[Bro-Dev] $tag in notice_info

Robin Sommer robin at icir.org
Tue Mar 15 21:22:45 PDT 2011


On Wed, Mar 09, 2011 at 21:57 -0800, you wrote:

> I think a universal hash should work here.  There's already one in Hash.cc,
> thanks to Ruoming (I think) and avoiding algorithmic complexity attacks.

I've added code implementing the unique connection identifiers in a
topic branch.  However, two questions:

 - There are actually a number of hash algorithms in Hash.{h,cc}, with
 only one of them being used (via #ifdefs). Vern, do you remember the
 story behind having multiple of them, and can we just remove the code
 for those not enabled?

 - I'm wondering whether for the unique connection ids it would make
 sense to make them stable in the case that we're working offline from
 a trace. It kind of bothers me that when reading the same trace
 multiple times, I get a different output each time. Should we just
 fix the instance ID when reading from a trace?

Robin

-- 
Robin Sommer * Phone +1 (510) 722-6541 * robin at icir.org
ICSI/LBNL    * Fax   +1 (510) 666-2956 *   www.icir.org


More information about the bro-dev mailing list