[Bro-Dev] #1016: Option to extend uids to 128 bit

Bro Tracker bro at tracker.bro.org
Sun Jun 9 10:16:45 PDT 2013

#1016: Option to extend uids to 128 bit
  Reporter:  rhave            |      Owner:
      Type:  Feature Request  |     Status:  new
  Priority:  Low              |  Milestone:  Bro2.2
 Component:  Bro              |    Version:  git/master
Resolution:                   |   Keywords:

Comment (by grigorescu):

 Just to kick off the discussion:

 I've been thinking about this one. So, I can understand the desire to move
 off of 64-bit UIDs, but I don't understand the immediate jump to 128-bit.
 Currently, UIDs are 11 characters long. Jumping to 128 bits would require
 doubling it, to 22 characters. I think 128 bits is overkill.

 Assuming a *very* busy network that's doing 100,000 connections/second,
 and a retention period of a year, we would get 3.2 x 10^12^ connections.
 Let's say we want a .1% chance of collision - we would only need 92 bits
 for that number of connections, which would be a 16 character UID.

 While poking around on this, it seems like current implementation could be
 more efficient. Specifically:

 // util.cc   line 501
 do {
        str[i++] = dig[v % base];
         v /= base;
    } while ( v && i < n - 1 );

 To convert each uid from numeric into text format, we're repeatedly
 dividing by 62 (26 upper/lower case letters + 10 digits make up the string
 representation). Could we just add 2 characters to the string
 representation, to make it bit-shift friendly division by 64? Maybe '@'
 and '%' ?

 If we do find 2 more characters that we can add, I think it'd make sense
 to use 96 bits for the UID, as it would also fit into 16 characters.
 Personally, I would support extending the UID field to 16 characters (less
 than a 50% increase over what it currently is), so we can say with some
 confidence that UIDs actually are unique.

Ticket URL: <http://tracker.bro.org/bro/ticket/1016#comment:2>
Bro Tracker <http://tracker.bro.org/bro>
Bro Issue Tracker

More information about the bro-dev mailing list