mushorg · Boolean-Autocrat · Jul 6, 2025 · Jul 6, 2025 · Jul 6, 2025 · Jul 6, 2025
diff --git a/.github/workflows/workflow.yml b/.github/workflows/workflow.yml
@@ -10,19 +10,47 @@ jobs:
   checks:
     runs-on: ubuntu-latest
     steps:
-      - name: Dependencies
-        run: sudo apt install libpcap-dev iptables
+      - name: Basic Dependencies
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y libpcap-dev iptables zlib1g-dev build-essential
+
+      - name: Install spicyc
+        run: |
+          wget https://github.com/zeek/spicy/releases/download/v1.13.1/spicy_linux_ubuntu24.deb
+          sudo dpkg --install spicy_linux_ubuntu24.deb
+          sudo apt-get install -f -y # pulling in any missing deps
+          rm spicy_linux_ubuntu24.deb
+
+      - name: Add Spicy CLI to PATH
+        run: echo "/opt/spicy/bin" >> $GITHUB_PATH
+
+      - name: Install clang17
+        run: |
+          wget https://apt.llvm.org/llvm.sh
+          chmod +x llvm.sh
+          sudo ./llvm.sh 17
 
       - name: Checkout
         uses: actions/checkout@v3
 
       - name: Set up Go
         uses: actions/setup-go@v4
         with:
-          go-version: "^1.21"
+          go-version: "^1.23"
+
+      - name: Build Spicy generated files
+        run: |
+          make spicy
 
       - name: Build
+        env:
+          CC: clang
+          CXX: clang++
         run: go build -v ./...
 
       - name: Test
+        env:
+          CC: clang
+          CXX: clang++
         run: go test -v ./...
diff --git a/.gitignore b/.gitignore
@@ -37,3 +37,7 @@ poc/
 
 # Dev
 .vscode
+
+# Spicy generated files
+protocols/spicy/*.cc
+protocols/spicy/parsers/*.h
diff --git a/Makefile b/Makefile
@@ -20,7 +20,10 @@ upx:
 default: build
 
 build:
-	go build -ldflags=$(LDFLAGS) -o bin/server app/server.go
+	CC=clang CXX=clang++ go build -ldflags=$(LDFLAGS) -o bin/server app/server.go
+
+spicy:
+	cd protocols/spicy && make
 
 static:
 	go build --ldflags '-extldflags "-static"' -o bin/server app/server.go

diff --git a/config/config.yaml b/config/config.yaml
@@ -24,3 +24,6 @@ producers:
 
 conn_timeout: 45
 max_tcp_payload: 4096
+
+spicy:
+  enabled: true
diff --git a/glutton.go b/glutton.go
@@ -18,6 +18,7 @@ import (
 	"github.com/mushorg/glutton/connection"
 	"github.com/mushorg/glutton/producer"
 	"github.com/mushorg/glutton/protocols"
+	"github.com/mushorg/glutton/protocols/spicy"
 	"github.com/mushorg/glutton/rules"
 
 	"github.com/google/uuid"
@@ -134,6 +135,13 @@ func (g *Glutton) Init() error {
 	g.tcpProtocolHandlers = protocols.MapTCPProtocolHandlers(g.Logger, g)
 	g.udpProtocolHandlers = protocols.MapUDPProtocolHandlers(g.Logger, g)
 
+	// Initializing Spicy parsers
+	if viper.GetBool("spicy.enabled") {
+		if err := spicy.Initialize(g.Logger); err != nil {
+			return fmt.Errorf("failed to initialize Spicy: %w", err)
+		}
+	}
+
 	return nil
 }
 
@@ -358,7 +366,12 @@ func (g *Glutton) Shutdown() {
 	if err := flushTProxyIPTables(viper.GetString("interface"), g.publicAddrs[0].String(), "udp", uint32(g.Server.udpPort), uint32(viper.GetInt("ports.ssh"))); err != nil {
 		g.Logger.Error("Failed to drop udp iptables", producer.ErrAttr(err))
 	}
-
+	if viper.GetBool("spicy.enabled") {
+		g.Logger.Info("Cleaning up and shutting down Spicy and HILTI runtimes")
+		if err := spicy.Cleanup(); err != nil {
+			g.Logger.Error("Failed to clean up Spicy and HILTI runtimes", producer.ErrAttr(err))
+		}
+	}
 	g.Logger.Info("All done")
 }
 

diff --git a/protocols/protocols.go b/protocols/protocols.go
@@ -10,8 +10,10 @@ import (
 	"github.com/mushorg/glutton/connection"
 	"github.com/mushorg/glutton/producer"
 	"github.com/mushorg/glutton/protocols/interfaces"
+	spicyHandlers "github.com/mushorg/glutton/protocols/spicy/handlers"
 	"github.com/mushorg/glutton/protocols/tcp"
 	"github.com/mushorg/glutton/protocols/udp"
+	"github.com/spf13/viper"
 )
 
 type TCPHandlerFunc func(ctx context.Context, conn net.Conn, md connection.Metadata) error
@@ -84,7 +86,11 @@ func MapTCPProtocolHandlers(log interfaces.Logger, h interfaces.Honeypot) map[st
 		// poor mans check for HTTP request
 		httpMap := map[string]bool{"GET ": true, "POST": true, "HEAD": true, "OPTI": true, "CONN": true}
 		if _, ok := httpMap[strings.ToUpper(string(snip))]; ok {
-			return tcp.HandleHTTP(ctx, bufConn, md, log, h)
+			if viper.GetBool("spicy.enabled") {
+				return spicyHandlers.HandleHTTP(ctx, bufConn, md, log, h)
+			} else {
+				return tcp.HandleHTTP(ctx, bufConn, md, log, h)
+			}
 		}
 		// poor mans check for RDP header
 		if bytes.Equal(snip, []byte{0x03, 0x00, 0x00, 0x2b}) {

diff --git a/protocols/spicy/Makefile b/protocols/spicy/Makefile
@@ -0,0 +1,30 @@
+GRAMMARS := $(wildcard parsers/*.spicy)
+
+GEN_CC := $(notdir $(GRAMMARS:.spicy=.cc))
+LINKER_CC := $(notdir $(patsubst parsers/%.spicy,spicy_linker_%.cc,$(GRAMMARS)))
+HEADERS := $(patsubst parsers/%.spicy,parsers/%.h,$(GRAMMARS))
+
+SPICY_FLAGS := -g
+CXX ?= clang++
+CXXFLAGS += -I/opt/spicy/include -std=c++17 -fPIC -O3 -DNDEBUG -fvisibility=hidden -I$(CURDIR)/parsers
+
+.SECONDARY: $(GEN_CC) $(LINKER_CC) $(HEADERS)
+
+%.cc: parsers/%.spicy
+	@echo "spicyc -c $< -> $@"
+	spicyc -c $(SPICY_FLAGS) $< -o $@
+
+parsers/%.h: parsers/%.spicy
+	@echo "spicyc -P parsers/$* -o $@ $<"
+	spicyc -P parsers/$* -o $@ $<
+
+spicy_linker_%.cc: parsers/%.spicy %.cc
+	@echo "spicyc -l $< -> $@"
+	spicyc -l $(SPICY_FLAGS) $< -o $@
+
+.PHONY: all
+all: $(GEN_CC) $(LINKER_CC) $(HEADERS)
+
+.PHONY: clean
+clean:
+	rm -f $(GEN_CC) $(LINKER_CC) $(HEADERS)