xref: /nrf52832-nimble/rt-thread/components/net/lwip-2.1.0/test/fuzz/fuzz.c (revision 104654410c56c573564690304ae786df310c91fc) 
1*10465441SEvalZero /*
2*10465441SEvalZero  * Copyright (c) 2001-2003 Swedish Institute of Computer Science.
3*10465441SEvalZero  * All rights reserved.
4*10465441SEvalZero  *
5*10465441SEvalZero  * Redistribution and use in source and binary forms, with or without modification,
6*10465441SEvalZero  * are permitted provided that the following conditions are met:
7*10465441SEvalZero  *
8*10465441SEvalZero  * 1. Redistributions of source code must retain the above copyright notice,
9*10465441SEvalZero  *    this list of conditions and the following disclaimer.
10*10465441SEvalZero  * 2. Redistributions in binary form must reproduce the above copyright notice,
11*10465441SEvalZero  *    this list of conditions and the following disclaimer in the documentation
12*10465441SEvalZero  *    and/or other materials provided with the distribution.
13*10465441SEvalZero  * 3. The name of the author may not be used to endorse or promote products
14*10465441SEvalZero  *    derived from this software without specific prior written permission.
15*10465441SEvalZero  *
16*10465441SEvalZero  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
17*10465441SEvalZero  * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
18*10465441SEvalZero  * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
19*10465441SEvalZero  * SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
20*10465441SEvalZero  * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
21*10465441SEvalZero  * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
22*10465441SEvalZero  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
23*10465441SEvalZero  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
24*10465441SEvalZero  * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
25*10465441SEvalZero  * OF SUCH DAMAGE.
26*10465441SEvalZero  *
27*10465441SEvalZero  * This file is part of the lwIP TCP/IP stack.
28*10465441SEvalZero  *
29*10465441SEvalZero  * Author: Erik Ekman <[email protected]>
30*10465441SEvalZero  *
31*10465441SEvalZero  */
32*10465441SEvalZero 
33*10465441SEvalZero #include "lwip/init.h"
34*10465441SEvalZero #include "lwip/netif.h"
35*10465441SEvalZero #include "lwip/dns.h"
36*10465441SEvalZero #include "netif/etharp.h"
37*10465441SEvalZero #if LWIP_IPV6
38*10465441SEvalZero #include "lwip/ethip6.h"
39*10465441SEvalZero #include "lwip/nd6.h"
40*10465441SEvalZero #endif
41*10465441SEvalZero 
42*10465441SEvalZero #include "lwip/apps/httpd.h"
43*10465441SEvalZero #include "lwip/apps/snmp.h"
44*10465441SEvalZero #include "lwip/apps/lwiperf.h"
45*10465441SEvalZero #include "lwip/apps/mdns.h"
46*10465441SEvalZero 
47*10465441SEvalZero #include <string.h>
48*10465441SEvalZero #include <stdio.h>
49*10465441SEvalZero 
50*10465441SEvalZero /* This define enables multi packet processing.
51*10465441SEvalZero  * For this, the input is interpreted as 2 byte length + data + 2 byte length + data...
52*10465441SEvalZero  * #define LWIP_FUZZ_MULTI_PACKET
53*10465441SEvalZero */
54*10465441SEvalZero #ifdef LWIP_FUZZ_MULTI_PACKET
55*10465441SEvalZero u8_t pktbuf[20000];
56*10465441SEvalZero #else
57*10465441SEvalZero u8_t pktbuf[2000];
58*10465441SEvalZero #endif
59*10465441SEvalZero 
60*10465441SEvalZero /* no-op send function */
lwip_tx_func(struct netif * netif,struct pbuf * p)61*10465441SEvalZero static err_t lwip_tx_func(struct netif *netif, struct pbuf *p)
62*10465441SEvalZero {
63*10465441SEvalZero   LWIP_UNUSED_ARG(netif);
64*10465441SEvalZero   LWIP_UNUSED_ARG(p);
65*10465441SEvalZero   return ERR_OK;
66*10465441SEvalZero }
67*10465441SEvalZero 
testif_init(struct netif * netif)68*10465441SEvalZero static err_t testif_init(struct netif *netif)
69*10465441SEvalZero {
70*10465441SEvalZero   netif->name[0] = 'f';
71*10465441SEvalZero   netif->name[1] = 'z';
72*10465441SEvalZero   netif->output = etharp_output;
73*10465441SEvalZero   netif->linkoutput = lwip_tx_func;
74*10465441SEvalZero   netif->mtu = 1500;
75*10465441SEvalZero   netif->hwaddr_len = 6;
76*10465441SEvalZero   netif->flags = NETIF_FLAG_BROADCAST | NETIF_FLAG_ETHARP | NETIF_FLAG_IGMP;
77*10465441SEvalZero 
78*10465441SEvalZero   netif->hwaddr[0] = 0x00;
79*10465441SEvalZero   netif->hwaddr[1] = 0x23;
80*10465441SEvalZero   netif->hwaddr[2] = 0xC1;
81*10465441SEvalZero   netif->hwaddr[3] = 0xDE;
82*10465441SEvalZero   netif->hwaddr[4] = 0xD0;
83*10465441SEvalZero   netif->hwaddr[5] = 0x0D;
84*10465441SEvalZero 
85*10465441SEvalZero #if LWIP_IPV6
86*10465441SEvalZero   netif->output_ip6 = ethip6_output;
87*10465441SEvalZero   netif->ip6_autoconfig_enabled = 1;
88*10465441SEvalZero   netif_create_ip6_linklocal_address(netif, 1);
89*10465441SEvalZero   netif->flags |= NETIF_FLAG_MLD6;
90*10465441SEvalZero #endif
91*10465441SEvalZero 
92*10465441SEvalZero   return ERR_OK;
93*10465441SEvalZero }
94*10465441SEvalZero 
input_pkt(struct netif * netif,const u8_t * data,size_t len)95*10465441SEvalZero static void input_pkt(struct netif *netif, const u8_t *data, size_t len)
96*10465441SEvalZero {
97*10465441SEvalZero   struct pbuf *p, *q;
98*10465441SEvalZero   err_t err;
99*10465441SEvalZero 
100*10465441SEvalZero   LWIP_ASSERT("pkt too big", len <= 0xFFFF);
101*10465441SEvalZero   p = pbuf_alloc(PBUF_RAW, (u16_t)len, PBUF_POOL);
102*10465441SEvalZero   LWIP_ASSERT("alloc failed", p);
103*10465441SEvalZero   for(q = p; q != NULL; q = q->next) {
104*10465441SEvalZero     MEMCPY(q->payload, data, q->len);
105*10465441SEvalZero     data += q->len;
106*10465441SEvalZero   }
107*10465441SEvalZero   err = netif->input(p, netif);
108*10465441SEvalZero   if (err != ERR_OK) {
109*10465441SEvalZero     pbuf_free(p);
110*10465441SEvalZero   }
111*10465441SEvalZero }
112*10465441SEvalZero 
input_pkts(struct netif * netif,const u8_t * data,size_t len)113*10465441SEvalZero static void input_pkts(struct netif *netif, const u8_t *data, size_t len)
114*10465441SEvalZero {
115*10465441SEvalZero #ifdef LWIP_FUZZ_MULTI_PACKET
116*10465441SEvalZero   const u16_t max_packet_size = 1514;
117*10465441SEvalZero   const u8_t *ptr = data;
118*10465441SEvalZero   size_t rem_len = len;
119*10465441SEvalZero 
120*10465441SEvalZero   while (rem_len > sizeof(u16_t)) {
121*10465441SEvalZero     u16_t frame_len;
122*10465441SEvalZero     memcpy(&frame_len, ptr, sizeof(u16_t));
123*10465441SEvalZero     ptr += sizeof(u16_t);
124*10465441SEvalZero     rem_len -= sizeof(u16_t);
125*10465441SEvalZero     frame_len = htons(frame_len) & 0x7FF;
126*10465441SEvalZero     frame_len = LWIP_MIN(frame_len, max_packet_size);
127*10465441SEvalZero     if (frame_len > rem_len) {
128*10465441SEvalZero       frame_len = (u16_t)rem_len;
129*10465441SEvalZero     }
130*10465441SEvalZero     if (frame_len != 0) {
131*10465441SEvalZero       input_pkt(netif, ptr, frame_len);
132*10465441SEvalZero     }
133*10465441SEvalZero     ptr += frame_len;
134*10465441SEvalZero     rem_len -= frame_len;
135*10465441SEvalZero   }
136*10465441SEvalZero #else /* LWIP_FUZZ_MULTI_PACKET */
137*10465441SEvalZero   input_pkt(netif, data, len);
138*10465441SEvalZero #endif /* LWIP_FUZZ_MULTI_PACKET */
139*10465441SEvalZero }
140*10465441SEvalZero 
main(int argc,char ** argv)141*10465441SEvalZero int main(int argc, char** argv)
142*10465441SEvalZero {
143*10465441SEvalZero   struct netif net_test;
144*10465441SEvalZero   ip4_addr_t addr;
145*10465441SEvalZero   ip4_addr_t netmask;
146*10465441SEvalZero   ip4_addr_t gw;
147*10465441SEvalZero   size_t len;
148*10465441SEvalZero 
149*10465441SEvalZero   lwip_init();
150*10465441SEvalZero 
151*10465441SEvalZero   IP4_ADDR(&addr, 172, 30, 115, 84);
152*10465441SEvalZero   IP4_ADDR(&netmask, 255, 255, 255, 0);
153*10465441SEvalZero   IP4_ADDR(&gw, 172, 30, 115, 1);
154*10465441SEvalZero 
155*10465441SEvalZero   netif_add(&net_test, &addr, &netmask, &gw, &net_test, testif_init, ethernet_input);
156*10465441SEvalZero   netif_set_up(&net_test);
157*10465441SEvalZero   netif_set_link_up(&net_test);
158*10465441SEvalZero 
159*10465441SEvalZero #if LWIP_IPV6
160*10465441SEvalZero   nd6_tmr(); /* tick nd to join multicast groups */
161*10465441SEvalZero #endif
162*10465441SEvalZero   dns_setserver(0, &net_test.gw);
163*10465441SEvalZero 
164*10465441SEvalZero   /* initialize apps */
165*10465441SEvalZero   httpd_init();
166*10465441SEvalZero   lwiperf_start_tcp_server_default(NULL, NULL);
167*10465441SEvalZero   mdns_resp_init();
168*10465441SEvalZero   mdns_resp_add_netif(&net_test, "hostname", 255);
169*10465441SEvalZero   snmp_init();
170*10465441SEvalZero 
171*10465441SEvalZero   if(argc > 1) {
172*10465441SEvalZero     FILE* f;
173*10465441SEvalZero     const char* filename;
174*10465441SEvalZero     printf("reading input from file... ");
175*10465441SEvalZero     fflush(stdout);
176*10465441SEvalZero     filename = argv[1];
177*10465441SEvalZero     LWIP_ASSERT("invalid filename", filename != NULL);
178*10465441SEvalZero     f = fopen(filename, "rb");
179*10465441SEvalZero     LWIP_ASSERT("open failed", f != NULL);
180*10465441SEvalZero     len = fread(pktbuf, 1, sizeof(pktbuf), f);
181*10465441SEvalZero     fclose(f);
182*10465441SEvalZero     printf("testing file: \"%s\"...\r\n", filename);
183*10465441SEvalZero   } else {
184*10465441SEvalZero     len = fread(pktbuf, 1, sizeof(pktbuf), stdin);
185*10465441SEvalZero   }
186*10465441SEvalZero   input_pkts(&net_test, pktbuf, len);
187*10465441SEvalZero 
188*10465441SEvalZero   return 0;
189*10465441SEvalZero }
190