Just a quick idea I had that I don't plan to work on in the near
future. Perhaps one of the GSOC students interested in improving our
fuzzing could pick this up since it is somewhat related.
Our randpkt tester is great but currently only covers 22 protocols at
a quick count. An easy way to extend this to cover vastly more
protocols would be:
- Add a type to randpkt (perhaps 'tcp-payload') that generates
Eth+IP+TCP+Payload under a specific generic TCP port (something high
in the unregistered zone).
- Add support for cycling through the various -d options to the the
randpkt-test.sh script
So randpkt would generate random TCP payloads under a known port, and
the script would then run tshark on the file once for each protocol
that runs over TCP, forcing decoding on that port to that protocol.
Doing this for just TCP, UDP and SCTP would add coverage for an
additional ~450 distinct protocols (already accounting for
duplicates).
./tshark -G decodes | grep -e udp.port -e tcp.port -e sctp.port | cut
-f3 | uniq | wc
Cheers,
Evan
