[Bridge] Query on Sapnning tree implementation from standard point of view

Sasikanth babu sasikanth.v19 at gmail.com
Tue Jun 19 07:54:13 UTC 2012


On Tue, Jun 19, 2012 at 1:18 PM, Vitalii Demianets
<vitas at nppfactor.kiev.ua>wrote:

> On Monday 18 June 2012 23:54:50 Stephen Hemminger wrote:
> >
> > First off, STP is not a secure protocol. It assumes a trust in any bridge
> > it excepts PDU's from. That is why Cisco as bpdu guard to ignore stuff
> > from rogue endpoints. In Linux, you can do the same with netfilter but
> > most users dont.
> >
> > Second, the standard (Linux is based on old 1998 version) allows any
> > value for forwarding delay (0 .. 255 seconds). The encoding of timer
> > value section implies that.
> >
>
> Hello, Stephen!
> Standards (both -1998 and -2004 revisions) do say nothing about validation
> of
> timers (except one issue) and you gave a good point that encoding clearly
> allows any timer value from 0.0 s to 255+255/256 s.
>
> Now, to the exceptional issue:
> 9.3.3 a) of -1998 (9.3.4 a) of -2004)
> ===============================================
> a) The BPDU Type denotes a Configuration BPDU and the BPDU contains at
> least
> 35 octets, and the value of the BPDUs Message Age parameter is less than
> that
> of its Max Age parameter ... [skip]
> ===============================================
>
> So, the standard clearly requires the BPDU where MessageAge < MaxAge to be
> dropped.
>
> Don't you think that including this check in Linux bridging code is
> worthwhile?
>
>   Are you talking about this check (in function br_stp_rcv)?

                if (bpdu.message_age > bpdu.max_age) {
                        if (net_ratelimit())
                                br_notice(p->br,
                                          "port %u config from %pM"
                                          " (message_age %ul > max_age
%ul)\n",
                                          p->port_no,
                                          eth_hdr(skb)->h_source,
                                          bpdu.message_age, bpdu.max_age);
                        goto out;
                }


> --
> With Best Regards,
> Vitalii Demianets
>

 Thanks
Sasi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bridge/attachments/20120619/287d56e1/attachment.html>


More information about the Bridge mailing list