From bb7476246e2f0bd974aec854de975cefec858362 Mon Sep 17 00:00:00 2001
From: Dimitri Staessens <dimitri@ouroboros.rocks>
Date: Sun, 6 Dec 2020 16:02:22 +0100
Subject: ipcpd: Use 64-bit flow endpoint IDs for DT

The EIDs are now 64-bit. This makes it a tad harder to guess them
(think of port scanning). The implementation has only the most
significant 32 bits random to quickly map EIDs to N+1 flows. While
this is equivalent to a random cookie as a check on flows, the
rationale is that valid endpoint IDs should be pretty hard to guess
(and thus be 64-bit random at least). Ideally one would use
content-addressable memory for this kind of mapping.

Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
---
 src/tools/irm/irm_ipcp_bootstrap.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src/tools/irm/irm_ipcp_bootstrap.c')

diff --git a/src/tools/irm/irm_ipcp_bootstrap.c b/src/tools/irm/irm_ipcp_bootstrap.c
index ba57a506..50f03030 100644
--- a/src/tools/irm/irm_ipcp_bootstrap.c
+++ b/src/tools/irm/irm_ipcp_bootstrap.c
@@ -65,7 +65,7 @@
 #define SHA3_512               "SHA3_512"
 
 #define DEFAULT_ADDR_SIZE      4
-#define DEFAULT_EID_SIZE       2
+#define DEFAULT_EID_SIZE       8
 #define DEFAULT_DDNS           0
 #define DEFAULT_TTL            60
 #define DEFAULT_ADDR_AUTH      ADDR_AUTH_FLAT_RANDOM
-- 
cgit v1.2.3