-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "Darren" == Darren Reed <[EMAIL PROTECTED]> writes:
Darren> Today, some people might want MD-5, others SHA-1 and in the
Darren> future, there may be other hashing algorithms that are
Darren> better to use. And there are times when we might want it
Darren> off (algorithm 0, for example.)
okay, meta-data.
I think that one might want to emit the meta-data header, but not fill
it in in some cases, and calculate the hash later on, poking it in.
Darren> As such, I believe this option should be a (type,value)
Darren> pair, if we can agree that the hash value in the option
Darren> header is a hash over the entire record returned by the
Darren> kernel (with the value of the hash set to 0.) And yes, the
Darren> kernel computes the hash.
Huh? really. You want the hash over the entire packet, or just the
part that was received by pcap?
I wondered about that part. This makes the hash very interesting.
But, the kernel boundary is abstracted from the point of view of the
the pcap file format.
So, it we are including anything other than the packet data, we need
to define things.
I can see some people wanting a hash over the layer-3 only, with
mutable fields set to zero (a la IPsec AH), such that they can compare
captures from different points. Is this your desire?
- --
] ON HUMILITY: to err is human. To moo, bovine. | firewalls [
] Michael Richardson, Xelerance Corporation, Ottawa, ON |net architect[
] [EMAIL PROTECTED] http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys
iQCVAwUBQHqumoqHRg3pndX9AQE6uQQAtRxlD862wj/O5fJVxOFe1jrH/sLFs+kJ
OB8r902gToI70DnOLfMsTdU6yvWEA21mC/tUqIi4ViN17I3XEAd1jYQM5db7RfsV
6z1GK70R1ejrvrvZ5w0YRCYQSNCPvUvbIJlmLxhRrZK5SM1truh2imy6uDE2VCQn
YtqgbDzrzB0=
=6M7y
-----END PGP SIGNATURE-----
-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.
