How Does Rust Enable Protocol Break Security on W5500-EVB-Pico?
Implements a Protocol Break Relay—a security pattern from the Cross Domain Solution (CDS) domain—using Rust on the W5500-EVB-Pico board.
WIZnet - W5500-EVB-Pico
x 1
Raspberry Pi - RP2040
x 1
1. What This Project Does
From the project README:
"Uses the WIZnet W5500 on the W5500-EVB-Pico in MACRAW mode to pass raw packets to the RP2040. A protocol break is implemented by throwing away the protocol information of received packets, then the payload is validated as JSON, and finally a new UDP packet is constructed to forward the contents on."
This implements a protocol break relay—a security pattern where:
- Raw Ethernet packets are received via W5500 MACRAW mode
- All protocol headers are discarded
- Only the payload is extracted and validated as JSON
- A completely new UDP packet is constructed
- Valid content is forwarded to destination
2. What is a Protocol Break?
The project links directly to the UK NCSC (National Cyber Security Centre) guidance on protocol breaks.
A protocol break is a security technique for Cross Domain Solutions that:
- Terminates incoming network connections completely
- Extracts only the payload data
- Validates content against strict rules
- Reconstructs entirely new packets with known-good headers
This protects against network-based attacks that exploit protocol vulnerabilities—malformed headers, buffer overflows in protocol parsers, and protocol state manipulation.
3. Why MACRAW Mode?
The W5500 normally operates in TCP or UDP mode where it handles protocol processing automatically. This project uses MACRAW mode—a special mode that provides raw Ethernet frame access.
| Mode | W5500 Behavior | Use Case |
|---|---|---|
| TCP/UDP | Handles protocol internally | Normal applications |
| MACRAW | Passes raw frames to MCU | Protocol break, packet inspection |
MACRAW mode is essential here because the protocol break pattern requires:
- Access to complete raw packets
- Ability to discard all headers
- Full control over packet reconstruction
4. Why Rust for This Application?
The project is written in Rust (94.5% of codebase), which provides:
Memory Safety: Rust prevents buffer overflows and memory corruption at compile time—critical when handling untrusted network data.
No Runtime Overhead: Rust's safety guarantees come with zero runtime cost, suitable for resource-constrained embedded systems.
Embassy Framework: The project uses Embassy (noted in GitHub topics), Rust's async embedded framework that enables efficient concurrent packet processing without a traditional RTOS.
5. Project Structure
From the GitHub repository:
w5500-evb-pico-json/
├── .cargo/ # Cargo configuration
├── .github/workflows/ # CI/CD (GitHub Actions)
├── src/ # Rust source code
├── tests/ # Test code
├── Cargo.toml # Dependencies
├── Cargo.lock # Locked dependencies
├── memory.x # Linker script for RP2040
├── rust-toolchain.toml # Rust toolchain specification
├── justfile # Build automation
└── LICENSE # MIT license6. Requirements
From the README:
"You will need a debug probe that supports the Serial Wire Debug (SWD) protocol."
This is needed for flashing and debugging the RP2040.
7. Why W5500-EVB-Pico?
The W5500-EVB-Pico combines RP2040 and W5500 on a single board, making it suitable for this project because:
| Feature | Relevance |
|---|---|
| MACRAW mode support | Required for raw packet access |
| Integrated design | No external wiring needed |
| RP2040 capabilities | Sufficient for packet processing |
| Embassy support | Rust async framework compatibility |
FAQ
Q1: What is a protocol break?
A protocol break is a security technique that completely discards incoming packet headers and reconstructs new packets from scratch. Only the validated payload is forwarded. This prevents attacks that exploit protocol vulnerabilities. The project links to NCSC guidance explaining this pattern.
Q2: What is MACRAW mode?
MACRAW is a W5500 operating mode that provides raw Ethernet frame access instead of handling TCP/IP internally. This allows the firmware to inspect and manipulate packets at the lowest level—necessary for implementing a protocol break.
Q3: Why validate as JSON?
JSON validation serves as content filtering. Only payloads that parse as valid JSON are forwarded. This ensures the relay only passes well-formed, expected data types.
Q4: Why use Rust instead of C?
Rust provides memory safety guarantees at compile time without runtime overhead. For security-focused firmware handling untrusted network data, this reduces vulnerability risk.
Q5: What is Embassy?
Embassy is an async embedded framework for Rust. It enables efficient concurrent programming on microcontrollers without a traditional RTOS kernel.
