Many electronic devices in modern control systems are arranged with some kind of built-in intelligence. Such devices are often a part of or referred to as embedded devices. Control systems for industrial process control and systems for control in generation, distribution and transmission of electricity are often connected to the industrial equipment the control system monitors and controls via one or more data communication networks that use open protocols such as Ethernet based protocols. This has standardised and simplified industrial data communication for the purposes of monitoring and control. Electronic devices that may be connected to a control system using an industrial Ethernet standard are included in many and various devices, for example instruments such as sensors or transducers, actuators such as valves, motors, pumps, switches, as well as controls on major equipment such as generators, transformers, breakers, power trains and so on.
Due to limited processing resources, resource constrained electronic devices or embedded devices can easily be overwhelmed by deliberate (or accidental) excessive network traffic. Under such conditions packet filtering is needed in order to limit the amount of traffic. Legitimate traffic needs to pass while at the same time unwanted traffic has to be discarded. Because of the limited processing resources of a resource constrained electronic device, it is challenging to implement this functionality as a software solution in a small electronic device with limited computing resources.
Network traffic filtering is generally done with software filtering, or an external firewall, or a combination of those. External firewalls requires additional engineering, and may rely on products manufactured by third parties. In such firewalls or software filters, the filtering of network traffic takes place after the packet is received by the filtering system.
U.S. Pat. No. 6,434,118 entitled Method for determining round trip time utilizing ATM traffic management mechanism, assigned to 3COM Corporation, mentions in the context of testing to establish a round trip time that a CRC error can be purposely placed in a Ethernet frame which causes the MAC layer in the destination to drop the frame and prevent it from reaching the upper layers.
U.S. Pat. No. 7,280,591 entitled Integrated reduced media independent interface, assigned to Via technologies, describes an integrated reduced media independent interface (Integrated RMII) and related method for interconnecting a MAC Circuit and a PHY Circuit.
US 2004/073671 discloses a method and apparatus for filtering packets using a dedicated processor. A dedicated data packet filtering processor is proposed whose only function is to filter data packets based on a list of source IP addresses stored in high-speed memory of the processor. The only function of the processor is to look at the source IP address of each received data packet to determine if the source IP address matches one of the stored source IP addresses, and if there is a match, to either discard or forward the data packet depending on the processor configuration.
US 2007/143846 discloses a system and method for detecting network-based attacks on electronic devices and to filter out attack packets. Properly designed packet filtering can drop malicious packets and useless packets, which provides information about potential network-based attacks. With multi-stage packet filtering, the unwanted packets are filtered out as early as possible.