prov/tcp: Add support for egress TCP port range

There is a need (e.g. firewall rule) to limit TCP ports used for active connections. Add FI_TCP_EGRESS_PORT_LOW_RANGE and FI_TCP_EGRESS_PORT_HIGH_RANGE environment variables to specify the port range for active connections. If a port is specified for the active connection, it will be used over the specified range. This is the same behavior as passive connection. Signed-off-by: Chien Tin Tung <chien.tin.tung@intel.com>
ofiwg · May 3, 2024 · 4402fd3 · 4402fd3
1 parent a34268e
commit 4402fd3
Show file tree

Hide file tree

Showing 4 changed files with 51 additions and 17 deletions.
diff --git a/prov/tcp/src/xnet.h b/prov/tcp/src/xnet.h
@@ -105,6 +105,7 @@ void xnet_init_infos(void);
 extern struct fi_fabric_attr	xnet_fabric_attr;
 extern struct fi_info		xnet_srx_info;
 extern struct xnet_port_range	xnet_ports;
+extern struct xnet_port_range	xnet_egress_ports;
 
 extern int xnet_nodelay;
 extern int xnet_staging_sbuf_size;
@@ -171,6 +172,8 @@ void xnet_connect_done(struct xnet_ep *ep);
 void xnet_req_done(struct xnet_ep *ep);
 int xnet_send_cm_msg(struct xnet_ep *ep);
 void xnet_uring_req_done(struct xnet_ep *ep, int res);
+int xnet_bind_to_port_range(SOCKET sock, void* src_addr, size_t addrlen,
+			    struct xnet_port_range *range);
 
 /* Inject buffer space is included */
 union xnet_hdrs {

diff --git a/prov/tcp/src/xnet_ep.c b/prov/tcp/src/xnet_ep.c
@@ -783,18 +783,23 @@ int xnet_endpoint(struct fid_domain *domain, struct fi_info *info,
 		if (!xnet_io_uring)
 			xnet_set_zerocopy(ep->bsock.sock);
 
-		if (info->src_addr && (!ofi_is_any_addr(info->src_addr) ||
-					ofi_addr_get_port(info->src_addr))) {
-
-			if (!ofi_addr_get_port(info->src_addr)) {
-				xnet_set_no_port(ep->bsock.sock);
+		if (info->src_addr && !ofi_is_any_addr(info->src_addr)) {
+			 if (ofi_addr_get_port(info->src_addr) ||
+			     xnet_egress_ports.high == 0) {
+				if (!ofi_addr_get_port(info->src_addr))
+					xnet_set_no_port(ep->bsock.sock);
+
+				ret = bind(ep->bsock.sock, info->src_addr,
+					(socklen_t) info->src_addrlen);
+				if (ret)
+					ret = -ofi_sockerr();
+			} else {
+				ret = xnet_bind_to_port_range(ep->bsock.sock, info->src_addr,
+						      info->src_addrlen, &xnet_egress_ports);
 			}
 
-			ret = bind(ep->bsock.sock, info->src_addr,
-				(socklen_t) info->src_addrlen);
 			if (ret) {
 				FI_WARN(&xnet_prov, FI_LOG_EP_CTRL, "bind failed\n");
-				ret = -ofi_sockerr();
 				goto err3;
 			}
 		}

diff --git a/prov/tcp/src/xnet_init.c b/prov/tcp/src/xnet_init.c
@@ -57,6 +57,11 @@ struct xnet_port_range xnet_ports = {
 	.high = 0,
 };
 
+struct xnet_port_range xnet_egress_ports = {
+	.low  = 0,
+	.high = 0,
+};
+
 int xnet_nodelay = -1;
 
 int xnet_staging_sbuf_size = 9000;
@@ -108,6 +113,24 @@ static void xnet_init_env(void)
 		xnet_ports.high = 0;
 	}
 
+	fi_param_define(&xnet_prov, "egress_port_low_range", FI_PARAM_INT,
+			"define egress port low range");
+	fi_param_define(&xnet_prov, "egress_port_high_range", FI_PARAM_INT,
+			"define egress port high range");
+	fi_param_get_int(&xnet_prov, "egress_port_high_range", &xnet_egress_ports.high);
+	fi_param_get_int(&xnet_prov, "egress_port_low_range", &xnet_egress_ports.low);
+
+	if (xnet_egress_ports.high > XNET_PORT_MAX_RANGE)
+		xnet_egress_ports.high = XNET_PORT_MAX_RANGE;
+
+	if (xnet_egress_ports.low < 0 || xnet_egress_ports.high < 0 ||
+	    xnet_egress_ports.low > xnet_egress_ports.high) {
+		FI_WARN(&xnet_prov, FI_LOG_EP_CTRL,"User provided "
+			"egress port range invalid. Ignoring. \n");
+		xnet_egress_ports.low  = 0;
+		xnet_egress_ports.high = 0;
+	}
+
 	fi_param_define(&xnet_prov, "tx_size", FI_PARAM_SIZE_T,
 			"define default tx context size (default: %zu)",
 			xnet_default_tx_size);

diff --git a/prov/tcp/src/xnet_pep.c b/prov/tcp/src/xnet_pep.c
@@ -101,20 +101,23 @@ static struct fi_ops xnet_pep_fi_ops = {
 	.ops_open = fi_no_ops_open,
 };
 
-static int xnet_bind_to_port_range(SOCKET sock, void* src_addr, size_t addrlen)
+int xnet_bind_to_port_range(SOCKET sock, void* src_addr, size_t addrlen,
+			    struct xnet_port_range *range)
 {
-	int ret, i, rand_port_number;
+	int ret, i, rand_port_number, high, low;
 	static uint32_t seed;
+
+	high = range->high;
+	low = range->low;
 	if (!seed)
 		seed = ofi_generate_seed();
 
 	rand_port_number = ofi_xorshift_random_r(&seed) %
-			   (xnet_ports.high + 1 - xnet_ports.low) +
-			   xnet_ports.low;
+			   (high + 1 - low) + low;
 
-	for (i = xnet_ports.low; i <= xnet_ports.high; i++, rand_port_number++) {
-		if (rand_port_number > xnet_ports.high)
-			rand_port_number = xnet_ports.low;
+	for (i = low; i <= high; i++, rand_port_number++) {
+		if (rand_port_number > high)
+			rand_port_number = low;
 
 		ofi_addr_set_port(src_addr, (uint16_t) rand_port_number);
 		ret = bind(sock, src_addr, (socklen_t) addrlen);
@@ -129,7 +132,7 @@ static int xnet_bind_to_port_range(SOCKET sock, void* src_addr, size_t addrlen)
 		}
 		break;
 	}
-	return (i <= xnet_ports.high) ? FI_SUCCESS : -FI_EADDRNOTAVAIL;
+	return (i <= high) ? FI_SUCCESS : -FI_EADDRNOTAVAIL;
 }
 
 static int xnet_pep_sock_create(struct xnet_pep *pep)
@@ -175,7 +178,7 @@ static int xnet_pep_sock_create(struct xnet_pep *pep)
 			ret = -ofi_sockerr();
 	} else {
 		ret = xnet_bind_to_port_range(pep->sock, pep->info->src_addr,
-					      pep->info->src_addrlen);
+					      pep->info->src_addrlen, &xnet_ports);
 	}
 
 	if (ret) {