Ethernet packets, Ethernet frames and IP packets in the Virtual World

On layer 2, we are transmitting ethernet frames. Confusingly, these are sometimes referred to as ethernet packets. They are in fact not quite the same thing. The IEEE standard is shown below

The ethernet packet is the frame plus some extra headers and trailers

When the ethernet frame (or packet) arrives at the NIC, it is briefly stored , an interrupt is raised from the NIC card to the motherboard to ask for the frame to be read into the computer’s memory. A series of processes then occurs in the kernel of the operating system

operation_process_by_each_layer_of_tcp_ip_for_data_received.png

This particular graphic is confusing as the distinction between ethernet packet, ethernet frame and IP packet is not clear.

If the NIC is a virtual switch, the NIC will pass the frame to the driver which will send the memory structure (sk_buf) to the hypervisor’s memory. This is then forwarded to the driver part of the appropriate Hyper-V virtual network adapter which will unencapsulate the frame to pass the IP packet up the stack of the virtual machine. If the host does not have a virtual adapter connected to the virtual switch, it should in theory be impossible to be able to attack the host by this vector