[Bro-Dev] IP6 addresses

Gregor Maier gregor at icir.org
Tue Jun 21 12:54:18 PDT 2011

On 6/21/11 6:18 , Robin Sommer wrote:
> Bro's code currently has a number of "#ifdef IPv6" blocks that I'd
> really like to get rid of. It's a pain to support two different
> compile-time modes, and setups where IPv6 isn't used at all are
> becoming more and more rare.

I agree. I think IPv6 should be enabled by default.

> I think the main internal changes for that would be (1) making
> addresses generally 128-bit wide, and (2) encapsulating the logic for
> manipulating addresses in its own class, something like IPAddr, or so.

I think that the memory impact for (1) is going to be a lot worse than
you anticipate. A long time ago I did a benchmark and found that
enabling IPv6 doubles the memory footprint. See:

Note, that the Analyzer tree already uses a scheme similar to (2) for
parsing IP headers and making the fields available (see class IP_Hdr)

> I'd like to hear if folks agree with that? (1) clearly has impact on
> memory usage, but I'd say that's ok these days. Alternatively, we
> could use (2) to do some clever scheme that stores less bytes for IPv4
> addresses than for IPv6; but that would then quite likely have in turn
> an impact on CPU performance and I don't see that that'd be worth it.

Therefore, I would opt for using some "clever scheme" that stores less
bytes for IPv4. If we are going to use a class for manipulating IP
addresses, then this alone is going to cause CPU overhead. I don't think
that the additional overhead of implementing the scheme to save bytes
for IPv4-only addresses is going to be significant.

OTOH, using such an IPAddr class is already going to increase the memory
footprint (now we have to allocate a class) significantly. Possibly more
overhead then just enabling IPv6 (*)

Also note, that most IP addresses are probably going to be used on the
policy layer. Maybe we find a clever way of making those as efficient as
possible (memory and space wise), while always using 128-bits in the C++


(*) when IPv6 is enabled AddrVal stores a uint32 *. When it's
instantiated a array with 4 uint32's is allocated. When IPv4-only is
used, AddrVal stores the address as a uint32.
Gregor Maier
<gregor at icir.org>  <gregor at icsi.berkeley.edu>
Int. Computer Science Institute (ICSI)
1947 Center St., Ste. 600
Berkeley, CA 94704, USA

More information about the bro-dev mailing list