Just a quick idea I had that I don't plan to work on in the near future. Perhaps one of the GSOC students interested in improving our fuzzing could pick this up since it is somewhat related.
Our randpkt tester is great but currently only covers 22 protocols at a quick count. An easy way to extend this to cover vastly more protocols would be: - Add a type to randpkt (perhaps 'tcp-payload') that generates Eth+IP+TCP+Payload under a specific generic TCP port (something high in the unregistered zone). - Add support for cycling through the various -d options to the the randpkt-test.sh script So randpkt would generate random TCP payloads under a known port, and the script would then run tshark on the file once for each protocol that runs over TCP, forcing decoding on that port to that protocol. Doing this for just TCP, UDP and SCTP would add coverage for an additional ~450 distinct protocols (already accounting for duplicates). ./tshark -G decodes | grep -e udp.port -e tcp.port -e sctp.port | cut -f3 | uniq | wc Cheers, Evan ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
