On Tue, 2005-10-25 at 10:21 -0700, Caitlin Bestler wrote: > > > -----Original Message----- > > From: Sean Hefty [mailto:[EMAIL PROTECTED] > > Sent: Tuesday, October 25, 2005 10:08 AM > > To: Kanevsky, Arkady > > Cc: Caitlin Bestler; [EMAIL PROTECTED]; > > [email protected]; [EMAIL PROTECTED] > > Subject: Re: [openib-general] RE: [dat-discussions] round 2 - > > proposal for socket based connection model > > > > Kanevsky, Arkady wrote: > > > Correct. > > > But this does bring the question how responder CM knows > > that it need > > > to parse the private data. I suspect this will be done via > > new version > > > of CM. > > > But a suage of some of the CM REQ reserved fields are also possible. > > > Anotherwords the current CM version assumes that CM only > > supports one > > > version and there is no need to support more than 1 version. > > > > The responder knows how to parse the private data based on > > the service ID that they're listening on. This is how it's > > done today, and how it will still need to be done. What is > > the motivation to change it? > > > > What data is beyond the addressing? How does the responder > > know how to interpret that? > > > > I agree, the listener is responsible for knowing what format > the Private Data is supposed to be in. Therefore it knows in > advance what portions of it are relevant to the CM (the IP > address information and/or the ITAPI IRD/ORD pre-header). > So the listen request can specify the required CM parsing. > > But that does not prevent a non-privileged application from > forging the IP address information. These connection requests > are being presented to daemons as though they had the same > degree of authentication as address headers in an IP network > could have. The latter can be quite high when switches and > routers validate source addresses versus arriving ports.
I believe that the assurances you are talking about are peculiar to an implementation, not to the network. The CMA is what is preparing the private data header, not the app. WRT a IB CM app, it could very easily pretend to be a "CMA App" and build it's own private data that spoofed the address. How would the local CM know that it is supposed to verify this? Where is the service id/private data format mapping database? In short, I think we are mixing many different things together here. > _______________________________________________ > openib-general mailing list > [email protected] > http://openib.org/mailman/listinfo/openib-general > > To unsubscribe, please visit http://openib.org/mailman/listinfo/openib-general _______________________________________________ openib-general mailing list [email protected] http://openib.org/mailman/listinfo/openib-general To unsubscribe, please visit http://openib.org/mailman/listinfo/openib-general
