[strongSwan-dev] logging: unique connection IDs?
harald.dunkel at aixigo.com
Mon Aug 19 10:16:45 CEST 2019
On 8/16/19 3:27 PM, Tobias Brunner wrote:
> Hi Harald,
>> if I restart charon, then the connection IDs in the logfile start
>> by 1 again, making logfile analysis pretty difficult. The IDs are
>> not unique.
> Couldn't you e.g. split the log based on messages referring to the
> daemon's restart before analyzing it (or consider the timestamps in your
Doesn't really help: The log files are already rotated. I would have
to distinguish between "old" and "new" log files, i.e. introduce my
own connection ids.
>> Would it be possible to use a random number for the first ID after
>> a restart instead? Still not perfect, but the chance to get unique
>> IDs is much higher.
> Hm, these are simply static variables initialized to zero (one for IKE
> and one for CHILD SAs). I suppose it would theoretically be possible to
> initialize them to a random value as an option somehow. But we'd have
> to make sure they are only initialized once, so wrap-arounds and
> concurrency are handled properly, however, we don't have a portable
> pthread_once abstraction yet.
Maybe it would be possible to use an alphanumerical identifier similar
to the connection identifiers in sendmail's log file, e.g.
"x7J7j1kb2487133". Could be generated using something like
echo $n $remoteIP $remoteport $localIP $localport `date` | md5sum
or another cryptographic function. I am sure you get the idea. $n
is the current incremental connection id, still starting at 1 with
More information about the Dev