[openib-general] mapping between IP address and device name
Roland Dreier
rolandd at cisco.com
Fri Jun 24 10:35:29 PDT 2005
Roland> Right, but at least for now the SA has no way of checking
Roland> the IP address in a request to decide whether or not it
Roland> should allow creating an ATS record.
Hal> In fact, the SA does not know it is an IP address in the
Hal> ServiceData of the ServiceRecord.
Right, which means that for an NFS server, looking up a remote peer's
ATS record and checking against an exports file provides zero
security. The remote peer can put any IP address it wants for itself
into the SA's database.
For ATS to be useful in this setting, the SA needs to know about ATS
records and have some way of checking the IP addresses they contain.
And configuring that seems likely to be quite painful.
- R.
More information about the general
mailing list