Hey Dmitry, I see you got wireguard's netlink stuff hooked up to syzkaller. Excellent work, and thanks! It's already finding bugs.
Right now it seems to know about 5 different keys you've come up with, and not much in the way of endpoints. I think we can improve this. For keys, there are a few cases we care about: 1) Low order keys 2) Negative keys 3) Normal keys 4) Keys that correspond to other keys (private ==> public) For this last point, if we just have a few with that correspondance quality in there, syzkaller will eventually wind up configuring two interfaces that can talk to each other, which is good. Here's a collection of keys you can use, in base64, that will cover those cases, if you want to add these instead of the current ones in there: 1) AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA= 4Ot6fDtBuK4WVuP68Z/EatoJjeucMrH9hmIFFl9JuAA= 2) 2/////////////////////////////////////////8= TJyVvKNQjCSx0LFVnIPvWwREXMRYHI6G2CJO3dCfEdc= 3,4) oFyoT2ycjjhT4v16cK4Psg+hUmAMsAhFF08IB2+NeEM= l1ydgcmDyCCe54ElS4mfjtklrp8JI8I8YvU8V82/aRw= sIBz6NROkePakiwiQ4JEu4hcaeJpyOnYNbEUKTpN3G4= 0XMomfYRzYmUA01/QT3JV2MOVJPChaykAGXLYxG+aWs= oMuHmkf1vGRMDmk/ptAxx0oVU7bpAbn/L1GMeAQvtUI= 9E2jZ6iO5lZPAgIRRWcnCC9c6+6LG/Xrczc0G0WbOSI= That's 10 keys total, which should be a decent collection to replace your current set of hard coded keys in there. You can unbase64 these into C format with commands like: $ echo '2/////////////////////////////////////////8=' | base64 -d | xxd -i 0xdb, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff The second thing is getting two wireguard interfaces to talk to each other. This probably should happen over localhost. That means the listen port of one should be the endpoint of the other. So maybe you can get away fuzzing these with: Listen ports: 51820 51821 51822 [randomly selected] and Endpoints: 127.0.0.1:51820 127.0.0.1:51821 127.0.0.1:51822 [::1]:51820 [::1]:51821 [::1]:51822 [randomly selected] Finally the "allowed ips" for a peer, the routing table entry that points to wireguard, and the packet that's being sent, should all somehow correspond. But probably an allowed ips of 0.0.0.0/0 will eventually be fuzzed to, which covers everything for the first part, so let's see if the rest falls into place on its own. What do you think of all that? Jason _______________________________________________ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard