[Bro-Dev] [JIRA] (BIT-1016) Option to extend uids to 128 bit

Robin Sommer (JIRA) jira at bro-tracker.atlassian.net
Tue Aug 27 12:50:00 PDT 2013

    [ https://bro-tracker.atlassian.net/browse/BIT-1016?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13804#comment-13804 ] 

Robin Sommer commented on BIT-1016:

Merged. Three comments:

 - while I generally like the bits_per_uid option, I'm wondering about the performance impact. If it were a static number, UID could just use a correspondingly sized array, vs. now using a relative expensive std::vector. Is the flexibility worth that here? I think a good alternative would be to just #define the bit length in UID, then we could at least easily increase it later.

- If we want to keep the bits_per_uid option, could we at least switch to malloced array instead of std::vector with several pushs per UID? 

- If keeping bits_per_uid, please add a test case that tries a few different values for it.

- We could use "C-<hex>" instead of "C<hex>" to make it more obvious that the first character is special. But not sure if it's worth it.

> Option to extend uids to 128 bit
> --------------------------------
>                 Key: BIT-1016
>                 URL: https://bro-tracker.atlassian.net/browse/BIT-1016
>             Project: Bro Issue Tracker
>          Issue Type: New Feature
>          Components: Bro
>    Affects Versions: git/master
>            Reporter: rhave
>            Assignee: Jon Siwek
>            Priority: Low
>             Fix For: 2.2
> Bro's uids are currently 64 bits, which makes them collide with a 50% chance after 5.1 x 10^9^ different uids (see http://en.wikipedia.org/wiki/Birthday_problem#Probability_table).
> I'm currently generating uuids of 128 bit to replace the native uids in bro, as I'm using them as keys in a database, but this requires rewriting of the bro-logs. I suspect that more people could benefit from an option to extend the uids to 128 bit.
> I've made a quick and dirty patch to change most of the uids to 128 bit (file_analysis uids are missing). The patch is ugly, and is only to show some of the functionality I would like: http://pastebin.com/GkaGejNc

This message was sent by Atlassian JIRA

More information about the bro-dev mailing list