Date: Fri, 16 Jul 2010 18:30:33 GMT From: Gabriel Silva <gsilva@FreeBSD.org> To: Perforce Change Reviews <perforce@FreeBSD.org> Subject: PERFORCE change 181059 for review Message-ID: <201007161830.o6GIUXqR084570@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://p4web.freebsd.org/@@181059?ac=10 Change 181059 by gsilva@gsilva on 2010/07/16 18:30:17 Added support to generate appropriate frame type and subtype based on choosen fuzzing state. Affected files ... .. //depot/projects/soc2010/gsilva_80211fuzz/src/tools/tools/net80211/80211fuzz/fuzzer.py#7 edit Differences ... ==== //depot/projects/soc2010/gsilva_80211fuzz/src/tools/tools/net80211/80211fuzz/fuzzer.py#7 (text+ko) ==== @@ -16,7 +16,43 @@ """ The Generator class """ + + state1_type = { + ieee80211.IEEE80211_FC0_TYPE_MGT : + [ + ieee80211.IEEE80211_FC0_SUBTYPE_BEACON, + ieee80211.IEEE80211_FC0_SUBTYPE_PROBE_REQ, + ieee80211.IEEE80211_FC0_SUBTYPE_PROBE_RESP, + ieee80211.IEEE80211_FC0_SUBTYPE_AUTH, + ieee80211.IEEE80211_FC0_SUBTYPE_DEAUTH + ] + } + + state2_type = { + ieee80211.IEEE80211_FC0_TYPE_MGT : + [ + ieee80211.IEEE80211_FC0_SUBTYPE_ASSOC_REQ, + ieee80211.IEEE80211_FC0_SUBTYPE_ASSOC_RESP, + ieee80211.IEEE80211_FC0_SUBTYPE_PROBE_RESP, + ieee80211.IEEE80211_FC0_SUBTYPE_BEACON + ] + } + state3_type = { + ieee80211.IEEE80211_FC0_TYPE_MGT : + [ + ieee80211.IEEE80211_FC0_SUBTYPE_PROBE_RESP, + ieee80211.IEEE80211_FC0_SUBTYPE_BEACON, + ieee80211.IEEE80211_FC0_SUBTYPE_REASSOC_REQ, + ieee80211.IEEE80211_FC0_SUBTYPE_REASSOC_RESP, + ieee80211.IEEE80211_FC0_SUBTYPE_DISASSOC + ], + ieee80211.IEEE80211_FC0_TYPE_DATA : + [ + ieee80211.IEEE80211_FC0_SUBTYPE_DATA + ] + } + @staticmethod def generate_int(bits): """generate an integer with given size""" @@ -43,7 +79,30 @@ return ieee80211.ieee80211_atob(addr) + @staticmethod + def generate_type_subtype(state, mode): + fc = 0 + if state == 1: + subtype_array = Generator.state1_type[ieee80211.IEEE80211_FC0_TYPE_MGT] + fc |= ieee80211.IEEE80211_FC0_TYPE_MGT + elif state == 2: + subtype_array = Generator.state2_type[ieee80211.IEEE80211_FC0_TYPE_MGT] + fc |= ieee80211.IEEE80211_FC0_TYPE_MGT + elif state == 3: + r = random.randint(0,1) + + if r == 0: + subtype_array = Generator.state3_type[ieee80211.IEEE80211_FC0_TYPE_MGT] + fc |= ieee80211.IEEE80211_FC0_TYPE_MGT + else: + subtype_array = Generator.state3_type[ieee80211.IEEE80211_FC0_TYPE_DATA] + fc |= ieee80211.IEEE80211_FC0_TYPE_DATA + + fc |= random.choice(subtype_array) + + return fc + class Frame: """ The Frame class @@ -54,21 +113,23 @@ self.radio = radiotap.radiotap() self.frame = ieee80211.frame() self.chain = None + self.state = state + self.mode = mode - self.generate(state, mode) + self.generate() def __getattr__(self, name): if name == 'frame': return self._chain - def generate(self, state, mode): + def generate(self): """generate a frame of given state using one of the generation modes""" self.radio.version = 0; self.radio.pad = 0; self.radio.length = 0; self.frame = ieee80211.frame() - self.frame.fc0 = Generator.generate_int(8); + self.frame.fc0 = Generator.generate_type_subtype(self.state, self.mode); self.frame.fc1 = Generator.generate_int(8); self.frame.dur = Generator.generate_int(16); self.frame.addr1 = Generator.generate_addr();
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201007161830.o6GIUXqR084570>