I am going to be implementing a network protocol (specifically, SFTP) and I wondered if there are any general rules-of-thumb to follow?
At the moment it seems like a mammoth task and I'm at a loss as where to start.
I'm looking for:
Try to keep it applicable to network protocols in general.
Thanks!
I'd suggest looking at SharpSSH library, which includes support for SFTP and has been released under a BSD style license, so you might be able to re-use sourcecode or at least ideas from that project.
Some other answer here on SO (that I saw quite a few months ago) mentioned some problems with the SFTP support in it, but not sure if those are still relevant and either way it might be a good starting point at least.
I would certainly recommend using well tested libraries if possible. Especially for the SSH side of SFTP - as mistakes in implementation could lead to security vulnerabilities.
That said, you seem like an experienced person, and you may find that none of the libraries out there (SharpSSH etc.) are appropriate, you should consider seperating your network implementation out into its own library and open sourcing it for two reasons:
Given all that, other guidelines to follow would be similar to other developments, but perhaps with more rigour regarding security and testing. Making sure you run static analysis and that you unit test for failure cases.
Also: Use, but don't trust the lower layers of the OSI model that are provided for you. If there is a scenario that breaks your code, you can bet that the network will find it eventually.
Hope this helps.