[openib-general] RE: [dat-discussions] round 2 - proposal for socket based connection model

Tom Tucker tom at opengridcomputing.com
Tue Oct 25 11:13:06 PDT 2005


On Tue, 2005-10-25 at 10:51 -0700, Caitlin Bestler wrote:
>  
> 
> > 
> > I believe that the assurances you are talking about are 
> > peculiar to an implementation, not to the network.
> > 
> 
> I disagree. Anytime you send an IP datagram on an IP network
> you are expected to provide an authentic source address. Any
> intermediate network device MAY enforce that rule and drop 
> packets with invalid source addresses.
> 

I don't see anything in the protocol specs (RFC 791, RFC 793, ...) that
talks about this, so we just have to agree to disagree. :-)

> IP Addresses stored in private data, by contrast, are guaranteed
> to pass all middleboxes unmolested without review of validation.
> This is not a spoofer taking advantage of a lazy network admin,
> this is a spoofer being given a "get out of jail free" card that
> says the network admin is not even allowed to do spot checks.
> 
> > The CMA is what is preparing the private data header, not the 
> > app. WRT a IB CM app, it could very easily pretend to be a 
> > "CMA App" and build it's own private data that spoofed the 
> > address. How would the local CM know that it is supposed to 
> > verify this? Where is the service id/private data format 
> > mapping database?
> > 
> > In short, I think we are mixing many different things together here. 
> > 
> >
> 
> For the very same reasons that a userspace consumer is not allowed
> to pretend to be the CM itself, it should not be allowed to just
> make up Source IP Addresses. If it's going to lie it needs to be
> a privileged liar.
> 
> Preserving the existing CM infrastructure is fine, but not if it
> forces us to take something that should be authenticated by privileged
> software and simply trust that userspace code will fill it in correctly.



More information about the general mailing list