[openib-general] RE: [dat-discussions] round 2 - proposal for socket based connection model
Tom Tucker
tom at opengridcomputing.com
Tue Oct 25 11:13:06 PDT 2005
On Tue, 2005-10-25 at 10:51 -0700, Caitlin Bestler wrote:
>
>
> >
> > I believe that the assurances you are talking about are
> > peculiar to an implementation, not to the network.
> >
>
> I disagree. Anytime you send an IP datagram on an IP network
> you are expected to provide an authentic source address. Any
> intermediate network device MAY enforce that rule and drop
> packets with invalid source addresses.
>
I don't see anything in the protocol specs (RFC 791, RFC 793, ...) that
talks about this, so we just have to agree to disagree. :-)
> IP Addresses stored in private data, by contrast, are guaranteed
> to pass all middleboxes unmolested without review of validation.
> This is not a spoofer taking advantage of a lazy network admin,
> this is a spoofer being given a "get out of jail free" card that
> says the network admin is not even allowed to do spot checks.
>
> > The CMA is what is preparing the private data header, not the
> > app. WRT a IB CM app, it could very easily pretend to be a
> > "CMA App" and build it's own private data that spoofed the
> > address. How would the local CM know that it is supposed to
> > verify this? Where is the service id/private data format
> > mapping database?
> >
> > In short, I think we are mixing many different things together here.
> >
> >
>
> For the very same reasons that a userspace consumer is not allowed
> to pretend to be the CM itself, it should not be allowed to just
> make up Source IP Addresses. If it's going to lie it needs to be
> a privileged liar.
>
> Preserving the existing CM infrastructure is fine, but not if it
> forces us to take something that should be authenticated by privileged
> software and simply trust that userspace code will fill it in correctly.
More information about the general
mailing list