[openib-general] RE: [dat-discussions] round 2 - proposal for socket based connection model

Caitlin Bestler caitlinb at broadcom.com
Tue Oct 25 09:35:42 PDT 2005 

On an IP network, a non-privileged user is generally not capable of forging
a source IP address and is typically prevented from using certain source
ports.
 
I would propose that the CM [MAY|SHOULD|MUST] enforce that a non-privileged
user can only use a Source IP Address and Port that they would have been
able to use following the normal stack path (or what it would have been in
the
case that there is no conventional IP stack associated with this path).
 
So if IPoIB is installed, you would not be able to use any address that
you would have been blocked from using over IPoIB. Or at least you
would not be guaranteed that you could.
 
I think that MUST is the correct level of enforcement, but it needs to be
clear that the CM and OS *MAY* do this checking and that a userspace
IB application cannot use the IB stack to perform IP spoofing.


________________________________

	From: dat-discussions at yahoogroups.com
[mailto:dat-discussions at yahoogroups.com] On Behalf Of Kanevsky, Arkady
	Sent: Tuesday, October 25, 2005 9:00 AM
	To: openib-general at openib.org; dat-discussions at yahoogroups.com;
swg at infinibandta.org
	Subject: [dat-discussions] round 2 - proposal for socket based
connection model
	
	
	Dear OpenIB, SWG and DAT members,
	enclosed is teh second version of the proposal.
	There are really 2 proposals that are related.
	The first one is encoding IP 5-tuple into REQ private data
	with small additional info for versioning and IB capabilities.
	The second is just a couple of ideas, not a real proposal,
	on maping of IP ports
	to IB Service IDs.
	 
	Thanks everybody for tons of feedback and deep discussions.
	I appologize if I had missed something.
	 
	Happy reading,
	Arkady
	 

	Arkady Kanevsky                       email: arkady at netapp.com

	Network Appliance                     phone: 781-768-5395

	375 Totten Pond Rd.                  Fax: 781-895-1195

	Waltham, MA 02451-2010          central phone: 781-768-5300

	 

	 

________________________________

	YAHOO! GROUPS LINKS 


		
	*	 Visit your group "dat-discussions
<http://groups.yahoo.com/group/dat-discussions> " on the web.
		  
	*	 To unsubscribe from this group, send an email to:
		 dat-discussions-unsubscribe at yahoogroups.com
<mailto:dat-discussions-unsubscribe at yahoogroups.com?subject=Unsubscribe> 
		  
	*	 Your use of Yahoo! Groups is subject to the Yahoo! Terms of
Service <http://docs.yahoo.com/info/terms/> . 


________________________________


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openfabrics.org/pipermail/general/attachments/20051025/c05a5131/attachment.html>

More information about the general mailing list