Le 2014-01-28 12:45, Stuart Henderson a écrit :
This analysis is bullshit. You need to take into account the fact that
checksums are verified before regenerating them. That is, you need to
compare a) verifying + regenerating vs b) updating. If there's an
undetectable error, you're going to propagate it no matter whether you
do a) or b).
Checksums are, in many cases, only verified *on the NIC*.
Consider this scenario, which has happened in real life.
- NIC supports checksum offloading, verified checksum is OK.
- PCI transfers are broken (in my case it affected multiple machines
of a certain type, so most likely a motherboard bug), causing some
corruption in the payload, but the machine won't detect them because
it doesn't look at checksums itself, just trusts the NIC's "rx csum
good" flag.
In this situation, packets which have been NATted that are corrupt
now get a new checksum that is valid; so the final endpoint can not
detect the breakage.
I'm not sure if this is common enough to be worth worrying about
here, but the analysis is not bullshit.
You're right. I was in the rough, sorry, and thanks for the explanation.
I don't think this scenario is worth worrying about though.
Simon
