The sniffer in `tests/gnrc_rpl_srh` always had stability issues, since
it uses some badly synchronized threading of mine. Since v2.4.3 scapy
has its own [asynchronous sniffer] (which is already used in
`tests/gnrc_dhcpv6_client_6lbr`), so I ported my sniffer implementation
to use that instead.
[asynchronous sniffer]: https://scapy.readthedocs.io/en/latest/usage.html#asynchronous-sniffing
GCLK_ID and APBCMASK entries are not always uniform.
The previous hack would already break for TCC3.
Just explosively write down the cases, there are only 5 at most.
The `start_network.sh` script creates a `${TUN}` interface, so
the `${TAP}` variable will always be empty.
This means start_dhcpd() will always fail as the DHCPv6 script is lacking
an interface.
The termination condition implemented in gnrc_pktbuf_malloc does not
work when using the sock interface as sock copies packet data to a local
buffer and frees the packet afterwards. As such, the fuzzing application
would exit before performing any input processing.
For this reason, the termination condition in gnrc_pktbuf_malloc is
disabled when using sock. Instead, the application terminates if
gnrc_sock_recv previously returned the fuzzing packet. The underlying
assumption of this implementation is that gnrc_sock_recv is called in a
loop.
Since RIOT is an operating system the native binary will never terminate
[0]. The termination condition for fuzzing GNRC is that the packet was
handled by the network stack and therefore freed. If it is never freed
we will deadlock meaning a memory leak was found, afl should be able to
detect this through timeouts.
This is currently only supported for gnrc_pktbuf_malloc since this is
the pktbuf implementation I used for fuzzing. Implementing this in
pktbuf.h is not possible.
[0]: Except NATIVE_AUTO_EXIT is defined, however, even with that define
set RIOT will only terminate when all threads terminated. Unfortunately,
gnrc_udp and other network threads will never terminate.
This adds a utility module which is used to write applications for
fuzzing RIOT network modules. The module provides a dummy network
interface which is configured with a static IPv6 addresses for modules
which perform operations on the underlying network interface. Besides,
it contains a utility function for transforming data received on
standard input into a `gnrc_pktsnip_t`.
