Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

ethernet pad bytes

9 views
Skip to first unread message

Rajesh Gopi

unread,
Feb 6, 2003, 4:50:27 PM2/6/03
to
Greetings !

Is it a violation of any spec/RFC for an ethernet driver to pad outgoing small IP packets to say 100 bytes (instead of the IEEE recommended 60 bytes) ?

Alternatively, is it OK for firewalls or other IP modules on the receiving side to compare the total length of packet received and the length of packet reported by the IP header, and make decisions to accept/drop packets ?

Thanks,
rajesh

Barry Margolin

unread,
Feb 6, 2003, 5:40:55 PM2/6/03
to
In article <3E42D8A3...@hotmail.com>,

Rajesh Gopi <raje...@hotmail.com> wrote:
>Is it a violation of any spec/RFC for an ethernet driver to pad outgoing
>small IP packets to say 100 bytes (instead of the IEEE recommended 60
>bytes) ?

The extra bytes will never be noticed. The IP header has a length field,
and IP only looks at those bytes. Any extra padding will be ignored, just
like the padding used to get to the minimum IEEE frame size.

>Alternatively, is it OK for firewalls or other IP modules on the
>receiving side to compare the total length of packet received and the
>length of packet reported by the IP header, and make decisions to
>accept/drop packets ?

It seems unlikely that a normal Ethernet transceiver would pad any more
than is needed, so those packets are probably suspect. On the other hand,
I can't see how they could do any harm, since the padding will be ignored.

--
Barry Margolin, bar...@genuity.com
Genuity Managed Services, Woburn, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.

Vernon Schryver

unread,
Feb 6, 2003, 7:28:08 PM2/6/03
to
In article <XvB0a.21$ik5...@paloalto-snr1.gtei.net>,
Barry Margolin <bar...@genuity.net> wrote:

>>Is it a violation of any spec/RFC for an ethernet driver to pad outgoing
>>small IP packets to say 100 bytes (instead of the IEEE recommended 60
>>bytes) ?
>

>The extra bytes will never be noticed. ...

Except that they will reduce performance.


Vernon Schryver v...@rhyolite.com

Rajesh Gopi

unread,
Feb 6, 2003, 7:38:50 PM2/6/03
to
Barry Margolin wrote:
>
> It seems unlikely that a normal Ethernet transceiver would pad any more
> than is needed, so those packets are probably suspect. On the other hand,
> I can't see how they could do any harm, since the padding will be ignored.
>

In this particular case, the driver is working around a hardware bug by padding more bytes than the minimum frame size. A firewall on the receiving end is comparing the total packet length with that specified in IP header and dropping packets due to a mismatch. I was hoping to get clarity on whether the ethernet driver or firewall is breaking any standards.

My understanding was as you mentioned, that the firewall should not bother with the pad bytes. But, is it doing wrong by being paranoid ? Is the driver doing wrong by padding these extra bytes ?

TIA,
rajesh

Rick Jones

unread,
Feb 6, 2003, 7:55:50 PM2/6/03
to
Rajesh Gopi <raje...@hotmail.com> wrote:
> Alternatively, is it OK for firewalls or other IP modules on the
> receiving side to compare the total length of packet received and
> the length of packet reported by the IP header, and make decisions
> to accept/drop packets ?

I suppose if they thought that the pad bytes constituted a covert
channel they might nix it. The padding though is at layer 2 and I was
under the impression that firewalls operated at layer3.

However, even when it is given the entire frame, pad bytes and all, it
could simply pass just the IP datagram portion to the link-level for
transmission and let it generate a completely new set of pad bytes if
the IP datagram happened to be smaller than media minimums. Or
scribble something of its own choosing on the pad bytes.

rick jones
--
portable adj, code that compiles under more than one compiler
these opinions are mine, all mine; HP might not want them anyway... :)
feel free to post, OR email to raj in cup.hp.com but NOT BOTH...

Barry Margolin

unread,
Feb 7, 2003, 11:45:25 AM2/7/03
to
In article <3E43001A...@hotmail.com>,

Rajesh Gopi <raje...@hotmail.com> wrote:
>Barry Margolin wrote:
>>
>> It seems unlikely that a normal Ethernet transceiver would pad any more
>> than is needed, so those packets are probably suspect. On the other hand,
>> I can't see how they could do any harm, since the padding will be ignored.
>>
>
>In this particular case, the driver is working around a hardware bug by
>padding more bytes than the minimum frame size. A firewall on the
>receiving end is comparing the total packet length with that specified in
>IP header and dropping packets due to a mismatch. I was hoping to get
>clarity on whether the ethernet driver or firewall is breaking any
>standards.

RFC 894 and 1042 (the standards for transmission of IP over Ethernet and
IEEE 802 networks) both say that packets must be padded if necessary to
meet the link layer's minimum frame size requirements. Neither of them
explicitly prohibits extra padding -- they don't mention this possibility
at all.

0 new messages