[Bro-Dev] $tag in notice_info
Gregor Maier
gregor at icir.org
Thu Mar 24 19:03:57 PDT 2011
You could also use the first packet's timestamp and/or a hash over it's
content + hostname or such to generate the 64bit run-ID. This way we
would always get consistent behavior even if no seed is sets.....
but ymmv
gregor
On 3/22/11 12:01 , Robin Sommer wrote:
>
> On Mon, Mar 21, 2011 at 20:12 -0700, you wrote:
>
>> - I'm wondering whether for the unique connection ids it would make
>>> sense to make them stable in the case that we're working offline from
>>> a trace.
>>
>> I would definitely like that!
>
> What I've now done is making them stable if a hash seed is provided.
> That seems in line with how things are currently: when running from a
> trace results are non-deterministic by default, but seeding gets rid
> of that.
>
> Robin
>
--
Gregor Maier
<gregor at icir.org> <gregor at icsi.berkeley.edu>
Int. Computer Science Institute (ICSI)
1947 Center St., Ste. 600
Berkeley, CA 94704, USA
http://www.icir.org/gregor/
More information about the bro-dev
mailing list