On 12/10/2019 4:47 AM, Harald Barth wrote: > > If I read ./src/rxkad/crypt_conn.c correct, checksumming was never turned on. > > /* Do this if packet checksums are ever enabled (below), but > * current version just passes zero > afs_int32 cksum; > cksum = ntohl(rx_GetInt32(packet, 1)); > */ > > /* > * afs_int32 cksum; > * cksum = htonl(0); > * * Future option to add cksum here, but for now we just put 0 > */ > > I wonder what prevented to do more here and why there is a comment > "we just put 0" when there is not even that.
The zero is put by the next line rx_PutInt32(packet, 1 * sizeof(afs_int32), 0); > Someone please enlighten me as rx is not quite my bag ;-) Please get a time machine and speak to IBM developers prior to the AFS 3.3 release. > This was all triggered by a broken network adapter which did put out > broken UDP packets including matching (broken) UDP checksum which then > results in file corruption both in the cleartext (single letter > changes, for example "the" mutates to "tha") and the crypt case where > there will be some binary crap (128 bytes?) replacing the real content > of the file. I'd rather have something on the rx level to prevent this > happening, so what can be done? Stop using rxkad. Proper integrity protection is provided by rxgk which AuriStorFS sites have deployed for many years now. Jeffrey Altman
<<attachment: jaltman.vcf>>
smime.p7s
Description: S/MIME Cryptographic Signature
