<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML xmlns:o = "urn:schemas-microsoft-com:office:office" xmlns:st1 =
"urn:schemas-microsoft-com:office:smarttags"><HEAD><TITLE>Message</TITLE>
<META http-equiv=Content-Type content="text/html; charset=us-ascii">
<META content="MSHTML 6.00.2900.2722" name=GENERATOR></HEAD>
<BODY>
<DIV dir=ltr align=left><SPAN class=109074216-25102005><FONT face=Arial
color=#0000ff size=2>I believe it requires a CM protocol version change, or a
"IP Address Header present" bit.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=109074216-25102005><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=109074216-25102005><FONT face=Arial
color=#0000ff size=2>Basically, userspace consumers can supply *any* 72 bytes of
private data currently.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=109074216-25102005><FONT face=Arial
color=#0000ff size=2>To maintain backwards compatability you need an
authenticator that says "this IP</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=109074216-25102005><FONT face=Arial
color=#0000ff size=2>header data vouched for by privileged components on this
end", and that authenticator</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=109074216-25102005><FONT face=Arial
color=#0000ff size=2>cannot be within the private data.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=109074216-25102005><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=109074216-25102005><FONT face=Arial
color=#0000ff size=2>The equivalent guarantee is provided on IP networks by the
fact that raw sockets are</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=109074216-25102005><FONT face=Arial
color=#0000ff size=2>not accessible by non-privileged
applications.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=109074216-25102005></SPAN> </DIV><BR>
<BLOCKQUOTE dir=ltr
style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #0000ff 2px solid; MARGIN-RIGHT: 0px">
<DIV class=OutlookMessageHeader lang=en-us dir=ltr align=left>
<HR tabIndex=-1>
<FONT face=Tahoma size=2><B>From:</B> Kanevsky, Arkady
[mailto:Arkady.Kanevsky@netapp.com] <BR><B>Sent:</B> Tuesday, October 25, 2005
9:39 AM<BR><B>To:</B> Caitlin Bestler; dat-discussions@yahoogroups.com;
openib-general@openib.org; swg@infinibandta.org<BR><B>Subject:</B> RE:
[openib-general] RE: [dat-discussions] round 2 - proposal for socket based
connection model<BR></FONT><BR></DIV>
<DIV></DIV>
<DIV><FONT face=Arial color=#0000ff size=2><SPAN
class=903053816-25102005>Caitlin,</SPAN></FONT></DIV>
<DIV><FONT face=Arial color=#0000ff size=2><SPAN class=903053816-25102005>how
does it change the proposed protocol?</SPAN></FONT></DIV>
<DIV><FONT face=Arial color=#0000ff size=2><SPAN
class=903053816-25102005>Arkady</SPAN></FONT></DIV>
<DIV> </DIV>
<DIV> </DIV><o:SmartTagType name="Street"
namespaceuri="urn:schemas-microsoft-com:office:smarttags"></o:SmartTagType><o:SmartTagType
name="address"
namespaceuri="urn:schemas-microsoft-com:office:smarttags"></o:SmartTagType>
<STYLE>st1\:* {
BEHAVIOR: url(#ieooui)
}
</STYLE>
<STYLE>@page Section1 {size: 8.5in 11.0in; margin: 1.0in 1.25in 1.0in 1.25in; mso-header-margin: .5in; mso-footer-margin: .5in; mso-paper-source: 0; }
P.MsoNormal {
FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: "Times New Roman"; mso-style-parent: ""; mso-pagination: widow-orphan; mso-fareast-font-family: "Times New Roman"
}
LI.MsoNormal {
FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: "Times New Roman"; mso-style-parent: ""; mso-pagination: widow-orphan; mso-fareast-font-family: "Times New Roman"
}
DIV.MsoNormal {
FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: "Times New Roman"; mso-style-parent: ""; mso-pagination: widow-orphan; mso-fareast-font-family: "Times New Roman"
}
A:link {
COLOR: blue; TEXT-DECORATION: underline; text-underline: single
}
SPAN.MsoHyperlink {
COLOR: blue; TEXT-DECORATION: underline; text-underline: single
}
A:visited {
COLOR: purple; TEXT-DECORATION: underline; text-underline: single
}
SPAN.MsoHyperlinkFollowed {
COLOR: purple; TEXT-DECORATION: underline; text-underline: single
}
SPAN.SpellE {
mso-style-name: ""; mso-spl-e: yes
}
DIV.Section1 {
page: Section1
}
</STYLE>
<DIV class=Section1>
<P class=MsoNormal align=left><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">Arkady <SPAN
class=SpellE>Kanevsky</SPAN><SPAN
style="mso-tab-count: 2">
</SPAN>email: <A
href="mailto:arkady@netapp.com">arkady@netapp.com</A><o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">Network
Appliance<SPAN
style="mso-tab-count: 2">
</SPAN>phone: 781-768-5395<o:p></o:p></SPAN></P>
<P class=MsoNormal><st1:Street><st1:address
style="BACKGROUND-POSITION: left bottom; BACKGROUND-IMAGE: url(res://ietag.dll/#34/#1001); BACKGROUND-REPEAT: repeat-x"><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">375 <SPAN
class=SpellE>Totten</SPAN> Pond Rd.</SPAN></st1:address></st1:Street><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"><SPAN
style="mso-tab-count: 2">
</SPAN>Fax: 781-895-1195<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">Waltham,
MA 02451-2010<SPAN
style="mso-tab-count: 1">
</SPAN>central phone: 781-768-5300<o:p></o:p></SPAN></P>
<P class=MsoNormal><o:p> </o:p></P></DIV>
<BLOCKQUOTE dir=ltr
style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #0000ff 2px solid; MARGIN-RIGHT: 0px">
<DIV></DIV>
<DIV class=OutlookMessageHeader lang=en-us dir=ltr align=left><FONT
face=Tahoma size=2>-----Original Message-----<BR><B>From:</B> Caitlin
Bestler [mailto:caitlinb@broadcom.com] <BR><B>Sent:</B> Tuesday, October 25,
2005 12:36 PM<BR><B>To:</B> dat-discussions@yahoogroups.com;
openib-general@openib.org; swg@infinibandta.org<BR><B>Subject:</B>
[openib-general] RE: [dat-discussions] round 2 - proposal for socket based
connection model<BR><BR></FONT></DIV>
<DIV dir=ltr align=left><SPAN class=253042716-25102005><FONT face=Arial
color=#0000ff size=2>On an IP network, a non-privileged user is generally
not capable of forging</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=253042716-25102005><FONT face=Arial
color=#0000ff size=2>a source IP address and is typically prevented from
using certain source ports.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=253042716-25102005><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=253042716-25102005><FONT face=Arial
color=#0000ff size=2>I would propose that the CM [MAY|SHOULD|MUST] enforce
that a non-privileged</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=253042716-25102005><FONT face=Arial
color=#0000ff size=2>user can only use a Source IP Address and Port
that they would have been</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=253042716-25102005><FONT face=Arial
color=#0000ff size=2>able to use following the normal stack path (or what it
would have been in the</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=253042716-25102005><FONT face=Arial
color=#0000ff size=2>case that there is no conventional IP stack associated
with this path).</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=253042716-25102005><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=253042716-25102005><FONT face=Arial
color=#0000ff size=2>So if IPoIB is installed, you would not be able to use
any address that</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=253042716-25102005><FONT face=Arial
color=#0000ff size=2>you would have been blocked from using over IPoIB. Or
at least you</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=253042716-25102005><FONT face=Arial
color=#0000ff size=2>would not be guaranteed that you
could.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=253042716-25102005><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=253042716-25102005><FONT face=Arial
color=#0000ff size=2>I think that MUST is the correct level of enforcement,
but it needs to be</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=253042716-25102005><FONT face=Arial
color=#0000ff size=2>clear that the CM and OS *MAY* do this checking and
that a userspace</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=253042716-25102005><FONT face=Arial
color=#0000ff size=2>IB application cannot use the IB stack to perform IP
spoofing.</FONT></SPAN></DIV><BR>
<BLOCKQUOTE
style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #0000ff 2px solid; MARGIN-RIGHT: 0px">
<DIV class=OutlookMessageHeader lang=en-us dir=ltr align=left>
<HR tabIndex=-1>
<FONT face=Tahoma size=2><B>From:</B> dat-discussions@yahoogroups.com
[mailto:dat-discussions@yahoogroups.com] <B>On Behalf Of </B>Kanevsky,
Arkady<BR><B>Sent:</B> Tuesday, October 25, 2005 9:00 AM<BR><B>To:</B>
openib-general@openib.org; dat-discussions@yahoogroups.com;
swg@infinibandta.org<BR><B>Subject:</B> [dat-discussions] round 2 -
proposal for socket based connection model<BR></FONT><BR></DIV>
<DIV></DIV>
<DIV><FONT face=Arial size=2><SPAN class=959185315-25102005>Dear OpenIB,
SWG and DAT members,</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN class=959185315-25102005>enclosed is
teh second version of the proposal.</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN class=959185315-25102005>There are
really 2 proposals that are related.</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN class=959185315-25102005>The first one
is encoding IP 5-tuple into REQ private data</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN class=959185315-25102005>with small
additional info for versioning and IB capabilities.</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN class=959185315-25102005>The second is
just a couple of ideas, not a real proposal,</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN class=959185315-25102005>on maping of
IP ports</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN class=959185315-25102005>to IB Service
IDs.</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN
class=959185315-25102005></SPAN></FONT> </DIV>
<DIV><FONT face=Arial size=2><SPAN class=959185315-25102005>Thanks
everybody for tons of feedback and deep discussions.</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN class=959185315-25102005>I appologize
if I had missed something.</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN
class=959185315-25102005></SPAN></FONT> </DIV>
<DIV><FONT face=Arial size=2><SPAN class=959185315-25102005>Happy
reading,</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN
class=959185315-25102005>Arkady</SPAN></FONT></DIV>
<DIV> </DIV><o:SmartTagType name="Street"
namespaceuri="urn:schemas-microsoft-com:office:smarttags"></o:SmartTagType><o:SmartTagType
name="address"
namespaceuri="urn:schemas-microsoft-com:office:smarttags"></o:SmartTagType>
<STYLE>st1\:* {
BEHAVIOR: url(#ieooui)
}
</STYLE>
<STYLE>@page Section1 {size: 8.5in 11.0in; margin: 1.0in 1.25in 1.0in 1.25in; mso-header-margin: .5in; mso-footer-margin: .5in; mso-paper-source: 0; }
P.MsoNormal {
FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: "Times New Roman"; mso-style-parent: ""; mso-pagination: widow-orphan; mso-fareast-font-family: "Times New Roman"
}
LI.MsoNormal {
FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: "Times New Roman"; mso-style-parent: ""; mso-pagination: widow-orphan; mso-fareast-font-family: "Times New Roman"
}
DIV.MsoNormal {
FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: "Times New Roman"; mso-style-parent: ""; mso-pagination: widow-orphan; mso-fareast-font-family: "Times New Roman"
}
A:link {
COLOR: blue; TEXT-DECORATION: underline; text-underline: single
}
SPAN.MsoHyperlink {
COLOR: blue; TEXT-DECORATION: underline; text-underline: single
}
A:visited {
COLOR: purple; TEXT-DECORATION: underline; text-underline: single
}
SPAN.MsoHyperlinkFollowed {
COLOR: purple; TEXT-DECORATION: underline; text-underline: single
}
SPAN.SpellE {
mso-style-name: ""; mso-spl-e: yes
}
DIV.Section1 {
page: Section1
}
</STYLE>
<DIV class=Section1>
<P class=MsoNormal align=left><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">Arkady <SPAN
class=SpellE>Kanevsky</SPAN><SPAN
style="mso-tab-count: 2">
</SPAN>email: <A
href="mailto:arkady@netapp.com">arkady@netapp.com</A><o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">Network Appliance<SPAN
style="mso-tab-count: 2">
</SPAN>phone: 781-768-5395<o:p></o:p></SPAN></P>
<P class=MsoNormal><st1:Street><st1:address
style="BACKGROUND-POSITION: left bottom; BACKGROUND-IMAGE: url(res://ietag.dll/#34/#1001); BACKGROUND-REPEAT: repeat-x"><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">375 <SPAN
class=SpellE>Totten</SPAN> Pond Rd.</SPAN></st1:address></st1:Street><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"><SPAN
style="mso-tab-count: 2">
</SPAN>Fax: 781-895-1195<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">Waltham, MA 02451-2010<SPAN
style="mso-tab-count: 1">
</SPAN>central phone: 781-768-5300<o:p></o:p></SPAN></P>
<P class=MsoNormal><o:p> </o:p></P></DIV>
<DIV> </DIV><!-- |**|begin egp html banner|**| --><BR>
<DIV style="WIDTH: 500px; COLOR: #909090; TEXT-ALIGN: center">
<HR style="WIDTH: 500px; BORDER-BOTTOM: 1px; TEXT-ALIGN: left">
<TT>YAHOO! GROUPS LINKS</TT> </DIV><BR>
<UL><TT>
<LI type=square> Visit your group "<A
href="http://groups.yahoo.com/group/dat-discussions">dat-discussions</A>"
on the web.<BR> </TT> <TT>
<LI type=square> To unsubscribe from this group, send an email
to:<BR> <A
href="mailto:dat-discussions-unsubscribe@yahoogroups.com?subject=Unsubscribe">dat-discussions-unsubscribe@yahoogroups.com</A><BR> </TT>
<TT>
<LI type=square> Your use of Yahoo! Groups is subject to the <A
href="http://docs.yahoo.com/info/terms/">Yahoo! Terms of
Service</A>.</TT> </LI></UL><BR>
<DIV style="WIDTH: 500px; COLOR: #909090; TEXT-ALIGN: center">
<HR style="WIDTH: 500px; BORDER-BOTTOM: 1px; TEXT-ALIGN: left">
</DIV><BR></BLOCKQUOTE></BLOCKQUOTE></BLOCKQUOTE><!-- |**|end egp html banner|**| --></BODY></HTML>