Moving uid from conn_id to connection, and making output determistic

if a hash seed is given.

policy/bro.init

@@ -21,7 +21,6 @@ type conn_id: record {
 	orig_p: port;
 	resp_h: addr;
 	resp_p: port;
-	uid: string;
 };
 
 type icmp_conn: record {
@@ -93,6 +92,7 @@ type connection: record {
 	addl: string;
 	hot: count;		# how hot; 0 = don't know or not hot
 	history: string;
+	uid: string;
 };
 
 type SYN_packet: record {

src/Conn.cc

@@ -224,23 +224,34 @@ uint64 Connection::CalculateUID()
 	{
 	if ( uid_instance == 0 )
 		{
-		// This is the first time we need a UID. Calculate the instance ID by
+		// This is the first time we need a UID.
-		// hashing something likely to be unique.
+		if ( ! bro_deterministic_output )
+			{
+			// In live mode, with determistic output not explicitly
+			// requested, calculate the instance ID by hashing something
+			// likely to be unique.
 			struct {
 				char hostname[128];
 				struct timeval time;
 				pid_t pid;
+				int rnd;
 			} unique;
 
 			gethostname(unique.hostname, 128);
 			unique.hostname[sizeof(unique.hostname)-1] = '\0';
 			gettimeofday(&unique.time, 0);
 			unique.pid = getpid();
+			unique.rnd = random();
 
 			uid_instance = HashKey::HashBytes(&unique, sizeof(unique));
 			++uid_instance; // Now it's larger than zero.
 			}
 
+		else
+			// Generate determistic UIDs.
+			uid_instance = 1;
+		}
+
 	// Now calculate the unique ID for this connection.
 	struct {
 		uint64 counter;
@@ -386,9 +397,6 @@ RecordVal* Connection::BuildConnVal()
 		id_val->Assign(2, new AddrVal(resp_addr));
 		id_val->Assign(3, new PortVal(ntohs(resp_port), prot_type));
 
-		char tmp[16];
-		id_val->Assign(4, new StringVal(uitoa_n(uid, tmp, sizeof(tmp), 62)));
-
 		conn_val->Assign(0, id_val);
 
 		orig_endp = new RecordVal(endpoint);
@@ -406,6 +414,9 @@ RecordVal* Connection::BuildConnVal()
 		conn_val->Assign(6, new StringVal(""));	// addl
 		conn_val->Assign(7, new Val(0, TYPE_COUNT));	// hot
 		conn_val->Assign(8, new StringVal(""));	// history
+
+		char tmp[16];
+		conn_val->Assign(9, new StringVal(uitoa_n(uid, tmp, sizeof(tmp), 62)));
 		}
 
 	if ( root_analyzer )

src/Net.cc

@@ -68,6 +68,7 @@ double processing_start_time = 0.0;	// time started working on current pkt
 double bro_start_time = 0.0; // time Bro started.
 double bro_start_network_time;	// timestamp of first packet
 double last_watchdog_proc_time = 0.0;	// value of above during last watchdog
+bool bro_deterministic_output = 0; 	// whether determistic output is desired
 bool terminating = false;	// whether we're done reading and finishing up
 
 PacketSortGlobalPQ* packet_sorter = 0;

src/Net.h

@@ -73,6 +73,10 @@ extern double bro_start_time;
 // i.e. the timestamp of the first packet.
 extern double bro_start_network_time;
 
+// True if determistic output is requested. This is set if the user specifies
+// a seed for the random number generator.
+extern bool bro_deterministic_output;
+
 // True if we're a in the process of cleaning-up just before termination.
 extern bool terminating;
 

src/main.cc

@@ -667,6 +667,8 @@ int main(int argc, char** argv)
 
 	bro_start_time = current_time(true);
 
+	bro_deterministic_output = (seed || seed_load_file);
+
 	init_random_seed(seed, seed_load_file, seed_save_file);
 	// DEBUG_MSG("HMAC key: %s\n", md5_digest_print(shared_hmac_md5_key));
 	init_hash_function();