New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Integrate FRR in a fuzzing testing suite (Google oss-fuzz) #479
Comments
I'll look into this fuzzer. The challenges with many fuzzers are that they are not protocol aware, so as an example, they can fuz things like a BGP open, they can't fuz a BGP update as this would require a valid BGP open first. However, always open to add another fuzzer if it makes any sense. I'll look into it and will comment back once I understand more about this specific one and how useful it is. |
I've also tested randpkt from the wireshark suite. Very low level but it
helped to localize where dissectors failed.
Le mar. 9 mai 2017 à 10:06, Martin Winter <notifications@github.com> a
écrit :
… I'll look into this fuzzer. The challenges with many fuzzers are that they
are not protocol aware, so as an example, they can fuz things like a BGP
open, they can't fuz a BGP update as this would require a valid BGP open
first.
We (at NetDEF) use a commercial protocol fuzzer from Spirent (SPS-8000) to
do tests like these.
However, always open to add another fuzzer if it makes any sense. I'll
look into it and will comment back once I understand more about this
specific one and how useful it is.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#479 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/AASXIsVFBFrVN43SGI2zMY_XS1g0s7twks5r4B6RgaJpZM4NUgpN>
.
|
We've implemented several ways to allow fuzzing via zebra and bgp. This is an ongoing effort and I don't see a need to keep this issue open at this point in time. |
Just to add a bit of color to this I added fuzz entrypoints some years ago and we integrated into oss-fuzz a few weeks ago. google/oss-fuzz#5749 |
Fuzzing is an efficient way to find various bugs inside a software. Maybe FRR could be integrated into the oss-fuzz google project.
https://github.com/google/oss-fuzz
This project already found relevant issues in various well established software projects:
https://testing.googleblog.com/2017/05/oss-fuzz-five-months-later-and.html
The text was updated successfully, but these errors were encountered: