Hi everybody and happy new year to all the members of the MINA community. During the Xmas rest, I had an idea (who said boredom ?:D) for improving the testing of my different codec and protocol implementations.
The idea could be to create a fuzzing based IOFilter for brute force testing protocol Codec hardness. For example the filter can try several strategies for trying to break the server like : - At ByteBuffer level : - inserting random bytes - removing some bytes randomly - At PDU level : - removing some frames - duplicating some frames - re-inserting a previously recorded PDU (something like 5 minutes old PDU) All of that with a large configurability going to sparse error generation, to huge flooding or progressive error insertion. It would be mandatory to have large logging of what kind of buggy packet was generated to easily find which bytes killed your server :) For progressive error insertion, it would be great if it be able to monitor the application (memory usage, cpu load). So the filter know when it can add more error and guess when it reached a potential DoS and finally mark it in the logs. As all other fuzzing testing it won't certifies zero bug, but it will give you more confidence in you server if it can pass such a brutal tests. Julien
