Moving uid from conn_id to connection, and making output determistic

if a hash seed is given.

policy/bro.init

@@ -21,7 +21,6 @@ type conn_id: record {
 	orig_p: port;
 	resp_h: addr;
 	resp_p: port;
-	uid: string;
 };
 
 type icmp_conn: record {
@@ -93,6 +92,7 @@ type connection: record {
 	addl: string;
 	hot: count;		# how hot; 0 = don't know or not hot
 	history: string;
+	uid: string;
 };
 
 type SYN_packet: record {

src/Conn.cc

@@ -222,23 +222,34 @@ uint64 Connection::uid_instance = 0;
 
 uint64 Connection::CalculateUID()
 	{
-	if ( uid_instance == 0 ) 
+	if ( uid_instance == 0 )
 		{
-		// This is the first time we need a UID. Calculate the instance ID by
-		// hashing something likely to be unique.
-		struct {
-			char hostname[128];
-			struct timeval time;
-			pid_t pid;
-		} unique;
+		// This is the first time we need a UID.
+		if ( ! bro_deterministic_output )
+			{
+			// In live mode, with determistic output not explicitly
+			// requested, calculate the instance ID by hashing something
+			// likely to be unique.
+			struct {
+				char hostname[128];
+				struct timeval time;
+				pid_t pid;
+				int rnd;
+			} unique;
 
-		gethostname(unique.hostname, 128);
-		unique.hostname[sizeof(unique.hostname)-1] = '\0';
-		gettimeofday(&unique.time, 0);
-		unique.pid = getpid();
+			gethostname(unique.hostname, 128);
+			unique.hostname[sizeof(unique.hostname)-1] = '\0';
+			gettimeofday(&unique.time, 0);
+			unique.pid = getpid();
+			unique.rnd = random();
 
-		uid_instance = HashKey::HashBytes(&unique, sizeof(unique));
-		++uid_instance; // Now it's larger than zero.
+			uid_instance = HashKey::HashBytes(&unique, sizeof(unique));
+			++uid_instance; // Now it's larger than zero.
+			}
+
+		else
+			// Generate determistic UIDs.
+			uid_instance = 1;
 		}
 
 	// Now calculate the unique ID for this connection.
@@ -386,9 +397,6 @@ RecordVal* Connection::BuildConnVal()
 		id_val->Assign(2, new AddrVal(resp_addr));
 		id_val->Assign(3, new PortVal(ntohs(resp_port), prot_type));
 
-		char tmp[16];
-		id_val->Assign(4, new StringVal(uitoa_n(uid, tmp, sizeof(tmp), 62)));
-
 		conn_val->Assign(0, id_val);
 
 		orig_endp = new RecordVal(endpoint);
@@ -406,6 +414,9 @@ RecordVal* Connection::BuildConnVal()
 		conn_val->Assign(6, new StringVal(""));	// addl
 		conn_val->Assign(7, new Val(0, TYPE_COUNT));	// hot
 		conn_val->Assign(8, new StringVal(""));	// history
+
+		char tmp[16];
+		conn_val->Assign(9, new StringVal(uitoa_n(uid, tmp, sizeof(tmp), 62)));
 		}
 
 	if ( root_analyzer )

src/Net.cc

@@ -68,6 +68,7 @@ double processing_start_time = 0.0;	// time started working on current pkt
 double bro_start_time = 0.0; // time Bro started.
 double bro_start_network_time;	// timestamp of first packet
 double last_watchdog_proc_time = 0.0;	// value of above during last watchdog
+bool bro_deterministic_output = 0; 	// whether determistic output is desired
 bool terminating = false;	// whether we're done reading and finishing up
 
 PacketSortGlobalPQ* packet_sorter = 0;

src/Net.h

@@ -73,6 +73,10 @@ extern double bro_start_time;
 // i.e. the timestamp of the first packet.
 extern double bro_start_network_time;
 
+// True if determistic output is requested. This is set if the user specifies
+// a seed for the random number generator.
+extern bool bro_deterministic_output;
+
 // True if we're a in the process of cleaning-up just before termination.
 extern bool terminating;
 

src/main.cc

@@ -667,6 +667,8 @@ int main(int argc, char** argv)
 
 	bro_start_time = current_time(true);
 
+	bro_deterministic_output = (seed || seed_load_file);
+
 	init_random_seed(seed, seed_load_file, seed_save_file);
 	// DEBUG_MSG("HMAC key: %s\n", md5_digest_print(shared_hmac_md5_key));
 	init_hash_function();

src/util.cc

@@ -352,7 +352,7 @@ char* uitoa_n(uint64 value, char* str, int n, int base)
 
     do {
 		str[i++] = dig[v % base];
-        v /= base;
+		v /= base;
 	} while ( v && i < n );
 
     str[i] = '\0';
@@ -798,7 +798,7 @@ const char* bro_path()
 	if ( ! path )
 		path = ".:"
 			POLICYDEST ":"
-			POLICYDEST "/sigs:" 
+			POLICYDEST "/sigs:"
 			POLICYDEST "/time-machine:"
 			POLICYDEST "/site";