-----BEGIN PGP SIGNED MESSAGE-----
{Darren, you are sending to tcpdump-workers-owner, from the SMTP envelope. I think my MTA is canonicalizing something in a way I don't want it to. It isn't the lists' fault} >>>>> "Darren" == Darren Reed <[EMAIL PROTECTED]> writes: >> Are we worrying about corruption of the packets between the >> kernel and the userspace application? Or what? Yes, the PCI bus >> is now among the more error-prone (relatively speaking) parts of >> the system. So, unless the hash is computing my the MAC/PHY, I >> don't see a point in this. Darren> I suppose, ideally, the kernel would digitally sign the Darren> captured packet. Prooving what? that you aren't being lied to? By whom? What is the thread model for this? What does having the kernel digital sign stuff gain you? Who would lie to you in such a way that they couldn't also have the kernel lie to you? For that matter why would you even trust the NIC to not lie to you? (This is a very serious question for devices that include IPsec in the NIC!} Darren> The question I want to be able to answer is: "how do I know Darren> what's in the program's capture buffer represents what was Darren> received by the computer from the network with any degree of Darren> reliability?" Reliability implies bit-errors somewhere, not malicious attacks. Darren> btw, is it at all easily possible to get the 802.3 checksum Darren> into captured data ? On some OSes you ask for that. Not on BSD AFAIK, yes, with PF_PACKET on Linux. Darren> If there are corruption problems, then it's more likely to Darren> be within the program itself than PCI (I imagine) and this Darren> is something else I'd like to protect against, especially Darren> where the program is not 100% trustworthy. Okay, you say "trustworthy" rather than "reliable" here. They don't mean the same thing. And with GbE encoding, ECC memory and parity protected L3 cache buses, the PCI bus *is* the least reliable interface in a typical PC. I believe that people who do TCP checksum offload have experienced this problem already. - -- ] ON HUMILITY: to err is human. To moo, bovine. | firewalls [ ] Michael Richardson, Xelerance Corporation, Ottawa, ON |net architect[ ] [EMAIL PROTECTED] http://www.sandelman.ottawa.on.ca/mcr/ |device driver[ ] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Finger me for keys iQCVAwUBQIXLfYqHRg3pndX9AQHeFwP/X5lhA4w3ZA8qgk3reXomvtMI9hKyyzUt 5MS6xvsw3y52fWLwkvvhZn9DpEqILKKy2yeY/nhFjIllf7oK+PgaJ6pe8mIsZsnO 0AjI009VQeauk4B09wHEyB/8OileJGjfLcH/KsJQy5W87rqVUT1QyH5WXTT64+jO hs+aytzmCys= =O8wB -----END PGP SIGNATURE----- - This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.