Date: Thu, 15 Jul 2010 17:01:07 GMT From: Gabriel Silva <gsilva@FreeBSD.org> To: Perforce Change Reviews <perforce@FreeBSD.org> Subject: PERFORCE change 181007 for review Message-ID: <201007151701.o6FH174i079209@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://p4web.freebsd.org/@@181007?ac=10 Change 181007 by gsilva@gsilva on 2010/07/15 17:01:00 Added generate_frame() and send_frame() methods. Added methods to generate integers, strings and 802.11 valid addresses. Affected files ... .. //depot/projects/soc2010/gsilva_80211fuzz/src/tools/tools/net80211/80211fuzz/fuzzer.py#2 edit Differences ... ==== //depot/projects/soc2010/gsilva_80211fuzz/src/tools/tools/net80211/80211fuzz/fuzzer.py#2 (text+ko) ==== @@ -2,8 +2,10 @@ # 802.11 Fuzzer # -import pcs +import string +import random +from pcs import * from pcs.packets import radiotap from pcs.packets import ieee80211 from optparse import OptionParser @@ -14,13 +16,61 @@ self.channel = channel self. state = state self.type = type - + self.frame_number = 0 + + self.output = PcapConnector(self.interface, wireless = True) + + def generate_int(self, bits): + return random.getrandbits(bits) + + def generate_string(self, size, restrict_chars = None): + if restrict_chars: + string = "".join(random.sample(restrict_chars, size)) + else: + string = "".join(random.sample(string.digits + string.ascii_lowercase, size)) + + return string + + def generate_addr(self): + addr = self.generate_string(2, string.hexdigits[:16]) + + for i in range(0,5): + addr += ":" + addr += self.generate_string(2, string.hexdigits[:16]) + + return ieee80211.ieee80211_atob(addr) + + def generate_frame(self): + radio = radiotap.radiotap() + radio.version = 0; + radio.pad = 0; + radio.length = 0; + + frame = ieee80211.frame() + frame.fc0 = self.generate_int(8); + frame.fc1 = self.generate_int(8); + frame.dur = self.generate_int(16); + frame.addr1 = self.generate_addr(); + frame.addr2 = self.generate_addr(); + frame.addr3 = self.generate_addr(); + frame.seq = self.generate_int(16); + + chain = Chain([radio, frame]) + + return chain + + def send_frame(self, frame): + out = self.output.write(frame.bytes, len(frame.bytes)) + self.frame_number += 1 + print "Frame %d was sent." % self.frame_number + def start(self): print "Starting a state %d fuzzing on interface %s, channel %s" % (self.state, self.interface, self.channel) print "Press CTRL+C to stop.\n" while 1: - 1 + frame = self.generate_frame(); + self.send_frame(frame); def main():
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201007151701.o6FH174i079209>