[openib-general] RE: [dat-discussions] round 2 - proposal for socket based connection model

[Caitlin Bestler]

> -----Original Message-----
> From: Sean Hefty [mailto:mshefty at ichips.intel.com] 
> Sent: Tuesday, October 25, 2005 10:08 AM
> To: Kanevsky, Arkady
> Cc: Caitlin Bestler; dat-discussions at yahoogroups.com; 
> openib-general at openib.org; swg at infinibandta.org
> Subject: Re: [openib-general] RE: [dat-discussions] round 2 - 
> proposal for socket based connection model
> 
> Kanevsky, Arkady wrote:
> > Correct.
> > But this does bring the question how responder CM knows 
> that it need 
> > to parse the private data. I suspect this will be done via 
> new version 
> > of CM.
> > But a suage of some of the CM REQ reserved fields are also possible.
> > Anotherwords the current CM version assumes that CM only 
> supports one 
> > version and there is no need to support more than 1 version.
> 
> The responder knows how to parse the private data based on 
> the service ID that they're listening on.  This is how it's 
> done today, and how it will still need to be done.  What is 
> the motivation to change it?
> 
> What data is beyond the addressing?  How does the responder 
> know how to interpret that?
> 

I agree, the listener is responsible for knowing what format
the Private Data is supposed to be in. Therefore it knows in
advance what portions of it are relevant to the CM (the IP
address information and/or the ITAPI IRD/ORD pre-header).
So the listen request can specify the required CM parsing.

But that does not prevent a non-privileged application from
forging the IP address information. These connection requests
are being presented to daemons as though they had the same
degree of authentication as address headers in an IP network
could have. The latter can be quite high when switches and
routers validate source addresses versus arriving ports.