> what does Centos 7 do with UPD packets having invalid checksums?
By default I assume they are just dropped - that's what should happen.
>
> Are such packets inevitably dropped?
Applications can specifically disable checksum checking for the kernel
network stack on a per application basis, but the default is to check
and drop if in error.
> Does a network card drop them when it
> does checksum verification in hardware even before the packets go anywhere?
Depends on the hardware. I suspect that most modern cards allow the OS
to offload the checksum functions. You can check with, e.g.,
ethtool --show-offload eth0
>
> In general, if someone were to send me UPD packets with invalid checksums over
> the internet, how far would such packets get?
As far as the checksumming code - either in the hardware or kernel
network stack. They should be dropped as soon as the checksum fails
because at that point it shows that the contents are flawed.
>
> In particular, how likely it is that SRTP packets sent over the internet over
> UPD could be damaged in such a way that the verification of the authentication
> tag fails when they arrive at the receiver, and how might such damage be
> caused?
>
Don't know - how does any network packet get corrupted? Bad hardware,
cosmic rays, bad cables, bad source? I would doubt there would be
anything malicious: why do something to a packet such that it is almost
guaranteed to be dropped.
P.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
