From owner-p4-projects@FreeBSD.ORG Fri Jul 16 18:30:34 2010 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 740E51065673; Fri, 16 Jul 2010 18:30:34 +0000 (UTC) Delivered-To: perforce@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1FC421065678 for ; Fri, 16 Jul 2010 18:30:34 +0000 (UTC) (envelope-from gsilva@FreeBSD.org) Received: from repoman.freebsd.org (repoman.freebsd.org [IPv6:2001:4f8:fff6::29]) by mx1.freebsd.org (Postfix) with ESMTP id 0CBA38FC17 for ; Fri, 16 Jul 2010 18:30:33 +0000 (UTC) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.14.3/8.14.3) with ESMTP id o6GIUXZp084572 for ; Fri, 16 Jul 2010 18:30:33 GMT (envelope-from gsilva@FreeBSD.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.14.3/8.14.3/Submit) id o6GIUXqR084570 for perforce@freebsd.org; Fri, 16 Jul 2010 18:30:33 GMT (envelope-from gsilva@FreeBSD.org) Date: Fri, 16 Jul 2010 18:30:33 GMT Message-Id: <201007161830.o6GIUXqR084570@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to gsilva@FreeBSD.org using -f From: Gabriel Silva To: Perforce Change Reviews Precedence: bulk Cc: Subject: PERFORCE change 181059 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 16 Jul 2010 18:30:34 -0000 http://p4web.freebsd.org/@@181059?ac=10 Change 181059 by gsilva@gsilva on 2010/07/16 18:30:17 Added support to generate appropriate frame type and subtype based on choosen fuzzing state. Affected files ... .. //depot/projects/soc2010/gsilva_80211fuzz/src/tools/tools/net80211/80211fuzz/fuzzer.py#7 edit Differences ... ==== //depot/projects/soc2010/gsilva_80211fuzz/src/tools/tools/net80211/80211fuzz/fuzzer.py#7 (text+ko) ==== @@ -16,7 +16,43 @@ """ The Generator class """ + + state1_type = { + ieee80211.IEEE80211_FC0_TYPE_MGT : + [ + ieee80211.IEEE80211_FC0_SUBTYPE_BEACON, + ieee80211.IEEE80211_FC0_SUBTYPE_PROBE_REQ, + ieee80211.IEEE80211_FC0_SUBTYPE_PROBE_RESP, + ieee80211.IEEE80211_FC0_SUBTYPE_AUTH, + ieee80211.IEEE80211_FC0_SUBTYPE_DEAUTH + ] + } + + state2_type = { + ieee80211.IEEE80211_FC0_TYPE_MGT : + [ + ieee80211.IEEE80211_FC0_SUBTYPE_ASSOC_REQ, + ieee80211.IEEE80211_FC0_SUBTYPE_ASSOC_RESP, + ieee80211.IEEE80211_FC0_SUBTYPE_PROBE_RESP, + ieee80211.IEEE80211_FC0_SUBTYPE_BEACON + ] + } + state3_type = { + ieee80211.IEEE80211_FC0_TYPE_MGT : + [ + ieee80211.IEEE80211_FC0_SUBTYPE_PROBE_RESP, + ieee80211.IEEE80211_FC0_SUBTYPE_BEACON, + ieee80211.IEEE80211_FC0_SUBTYPE_REASSOC_REQ, + ieee80211.IEEE80211_FC0_SUBTYPE_REASSOC_RESP, + ieee80211.IEEE80211_FC0_SUBTYPE_DISASSOC + ], + ieee80211.IEEE80211_FC0_TYPE_DATA : + [ + ieee80211.IEEE80211_FC0_SUBTYPE_DATA + ] + } + @staticmethod def generate_int(bits): """generate an integer with given size""" @@ -43,7 +79,30 @@ return ieee80211.ieee80211_atob(addr) + @staticmethod + def generate_type_subtype(state, mode): + fc = 0 + if state == 1: + subtype_array = Generator.state1_type[ieee80211.IEEE80211_FC0_TYPE_MGT] + fc |= ieee80211.IEEE80211_FC0_TYPE_MGT + elif state == 2: + subtype_array = Generator.state2_type[ieee80211.IEEE80211_FC0_TYPE_MGT] + fc |= ieee80211.IEEE80211_FC0_TYPE_MGT + elif state == 3: + r = random.randint(0,1) + + if r == 0: + subtype_array = Generator.state3_type[ieee80211.IEEE80211_FC0_TYPE_MGT] + fc |= ieee80211.IEEE80211_FC0_TYPE_MGT + else: + subtype_array = Generator.state3_type[ieee80211.IEEE80211_FC0_TYPE_DATA] + fc |= ieee80211.IEEE80211_FC0_TYPE_DATA + + fc |= random.choice(subtype_array) + + return fc + class Frame: """ The Frame class @@ -54,21 +113,23 @@ self.radio = radiotap.radiotap() self.frame = ieee80211.frame() self.chain = None + self.state = state + self.mode = mode - self.generate(state, mode) + self.generate() def __getattr__(self, name): if name == 'frame': return self._chain - def generate(self, state, mode): + def generate(self): """generate a frame of given state using one of the generation modes""" self.radio.version = 0; self.radio.pad = 0; self.radio.length = 0; self.frame = ieee80211.frame() - self.frame.fc0 = Generator.generate_int(8); + self.frame.fc0 = Generator.generate_type_subtype(self.state, self.mode); self.frame.fc1 = Generator.generate_int(8); self.frame.dur = Generator.generate_int(16); self.frame.addr1 = Generator.generate_addr();