The ordering of the error case exit was wrong and would
attempt to release the wrong socket.
Signed-off-by: Andreas Schultz <aschultz@tpip.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This add basic network namespace support by changing to global
gtp_instance_list into a pre namespace list.
Before this change all pdp context would be visible from all
network namespaces, now only the namespace that they belong too,
can see them.
Also selectively destroy all gtp devices when a namespace is
destroyed.
Signed-off-by: Andreas Schultz <aschultz@tpip.net>
Signed-off-by: Pablo Neira Ayuso <pablo@soleta.eu>
Remove the support for genl_register_family_with_ops for
Linux < 3.13. Also reorder the initialization to be more
in line with similar modules.
Signed-off-by: Andreas Schultz <aschultz@tpip.net>
Signed-off-by: Pablo Neira Ayuso <pablo@soleta.eu>
Use the corresponding hash function depending on the version
type. Using ipv4_hashfn was working with GTPv1 because the
TEI is also 32-bits, bit GTPv0 was broken.
Add some instruction in the proper way that can be enabled on the
demand to debug problems. Let's make it quite verbose at this stage
to relax this later.
Make sure debugfs is mounted:
# mount -t debugfs nodev /sys/kernel/debug
To enable:
echo -n 'file gtp.c +p' > /sys/kernel/debug/dynamic_debug/control
To disable:
echo -n 'file gtp.c -p' > /sys/kernel/debug/dynamic_debug/control
More information here on how to use this: http://lwn.net/Articles/434856/
This function allows you to check if there is a MS address or TEID
that already exists in the gtp forwarding base in a very fast way,
without having to dump the entire forwarding base and doing a search
from userspace.
With this fix, osmo-sgsn doesn't ignore our tunneled packet
anymore. It was complaining about incorrect packet length
for received packets.
And osmo-ggsn is working in my testbed :-).
TS 29.060 expresses thing is a quite complicated way just to say
that if any of the optional fields is there, then all optional
fields become mandatory :-).
"This field shall be present if and only if any one or more of the S,
PN and E flags are set.".
So, if any flag is set, we *always* have 4 extra bytes.
We cannot strip the UDP header until we are sure that this is
a data packet, otherwise this passes a malformed packet to
userspace. The header stripping is now the very last operation
in the processing of GTP packets.
openggsn already sets up the UDP sockets that we need for the control
and user planes of GTP. Since we cannot bind two UDP sockets (one from
userspace and another from the kernel) to the same port, change the
current code to pass the socket descriptors that has been allocated
by openggsn (or whatever daemon which uses the GTP kernel
infrastructure).
Two new attributes are added to set up the tunnel device: IFLA_GTP_FD0
(for GTP0) and IFLA_GTP_FD1 (for GTP1u), which specify the UDP socket
created from userspace. Thus, the GTP kernel code only takes care of
enabling the kernel UDP encapsulation routine.
* Conditional check if we can pull the extensions (if any).
* Pull the GTPv1 header (8 bytes) and the extensions (if any).
Tested with emulated replayed pcap traffic, works for me.
Don't use the inner header frag_off, this breaks GTP with fragments.
Instead, inconditionally set the DF flag, this should force us to
fragment the GTP traffic and I think this should also help with wrong
network topologies that result in network loops (that may
encapsulated GTP traffic over and over again).
Other tunnel implementation allows you to configure this.
This patch converts GTP_CMD_CFG_* genetlink commands to rtnl to
configure the socket address and the hashtable. The trick is to
use a workqueue to configure the socket.
This simplifies the netlink interface, now we have two:
* One to bring up the interface and the socket via rtnl.
* Another to configure tunnels / GTP version.
Before the socket configuration was separated from the the device
setup, which was sloppy.
Don't get confused with big GSO packets, we should not send
icmp frag needed as the temporary internal mtu of the linux
stack is not bounded to the real device mtu.
Fix MTU handling by using the real device hardware address length
and substract the IP header + UDP header + GTPvX header.
While at it, remove flags that are not required to be reset.
This patch refactorizes the xmit path to consolidate the common
handling and move the specific IPv4/IPv6 handling to helper
functions. The IPv6 support is incomplete though.
This patch adds the struct gtp_pktinfo that contains the context
information for tunneling this packet. This should help to avoid
functions with lots of parameters.
Tested with IPv4, still working.