Persistent fuzzing implementation

Hello. We are trying to implement Zeek fuzzing to find possible bugs in custom protocol analyzer. It seems like a good idea to make it persistent, i.e. start Zeek once and feed it with inputs from fuzzer - it should save a lot of time on initialization, scripts parsing, etc. Persistent fuzzing is usually implemented as a function with input buffer as an argument, like this: https://releases.llvm.org/5.0.0/docs/LibFuzzer.html#fuzz-target
I’m not quite sure how to make it work with Zeek. Current design allows to use either PCAP file or network interface as a packet source, PCAP mode being non-persistent. Does anyone have a guideline for making Zeek able to process input from PCAP files in persistent way? Thanks.

We actually just added an implementation of fuzzing for use with OSS-Fuzz at the request of Google, including an implementation using LibFuzzer. If you want take a look at it, it’s mostly contained within the src/fuzzer directory. It currently only supports the POP3 analyzer and a basic packet fuzzer. If you want to add more, please feel free!

Tim