Re: Proposed new pcap format

[Darren Reed <darrenr () reed wattle id au>]

In some email I received from Michael Richardson, sie wrote:
> {Darren, you are sending to tcpdump-workers-owner, from the SMTP
>  envelope. I think my MTA is canonicalizing something in a way I don't
>  want it to. It isn't the lists' fault}

Thanks, fixed my alias.

> > > > > > "Darren" == Darren Reed <darrenr () reed wattle id au> writes:
>     >> Are we worrying about corruption of the packets between the
>     >> kernel and the userspace application? Or what?  Yes, the PCI bus
>     >> is now among the more error-prone (relatively speaking) parts of
>     >> the system. So, unless the hash is computing my the MAC/PHY, I
>     >> don't see a point in this.
>
>     Darren> I suppose, ideally, the kernel would digitally sign the
>     Darren> captured packet.
>
>   Prooving what? that you aren't being lied to? By whom?
>   What is the thread model for this? What does having the kernel digital
> sign stuff gain you? Who would lie to you in such a way that they
> couldn't also have the kernel lie to you?

It's not about lieing so much as data integrity within the
computer/application and being able to trust that to a very
high level.

>     Darren> The question I want to be able to answer is: "how do I know
>     Darren> what's in the program's capture buffer represents what was
>     Darren> received by the computer from the network with any degree of
>     Darren> reliability?"
>
>   Reliability implies bit-errors somewhere, not malicious attacks.

Or programming errors :)  But malicious attack is not a concern.

Darren
-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.