PERFORCE change 181007 for review

Gabriel Silva gsilva at FreeBSD.org
Thu Jul 15 17:01:08 UTC 2010 

http://p4web.freebsd.org/@@181007?ac=10

Change 181007 by gsilva at gsilva on 2010/07/15 17:01:00

	Added generate_frame() and send_frame() methods.
	Added methods to generate integers, strings and 802.11 valid addresses.

Affected files ...

.. //depot/projects/soc2010/gsilva_80211fuzz/src/tools/tools/net80211/80211fuzz/fuzzer.py#2 edit

Differences ...

==== //depot/projects/soc2010/gsilva_80211fuzz/src/tools/tools/net80211/80211fuzz/fuzzer.py#2 (text+ko) ====

@@ -2,8 +2,10 @@
 # 802.11 Fuzzer
 #
 
-import pcs
+import string
+import random
 
+from pcs import *
 from pcs.packets import radiotap
 from pcs.packets import ieee80211
 from optparse import OptionParser
@@ -14,13 +16,61 @@
         self.channel = channel
         self. state = state
         self.type = type
-        
+        self.frame_number = 0
+
+        self.output = PcapConnector(self.interface, wireless = True)
+
+    def generate_int(self, bits):
+        return random.getrandbits(bits)
+
+    def generate_string(self, size, restrict_chars = None):
+        if restrict_chars:
+            string = "".join(random.sample(restrict_chars, size))
+        else:
+            string = "".join(random.sample(string.digits + string.ascii_lowercase, size))
+
+        return string
+
+    def generate_addr(self):
+        addr = self.generate_string(2, string.hexdigits[:16])
+
+        for i in range(0,5):
+            addr += ":"
+            addr += self.generate_string(2, string.hexdigits[:16])
+
+        return ieee80211.ieee80211_atob(addr)
+
+    def generate_frame(self):
+        radio = radiotap.radiotap()
+        radio.version = 0;
+        radio.pad = 0;
+        radio.length = 0;
+
+        frame = ieee80211.frame()
+        frame.fc0 = self.generate_int(8);
+        frame.fc1 = self.generate_int(8);
+        frame.dur = self.generate_int(16);
+        frame.addr1 = self.generate_addr();
+        frame.addr2 = self.generate_addr();
+        frame.addr3 = self.generate_addr();
+        frame.seq = self.generate_int(16);
+
+        chain = Chain([radio, frame])
+
+        return chain
+
+    def send_frame(self, frame):
+        out = self.output.write(frame.bytes, len(frame.bytes))
+        self.frame_number += 1
+        print "Frame %d was sent." % self.frame_number 
+
     def start(self):
         print "Starting a state %d fuzzing on interface %s, channel %s" % (self.state, self.interface, self.channel)
         print "Press CTRL+C to stop.\n"
 
         while 1:
-            1
+            frame = self.generate_frame();
+            self.send_frame(frame);
 
 
 def main():

More information about the p4-projects mailing list