Firewall Wizards mailing list archives

Re: An ethernet frame with two IP packets inside?

From: Smoot Carl-Mitchell <smoot () tic com>
Date: Thu, 29 Oct 1998 07:19:47 -0600

Keller <keller () wiesbaden netsurf de> said
Hi gurus and beardy wizards, 

what happens if one ethernet frame contains two IP packets?

I know, it *shouldn't* happen, but I could construct one, right?
How will different tcpip stacks deal with the second IP packet?
Could it slip through the filtering rules on some routers?
Could it slip past static pattern matching firewalls (FW-1?) ?


You would have to look at the specific IP stack implementation to
know for sure what would happen.  However, a peek at the Linux kernel
implementation indicates the second IP packet is silently truncated.
Put simply, it looks like exactly one IP packet is processed per
Ethernet frame. I believe the same is true for BSD-based IP implementations as
well, but I do not have the source code handy to check.  One simple way to
find out is to construct such a bogus frame and see what happens. 

Smoot Carl-Mitchell
Texas Internet Consulting

Current thread:

multiple servers with 1 internet connection and fw g (Oct 23)
- Re: multiple servers with 1 internet connection and fw Bennett Todd (Oct 27)
- An ethernet frame with two IP packets inside? Keller (Oct 28)
  - Re: An ethernet frame with two IP packets inside? Darren Reed (Oct 29)
  - Re: An ethernet frame with two IP packets inside? cbrenton (Oct 29)
  - Re: An ethernet frame with two IP packets inside? Smoot Carl-Mitchell (Oct 29)
  - Re: An ethernet frame with two IP packets inside? Gigi Sullivan (Oct 29)
  - Re: An ethernet frame with two IP packets inside? Perry E. Metzger (Oct 29)