GitHub - zouyonghao/TCP-Fuzz: TCP-Fuzz: Detecting Memory and Semantic Bugs in TCP Stacks with Fuzzing

zouyonghao / TCP-Fuzz Public

Notifications You must be signed in to change notification settings
Fork 1
Star 6

TCP-Fuzz: Detecting Memory and Semantic Bugs in TCP Stacks with Fuzzing

Notifications

Name		Name	Last commit message	Last commit date
Latest commit History 91 Commits
.vscode		.vscode
contrib		contrib
doc		doc
scripts		scripts
tests		tests
.clang-format		.clang-format
.gitignore		.gitignore
LICENSE		LICENSE
Makefile		Makefile
Makefile-f-stack		Makefile-f-stack
Makefile-mtcp		Makefile-mtcp
Makefile.FreeBSD		Makefile.FreeBSD
Makefile.Linux		Makefile.Linux
Makefile.NetBSD		Makefile.NetBSD
Makefile.OpenBSD		Makefile.OpenBSD
Makefile.common		Makefile.common
README		README
assert.h		assert.h
capability.h		capability.h
checksum.c		checksum.c
checksum.h		checksum.h
checksum_test.c		checksum_test.c
code.c		code.c
code.h		code.h
config.c		config.c
config.h		config.h
configure		configure
epoll.c		epoll.c
epoll.h		epoll.h
ethernet.h		ethernet.h
fd_state.h		fd_state.h
file.c		file.c
file.h		file.h
fmemopen.c		fmemopen.c
fmemopen.h		fmemopen.h
fuzz_test.c		fuzz_test.c
fuzz_test.h		fuzz_test.h
fuzz_test_header.h		fuzz_test_header.h
fuzz_test_helper.c		fuzz_test_helper.c
fuzz_test_helper.h		fuzz_test_helper.h
fuzz_test_packet.c		fuzz_test_packet.c
fuzz_test_packet.h		fuzz_test_packet.h
fuzz_test_remove_duplicate.c		fuzz_test_remove_duplicate.c
fuzz_test_result.c		fuzz_test_result.c
fuzz_test_result.h		fuzz_test_result.h
fuzz_test_script.c		fuzz_test_script.c
fuzz_test_script.h		fuzz_test_script.h
fuzz_test_syscall.c		fuzz_test_syscall.c
fuzz_test_syscall.h		fuzz_test_syscall.h
gdb		gdb
gre.h		gre.h
gre_packet.c		gre_packet.c
gre_packet.h		gre_packet.h
hash.c		hash.c
hash.h		hash.h
hash_map.c		hash_map.c
hash_map.h		hash_map.h
header.h		header.h
icmp.h		icmp.h
icmp_packet.c		icmp_packet.c
icmp_packet.h		icmp_packet.h
icmpv6.h		icmpv6.h
ip.h		ip.h
ip_address.c		ip_address.c
ip_address.h		ip_address.h
ip_packet.c		ip_packet.c
ip_packet.h		ip_packet.h
ip_prefix.c		ip_prefix.c
ip_prefix.h		ip_prefix.h
ipv6.h		ipv6.h
lexer.l		lexer.l
link_layer.c		link_layer.c
link_layer.h		link_layer.h
logging.c		logging.c
logging.h		logging.h
mpls.h		mpls.h
mpls_packet.c		mpls_packet.c
mpls_packet.h		mpls_packet.h
net_utils.c		net_utils.c
net_utils.h		net_utils.h
netdev.c		netdev.c
netdev.h		netdev.h
open_memstream.c		open_memstream.c
open_memstream.h		open_memstream.h
packet.c		packet.c
packet.h		packet.h
packet_checksum.c		packet_checksum.c
packet_checksum.h		packet_checksum.h
packet_parser.c		packet_parser.c
packet_parser.h		packet_parser.h
packet_parser_test.c		packet_parser_test.c
packet_socket.h		packet_socket.h
packet_socket_linux.c		packet_socket_linux.c
packet_socket_pcap.c		packet_socket_pcap.c
packet_to_string.c		packet_to_string.c
packet_to_string.h		packet_to_string.h
packet_to_string_test.c		packet_to_string_test.c
packetdrill.c		packetdrill.c
packetdrill.h		packetdrill.h
parse.h		parse.h

Repository files navigation

TCP-Fuzz: Detecting Memory and Semantic Bugs in TCP Stacks with Fuzzing

https://www.usenix.org/conference/atc21/presentation/zou

TCP-Fuzz is based on packetdrill

Run a blackbox fuzzing test
--------------------------------------------------------------------------

# (Optional) Use docker

docker run --privileged \
            --cap-add=ALL \
            -v /sys/bus/pci/devices:/sys/bus/pci/devices \
            -v /sys/kernel/mm/hugepages:/sys/kernel/mm/hugepages \
            -v /sys/devices/system/node:/sys/devices/system/node \
            -v /dev:/dev \
            -v /home/$USER:/home/$USER \
            --name tcp-fuzz \
            --network=host \
            -it ubuntu:18.04

apt install build-essential bison flex libpcap-dev libnuma-dev

# Compile TLDK

Use the TLDK here https://github.com/zouyonghao/tldk.

You need to change the DPDK source location for easy compilation: https://github.com/zouyonghao/tldk/blob/216865216573bf856174dd62bfdf683a8c4b1feb/dpdk/Makefile#L226.

make PACKETDRILL=y EXTRA_CFLAGS="-g -O0 -fPIC -march=native -DLOOK_ASIDE_BACKEND " all

# Compile TCP-Fuzz

make clean && make fuzz_test_no_exfunc && make packetdrill_no_exfunc

You need to change the TLDK_ROOT accordingly in the Makefile.

# Run blackbox fuzzing test

echo 512 > /sys/kernel/mm/hugepages/hugepages-2048kB/nr_hugepages

cd scripts/tldk && ./blackbox_test.sh

# mTCP

The mTCP branch we tested is https://github.com/zouyonghao/mtcp/tree/packetdrill.