[openib-general] Re: Re: port_num

[Tom Tucker]

On Thu, 2006-03-16 at 04:00 +0200, Michael S. Tsirkin wrote:
> Quoting r. Tom Tucker <tom at opengridcomputing.com>:
> > Subject: RE: Re: port_num
> > 
> > BTW, I don't have any conclusion to all this, but I have a use case we
> > should be aware of....
> > 
> > The TCP port space is divided into 'trusted' and 'untrusted' ranges.
> > Some applications (NFS) look at the source port on an incoming connect
> > request and check if it is in the 'trusted' range. If it is not, the
> > connection is denied. So basically, ULP are going to want to be able to
> > reserve and specify port numbers...and this policy needs to be
> > coordinated...
> 
> With AF_INET, there's a pair of values sysctl_local_port_range
> which sets the range of ports allocated to sockets.
> 
> The lowest legal value for the range is 1024: the port numbers below  1024
> are AFAIK called reserved ports, I think this is what you refer to:
> only users with CAP_NET_BIND_SERVICE can bind them.
> 
> Since all CMA addresses are AF_INET, we can just code this into CMA.

I don't think duplicating the policy works does it? Won't the CMA _and_
the host stack will be handing out ports from the same port range, and
inevitably, they will collide?

- Kernel mode sockets app with CAP_NET_BIND_SERVICE calls connect() to
10.10.105.10:2049, 
- Stack hands out port from reserved range (1023)
- CMA app with CAP_NET_BIND_SERVICE calls rdma_connect to
10.10.105.10:2049
- CMA hands out port from reserved range (1023)
- Now you have two different apps with the same 4-tuple. 

Somehow the host stack and the CMA need to be reserving ports from the
same pool or there will be collisions.

UNLESS you keep the force the local IP addresses to be different, but
that's another story...and has it's own issues ...
> 
> 
>