[openib-general] RE: [dat-discussions] round 2 - proposal for socket based connection model
Kanevsky, Arkady
Arkady.Kanevsky at netapp.com
Tue Oct 25 09:39:12 PDT 2005
Caitlin,
how does it change the proposed protocol?
Arkady
Arkady Kanevsky email: arkady at netapp.com
Network Appliance phone: 781-768-5395
375 Totten Pond Rd. Fax: 781-895-1195
Waltham, MA 02451-2010 central phone: 781-768-5300
-----Original Message-----
From: Caitlin Bestler [mailto:caitlinb at broadcom.com]
Sent: Tuesday, October 25, 2005 12:36 PM
To: dat-discussions at yahoogroups.com; openib-general at openib.org;
swg at infinibandta.org
Subject: [openib-general] RE: [dat-discussions] round 2 -
proposal for socket based connection model
On an IP network, a non-privileged user is generally not capable
of forging
a source IP address and is typically prevented from using
certain source ports.
I would propose that the CM [MAY|SHOULD|MUST] enforce that a
non-privileged
user can only use a Source IP Address and Port that they would
have been
able to use following the normal stack path (or what it would
have been in the
case that there is no conventional IP stack associated with this
path).
So if IPoIB is installed, you would not be able to use any
address that
you would have been blocked from using over IPoIB. Or at least
you
would not be guaranteed that you could.
I think that MUST is the correct level of enforcement, but it
needs to be
clear that the CM and OS *MAY* do this checking and that a
userspace
IB application cannot use the IB stack to perform IP spoofing.
________________________________
From: dat-discussions at yahoogroups.com
[mailto:dat-discussions at yahoogroups.com] On Behalf Of Kanevsky, Arkady
Sent: Tuesday, October 25, 2005 9:00 AM
To: openib-general at openib.org;
dat-discussions at yahoogroups.com; swg at infinibandta.org
Subject: [dat-discussions] round 2 - proposal for socket
based connection model
Dear OpenIB, SWG and DAT members,
enclosed is teh second version of the proposal.
There are really 2 proposals that are related.
The first one is encoding IP 5-tuple into REQ private
data
with small additional info for versioning and IB
capabilities.
The second is just a couple of ideas, not a real
proposal,
on maping of IP ports
to IB Service IDs.
Thanks everybody for tons of feedback and deep
discussions.
I appologize if I had missed something.
Happy reading,
Arkady
Arkady Kanevsky email:
arkady at netapp.com
Network Appliance phone:
781-768-5395
375 Totten Pond Rd. Fax: 781-895-1195
Waltham, MA 02451-2010 central phone:
781-768-5300
________________________________
YAHOO! GROUPS LINKS
* Visit your group "dat-discussions
<http://groups.yahoo.com/group/dat-discussions> " on the web.
* To unsubscribe from this group, send an email
to:
dat-discussions-unsubscribe at yahoogroups.com
<mailto:dat-discussions-unsubscribe at yahoogroups.com?subject=Unsubscribe>
* Your use of Yahoo! Groups is subject to the
Yahoo! Terms of Service <http://docs.yahoo.com/info/terms/> .
________________________________
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openfabrics.org/pipermail/general/attachments/20051025/9f2d47f6/attachment.html>
More information about the general
mailing list