Jason Gunthorpe wrote:
If you disable all packet filtering and you have two hosts
[10.0.0.1 and 10.0.0.2] doing the following on .2:
ip route add 127.0.0.1 via 10.0.0.1 dev eth0
telnet -b 10.0.0.2 127.0.0.1
And it will connect to .1's server. Turn rp_filter back on and it will
stop working again.
Thanks - I'll give this a try and see what happens.
From an admin perspective it seems to me the proper thing for CMA to
do for outgoing would be:
- Connections with a 0 source use the destination info to consult
the routing table to assign the correct source address
This is the current behavior.
- Then consult the route table with a full tuple
<src,dst,sport,dport,tclass,etc> to determine what device to send
out on
Is it necessary to access the routing table twice? With IB, once a source
address is obtained from the step above, it's mapped to a local IB device, and
the connection is established from that RDMA device.
Basically I'd expect all the advanced routing features in linux,
including policy routing, to work properly for RMDA connections.
I agree, that would be ideal.
For incoming I'd expect:
- Incoming connections *optimally* would include the src socket
information so that that various policy mechanisms will work.
Source address information is provided, but to be clear, we're not using
sockets.
- Then the src/dst should run through the policy stuff to see if the
connection request should be dropped
This is not handled. I would need to see how to enable these checks.
- Finally a full tuple route table lookup is done to ensure that a
outgoing route exists with the proper outgoing device. (Even if it
isn't the shortest prefix or lowest metric route)
This is also not yet done.
Thanks for the feedback.
- Sean
_______________________________________________
openib-general mailing list
[email protected]
http://openib.org/mailman/listinfo/openib-general
To unsubscribe, please visit http://openib.org/mailman/listinfo/openib-general
