[openib-general] RE: [dat-discussions] round 2 - proposal for socket based connection model

Tom Tucker tom at opengridcomputing.com
Tue Oct 25 10:23:33 PDT 2005 

What does this have to do with the protocol?

On Tue, 2005-10-25 at 09:35 -0700, Caitlin Bestler wrote:
> On an IP network, a non-privileged user is generally not capable of
> forging
> a source IP address and is typically prevented from using certain
> source ports.
>  
> I would propose that the CM [MAY|SHOULD|MUST] enforce that a non-
> privileged
> user can only use a Source IP Address and Port that they would have
> been
> able to use following the normal stack path (or what it would have
> been in the
> case that there is no conventional IP stack associated with this
> path).
>  
> So if IPoIB is installed, you would not be able to use any address
> that
> you would have been blocked from using over IPoIB. Or at least you
> would not be guaranteed that you could.
>  
> I think that MUST is the correct level of enforcement, but it needs to
> be
> clear that the CM and OS *MAY* do this checking and that a userspace
> IB application cannot use the IB stack to perform IP spoofing.
> 
>         
>         ______________________________________________________________
>         From: dat-discussions at yahoogroups.com [mailto:dat-
>         discussions at yahoogroups.com] On Behalf Of Kanevsky, Arkady
>         Sent: Tuesday, October 25, 2005 9:00 AM
>         To: openib-general at openib.org; dat-
>         discussions at yahoogroups.com; swg at infinibandta.org
>         Subject: [dat-discussions] round 2 - proposal for socket based
>         connection model
>         
>         
>         Dear OpenIB, SWG and DAT members,
>         enclosed is teh second version of the proposal.
>         There are really 2 proposals that are related.
>         The first one is encoding IP 5-tuple into REQ private data
>         with small additional info for versioning and IB capabilities.
>         The second is just a couple of ideas, not a real proposal,
>         on maping of IP ports
>         to IB Service IDs.
>          
>         Thanks everybody for tons of feedback and deep discussions.
>         I appologize if I had missed something.
>          
>         Happy reading,
>         Arkady
>          
>         
>         Arkady Kanevsky                       email: arkady at netapp.com
>         
>         Network Appliance                     phone: 781-768-5395
>         
>         375 Totten Pond Rd.                  Fax: 781-895-1195
>         
>         Waltham, MA 02451-2010          central phone: 781-768-5300
>         
>          
>         
>         
>          
>         
>                                        
>         ______________________________________________________________
>                              YAHOO! GROUPS LINKS 
>         
>              1.  Visit your group "dat-discussions" on the web.
>                   
>              2.  To unsubscribe from this group, send an email to:
>                  dat-discussions-unsubscribe at yahoogroups.com
>                   
>              3.  Your use of Yahoo! Groups is subject to the Yahoo!
>                 Terms of Service. 
>         
>                                        
>         ______________________________________________________________
>         
> _______________________________________________
> openib-general mailing list
> openib-general at openib.org
> http://openib.org/mailman/listinfo/openib-general
> 
> To unsubscribe, please visit http://openib.org/mailman/listinfo/openib-general

More information about the general mailing list