Re: Query on Sapnning tree implementation from standard point of view

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 





On Tue, Jun 19, 2012 at 1:18 PM, Vitalii Demianets <vitas@xxxxxxxxxxxxxxxxx> wrote:
On Monday 18 June 2012 23:54:50 Stephen Hemminger wrote:
>
> First off, STP is not a secure protocol. It assumes a trust in any bridge
> it excepts PDU's from. That is why Cisco as bpdu guard to ignore stuff
> from rogue endpoints. In Linux, you can do the same with netfilter but
> most users dont.
>
> Second, the standard (Linux is based on old 1998 version) allows any
> value for forwarding delay (0 .. 255 seconds). The encoding of timer
> value section implies that.
>

Hello, Stephen!
Standards (both -1998 and -2004 revisions) do say nothing about validation of
timers (except one issue) and you gave a good point that encoding clearly
allows any timer value from 0.0 s to 255+255/256 s.

Now, to the exceptional issue:
9.3.3 a) of -1998 (9.3.4 a) of -2004)
===============================================
a) The BPDU Type denotes a Configuration BPDU and the BPDU contains at least
35 octets, and the value of the BPDUs Message Age parameter is less than that
of its Max Age parameter ... [skip]
===============================================

So, the standard clearly requires the BPDU where MessageAge < MaxAge to be
dropped.

Don't you think that including this check in Linux bridging code is
worthwhile?

  Are you talking about this check (in function br_stp_rcv)?

                if (bpdu.message_age > bpdu.max_age) {
                        if (net_ratelimit())
                                br_notice(p->br,
                                          "port %u config from %pM"
                                          " (message_age %ul > max_age %ul)\n",
                                          p->port_no,
                                          eth_hdr(skb)->h_source,
                                          bpdu.message_age, bpdu.max_age);
                        goto out;
                }
 
--
With Best Regards,
Vitalii Demianets

 Thanks
Sasi

[Index of Archives]     [Netdev]     [AoE Tools]     [Linux Wireless]     [Kernel Newbies]     [Security]     [Linux for Hams]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux Admin]     [Samba]     [Video 4 Linux]

  Powered by Linux