[Bro-Dev] #1016: Option to extend uids to 128 bit
Bro Tracker
bro at tracker.bro.org
Sun Jun 9 10:16:45 PDT 2013
#1016: Option to extend uids to 128 bit
------------------------------+------------------------
Reporter: rhave | Owner:
Type: Feature Request | Status: new
Priority: Low | Milestone: Bro2.2
Component: Bro | Version: git/master
Resolution: | Keywords:
------------------------------+------------------------
Comment (by grigorescu):
Just to kick off the discussion:
I've been thinking about this one. So, I can understand the desire to move
off of 64-bit UIDs, but I don't understand the immediate jump to 128-bit.
Currently, UIDs are 11 characters long. Jumping to 128 bits would require
doubling it, to 22 characters. I think 128 bits is overkill.
Assuming a *very* busy network that's doing 100,000 connections/second,
and a retention period of a year, we would get 3.2 x 10^12^ connections.
Let's say we want a .1% chance of collision - we would only need 92 bits
for that number of connections, which would be a 16 character UID.
While poking around on this, it seems like current implementation could be
more efficient. Specifically:
{{{
// util.cc line 501
do {
str[i++] = dig[v % base];
v /= base;
} while ( v && i < n - 1 );
}}}
To convert each uid from numeric into text format, we're repeatedly
dividing by 62 (26 upper/lower case letters + 10 digits make up the string
representation). Could we just add 2 characters to the string
representation, to make it bit-shift friendly division by 64? Maybe '@'
and '%' ?
If we do find 2 more characters that we can add, I think it'd make sense
to use 96 bits for the UID, as it would also fit into 16 characters.
Personally, I would support extending the UID field to 16 characters (less
than a 50% increase over what it currently is), so we can say with some
confidence that UIDs actually are unique.
--
Ticket URL: <http://tracker.bro.org/bro/ticket/1016#comment:2>
Bro Tracker <http://tracker.bro.org/bro>
Bro Issue Tracker
More information about the bro-dev
mailing list