[openib-general] RE: [dat-discussions] socket based connection model for IB proposal - round 3

[Caitlin Bestler]

Sean Hefty wrote:
> Caitlin Bestler wrote:
>> Current CM software could generate the Serive ID. Therefore the fact
>> that the Private Data is in the "new format" cannot be part of the
>> Service ID. Otherwise I agree with your analysis that data can be
>> moved to the Serivce ID. Which is more valuable,
>> 4 more bytes of private data or a very larger number of Service IDS,
>> is another topic.
> 
> The CM would still need to know what range of service IDs can
> be generated.  I don't believe that the range can overlap
> with an existing range that is already defined without
> needing to redefine service records and other items.  The
> extra bit in essence becomes a 65th bit for the service ID in such
> cases. 
>

How would you prevent someone using old CM software from
forging their IP address in user mode and requesting the
Service ID from an old CM implementation that did not know
to check newly standardized portion of what it thinks of
as entirely "private" data?

By comparison, an RDMA application on an iWARP system
cannot receive a "connection established" event until
the IP Address has been validated by kernels at both
end and by the ability to round-trip with said IP
address.
 
> The additional 4 bytes of private data come at an expense of
> consuming something like .0000006% of the service ID space.
> 
>>> To be clear, the CM REQ _carries_ the IP address.  There should be
>>> no requirement that the CM performs the mapping, and I see no
>>> reason why it should even care.
>> 
>> The CM needs to have at least the capability of validating the local
>> IP address supplied.
> 
> Validation can be done outside of the CM in a separate module.
> 
That's fine. Just as long as an application that wants to cheat
has to consider the possibility that the kernel might validate.
Similarly ingress validation *might* be done in an IP network.