[Libwebsockets] Autobahn Fuzzer
andy at warmcat.com
Mon Dec 28 10:43:42 CET 2015
The last of the big monsters in Github is support the Autobahn fuzzer.
First you can now run it casually with test-echo and documentation on
how to do
I'm partway through auditing each test, but we now score a lot of
passes. It looks like there are still real improvements to shake out
but there are some things to discuss what to do about.
You can see the current status here
I pushed a bunch of patches that implement various things (none of them
affect the ABI ;-) )
- Test-echo has some improvements to make it work with what Autobahn
- Lws now responds to zero-length packets and you can send them (Autobahn)
- The server side of lws has had good RX flow control for a long time
thanks to the mirror protocol, Autobahn requires it on client side so I
now re-use it there. It means if you flow-control RX, you won't get any
more RX callbacks until you let it come again, effective immediately.
Previously, he stopped new RX packets coming now he caches any pending
RX until it's restarted.
- The api to find out if you're on a FIN fragment of RX told the truth
about that even if the payload was too big to come at one time in the RX
callback. So you got several callbacks in that case all claiming
correctly to be from a FIN packet. It's a lot more useful if the FIN
status is witheld until the last RX callback, that is what it does now.
- We restricted PING / PONG / CLOSE payloads to 124. Actually we
should also have allowed 125. So the limit and buffer is increased by
- There are several framing sanity tests we didn't bother with like
reject on reserved opcodes or bits (we ignored them in case an extension
wanted them), disordered continuation, pending FIN that never came, etc.
They're not useful for hacking since the client can just send whatever
he is trying to send, lws ignored that the state was wrong and just took
the payload; it will chop it up into the rx buffer the user code can
handle anyway. These test to reject bad framing state are now implemented.
Basically I didn't find anything scary so far, but I am still going.
So... Autobahn has a couple of tests that I don't think belong in it,
2.10 and 2.11 test PING queuing on a single connection, that is not in
RFC6455 and there is no point implementing that AFAICT. Lws just keeps
one ping in flight at a time and ignores the others until that one was
sent. So we will fail those.
Huge swathes of test are about expectations that we confirm UTF-8
compliance of ws "text" message payloads. Until now lws does not get
involved in the content of the text messages leaving that for the user
code. Any feelings about that out there?
More information about the Libwebsockets