Re: Query on Sapnning tree implementation from standard point of view

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Monday 18 June 2012 23:54:50 Stephen Hemminger wrote:
>
> First off, STP is not a secure protocol. It assumes a trust in any bridge
> it excepts PDU's from. That is why Cisco as bpdu guard to ignore stuff
> from rogue endpoints. In Linux, you can do the same with netfilter but
> most users dont.
>
> Second, the standard (Linux is based on old 1998 version) allows any
> value for forwarding delay (0 .. 255 seconds). The encoding of timer
> value section implies that.
>

Hello, Stephen!
Standards (both -1998 and -2004 revisions) do say nothing about validation of 
timers (except one issue) and you gave a good point that encoding clearly 
allows any timer value from 0.0 s to 255+255/256 s.

Now, to the exceptional issue:
9.3.3 a) of -1998 (9.3.4 a) of -2004)
===============================================
a) The BPDU Type denotes a Configuration BPDU and the BPDU contains at least 
35 octets, and the value of the BPDUs Message Age parameter is less than that 
of its Max Age parameter ... [skip]
===============================================

So, the standard clearly requires the BPDU where MessageAge < MaxAge to be 
dropped.

Don't you think that including this check in Linux bridging code is 
worthwhile?

-- 
With Best Regards,
Vitalii Demianets


[Index of Archives]     [Netdev]     [AoE Tools]     [Linux Wireless]     [Kernel Newbies]     [Security]     [Linux for Hams]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux Admin]     [Samba]     [Video 4 Linux]

  Powered by Linux