As an outreachy intern, when I began my internship, I started out with some pretty ambitious goals. You can read more about the details of my project in my previous blog post. In the first 3 weeks, my aim was to wrap up any PRs I had open from my contribution period and begin work on converting unit tests to Suricata-verify and improving some of the existing Suricata-verify tests. I am happy to share that I successfully got the PRs for detect-flowbits merged into Suricata and Suricata-Verify! This was not an easy task, but the feeling I got after getting my code merged was amazing.
Afterwards, instead of focusing on converting unit tests to Suricata-verify, I began working on increasing Suricata’s rule keyword/log output parity. The first task on my agenda was tackling the DNS application protocol layer. With guidance from my mentors, I began work on implementing the DNS rcode field. At first, I was quite apprehensive about whether I’d be able to make any significant progress with this task on my own; however, by doing enough research on my own and creating PRs to get guidance from my mentors, I’m happy to say that I am very close to successfully implementing the DNS rcode field in Suricata and getting the PR merged. This is a major milestone for me, as it will not only improve the rule keyword/log output parity, but it has also boosted my confidence in tackling similar tasks in the future. I am now excited to move on to the next challenge and continue contributing to Suricata’s development.
I’ll be honest, implementing the rcode field has taken me longer than I expected; however, I am satisfied with my learning journey so far. I now clearly understand the complexities involved in implementing such a feature and have gained valuable experience in troubleshooting and debugging. This accomplishment has also allowed me to deepen my understanding of Suricata’s codebase and DNS protocol. I am grateful for the support and guidance I received from the Suricata community throughout this process, which has further motivated me to contribute even more to its development. With this successful implementation under my belt, I am eager to take on new challenges and continue to increase Suricata’s rule keyword/log output parity.
Moving forward, I aim to implement the remaining DNS fields and share draft PRs more frequently with my mentors. I have learned that doing so will not only help in the progression of my project, but it will also allow for timely feedback and guidance from experienced developers. This iterative process has proven to be invaluable in my growth as a developer and has greatly enhanced my understanding of Suricata’s codebase.
Resources:
1- https://github.com/OISF/suricata/pull/10044
2- https://github.com/OISF/suricata-verify/pull/1542
3- Previous blogpost
Hadiqa Blogs 