So the listening server takes the IP address from the private data, uses AT to get the GID and then compares it to the GID in the connect request?
It feels to me like this private data thing is a case of the cure is worse than the disease. As I understand it, we're trying to avoid the following: server: dev = ib_get_device(10.10.1.1 /*src ip*/,0 /*dest ip*/); /* GID has IP addresses 10.10.1.1, 10.10.1.2 */ ib_listen(dev, 10.10.1.1 /* listen bind address */, 143 /* port */, 10 /* backlog */); client: dev = ib_get_device(0 /* src wildcard */, 10.10.1.2 /* dest ip*/) ib_connect(dev, 0 /*src*/, 10.10.1.2 /*dest*/, 143/*port*/, ...); The issue is that this connection will be established when the server may only want to accept requests that are targetted to the 10.10.1.1 address. I don't get why this is such a big deal. You can preclude this behavior by simply keeping a one to one mapping between the IPv4 addresses and the GIDs using the existing protocols and without mandating a private data format across *all* ulps and transports. If I'm being painfully stupid...please feel free to tell me. > -----Original Message----- > From: Sean Hefty [mailto:[EMAIL PROTECTED] > Sent: Wednesday, August 24, 2005 2:12 PM > To: Tom Tucker; Roland Dreier > Cc: openib-general@openib.org > Subject: RE: [openib-general] RDMA connection and address > translation API > > >Because it would be better to configure your network "properly". > >Putting IP addresses in private data is fundamentally insecure since > >any user mode client can spoof the IP address. > > A simple forward lookup could detect this. > > - Sean > > _______________________________________________ openib-general mailing list openib-general@openib.org http://openib.org/mailman/listinfo/openib-general To unsubscribe, please visit http://openib.org/mailman/listinfo/openib-general