FreeBSD The Power to Serve

Syzkaller Improvement for WiFi on FreeBSD

Links:
google/syzkaller URL: https://github.com/google/syzkaller
work repository URL: https://github.com/estarriol43/syzkaller/tree/freebsd/frame-injection-v2

Contact: Jian-Lin Li <ljianlin99@gmail.com>
Contact: Li-Wen Hsu <lwhsu@FreeBSD.org>

Syzkaller is an operating system kernel fuzzer that can look for vulnerabilities in the kernel.

This project aims to improve the support of Syzkaller on FreeBSD. Based on the existing WiFi fuzzer designed for Linux, we drafted a WiFi fuzzer for FreeBSD. We planned to use wtap(4), a virtual wifi interface for testing, in order to support WiFi fuzzing.

Some of the design details include:

  • Initialize wtap devices in Syzkaller before WiFi fuzzing

  • Inject 802.11 frames via the existing ioctl interface provided by wtap

  • Inject 802.11 frames via the Netlink interface, which is not supported by FreeBSD for now

We have developed a WiFi fuzzer using existing ioctl interface provided by wtap. One can check out the result in this branch.

We hope to introduce Netlink interface, which is adopted by the Syzkaller to inject 802.11 frames into Linux kernel, to FreeBSD to improve the compatibilities between Linux and FreeBSD.

Sponsor: The FreeBSD Foundation

Last modified on: May 19, 2025 by Maxim Konovalov