During a code audit, the flow extraction fuzzer target was seen to be
parsing tcp flags from the fuzzer supplied input twice. This is
probably a typo since the second call to `parse_tcp_flags()` is
identical to the first.
Since a call to `parse_tcp_flags()` parses the Ethernet and IP headers
contained in the packet, the second (buggy) call to `parse_tcp_flags()`
creates an expectation that there is a second set of Ethernet and IP
headers beyond the first which is incorrect. This patch fixes this
problem by removing the duplicate code in question.
Signed-off-by: Bhargava Shastry <bshas3@gmail.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
The biggest motivation is a massive (7-10x) increase in fuzzing
speed. Prior to the refactoring, we were doing roughly 900 executions
per second on flow_extract_target. Now, we are doing roughly 6000
executions per second on the flow_extract_target and roughly 9000
executions per second on the new miniflow_target.
Moving forward, creating micro fuzz targets that are really fast is a
better strategy. Since all these micro targets can be scheduled in
parallel by oss-fuzz, the test throughput increases by a non-trivial
amount.
Signed-off-by: Bhargava Shastry <bshastry@sect.tu-berlin.de>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Add a symmetric_l3 hash method that uses both network destination
address and network source address.
VMware-BZ: #2112940
Signed-off-by: Martin Xu <martinxu9.ovs@gmail.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
This patch increases coverage of `lib/flow.c` from 39% to 43%, covers three
additional files and increases coverage in five other source/header files.
Signed-off-by: Bhargava Shastry <bshastry at sect.tu-berlin.de>
Signed-off-by: Ben Pfaff <blp@ovn.org>
This patch invokes parse_tcp_flags() in flow_extract_target.c after doing a
basic sanitization check (that packet contains at least an ETH header).
A cursory evaluation shows that the patch improves line coverage of
lib/flow.c from 37% to 39%.
Signed-off-by: Bhargava Shastry <bshastry at sect.tu-berlin.de>
Signed-off-by: Ben Pfaff <blp@ovn.org>
This commit improves test coverage of the ossfuzz flow extract test harness
by extending the harness with additional API calls from lib/flow.c
An additional minor change is adding a config option to
flow_extract_target.options file in `tests/ossfuzz/config` to suppress
debug output while fuzzing.
A cursory evaluation shows that the patch covers 8 additional files and
improves line coverage of lib/flow.c from 23% to 37%.
Signed-off-by: Bhargava Shastry <bshastry at sect.tu-berlin.de>
Signed-off-by: Ben Pfaff <blp@ovn.org>
