[CentOS] Centos 7: UPD packet checksum verification?

Sun Jan 26 14:58:31 UTC 2020
Pete Biggs <pete at biggs.org.uk>

> what does Centos 7 do with UPD packets having invalid checksums?

By default I assume they are just dropped - that's what should happen.

> 
> Are such packets inevitably dropped? 

Applications can specifically disable checksum checking for the kernel
network stack on a per application basis, but the default is to check
and drop if in error.

>  Does a network card drop them when it 
> does checksum verification in hardware even before the packets go anywhere?

Depends on the hardware. I suspect that most modern cards allow the OS
to offload the checksum functions.  You can check with, e.g., 

  ethtool --show-offload eth0

> 
> In general, if someone were to send me UPD packets with invalid checksums over 
> the internet, how far would such packets get?

As far as the checksumming code - either in the hardware or kernel
network stack. They should be dropped as soon as the checksum fails
because at that point it shows that the contents are flawed.

> 
> In particular, how likely it is that SRTP packets sent over the internet over 
> UPD could be damaged in such a way that the verification of the authentication 
> tag fails when they arrive at the receiver, and how might such damage be 
> caused?
> 
Don't know - how does any network packet get corrupted? Bad hardware,
cosmic rays, bad cables, bad source?  I would doubt there would be
anything malicious: why do something to a packet such that it is almost
guaranteed to be dropped.

P.