[openib-general] RE: [dat-discussions] round 2 - proposal for socket based connection model

Tom Tucker tom at opengridcomputing.com
Tue Oct 25 10:37:11 PDT 2005 

On Tue, 2005-10-25 at 10:21 -0700, Caitlin Bestler wrote:
>  
> > -----Original Message-----
> > From: Sean Hefty [mailto:mshefty at ichips.intel.com] 
> > Sent: Tuesday, October 25, 2005 10:08 AM
> > To: Kanevsky, Arkady
> > Cc: Caitlin Bestler; dat-discussions at yahoogroups.com; 
> > openib-general at openib.org; swg at infinibandta.org
> > Subject: Re: [openib-general] RE: [dat-discussions] round 2 - 
> > proposal for socket based connection model
> > 
> > Kanevsky, Arkady wrote:
> > > Correct.
> > > But this does bring the question how responder CM knows 
> > that it need 
> > > to parse the private data. I suspect this will be done via 
> > new version 
> > > of CM.
> > > But a suage of some of the CM REQ reserved fields are also possible.
> > > Anotherwords the current CM version assumes that CM only 
> > supports one 
> > > version and there is no need to support more than 1 version.
> > 
> > The responder knows how to parse the private data based on 
> > the service ID that they're listening on.  This is how it's 
> > done today, and how it will still need to be done.  What is 
> > the motivation to change it?
> > 
> > What data is beyond the addressing?  How does the responder 
> > know how to interpret that?
> > 
> 
> I agree, the listener is responsible for knowing what format
> the Private Data is supposed to be in. Therefore it knows in
> advance what portions of it are relevant to the CM (the IP
> address information and/or the ITAPI IRD/ORD pre-header).
> So the listen request can specify the required CM parsing.
> 
> But that does not prevent a non-privileged application from
> forging the IP address information. These connection requests
> are being presented to daemons as though they had the same
> degree of authentication as address headers in an IP network
> could have. The latter can be quite high when switches and
> routers validate source addresses versus arriving ports.

I believe that the assurances you are talking about are peculiar to an
implementation, not to the network.

The CMA is what is preparing the private data header, not the app. WRT
a IB CM app, it could very easily pretend to be a "CMA App" and build
it's own private data that spoofed the address. How would the local CM
know that it is supposed to verify this? Where is the service id/private
data format mapping database?

In short, I think we are mixing many different things together here. 


> _______________________________________________
> openib-general mailing list
> openib-general at openib.org
> http://openib.org/mailman/listinfo/openib-general
> 
> To unsubscribe, please visit http://openib.org/mailman/listinfo/openib-general

More information about the general mailing list