[Oisf-devel] Rust

Pierre Chifflier chifflier at wzdftpd.net
Mon Jun 19 07:30:54 UTC 2017

On 06/18/2017 04:53 PM, Nick Price wrote:
> I'm interested in hacking on some of the new Rust stuff in Suricata. 
> What's on the to-do list?  I have experience using the Nom crate to
> decode protocols based on RFC if there are more protocols that need to
> be implemented or if more work needs to be done on existing ones.

Hi Nick,

There are different kind of (developing) actions that can help:
1. writing the raw parsers for the different protocols
2. integrate them, and add the verification/detection logic

For 1, there is a large choice of protocols, depending on what you know
best, and the difficulty of the protocol: some of them are interesting
but quite hard: SIP, RDP, Kerberos, etc. Starting with something simpler
may be easier. Some other random names: BGP, IoT protocols, Messaging, etc.
The Suricata team may have some good protocols names in mind, too.

I have started a few of them as independent projects here:
Some of them are incomplete and require more code and tests: SNMP
(because of the interactions with BER), or IKEv2, almost complete but
requires more testing. Support parsers like DER and X.509 will take some
time to complete.
I also intend to add DTLS to the rust tls-parser.

My advice, if adding a new protocol, would be to first write it as
independent rust code and use the unit tests and fuzzing tools to test it.
You can find a tutorial on writing and testing the parsers here:

If you need some help, I'd be happy to help (plx on #suricata).


More information about the Oisf-devel mailing list