[Bridge] Query on Sapnning tree implementation from standard point of view
Vitalii Demianets
vitas at nppfactor.kiev.ua
Tue Jun 19 07:48:09 UTC 2012
On Monday 18 June 2012 23:54:50 Stephen Hemminger wrote:
>
> First off, STP is not a secure protocol. It assumes a trust in any bridge
> it excepts PDU's from. That is why Cisco as bpdu guard to ignore stuff
> from rogue endpoints. In Linux, you can do the same with netfilter but
> most users dont.
>
> Second, the standard (Linux is based on old 1998 version) allows any
> value for forwarding delay (0 .. 255 seconds). The encoding of timer
> value section implies that.
>
Hello, Stephen!
Standards (both -1998 and -2004 revisions) do say nothing about validation of
timers (except one issue) and you gave a good point that encoding clearly
allows any timer value from 0.0 s to 255+255/256 s.
Now, to the exceptional issue:
9.3.3 a) of -1998 (9.3.4 a) of -2004)
===============================================
a) The BPDU Type denotes a Configuration BPDU and the BPDU contains at least
35 octets, and the value of the BPDUs Message Age parameter is less than that
of its Max Age parameter ... [skip]
===============================================
So, the standard clearly requires the BPDU where MessageAge < MaxAge to be
dropped.
Don't you think that including this check in Linux bridging code is
worthwhile?
--
With Best Regards,
Vitalii Demianets
More information about the Bridge
mailing list