Add first fuzzing harness (#7430)

* First sketch of fuzzing

* Add m4 script

The script is used in the fuzzing build

* Add stub sources in the makefile

* [Fuzz] Add RedisStub

* Add gitignore for fuzz dir

* Remove definition of non-implemented method

* [Fuzz] Refactoring code

* [Fuzz] Separate the protobuf support in the makefile

* Clean fuzzing related object files

* [Fuzz] Fix makefile

* Change gitignore

* [Fuzz] Separate headers

* [Fuzz] Add README.md

* [Fuzz] Change make target

* [Fuzz] Update README.md

* Add compatibilty with autoconf < 2.71

* Optionally disable hiredis integration

* Include hiredis only for production build

* [Fuzz] Disable period activities

* Remove unused dependencies for librrd

* Optionally use static linking for zmq library

* Add debug output regarding the linking of libzmq

* [Fuzz] Do not run on empty input

* Optionally use static linking for libjson-c

* Optionally use static linking for libmaxminddb

* Make mysqlclient dependency as optional

* Change gitignore

* [Fuzz] Add corpus for fuzz_dissect_packet

* [Fuzz] Refactor fuzz_dissect_packet

* Change gitignore

* [Fuzz] Use correct naming for corpus

* [Fuzz] Add dictionary

* [Fuzz] Fix declaration of LLVMFuzzerInitialize

* [Fuzz] Refactor onefile

* [Fuzz] Fix the initialization memory leaks

* [Fuzz] Fix invocation of LLVMFuzzerInitialize

* Remove double githooks folder

* [Fuzz] Set interface pcap_data_link

* Change gitignore

* Use pkg-config for detecting protobuf libraries

* Add license

* Improve error message

.githooks/pre-commit

@@ -1,4 +0,0 @@
-#!/bin/sh
-
-# Check coding style
-make -s check-format || (echo 'Please format your code with `make format`' && false)

Makefile.in

@@ -53,9 +53,9 @@ ifeq ($(HAS_LIBRRDTOOL), 0)
 else
 	LIBRRDTOOL_INC=-I$(LIBRRDTOOL_HOME)/src/
 	ifeq ($(OS), $(filter $(OS), OpenBSD FreeBSD))
-		LIBRRDTOOL_LIB=$(LIBRRDTOOL_HOME)/src/.libs/librrd_th.a -lm -lgobject-2.0 -lgmodule-2.0 -lglib-2.0	
+		LIBRRDTOOL_LIB=$(LIBRRDTOOL_HOME)/src/.libs/librrd_th.a -lm
 	else
-		LIBRRDTOOL_LIB=$(LIBRRDTOOL_HOME)/src/.libs/librrd_th.a -lm -lgobject-2.0 -lgmodule-2.0 -ldl -lglib-2.0
+		LIBRRDTOOL_LIB=$(LIBRRDTOOL_HOME)/src/.libs/librrd_th.a -lm
 	endif
 endif
 
@@ -65,8 +65,8 @@ HTTPCLIENT_INC=${PWD}/third-party/http-client-c/src/
 
 ######
 
-JSON_INC=@JSON_INC@
-JSON_LIB=@JSON_LIB@
+JSON_INC=@JSON_CFLAGS@
+JSON_LIB=@JSON_LIBS@
 
 ######
 
@@ -86,9 +86,12 @@ endif
 
 ######
 TARGET = ntopng
-LIBS = $(NDPI_LIB) $(LIBPCAP) $(LUA_LIB) $(LIBRRDTOOL_LIB) $(ZEROMQ_LIB) $(JSON_LIB) $(SNMP_LIB) @MAXMINDDB_LIB@ $(SODIUM_LIB) @HIREDIS_LIB@ @SQLITE_LIB@ @MYSQL_LIB@ @RADCLI_LIB@ @EXPAT_LIB@ @SSL_LIB@ @LINK_OPTS@ @LDFLAGS@ @PRO_LIBS@ @LIBS@ $(ZSTD_LIB) -lm -lpthread
-CPP=@CPP@
-CPPFLAGS = @CFLAGS@ -std=c++1y @HIREDIS_INC@ $(MONGOOSE_INC) $(JSON_INC) $(SNMP_INC) $(SODIUM_INC) $(NDPI_INC) $(LUA_INC) $(LIBRRDTOOL_INC) $(ZEROMQ_INC) @MYSQL_INC@ @CPPFLAGS@ -I$(HTTPCLIENT_INC) @SSL_INC@ @PRO_INCS@ -DDATA_DIR='"$(datadir)"' # -D_GLIBCPP_DEBUG
+LIBS = $(NDPI_LIB) $(LIBPCAP) $(LUA_LIB) $(LIBRRDTOOL_LIB) $(ZEROMQ_LIB) $(JSON_LIB) $(SNMP_LIB) @MAXMINDDB_LIBS@ $(SODIUM_LIB) @HIREDIS_LIB@ @SQLITE_LIB@ @MYSQL_LIB@ @RADCLI_LIB@ @EXPAT_LIB@ @SSL_LIB@ @ZMQ_LIBS@ @LINK_OPTS@ @LDFLAGS@ @PRO_LIBS@ @LIBS@ $(ZSTD_LIB) -lm -lpthread
+CC := @CC@
+CXX := @CXX@
+CPPFLAGS := @CPPFLAGS@
+CFLAGS := @CFLAGS@
+CXXFLAGS = -std=c++1y @HIREDIS_INC@ @MAXMINDDB_CFLAGS@ $(MONGOOSE_INC) $(JSON_INC) $(SNMP_INC) $(SODIUM_INC) $(NDPI_INC) $(LUA_INC) $(LIBRRDTOOL_INC) $(ZEROMQ_INC) @MYSQL_INC@ @ZMQ_CFLAGS@ @CXXFLAGS@ -I$(HTTPCLIENT_INC) @SSL_INC@ @PRO_INCS@ -DDATA_DIR='"$(datadir)"' # -D_GLIBCPP_DEBUG
 ######
 # ntopng-1.0_1234.x86_64.rpm
 PLATFORM = `uname -p`
@@ -127,25 +130,25 @@ TEST_HEADERS = $(wildcard tests/include/*.h)
 	$(CC) $(CPPFLAGS) $(CFLAGS) -c $< -o $@
 
 %.o: %.cpp $(HEADERS) $(INC) Makefile
-	$(CPP) $(CPPFLAGS) -c $< -o $@
+	$(CXX) $(CPPFLAGS) $(CXXFLAGS) -c $< -o $@
 
 .PRECIOUS: $(TARGET) $(OBJECTS)
 
 $(TARGET): $(OBJECTS) $(LIB_TARGETS) Makefile
-	$(CPP) $(CPPFLAGS) $(LDFLAGS) $(OBJECTS) -lm -Wall $(LIBS) -o $@
+	$(CXX) $(CPPFLAGS) $(CXXFLAGS) $(LDFLAGS) $(OBJECTS) -lm -Wall $(LIBS) -o $@
 
 unit_test: $(TEST_FILES) $(OBJECTS_NO_MAIN) ${TEST_HEADERS} $(LIB_TARGETS)
-	$(CPP) $(CPPFLAGS) $(LDFLAGS) $(TEST_FILES) $(OBJECTS_NO_MAIN) -lm -lgtest $(LIBS) -o ./tests/unit_tests
+	$(CXX) $(CPPFLAGS) $(CXXFLAGS) $(LDFLAGS) $(TEST_FILES) $(OBJECTS_NO_MAIN) -lm -lgtest $(LIBS) -o ./tests/unit_tests
 
 test_fifo_queue: $(OBJECTS_NO_MAIN) $(LIB_TARGETS)
 	rm src/FifoStringsQueue.o
 	$(MAKE) CPPFLAGS="${CPPFLAGS} -DTEST_FIFO_QUEUE -DDEBUG_FIFO_QUEUE" src/FifoStringsQueue.o
-	$(CPP) $(CPPFLAGS) $(LDFLAGS) $(OBJECTS_NO_MAIN) -Wall $(LIBS) -o $@
+	$(CXX) $(CPPFLAGS) $(CXXFLAGS) $(LDFLAGS) $(OBJECTS_NO_MAIN) -Wall $(LIBS) -o $@
 
 test_alert_engine: $(OBJECTS_NO_MAIN) $(LIB_TARGETS)
 	rm src/AlertCheckLuaEngine.o
 	$(MAKE) CPPFLAGS="${CPPFLAGS} -DTEST_CHECK_ENGINE" src/AlertCheckLuaEngine.o
-	$(CPP) $(CPPFLAGS) $(LDFLAGS) $(OBJECTS_NO_MAIN) -Wall $(LIBS) -o $@
+	$(CXX) $(CPPFLAGS) $(CXXFLAGS) $(LDFLAGS) $(OBJECTS_NO_MAIN) -Wall $(LIBS) -o $@
 
 $(LUA_LIB):
 	$(MAKE) -C $(LUA_HOME) $(LUA_PLATFORM)
@@ -164,6 +167,7 @@ hooks/.enabled:
 clean:
 	-rm -f src/*.o src/*~ src/flow_checks/*.o  src/flow_checks/*~ src/flow_alerts/*.o  src/flow_alerts/*~ src/host_checks/*.o  src/host_checks/*~ src/host_alerts/*.o  src/host_alerts/*~ include/*~ *~ #config.h
 	-rm -f $(TARGET)
+	-rm -f fuzz/*.o fuzz/proto/ fuzz/stub/*.o
 	if [ -d pro ]; then cd pro && $(MAKE) clean; fi
 
 cert:
@@ -296,3 +300,4 @@ pull: pull-deps pull-pro
 	echo "Updating ntopng..."
 	git pull --rebase
 
+@FUZZ_MAKEFILE_INC@

autogen.sh

@@ -80,9 +80,6 @@ git submodule update --remote
 
 # git submodule update --init --recursive
 
-# Enable git hooks
-find .githooks -type f -exec ln -sf ../../{} .git/hooks/ \;
-
 echo "Wait please..."
 autoreconf -if
 echo ""

configure.ac.in

@@ -1,27 +1,73 @@
 AC_INIT([ntopng],[@VERSION@])
 
+AC_CONFIG_MACRO_DIR([m4])
+
 HERE=`pwd`
 SYSTEM=`uname -s`
 
 AC_PROG_CPP
 AC_PROG_CXX
 
+PKG_PROG_PKG_CONFIG
+
 AC_ARG_WITH(leak-sanitizer,     [  --with-leak-sanitizer   Build with support for the LLVM address leak and sanitizer])
 AS_IF([test "${with_leak_sanitizer+set}" = set],[
-    CFLAGS="-g -O0 -Wall -Wno-unused-value -fsanitize=address -fsanitize=undefined -fno-sanitize=alignment -fsanitize=leak -fno-omit-frame-pointer"
-    CPPFLAGS="-g -O0 -Wall -Wno-unused-value -fsanitize=address -fsanitize=undefined -fno-sanitize=alignment -fsanitize=leak -fno-omit-frame-pointer"
+    CFLAGS="${CFLAGS} -g -O0 -Wall -Wno-unused-value -fsanitize=address -fsanitize=undefined -fno-sanitize=alignment -fsanitize=leak -fno-omit-frame-pointer"
+    CXXFLAGS="${CXXFLAGS} -g -O0 -Wall -Wno-unused-value -fsanitize=address -fsanitize=undefined -fno-sanitize=alignment -fsanitize=leak -fno-omit-frame-pointer"
     LDFLAGS="${LDFLAGS} -fsanitize=address -fsanitize=undefined -fno-sanitize=alignment -fsanitize=leak"
     USE_CLANG=yes
 ])
 
 AC_ARG_WITH(sanitizer,     [  --with-sanitizer   Build with support for the LLVM address sanitizer])
 AS_IF([test "${with_sanitizer+set}" = set],[
-    CFLAGS="-g -O0 -Wall -Wno-unused-value -fsanitize=address -fsanitize=undefined -fno-sanitize=alignment -fno-omit-frame-pointer"
-    CPPFLAGS="-g -O0 -Wall -Wno-unused-value -fsanitize=address -fsanitize=undefined -fno-sanitize=alignment -fno-omit-frame-pointer"
+    CFLAGS="${CFLAGS} -g -O0 -Wall -Wno-unused-value -fsanitize=address -fsanitize=undefined -fno-sanitize=alignment -fno-omit-frame-pointer"
+    CXXFLAGS="${CXXFLAGS} -g -O0 -Wall -Wno-unused-value -fsanitize=address -fsanitize=undefined -fno-sanitize=alignment -fno-omit-frame-pointer"
     LDFLAGS="${LDFLAGS} -fsanitize=address -fsanitize=undefined -fno-sanitize=alignment"
     USE_CLANG=yes
 ])
 
+AC_ARG_ENABLE(fuzztargets, AS_HELP_STRING([--enable-fuzztargets], [Enable fuzz targets]), [enable_fuzztargets=$enableval], [enable_fuzztargets=no])
+AC_ARG_ENABLE(fuzztargets-local, AS_HELP_STRING([--enable-fuzztargets-local], [Enable fuzz targets for local testing]), [enable_fuzztargets_local=$enableval], [enable_fuzztargets_local=no])
+AC_ARG_WITH(fuzz-protobuf, AS_HELP_STRING([--with-fuzz-protobuf], [Build with protobuf mutator support]), [with_fuzz_protobuf=$enableval], [with_fuzz_protobuf=no])
+
+AS_VAR_IF(enable_fuzztargets_local, yes, [enable_fuzztargets="yes" AC_SUBST(FUZZ_LOCAL_TEST, "1")])
+AS_VAR_IF(with_fuzz_protobuf, yes, [
+    AC_SUBST(FUZZ_WITH_PROTOBUF, "1")
+    PKG_CHECK_MODULES(LIBPROTOBUF_MUTATOR, libprotobuf-mutator, [], [AC_MSG_ERROR(Could not find libprotobuf-mutator. Perhaps you should set PKG_CONFIG_PATH accordingly)])
+    PKG_CHECK_MODULES(PROTOBUF, protobuf, [], [AC_MSG_ERROR(Could not find protobuf. Perhaps you should set PKG_CONFIG_PATH accordingly)])
+])
+
+FUZZ_MAKEFILE_INC=
+FUZZ_OBJECTS=
+AS_VAR_IF(enable_fuzztargets, yes, [
+    FUZZ_MAKEFILE_INC="include ./fuzz/Makefile"
+    FUZZ_OBJECTS='$(patsubst %.cpp, %.o, $(wildcard fuzz/stub/*.cpp))'
+    AC_LANG_PUSH(C++)
+    AC_SUBST(LIB_FUZZING_ENGINE)
+
+    dnl> Check that the compiler supports the flags $LIB_FUZZING_ENGINE
+    AX_CHECK_COMPILE_FLAG(
+        $LIB_FUZZING_ENGINE,
+        [AC_SUBST(HAS_FUZZLDFLAGS, "1")],dnl SUCCESS
+        [:],dnl FAIL
+        [],
+        [AC_LANG_SOURCE([[
+#include <sys/types.h>
+extern "C" int LLVMFuzzerTestOneInput(const unsigned char *Data, size_t Size);
+extern "C" int LLVMFuzzerTestOneInput(const unsigned char *Data, size_t Size) {
+(void)Data;
+(void)Size;
+return 0;
+}
+        ]])]
+    )
+
+    AC_LANG_POP()
+])
+
+AC_ARG_WITH(hiredis, AS_HELP_STRING([--without-hiredis], [Build without hiredis integration]), [with_hiredis=no], [with_hiredis=yes])
+
+
 dnl> CLANG_STDLIB="-stdlib=libc++"
 
 dnl> On Ubuntu do sudo apt-get install -y clang-14  clang-tools-14
@@ -45,15 +91,15 @@ if test "x$USE_CLANG" = xyes; then
 fi
 
 CFLAGS="${CFLAGS} -I${HERE} -I${HERE}/include"
-CPPFLAGS="${CPPFLAGS} -I${HERE} -I${HERE}/include"
+CXXFLAGS="${CXXFLAGS} -I${HERE} -I${HERE}/include"
 
-CPPFLAGS="${CPPFLAGS} -Wno-address-of-packed-member -Wno-unused-function"
+CXXFLAGS="${CXXFLAGS} -Wno-address-of-packed-member -Wno-unused-function"
 
 dnl> MacOS brew.sh
 HOMEBREW_DIR=/opt/homebrew
 if test -d $HOMEBREW_DIR; then
  CFLAGS="${CFLAGS} -I ${HOMEBREW_DIR}/include"
- CPPFLAGS="${CPPFLAGS} -I ${HOMEBREW_DIR}/include"
+ CXXFLAGS="${CXXFLAGS} -I ${HOMEBREW_DIR}/include"
  LDFLAGS="${LDFLAGS} -L ${HOMEBREW_DIR}/lib"
 fi
 
@@ -62,7 +108,7 @@ if test -f /proc/device-tree/model; then
   
   if test "$IS_RASPBERRY" = "1"; then
     CFLAGS="${CFLAGS} -DNTOPNG_EMBEDDED_EDITION"
-    CPPFLAGS="${CPPFLAGS} -DNTOPNG_EMBEDDED_EDITION"
+    CXXFLAGS="${CXXFLAGS} -DNTOPNG_EMBEDDED_EDITION"
     AC_DEFINE(HAVE_RASPBERRY, 1, [rPI detected])
   fi
 fi
@@ -133,14 +179,17 @@ OS="${OS#"${OS%%[![:space:]]*}"}"
 
 AC_CHECK_LIB([atomic], [__atomic_exchange_8], [LIBS="${LIBS} -latomic"])
 
-AC_CHECK_LIB([zmq], [zmq_socket_monitor])
-if test "x$ac_cv_lib_zmq_zmq_socket_monitor" = xyes; then :
-  LIBS="${LIBS} -lzmq"
-  AC_DEFINE_UNQUOTED(HAVE_ZMQ, 1, [ZMQ is present])
-else
-  echo "ZMQ not present or too old (< v. 3.x)"
-  exit 1
-fi
+AC_ARG_WITH(zmq-static,
+    [  --with-zmq-static       Use static link for the zmq library],
+    [PKG_CHECK_MODULES_STATIC(ZMQ, [libzmq >= 3],
+        [AC_DEFINE_UNQUOTED(HAVE_ZMQ, 1, [ZMQ is present])],
+        [AC_MSG_ERROR(ZMQ not present or too old (< v. 3.x))]
+    )],
+    [PKG_CHECK_MODULES(ZMQ, [libzmq >= 3],
+        [AC_DEFINE_UNQUOTED(HAVE_ZMQ, 1, [ZMQ is present])],
+        [AC_MSG_ERROR(ZMQ not present or too old (< v. 3.x))]
+    )]
+)
 
 AC_CHECK_LIB([sodium], [sodium_init], LIBS="${LIBS} -lsodium")
 AC_CHECK_LIB([rdkafka], [rd_kafka_metadata], AC_DEFINE_UNQUOTED(HAVE_KAFKA, 1, [librdkafka is installed] LIBS="${LIBS} -lrdkafka") LIBS="${LIBS} -lrdkafka")
@@ -171,7 +220,7 @@ fi
 
 if test -d "/usr/local/include"; then
   CFLAGS="${CFLAGS} -I/usr/local/include"
-  CPPFLAGS="${CPPFLAGS} -I/usr/local/include"
+  CXXFLAGS="${CXXFLAGS} -I/usr/local/include"
 fi
 
 if test -d "/usr/local/lib"; then
@@ -180,7 +229,7 @@ fi
 
 if test -d /opt/local/include; then :
   CFLAGS="${CFLAGS} -I/opt/local/include"
-  CPPFLAGS="${CPPFLAGS} -I/opt/local/include"
+  CXXFLAGS="${CXXFLAGS} -I/opt/local/include"
 fi
 
 if test -d /opt/local/lib; then :
@@ -190,7 +239,7 @@ fi
 if [ test -f /usr/bin/lsb_release ]; then
   CODENAME=`/usr/bin/lsb_release -c|cut -f 2`
   if test $CODENAME = "wheezy" ; then
-    CPPFLAGS="${CPPFLAGS} -DOLD_NETFILTER_INTERFACE=1"
+    CXXFLAGS="${CXXFLAGS} -DOLD_NETFILTER_INTERFACE=1"
   fi
 fi
 
@@ -282,19 +331,11 @@ if test -z "$NDPI_INC" || test -z "$NDPI_LIB" ; then :
 fi
 dnl finish: nDPI handling
 
-if test $SYSTEM = "FreeBSD"; then
-   JSON_LIB=/usr/local/lib/libjson-c.a
-   JSON_INC=`pkg-config --cflags json-c`
-else
-   pkg-config --exists json-c
-   if test "$?" -ne 1; then
-     JSON_INC=`pkg-config --cflags json-c`
-     JSON_LIB=`pkg-config --libs json-c`
-   else
-     echo "Please install libjson-c-dev package prerequisite"
-     exit -1
-   fi
-fi
+AC_ARG_WITH(json-c-static,
+    [  --with-json-c-static       Use static link for the json-c library],
+    [PKG_CHECK_MODULES_STATIC(JSON, json-c, [], [AC_MSG_ERROR(Please install libjson-c-dev package prerequisite)])],
+    [PKG_CHECK_MODULES(JSON, json-c, [], [AC_MSG_ERROR(Please install libjson-c-dev package prerequisite)])]
+)
 
 pkg-config --exists libssl
 if test "$?" -ne 1; then
@@ -448,18 +489,22 @@ fi
 
 DATE=`date +"%Y-%m-%d"`
 
-pkg-config --exists hiredis
-if test "$?" -ne 1; then
-  HIREDIS_INC="`pkg-config --cflags hiredis` -I/usr/include/hiredis"
-  if test $SYSTEM = "FreeBSD"; then
-     HIREDIS_LIB="/usr/local/lib/libhiredis.a"
-   else
-     HIREDIS_LIB="`pkg-config --libs hiredis`"
-  fi
-else
-  echo "Please install hiredis package prerequisite"
-  exit -1
-fi
+HIREDIS_INC=
+HIREDIS_LIB=
+AS_VAR_IF(with_hiredis, yes, [
+    pkg-config --exists hiredis
+    if test "$?" -ne 1; then
+    HIREDIS_INC="`pkg-config --cflags hiredis` -I/usr/include/hiredis"
+    if test $SYSTEM = "FreeBSD"; then
+        HIREDIS_LIB="/usr/local/lib/libhiredis.a"
+    else
+        HIREDIS_LIB="`pkg-config --libs hiredis`"
+    fi
+    else
+    echo "Please install hiredis package prerequisite"
+    exit -1
+    fi
+])
 
 if test "${with_nedge+set}" != set; then
   if test -d "${HOME}/PF_RING" ; then :
@@ -486,7 +531,7 @@ if test "${with_nedge+set}" != set; then
      echo "${PF_RING_HOME}/userland/libpcap/libpcap.a"
      if test -f "${PF_RING_HOME}/userland/libpcap/libpcap.a"; then
        LIBS="${LIBS} ${PF_RING_HOME}/userland/lib/libpfring.a -L${PF_RING_HOME}/userland/libpcap/ `${PF_RING_HOME}/userland/lib/pfring_config --libs`"
-       CPPFLAGS="${CPPFLAGS} -I${PF_RING_HOME}/kernel -I${PF_RING_HOME}/userland/lib -I${PF_RING_HOME}/userland/libpcap"
+       CXXFLAGS="${CXXFLAGS} -I${PF_RING_HOME}/kernel -I${PF_RING_HOME}/userland/lib -I${PF_RING_HOME}/userland/libpcap"
        echo "Using PF_RING installed in ${PF_RING_HOME}"
      else
        echo "Found PF_RING but the userland libs have not been compiled"
@@ -497,7 +542,7 @@ if test "${with_nedge+set}" != set; then
        if test -f "/opt/pfring/lib/libpfring.a"; then
          echo "/opt/pfring/lib/libpfring.a"
          LIBS="${LIBS} /opt/pfring/lib/libpfring.a -L/opt/pfring/lib"
-         CPPFLAGS="${CPPFLAGS} -I/opt/pfring/include"
+         CXXFLAGS="${CXXFLAGS} -I/opt/pfring/include"
          echo "Using PF_RING installed in /opt/pfring"
       else
        if test -f "/usr/local/lib/libpfring.a"; then
@@ -640,17 +685,23 @@ if test -f "/etc/centos-release"; then
   fi
 fi
 
-AC_CHECK_LIB([maxminddb], [MMDB_lookup_sockaddr])
-AC_CHECK_HEADERS(maxminddb.h)
-if test ".${ac_cv_lib_maxminddb_MMDB_lookup_sockaddr}" = ".yes" &&
-   test ".${ac_cv_header_maxminddb_h}" = ".yes"; then
-   DOWNLOAD_GEOIP=1
-   MAXMINDDB_LIB=-lmaxminddb
-   AC_DEFINE_UNQUOTED(HAVE_MAXMINDDB, 1, [MaxMind DB support])
-else
-   AC_MSG_RESULT(Please install libmaxminddb-dev (https://github.com/maxmind/libmaxminddb) and try again)
-   exit 1
-fi
+AC_ARG_WITH(maxminddb-static,
+    [  --with-maxminddb-static       Use static link for the maxminddb library],
+    [PKG_CHECK_MODULES_STATIC(MAXMINDDB, libmaxminddb,
+        [
+            DOWNLOAD_GEOIP=1
+            AC_DEFINE_UNQUOTED(HAVE_MAXMINDDB, 1, [MaxMind DB support])
+        ],
+        [AC_MSG_ERROR(Please install libmaxminddb-dev (https://github.com/maxmind/libmaxminddb) and try again)]
+    )],
+    [PKG_CHECK_MODULES(MAXMINDDB, libmaxminddb,
+        [
+            DOWNLOAD_GEOIP=1
+            AC_DEFINE_UNQUOTED(HAVE_MAXMINDDB, 1, [MaxMind DB support])
+        ],
+        [AC_MSG_ERROR(Please install libmaxminddb-dev (https://github.com/maxmind/libmaxminddb) and try again)]
+    )]
+)
 
 AC_CHECK_LIB([sqlite3], [sqlite3_open], sqlite=true)
 if test x$sqlite = xtrue; then
@@ -693,8 +744,7 @@ if test $SYSTEM != "FreeBSD"; then
     AC_DEFINE_UNQUOTED(HAVE_MYSQL, 1, [use mysql])
     AC_CHECK_LIB([wrap], [main])
   else
-    echo "MySQL libraries not found. Please install them as specified in README.compilation"
-    exit 1
+    echo "Building without support for MySQL libraries."
   fi
  fi
 fi
@@ -771,9 +821,6 @@ if test $SYSTEM = "Darwin"; then
    MYSQL_LIB=`echo $MYSQL_LIB | sed 's/openssl@1.1/openssl@1.1/g'`
 fi
 
-CPP=$CXX
-CXXFLAGS=$CPPFLAGS
-
 
 PWD=${HERE}
 AC_DEFINE_UNQUOTED(PACKAGE_RELEASE, "r$GIT_RELEASE", [GIT release of this package])
@@ -790,7 +837,7 @@ AC_SUBST(GIT_RELEASE)
 AC_SUBST(LINK_OPTS)
 AC_SUBST(SQLITE_LIB)
 AC_SUBST(GMAKE)
-AC_SUBST(GPP)
+AC_SUBST(CPP)
 AC_SUBST(CXX)
 AC_SUBST(CFLAGS)
 AC_SUBST(CXXFLAGS)
@@ -809,7 +856,6 @@ AC_SUBST(NDPI_LIB)
 AC_SUBST(NDPI_LIB_DEP)
 AC_SUBST(HIREDIS_INC)
 AC_SUBST(HIREDIS_LIB)
-AC_SUBST(MAXMINDDB_LIB)
 AC_SUBST(EXPAT_LIB)
 AC_SUBST(RADCLI_LIB)
 AC_SUBST(SSL_INC)
@@ -824,8 +870,6 @@ AC_SUBST(REVISION)
 AC_SUBST(MYSQL_LIB)
 AC_SUBST(MYSQL_INC)
 AC_SUBST(MYSQL_DEP)
-AC_SUBST(JSON_INC)
-AC_SUBST(JSON_LIB)
 AC_SUBST(SNMP_INC)
 AC_SUBST(SNMP_LIB)
 AC_SUBST(PFRING_GIT_RELEASE)
@@ -842,6 +886,8 @@ AC_SUBST(RPM_SIGN_CMD)
 AC_SUBST(LIBRRD_LD_FLAGS)
 AC_SUBST(STABLE_SUFFIX)
 AC_SUBST(LIBS)
+AC_SUBST(FUZZ_MAKEFILE_INC)
+AC_SUBST(FUZZ_OBJECTS)
 AC_CONFIG_HEADERS(include/config.h)
 AC_CONFIG_FILES(packages/ntopng.spec)
 AC_CONFIG_FILES(packages/ntopng-data.spec)
@@ -851,6 +897,7 @@ AC_CONFIG_FILES(packages/OPNsense/package/+MANIFEST)
 AC_CONFIG_FILES(packages/OPNsense/package/+POST_INSTALL)
 AC_CONFIG_FILES(packages/OPNsense/package/Makefile)
 AC_CONFIG_FILES(Makefile)
+AC_CONFIG_FILES(fuzz/Makefile)
 AC_CONFIG_FILES(tools/json2tlv/Makefile)
 AC_CONFIG_FILES(doc/doxygen.conf)
 AC_CONFIG_FILES(httpdocs/misc/ntopng-utils-manage-config)
@@ -882,20 +929,26 @@ fi
 echo "
 This is the ntopng configuration:
 
-Compiler          : ${CXX}
-Preprocessor Flags: ${CPPFLAGS}
-C++ Flags         : ${CXXFLAGS}
-Linker Flags:     : ${LDFLAGS}
-System Libs       : ${LIBS}
-nDPI Lib:         : ${NDPI_LIB}
-JSON Lib:         : ${JSON_LIB}
-SSL Lib:          : ${SSL_LIB}
-SNMP Lib          : ${SNMP_LIB}
-Expat Lib         : ${EXPAT_LIB}
-SQLite Lib        : ${SQLITE_LIB}
-MySQL Lib         : ${MYSQL_LIB}
-PCAP Lib          : ${LIBPCAP}
-Install path      : ${INSTALL_DIR}
+C Compiler          : ${CC}
+C Flags             : ${CFLAGS}
+C++ Compiler        : ${CXX}
+C++ Flags           : ${CXXFLAGS}
+Preprocessor        : ${CPP}
+Preprocessor Flags  : ${CPPFLAGS}
+Linker Flags:       : ${LDFLAGS}
+System Libs         : ${LIBS}
+nDPI Lib:           : ${NDPI_LIB}
+JSON Lib:           : ${JSON_LIBS}
+SSL Lib:            : ${SSL_LIB}
+SNMP Lib            : ${SNMP_LIB}
+Expat Lib           : ${EXPAT_LIB}
+SQLite Lib          : ${SQLITE_LIB}
+MySQL Lib           : ${MYSQL_LIB}
+PCAP Lib            : ${LIBPCAP}
+ZMQ Lib             : ${ZMQ_LIBS}
+libprotobuf-mutator : ${LIBPROTOBUF_MUTATOR_LIBS}
+protobuf Lib        : ${PROTOBUF_LIBS}
+Install path        : ${INSTALL_DIR}
 
 You are now ready to compile typing 'make'
 "

fuzz/.clang-format

@@ -0,0 +1,7 @@
+---
+BasedOnStyle: Google
+---
+Language: Cpp
+IndentWidth: 4
+SortIncludes: CaseSensitive
+---

fuzz/.gitignore

@@ -0,0 +1,8 @@
+/stub/*.o
+/*.o
+/proto
+/!corpus/**/*.pcap
+/*.zip
+
+# Binaries
+/fuzz_dissect_packet

fuzz/Makefile.in

@@ -0,0 +1,52 @@
+FUZZ_TARGETS := fuzz/fuzz_dissect_packet
+FUZZ_CORPUS := $(addsuffix _seed_corpus.zip,$(FUZZ_TARGETS))
+
+FUZZ_LOCAL_TEST := @FUZZ_LOCAL_TEST@
+HAS_FUZZLDFLAGS := @HAS_FUZZLDFLAGS@
+LIB_FUZZING_ENGINE := @LIB_FUZZING_ENGINE@
+FUZZ_OBJECTS := @FUZZ_OBJECTS@
+FUZZ_WITH_PROTOBUF := @FUZZ_WITH_PROTOBUF@
+
+OBJECTS := $(OBJECTS) $(FUZZ_OBJECTS)
+FUZZ_FILTER_OUT := $(FUZZ_OBJECTS:fuzz/stub/%Stub.o=src/%.o)
+OBJECTS_NO_MAIN := $(filter-out src/main.o $(FUZZ_FILTER_OUT),$(OBJECTS))
+
+# Protobuf dependencies
+fuzz_dissect_packet_proto_sources := fuzz/proto/pcap.pb.o
+
+ifneq ($(HAS_FUZZLDFLAGS),1)
+	CPPFLAGS := $(CPPFLAGS) -DINCLUDE_ONEFILE
+else ifeq ($(FUZZ_LOCAL_TEST),1)
+	CPPFLAGS := $(CPPFLAGS) -DINCLUDE_ONEFILE
+endif
+
+ifeq ($(FUZZ_WITH_PROTOBUF),1)
+	LIBS := $(LIBS) @LIBPROTOBUF_MUTATOR_LIBS@ @PROTOBUF_LIBS@
+	CXXFLAGS := $(CXXFLAGS) @LIBPROTOBUF_MUTATOR_CFLAGS@ @PROTOBUF_CFLAGS@
+	CPPFLAGS := $(CPPFLAGS) -DFUZZ_WITH_PROTOBUF
+else
+	fuzz_dissect_packet_proto_sources :=
+endif
+
+fuzz/proto/%.pb.o: fuzz/%.proto
+	mkdir fuzz/proto
+	cd fuzz && protoc --cpp_out=proto/ $*.proto
+	$(CXX) -c fuzz/proto/$*.pb.cc -o $@
+
+fuzz/%.o: fuzz/%.cpp
+	$(CXX) $(CPPFLAGS) $(CXXFLAGS) -c $< -o $@
+
+fuzz/fuzz_dissect_packet: fuzz/fuzz_dissect_packet.o $(fuzz_dissect_packet_proto_sources) $(OBJECTS_NO_MAIN)
+	$(CXX) $(CPPFLAGS) $(CXXFLAGS) $(LDFLAGS) $(LIB_FUZZING_ENGINE) $^ $(LIBS) -o $@
+
+fuzz/%: fuzz/%.o $(OBJECTS_NO_MAIN)
+	$(CXX) $(CPPFLAGS) $(CXXFLAGS) $(LDFLAGS) $(LIB_FUZZING_ENGINE) $^ $(LIBS) -o $@
+
+fuzz_corpus: $(FUZZ_CORPUS)
+
+fuzz_all: $(LIB_TARGETS) $(FUZZ_TARGETS) fuzz_corpus
+
+.SECONDEXPANSION:
+
+fuzz/fuzz_%_seed_corpus.zip: $$(wildcard fuzz/corpus/fuzz_%/*)
+	zip -j $@ $^

fuzz/README.md

@@ -0,0 +1,81 @@
+# Fuzzing targets
+
+The targets are meant to be run by google oss-fuzz however you can test it locally by
+configuring all the required flags.
+
+## Flags
+
+These are all the flags that can be passed to the C/C++ compiler:
+ - [REQUIRED] **FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION**
+ - **IS_AFL**: Used only for local testing when using AFL++. It adds the `main` function that calls
+`LLVMFuzzerTestOneInput`. Note that it is not needed when fuzzing on ClusterFuzz.
+
+These are all the env variables that can be passed to the configuration script:
+ - **LIB_FUZZING_ENGINE**: the flag used by the fuzzing engine (afl, libfuzzer, ...)
+
+Additionally there are some options that can be passed to `./configure`
+ - **--enable-fuzztargets**: Enable all the fuzzing targets. It is used in the ClusterFuzz environment
+ - **--enable-fuzztargets-local**: Enable all the fuzzing targets, used for local testing
+ - **--with-fuzz-protobuf**: Use libprotobuf-mutator.
+
+Additional sanitizers can be enabled by passing the specific flags in `CFLAGS` and `CXXFLAGS`
+
+## Runtime configuration
+
+Some of the fuzzing targets require a particular directory structure to run correctly.
+In order to satisfy all the targets it is strongly suggested to create the following
+directories in the same path where the targets are launched:
+
+ - `install`
+ - `data-dir`
+ - `docs`
+ - `scripts`
+ - `scripts/callbacks`
+
+## Examples
+
+**Remember** to run all the commands from the project root directory
+
+### Libfuzzer
+
+```shell
+./autogen.sh
+
+CC=clang CXX=clang++ CPPFLAGS="-DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION" \
+	CFLAGS="-O1 -fno-omit-frame-pointer -gline-tables-only -fsanitize=fuzzer-no-link" \
+	CXXFLAGS="-O1 -fno-omit-frame-pointer -gline-tables-only -fsanitize=fuzzer-no-link" \
+	LIB_FUZZING_ENGINE="-fsanitize=fuzzer" \
+	NDPI_HOME=/path/to/nDPI \
+	./configure --enable-fuzztargets --with-fuzz-protobuf
+
+make -j$(nproc) fuzz_all
+```
+
+
+### Libfuzzer + address sanitizer
+
+```shell
+./autogen.sh
+
+CC=clang CXX=clang++ CPPFLAGS="-DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION" \
+	CFLAGS="-O1 -fno-omit-frame-pointer -gline-tables-only -fsanitize=address -fsanitize-address-use-after-scope -fsanitize=fuzzer-no-link" \
+	CXXFLAGS="-O1 -fno-omit-frame-pointer -gline-tables-only -fsanitize=address -fsanitize-address-use-after-scope -fsanitize=fuzzer-no-link" \
+	LIB_FUZZING_ENGINE="-fsanitize=fuzzer" \
+	NDPI_HOME=/path/to/nDPI \
+	./configure --enable-fuzztargets --with-fuzz-protobuf
+
+make -j$(nproc) fuzz_all
+```
+
+### AFL++
+```shell
+./auogen.sh
+
+CC=afl-clang-fast CXX=afl-clang-fast++ CPPFLAGS="-DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -DIS_AFL" \
+	CFLAGS="-O1 -fno-omit-frame-pointer -gline-tables-only" \
+	CXXFLAGS="-O1 -fno-omit-frame-pointer -gline-tables-only -stdlib=libc++" \
+	NDPI_HOME=/path/to/nDPI \
+	./configure --enable-fuzztargets-local
+
+make -j$(nproc) fuzz_all
+```