[Bro-Dev] [Bro-Commits] [git/bro] topic/robin/conn-ids: Extending conn_id with a globally unique identifiers. (881071c)

Seth Hall seth at icir.org
Wed Mar 16 09:45:26 PDT 2011


On Mar 16, 2011, at 12:32 PM, Robin Sommer wrote:

> One could now actually use the uid as the table index ... However,
> that wouldn't be as intuitive as using the whole conn_id and I don't
> think I want to advocate that.

Ok.

> However, here's disruptive alternative: we could move
> {orig,resp}{_h,_p} into the connection record and then use the unique
> identifier as the "id" directly ... (Wouldn't do the automatic logging
> of both though). 

Going the other direction, how about we put the uid in the connection record?  We'd then have c$uid and c$id.  That causes the least amount of mental and code disruption while accomplishing essentially the same thing.

> Assuming fields are named consistenly, that would also work if the uid
> were explicitly inlcuded into the log record. 


I need to think more about how this could be used as seamlessly as possible with the logging framework, I don't have a good idea yet.
 
  .Seth

--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro-ids.org/




More information about the bro-dev mailing list