Comments (8)
Happy to lend a hand on this. Which specific decoding methods are high priority for this?
from quinn.
Great, your help is much appreciated! Packet decoding by way of Endpoint::handle()
would be a good starting point.
from quinn.
Naively we could just throw fuzzer data as UDP packets at the implementation, but that wouldn't get us very far because the fuzzer is spectacularly unlikely to make any progress through the cryptographic handshake, leaving the bulk of the implementation untested. A good solution for end-to-end testing might be to add a hook to inject arbitrary data into the plaintext of an arbitrary packet between arbitrary frames, then use that in a fuzzing target to perturb an otherwise valid scripted session like the lifecycle unit test.
from quinn.
Now that we've gracefully encapsulated the stream logic into the Streams
type, it would make an excellent candidate for targeted fuzzing without any elaborate measures needed. As illustrated in #774, there's definitely enough complexity there to merit it.
from quinn.
A fuzzing effort has been made for VarInt
on h3. Would you be interested to import it ?
from quinn.
Certainly! I'm going to go ahead and close this since we've got some fuzzing going now; we should open new issues for specific interfaces of interest.
from quinn.
@djc, i am having compilation issue with: cargo fuzz check in one of my local dev with stable rust.
92 | use arbitrary::{Arbitrary, Result, Unstructured};
| ^^^^^^^^^ use of undeclared crate or module `arbitrary`
error[E0432]: unresolved import `arbitrary`
--> /localpath/.cargo/registry/src/index.crates.io-6f17d22bba15001f/quinn-proto-0.10.6/src/lib.rs:92:9
|
92 | use arbitrary::{Arbitrary, Result, Unstructured};
| ^^^^^^^^^ use of undeclared crate or module `arbitrary`
Checking zbus v3.10.0
For more information about this error, try `rustc --explain E0432`.
error: could not compile `quinn-proto` (lib) due to 1 previous error
warning: build failed, waiting for other jobs to finish...
Error: failed to build fuzz script: ASAN_OPTIONS="detect_odr_violation=0" RUSTFLAGS="-Cpasses=sancov-module -Cllvm-args=-sanitizer-coverage-level=4 -Cllvm-args=-sanitizer-coverage-inline-8bit-counters -Cllvm-args=-sanitizer-coverage-pc-table -Cllvm-args=-sanitizer-coverage-trace-compares --cfg fuzzing -Clink-dead-code -Zsanitizer=address -Cllvm-args=-sanitizer-coverage-stack-depth -Cdebug-assertions -C codegen-units=1" "cargo" "check" "--manifest-path"
For Posterity, i am including quinn-proto as part of my fuzz target's Cargo.toml as
quinn-proto = { version = "0.10.6", features = ["arbitrary"] } , to get my build to be successful. I guess it'd be nice to have that documented somewhere, not an issue..
from quinn.
Happy to review a PR with documentation improvements!
from quinn.
Related Issues (20)
- 0-RTT packets can be lost due to race condition introduced along with Incoming HOT 1
- Debug formatting could be improved HOT 1
- GSO padding has high overhead for application datagrams larger than half MTU
- Consider more aggressive GSO batching
- stream sending buffer size and how much left HOT 3
- ECN interop failures HOT 3
- aggressive open_bi HOT 1
- Create my own AsyncUdpSocket HOT 1
- "SendableFrames was SendableFrames { acks: false, other: true }, but only ACKs have been written" HOT 11
- Black hole detection false-positives HOT 5
- Expose Packet Decoder? HOT 2
- ReadExactError::FinishedEarly byte count is sometimes incorrect HOT 1
- How to receive data in blocking way HOT 3
- Inconsistent documentation on platform availability of `local_ip` HOT 3
- long running bi stream HOT 5
- seems like quinn 0.11 not working well under heavy load HOT 12
- API for awaiting for stream reset on the reader HOT 5
- build fails on Solaris HOT 1
- Rotation of Connection IDs HOT 5
- How to run insecure connection example? HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from quinn.