8 files changed, 0 insertions, 219 deletions
diff --git a/configure.ac b/configure.ac
index 3c65bc91a0..ae116ef754 100755
--- a/configure.ac
+++ b/configure.ac
@@ -610,10 +610,6 @@ AC_ARG_ENABLE([cumulus],
   AS_HELP_STRING([--enable-cumulus], [enable Cumulus Switch Special Extensions]))
 AC_ARG_ENABLE([datacenter],
   AS_HELP_STRING([--enable-datacenter], [enable Compilation for Data Center Extensions]))
-AC_ARG_ENABLE([fuzzing],
-  AS_HELP_STRING([--enable-fuzzing], [enable ability to fuzz various parts of FRR]))
-AC_ARG_ENABLE([netlink_fuzzing],
-  AS_HELP_STRING([--enable-netlink-fuzzing], [enable ability to fuzz netlink listening socket in zebra]))
 AC_ARG_ENABLE([rr-semantics],
   AS_HELP_STRING([--disable-rr-semantics], [disable the v6 Route Replace semantics]))
 AC_ARG_ENABLE([protobuf],
@@ -718,14 +714,6 @@ else
   DFLT_NAME="traditional"
 fi
 
-if test "$enable_fuzzing" = "yes" ; then
-  AC_DEFINE([HANDLE_ZAPI_FUZZING], [1], [Compile extensions to use with a fuzzer])
-fi
-
-if test "$enable_netlink_fuzzing" = "yes" ; then
-  AC_DEFINE([HANDLE_NETLINK_FUZZING], [1], [Compile extensions to use with a fuzzer for netlink])
-fi
-
 if test "$enable_cumulus" = "yes" ; then
   AC_DEFINE([HAVE_CUMULUS], [1], [Compile Special Cumulus Code in])
 fi
diff --git a/doc/user/installation.rst b/doc/user/installation.rst
index 622af67b0f..22d1291d90 100644
--- a/doc/user/installation.rst
+++ b/doc/user/installation.rst
@@ -255,12 +255,6 @@ options from the list below.
    mind.  Specifically turn on -g3 -O0 for compiling options and add inclusion
    of grammar sandbox.
 
-.. option:: --enable-fuzzing
-
-   Turn on some compile options to allow you to run fuzzing tools against the
-   system. This flag is intended as a developer only tool and should not be
-   used for normal operations.
-
 .. option:: --disable-snmp
 
    Build without SNMP support.
diff --git a/zebra/kernel_netlink.c b/zebra/kernel_netlink.c
index d0c1bc812d..ec5cc1603b 100644
--- a/zebra/kernel_netlink.c
+++ b/zebra/kernel_netlink.c
@@ -20,12 +20,6 @@
 
 #include <zebra.h>
 
-#if defined(HANDLE_NETLINK_FUZZING)
-#include <stdio.h>
-#include <string.h>
-#include "libfrr.h"
-#endif /* HANDLE_NETLINK_FUZZING */
-
 #ifdef HAVE_NETLINK
 
 #include "linklist.h"
@@ -404,86 +398,6 @@ static int netlink_information_fetch(struct nlmsghdr *h, ns_id_t ns_id,
 	return 0;
 }
 
-#if defined(HANDLE_NETLINK_FUZZING)
-/* Using globals here to avoid adding function parameters */
-
-/* Keep distinct filenames for netlink fuzzy collection */
-static unsigned int netlink_file_counter = 1;
-
-/* File name to read fuzzed netlink from */
-static char netlink_fuzz_file[MAXPATHLEN] = "";
-
-/* Flag for whether to read from file or not */
-bool netlink_read;
-
-/**
- * netlink_read_init() - Starts the message parser
- * @fname:      Filename to read.
- */
-void netlink_read_init(const char *fname)
-{
-	struct zebra_dplane_info dp_info;
-
-	snprintf(netlink_fuzz_file, MAXPATHLEN, "%s", fname);
-	/* Creating this fake socket for testing purposes */
-	struct zebra_ns *zns = zebra_ns_lookup(NS_DEFAULT);
-
-	/* Capture key info from zns struct */
-	zebra_dplane_info_from_zns(&dp_info, zns, false);
-
-	netlink_parse_info(netlink_information_fetch, &zns->netlink,
-			   &dp_info, 1, 0);
-}
-
-/**
- * netlink_write_incoming() - Writes all data received from netlink to a file
- * @buf:        Data from netlink.
- * @size:       Size of data.
- * @counter:    Counter for keeping filenames distinct.
- */
-static void netlink_write_incoming(const char *buf, const unsigned int size,
-				   unsigned int counter)
-{
-	char fname[MAXPATHLEN];
-	FILE *f;
-
-	snprintf(fname, MAXPATHLEN, "%s/%s_%u", frr_vtydir, "netlink", counter);
-	frr_with_privs(&zserv_privs) {
-		f = fopen(fname, "w");
-	}
-	if (f) {
-		fwrite(buf, 1, size, f);
-		fclose(f);
-	}
-}
-
-/**
- * netlink_read_file() - Reads netlink data from file
- * @buf:        Netlink buffer being overwritten.
- * @fname:      File name to read from.
- *
- * Return:      Size of file.
- */
-static long netlink_read_file(char *buf, const char *fname)
-{
-	FILE *f;
-	long file_bytes = -1;
-
-	frr_with_privs(&zserv_privs) {
-		f = fopen(fname, "r");
-	}
-	if (f) {
-		fseek(f, 0, SEEK_END);
-		file_bytes = ftell(f);
-		rewind(f);
-		fread(buf, NL_RCV_PKT_BUF_SIZE, 1, f);
-		fclose(f);
-	}
-	return file_bytes;
-}
-
-#endif /* HANDLE_NETLINK_FUZZING */
-
 static int kernel_read(struct thread *thread)
 {
 	struct zebra_ns *zns = (struct zebra_ns *)THREAD_ARG(thread);
@@ -834,18 +748,7 @@ static int netlink_recv_msg(const struct nlsock *nl, struct msghdr msg,
 	msg.msg_iovlen = 1;
 
 	do {
-#if defined(HANDLE_NETLINK_FUZZING)
-		/* Check if reading and filename is set */
-		if (netlink_read && '\0' != netlink_fuzz_file[0]) {
-			zlog_debug("Reading netlink fuzz file");
-			status = netlink_read_file(buf, netlink_fuzz_file);
-			((struct sockaddr_nl *)msg.msg_name)->nl_pid = 0;
-		} else {
-			status = recvmsg(nl->sock, &msg, 0);
-		}
-#else
 		status = recvmsg(nl->sock, &msg, 0);
-#endif /* HANDLE_NETLINK_FUZZING */
 	} while (status == -1 && errno == EINTR);
 
 	if (status == -1) {
@@ -877,13 +780,6 @@ static int netlink_recv_msg(const struct nlsock *nl, struct msghdr msg,
 		zlog_hexdump(buf, status);
 	}
 
-#if defined(HANDLE_NETLINK_FUZZING)
-	if (!netlink_read) {
-		zlog_debug("Writing incoming netlink message");
-		netlink_write_incoming(buf, status, netlink_file_counter++);
-	}
-#endif /* HANDLE_NETLINK_FUZZING */
-
 	return status;
 }
 
diff --git a/zebra/kernel_netlink.h b/zebra/kernel_netlink.h
index c02e16480b..696f9be4f6 100644
--- a/zebra/kernel_netlink.h
+++ b/zebra/kernel_netlink.h
@@ -86,10 +86,6 @@ extern const char *nl_rtproto_to_str(uint8_t rtproto);
 extern const char *nl_family_to_str(uint8_t family);
 extern const char *nl_rttype_to_str(uint8_t rttype);
 
-#if defined(HANDLE_NETLINK_FUZZING)
-extern bool netlink_read;
-extern void netlink_read_init(const char *fname);
-#endif /* HANDLE_NETLINK_FUZZING */
 extern int netlink_parse_info(int (*filter)(struct nlmsghdr *, ns_id_t, int),
 			      const struct nlsock *nl,
 			      const struct zebra_dplane_info *dp_info,
diff --git a/zebra/main.c b/zebra/main.c
index 64746f7166..cfc45567d7 100644
--- a/zebra/main.c
+++ b/zebra/main.c
@@ -59,10 +59,6 @@
 #include "zebra/zebra_opaque.h"
 #include "zebra/zebra_srte.h"
 
-#if defined(HANDLE_NETLINK_FUZZING)
-#include "zebra/kernel_netlink.h"
-#endif /* HANDLE_NETLINK_FUZZING */
-
 #define ZEBRA_PTM_SUPPORT
 
 /* process id. */
@@ -284,12 +280,6 @@ int main(int argc, char **argv)
 	char *vrf_default_name_configured = NULL;
 	struct sockaddr_storage dummy;
 	socklen_t dummylen;
-#if defined(HANDLE_ZAPI_FUZZING)
-	char *zapi_fuzzing = NULL;
-#endif /* HANDLE_ZAPI_FUZZING */
-#if defined(HANDLE_NETLINK_FUZZING)
-	char *netlink_fuzzing = NULL;
-#endif /* HANDLE_NETLINK_FUZZING */
 
 	graceful_restart = 0;
 	vrf_configure_backend(VRF_BACKEND_VRF_LITE);
@@ -301,12 +291,6 @@ int main(int argc, char **argv)
 #ifdef HAVE_NETLINK
 		"s:n"
 #endif
-#if defined(HANDLE_ZAPI_FUZZING)
-		"c:"
-#endif /* HANDLE_ZAPI_FUZZING */
-#if defined(HANDLE_NETLINK_FUZZING)
-		"w:"
-#endif /* HANDLE_NETLINK_FUZZING */
 		,
 		longopts,
 		"  -b, --batch              Runs in batch mode\n"
@@ -321,12 +305,6 @@ int main(int argc, char **argv)
 		"  -s, --nl-bufsize         Set netlink receive buffer size\n"
 		"      --v6-rr-semantics    Use v6 RR semantics\n"
 #endif /* HAVE_NETLINK */
-#if defined(HANDLE_ZAPI_FUZZING)
-		"  -c <file>                Bypass normal startup and use this file for testing of zapi\n"
-#endif /* HANDLE_ZAPI_FUZZING */
-#if defined(HANDLE_NETLINK_FUZZING)
-		"  -w <file>                Bypass normal startup and use this file for testing of netlink input\n"
-#endif /* HANDLE_NETLINK_FUZZING */
 	);
 
 	while (1) {
@@ -388,21 +366,6 @@ int main(int argc, char **argv)
 			v6_rr_semantics = true;
 			break;
 #endif /* HAVE_NETLINK */
-#if defined(HANDLE_ZAPI_FUZZING)
-		case 'c':
-			zapi_fuzzing = optarg;
-			break;
-#endif /* HANDLE_ZAPI_FUZZING */
-#if defined(HANDLE_NETLINK_FUZZING)
-		case 'w':
-			netlink_fuzzing = optarg;
-			/* This ensures we are aren't writing any of the
-			 * startup netlink messages that happen when we
-			 * just want to read.
-			 */
-			netlink_read = true;
-			break;
-#endif /* HANDLE_NETLINK_FUZZING */
 		default:
 			frr_help_exit(1);
 			break;
@@ -489,20 +452,6 @@ int main(int argc, char **argv)
 	/* Error init */
 	zebra_error_init();
 
-#if defined(HANDLE_ZAPI_FUZZING)
-	if (zapi_fuzzing) {
-		zserv_read_file(zapi_fuzzing);
-		exit(0);
-	}
-#endif /* HANDLE_ZAPI_FUZZING */
-#if defined(HANDLE_NETLINK_FUZZING)
-	if (netlink_fuzzing) {
-		netlink_read_init(netlink_fuzzing);
-		exit(0);
-	}
-#endif /* HANDLE_NETLINK_FUZZING */
-
-
 	frr_run(zrouter.master);
 
 	/* Not reached... */
diff --git a/zebra/zapi_msg.c b/zebra/zapi_msg.c
index 2bcb3502d5..a37a0c93c7 100644
--- a/zebra/zapi_msg.c
+++ b/zebra/zapi_msg.c
@@ -3113,29 +3113,6 @@ void (*const zserv_handlers[])(ZAPI_HANDLER_ARGS) = {
 	[ZEBRA_CLIENT_CAPABILITIES] = zread_client_capabilities,
 	[ZEBRA_NEIGH_DISCOVER] = zread_neigh_discover};
 
-#if defined(HANDLE_ZAPI_FUZZING)
-extern struct zebra_privs_t zserv_privs;
-
-static void zserv_write_incoming(struct stream *orig, uint16_t command)
-{
-	char fname[MAXPATHLEN];
-	struct stream *copy;
-	int fd = -1;
-
-	copy = stream_dup(orig);
-	stream_set_getp(copy, 0);
-
-	snprintf(fname, MAXPATHLEN, "%s/%u", frr_vtydir, command);
-
-	frr_with_privs(&zserv_privs) {
-		fd = open(fname, O_CREAT | O_WRONLY | O_EXCL, 0644);
-	}
-	stream_flush(copy, fd);
-	close(fd);
-	stream_free(copy);
-}
-#endif
-
 /*
  * Process a batch of zapi messages.
  */
@@ -3166,10 +3143,6 @@ void zserv_handle_commands(struct zserv *client, struct stream_fifo *fifo)
 		    && IS_ZEBRA_DEBUG_DETAIL)
 			zserv_log_message(NULL, msg, &hdr);
 
-#if defined(HANDLE_ZAPI_FUZZING)
-		zserv_write_incoming(msg, hdr.command);
-#endif
-
 		hdr.length -= ZEBRA_HEADER_SIZE;
 
 		/* Before checking for a handler function, check for
diff --git a/zebra/zserv.c b/zebra/zserv.c
index cded6ea12b..4c8656af0d 100644
--- a/zebra/zserv.c
+++ b/zebra/zserv.c
@@ -1294,17 +1294,6 @@ DEFUN (show_zebra_client_summary,
 	return CMD_SUCCESS;
 }
 
-#if defined(HANDLE_ZAPI_FUZZING)
-void zserv_read_file(char *input)
-{
-	int fd;
-
-	fd = open(input, O_RDONLY | O_NONBLOCK);
-
-	zserv_client_create(fd);
-}
-#endif
-
 void zserv_init(void)
 {
 	/* Client list init. */
diff --git a/zebra/zserv.h b/zebra/zserv.h
index 54e840cd56..c60799b8ba 100644
--- a/zebra/zserv.h
+++ b/zebra/zserv.h
@@ -375,10 +375,6 @@ extern void zserv_close_client(struct zserv *client);
 void zserv_log_message(const char *errmsg, struct stream *msg,
 		       struct zmsghdr *hdr);
 
-#if defined(HANDLE_ZAPI_FUZZING)
-extern void zserv_read_file(char *input);
-#endif
-
 /* TODO */
 __attribute__((__noreturn__)) int zebra_finalize(struct thread *event);