tcpdump mailing list archives
Re: Proposed new pcap format
From: Michael Richardson <mcr () sandelman ottawa on ca>
Date: Fri, 16 Apr 2004 10:30:44 -0400
-----BEGIN PGP SIGNED MESSAGE-----
"Guy" == Guy Harris <guy () alum mit edu> writes:
>> What I'd like to see hashed, by the kernel, is the data it >> provides to the user application. Depending on the purpose, this >> has better trustworthiness, I feel. libpcap may decide to throw >> away that hash and include its own in the dump file. >> >> I'm not suggesting this just for a quick comparison point of view >> (as are some others) but from a data reliability perspective. If >> you have a multithreaded application interacting with libpcap, it >> would be nice if the pcap data that you considered sensiive could >> be hashed by the provider (the kernel), as is the case with other >> data streams in life. Guy> I.e., there are two features being considered here: Guy> 1) a mechanism by which the kernel can provide a hash of Guy> the packet to ensure some level of trust in the packet data; I don't understand this. Are we worrying about corruption of the packets between the kernel and the userspace application? Or what? Yes, the PCI bus is now among the more error-prone (relatively speaking) parts of the system. So, unless the hash is computing my the MAC/PHY, I don't see a point in this. Guy> So I'd see those as separate items for discussion. The Guy> mechanism in 2) needs to be sufficient to handle the hashes Guy> from 1) as well as other hashes people might want to provide, Guy> but that mechanism itself is somewhat decoupled from the Guy> hashing in 1). On this I agree. - -- ] ON HUMILITY: to err is human. To moo, bovine. | firewalls [ ] Michael Richardson, Xelerance Corporation, Ottawa, ON |net architect[ ] mcr () xelerance com http://www.sandelman.ottawa.on.ca/mcr/ |device driver[ ] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Finger me for keys iQCVAwUBQH/uEoqHRg3pndX9AQFTMgP8DqiNNjLEdSGgzCHG7y0WjjOOAOG/I8B3 m1rqV6l1SWwNDxxDzq4uq9oTl8txBKsywSScgRAXjeHpvHCYfRm655zTL9X5E5Xi hFzEkbvGXDEpy+jEfUHJlqWSvhlHmlBOZgTASG+GaMmLfFoncog69WdOSZLZFIco Uf+/y3nOC0k= =vTcv -----END PGP SIGNATURE----- - This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.
Current thread:
- Re: Proposed new pcap format, (continued)
- Re: Proposed new pcap format Michael Richardson (Apr 12)
- Re: Proposed new pcap format Ronnie Sahlberg (Apr 13)
- Re: Proposed new pcap format Ronnie Sahlberg (Apr 09)
- Re: Proposed new pcap format Guy Harris (Apr 09)
- Re: Proposed new pcap format Loris Degioanni (Apr 11)
- Re: Proposed new pcap format Darren Reed (Apr 12)
- Re: Proposed new pcap format Michael Richardson (Apr 12)
- Re: Proposed new pcap format Ronnie Sahlberg (Apr 13)
- Re: Proposed new pcap format Darren Reed (Apr 13)
- Re: Proposed new pcap format Guy Harris (Apr 13)
- Re: Proposed new pcap format Michael Richardson (Apr 16)
- Re: Proposed new pcap format Darren Reed (Apr 12)
- Re: Proposed new pcap format Loris Degioanni (Apr 13)
- Re: Proposed new pcap format Darren Reed (Apr 13)
- Re: Proposed new pcap format Guy Harris (Apr 13)
- Re: Proposed new pcap format Jefferson Ogata (Apr 13)
- Re: Proposed new pcap format Jefferson Ogata (Apr 13)
- Re: Proposed new pcap format Stephen Donnelly (Apr 13)
- Re: Proposed new pcap format Fulvio Risso (Apr 14)
- Re: Proposed new pcap format Jefferson Ogata (Apr 14)
- Re: Proposed new pcap format Stephen Donnelly (Apr 14)
- Re: Proposed new pcap format Jefferson Ogata (Apr 14)