
static

Definition at line 59 of file fuzz_common.c.

Referenced by input_pkt(), and input_pkts().

◆ remfuzz_ptr

const u8_t* remfuzz_ptr
static

Definition at line 58 of file fuzz_common.c.

Referenced by input_pkt(), and input_pkts().