[ofa-general] FW: An alternative solution to the node name issue in OFED 1.3.1
Dave Olson
dave.olson at qlogic.com
Fri Aug 8 11:12:26 PDT 2008
On Fri, 8 Aug 2008, Hal Rosenstock wrote:
| On Fri, Aug 8, 2008 at 10:12 AM, John Russo <john.russo at qlogic.com> wrote:
| > Issue: We have found that causes openibd to be started before networking
| > and therefore the NodeDescription, when returned from the SM, does not
| > always contain the hostname of the system when ibhosts is run.
| > A solution was proposed however I wanted to give an alternative that we
| > worked out in case you liked it and wanted to use it instead.
|
| I would think setting of the NodeDescription in this manner would need
| to be done optionally, via a module parameter, with the default being
| off. Quite some time ago we had the discussion about it being a system
| admin policy/possible security issue to reveal or not reveal the
| hostname via similar mechanisms. For a similar reason, this capability
| was removed from ICMP.
That's addressed by the same mechanism that currently exists in the
openibd script. Simply set the node_desc to something other than
the hostname. The new behavior occurs only if the node_desc
hasn't been explictly set.
If there is strong concern that this leaves a small window in which
the hostname is exposed, it could be modified to occur only if
the node_desc is set to some well-defined string, such as __HOST__
or something of the sort.
I think a module parameter is more than is needed; if added, it
should probably default to enable, since relatively few sites are likely to
have security concerns within an IB fabric (as far as exposing
hostnames).
Dave Olson
dave.olson at qlogic.com
More information about the general
mailing list