<br><br>
<div><span class="gmail_quote">On 8/13/09, <b class="gmail_sendername">Jason Gunthorpe</b> <<a href="mailto:jgunthorpe@obsidianresearch.com" target="_blank">jgunthorpe@obsidianresearch.com</a>> wrote:</span> 
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid">On Thu, Aug 13, 2009 at 01:14:19PM -0700, Sean Hefty wrote:<br>> >Speaking of which, do we have an API to get the node's SM_Key for SA<br>
> >packet construction?<br>><br>> Not that I'm aware of.  The ib-diags take the smkey as a command line option.<br><br>Hmm, and the kernel wires it to zero.</blockquote>
<div> </div>
<div> What are you referring to being wired by kernel to zero ? AFAIK neither use (there are two) of SM_Key is wired to zero.</div>
<div><br> </div>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid">That's uncool.<br><br>So, any process that can create a QP can alter, say, the nodes<br>multicast group membership.</blockquote>

<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid"><span></span><br><br>Thats a bit of a security problem.<br><br>I admit though, I haven't been able to discern what the SM_Key should<br>
be set to from the spec..</blockquote>
<div> </div>
<div>It's a policy (SM admin) decision.</div>
<div> </div>
<div>-- Hal</div>
<div> </div>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid"><span></span><br><br>--<br>Jason Gunthorpe <<a href="mailto:jgunthorpe@obsidianresearch.com" target="_blank">jgunthorpe@obsidianresearch.com</a>>        (780)4406067x832<br>
Chief Technology Officer, Obsidian Research Corp         Edmonton, Canada<br></blockquote></div><br>