Suppose Fuzzing crashed a server. A specific sequence of packets produced a memory fault, or triggered a memory leak. The user wants to explore that. Running the sequence from the beginning will take a long time. What if it could just be restarted from a known good checkpoint, when the system was still up and responding?
The sequence of events in a connection is a function of the connection ID. The random generator for that connection is seeded with it. What if we could start a sequence at a specific CID, repeating the tail of a previous sequence? So, the requirements are simple:
1) Client parameter to specify the first initial connection ID
2) Logging system showing which CID are being processed
2) Logging indication for key CID such that "all connections prior to this ID have been processed and the server is still up"
The seeding is not perfect, because the sequence also depends on whether the connection used session resume, and 0 RTT. We could make that usage also a random function of the CID.
Of course, that will not work so well on the server side, because the CID are generated by the client. Picoquic could manage that. Not clear that other stacks could. Maybe.
huitema
commented
2 years ago
Suppose Fuzzing crashed a server. A specific sequence of packets produced a memory fault, or triggered a memory leak. The user wants to explore that. Running the sequence from the beginning will take a long time. What if it could just be restarted from a known good checkpoint, when the system was still up and responding?
The sequence of events in a connection is a function of the connection ID. The random generator for that connection is seeded with it. What if we could start a sequence at a specific CID, repeating the tail of a previous sequence? So, the requirements are simple:
1) Client parameter to specify the first initial connection ID 2) Logging system showing which CID are being processed 2) Logging indication for key CID such that "all connections prior to this ID have been processed and the server is still up"
The seeding is not perfect, because the sequence also depends on whether the connection used session resume, and 0 RTT. We could make that usage also a random function of the CID.
Of course, that will not work so well on the server side, because the CID are generated by the client. Picoquic could manage that. Not clear that other stacks could. Maybe.