bridge: ignore bogus STP config packets

If the message_age is already greater than the max_age, then the BPDU is bogus. Linux won't generate BPDU, but conformance tester or buggy implementation might. Signed-off-by: Stephen Hemminger <shemminger@vyatta.com> Signed-off-by: David S. Miller <davem@davemloft.net>

bridge: ignore bogus STP config packets
If the message_age is already greater than the max_age, then the BPDU is bogus. Linux won't generate BPDU, but conformance tester or buggy implementation might. Signed-off-by: Stephen Hemminger <shemminger@vyatta.com> Signed-off-by: David S. Miller <davem@davemloft.net>
0652cac2 · stephen hemminger · David S. Miller · 0c03150e · 0652cac2
Commit 0652cac2 authored Jul 22, 2011 by stephen hemminger Committed by David S. Miller Jul 22, 2011
Hide whitespace changes
Inline Side-by-side

Showing with 11 additions and 0 deletions

net/bridge/br_stp_bpdu.c net/bridge/br_stp_bpdu.c +11 -0

No files found.
--- a/net/bridge/br_stp_bpdu.c
+++ b/net/bridge/br_stp_bpdu.c
@@ -210,6 +210,17 @@ void br_stp_rcv(const struct stp_proto *proto, struct sk_buff *skb,
 		bpdu.hello_time = br_get_ticks(buf+28);
 		bpdu.forward_delay = br_get_ticks(buf+30);

+		if (bpdu.message_age > bpdu.max_age) {
+			if (net_ratelimit())
+				br_notice(p->br,
+					  "port %u config from %pM"
+					  " (message_age %ul > max_age %ul)\n",
+					  p->port_no,
+					  eth_hdr(skb)->h_source,
+					  bpdu.message_age, bpdu.max_age);
+			goto out;
+		}
+
 		br_received_config_bpdu(p, &bpdu);
 	}