cellular-infrastructure
/
osmo-upf
mirror of https://gerrit.osmocom.org/osmo-upf
9
0
Fork 0
Code Issues Projects Releases Wiki Activity
105 Commits 13 Branches 1 Tag 2 MiB
Commit Graph

7 Commits

Author SHA1 Message Date
Neels Hofmeyr 091603c4a4 deprecate cfg 'nft rule tunmap append' 
Subsequent patch will refactor the tunmap nft ruleset. Instead of
adapting the 'tunmap append' feature to the new ruleset, rather drop
this feature entirely.

The 'nft rule tunmap append' was intended for enabling 'trace' in the
nft ruleset. However, the same can be achieved via the nft cmdline tool.
For example:

 sudo nft 'add chain filter trace_chain { type filter hook prerouting priority -301; }'
 sudo nft 'add rule filter trace_chain meta nftrace set 1'

Related: SYS#6327 SYS#6264
Change-Id: I1ae36f2f520217254c81fd765d27333ff0f457b2
 2023-02-09 00:13:08 +01:00
Neels Hofmeyr 8525c49c5d add cfg: tunmap / nft-rule append 
It can be useful to add 'meta nftrace set 1' to nftables rules to help
analysis / site debugging. Add the possibility to do this by cfg.

Instead of adding the fixed string of 'meta nftrace set 1', allow
appending arbitrary strings to the nftables rules, to accomodate any
other future tweaks that may be useful.

Related: SYS#6192
Change-Id: Ia1fac67108902a48b43d8d1dc184ccf541fd9ba8
 2022-12-09 18:28:19 +01:00
Neels Hofmeyr eb8361f4c5 nft: allow to get the ruleset string without running 
Separate string composition of the nftables ruleset from the actual
actvation of the ruleset to nftables.

For a 'show' VTY command added in upcoming patch, I'd like to be able to
vty_out() an nftables rule set. Provide API for that.

Change-Id: I0124a68ccf1ac7b90c5cc32d0cbf58d0cc219ccc
 2022-12-09 18:28:19 +01:00
Neels Hofmeyr 08af1f15f8 nft: ensure to assign rule id only once 
Make sure an assigned id is not overwritten.

So far this function was guaranteed to be called only once. But I would
like to allow getting the nftables ruleset string more than once in a
future patch. Prepare that.

Change-Id: I4e8c48c01fb2f5d4cfd223fe03abbf15b1a55670
 2022-12-09 18:28:19 +01:00
Neels Hofmeyr 629647a535 in GTP actions, also store local GTP addrs 
At first, this mostly improves logging of GTP actions.

Subsequently, we will use these to:
- for tunend, pick a GTP device based on the local interface.
- for tunmap, change the netfilter rules to match on the *local* GTP
  address instead of the remote one.

Related: SYS#6192
Change-Id: I8488c478c4790d3882b22dcdb1f127838e23dd7b
 2022-12-09 17:25:58 +00:00
Neels Hofmeyr 06482c6554 implement GTP tunnel mapping via netfilter 
Implement support for PFCP rulesets that ask for mapping a GTP tunnel:
forwarding GTP payload between two GTP tunnels.

For a GTP tunnel mapping, dispatch netfilter rules that detect GTP
packets with a given source address and TEID, and replace the TEID and
destination address according to the PFCP ruleset.

The netfilter implementation is chosen to effect the packet rewriting
and forwarding to take place directly in the kernel, for high throughput
of GTP packets.

Related: SYS#5599
Change-Id: Ic0d319eb4f98cd51a5999c804c4203ab0bdda650
 2022-07-20 17:08:53 +02:00
Neels Hofmeyr 2eeec08d1e add osmo-upf 
Related: SYS#5599
Change-Id: I745bcbde6859004c41ddbfd2558036bf9a2d1de2
 2022-06-19 14:13:28 +02:00