From: Stephen Hemminger <stephen.hemminger@vyatta.com>
To: Alan Cox <alan@lxorguk.ukuu.org.uk>
Cc: Stephen Hemminger <shemminger@vyatta.com>,
David Miller <davem@davemloft.net>,
Dushan Tcholich <dusanc@gmail.com>,
Francois Romieu <romieu@fr.zoreil.com>,
Robert Hancock <hancockr@shaw.ca>,
netdev@vger.kernel.org, LKML <linux-kernel@vger.kernel.org>,
bridge@lists.linux-foundation.org
Subject: Re: [RFC] bridge: STP timer management range checking
Date: Sun, 31 Aug 2008 16:29:30 -0700 [thread overview]
Message-ID: <48BB295A.6050200@vyatta.com> (raw)
In-Reply-To: <20080831230247.76b5a193@lxorguk.ukuu.org.uk>
Alan Cox wrote:
> On Sun, 31 Aug 2008 10:43:09 -0700
> Stephen Hemminger <shemminger@vyatta.com> wrote:
>
>
>> The Spanning Tree Protocol timers need to be set within certain boundaries
>> to keep the internal protocol engine working, and to be interoperable.
>> This patch restricts changes to those timers to the values defined in IEEE 802.1D
>> specification.
>>
>
> Why do we care ? You have to be the network administrator to set values,
> there are cases you may want to be out of the spec and you are
> privileged. The kernel does need to stop things being done which are
> fatal but running around restricting privileged administrators who have
> the ability to bring the network down anyway isn't its job.
>
> Seems bogus extra code to me - stops things working that should be
> allowed too.
>
The timer configuration is propagated in network protocol, so
misconfigured Linux box
could survive but effect other devices on the network that are less
robust. Maybe the
small values would cause some other bridge to crash, go infinite loop, ...
More likely robust devices might ignore our packets (because values out
of range), leading to
routing loops and other disasters.
The kernel does need to stop administrative settings from taking out a
network. If someone
has a custom device or other non-standard usage, they can always rebuild
the kernel and
remove the range check.
next prev parent reply other threads:[~2008-08-31 23:29 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <fa.wTMiBcGRgw2fBtdHwtX7y0lkc8s@ifi.uio.no>
[not found] ` <48975BD3.6040709@shaw.ca>
2008-08-04 20:37 ` ksoftirqd high cpu load on kernels 2.6.24 to 2.6.27-rc1-mm1 Dushan Tcholich
2008-08-07 18:58 ` Francois Romieu
2008-08-10 19:00 ` Dushan Tcholich
2008-08-11 7:53 ` Dushan Tcholich
2008-08-30 1:48 ` Dushan Tcholich
2008-08-31 8:51 ` Dushan Tcholich
2008-08-31 17:05 ` Stephen Hemminger
2008-08-31 17:43 ` [RFC] bridge: STP timer management range checking Stephen Hemminger
2008-08-31 22:02 ` Alan Cox
2008-08-31 23:29 ` Stephen Hemminger [this message]
2008-09-01 8:38 ` Alan Cox
2008-09-02 16:40 ` Rick Jones
2008-09-02 23:41 ` David Miller
2008-09-03 0:00 ` Rick Jones
2008-09-01 2:25 ` Valdis.Kletnieks
2008-09-03 0:28 ` David Miller
2008-09-04 22:47 ` [PATCH] bridge: don't allow setting hello time to zero Stephen Hemminger
2008-09-08 20:46 ` David Miller
2008-09-08 21:35 ` Dushan Tcholich
2008-09-08 22:33 ` Stephen Hemminger
2008-08-31 19:14 ` ksoftirqd high cpu load on kernels 2.6.24 to 2.6.27-rc1-mm1 Dushan Tcholich
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=48BB295A.6050200@vyatta.com \
--to=stephen.hemminger@vyatta.com \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=bridge@lists.linux-foundation.org \
--cc=davem@davemloft.net \
--cc=dusanc@gmail.com \
--cc=hancockr@shaw.ca \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=romieu@fr.zoreil.com \
--cc=shemminger@vyatta.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).