diff options
| author | Nardi Ivan <nardi.ivan@gmail.com> | 2024-01-09 08:41:44 +0100 |
|---|---|---|
| committer | Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> | 2024-01-18 10:21:24 +0100 |
| commit | d72a760ac3895dd8a0bd3e55d4b51f9e22e04e6c (patch) | |
| tree | c00c477a043b58c5c05f4afe6b5ecde5864011df /fuzz/fuzz_config.cpp | |
| parent | ca7df1db82e97954724f547c5966a5f99ad86e6b (diff) | |
New API for library configuration
This is the first step into providing (more) configuration options in nDPI.
The idea is to have a simple way to configure (most of) nDPI: only one
function (`ndpi_set_config()`) to set any configuration parameters
(in the present or on in the future) and we try to keep this function
prototype as agnostic as possible.
You can configure the library:
* via API, using `ndpi_set_config()`
* via a configuration file, in a text format
This way, anytime we need to add a new configuration parameter:
* we don't need to add two public functions (a getter and a setter)
* we don't break API/ABI compatibility of the library; even changing
the parameter type (from integer to a list of integer, for example)
doesn't break the compatibility.
The complete list of configuration options is provided in
`doc/configuration_parameters.md`.
As a first example, two configuration knobs are provided:
* the ability to enable/disable the extraction of the sha1 fingerprint of
the TLS certificates.
* the upper limit on the number of packets per flow that will be subject
to inspection
Diffstat (limited to 'fuzz/fuzz_config.cpp')
| -rw-r--r-- | fuzz/fuzz_config.cpp | 31 |
1 files changed, 15 insertions, 16 deletions
diff --git a/fuzz/fuzz_config.cpp b/fuzz/fuzz_config.cpp index afd9367fb..573f6ecbe 100644 --- a/fuzz/fuzz_config.cpp +++ b/fuzz/fuzz_config.cpp @@ -28,21 +28,12 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { ndpi_proto p, p2; char out[128]; char log_ts[32]; + int value; + char cfg_value[32]; - if(fuzzed_data.remaining_bytes() < 4 + /* ndpi_init_detection_module() */ - NDPI_MAX_SUPPORTED_PROTOCOLS + NDPI_MAX_NUM_CUSTOM_PROTOCOLS + - 1 + /* TLS cert expire */ - 6 + /* files */ - ((NDPI_LRUCACHE_MAX + 1) * 5) + /* LRU caches */ - 2 + 1 + 4 + /* ndpi_set_detection_preferences() */ - 7 + /* Opportunistic tls */ - 2 + /* Pid */ - 2 + /* Category */ - 1 + /* Tunnel */ - 1 + /* Bool value */ - 2 + /* input_info */ - 21 /* Min real data: ip length + 1 byte of L4 header */) + /* Just to be sure to have some data */ + if(fuzzed_data.remaining_bytes() < NDPI_MAX_SUPPORTED_PROTOCOLS * 2 + 200) return -1; /* To allow memory allocation failures */ @@ -101,9 +92,6 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { if(fuzzed_data.ConsumeBool()) ndpi_set_detection_preferences(ndpi_info_mod, ndpi_pref_enable_tls_block_dissection, 0 /* unused */); - if(fuzzed_data.ConsumeBool()) - ndpi_set_detection_preferences(ndpi_info_mod, ndpi_pref_max_packets_to_process, - fuzzed_data.ConsumeIntegralInRange(0, (1 << 16))); ndpi_set_detection_preferences(ndpi_info_mod, static_cast<ndpi_detection_preference>(0xFF), 0xFF); /* Invalid preference */ @@ -126,6 +114,17 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { ndpi_get_protocol_aggressiveness(ndpi_info_mod, i); } + if(fuzzed_data.ConsumeBool()) { + value = fuzzed_data.ConsumeIntegralInRange(0, 1 + 1); + sprintf(cfg_value, "%d", value); + ndpi_set_config(ndpi_info_mod, "tls", "metadata.sha1_fingerprint.enable", cfg_value); + } + if(fuzzed_data.ConsumeBool()) { + value = fuzzed_data.ConsumeIntegralInRange(0, 255 + 1); + sprintf(cfg_value, "%d", value); + ndpi_set_config(ndpi_info_mod, NULL, "packets_limit_per_flow", cfg_value); + } + ndpi_finalize_initialization(ndpi_info_mod); /* Random protocol configuration */ |