From bb7476246e2f0bd974aec854de975cefec858362 Mon Sep 17 00:00:00 2001 From: Dimitri Staessens Date: Sun, 6 Dec 2020 16:02:22 +0100 Subject: ipcpd: Use 64-bit flow endpoint IDs for DT The EIDs are now 64-bit. This makes it a tad harder to guess them (think of port scanning). The implementation has only the most significant 32 bits random to quickly map EIDs to N+1 flows. While this is equivalent to a random cookie as a check on flows, the rationale is that valid endpoint IDs should be pretty hard to guess (and thus be 64-bit random at least). Ideally one would use content-addressable memory for this kind of mapping. Signed-off-by: Dimitri Staessens Signed-off-by: Sander Vrijders --- src/tools/irm/irm_ipcp_bootstrap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/tools') diff --git a/src/tools/irm/irm_ipcp_bootstrap.c b/src/tools/irm/irm_ipcp_bootstrap.c index ba57a506..50f03030 100644 --- a/src/tools/irm/irm_ipcp_bootstrap.c +++ b/src/tools/irm/irm_ipcp_bootstrap.c @@ -65,7 +65,7 @@ #define SHA3_512 "SHA3_512" #define DEFAULT_ADDR_SIZE 4 -#define DEFAULT_EID_SIZE 2 +#define DEFAULT_EID_SIZE 8 #define DEFAULT_DDNS 0 #define DEFAULT_TTL 60 #define DEFAULT_ADDR_AUTH ADDR_AUTH_FLAT_RANDOM -- cgit v1.2.3