fuzz: some improvements and add two new fuzzers (#1881)

Remove `FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION` define from `fuzz/Makefile.am`; it is already included by the main configure script (when fuzzing). Add a knob to force disabling of AESNI optimizations: this way we can fuzz also no-aesni crypto code. Move CRC32 algorithm into the library. Add some fake traces to extend fuzzing coverage. Note that these traces are hand-made (via scapy/curl) and must not be used as "proof" that the dissectors are really able to identify this kind of traffic. Some small updates to some dissectors: CSGO: remove a wrong rule (never triggered, BTW). Any UDP packet starting with "VS01" will be classified as STEAM (see steam.c around line 111). Googling it, it seems right so. XBOX: XBOX only analyses UDP flows while HTTP only TCP ones; therefore that condition is false. RTP, STUN: removed useless "break"s Zattoo: `flow->zattoo_stage` is never set to any values greater or equal to 5, so these checks are never true. PPStream: `flow->l4.udp.ppstream_stage` is never read. Delete it. TeamSpeak: we check for `flow->packet_counter == 3` just above, so the following check `flow->packet_counter >= 3` is always false.
author: Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> 2023-02-09 20:02:12 +0100
committer: GitHub <noreply@github.com> 2023-02-09 20:02:12 +0100
commit: b51a2ac72a3cbd1b470890d0151a46da28e6754e (patch)
tree: 694a86ec7690962b21fb2c1bcf12df9f842d5957 /tests/result
parent: 4bb851384efb2a321def0bdb5e93786fac1cc02b (diff)
4 files changed, 123 insertions, 0 deletions
diff --git a/tests/result/ossfuzz_seed_fake_traces_1.pcapng.out b/tests/result/ossfuzz_seed_fake_traces_1.pcapng.out
new file mode 100644
index 000000000..19f269ecc
--- /dev/null
+++ b/tests/result/ossfuzz_seed_fake_traces_1.pcapng.out
@@ -0,0 +1,39 @@
+Guessed flow protos:	0
+
+DPI Packets (TCP):	8	(1.33 pkts/flow)
+DPI Packets (UDP):	13	(3.25 pkts/flow)
+Confidence DPI              : 10 (flows)
+Num dissector calls: 692 (69.20 diss/flow)
+LRU cache ookla:      0/0/0 (insert/search/found)
+LRU cache bittorrent: 0/15/0 (insert/search/found)
+LRU cache zoom:       0/0/0 (insert/search/found)
+LRU cache stun:       0/0/0 (insert/search/found)
+LRU cache tls_cert:   0/0/0 (insert/search/found)
+LRU cache mining:     0/2/0 (insert/search/found)
+LRU cache msteams:    0/0/0 (insert/search/found)
+LRU cache stun_zoom:  0/0/0 (insert/search/found)
+Automa host:          0/0 (search/found)
+Automa domain:        0/0 (search/found)
+Automa tls cert:      0/0 (search/found)
+Automa risk mask:     0/0 (search/found)
+Automa common alpns:  0/0 (search/found)
+Patricia risk mask:   20/0 (search/found)
+Patricia risk:        0/0 (search/found)
+Patricia protocols:   20/0 (search/found)
+
+Gnutella	4	333	2
+PPStream	1	141	1
+Steam	2	68	1
+HalfLife2	2	96	1
+Starcraft	12	2687	5
+
+	1	UDP 127.0.0.1:1119 -> 127.0.0.1:1120 [proto: 213/Starcraft][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Game/8][8 pkts/2487 bytes -> 0 pkts/0 bytes][Goodput ratio: 91/0][204.53 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 8008/0 29219/0 105424/0 32476/0][Pkt Len c2s/s2c min/avg/max/stddev: 48/0 311/0 576/0 250/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][Plen Bins: 37,0,12,0,0,0,0,0,0,0,0,0,0,0,0,12,0,37,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	2	TCP 192.168.1.128:1 -> 1.2.3.4:10 [proto: 35/Gnutella][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Download/7][2 pkts/170 bytes -> 0 pkts/0 bytes][Goodput ratio: 53/0][< 1 sec][Risk: ** Unsafe Protocol **** Unidirectional Traffic **** TCP Connection Issues **][Risk Score: 70][Risk Info: TCP NULL scan / No client to server traffic][Plen Bins: 50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	3	TCP 192.168.1.128:1 -> 1.2.3.4:11 [proto: 35/Gnutella][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Download/7][2 pkts/163 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][293.20 sec][Risk: ** Unsafe Protocol **** Unidirectional Traffic **** TCP Connection Issues **][Risk Score: 70][Risk Info: TCP NULL scan / No client to server traffic][Plen Bins: 50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	4	UDP 127.0.0.1:17788 -> 127.0.0.1:17788 [proto: 54/PPStream][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Streaming/17][1 pkts/141 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (PPStream)][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	5	UDP 127.0.0.1:1 <-> 127.0.0.1:2 [proto: 75/HalfLife2][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Game/8][1 pkts/48 bytes <-> 1 pkts/48 bytes][Goodput ratio: 41/41][9.65 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	6	UDP 127.0.0.1:100 <-> 127.0.0.1:200 [proto: 74/Steam][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Game/8][1 pkts/32 bytes <-> 1 pkts/36 bytes][Goodput ratio: 12/22][45.10 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	7	TCP 192.168.1.128:1 -> 12.129.206.130:1119 [proto: 213/Starcraft][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Game/8][1 pkts/50 bytes -> 0 pkts/0 bytes][Goodput ratio: 20/0][< 1 sec][Risk: ** Unidirectional Traffic **** TCP Connection Issues **][Risk Score: 60][Risk Info: TCP NULL scan / No client to server traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	8	TCP 192.168.1.128:1 -> 12.129.236.254:1119 [proto: 213/Starcraft][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Game/8][1 pkts/50 bytes -> 0 pkts/0 bytes][Goodput ratio: 20/0][< 1 sec][Risk: ** Unidirectional Traffic **** TCP Connection Issues **][Risk Score: 60][Risk Info: TCP NULL scan / No client to server traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	9	TCP 192.168.1.128:1 -> 121.254.200.130:1119 [proto: 213/Starcraft][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Game/8][1 pkts/50 bytes -> 0 pkts/0 bytes][Goodput ratio: 20/0][< 1 sec][Risk: ** Unidirectional Traffic **** TCP Connection Issues **][Risk Score: 60][Risk Info: TCP NULL scan / No client to server traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	10	TCP 192.168.1.128:1 -> 202.9.66.76:1119 [proto: 213/Starcraft][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Game/8][1 pkts/50 bytes -> 0 pkts/0 bytes][Goodput ratio: 20/0][< 1 sec][Risk: ** Unidirectional Traffic **** TCP Connection Issues **][Risk Score: 60][Risk Info: TCP NULL scan / No client to server traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/result/ossfuzz_seed_fake_traces_2.pcapng.out b/tests/result/ossfuzz_seed_fake_traces_2.pcapng.out
new file mode 100644
index 000000000..bd580274f
--- /dev/null
+++ b/tests/result/ossfuzz_seed_fake_traces_2.pcapng.out
@@ -0,0 +1,31 @@
+Guessed flow protos:	1
+
+DPI Packets (TCP):	12	(6.00 pkts/flow)
+DPI Packets (UDP):	4	(2.00 pkts/flow)
+Confidence Match by port    : 1 (flows)
+Confidence DPI              : 3 (flows)
+Num dissector calls: 479 (119.75 diss/flow)
+LRU cache ookla:      0/0/0 (insert/search/found)
+LRU cache bittorrent: 0/3/0 (insert/search/found)
+LRU cache zoom:       0/0/0 (insert/search/found)
+LRU cache stun:       0/0/0 (insert/search/found)
+LRU cache tls_cert:   0/0/0 (insert/search/found)
+LRU cache mining:     0/1/0 (insert/search/found)
+LRU cache msteams:    0/0/0 (insert/search/found)
+LRU cache stun_zoom:  0/1/0 (insert/search/found)
+Automa host:          0/0 (search/found)
+Automa domain:        0/0 (search/found)
+Automa tls cert:      0/0 (search/found)
+Automa risk mask:     0/0 (search/found)
+Automa common alpns:  0/0 (search/found)
+Patricia risk mask:   8/0 (search/found)
+Patricia risk:        0/0 (search/found)
+Patricia protocols:   8/0 (search/found)
+
+Usenet	12	1099	2
+WireGuard	4	592	2
+
+	1	TCP 172.26.235.166:55630 <-> 172.30.92.62:119 [proto: 93/Usenet][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][4 pkts/293 bytes <-> 2 pkts/264 bytes][Goodput ratio: 7/47][0.02 sec][bytes ratio: 0.052 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/17 6/17 17/17 8/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/74 73/132 87/190 9/58][PLAIN TEXT (200 Leafnode NNTP Daemon)][Plen Bins: 50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	2	TCP 192.168.190.20:55630 <-> 192.168.190.5:119 [proto: 93/Usenet][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][4 pkts/278 bytes <-> 2 pkts/264 bytes][Goodput ratio: 2/47][0.02 sec][bytes ratio: 0.026 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/17 6/17 17/17 8/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/74 70/132 74/190 4/58][PLAIN TEXT (200 Leafnode NNTP Daemon)][Plen Bins: 50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	3	UDP 10.9.0.1:43462 <-> 10.9.0.2:51820 [proto: 206/WireGuard][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: VPN/2][1 pkts/190 bytes <-> 1 pkts/106 bytes][Goodput ratio: 77/60][0.00 sec][Plen Bins: 0,0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	4	UDP 10.147.205.42:43462 <-> 10.45.123.132:51820 [proto: 206/WireGuard][IP: 0/Unknown][Encrypted][Confidence: Match by port][cat: VPN/2][1 pkts/190 bytes <-> 1 pkts/106 bytes][Goodput ratio: 77/60][0.00 sec][Plen Bins: 0,0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/result/ossfuzz_seed_fake_traces_3.pcapng.out b/tests/result/ossfuzz_seed_fake_traces_3.pcapng.out
new file mode 100644
index 000000000..0a17a23a4
--- /dev/null
+++ b/tests/result/ossfuzz_seed_fake_traces_3.pcapng.out
@@ -0,0 +1,25 @@
+Guessed flow protos:	1
+
+DPI Packets (TCP):	4	(4.00 pkts/flow)
+Confidence DPI              : 1 (flows)
+Num dissector calls: 12 (12.00 diss/flow)
+LRU cache ookla:      0/0/0 (insert/search/found)
+LRU cache bittorrent: 0/0/0 (insert/search/found)
+LRU cache zoom:       0/0/0 (insert/search/found)
+LRU cache stun:       0/0/0 (insert/search/found)
+LRU cache tls_cert:   0/0/0 (insert/search/found)
+LRU cache mining:     0/0/0 (insert/search/found)
+LRU cache msteams:    0/0/0 (insert/search/found)
+LRU cache stun_zoom:  0/0/0 (insert/search/found)
+Automa host:          1/0 (search/found)
+Automa domain:        1/0 (search/found)
+Automa tls cert:      0/0 (search/found)
+Automa risk mask:     0/0 (search/found)
+Automa common alpns:  0/0 (search/found)
+Patricia risk mask:   2/0 (search/found)
+Patricia risk:        0/0 (search/found)
+Patricia protocols:   1/1 (search/found)
+
+MapleStory	4	362	1
+
+	1	TCP 192.168.16.173:60546 <-> 93.184.216.34:80 [proto: 113/MapleStory][IP: 288/Edgecast][ClearText][Confidence: DPI][cat: Game/8][3 pkts/288 bytes <-> 1 pkts/74 bytes][Goodput ratio: 28/0][0.10 sec][Hostname/SNI: example.com][User-Agent: AspINet][PLAIN TEXT (pGET /maplestory/ HTTP/1.1)][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/result/ossfuzz_seed_fake_traces_4.pcapng.out b/tests/result/ossfuzz_seed_fake_traces_4.pcapng.out
new file mode 100644
index 000000000..f9e8eb7b9
--- /dev/null
+++ b/tests/result/ossfuzz_seed_fake_traces_4.pcapng.out
@@ -0,0 +1,28 @@
+Guessed flow protos:	1
+
+DPI Packets (UDP):	2	(2.00 pkts/flow)
+Confidence Unknown          : 1 (flows)
+Num dissector calls: 124 (124.00 diss/flow)
+LRU cache ookla:      0/0/0 (insert/search/found)
+LRU cache bittorrent: 0/3/0 (insert/search/found)
+LRU cache zoom:       0/0/0 (insert/search/found)
+LRU cache stun:       0/0/0 (insert/search/found)
+LRU cache tls_cert:   0/0/0 (insert/search/found)
+LRU cache mining:     0/1/0 (insert/search/found)
+LRU cache msteams:    0/0/0 (insert/search/found)
+LRU cache stun_zoom:  0/1/0 (insert/search/found)
+Automa host:          0/0 (search/found)
+Automa domain:        0/0 (search/found)
+Automa tls cert:      0/0 (search/found)
+Automa risk mask:     0/0 (search/found)
+Automa common alpns:  0/0 (search/found)
+Patricia risk mask:   2/0 (search/found)
+Patricia risk:        0/0 (search/found)
+Patricia protocols:   2/0 (search/found)
+
+Unknown	2	68	1
+
+
+
+Undetected flows:
+	1	UDP 127.0.0.1:100 <-> 127.0.0.1:200 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][1 pkts/32 bytes <-> 1 pkts/36 bytes][Goodput ratio: 12/22][10.70 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
author	Ivan Nardi <12729895+IvanNardi@users.noreply.github.com>	2023-02-09 20:02:12 +0100
committer	GitHub <noreply@github.com>	2023-02-09 20:02:12 +0100
commit	b51a2ac72a3cbd1b470890d0151a46da28e6754e (patch)
tree	694a86ec7690962b21fb2c1bcf12df9f842d5957 /tests/result
parent	4bb851384efb2a321def0bdb5e93786fac1cc02b (diff)