[Oisf-devel] Rust

Nick Price nick at spun.io
Mon Jun 19 19:37:32 UTC 2017


Thanks!  I think I'll start with BGP because that one is particularly
interesting to me.  I've got a nom-based IPFIX parser that has been stable
in production and has some basic tests, but after reading that link, I'm
interested to see if I can break it with a fuzzer.

I'll let you know if I need any help.  Thanks again!

Nick

On Mon, Jun 19, 2017 at 3:30 AM, Pierre Chifflier <chifflier at wzdftpd.net>
wrote:

> On 06/18/2017 04:53 PM, Nick Price wrote:
> > I'm interested in hacking on some of the new Rust stuff in Suricata.
> > What's on the to-do list?  I have experience using the Nom crate to
> > decode protocols based on RFC if there are more protocols that need to
> > be implemented or if more work needs to be done on existing ones.
> >
>
> Hi Nick,
>
>
> There are different kind of (developing) actions that can help:
> 1. writing the raw parsers for the different protocols
> 2. integrate them, and add the verification/detection logic
>
> For 1, there is a large choice of protocols, depending on what you know
> best, and the difficulty of the protocol: some of them are interesting
> but quite hard: SIP, RDP, Kerberos, etc. Starting with something simpler
> may be easier. Some other random names: BGP, IoT protocols, Messaging, etc.
> The Suricata team may have some good protocols names in mind, too.
>
> I have started a few of them as independent projects here:
> https://github.com/rusticata
> Some of them are incomplete and require more code and tests: SNMP
> (because of the interactions with BER), or IKEv2, almost complete but
> requires more testing. Support parsers like DER and X.509 will take some
> time to complete.
> I also intend to add DTLS to the rust tls-parser.
>
> My advice, if adding a new protocol, would be to first write it as
> independent rust code and use the unit tests and fuzzing tools to test it.
> You can find a tutorial on writing and testing the parsers here:
> https://github.com/Geal/langsec-2017-hackathon-code
>
> If you need some help, I'd be happy to help (plx on #suricata).
>
> Regards,
> Pierre
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-devel/attachments/20170619/d2218c90/attachment-0002.html>


More information about the Oisf-devel mailing list