[EMAIL PROTECTED] wrote: > From: Tom Tucker <[EMAIL PROTECTED]> > Date: Wed, 05 Jul 2006 12:09:42 -0500 > >> "A TOE net stack is closed source firmware. Linux engineers have no >> way to fix security issues that arise. As a result, only non-TOE >> users will receive security updates, leaving random windows of >> vulnerability for each TOE NIC's users." >> >> - A Linux security update may or may not be relevant to a vendors >> implementation. >> >> - If a vendor's implementation has a security issue then the customer >> must rely on the vendor to fix it. This is no less true for iWARP >> than for any adapter. > > This isn't how things actually work. > > Users have a computer, and they can rightly expect the > community to help them solve problems that occur in the > upstream kernel. > > When a bug is found and the person is using NIC X, we don't > necessarily forward the bug report to the vendor of NIC X. > Instead we try to fix the bug. Many chip drivers are > maintained by people who do not work for the company that > makes the chip, and this works just fine. > > If only the chip vendor can fix a security problem, this > makes Linux less agile to fix. Even aspect of a problem on a > Linux system that cannot be fixed entirely by the community > is a net negative for Linux. > >> - iWARP needs to do protocol processing in order to validate and >> evaluate TCP payload in advance of direct data placement. This >> requirement is independent of CPU speed. > > Yet, RDMA itself is just an optimization meant to deal with > limitations of cpu and memory speed. You can rephrase the > situation in whatever way suits your argument, but it does > not make the core issue go away :) >
RDMA is a protocol that allows the application to more precisely state the actual ordering requirements. It improves the end-to-end interactions and has value over a protocol with only byte or message stream semantics regardless of local interface efficiencies. See http://ietf.org/internet-drafts/draft-ietf-rddp-applicability-08.txt In any event, isn't the value of an RDMA interface to applications already settled? The question is how best to deal integrate the usage of IP addresses with the kernel. The inability to validate the low-level packet validation in open source code is a limitation of *all* RDMA solutions, the transport layer of InfiniBand is just as offloaded as it is for iWARP. The patches proposed are intended to support integrated connection management for RDMA connections using IP addresses, no matter what the underlying transport is. The only difference is that *all* iWARP connections use IP addresses. - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
