On Tue, Jun 19, 2012 at 1:18 PM, Vitalii Demianets <vitas@xxxxxxxxxxxxxxxxx> wrote:
On Monday 18 June 2012 23:54:50 Stephen Hemminger wrote:Hello, Stephen!
>
> First off, STP is not a secure protocol. It assumes a trust in any bridge
> it excepts PDU's from. That is why Cisco as bpdu guard to ignore stuff
> from rogue endpoints. In Linux, you can do the same with netfilter but
> most users dont.
>
> Second, the standard (Linux is based on old 1998 version) allows any
> value for forwarding delay (0 .. 255 seconds). The encoding of timer
> value section implies that.
>
Standards (both -1998 and -2004 revisions) do say nothing about validation of
timers (except one issue) and you gave a good point that encoding clearly
allows any timer value from 0.0 s to 255+255/256 s.
Now, to the exceptional issue:
9.3.3 a) of -1998 (9.3.4 a) of -2004)
===============================================
a) The BPDU Type denotes a Configuration BPDU and the BPDU contains at leastof its Max Age parameter ... [skip]
35 octets, and the value of the BPDUs Message Age parameter is less than that
===============================================
So, the standard clearly requires the BPDU where MessageAge < MaxAge to be
dropped.
Don't you think that including this check in Linux bridging code is
worthwhile?
Are you talking about this check (in function br_stp_rcv)?
if (bpdu.message_age > bpdu.max_age) {
if (net_ratelimit())
br_notice(p->br,
"port %u config from %pM"
" (message_age %ul > max_age %ul)\n",
p->port_no,
eth_hdr(skb)->h_source,
bpdu.message_age, bpdu.max_age);
goto out;
}
if (net_ratelimit())
br_notice(p->br,
"port %u config from %pM"
" (message_age %ul > max_age %ul)\n",
p->port_no,
eth_hdr(skb)->h_source,
bpdu.message_age, bpdu.max_age);
goto out;
}
--
With Best Regards,
Vitalii Demianets
Thanks
Sasi
