[Tfug] Ethernet frame "immutables" wrt switch silicon

Bexley Hall bexley401 at yahoo.com
Sun May 12 12:19:11 MST 2013


Hi Zack,

On 5/11/2013 7:30 PM, Zack Williams wrote:
> On Sat, May 11, 2013 at 2:21 PM, Bexley Hall<bexley401 at yahoo.com>  wrote:
>
>> I'm more interested in what *parts* of the (legitimate) frame
>> are parsed/relied upon by the switch(es).

>> And, of course, there's the whole issue of how switch silicon
>> deals with "broken" frames -- or, frames that go beyond their
>> idea of what a frame "should be".
>
> I'd imagine the error recovery could be different on each piece of
> switching silicon.

It's hard to imagine doing anything other than:
- drop frame
- forward frame "as received"
as legitimate options.  E.g., I can't imagine it being "legal"
for the switch to pad out a runt packet, etc.

Of course, the switch would *retime* the transmission so interframe
gaps would be fixed, etc.

> If it's low level enough, you may be able to write a set of tests with
> Scapy that could determine the differences:
> http://www.secdev.org/projects/scapy/

Wow, that looks pretty cool!  I'll have to see how easily it
installs on a *BSD box.

I was figuring on just hacking some of the bowels of my protocol
stack to generate "custom" frames and see how that worked.

Thx,
--don




More information about the tfug mailing list