-----BEGIN PGP SIGNED MESSAGE-----
{Darren, you are sending to tcpdump-workers-owner, from the SMTP
envelope. I think my MTA is canonicalizing something in a way I don't
want it to. It isn't the lists' fault}
>>>>> "Darren" == Darren Reed <[EMAIL PROTECTED]> writes:
>> Are we worrying about corruption of the packets between the
>> kernel and the userspace application? Or what? Yes, the PCI bus
>> is now among the more error-prone (relatively speaking) parts of
>> the system. So, unless the hash is computing my the MAC/PHY, I
>> don't see a point in this.
Darren> I suppose, ideally, the kernel would digitally sign the
Darren> captured packet.
Prooving what? that you aren't being lied to? By whom?
What is the thread model for this? What does having the kernel digital
sign stuff gain you? Who would lie to you in such a way that they
couldn't also have the kernel lie to you?
For that matter why would you even trust the NIC to not lie to you?
(This is a very serious question for devices that include IPsec in the NIC!}
Darren> The question I want to be able to answer is: "how do I know
Darren> what's in the program's capture buffer represents what was
Darren> received by the computer from the network with any degree of
Darren> reliability?"
Reliability implies bit-errors somewhere, not malicious attacks.
Darren> btw, is it at all easily possible to get the 802.3 checksum
Darren> into captured data ?
On some OSes you ask for that. Not on BSD AFAIK, yes, with PF_PACKET
on Linux.
Darren> If there are corruption problems, then it's more likely to
Darren> be within the program itself than PCI (I imagine) and this
Darren> is something else I'd like to protect against, especially
Darren> where the program is not 100% trustworthy.
Okay, you say "trustworthy" rather than "reliable" here. They don't
mean the same thing.
And with GbE encoding, ECC memory and parity protected L3 cache buses,
the PCI bus *is* the least reliable interface in a typical PC. I believe
that people who do TCP checksum offload have experienced this problem
already.
- --
] ON HUMILITY: to err is human. To moo, bovine. | firewalls [
] Michael Richardson, Xelerance Corporation, Ottawa, ON |net architect[
] [EMAIL PROTECTED] http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys
iQCVAwUBQIXLfYqHRg3pndX9AQHeFwP/X5lhA4w3ZA8qgk3reXomvtMI9hKyyzUt
5MS6xvsw3y52fWLwkvvhZn9DpEqILKKy2yeY/nhFjIllf7oK+PgaJ6pe8mIsZsnO
0AjI009VQeauk4B09wHEyB/8OileJGjfLcH/KsJQy5W87rqVUT1QyH5WXTT64+jO
hs+aytzmCys=
=O8wB
-----END PGP SIGNATURE-----
-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.
