RE: [openib-general] RE: [dat-discussions] round 2 - proposal for socket based connection model

[Kanevsky, Arkady]

Title: Message

Caitlin,

how does it change the proposed protocol?

Arkady

 

 

Arkady Kanevsky                       email: [EMAIL PROTECTED]

Network Appliance                     phone: 781-768-5395

375 Totten Pond Rd.                  Fax: 781-895-1195

Waltham, MA 02451-2010          central phone: 781-768-5300

 

-----Original Message-----
From: Caitlin Bestler [mailto:[EMAIL PROTECTED]
Sent: Tuesday, October 25, 2005 12:36 PM
To: [EMAIL PROTECTED]; openib-general@openib.org; [EMAIL PROTECTED]
Subject: [openib-general] RE: [dat-discussions] round 2 - proposal for socket based connection model

On an IP network, a non-privileged user is generally not capable of forging

a source IP address and is typically prevented from using certain source ports.

 

I would propose that the CM [MAY|SHOULD|MUST] enforce that a non-privileged

user can only use a Source IP Address and Port that they would have been

able to use following the normal stack path (or what it would have been in the

case that there is no conventional IP stack associated with this path).

 

So if IPoIB is installed, you would not be able to use any address that

you would have been blocked from using over IPoIB. Or at least you

would not be guaranteed that you could.

 

I think that MUST is the correct level of enforcement, but it needs to be

clear that the CM and OS *MAY* do this checking and that a userspace

IB application cannot use the IB stack to perform IP spoofing.

---

From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kanevsky, Arkady
Sent: Tuesday, October 25, 2005 9:00 AM
To: openib-general@openib.org; [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: [dat-discussions] round 2 - proposal for socket based connection model

Dear OpenIB, SWG and DAT members,

enclosed is teh second version of the proposal.

There are really 2 proposals that are related.

The first one is encoding IP 5-tuple into REQ private data

with small additional info for versioning and IB capabilities.

The second is just a couple of ideas, not a real proposal,

on maping of IP ports

to IB Service IDs.

 

Thanks everybody for tons of feedback and deep discussions.

I appologize if I had missed something.

 

Happy reading,

Arkady

 

Arkady Kanevsky                       email: [EMAIL PROTECTED]

Network Appliance                     phone: 781-768-5395

375 Totten Pond Rd.                  Fax: 781-895-1195

Waltham, MA 02451-2010          central phone: 781-768-5300

 

 

---

YAHOO! GROUPS LINKS

•  Visit your group "dat-discussions" on the web.
   
•  To unsubscribe from this group, send an email to:
   [EMAIL PROTECTED]
   
•  Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service.

---

_______________________________________________
openib-general mailing list
openib-general@openib.org
http://openib.org/mailman/listinfo/openib-general

To unsubscribe, please visit http://openib.org/mailman/listinfo/openib-general