[openib-general] RDMA connection and address translation API
Tom Tucker
tom at ammasso.com
Wed Aug 24 13:47:44 PDT 2005
So the listening server takes the IP address from the private data, uses
AT to get the GID and then compares it to the GID in the connect
request?
It feels to me like this private data thing is a case of the cure is
worse than the disease. As I understand it, we're trying to avoid the
following:
server:
dev = ib_get_device(10.10.1.1 /*src ip*/,0 /*dest ip*/);
/* GID has IP addresses 10.10.1.1, 10.10.1.2 */
ib_listen(dev, 10.10.1.1 /* listen bind address */, 143 /* port */, 10
/* backlog */);
client:
dev = ib_get_device(0 /* src wildcard */, 10.10.1.2 /* dest ip*/)
ib_connect(dev, 0 /*src*/, 10.10.1.2 /*dest*/, 143/*port*/, ...);
The issue is that this connection will be established when the server
may only want to accept requests that are targetted to the 10.10.1.1
address. I don't get why this is such a big deal. You can preclude this
behavior by simply keeping a one to one mapping between the IPv4
addresses and the GIDs using the existing protocols and without
mandating a private data format across *all* ulps and transports.
If I'm being painfully stupid...please feel free to tell me.
> -----Original Message-----
> From: Sean Hefty [mailto:sean.hefty at intel.com]
> Sent: Wednesday, August 24, 2005 2:12 PM
> To: Tom Tucker; Roland Dreier
> Cc: openib-general at openib.org
> Subject: RE: [openib-general] RDMA connection and address
> translation API
>
> >Because it would be better to configure your network "properly".
> >Putting IP addresses in private data is fundamentally insecure since
> >any user mode client can spoof the IP address.
>
> A simple forward lookup could detect this.
>
> - Sean
>
>
More information about the general
mailing list