tcpdump mailing list archives

Re: Proposed new pcap format

From: Michael Richardson <mcr () sandelman ottawa on ca>
Date: Fri, 16 Apr 2004 10:30:44 -0400

-----BEGIN PGP SIGNED MESSAGE-----

"Guy" == Guy Harris <guy () alum mit edu> writes:

    >> What I'd like to see hashed, by the kernel, is the data it
    >> provides to the user application.  Depending on the purpose, this
    >> has better trustworthiness, I feel. libpcap may decide to throw
    >> away that hash and include its own in the dump file.
    >> 
    >> I'm not suggesting this just for a quick comparison point of view
    >> (as are some others) but from a data reliability perspective.  If
    >> you have a multithreaded application interacting with libpcap, it
    >> would be nice if the pcap data that you considered sensiive could
    >> be hashed by the provider (the kernel), as is the case with other
    >> data streams in life.

    Guy> I.e., there are two features being considered here:

    Guy>        1) a mechanism by which the kernel can provide a hash of
    Guy> the packet to ensure some level of trust in the packet data;

  I don't understand this.

  Are we worrying about corruption of the packets between the kernel and
the userspace application? Or what?  Yes, the PCI bus is now among the
more error-prone (relatively speaking) parts of the system. So, unless
the hash is computing my the MAC/PHY, I don't see a point in this.

    Guy> So I'd see those as separate items for discussion.  The
    Guy> mechanism in 2) needs to be sufficient to handle the hashes
    Guy> from 1) as well as other hashes people might want to provide,
    Guy> but that mechanism itself is somewhat decoupled from the
    Guy> hashing in 1).

  On this I agree.

- --
]       ON HUMILITY: to err is human. To moo, bovine.           |  firewalls  [
]   Michael Richardson,    Xelerance Corporation, Ottawa, ON    |net architect[
] mcr () xelerance com      http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys

iQCVAwUBQH/uEoqHRg3pndX9AQFTMgP8DqiNNjLEdSGgzCHG7y0WjjOOAOG/I8B3
m1rqV6l1SWwNDxxDzq4uq9oTl8txBKsywSScgRAXjeHpvHCYfRm655zTL9X5E5Xi
hFzEkbvGXDEpy+jEfUHJlqWSvhlHmlBOZgTASG+GaMmLfFoncog69WdOSZLZFIco
Uf+/y3nOC0k=
=vTcv
-----END PGP SIGNATURE-----
-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.

Current thread:

Re: Proposed new pcap format, (continued)
- - - Re: Proposed new pcap format Michael Richardson (Apr 12)
    - Re: Proposed new pcap format Ronnie Sahlberg (Apr 13)
- Re: Proposed new pcap format Ronnie Sahlberg (Apr 09)
  - Re: Proposed new pcap format Guy Harris (Apr 09)
- Re: Proposed new pcap format Loris Degioanni (Apr 11)
  - Re: Proposed new pcap format Darren Reed (Apr 12)
    - Re: Proposed new pcap format Michael Richardson (Apr 12)
    - Re: Proposed new pcap format Ronnie Sahlberg (Apr 13)
    - Re: Proposed new pcap format Darren Reed (Apr 13)
    - Re: Proposed new pcap format Guy Harris (Apr 13)
    - Re: Proposed new pcap format Michael Richardson (Apr 16)
    - Re: Proposed new pcap format Loris Degioanni (Apr 13)
    - Re: Proposed new pcap format Darren Reed (Apr 13)
    - Re: Proposed new pcap format Guy Harris (Apr 13)
    - Re: Proposed new pcap format Jefferson Ogata (Apr 13)
    - Re: Proposed new pcap format Jefferson Ogata (Apr 13)
    - Re: Proposed new pcap format Stephen Donnelly (Apr 13)
    - Re: Proposed new pcap format Fulvio Risso (Apr 14)
    - Re: Proposed new pcap format Jefferson Ogata (Apr 14)
    - Re: Proposed new pcap format Stephen Donnelly (Apr 14)
    - Re: Proposed new pcap format Jefferson Ogata (Apr 14)

(Thread continues...)