ReactOS 0.4.16-dev-340-g0540c21
fuzz_common.c
Go to the documentation of this file.
1/*
2 * Copyright (c) 2001-2003 Swedish Institute of Computer Science.
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without modification,
6 * are permitted provided that the following conditions are met:
7 *
8 * 1. Redistributions of source code must retain the above copyright notice,
9 * this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright notice,
11 * this list of conditions and the following disclaimer in the documentation
12 * and/or other materials provided with the distribution.
13 * 3. The name of the author may not be used to endorse or promote products
14 * derived from this software without specific prior written permission.
15 *
16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
17 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
18 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
19 * SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
20 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
21 * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
22 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
23 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
24 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
25 * OF SUCH DAMAGE.
26 *
27 * This file is part of the lwIP TCP/IP stack.
28 *
29 * Author: Erik Ekman <erik@kryo.se>
30 * Simon Goldschmidt <goldsimon@gmx.de>
31 *
32 */
33
34#include "fuzz_common.h"
35
36#include "lwip/altcp_tcp.h"
37#include "lwip/dns.h"
38#include "lwip/init.h"
39#include "lwip/netif.h"
40#include "lwip/sys.h"
41#include "lwip/timeouts.h"
42#include "lwip/udp.h"
43#include "netif/etharp.h"
44#if LWIP_IPV6
45#include "lwip/ethip6.h"
46#include "lwip/nd6.h"
47#endif
48
49#include "lwip/apps/httpd.h"
50#include "lwip/apps/snmp.h"
51#include "lwip/apps/lwiperf.h"
52#include "lwip/apps/mdns.h"
53
54#include <string.h>
55#include <stdio.h>
56
57static u8_t pktbuf[200000];
58static const u8_t *remfuzz_ptr; /* remaining fuzz pointer */
59static size_t remfuzz_len; /* remaining fuzz length */
60
61#ifndef FUZZ_DEBUG
62#define FUZZ_DEBUG LWIP_DBG_OFF
63#endif
64
65#ifdef LWIP_FUZZ_SYS_NOW
66/* This offset should be added to the time 'sys_now()' returns */
67u32_t sys_now_offset;
68#endif
69
74#ifndef FUZZ_DUMP_PCAP
75#define FUZZ_DUMP_PCAP 0
76#endif
77
78#if FUZZ_DUMP_PCAP
79const u8_t pcap_file_header[24] = {
80 0xd4, 0xc3, 0xb2, 0xa1, 0x02, 0x00, 0x04, 0x00,
81 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
82 0x00, 0x00, 0x04, 0x00, 0x01, 0x00, 0x00, 0x00
83};
84
85static FILE* fpcap;
86static u32_t pcap_packet;
87
88static void pcap_dump_init(void)
89{
90 fpcap = fopen(FUZZ_DUMP_PCAP_FILE, "wb");
91 if (fpcap != NULL) {
92 /* write header */
93 fwrite(pcap_file_header, 1, sizeof(pcap_file_header), fpcap);
94 }
95}
96
97/* This function might have to be called from LWIP_PLATFORM_ASSERT()
98 * in order to produce correct pcap results on crash.
99 * Define this global so that for a test, we can call this from anywhere...
100 */
101void pcap_dump_stop(void);
102void pcap_dump_stop(void)
103{
104 if (fpcap != NULL) {
105 fclose(fpcap);
106 fpcap = NULL;
107 }
108}
109
110static void pcap_dump_packet(struct pbuf *p, int is_tx)
111{
112 if (fpcap != NULL) {
113 struct pbuf *q;
114 u32_t data;
115 pcap_packet++;
116 if (is_tx) {
117 LWIP_DEBUGF(FUZZ_DEBUG, ("> %d fuzz: netif: send %u bytes\n", pcap_packet, p->tot_len));
118 } else {
119 LWIP_DEBUGF(FUZZ_DEBUG, ("< %d fuzz: RX packet of %u bytes\n", pcap_packet, p->tot_len));
120 if (pcap_packet == 50 || pcap_packet == 33 || pcap_packet == 29) {
121 pcap_packet++;
122 pcap_packet--;
123 }
124 }
125 /* write packet header */
126 fwrite(&pcap_packet, 1, sizeof(pcap_packet), fpcap);
127 data = 0;
128 fwrite(&data, 1, sizeof(data), fpcap);
129 data = p->tot_len;
130 fwrite(&data, 1, sizeof(data), fpcap);
131 fwrite(&data, 1, sizeof(data), fpcap);
132 /* write packet data */
133 for(q = p; q != NULL; q = q->next) {
134 fwrite(q->payload, 1, q->len, fpcap);
135 }
136 }
137}
138
139static void pcap_dump_rx_packet(struct pbuf *p)
140{
141 pcap_dump_packet(p, 0);
142}
143
144static void pcap_dump_tx_packet(struct pbuf *p)
145{
146 pcap_dump_packet(p, 1);
147}
148#else /* FUZZ_DUMP_PCAP */
149#define pcap_dump_rx_packet(p)
150#define pcap_dump_tx_packet(p)
151#define pcap_dump_init()
152#define pcap_dump_stop()
153#endif /* FUZZ_DUMP_PCAP */
154
155/* no-op send function */
156static err_t lwip_tx_func(struct netif *netif, struct pbuf *p)
157{
161 return ERR_OK;
162}
163
165{
166 netif->name[0] = 'f';
167 netif->name[1] = 'z';
168 netif->output = etharp_output;
170 netif->mtu = 1500;
171 netif->hwaddr_len = 6;
173
174 netif->hwaddr[0] = 0x00;
175 netif->hwaddr[1] = 0x23;
176 netif->hwaddr[2] = 0xC1;
177 netif->hwaddr[3] = 0xDE;
178 netif->hwaddr[4] = 0xD0;
179 netif->hwaddr[5] = 0x0D;
180
181#if LWIP_IPV6
182 netif->output_ip6 = ethip6_output;
183 netif_create_ip6_linklocal_address(netif, 1);
185#endif
186
187 return ERR_OK;
188}
189
190static void input_pkt(struct netif *netif, const u8_t *data, size_t len)
191{
192 struct pbuf *p, *q;
193 err_t err;
194
195 if (len > 0xFFFF) {
196 printf("pkt too big (%#zX bytes)\n", len);
197 return;
198 }
199
201 LWIP_ASSERT("alloc failed", p);
202 for(q = p; q != NULL; q = q->next) {
203 MEMCPY(q->payload, data, q->len);
204 data += q->len;
205 }
206 remfuzz_ptr += len;
207 remfuzz_len -= len;
209 err = netif->input(p, netif);
210 if (err != ERR_OK) {
211 pbuf_free(p);
212 }
213}
214
215static void input_pkts(enum lwip_fuzz_type type, struct netif *netif, const u8_t *data, size_t len)
216{
219
220 if (type == LWIP_FUZZ_SINGLE) {
222 } else {
223 const u16_t max_packet_size = 1514;
224 const size_t minlen = sizeof(u16_t) + (type == LWIP_FUZZ_MULTIPACKET_TIME ? sizeof(u32_t) : 0);
225
226 while (remfuzz_len > minlen) {
227 u16_t frame_len;
228#ifdef LWIP_FUZZ_SYS_NOW
229 u32_t external_delay = 0;
230#endif
232#ifdef LWIP_FUZZ_SYS_NOW
233 /* Extract external delay time from fuzz pool */
234 memcpy(&external_delay, remfuzz_ptr, sizeof(u32_t));
235 external_delay = ntohl(external_delay);
236#endif
237 remfuzz_ptr += sizeof(u32_t);
238 remfuzz_len -= sizeof(u32_t);
239 }
240 memcpy(&frame_len, remfuzz_ptr, sizeof(u16_t));
241 remfuzz_ptr += sizeof(u16_t);
242 remfuzz_len -= sizeof(u16_t);
243 frame_len = ntohs(frame_len) & 0x7FF;
244 frame_len = LWIP_MIN(frame_len, max_packet_size);
245 if (frame_len > remfuzz_len) {
246 frame_len = (u16_t)remfuzz_len;
247 }
248 if (frame_len != 0) {
250#ifdef LWIP_FUZZ_SYS_NOW
251 /* Update total external delay time, and check timeouts */
252 sys_now_offset += external_delay;
253 LWIP_DEBUGF(FUZZ_DEBUG, ("fuzz: sys_now_offset += %u -> %u\n", external_delay, sys_now_offset));
254#endif
255 sys_check_timeouts();
256 }
257 input_pkt(netif, remfuzz_ptr, frame_len);
258 /* Check timeouts again */
259 sys_check_timeouts();
260 }
261 }
262 }
263}
264
265#if LWIP_TCP
266static struct altcp_pcb *tcp_client_pcb; /* a pcb for the TCP client */
267static struct altcp_pcb *tcp_server_pcb; /* a pcb for the TCP server */
268static u16_t tcp_remote_port; /* a TCP port number of the destionation */
269static u16_t tcp_local_port; /* a TCP port number of the local server */
270
275static void
276tcp_app_fuzz_input(struct altcp_pcb *pcb)
277{
278 if (remfuzz_len > sizeof(u16_t)) {
279 /*
280 * (max IP packet size) - ((minimum IP header size) + (minimum TCP header size))
281 * = 65535 - (20 + 20)
282 * = 65495
283 */
284 const u16_t max_data_size = 65495;
285 u16_t data_len;
286
287 memcpy(&data_len, remfuzz_ptr, sizeof(u16_t));
288 remfuzz_ptr += sizeof(u16_t);
289 remfuzz_len -= sizeof(u16_t);
290 data_len = ntohs(data_len);
291 data_len = LWIP_MIN(data_len, max_data_size);
292 if (data_len > remfuzz_len) {
293 data_len = (u16_t)remfuzz_len;
294 }
295
296 if (data_len != 0) {
297 LWIP_DEBUGF(FUZZ_DEBUG, ("fuzz: tcp: write %u bytes\n", data_len));
298 altcp_write(pcb, remfuzz_ptr, data_len, TCP_WRITE_FLAG_COPY);
299 altcp_output(pcb);
300 } else {
301 LWIP_DEBUGF(FUZZ_DEBUG, ("fuzz: tcp: close\n"));
302 altcp_close(pcb);
303 }
304
305 remfuzz_ptr += data_len;
306 remfuzz_len -= data_len;
307 }
308}
309
314static err_t
315tcp_client_connected(void *arg, struct altcp_pcb *pcb, err_t err)
316{
319
320 LWIP_DEBUGF(FUZZ_DEBUG, ("fuzz: tcp: tcp_client_connected\n"));
321 tcp_app_fuzz_input(pcb);
322
323 return ERR_OK;
324}
325
330static err_t
331tcp_client_recv(void *arg, struct altcp_pcb *pcb, struct pbuf *p, err_t err)
332{
335
336 if (p == NULL) {
337 altcp_close(pcb);
338 } else {
339 altcp_recved(pcb, p->tot_len);
340 LWIP_DEBUGF(FUZZ_DEBUG, ("fuzz: tcp: tcp_client_recv: %d\n", p->tot_len));
341 tcp_app_fuzz_input(pcb);
342 pbuf_free(p);
343 }
344
345 return ERR_OK;
346}
347
352static err_t
353tcp_client_sent(void *arg, struct altcp_pcb *pcb, u16_t len)
354{
356 LWIP_UNUSED_ARG(pcb);
358 return ERR_OK;
359}
360
365static err_t
366tcp_client_poll(void *arg, struct altcp_pcb *pcb)
367{
369 LWIP_UNUSED_ARG(pcb);
370 return ERR_OK;
371}
372
377static void
378tcp_client_err(void *arg, err_t err)
379{
382}
383
388static err_t
389tcp_server_recv(void *arg, struct altcp_pcb *pcb, struct pbuf *p, err_t err)
390{
393
394 if (p == NULL) {
395 altcp_close(pcb);
396 } else {
397 altcp_recved(pcb, p->tot_len);
398 LWIP_DEBUGF(FUZZ_DEBUG, ("fuzz: tcp: tcp_server_recv: %d\n", p->tot_len));
399 tcp_app_fuzz_input(pcb);
400 pbuf_free(p);
401 }
402
403 return ERR_OK;
404}
405
410static err_t
411tcp_server_sent(void *arg, struct altcp_pcb *pcb, u16_t len)
412{
414 LWIP_UNUSED_ARG(pcb);
416 return ERR_OK;
417}
418
423static err_t
424tcp_server_poll(void *arg, struct altcp_pcb *pcb)
425{
427 LWIP_UNUSED_ARG(pcb);
428 return ERR_OK;
429}
430
435static void
436tcp_server_err(void *arg, err_t err)
437{
440}
441
446static err_t
447tcp_server_accept(void *arg, struct altcp_pcb *pcb, err_t err)
448{
451
452 if ((err != ERR_OK) || (pcb == NULL)) {
453 return ERR_VAL;
454 }
455 LWIP_DEBUGF(FUZZ_DEBUG, ("fuzz: accept from remote\n"));
456
457 altcp_setprio(pcb, TCP_PRIO_MIN);
458
459 altcp_recv(pcb, tcp_server_recv);
460 altcp_err(pcb, tcp_server_err);
461 altcp_poll(pcb, tcp_server_poll, 10);
462 altcp_sent(pcb, tcp_server_sent);
463
464 return ERR_OK;
465}
466#endif /* LWIP_TCP */
467
468#if LWIP_UDP
469static struct udp_pcb *udp_client_pcb; /* a pcb for the UDP client */
470static struct udp_pcb *udp_server_pcb; /* a pcb for the UDP server */
471static u16_t udp_remote_port; /* a UDP port number of the destination */
472static u16_t udp_local_port; /* a UDP port number of the local server*/
473
478static void
479udp_app_fuzz_input(struct udp_pcb *pcb, const ip_addr_t *addr, u16_t port)
480{
481 if (remfuzz_len > sizeof(u16_t)) {
482 /*
483 * (max IP packet size) - ((minimum IP header size) - (minimum UDP header size))
484 * = 65535 - (20 + 8)
485 * = 65507
486 */
487 const u16_t max_data_size = 65507;
488 u16_t data_len;
489
490 memcpy(&data_len, remfuzz_ptr, sizeof(u16_t));
491 remfuzz_ptr += sizeof(u16_t);
492 remfuzz_len -= sizeof(u16_t);
493 data_len = ntohs(data_len);
494 data_len = LWIP_MIN(data_len, max_data_size);
495 if (data_len > remfuzz_len) {
496 data_len = (u16_t)remfuzz_len;
497 }
498
499 LWIP_DEBUGF(FUZZ_DEBUG, ("fuzz: udp: send %u bytes\n", data_len));
500 if (data_len != 0) {
501 struct pbuf *p, *q;
502
503 p = pbuf_alloc(PBUF_RAW, (u16_t)data_len, PBUF_POOL);
504 LWIP_ASSERT("alloc failed", p);
505
506 for (q = p; q != NULL; q = q->next) {
507 MEMCPY(q->payload, remfuzz_ptr, q->len);
508 remfuzz_ptr += q->len;
509 }
510 remfuzz_len -= data_len;
511
512 /*
513 * Trying input from ...
514 *
515 * client:
516 * The pcb has information about the destination.
517 * We use udp_send().
518 *
519 * server:
520 * The pcb does NOT have infomation about the destionation.
521 * We use udp_sendto().
522 */
523 if (addr == NULL) {
524 udp_send(pcb, p);
525 } else {
526 udp_sendto(pcb, p, addr, port);
527 }
528 pbuf_free(p);
529 }
530 }
531}
532
537static void
538udp_client_recv(void *arg, struct udp_pcb *pcb, struct pbuf *p, const ip_addr_t *addr, u16_t port)
539{
544
545 if (p == NULL) {
546 udp_disconnect(pcb);
547 } else {
548 /*
549 * We call the function with 2nd argument set to NULL
550 * to input fuzz from udp_send.
551 */
552 udp_app_fuzz_input(pcb, NULL, port);
553 pbuf_free(p);
554 }
555}
556
561static void
562udp_server_recv(void *arg, struct udp_pcb *pcb, struct pbuf *p, const ip_addr_t *addr, u16_t port)
563{
568
569 if (p != NULL) {
570 udp_app_fuzz_input(pcb, addr, port);
571 pbuf_free(p);
572 }
573}
574#endif /* LWIP_UDP */
575
576int lwip_fuzztest(int argc, char** argv, enum lwip_fuzz_type type, u32_t test_apps)
577{
578 struct netif net_test;
579 ip4_addr_t addr;
580 ip4_addr_t netmask;
581 ip4_addr_t gw;
582 size_t len;
583 err_t err;
584 ip_addr_t remote_addr; /* a IPv4 addr of the destination */
585 struct eth_addr remote_mac = ETH_ADDR(0x28, 0x00, 0x00, 0x22, 0x2b, 0x38); /* a MAC addr of the destination */
586
588 lwip_init();
589
590 IP4_ADDR(&addr, 172, 30, 115, 84);
591 IP4_ADDR(&netmask, 255, 255, 255, 0);
592 IP4_ADDR(&gw, 172, 30, 115, 1);
593
594 netif_add(&net_test, &addr, &netmask, &gw, &net_test, testif_init, ethernet_input);
597
598 if (test_apps & LWIP_FUZZ_STATICARP) {
599 /* Add the ARP entry */
600 IP_ADDR4(&remote_addr, 172, 30, 115, 37);
601 etharp_add_static_entry(&(remote_addr.u_addr.ip4), &remote_mac);
602 }
603
604#if LWIP_IPV6
605 nd6_tmr(); /* tick nd to join multicast groups */
606#endif
607 dns_setserver(0, &net_test.gw);
608
609 if (test_apps & LWIP_FUZZ_DEFAULT) {
610 /* initialize apps */
611 httpd_init();
613 mdns_resp_init();
614 mdns_resp_add_netif(&net_test, "hostname");
615 snmp_init();
616 }
617 if (test_apps & LWIP_FUZZ_TCP_CLIENT) {
618 tcp_client_pcb = altcp_tcp_new_ip_type(IPADDR_TYPE_ANY);
619 LWIP_ASSERT("Error: altcp_new() failed", tcp_client_pcb != NULL);
620 tcp_remote_port = 80;
621 err = altcp_connect(tcp_client_pcb, &remote_addr, tcp_remote_port, tcp_client_connected);
622 LWIP_ASSERT("Error: altcp_connect() failed", err == ERR_OK);
623 altcp_recv(tcp_client_pcb, tcp_client_recv);
624 altcp_err(tcp_client_pcb, tcp_client_err);
625 altcp_poll(tcp_client_pcb, tcp_client_poll, 10);
626 altcp_sent(tcp_client_pcb, tcp_client_sent);
627 }
628 if (test_apps & LWIP_FUZZ_TCP_SERVER) {
629 tcp_server_pcb = altcp_tcp_new_ip_type(IPADDR_TYPE_ANY);
630 LWIP_ASSERT("Error: altcp_new() failed", tcp_server_pcb != NULL);
631 altcp_setprio(tcp_server_pcb, TCP_PRIO_MIN);
632 tcp_local_port = 80;
633 err = altcp_bind(tcp_server_pcb, IP_ANY_TYPE, tcp_local_port);
634 LWIP_ASSERT("Error: altcp_bind() failed", err == ERR_OK);
635 tcp_server_pcb = altcp_listen(tcp_server_pcb);
636 LWIP_ASSERT("Error: altcp_listen() failed", err == ERR_OK);
637 altcp_accept(tcp_server_pcb, tcp_server_accept);
638 }
639 if (test_apps & LWIP_FUZZ_UDP_CLIENT) {
640 udp_client_pcb = udp_new();
641 udp_new_ip_type(IPADDR_TYPE_ANY);
642 udp_recv(udp_client_pcb, udp_client_recv, NULL);
643 udp_remote_port = 161;
644 udp_connect(udp_client_pcb, &remote_addr, udp_remote_port);
645 }
646 if (test_apps & LWIP_FUZZ_UDP_SERVER) {
647 udp_server_pcb = udp_new();
648 udp_new_ip_type(IPADDR_TYPE_ANY);
649 udp_local_port = 161;
650 udp_bind(udp_server_pcb, IP_ANY_TYPE, udp_local_port);
651 udp_recv(udp_server_pcb, udp_server_recv, NULL);
652 }
653
654 if(argc > 1) {
655 FILE* f;
656 const char* filename;
657 printf("reading input from file... ");
658 fflush(stdout);
659 filename = argv[1];
660 LWIP_ASSERT("invalid filename", filename != NULL);
661 f = fopen(filename, "rb");
662 LWIP_ASSERT("open failed", f != NULL);
663 len = fread(pktbuf, 1, sizeof(pktbuf), f);
664 fclose(f);
665 printf("testing file: \"%s\"...\r\n", filename);
666 } else {
667 len = fread(pktbuf, 1, sizeof(pktbuf), stdin);
668 }
670
672 return 0;
673}
674
675#ifdef LWIP_RAND_FOR_FUZZ
676u32_t lwip_fuzz_rand(void)
677{
678#ifdef LWIP_RAND_FOR_FUZZ_SIMULATE_GLIBC
679 /* this is what glibc rand() returns (first 20 numbers) */
680 static u32_t rand_nrs[] = {0x6b8b4567, 0x327b23c6, 0x643c9869, 0x66334873, 0x74b0dc51,
681 0x19495cff, 0x2ae8944a, 0x625558ec, 0x238e1f29, 0x46e87ccd,
682 0x3d1b58ba, 0x507ed7ab, 0x2eb141f2, 0x41b71efb, 0x79e2a9e3,
683 0x7545e146, 0x515f007c, 0x5bd062c2, 0x12200854, 0x4db127f8};
684 static unsigned idx = 0;
685 u32_t ret = rand_nrs[idx];
686 idx++;
687 if (idx >= sizeof(rand_nrs)/sizeof((rand_nrs)[0])) {
688 idx = 0;
689 }
690 return ret;
691#else
692 /* a simple LCG, unsafe but should give the same result for every execution (best for fuzzing) */
694 static s32_t state[1] = {0xdeadbeef};
695 uint64_t val = state[0] & 0xffffffff;
696 val = ((val * 1103515245) + 12345) & 0x7fffffff;
697 state[0] = val;
698 result = val;
699 return result;
700#endif
701}
702#endif
static int argc
Definition: ServiceArgs.c:12
#define altcp_accept
Definition: altcp.h:169
#define altcp_write
Definition: altcp.h:187
#define altcp_output
Definition: altcp.h:188
#define altcp_connect
Definition: altcp.h:177
#define altcp_poll
Definition: altcp.h:172
#define altcp_sent
Definition: altcp.h:171
#define altcp_listen
Definition: altcp.h:181
#define altcp_setprio
Definition: altcp.h:196
#define altcp_err
Definition: altcp.h:173
#define altcp_recv
Definition: altcp.h:170
#define altcp_pcb
Definition: altcp.h:159
#define altcp_close
Definition: altcp.h:184
#define altcp_recved
Definition: altcp.h:175
#define altcp_tcp_new_ip_type
Definition: altcp.h:160
#define altcp_bind
Definition: altcp.h:176
static int state
Definition: maze.c:121
#define LWIP_MIN(x, y)
Definition: def.h:66
#define NULL
Definition: types.h:112
UINT64 uint64_t
Definition: types.h:77
unsigned int idx
Definition: utils.c:41
USHORT port
Definition: uri.c:228
void httpd_init(void)
#define LWIP_DEBUGF(debug, message)
Definition: debug.h:158
#define LWIP_ASSERT(message, assertion)
Definition: debug.h:116
#define printf
Definition: freeldr.h:97
static err_t lwip_tx_func(struct netif *netif, struct pbuf *p)
Definition: fuzz_common.c:156
int lwip_fuzztest(int argc, char **argv, enum lwip_fuzz_type type, u32_t test_apps)
Definition: fuzz_common.c:576
#define pcap_dump_rx_packet(p)
Definition: fuzz_common.c:149
#define pcap_dump_tx_packet(p)
Definition: fuzz_common.c:150
#define FUZZ_DEBUG
Definition: fuzz_common.c:62
static u8_t pktbuf[200000]
Definition: fuzz_common.c:57
static void input_pkts(enum lwip_fuzz_type type, struct netif *netif, const u8_t *data, size_t len)
Definition: fuzz_common.c:215
static size_t remfuzz_len
Definition: fuzz_common.c:59
#define pcap_dump_stop()
Definition: fuzz_common.c:152
static void input_pkt(struct netif *netif, const u8_t *data, size_t len)
Definition: fuzz_common.c:190
static const u8_t * remfuzz_ptr
Definition: fuzz_common.c:58
static err_t testif_init(struct netif *netif)
Definition: fuzz_common.c:164
#define pcap_dump_init()
Definition: fuzz_common.c:151
#define LWIP_FUZZ_UDP_CLIENT
Definition: fuzz_common.h:54
lwip_fuzz_type
Definition: fuzz_common.h:42
@ LWIP_FUZZ_SINGLE
Definition: fuzz_common.h:43
@ LWIP_FUZZ_MULTIPACKET_TIME
Definition: fuzz_common.h:45
#define LWIP_FUZZ_UDP_SERVER
Definition: fuzz_common.h:53
#define LWIP_FUZZ_DEFAULT
Definition: fuzz_common.h:49
#define LWIP_FUZZ_STATICARP
Definition: fuzz_common.h:50
#define LWIP_FUZZ_TCP_CLIENT
Definition: fuzz_common.h:52
#define LWIP_FUZZ_TCP_SERVER
Definition: fuzz_common.h:51
GLuint GLuint GLsizei GLenum type
Definition: gl.h:1545
GLint GLenum GLsizei GLsizei GLsizei GLint GLsizei const GLvoid * data
Definition: gl.h:1950
GLdouble GLdouble GLdouble GLdouble q
Definition: gl.h:2063
GLfloat f
Definition: glext.h:7540
GLenum const GLvoid * addr
Definition: glext.h:9621
GLuint GLfloat * val
Definition: glext.h:7180
GLfloat GLfloat p
Definition: glext.h:8902
GLenum GLsizei len
Definition: glext.h:6722
GLuint64EXT * result
Definition: glext.h:11304
int32_t s32_t
Definition: arch.h:130
uint32_t u32_t
Definition: arch.h:129
uint8_t u8_t
Definition: arch.h:125
#define LWIP_UNUSED_ARG(x)
Definition: arch.h:373
uint16_t u16_t
Definition: arch.h:127
s8_t err_t
Definition: err.h:96
@ ERR_OK
Definition: err.h:55
@ ERR_VAL
Definition: err.h:67
#define IP_ANY_TYPE
Definition: ip_addr.h:461
@ IPADDR_TYPE_ANY
Definition: ip_addr.h:60
void lwip_init(void)
Definition: init.c:339
#define NETIF_FLAG_ETHARP
Definition: netif.h:97
#define NETIF_FLAG_MLD6
Definition: netif.h:107
#define NETIF_FLAG_IGMP
Definition: netif.h:104
#define NETIF_FLAG_BROADCAST
Definition: netif.h:87
struct netif * netif_add(struct netif *netif, void *state, netif_init_fn init, netif_input_fn input)
Definition: netif.c:287
void netif_set_link_up(struct netif *netif)
Definition: netif.c:1018
void netif_set_up(struct netif *netif)
Definition: netif.c:871
struct pbuf * pbuf_alloc(pbuf_layer layer, u16_t length, pbuf_type type)
Definition: pbuf.c:224
u8_t pbuf_free(struct pbuf *p)
Definition: pbuf.c:727
@ PBUF_POOL
Definition: pbuf.h:167
@ PBUF_RAW
Definition: pbuf.h:111
#define stdout
Definition: stdio.h:99
_Check_return_opt_ _CRTIMP int __cdecl fflush(_Inout_opt_ FILE *_File)
_Check_return_opt_ _CRTIMP size_t __cdecl fread(_Out_writes_bytes_(_ElementSize *_Count) void *_DstBuf, _In_ size_t _ElementSize, _In_ size_t _Count, _Inout_ FILE *_File)
_Check_return_ _CRTIMP FILE *__cdecl fopen(_In_z_ const char *_Filename, _In_z_ const char *_Mode)
#define stdin
Definition: stdio.h:98
_Check_return_opt_ _CRTIMP int __cdecl fclose(_Inout_ FILE *_File)
_Check_return_opt_ _CRTIMP size_t __cdecl fwrite(_In_reads_bytes_(_Size *_Count) const void *_Str, _In_ size_t _Size, _In_ size_t _Count, _Inout_ FILE *_File)
const char * filename
Definition: ioapi.h:137
ip6_addr_t ip_addr_t
Definition: ip_addr.h:344
#define f
Definition: ke_i.h:83
#define ETH_ADDR(b0, b1, b2, b3, b4, b5)
Definition: ethernet.h:69
void * lwiperf_start_tcp_server_default(lwiperf_report_fn report_fn, void *report_arg)
#define MEMCPY(DST, SRC, BYTES)
Definition: macros.h:231
#define memcpy(s1, s2, n)
Definition: mkisofs.h:878
#define ntohl(x)
Definition: module.h:205
#define ntohs(x)
Definition: module.h:210
#define argv
Definition: mplay32.c:18
#define err(...)
struct define * next
Definition: compiler.c:65
Definition: netif.h:269
u8_t flags
Definition: netif.h:354
char name[2]
Definition: netif.h:356
netif_input_fn input
Definition: netif.h:297
u8_t hwaddr[NETIF_MAX_HWADDR_LEN]
Definition: netif.h:350
u16_t mtu
Definition: netif.h:344
netif_linkoutput_fn linkoutput
Definition: netif.h:308
u8_t hwaddr_len
Definition: netif.h:352
Definition: pbuf.h:186
static struct netif net_test
Definition: test_netif.c:12
int ret