|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: An ethernet frame with two IP packets inside?
Smoot Carl-Mitchell (smoot
tic.com)
Thu, 29 Oct 1998 07:19:47 -0600
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
- Next message: Darren Reed: "Re: An ethernet frame with two IP packets inside?"
- Previous message: Gordon Greene: "Re: Trusted Unices Aren't?"
- Next in thread: Darren Reed: "Re: An ethernet frame with two IP packets inside?"
>Keller <kellerwiesbaden.netsurf.de> said
>Hi gurus and beardy wizards,
>
>what happens if one ethernet frame contains two IP packets?
>
>I know, it *shouldn't* happen, but I could construct one, right?
>How will different tcpip stacks deal with the second IP packet?
>Could it slip through the filtering rules on some routers?
>Could it slip past static pattern matching firewalls (FW-1?) ?
You would have to look at the specific IP stack implementation to
know for sure what would happen. However, a peek at the Linux kernel
implementation indicates the second IP packet is silently truncated.
Put simply, it looks like exactly one IP packet is processed per
Ethernet frame. I believe the same is true for BSD-based IP implementations as
well, but I do not have the source code handy to check. One simple way to
find out is to construct such a bogus frame and see what happens.
Smoot Carl-Mitchell
Texas Internet Consulting
- Next message: Darren Reed: "Re: An ethernet frame with two IP packets inside?"
- Previous message: Gordon Greene: "Re: Trusted Unices Aren't?"
- Next in thread: Darren Reed: "Re: An ethernet frame with two IP packets inside?"
This archive was generated by hypermail 2.0b3 on Sat Jul 17 1999 - 07:11:57 CDT