PERFORCE change 181059 for review
Gabriel Silva
gsilva at FreeBSD.org
Fri Jul 16 18:30:34 UTC 2010
http://p4web.freebsd.org/@@181059?ac=10
Change 181059 by gsilva at gsilva on 2010/07/16 18:30:17
Added support to generate appropriate frame type and subtype based on choosen fuzzing state.
Affected files ...
.. //depot/projects/soc2010/gsilva_80211fuzz/src/tools/tools/net80211/80211fuzz/fuzzer.py#7 edit
Differences ...
==== //depot/projects/soc2010/gsilva_80211fuzz/src/tools/tools/net80211/80211fuzz/fuzzer.py#7 (text+ko) ====
@@ -16,7 +16,43 @@
"""
The Generator class
"""
+
+ state1_type = {
+ ieee80211.IEEE80211_FC0_TYPE_MGT :
+ [
+ ieee80211.IEEE80211_FC0_SUBTYPE_BEACON,
+ ieee80211.IEEE80211_FC0_SUBTYPE_PROBE_REQ,
+ ieee80211.IEEE80211_FC0_SUBTYPE_PROBE_RESP,
+ ieee80211.IEEE80211_FC0_SUBTYPE_AUTH,
+ ieee80211.IEEE80211_FC0_SUBTYPE_DEAUTH
+ ]
+ }
+
+ state2_type = {
+ ieee80211.IEEE80211_FC0_TYPE_MGT :
+ [
+ ieee80211.IEEE80211_FC0_SUBTYPE_ASSOC_REQ,
+ ieee80211.IEEE80211_FC0_SUBTYPE_ASSOC_RESP,
+ ieee80211.IEEE80211_FC0_SUBTYPE_PROBE_RESP,
+ ieee80211.IEEE80211_FC0_SUBTYPE_BEACON
+ ]
+ }
+ state3_type = {
+ ieee80211.IEEE80211_FC0_TYPE_MGT :
+ [
+ ieee80211.IEEE80211_FC0_SUBTYPE_PROBE_RESP,
+ ieee80211.IEEE80211_FC0_SUBTYPE_BEACON,
+ ieee80211.IEEE80211_FC0_SUBTYPE_REASSOC_REQ,
+ ieee80211.IEEE80211_FC0_SUBTYPE_REASSOC_RESP,
+ ieee80211.IEEE80211_FC0_SUBTYPE_DISASSOC
+ ],
+ ieee80211.IEEE80211_FC0_TYPE_DATA :
+ [
+ ieee80211.IEEE80211_FC0_SUBTYPE_DATA
+ ]
+ }
+
@staticmethod
def generate_int(bits):
"""generate an integer with given size"""
@@ -43,7 +79,30 @@
return ieee80211.ieee80211_atob(addr)
+ @staticmethod
+ def generate_type_subtype(state, mode):
+ fc = 0
+ if state == 1:
+ subtype_array = Generator.state1_type[ieee80211.IEEE80211_FC0_TYPE_MGT]
+ fc |= ieee80211.IEEE80211_FC0_TYPE_MGT
+ elif state == 2:
+ subtype_array = Generator.state2_type[ieee80211.IEEE80211_FC0_TYPE_MGT]
+ fc |= ieee80211.IEEE80211_FC0_TYPE_MGT
+ elif state == 3:
+ r = random.randint(0,1)
+
+ if r == 0:
+ subtype_array = Generator.state3_type[ieee80211.IEEE80211_FC0_TYPE_MGT]
+ fc |= ieee80211.IEEE80211_FC0_TYPE_MGT
+ else:
+ subtype_array = Generator.state3_type[ieee80211.IEEE80211_FC0_TYPE_DATA]
+ fc |= ieee80211.IEEE80211_FC0_TYPE_DATA
+
+ fc |= random.choice(subtype_array)
+
+ return fc
+
class Frame:
"""
The Frame class
@@ -54,21 +113,23 @@
self.radio = radiotap.radiotap()
self.frame = ieee80211.frame()
self.chain = None
+ self.state = state
+ self.mode = mode
- self.generate(state, mode)
+ self.generate()
def __getattr__(self, name):
if name == 'frame':
return self._chain
- def generate(self, state, mode):
+ def generate(self):
"""generate a frame of given state using one of the generation modes"""
self.radio.version = 0;
self.radio.pad = 0;
self.radio.length = 0;
self.frame = ieee80211.frame()
- self.frame.fc0 = Generator.generate_int(8);
+ self.frame.fc0 = Generator.generate_type_subtype(self.state, self.mode);
self.frame.fc1 = Generator.generate_int(8);
self.frame.dur = Generator.generate_int(16);
self.frame.addr1 = Generator.generate_addr();
More information about the p4-projects
mailing list