[sr-dev] Random number generation
Henning Westerholt
hw at kamailio.org
Fri Apr 13 14:50:55 CEST 2012
On Friday 13 April 2012, Hugh Waite wrote:
> I have a question about random number generation within kamailio.
>
> A number of modules use rand() to get a random value and in some places
> is re-seeding with srand(). I believe this is dangerous because rand()
> is used in the Via branch tag generator.
> We have detected some real bugs (where srand is reseeding with 0 for
> every message, causing transaction mis-matching) but I'm not sure of the
> correct way to fix this (other than remove srand()).
>
> Should all modules be using a 'core' random function (e.g. in srutils?)
> ? And if so, is this library documented?
>
> Regards,
> Hugh
Hi Hugh,
for the purpose getting a pseudo-random number (i.e. not for cryptographic
functionality) we should consolidate on a single random function. There is the
recent introduced srutils/sruid code, then there exists a (IMHO stronger)
pseudo-random number generator in rand/fastrand and then there is of course
rand().
Maybe Daniel can comment about the purpose of the srutils function, IMHO
consolidating on fastrand or one of the stronger function (d_rand etc..) from
stdlib.h would be fine.
The re-seeding the internal state of rand() with srand during runtime sounds
wrong toe me and should be removed/ fixed.
Viele Grüße/ best regards,
Henning Westerholt
More information about the sr-dev
mailing list