Quoting r. Roland Dreier <[EMAIL PROTECTED]>: > It would make perfect sense to take a couple of the reserved bits in > the CM REQ format and turn them into an "IP address present" field (a > couple of bits so we can distinguish between v4 and v6). When this > field is set, then the first (or last, or whatever) 32 bytes of the > private data would hold the source and destination IP address.
Wouldnt it be better to use some bits in the service ID field for this? > Having this standardized also gives us the ability to deal with the > concerns around connections initiated in userspace. The kernel proxy > for the user CM can make sure that any REQs sent with the "IP address > present" field set actually has an IP assigned to the local system. > Remote systems would still need to treat CM messages from QPs other > than QP 1 as untrusted. Actually, it might already make sense to implement something like this for ucm: anything with service ID 0x0000 0000 0001 XXXX is SDP and should be kernel only. Does this make sense? > Of course for real security some stronger authentication is needed in > any case (even in the iWARP case the source IP can't be trusted; an > attacker could DOS the real owner of the IP, flood the switches MAC > tables so it becomes a hub, and then take over any IP it wants). > > The only unfortunate thing about all this is that the SDP Hello > message format is already frozen, and it seems a little too > specialized for generic use (eg we don't want a "Max Zcopy > Advertisements" field). It's somewhat ugly, but still possible to leave the IP address where it is in the SDP Hello message, in the middle of the private data field. Alternatively, special-casing SDP for the sake of backward compatibility would not be too bad. -- MST _______________________________________________ openib-general mailing list openib-general@openib.org http://openib.org/mailman/listinfo/openib-general To unsubscribe, please visit http://openib.org/mailman/listinfo/openib-general