Hi Tobias,
On 8/16/19 3:27 PM, Tobias Brunner wrote:
Hi Harald,
if I restart charon, then the connection IDs in the logfile start
by 1 again, making logfile analysis pretty difficult. The IDs are
not unique.
Couldn't you e.g. split the log based on messages referring to the
daemon's restart before analyzing it (or consider the timestamps in your
analysis).
Doesn't really help: The log files are already rotated. I would have
to distinguish between "old" and "new" log files, i.e. introduce my
own connection ids.
Would it be possible to use a random number for the first ID after
a restart instead? Still not perfect, but the chance to get unique
IDs is much higher.
Hm, these are simply static variables initialized to zero (one for IKE
and one for CHILD SAs). I suppose it would theoretically be possible to
initialize them to a random value as an option somehow. But we'd have
to make sure they are only initialized once, so wrap-arounds and
concurrency are handled properly, however, we don't have a portable
pthread_once abstraction yet.
Maybe it would be possible to use an alphanumerical identifier similar
to the connection identifiers in sendmail's log file, e.g.
"x7J7j1kb2487133". Could be generated using something like
echo $n $remoteIP $remoteport $localIP $localport `date` | md5sum
or another cryptographic function. I am sure you get the idea. $n
is the current incremental connection id, still starting at 1 with
each restart.
Regards
Harri
