[Oisf-devel] Developer Training

Victor Julien victor at inliniac.net
Fri Mar 6 13:38:05 UTC 2015

Hi all,

A short time ago we announced the first edition of the Suricata
Developer training. I thought it be a good time to explain what we have
in mind.

First, we're planning to make this an annual event. I'm very excited
about this. It should be great fun to have a week of development related
discussions. I'm sure we can all learn a great deal, and share lots of
ideas. Of course the social part is a nice addition.

Also, this is a great "stick behind the door" (as we'd say in Dutch) to
finally get some much needed dev docs done, including architecture
overview diagrams, etc.

What will we be teaching:

1. General Suricata development basics: everything from git, how to QA,
unittests, debugging, etc.

2. Architecture overview
	- API's
	- threading
	- packets, flows, detection and output

3. Extending Suricata -- the beef of the training:
	- packet decoders and detection plugins
	- app layer protocol detection, parsing, state keeping
	- app layer detection engine integration
	- adding logging modules


Each day will start with lectures on each of the topics. You will get an
overview of the API, learn about performance aspects, how threading
comes into play, etc.

After this there will be assignments/challenges to apply the newly
learned skills. This should be very interactive with lots of room for
questions and discussions. We'll be providing various assignments for
multiple skill levels.


>From OISF we will have lead developer Victor Julien, core developers
Eric Leblond and Jason Ish in the room to give the lectures and help
answer questions. Also present to assist in general Suricata related
questions: Matt Jonkman and Peter Manev.


So who is this for? We target people who what to learn how to extend
Suricata. If you want to add protocols, detection options or maybe new
output methods, then this is for you. Or maybe you want to be a 'core'
developer on Suricata. Then this would be an excellent start of getting
into it.

- advanced C experience
- Linux Experience
- Network / Security Experience
- Basic Suricata End User Experience
  => for testing your code

If you're not yet experienced with running Suricata, we would like to
suggest attending a user training first. If you book your dev seat first
hit us up for discount code on one of the training sessions.  We're
planning one in Europe before summer, exact date and location is to be


We'll be charging for the trainings. The revenue is used to cover the
cost of the event itself (travel, hotels, etc). Whats left goes into the
foundations general development budget. So by attending the training you
will support Suricata's development.


This first edition is generously hosted by Napatech in Copenhagen, Denmark.

If you want to book, please do so through this Eventbrite link:

Questions and general feedback and thoughts are welcome!

Victor Julien
PGP: http://www.inliniac.net/victorjulien.asc

More information about the Oisf-devel mailing list