4 files changed, 42 insertions, 13 deletions
diff --git a/include/afl-fuzz.h b/include/afl-fuzz.h
index 7ff3315b..8b6502b4 100644
--- a/include/afl-fuzz.h
+++ b/include/afl-fuzz.h
@@ -501,8 +501,7 @@ typedef struct afl_state {
       custom_splice_optout,             /* Custom mutator no splice buffer  */
       is_main_node,                     /* if this is the main node         */
       is_secondary_node,                /* if this is a secondary instance  */
-      pizza_is_served,                  /* pizza mode                       */
-      prefer_new;                       /* prefer new queue entries         */
+      pizza_is_served;                  /* pizza mode                       */
 
   u32 stats_update_freq;                /* Stats update frequency (execs)   */
 
@@ -886,14 +885,19 @@ struct custom_mutator {
    * A post-processing function to use right before AFL writes the test case to
    * disk in order to execute the target.
    *
-   * (Optional) If this functionality is not needed, simply don't define this
+   * NOTE: Do not do any random changes to the data in this function!
+   *
+   * PERFORMANCE: If you can modify the data in-place you will have a better
+   *              performance. Modify *data and set `*out_buf = data`.
+   *
+   * (Optional) If this functionality is not needed, simply do not define this
    * function.
    *
    * @param[in] data pointer returned in afl_custom_init by this custom mutator
    * @param[in] buf Buffer containing the test case to be executed
    * @param[in] buf_size Size of the test case
    * @param[out] out_buf Pointer to the buffer storing the test case after
-   *     processing. External library should allocate memory for out_buf.
+   *     processing. The external library should allocate memory for out_buf.
    *     It can chose to alter buf in-place, if the space is large enough.
    * @return Size of the output buffer.
    */
diff --git a/include/common.h b/include/common.h
index 0958b035..8d85d201 100644
--- a/include/common.h
+++ b/include/common.h
@@ -147,5 +147,11 @@ s32 create_file(u8 *fn);
 void *afl_memmem(const void *haystack, size_t haystacklen, const void *needle,
                  size_t needlelen);
 
+#ifdef __linux__
+/* Nyx helper functions to create and remove tmp workdirs */
+char *create_nyx_tmp_workdir(void);
+void  remove_nyx_tmp_workdir(afl_forkserver_t *fsrv, char *nyx_out_dir_path);
+#endif
+
 #endif
 
diff --git a/include/config.h b/include/config.h
index e46f515a..b6249a0f 100644
--- a/include/config.h
+++ b/include/config.h
@@ -26,7 +26,7 @@
 /* Version string: */
 
 // c = release, a = volatile github dev, e = experimental branch
-#define VERSION "++4.06a"
+#define VERSION "++4.06c"
 
 /******************************************************
  *                                                    *
diff --git a/include/forkserver.h b/include/forkserver.h
index 50898a08..f5069ce2 100644
--- a/include/forkserver.h
+++ b/include/forkserver.h
@@ -51,16 +51,28 @@ typedef enum NyxReturnValue {
 
 } NyxReturnValue;
 
+typedef enum NyxProcessRole {
+
+  StandAlone,
+  Parent,
+  Child,
+
+} NyxProcessRole;
+
 typedef struct {
 
-  void *(*nyx_new)(const char *sharedir, const char *workdir, uint32_t cpu_id,
-                   uint32_t input_buffer_size,
-                   bool     input_buffer_write_protection);
-  void *(*nyx_new_parent)(const char *sharedir, const char *workdir,
-                          uint32_t cpu_id, uint32_t input_buffer_size,
-                          bool input_buffer_write_protection);
-  void *(*nyx_new_child)(const char *sharedir, const char *workdir,
-                         uint32_t cpu_id, uint32_t worker_id);
+  void *(*nyx_config_load)(const char *sharedir);
+  void (*nyx_config_set_workdir_path)(void *config, const char *workdir);
+  void (*nyx_config_set_input_buffer_size)(void    *config,
+                                           uint32_t input_buffer_size);
+  void (*nyx_config_set_input_buffer_write_protection)(
+      void *config, bool input_buffer_write_protection);
+  void (*nyx_config_set_hprintf_fd)(void *config, int32_t hprintf_fd);
+  void (*nyx_config_set_process_role)(void *config, enum NyxProcessRole role);
+  void (*nyx_config_set_reuse_snapshot_path)(void       *config,
+                                             const char *reuse_snapshot_path);
+
+  void *(*nyx_new)(void *config, uint32_t worker_id);
   void (*nyx_shutdown)(void *qemu_process);
   void (*nyx_option_set_reload_mode)(void *qemu_process, bool enable);
   void (*nyx_option_set_timeout)(void *qemu_process, uint8_t timeout_sec,
@@ -73,8 +85,13 @@ typedef struct {
   uint32_t (*nyx_get_aux_string)(void *nyx_process, uint8_t *buffer,
                                  uint32_t size);
 
+  bool (*nyx_remove_work_dir)(const char *workdir);
+
 } nyx_plugin_handler_t;
 
+/* Imports helper functions to enable Nyx mode (Linux only )*/
+nyx_plugin_handler_t *afl_load_libnyx_plugin(u8 *libnyx_binary);
+
 #endif
 
 typedef struct afl_forkserver {
@@ -178,6 +195,8 @@ typedef struct afl_forkserver {
   u32                   nyx_id;          /* nyx runner id (0 -> master)      */
   u32                   nyx_bind_cpu_id; /* nyx runner cpu id                */
   char                 *nyx_aux_string;
+  bool                  nyx_use_tmp_workdir;
+  char                 *nyx_tmp_workdir_path;
 #endif
 
 } afl_forkserver_t;