ctnetlink unique id size?

ctnetlink unique id size?

[Marcus Sundberg]

Hi,

isn't an unsigned int a bit (or rather about 32 bits) small for
keeping the id field of the ip_conntrack struct? It's bound to wrap
around, and with things like long-lived ssh sessions it's even
possible for two connections to be assigned the same id after a
wrap-around.

Am I missing something obvious when I think ctnetlink_dump_table()
will break down when the wrap-around occurs?

Using an uint64_t would on the other hand guarantee that each
connection really get a unique id.

//Marcus
-- 
---------------------------------------+--------------------------
   Marcus Sundberg <marcus@ingate.com>  | Firewalls with SIP & NAT
  Software Developer, Ingate Systems AB |  http://www.ingate.com/

Re: ctnetlink unique id size?

[Patrick McHardy]

Marcus Sundberg wrote:
> Hi,
> 
> isn't an unsigned int a bit (or rather about 32 bits) small for
> keeping the id field of the ip_conntrack struct? It's bound to wrap
> around, and with things like long-lived ssh sessions it's even
> possible for two connections to be assigned the same id after a
> wrap-around.
> 
> Am I missing something obvious when I think ctnetlink_dump_table()
> will break down when the wrap-around occurs?
> 
> Using an uint64_t would on the other hand guarantee that each
> connection really get a unique id.

We had a long discussion about this an the result was that it has to
be 64 bit. Search the archives if you are interested, the subject
is "ctnetlink questions". I'm surprised too that it now is 32 bit.
Maybe Harald knows the reason.

Regards
Patrick

Re: ctnetlink unique id size?

[Harald Welte]

[-- Attachment #1: Type: text/plain, Size: 1367 bytes --]

On Sun, Feb 20, 2005 at 05:47:26AM +0100, Patrick McHardy wrote:
> Marcus Sundberg wrote:
> >Hi,
> >
> >isn't an unsigned int a bit (or rather about 32 bits) small for
> >keeping the id field of the ip_conntrack struct? It's bound to wrap
> >around, and with things like long-lived ssh sessions it's even
> >possible for two connections to be assigned the same id after a
> >wrap-around.
> >
> >Am I missing something obvious when I think ctnetlink_dump_table()
> >will break down when the wrap-around occurs?
> >
> >Using an uint64_t would on the other hand guarantee that each
> >connection really get a unique id.
> 
> We had a long discussion about this an the result was that it has to
> be 64 bit. Search the archives if you are interested, the subject
> is "ctnetlink questions". I'm surprised too that it now is 32 bit.
> Maybe Harald knows the reason.

my guess is that nobody has ever increased it's size since that
discussion was over.

> Regards
> Patrick

-- 
- Harald Welte <laforge@netfilter.org>                 http://netfilter.org/
============================================================================
  "Fragmentation is like classful addressing -- an interesting early
   architectural error that shows how much experimentation was going
   on while IP was being designed."                    -- Paul Vixie

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 189 bytes --]