google-cla[bot]
commented
11 months ago Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).
View this failed invocation of the CLA check for more information.
For the most up to date status, view the checks section at the bottom of the pull request.
This pull request shows the changes we made to PacketDrill to support adversarial testing of Network Stacks.
Here are the significant files where changes were made
lexer.l, parser.y - Updated the Packetdrill grammer to support addition of mutation instructions (eg "{mut tcp data_offset 0x60}" says mutate the TCP data_offset field to 0x60)
fuzz_options.h, fuzz_options.c - Handles the creation of the fuzz_option struct that holds the mutation instruction defined in the Packetdrill script.
udp_packet.c, tcp_packet.c - Included the defined mutation instruction (if present) in the packet when creating a new packet struct.
fm_testing.c - Handles the mutation of the packet, following the defined mutation instruction. The actual mutation is implemented in a separate library that is loaded dynamically as a shared object file.
run.c - Added a perform_termination_handshake() function that sends a termination signal to the test target after each test, and waits for a response. This was necessary so the fuzzer can only start a new packetdrill test after it ensures the target has finished processing all packets of the current test.
run_packet.c - Added a send_test_complete_signal() function that generates and sends the termination signal.
logging.c - Created a die_free_so() function that frees the so_instance object before terminating a test. This is called when a test fails and informs the available so_instance to perform any cleanup operation it needs.
mutation-scripts directory - Contains sample Packetdrill with mutation instructions added.