[openib-general] RDMA connection and address translation API

[Roland Dreier]

    Yaron> The current implementation may not use the private data
    Yaron> field (since its not critical/mandatory) but the intention
    Yaron> is to add it to address multi homed hosts, we would like to
    Yaron> push such a definition into IBTA so every IP oriented ULP
    Yaron> can use it, several people expressed interest in such a
    Yaron> definition, this can also support NFS/RDMA or any other IP
    Yaron> based ULP.

Strange as it may seem, I agree completely with Yaron ;)

It would make perfect sense to take a couple of the reserved bits in
the CM REQ format and turn them into an "IP address present" field (a
couple of bits so we can distinguish between v4 and v6).  When this
field is set, then the first (or last, or whatever) 32 bytes of the
private data would hold the source and destination IP address.

Having this standardized also gives us the ability to deal with the
concerns around connections initiated in userspace.  The kernel proxy
for the user CM can make sure that any REQs sent with the "IP address
present" field set actually has an IP assigned to the local system.
Remote systems would still need to treat CM messages from QPs other
than QP 1 as untrusted.

Of course for real security some stronger authentication is needed in
any case (even in the iWARP case the source IP can't be trusted; an
attacker could DOS the real owner of the IP, flood the switches MAC
tables so it becomes a hub, and then take over any IP it wants).

The only unfortunate thing about all this is that the SDP Hello
message format is already frozen, and it seems a little too
specialized for generic use (eg we don't want a "Max Zcopy
Advertisements" field).

Yaron, has anyone raised all this in the IBTA WG?

 - R.