Add a second fuzzing engine alongside the existing libFuzzer/cargo-fuzz
setup. AFL++ runs with persistent mode (afl::fuzz! macro), LLVM plugins
(CmpLog, IJON), and a SymCC concolic companion for hybrid fuzzing.
- cargo-afl built from afl.rs with a patch for CARGO_AFL_DIR /
CARGO_AFL_LLVM_DIR env-var overrides
- AFL++ built with LLVM 22 plugins to match rust-nightly
- Persistent-mode fuzz targets in lib/fuzz-afl/
- --jobs N parallel fuzzing: main instance in foreground, secondaries
and SymCC companion as systemd transient units in a slice
- Ctrl+c / exit cleans up all background processes via slice stop
- AFL_AUTORESUME=1 for clean restarts after previous runs
- fuzz-clean-afl collects crashes from all instance directories
- Shared harness logic in lib/src/fuzz_harness.rs
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Values are intentionally USB-spec-aligned (0x00/0x80), not rusb-aligned.
Safe since the enum is only pattern-matched, never cast to integer.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Spec reviewer caught three missing items that would cause build failures:
- pub use rusb::Direction needs local replacement enum
- rusb::Version conversion impls in device.rs need removal
- stale rusb::Direction comment in usbip_protocol.rs
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add a simulated USB Audio Class 1 loopback device for testing
isochronous transfers. Audio sent to the playback OUT endpoint
(48kHz/16-bit/stereo) is looped back to the capture IN endpoint.
- Add UsbEndpoint::transfer_type() masking bmAttributes to bits 0-1,
fixing dispatch for isochronous endpoints with sync-type sub-bits
- Update all endpoint attribute dispatch sites across the library
- Add UacLoopbackBuffer, UacControlHandler, UacStreamOutHandler,
UacStreamInHandler in lib/src/uac.rs
- Add build_uac_loopback_device() builder function
- Add `test_uac connect` CLI subcommand
- Add 10 unit tests covering buffer, descriptors, and handler behavior
- Add design spec and implementation plan docs
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add IsoPacketDescriptor, UrbRequest, and UrbResponse types to the
protocol layer. Rewrite handle_urb_loop to a concurrent architecture
with pipelining for improved throughput. Replace interfaces vec with
InterfaceState to track alternate settings.
Implement isochronous transfer support in the nusb host handler with
structured ISO packet descriptor parsing and serialization. Switch to
ISO-capable nusb fork. Add IsoLoopbackHandler test fixture and ISO
transfer tests.
Fix host device passthrough: detach kernel drivers before claiming
interfaces, use real EP0 max packet size, forward SET_CONFIGURATION
to device, map nusb Speed enum to Linux kernel values, and use
extend_from_slice for OUT transfer buffers.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add TCP address types, parsing, and connect/listen functions alongside
the existing vsock transport. Update all CLI commands (client listen,
host connect, test_hid connect) to support both vsock: and tcp:
address prefixes. Add hostname resolution for TCP connections.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Convert to cargo workspace with lib/ and cli/ crates. Add Nix flake
for building and development. Extract handle_urb_loop and add
read_urb_command to the library for CLI consumption.
Implement the usbip-rs CLI binary with clap subcommands:
- client listen: accept incoming connections via vhci_hcd sysfs
- host connect: passthrough real USB devices via nusb
- test_hid connect: export a simulated HID keyboard for testing
Add vsock transport layer and vhci_hcd sysfs interaction module.
Apply rustfmt formatting project-wide and add rustfmt/clippy to devShell.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
