Some days ago I wrote about how and why I had my internship project changed after just a few weeks. I also should also have written about what I had accomplished, so far, and how have I adjusted the plan for the next portion of the internship. (Which, by the way, has achieved its 8th week. Time. It flies.)
The internship’s timeline, so far
(and progress/deliveries)
December 8th – Internship starts
- First two weeks: explore, probe, discover.
- Modbus protocol study;
- Suricata codebase study;
- Experimenting with Suricata-verify.
- Also during this phase, I created basic Suricata-verify tests for Modbus protocol, but since such tests only really work when the protocol has json logging also implemented in Suricata, it turned out those tests weren’t very useful.
- I learned about a python script in Suricata which helps with creating same basic code structure for when one wants to implement a new protocol in Suricata: setup-app-layer.py – this won’t help too much if you’re still new to the whole thing, but gives you some idea of what should exist, including functions to integrate Rust code with the underlying Suricata engine, which is running in C. I’ve submitted a Pull Request with that and some small added contributions for a Modbus protocol in Rust, but then we found out there were duplicated efforts on this.
December 24th – Project halt // In-between projects tasks
- While I waited for a new project to be defined, I worked with adding unittests to some SMB records parsers. I had a pull request approved for the ones written for the NBSS records: PR #5692
- (This meant studying both codebase and protocols to some extent, so I knew what I was doing)
December 30th – New project announced
- Even though I had to write a timeline for my original project as part of my application for Outreachy, when I began my internship I started to feel that I was missing having pre-defined checkpoints and deliverables, to help me materialize the bigger task I had at hand. For this new project this was something I wanted to change, so I wrote a somewhat high level outline/timeline for it, which you can check here.
- During my studies, I was afraid I would end up missing some of the many message types the PostgreSQL FE/BE protocol has, so I compiled all PostgreSQL protocol messages in a spreadsheet, to help me better visualize them. (I also wanted to draw a finite-state machine for it, but haven’t managed to, yet).
- I’ve began writing the nom parsers for a basic startup message (which shares its structure with a few other message types, as well), and submitted a draft PR.
Outreachy community
- In parallel with my internship efforts, I’ve been trying to help with spreading the word of Outreachy, so more people – specially Brazilians, since I’m from there – may get to know it and, hopefully, want to take part in it. I have helped in organizing a live about Outreachy and Google Summer of Code internships, and it was made possible by Canal Peixe Babel (a YouTube channel focused on making science more popular and accessible, hosted by two awesome Brazilian women: Camila Laranjeira and Vivi Mota). It aired on January 19th, and featured as speakers Anna e só, currently an Outreachy organizer, and herself a former intern; Clarissa Borges, alum from both Outreachy and Google summer of Code, and myself.
Challenges & Adapting
Rust and its nom parsers have been a special “obstacle” in this internship. When I chose this project, I had no previous experience with any of that. But the project listed prior Rust knowledge as desirable, so I believed I could do it.

I quickly found out that I had underestimated the whole task, as Suricata in itself is also quite complex, and implementing a network protocol requires fairly specialized knowledge.
In order to keep advancing with the project and try to ensure I’d still be able to learn with this experience, I have proposed a new approach to it, in an attempt to break it down to an even more basic first version: I’ve proposed to have a proof of concept, first, using a depth-first approach. This means I’ll take the first phase of the PostgreSQL FE/BE protocol, the startup phase, and try to implement it in Suricata from end to end — the nom parsers, then integrating these with the tool, and making it recognize this bit. Once I succeed with this, I’ll move on to adding more message types and subprotocols.
Where do I stand?
Sounds good, right? But while it does help in making this slightly overwhelming task have some more achievable milestones, I’ve once again found myself feeling stuck, after the initial progress. There’s a “jump” between writing the nom parsers and actually making sense of how to use parsers to handle the packets and the network stream which I haven’t been quite able to cross, yet.
Even though now I am more familiar with the tools, the protocol and the codebase (and even that great python script), I still can’t quite wrap my head around the whole thing well enough to move forward. And when I feel I can, Rust gets in the way. :D:
But I want to get good at this. I want to be able to achieve something with this internship, and give something back to this community that has welcomed me so well. So, with that in mind, and always reminding what my fellow Outreachy Sumera has written about persevering, last week I took a few steps back and tried to focus on more basic studying – network protocols, Rust, Rust and network protocols…
I feel bad for observing my pace go once again so slow when there’s so little time left. However, if I spend time trying to figure out things by brute-force, although it may work out in the end, my understanding of what is going on may end up being too fragile, and I want to avoid that.
I also feel bad for having halted on the project journals. It seems that whenever I get stuck, I have a hard time writing about it. Likely because I don’t feel I have anything new to add. I have decided to try to have shorter journal entries, so I won’t feel I am spending too much time on that, because – surprise!, due to my lack of progress, I tend not to want to stop to write. I have failed on that this past week, and that’s why I have decided to start this one with this blog post.
Let’s see how it goes. I am still learning. Must not forget that…