Learning Rust: hash map lookup/insert pattern
In Suricata we’re experimenting with implementing app-layer parser in Rust. See Pierre Chifflier’s presentation at the last SuriCon: [pdf]. The first experimental parsers will soon land in master. So coming from a C world I often use a pattern like: … Continue reading → ... Read More
Vuurmuur Development Update
Over the holidays I’ve spent some time refreshing the Vuurmuur code. One major thing that is now done is that the 3 different ‘projects’ (libvuurmuur, vuurmuur and vuurmuur-conf) are now merged into a single ‘project’. This means that a single … Continue reading → ... Read More
Suricata bits, ints and vars
Since the beginning of the project we’ve spoken about variables on multiple levels. Of course flowbits defined by the Snort language came first, but other flow based variables quickly followed: flowints for basic counting, and vars for extracting data using … Continue reading → ... Read More
Fuzzing Suricata with pcaps
Yesterday I wrote about fuzzing Suricata with AFL. Today I’m going to show another way. Since early in the project, we’ve shipped a perl based fuzzer called ‘wirefuzz’. The tool is very simple. It takes a list of pcaps, changes … Continue reading → ... Read More
Fuzzing Suricata with AFL
AFL is a very powerful fuzzer, that tries to be smarter than random input generating fuzzers. It’s cool, but needs a bit more baby sitting. I’ve added some support to Suricata to assist AFL. Here’s how to get started on … Continue reading → ... Read More
Suricata 3.0 is out!
Today, almost 2 years after the release of Suricata 2.0, we released 3.0! This new version of Suricata improves performance, scalability, accuracy and general robustness. Next to this, it brings a lot of new features. New features are too numerous … Continue reading → ... Read More
New Suricata release model
As the team is back from a very successful week in Barcelona, I’d like to take a moment on what we discussed and decided on with regards to development. One thing no one was happy with is how the release … Continue reading → ... Read More