[openib-general] RE: [dat-discussions] round 2 - proposal for socket based connection model

Kanevsky, Arkady Arkady.Kanevsky at netapp.com
Tue Oct 25 09:39:12 PDT 2005


Caitlin,
how does it change the proposed protocol?
Arkady
 
 

Arkady Kanevsky                       email: arkady at netapp.com

Network Appliance                     phone: 781-768-5395

375 Totten Pond Rd.                  Fax: 781-895-1195

Waltham, MA 02451-2010          central phone: 781-768-5300

 

	-----Original Message-----
	From: Caitlin Bestler [mailto:caitlinb at broadcom.com] 
	Sent: Tuesday, October 25, 2005 12:36 PM
	To: dat-discussions at yahoogroups.com; openib-general at openib.org;
swg at infinibandta.org
	Subject: [openib-general] RE: [dat-discussions] round 2 -
proposal for socket based connection model
	
	
	On an IP network, a non-privileged user is generally not capable
of forging
	a source IP address and is typically prevented from using
certain source ports.
	 
	I would propose that the CM [MAY|SHOULD|MUST] enforce that a
non-privileged
	user can only use a Source IP Address and Port that they would
have been
	able to use following the normal stack path (or what it would
have been in the
	case that there is no conventional IP stack associated with this
path).
	 
	So if IPoIB is installed, you would not be able to use any
address that
	you would have been blocked from using over IPoIB. Or at least
you
	would not be guaranteed that you could.
	 
	I think that MUST is the correct level of enforcement, but it
needs to be
	clear that the CM and OS *MAY* do this checking and that a
userspace
	IB application cannot use the IB stack to perform IP spoofing.


________________________________

		From: dat-discussions at yahoogroups.com
[mailto:dat-discussions at yahoogroups.com] On Behalf Of Kanevsky, Arkady
		Sent: Tuesday, October 25, 2005 9:00 AM
		To: openib-general at openib.org;
dat-discussions at yahoogroups.com; swg at infinibandta.org
		Subject: [dat-discussions] round 2 - proposal for socket
based connection model
		
		
		Dear OpenIB, SWG and DAT members,
		enclosed is teh second version of the proposal.
		There are really 2 proposals that are related.
		The first one is encoding IP 5-tuple into REQ private
data
		with small additional info for versioning and IB
capabilities.
		The second is just a couple of ideas, not a real
proposal,
		on maping of IP ports
		to IB Service IDs.
		 
		Thanks everybody for tons of feedback and deep
discussions.
		I appologize if I had missed something.
		 
		Happy reading,
		Arkady
		 

		Arkady Kanevsky                       email:
arkady at netapp.com

		Network Appliance                     phone:
781-768-5395

		375 Totten Pond Rd.                  Fax: 781-895-1195

		Waltham, MA 02451-2010          central phone:
781-768-5300

		 

		 

________________________________

		YAHOO! GROUPS LINKS 


			
		*	 Visit your group "dat-discussions
<http://groups.yahoo.com/group/dat-discussions> " on the web.
			  
		*	 To unsubscribe from this group, send an email
to:
			 dat-discussions-unsubscribe at yahoogroups.com
<mailto:dat-discussions-unsubscribe at yahoogroups.com?subject=Unsubscribe>

			  
		*	 Your use of Yahoo! Groups is subject to the
Yahoo! Terms of Service <http://docs.yahoo.com/info/terms/> . 


________________________________


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openfabrics.org/pipermail/general/attachments/20051025/9f2d47f6/attachment.html>


More information about the general mailing list