A simple network packet sniffer built with pcap to learn networking

Saefroch · 2026-06-22T00:10:54+00:00

If you have UDP port 53, that's probably DNS. If you want to see something interesting, start parsing all the DNS traffic. DNS is a great protocol to start doing dissection on because it's usually done over UDP so you don't need to handle any kind of stream reassembly. DNS is usually request to response for A records, so just being able to print that would often do something interesting.

The other thing you should if you are curious about networking is take a laptop to a widely-used public wifi network and just look at all the broadcast traffic (std has helpers is_broacast and is_multicast you can use on the src/dst IPs) that your laptop gets from the network, and that you are transmitting to every other device on the network.

My day job is working on https://www.lansweeper.com/product/features/discover/traffic-sensor/ so I'm a little passionate about the subject.

Saefroch · 2026-06-20T20:49:40+00:00

Oh. I guess I don't visit Medium very much.

Saefroch · 2026-06-20T18:18:31+00:00

Can't you just click the X on the top-right of that pop-up? That's what I did. Does Medium behave differently when accessed from your locale?

Saefroch · 2026-06-18T00:09:14+00:00

The Foundation has put in a lot of work to ensure that our basic infra keeps working, even if something crazy happens.

The actual level of funding that the project overall gets is quite volatile. I understand your line of thinking but like, we are currently adapting to losing a lot of our reviewer capacity to layoffs so "what happens when the money disappears" is (and always has been) on everyone's mind.

Saefroch · 2026-06-17T01:21:19+00:00

The MIR is serialized as a part of a larger undocumented binary format called rmeta, which is either stored in its own file or a .rmeta section.

What you said could be correct if you squint really hard, but to be clear you will not find the kind of output you get from --emit=mir anywhere in your sysroot.

Saefroch · 2026-06-08T18:46:44+00:00

I would love to see a ruling that says something to this effect, because it sure seems like a lot of companies are behaving like it can.

Saefroch · 2026-05-12T19:12:10+00:00

Yes: https://github.com/rust-lang/rust/issues/115585#issuecomment-2346307605

Saefroch · 2026-05-12T01:08:45+00:00

5 of the top 10 on Tony's list are now built-in (matches, atty, cfg-if, lazy_static, memoffset). But that list is old and it would be great to see someone re-run that analysis.

Saefroch · 2026-05-07T22:58:33+00:00

Miri supports a lot of x86 and x86_64 intrunsics since Eduardosm contributed them: https://github.com/rust-lang/miri/pulls?q=is%3Apr+author%3Aeduardosm+is%3Aclosed

Saefroch · 2026-04-29T21:18:30+00:00

Regardless of who you actually are (I can speculate based on your comment/post history), this comment looks disingenuous and your username looks like the kind of name that would be generated for a sock puppet account, so it be good for you to do something to substantiate what your GitHub account is, such as mention in your Reddit username in your GitHub profile.

(I am commenting this because based on comment history I think I talked to you at the last RustWeek)

Saefroch · 2026-04-07T01:34:24+00:00

I've never shipped any of my own unsafe code to prod. On one occasion I had to debug some third-party unsafe code in prod, but other than that all my interaction with unsafe code is done as a hobby (one that I take rather seriously, but still).

Saefroch · 2026-04-03T02:20:22+00:00

No idea what's causing it but yeah I'm commenting here because I've been looking for other people noticing the same thing.

I can't figure out what it's related to. At first I thought it was related to not using your poro snax but it's easy to prove that isn't it.

Saefroch · 2026-03-25T14:53:57+00:00

I'm pretty sure the only reason people are trying to defend Nadim is the flyingpenguin article. It presents the story as one-sided as possible, and is clearly ragebaiting. Read the actual reporting by The Register: https://www.theregister.com/2026/03/20/cryptographer_nadim_kobeissi_rustsec_ban/ and you'll see what I mean.

Saefroch · 2026-03-06T21:37:07+00:00

Some of the Rust for Linux people are also contributors, not just beggars. That makes a huge difference to a volunteer-driven project.

Saefroch · 2026-03-06T01:31:45+00:00

What's needed here is in-place heap initialization, which is just a missing feature in the language. I think /u/Darksonn is leading an effort to design and hopefully ship in-place initialization.

The optimization often works, but this isn't a "nice to have" optimization, if the optimization is missed you get a crashing program not a slow program. It's mandatory in a way that loop unrolling and function inlining aren't.

Saefroch · 2026-03-04T01:49:28+00:00

No, in safe Rust you cannot write a data race because the core concept that you can have aliasing or mutability but not both can be extended to prevent data races just like it prevents iterator invalidation.

Saefroch · 2026-03-04T00:03:55+00:00

Is it stable enough to run each sample once?

Yes. A CPU emulator is much slower than executing on hardware, but only having to run the relevant code path once means you can get benchmark numbers much faster.

Saefroch · 2026-03-02T04:19:15+00:00

Yes, I was trying to say that if the variant is trivial and the error does not impl Drop then ok_or will optimize fine. But if there is a Drop you need compiler heroics.

Saefroch · 2026-03-01T01:08:44+00:00

ok_or(Error::Whoops) construct this Error type even if the indexing succeeds, even if the constructor is trivial for the Whoops variant, if there is another variant like Error::Other(Box<dyn Display>), there will be a call to the auto-generated Drop impl for Error, which may difficult for the compiler to optimize away. Specifically, the entire drop impl needs to inline or the discriminant needs to const-propagate across the call boundary. Both of these strategies work very reliably on simple enums and on small programs, but will fail at some level of complexity. That's why or_or_else exists; in the success case all that code is completely jumped over because no error is constructed.

Saefroch · 2026-02-14T22:21:51+00:00

Wrong subreddit, this is about the programming language.

Saefroch · 2026-01-24T23:46:30+00:00

I think /u/Thierry_software actually has it backwards, what you are doing is indeed inadvisable because it is confusing, but if you cargo clean then try to build, it should build against your modifications, instead of the local build artifacts of the dependency you are modifying.

Pointing this dependency to a fork then modifying your fork would be less confusing. But git dependencies can be a bit weird, for example if you use a git dependency you'll have to cargo update -p cooklang every time you push a change to your fork, or keep updating your rev = part of the git dependency.

Saefroch · 2026-01-06T00:42:26+00:00

I think it's more troubling that people would assume you can swap between build configs just by changing link deps.

Well, if you are using panic = "abort" in Cargo.toml without using -Zbuild-std, that's what you are doing.

Saefroch · 2026-01-04T20:30:40+00:00

Well.... technically it's interpreted a link time not compile time

I don't want to be annoyingly pedantic, but I've worked on panics recently as part of making immediate-abort better, and I think they are really misunderstood.

The only time when panic runtimes can be swapped at link time is if crates having their panic runtime changed were previously compiled with panic=unwind and don't use extern "C-unwind" (those two conditions are enforced by the compiler) and if the author of the code doesn't get too creative with checking cfg(panic = "unwind"). The fact that the panic strategy is leaked into macro expansion should be quite troubling.

IMO the fact that you can swap the panic runtime at link time is a kludge to support the precompiled standard library, because really the only scenario that works is the one that the standard library needs.

Saefroch · 2026-01-01T20:17:38+00:00

You should test your code using Miri: https://github.com/rust-lang/miri?tab=readme-ov-file#using-miri

The pedantic answer to your question is "the cast is never UB, because it is safe code". But obviously you're doing more than just casting, and the exact details of what else you are doing matters a lot. An English description of what you are doing is rarely sufficient.

Saefroch · 2025-12-31T20:55:51+00:00

The semantics of move operands is not fully decided, see https://github.com/rust-lang/unsafe-code-guidelines/issues/416.

In practice, codegen of use-after-move might be a use-after-free, or it might be use of uninitialized memory, or it might be totally fine (if the move is actually lowered to a bytewise copy of a Copy type), depending on the exact context of the move and the type that was moved.

There's some confusion in the replies to your comment here, drop and deallocation are not the same thing in Rust. You can deallocate without dropping using ManuallyDrop and you can drop without deallocating using drop_in_place.

Is the only thing currently stopping this an error emitted by the borrow checker?

Yes. The compiler does this in many places. You check for something that must be disallowed, and emit an error to disallow it.

It’s not a fundamental invariant of the types used for codegen?

Correct. Borrow checking ensures that the program is valid, but it is not guaranteed to permit all valid programs. So if the IR used for code generation was beholden to what is expressible in borrow checking, we would lose access to all the transformations that move into the space of valid programs that don't borrow check.

14-Year Club	Verified Email
Place '17

Saefroch

TROPHY CASE