MicroTCP is a TCP/IP network stack I started building as a learning exercise while attending the Computer Networking course at the Università degli Studi di Napoli Federico II. It’s just a hobby project and is intended to just be a minimal, yet complete, implementation.
At this moment MicroTCP implements ARP (RFC 826, complete), IPv4 (no fragmentation), ICMP (minimum necessary to reply to pings) and TCP (complete but not stress-tested). Note that “complete” should not be intended as “fully compliant” but just as a measure of progress on all of the major features. For instance, it’s complete enough to handle HTTP traffic on a local network.
People like this usually end up writing a simple operating system, so it’s interesting to see a TCP/IP stack instead. While clearly a hobby project, small, portable TCP/IP stacks can potentially be useful for very specific use cases, like bringing connectivity to ancient operating systems or other small hobby projects.
Yeah, I appreciate the task and fun of doing a project like this. I’d be hesitant to use a non battle tested tcp/ip stack in c. This is something that for all intents and purposes should be written in Rust.
Simply writing in rust doesn’t mean it’s secure though. You’re just limiting a class of issues.
We need to get out of the rust == safe mentality. People said the same thing about Java when it first came out.
I agree with you that an untested network stack shouldn’t be used in a business or mission-critical network. However, if you’re just trying to get an old system on a LAN protected by a firewall and NAT, it’s probably OK.
laffer1,
You’re right that it’s merely limiting the classes of issues, but you are underestating just how important it is that we’re finally solving these major memory flaws! These have plagued us since the inception of the software industry. Rust not providing safety for all mistakes a programmer might make does not detract from just how important it is to provide safety from memory corruption bugs. Having memory faults be automatically detected by compilers is a huge leap! Java (and managed languages in general) provide better safety too, but the new innovation here was doing so at compile time. A side benefit of being able to offload low level correctness checks to a compiler is that we can change our focus to higher level logic & state flaws.
The benefit of minimal code, at least theoretically, is that it’s easier to prove mathematical correctness. In practice, complexity quickly overwhelms human capacity, but assuming we haven’t been overwhelmed, correctness is technically achievable in well-confined problems. In principal it should be safer to run a basic stack with every single possibility confirmed to be correct over a more mature stack that is just too complex for a full state analysis since this is how vulnerabilities creep into software.
Software engineers don’t usually go through the trouble of mathematically proving correctness, although arguably maybe we should.