[openib-general] Re: IP addressing on InfiniBand networks
Michael S. Tsirkin
mst at mellanox.co.il
Tue Jun 28 13:46:46 PDT 2005
Hi, James!
I dont know much about dapl, so forgive me if the question is naive:
Quoting r. James Lentini <jlentini at netapp.com>:
>
> + CM Private Data
>
> The active side of an IB connection could place its source IP
> address in the CM's private data. The passive side would retrieve
> the source IP from this location.
>
> ...
>
> The security of this is very week. An end node could easily present
> a false IP address.
Once you have the IP from CM private data, what prevents you from resolving it
back to hardware address (by sending an ARP request with the IP address that
you got)?
You get back the IPoIB hardware address: GID+QPN, and can verify that
the GID matches the GID that you got from CM.
The security of this seems to be at least as good as the one you get on
regular IP networks.
Does this make sense at all?
--
MST
More information about the general
mailing list