Re: An ethernet frame with two IP packets inside?

["Steven M. Bellovin" <smb () research att com>]

In message <3631168B.540E30D3 () wiesbaden netsurf de>, Keller writes:
> Hi gurus and beardy wizards, 
>
> what happens if one ethernet frame contains two IP packets?
>
> I know, it *shouldn't* happen, but I could construct one, right?
> How will different tcpip stacks deal with the second IP packet?
> Could it slip through the filtering rules on some routers?
> Could it slip past static pattern matching firewalls (FW-1?) ?

I don't know of any published (or implemented) way to do that that would
be received by another host.  The standard IP-in-Ethernet encapsulation
uses the Ethernet type field to denote IP, with the IP packet as the
payload of the packet.  There are no length fields, etc., at the Ethernet
level.  See RFC 894 for details, and note that trailer protocols are
essentially unused today.