[Bridge] Query on Sapnning tree implementation from standard point of view

Stephen Hemminger shemminger at vyatta.com
Mon Jun 18 20:54:50 UTC 2012


On Mon, 18 Jun 2012 21:25:26 +0530
Sasikanth babu <sasikanth.v19 at gmail.com> wrote:

> >
> > Does this implies that any value timer values present within octet 35 is
> > valid value and there is no validation done. Even if range for hello timer,
> > max age and forward delay is defined and is limited. Is it an issue or fine
> > within the standard?
> >
> >   Not all STP implementation do BPDU validations i.e validates all BPDU
> > parameters present within 35 octet. The validation checks for invalid
> > values present in the bpdu,
> >   if the BPDU validation fails it drops the BPDU. The have seen this
> > validations in proprietary software.
> >
> >
> > Please help me understand this issue and thanks for any comments.
> >
> > Regards,
> > Sujata
> >

First off, STP is not a secure protocol. It assumes a trust in any bridge
it excepts PDU's from. That is why Cisco as bpdu guard to ignore stuff
from rogue endpoints. In Linux, you can do the same with netfilter but
most users dont.

Second, the standard (Linux is based on old 1998 version) allows any
value for forwarding delay (0 .. 255 seconds). The encoding of timer
value section implies that.

There is some checks about hello vs. max age.

Much of the code in Linux seems to have come from sample code in original
standard. The standard committee decided that was too convenient and dropped
it in later revisions.


More information about the Bridge mailing list