-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "Darren" == Darren Reed <[EMAIL PROTECTED]> writes: Darren> Today, some people might want MD-5, others SHA-1 and in the Darren> future, there may be other hashing algorithms that are Darren> better to use. And there are times when we might want it Darren> off (algorithm 0, for example.) okay, meta-data. I think that one might want to emit the meta-data header, but not fill it in in some cases, and calculate the hash later on, poking it in. Darren> As such, I believe this option should be a (type,value) Darren> pair, if we can agree that the hash value in the option Darren> header is a hash over the entire record returned by the Darren> kernel (with the value of the hash set to 0.) And yes, the Darren> kernel computes the hash. Huh? really. You want the hash over the entire packet, or just the part that was received by pcap? I wondered about that part. This makes the hash very interesting. But, the kernel boundary is abstracted from the point of view of the the pcap file format. So, it we are including anything other than the packet data, we need to define things. I can see some people wanting a hash over the layer-3 only, with mutable fields set to zero (a la IPsec AH), such that they can compare captures from different points. Is this your desire? - -- ] ON HUMILITY: to err is human. To moo, bovine. | firewalls [ ] Michael Richardson, Xelerance Corporation, Ottawa, ON |net architect[ ] [EMAIL PROTECTED] http://www.sandelman.ottawa.on.ca/mcr/ |device driver[ ] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Finger me for keys iQCVAwUBQHqumoqHRg3pndX9AQE6uQQAtRxlD862wj/O5fJVxOFe1jrH/sLFs+kJ OB8r902gToI70DnOLfMsTdU6yvWEA21mC/tUqIi4ViN17I3XEAd1jYQM5db7RfsV 6z1GK70R1ejrvrvZ5w0YRCYQSNCPvUvbIJlmLxhRrZK5SM1truh2imy6uDE2VCQn YtqgbDzrzB0= =6M7y -----END PGP SIGNATURE----- - This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.