Because IEEE802.15.4 uses a lot of compression in its frame, fuzzing it
is maybe a good idea. Adding this fuzz target showed that some frame
methods were panicking. `check_len` now checks if accessors will panic
or not.
I ran the fuzzer for about 15 minutes and nothing showed up.
The intent was to run custom code after the user is done modifying the socket,
for example to update a (not yet existing) port->socket map in SocketSet. However
this wouldn't work, since the SocketRef would have to borrow the SocketSet at
the same time as the Socket to be able to notify the SocketSet.
I believe such indexing can be achieved by setting a "dirty" bit *before* giving
the socket to the user, then on poll() reindexing all dirty sockets. This could
even be faster: if user gets a socket multiple times between polls, it'd be reindexed
only once.
562: fuzz: DHCP header parser r=Dirbaio a=alexandrasandulescu
Hi. This fuzz target tests the [DHCPRepr](https://docs.rs/smoltcp/0.7.5/smoltcp/wire/struct.DhcpRepr.html) `parse` and `emit` functions ([context](https://github.com/smoltcp-rs/smoltcp/issues/305#issuecomment-530327153)).
The fuzz target requires a small change in the `DHCPOption` parser because the option type `OPT_DOMAIN_NAME_SERVER ` requires the payload representing the DNS server list to have a length multiple of 4. Otherwise the `chunks` call places the remainder in the last chunk (length < 4). This panics when the last chunk is parsed into an `IPv4Address`. Do you have a better suggestion for handling this situation?
I ran the fuzzer for a couple of days but it didn't find any crash yet. To increase the chances, I used the oss-fuzz seed corpora of `dnsmasq` DHCP fuzzer and `systemd` DHCP server fuzzer.
Please share if you have suggestions on how to improve coverage.
Co-authored-by: Alexandra Sandulescu <aesa@google.com>
563: Print log to stdout in test r=Dirbaio a=deantvv
Use simple [trick](https://github.com/rust-lang/log/issues/106) to allow print log to stdout in test
Co-authored-by: Dean Li <deantvv@gmail.com>
Co-authored-by: Dario Nieuwenhuis <dirbaio@dirbaio.net>
This lint is in stable Rust now: https://github.com/rust-lang/rust/issues/43302.
These changes are noted according to code comment from @whitequark.
Some test cases and functions are altered due to changes of #[must_use].
Also check for the correct destination PAN id when receiving a frame (as
discussed). Linux does this as well.
However, hardware implementations also can drop those packets.
We assume the FCS is checked by lower layers or by hardware.
- Makes it consistent with Ethernet mediums, where we don't handle the FCS either.
- Linux ieee802154 raw sockets send/receive packets without the FCS.