Commit 84586e8e authored by Ondřej Surý's avatar Ondřej Surý

Add information about two types of fuzzing tests into FUZZING readme

parent bf7aa8d6
# Fuzzing
Knot DNS 2.0 includes `tests-fuzz/packet.c`. This compiles into a
test harness that is designed to be used with lcamtuf's [American
Fuzzy Lop (AFL) fuzzer](http://lcamtuf.coredump.cx/afl/). The test
harness exercises the packet parsing logic in Knot DNS.
Knot DNS 2.0 includes two fuzzing tests in `tests-fuzz/`: a) a simple
test harness that exercises the packet parsing logic in
`packet.c` and more through test that replaces UDP handler with reads
from stdin in `knotd_stdio.c`. This compiles into a test harness that
is designed to be used with lcamtuf's [American Fuzzy Lop (AFL)
fuzzer](http://lcamtuf.coredump.cx/afl/).
## How it works
......@@ -22,13 +24,12 @@ note that the fuzzing shim includes an environment variable to support
test cases minimization with `afl-cmin`:
```
$ KNOT_AFL_STDIN=1 KNOT_AFL_CMIN=1 afl-cmin -i ~/knot-seeds -o ~/knot-seeds-cmin -m 1000000 -t 400000 -- tests-fuzz/packet
$ KNOT_AFL_STDIN=1 KNOT_AFL_CMIN=1 afl-cmin -i ~/knot-seeds -o ~/knot-seeds-cmin -m 1000000 -t 400000 -- tests-fuzz/<test>
```
### Compiling the test harness.
See the AFL [blog
post](http://lcamtuf.blogspot.com/2015/06/new-in-afl-persistent-mode.html)
See the AFL [blog post](http://lcamtuf.blogspot.com/2015/06/new-in-afl-persistent-mode.html)
and README for details on how to use LLVM mode and compile binaries
for use with persistent mode. For reference, you can use these
commands to build Knot with the fuzzing harness:
......@@ -43,7 +44,7 @@ $ make check
A basic AFL run can then be kicked off as follows:
```
AFL_PERSISTENT=1 afl-fuzz -i my_seeds -o my_output_dir -t 10000 -m 100000 -- tests-fuzz/packet
AFL_PERSISTENT=1 afl-fuzz -i my_seeds -o my_output_dir -t 10000 -m 100000 -- tests-fuzz/<test>
```
Note that AFL can be scaled up by supplying the `-M` flag and starting
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment