On Mon, 18 Jun 2012 21:25:26 +0530 Sasikanth babu <sasikanth.v19@xxxxxxxxx> wrote: > > > > Does this implies that any value timer values present within octet 35 is > > valid value and there is no validation done. Even if range for hello timer, > > max age and forward delay is defined and is limited. Is it an issue or fine > > within the standard? > > > > Not all STP implementation do BPDU validations i.e validates all BPDU > > parameters present within 35 octet. The validation checks for invalid > > values present in the bpdu, > > if the BPDU validation fails it drops the BPDU. The have seen this > > validations in proprietary software. > > > > > > Please help me understand this issue and thanks for any comments. > > > > Regards, > > Sujata > > First off, STP is not a secure protocol. It assumes a trust in any bridge it excepts PDU's from. That is why Cisco as bpdu guard to ignore stuff from rogue endpoints. In Linux, you can do the same with netfilter but most users dont. Second, the standard (Linux is based on old 1998 version) allows any value for forwarding delay (0 .. 255 seconds). The encoding of timer value section implies that. There is some checks about hello vs. max age. Much of the code in Linux seems to have come from sample code in original standard. The standard committee decided that was too convenient and dropped it in later revisions. _______________________________________________ Bridge mailing list Bridge@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linuxfoundation.org/mailman/listinfo/bridge
