On Wed, 2 Jan 2008 14:56:22 +0100 Julien Vermillard <[EMAIL PROTECTED]> wrote:
> Hi everybody and happy new year to all the members of the MINA > community. > > During the Xmas rest, I had an idea (who said boredom ?:D) for > improving the testing of my different codec and protocol > implementations. > > The idea could be to create a fuzzing based IOFilter for brute force > testing protocol Codec hardness. > > For example the filter can try several strategies for trying to break > the server like : > - At ByteBuffer level : > - inserting random bytes > - removing some bytes randomly > - At PDU level : > - removing some frames > - duplicating some frames > - re-inserting a previously recorded PDU (something like 5 minutes > old PDU) > > All of that with a large configurability going to sparse error > generation, to huge flooding or progressive error insertion. > > It would be mandatory to have large logging of what kind of buggy > packet was generated to easily find which bytes killed your server :) > > For progressive error insertion, it would be great if it be able to > monitor the application (memory usage, cpu load). So the filter know > when it can add more error and guess when it reached a potential DoS > and finally mark it in the logs. > > As all other fuzzing testing it won't certifies zero bug, but it will > give you more confidence in you server if it can pass such a brutal > tests. > > Julien Hi, I made a little filter for generate random garbage in your byte streams. It's quite simple to use : ErrorGeneratorFilter egf=new ErrorGeneratorFilter(); For activate the change of some bytes in your IoBuffer, for a probability of 200 out of 1000 IoBuffer processed : egf.setChangeByteProbability(200); For activate the insertion of some bytes in your IoBuffer, for a probability of 200 out of 1000 : egf.setInsertByteProbability(200); And for the removing of some bytes : egf.setRemoveByteProbability(200); You can activate the error generation for write or read with the following methods : egf.setManipulateReads(true); egf.setManipulateWrites(true); I have not tested/finished the PDU manipulation code, so please ignore it for now. I tested it with the echo server, it worked quite well. The first version is here in my sandbox, any comments are welcome :) http://svn.apache.org/viewvc/mina/sandbox/jvermillard/error-generator/src/org/apache/mina/filter/errorgenerator/ErrorGeneratorFilter.java?view=markup Julien
