[sr-dev] Random number generation

Daniel-Constantin Mierla miconda at gmail.com
Fri Apr 13 15:01:36 CEST 2012


Hello,

I haven't looked at the issue reported by Hugh, so by now just comments 
on srutils/sruid.

The idea was to have an unique id generator without linking to an 
external library -- my first purpose was to use it for temporary GRUU 
ids (RFC5627), I am just about to push to master the gruu support in 
registrar/usrloc.

Then I thought it might be useful in other places, such as dialog unique id.

I added it as part of lib, since its target usage was for modules so 
far, but if needed for some core processing, the two files (rather small 
by now) can be moved in the core.

Cheers,
Daniel

On 4/13/12 2:50 PM, Henning Westerholt wrote:
> On Friday 13 April 2012, Hugh Waite wrote:
>> I have a question about random number generation within kamailio.
>>
>> A number of modules use rand() to get a random value and in some places
>> is re-seeding with srand(). I believe this is dangerous because rand()
>> is used in the Via branch tag generator.
>> We have detected some real bugs (where srand is reseeding with 0 for
>> every message, causing transaction mis-matching) but I'm not sure of the
>> correct way to fix this (other than remove srand()).
>>
>> Should all modules be using a 'core' random function (e.g. in srutils?)
>> ? And if so, is this library documented?
>>
>> Regards,
>> Hugh
> Hi Hugh,
>
> for the purpose getting a pseudo-random number (i.e. not for cryptographic
> functionality) we should consolidate on a single random function. There is the
> recent introduced srutils/sruid code, then there exists a (IMHO stronger)
> pseudo-random number generator in rand/fastrand and then there is of course
> rand().
>
> Maybe Daniel can comment about the purpose of the srutils function, IMHO
> consolidating on fastrand or one of the stronger function (d_rand etc..) from
> stdlib.h would be fine.
>
> The re-seeding the internal state of rand() with srand during runtime sounds
> wrong toe me and should be removed/ fixed.
>
> Viele Grüße/ best regards,
>
> Henning Westerholt
>
> _______________________________________________
> sr-dev mailing list
> sr-dev at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev

-- 
Daniel-Constantin Mierla
Kamailio Advanced Training, April 23-26, 2012, Berlin, Germany
http://www.asipto.com/index.php/kamailio-advanced-training/




More information about the sr-dev mailing list