[ofa-general] FW: An alternative solution to the node name issue in OFED 1.3.1

Hal Rosenstock hal.rosenstock at gmail.com
Fri Aug 8 11:28:24 PDT 2008


On Fri, Aug 8, 2008 at 2:12 PM, Dave Olson <dave.olson at qlogic.com> wrote:
> On Fri, 8 Aug 2008, Hal Rosenstock wrote:
>
> | On Fri, Aug 8, 2008 at 10:12 AM, John Russo <john.russo at qlogic.com> wrote:
> | > Issue:  We have found that causes openibd to be started before networking
> | > and therefore the NodeDescription, when returned from the SM, does not
> | > always contain the hostname of the system when ibhosts is run.
> | > A solution was proposed however I wanted to give an alternative that we
> | > worked out in case you liked it and wanted to use it instead.
> |
> | I would think setting of the NodeDescription in this manner would need
> | to be done optionally, via a module parameter, with the default being
> | off. Quite some time ago we had the discussion about it being a system
> | admin policy/possible security issue to reveal or not reveal the
> | hostname via similar mechanisms. For a similar reason, this capability
> | was removed from ICMP.
>
> That's addressed by the same mechanism that currently exists in the
> openibd script.

Isn't that user space ? Also, this is OFED rather than upstream kernel code.

> Simply set the node_desc to something other than
> the hostname.  The new behavior occurs only if the node_desc
> hasn't been explictly set.
>
> If there is strong concern that this leaves a small window in which
> the hostname is exposed, it could be modified to occur only if
> the node_desc is set to some well-defined string, such as __HOST__
> or something of the sort.

> I think a module parameter is more than is needed; if added, it
> should probably default to enable, since relatively few sites are likely to
> have security concerns within an IB fabric (as far as exposing
> hostnames).

There was some kernel code which did used system name for an IB agent
and was rejected by the community for that reason.

-- Hal

> Dave Olson
> dave.olson at qlogic.com
>



More information about the general mailing list