<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML xmlns:o = "urn:schemas-microsoft-com:office:office" xmlns:st1 =
"urn:schemas-microsoft-com:office:smarttags"><HEAD><TITLE>Message</TITLE>
<META http-equiv=Content-Type content="text/html; charset=us-ascii">
<META content="MSHTML 6.00.2900.2722" name=GENERATOR></HEAD>
<BODY>
<DIV dir=ltr align=left><SPAN class=253042716-25102005><FONT face=Arial
color=#0000ff size=2>On an IP network, a non-privileged user is generally not
capable of forging</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=253042716-25102005><FONT face=Arial
color=#0000ff size=2>a source IP address and is typically prevented from using
certain source ports.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=253042716-25102005><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=253042716-25102005><FONT face=Arial
color=#0000ff size=2>I would propose that the CM [MAY|SHOULD|MUST] enforce that
a non-privileged</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=253042716-25102005><FONT face=Arial
color=#0000ff size=2>user can only use a Source IP Address and Port that
they would have been</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=253042716-25102005><FONT face=Arial
color=#0000ff size=2>able to use following the normal stack path (or what it
would have been in the</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=253042716-25102005><FONT face=Arial
color=#0000ff size=2>case that there is no conventional IP stack associated with
this path).</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=253042716-25102005><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=253042716-25102005><FONT face=Arial
color=#0000ff size=2>So if IPoIB is installed, you would not be able to use any
address that</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=253042716-25102005><FONT face=Arial
color=#0000ff size=2>you would have been blocked from using over IPoIB. Or at
least you</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=253042716-25102005><FONT face=Arial
color=#0000ff size=2>would not be guaranteed that you could.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=253042716-25102005><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=253042716-25102005><FONT face=Arial
color=#0000ff size=2>I think that MUST is the correct level of enforcement, but
it needs to be</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=253042716-25102005><FONT face=Arial
color=#0000ff size=2>clear that the CM and OS *MAY* do this checking and that a
userspace</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=253042716-25102005><FONT face=Arial
color=#0000ff size=2>IB application cannot use the IB stack to perform IP
spoofing.</FONT></SPAN></DIV><BR>
<BLOCKQUOTE
style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #0000ff 2px solid; MARGIN-RIGHT: 0px">
<DIV class=OutlookMessageHeader lang=en-us dir=ltr align=left>
<HR tabIndex=-1>
<FONT face=Tahoma size=2><B>From:</B> dat-discussions@yahoogroups.com
[mailto:dat-discussions@yahoogroups.com] <B>On Behalf Of </B>Kanevsky,
Arkady<BR><B>Sent:</B> Tuesday, October 25, 2005 9:00 AM<BR><B>To:</B>
openib-general@openib.org; dat-discussions@yahoogroups.com;
swg@infinibandta.org<BR><B>Subject:</B> [dat-discussions] round 2 - proposal
for socket based connection model<BR></FONT><BR></DIV>
<DIV></DIV>
<DIV><FONT face=Arial size=2><SPAN class=959185315-25102005>Dear OpenIB, SWG
and DAT members,</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN class=959185315-25102005>enclosed is teh
second version of the proposal.</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN class=959185315-25102005>There are really 2
proposals that are related.</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN class=959185315-25102005>The first one is
encoding IP 5-tuple into REQ private data</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN class=959185315-25102005>with small
additional info for versioning and IB capabilities.</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN class=959185315-25102005>The second is just
a couple of ideas, not a real proposal,</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN class=959185315-25102005>on maping of IP
ports</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN class=959185315-25102005>to IB Service
IDs.</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN
class=959185315-25102005></SPAN></FONT> </DIV>
<DIV><FONT face=Arial size=2><SPAN class=959185315-25102005>Thanks everybody
for tons of feedback and deep discussions.</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN class=959185315-25102005>I appologize if I
had missed something.</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN
class=959185315-25102005></SPAN></FONT> </DIV>
<DIV><FONT face=Arial size=2><SPAN class=959185315-25102005>Happy
reading,</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN
class=959185315-25102005>Arkady</SPAN></FONT></DIV>
<DIV> </DIV><o:SmartTagType name="Street"
namespaceuri="urn:schemas-microsoft-com:office:smarttags"></o:SmartTagType><o:SmartTagType
name="address"
namespaceuri="urn:schemas-microsoft-com:office:smarttags"></o:SmartTagType>
<STYLE>st1\:* {
BEHAVIOR: url(#ieooui)
}
</STYLE>
<STYLE>@page Section1 {size: 8.5in 11.0in; margin: 1.0in 1.25in 1.0in 1.25in; mso-header-margin: .5in; mso-footer-margin: .5in; mso-paper-source: 0; }
P.MsoNormal {
FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: "Times New Roman"; mso-style-parent: ""; mso-pagination: widow-orphan; mso-fareast-font-family: "Times New Roman"
}
LI.MsoNormal {
FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: "Times New Roman"; mso-style-parent: ""; mso-pagination: widow-orphan; mso-fareast-font-family: "Times New Roman"
}
DIV.MsoNormal {
FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: "Times New Roman"; mso-style-parent: ""; mso-pagination: widow-orphan; mso-fareast-font-family: "Times New Roman"
}
A:link {
COLOR: blue; TEXT-DECORATION: underline; text-underline: single
}
SPAN.MsoHyperlink {
COLOR: blue; TEXT-DECORATION: underline; text-underline: single
}
A:visited {
COLOR: purple; TEXT-DECORATION: underline; text-underline: single
}
SPAN.MsoHyperlinkFollowed {
COLOR: purple; TEXT-DECORATION: underline; text-underline: single
}
SPAN.SpellE {
mso-style-name: ""; mso-spl-e: yes
}
DIV.Section1 {
page: Section1
}
</STYLE>
<DIV class=Section1>
<P class=MsoNormal align=left><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">Arkady <SPAN
class=SpellE>Kanevsky</SPAN><SPAN
style="mso-tab-count: 2">
</SPAN>email: <A
href="mailto:arkady@netapp.com">arkady@netapp.com</A><o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">Network
Appliance<SPAN
style="mso-tab-count: 2">
</SPAN>phone: 781-768-5395<o:p></o:p></SPAN></P>
<P class=MsoNormal><st1:Street><st1:address
style="BACKGROUND-POSITION: left bottom; BACKGROUND-IMAGE: url(res://ietag.dll/#34/#1001); BACKGROUND-REPEAT: repeat-x"><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">375 <SPAN
class=SpellE>Totten</SPAN> Pond Rd.</SPAN></st1:address></st1:Street><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"><SPAN
style="mso-tab-count: 2">
</SPAN>Fax: 781-895-1195<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">Waltham,
MA 02451-2010<SPAN
style="mso-tab-count: 1">
</SPAN>central phone: 781-768-5300<o:p></o:p></SPAN></P>
<P class=MsoNormal><o:p> </o:p></P></DIV>
<DIV> </DIV><!-- |**|begin egp html banner|**| --><BR>
<DIV style="WIDTH: 500px; COLOR: #909090; TEXT-ALIGN: center">
<HR style="WIDTH: 500px; BORDER-BOTTOM: 1px; TEXT-ALIGN: left">
<TT>YAHOO! GROUPS LINKS</TT> </DIV><BR>
<UL><TT>
<LI type=square> Visit your group "<A
href="http://groups.yahoo.com/group/dat-discussions">dat-discussions</A>" on
the web.<BR> </TT> <TT>
<LI type=square> To unsubscribe from this group, send an email
to:<BR> <A
href="mailto:dat-discussions-unsubscribe@yahoogroups.com?subject=Unsubscribe">dat-discussions-unsubscribe@yahoogroups.com</A><BR> </TT>
<TT>
<LI type=square> Your use of Yahoo! Groups is subject to the <A
href="http://docs.yahoo.com/info/terms/">Yahoo! Terms of Service</A>.</TT>
</LI></UL><BR>
<DIV style="WIDTH: 500px; COLOR: #909090; TEXT-ALIGN: center">
<HR style="WIDTH: 500px; BORDER-BOTTOM: 1px; TEXT-ALIGN: left">
</DIV><BR></BLOCKQUOTE><!-- |**|end egp html banner|**| --></BODY></HTML>