Wireshark-dev: Re: [Wireshark-dev] fuzzing UDP/TCP dissectors with no port assignment
I had a thought in this direction a while back. It was in the context
of randpkt, not fuzzing but I think the same principle applies:
https://www.wireshark.org/lists/wireshark-dev/201304/msg00109.html
Basically it should be pretty easy to script such that it forces
decoding for every protocol over TCP/UDP/etc on a given capture.
There is certainly a lot of code that fuzz-testing currently doesn't cover.
On Tue, Oct 8, 2013 at 9:57 AM, Anders Broman
<anders.broman@xxxxxxxxxxxx> wrote:
>
>
>
>
> From: wireshark-dev-bounces@xxxxxxxxxxxxx
> [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of
> mmann78@xxxxxxxxxxxx
> Sent: den 8 oktober 2013 15:23
> To: wireshark-dev@xxxxxxxxxxxxx
> Subject: [Wireshark-dev] fuzzing UDP/TCP dissectors with no port assignment
>
>
>
>>Anders brought up a question in bug 9241 that I've always been curious
>> about (and I think the discussion is better served on -dev than the bug).
>> We have many >TCP/UDP dissectors that don't have an IANA assigned port
>> number or are not setup as heuristic dissectors. In these cases their port
>> number = 0 and it's up to >a user preference to set it to a value
>> corresponding to their trace. If that step is required to invoke the
>> dissector, how are the fuzzbots handling it? Are all of >these dissectors
>> just not getting fuzzed?
>
>
>
> Yes I’m pretty sure that’s the case, and I also think we have the case of
> user DLT etc. The best would be if it was possible to add pseudo information
> to the trace files setting the needed preferences. It would be possible to
> have tags in the SHB of pcap-ng files but I’m not sure we want to go that
> route.
>
> A new Wireshark specific block would be much better. Another possibility
> would be to have a template file with the file name and the required tshark
> parameters or indicating a profile to be used together with the file in
> question but it would require a bit of work to set up I suppose.
>
>
>
> Regards
>
> Anders
>
>
>
>
> ___________________________________________________________________________
> Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
> Archives: http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
> mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe