> what does Centos 7 do with UPD packets having invalid checksums? By default I assume they are just dropped - that's what should happen. > > Are such packets inevitably dropped? Applications can specifically disable checksum checking for the kernel network stack on a per application basis, but the default is to check and drop if in error. > Does a network card drop them when it > does checksum verification in hardware even before the packets go anywhere? Depends on the hardware. I suspect that most modern cards allow the OS to offload the checksum functions. You can check with, e.g., ethtool --show-offload eth0 > > In general, if someone were to send me UPD packets with invalid checksums over > the internet, how far would such packets get? As far as the checksumming code - either in the hardware or kernel network stack. They should be dropped as soon as the checksum fails because at that point it shows that the contents are flawed. > > In particular, how likely it is that SRTP packets sent over the internet over > UPD could be damaged in such a way that the verification of the authentication > tag fails when they arrive at the receiver, and how might such damage be > caused? > Don't know - how does any network packet get corrupted? Bad hardware, cosmic rays, bad cables, bad source? I would doubt there would be anything malicious: why do something to a packet such that it is almost guaranteed to be dropped. P.