[openib-general] mapping between IP address and device name

Roland Dreier rolandd at cisco.com
Fri Jun 24 10:35:29 PDT 2005


    Roland> Right, but at least for now the SA has no way of checking
    Roland> the IP address in a request to decide whether or not it
    Roland> should allow creating an ATS record.

    Hal> In fact, the SA does not know it is an IP address in the
    Hal> ServiceData of the ServiceRecord.

Right, which means that for an NFS server, looking up a remote peer's
ATS record and checking against an exports file provides zero
security.  The remote peer can put any IP address it wants for itself
into the SA's database.

For ATS to be useful in this setting, the SA needs to know about ATS
records and have some way of checking the IP addresses they contain.
And configuring that seems likely to be quite painful.

 - R.



More information about the general mailing list