httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jan Kalu┼ża <>
Subject [PATCH] mod_unique_id: use ap_random_insecure_bytes() to get unique ID
Date Wed, 26 Jun 2013 12:49:26 GMT

currently mod_unique_id uses apr_gethostname(...) and PID pair as a base 
to generate unique ID. The way how it's implemented brings some problems:

1. For IPv6-only hosts it uses low-order bits of IPv6 address as if they 
were unique, which is wrong.

2. It relies on working DNS. It can happen that hostname does not have 
the IP assigned during httpd start (for example during the boot) and I 
think it is still valid use-case (without mod_unique_id module loaded, 
httpd works well in this case).

3. It calls 1 second sleep to overcome possible usage of the same PID 
after restart as the one used before the restart.

If I'm right, we could fix the problems above by using 
ap_random_insecure_bytes instead of "in_addr"/"pid" pair as a base for 
unique ID generation. It would also make the code simpler. I think the 
randomness generated by ap_random_insecure_bytes() is at least the same 
as the one introduced by apr_gethostname() + pid pair.

The attached patch implements it by removing in_addr/pid fields 
unique_id_rec struct and introduces new "root" field which is 
initialized using ap_random_insecure_bytes() function and is used as a 
base for unique IDs.

Jan Kaluza

View raw message