[swg] RE: [openib-general] RE: [dat-discussions] socketbased connectionmodel for IB proposal - round 3

Fab Tillier ftillier at silverstorm.com
Fri Nov 11 14:53:10 PST 2005


> From: Caitlin Bestler [mailto:caitlinb at broadcom.com]
> Sent: Friday, November 11, 2005 1:12 PM
> 
> How does this prevent a non-privileged client running on a remote host with
> current
> CM software from generating a connection request to the targeted Service ID
> with the entire private data coming from the non-privileged consumer.

There is no need to prevent a non-privileged client from generating connection
requests.  Where does this requirement come from?  Who cares where the private
data comes from as long as the recipient, whether privileged or not, has a way
of validating that it matches the path record information?

Specifically, adding the logic in the low level IB CM to validate the private
data will tie the IB CM to address translation for IPoIB, which I think is
better done at a higher level (like the CMA).

If a higher level entity is going to be responsible for validating the private
data, the low level IB CM doesn't do squat with the reserved bit.  The low level
CM API must now expose the bit to allow clients to specify it so that REQs can
be routed to them, so that two requests with the same SID can be distinguished
form one another by this reserved bit.  Thus if the bit has to be exposed
through the low-level IB CM it is no more than a 65th bit for a service ID.

> A current CM does not know that the Service ID requires it to
> generate/validate
> any portion of the private data.

The CM doesn't need to validate any private data.  The CM only needs to pass the
incoming REQ to a client that listened on that particular SID.  The client that
listened on the particular SID is expected to know the private data format and
to validate it as it sees fit.

> A current CM does not know how to use a later version number or to set a
> bit that is currently defined as reserved.

I don't think we need the reserved bit at all.  I agree with Sean it just adds a
65th bit to the SID that is unnecessary.  We don't need a privileged-only
implementation, either.  As long as we have forward lookups of IP to GID
available through address translation, any recipient of a CM REQ with the
IP-address in the private data can validate that the IP addresses are
appropriate for the IB path specified in the CM REQ.

- Fab




More information about the general mailing list