[Bro-Dev] new IPv6 code

Siwek, Jonathan Luke jsiwek at illinois.edu
Wed Feb 15 14:33:42 PST 2012 

> - in BroValUnion, 'addr_val' is of type pointer type IPAddr*. I
>  suppose that's to keep the union size as small as possible, which
>  makes sense. I'd still be curious though how allocating the
>  addresses dynamically compares against storing the instance directly
>  inside the union. Have you tried that? I realize it's not an easy
>  change to do that, so fine if not.

You mean having a IPAddr versus IPAddr* member in the union?  I had started out that way, until the compiler told me union members cannot have non-trivial constructors.  And I figured going with a pointer is better for size anyway as you mentioned, although the largest member in the old --enable-brov6 code was the subnets with five uint32's and that did not seem to increase memory as much in the tests as I expected.

> 
> - The DNS binpac analyzer generates both dns_a6_reply and
>  dns_aaaa_reply, but the standard analyzer only the latter (for both
>  resource record types). What is correct?

My thought was to generate both depending on the type, but I guess I forgot to do it for the non-binpac one.  I'll fix it.

> 
> - In the RPC code, there's this:
> 
>    is_mapped_dce_rpc_endpoint(const ConnID* id, TransportProto proto)
> ········{
> ········if ( id->dst_addr.family() == IPAddr::IPv6 )
> ················return false;
>        ...
>        }
> 
>   Does the protocol not support IPv6 at all or is that a "todo"?

I'm not sure -- the old --enable-brov6 switch also bailed out for IPv6.  So yeah, I suppose the todo is to determine how much more of a todo there is.

> 
> - in DPM.cc, the ExpectedConn class: should it now store IPAddr
>  instead of uint32[4] for orig and resp?

Yes, seems like it could do that.

> 
> - Expr.cc, BinaryExpr::AddrFold: why still the uint32[4] here? If it's
>  just to make the macro work, I'd just remove that and use
>  comparision operators instead.
> 

Ok, will do that.

> - IP.h, IP_Hdr: Do we need the new src_addr/dst_addr attributes? Why
>  not construct on the fly out of ip4/ip6?

I guess not.  Hadn't thought of that as I was just replicating the face that the old --enable-brov6 code also added those.  Will fix.

+Jon

More information about the bro-dev mailing list