Verify that skipping used IDs works for:
- PFCP UP-SEID
- GTP local TEID
- chain_id for nft rulesets -- so far expected to fail,
fix follows in I139b46de0bd15185a7a06109d55f7c759755ec81.
Related: OS#5900
Change-Id: I36acff15f22d23ade4d281c2af3eb117dfc10359
Like we do in osmo-bsc.git, gather the osmo-upf objects into a
not-installed libupf.la, so that we can trivially and flexibly link
these to regression test programs.
Will be used by upcoming patch I36acff15f22d23ade4d281c2af3eb117dfc10359
(unique_ids_test).
Change-Id: Id179a47b5d40821d86c7214add14449600198e07
We don't use the python bindings of nftables with osmo-upf, so don't
build them. Without this, it tries to build them with python2 for some
reason and since a recent nftables commit it fails with:
running install
Checking .pth file support in /build/deps/install/stow/nftables/lib/python2.7/site-packages/
/usr/bin/python -E -c pass
TEST FAILED: /build/deps/install/stow/nftables/lib/python2.7/site-packages/ does NOT support .pth files
error: bad install directory or PYTHONPATH
Change-Id: Ie172dca3e6953c353239173bca07b1f62fbf4c34
After libosmo-gtlv was dropped from configure.ac in
22006ba039, these $(LIBOSMO_GTLV_*) are
empty anyway.
Since we depend on libosmo-pfcp, there is no need to list libosmo-gtlv,
which should be implicitly included.
Change-Id: I3acd3d674e226b004101d65d47beacbbdeed0466
up_endpoint is about the PFCP endpoint, handing out local TEID is about
local GTP endpoints. Move the TEID allocation to g_upf / upf.c.
An upcoming patch will use a hash table in g_upf to speed up lookup
whether a local TEID is already in use; cosmetically prepare for that.
Change-Id: I8eae5b53c563400ddfded264678d9cfb28b6f737
Upcoming patch I8eae5b53c563400ddfded264678d9cfb28b6f737 will introduce
a g_upf->gtp sub struct for more generally GTP related things (local
TEID assignment).
Change-Id: I74df838af50f38604e2ff06cac0af11ccfdab386
Use a common struct upf_tun_ep and struct upf_tun for both tunend and
tunmap definitions, with a nicer local / remote sub-structuring.
Change-Id: I07866e2acbeb74914e1fd6f66839a5a8ae247b1e
The "desc" has no meaning, every struct is a description of its data.
The "nft" and "gtp" hint at the specific "nftables" and "GTP kernel
module" implementations. I'd rather keep it more abstract and shorter.
That serves removing dup of shared bits in an upcoming patch.
Change-Id: I15e4552a20067265abb8d2dd716861cd50270028
Some things in osmo-upf and libosmo-pfcp have changed without accounting
for that in osmo-pfcp-tool. (This tool is not that important, forgive me
for submitting various changes in one patch.)
Properly represent all of {access,core} x {local,remote} GTP F-TEIDs in
the internal osmo-pfcp-tool state.
Adjust and clarify osmo-pfcp-tool script commands.
Adjust the osmo-pfcp-tool scripts in contrib so that they work again.
Change-Id: I22cfaa4aedd465c81de85e673b9960eaf99c426b
Make the nft table owned by the osmo-upf process, so that any kind of
graceful or ungraceful exit will drop all tunmap rules implicitly.
Related: SYS#6327 SYS#6264
Change-Id: Ia26bb295849905ccfeaec801d7b187bf85f21366
Take care of two problems:
- limitation of <= 1024 base chains in nftables, so far meaning we can
establish at most 1024 GTP tunnel mappings.
- mangling of source IP in prerouting so far meaning that the system
needs to be configured to permit 'martian' packets
The new ruleset separates in pre- and post-routing, so that we set a new
destination IP address in pre-routing, and set a new source IP address
in post-routing. Hence no problem with martian packet rejection.
The new ruleset uses verdict maps, which are more efficient, and do not
hit a limit of 1024 as base chains do.
Before, the nft rule used one chain id. In the new ruleset, each tunmap
now needs two distinct chain ids. Refactor.
Related: SYS#6327 SYS#6264
Change-Id: Iccb975a1c0f8a2087f7b7dc4942a6b41f5675a13
Instead of logging a full nft chain/rule name like 'tunmap123', log only
the id '123'.
Rationale: with the new nft rulesets, there will be four distinct
identifiers:
tunmap-pre-123a
tunmap-pre-123b
tunmap-post-123a
tunmap-post-123b
so let's simplify.
Related: SYS#6327 SYS#6264
Change-Id: Ic46ae5bd824a211668d4ac9a77b3597eaca17146
Subsequent patch will refactor the tunmap nft ruleset. Instead of
adapting the 'tunmap append' feature to the new ruleset, rather drop
this feature entirely.
The 'nft rule tunmap append' was intended for enabling 'trace' in the
nft ruleset. However, the same can be achieved via the nft cmdline tool.
For example:
sudo nft 'add chain filter trace_chain { type filter hook prerouting priority -301; }'
sudo nft 'add rule filter trace_chain meta nftrace set 1'
Related: SYS#6327 SYS#6264
Change-Id: I1ae36f2f520217254c81fd765d27333ff0f457b2
upf_gtp.h is for the GTP kernel module interaction. The GTP port numbers
are also relevant for the netfilter part, upf_nft.h. An upcoming patch
will use PORT_GTP1_U in the nft ruleset.
Related: SYS#6327 SYS#6264
Change-Id: I37d13cfee225c7ee2cc45525b76d9579d65e847c
Upon copying a PFCP msg struct for the 'retrans' command, make sure the
copy has no pointers that may go stale.
Change-Id: I4278d1c6b6da48a10d72955d9b070790d631c664
osmo_pfcp_endpoint_tx() deallocates the PFCP msg on error. Make sure
osmo-upf doesn't use the PFCP msg after passing it to
osmo_pfcp_endpoint_tx().
Change-Id: Ibb666d62b8469dbf0b13cdf25e6912c02fbc4fa9
Implement handling of the Network Instance IEs from PFCP for tunend,
like already done for tunmap.
In 'tunend' cfg, allow indicating a local GTP address for both 'dev
create' and 'dev use'. Select a GTP device by the local address the
Network Instance IE in PFCP PDR indicates.
Related: SYS#6192
Change-Id: I376c09bfc1844df1e61d2efac17561fac614858b
This 'accept' is not an optional addition, it should always be present.
(Just saying because previous patch added a VTY command to configure
additions to the rules, and this patch is orthogonal to that.)
Related: OS#5810
Change-Id: I129133cc5d7180ce3761d5604d602d23a5ef9825
It can be useful to add 'meta nftrace set 1' to nftables rules to help
analysis / site debugging. Add the possibility to do this by cfg.
Instead of adding the fixed string of 'meta nftrace set 1', allow
appending arbitrary strings to the nftables rules, to accomodate any
other future tweaks that may be useful.
Related: SYS#6192
Change-Id: Ia1fac67108902a48b43d8d1dc184ccf541fd9ba8
Add VTY command to print out an nftables ruleset that osmo-upf produces,
with arbitrary IP addrs / TEIDs inserted. This allows tracking in *.vty
tests how the nftables rulesets are changed by patches.
future:
- Adding the 'tunmap' keyword to allow adding show commands for
different uses of nftables.
- Adding the 'example' keyword to allow adding show commands for
actual tunmap IDs / PFCP session IDs / ...
- Matches upcoming vty commands
'nft-rule tunmap append .NFT_RULE'
'no nft-rule tunmap append'
'show nft-rule tunmap append'
Add new separate nft-rule.vty -- more to come here in upcoming patch.
Change-Id: I9b57aa492c051e480c9bd819ae58f8f59a13af40
Separate string composition of the nftables ruleset from the actual
actvation of the ruleset to nftables.
For a 'show' VTY command added in upcoming patch, I'd like to be able to
vty_out() an nftables rule set. Provide API for that.
Change-Id: I0124a68ccf1ac7b90c5cc32d0cbf58d0cc219ccc
Assert that all port numbers in osmo_sockaddr parts of up_gtp_action are
zero: uncover code paths that leak port numbers into the gtp_action API.
GTP and UE addresses have no port information. Port numbers in GTP,UE
addresses stored in struct osmo_sockaddr should be zero, so that
- to-string conversion via osmo_sockaddr_to_str_c() returns only an IP
address: for nftables rules and logging.
- osmo_sockaddr_cmp() matches on identical IP addresses "only", without
the port numbers causing mismatches: for finding tunnels and devs.
Change-Id: If49f1e82e8cb92b7225e85a7c3b059e0f7f92fa3
Make sure an assigned id is not overwritten.
So far this function was guaranteed to be called only once. But I would
like to allow getting the nftables ruleset string more than once in a
future patch. Prepare that.
Change-Id: I4e8c48c01fb2f5d4cfd223fe03abbf15b1a55670
also cosmetic: put the line ending in a separate PRINTF so that adding
or removing items to the rule in future patches does not affect the line
ending.
Change-Id: I6ff6f59fb24a18596aa60848fb00ac70deb1985f
At first, this mostly improves logging of GTP actions.
Subsequently, we will use these to:
- for tunend, pick a GTP device based on the local interface.
- for tunmap, change the netfilter rules to match on the *local* GTP
address instead of the remote one.
Related: SYS#6192
Change-Id: I8488c478c4790d3882b22dcdb1f127838e23dd7b
Fix parsing of the Update FAR information so that a Session Modification
Request properly causes a GTP action to become active:
Add missing forw_params_present = true, and copy the information from
the incoming message instead of the current state.
Related: SYS#6192
Change-Id: I2a2c015d5615bb461b4d7b476a7c9830dc8e130f
Add 'netinst' config section to osmo-upf.cfg, to define Network Instance
name to local IP address mappings.
For the tunmap use case (forwarding GTP tunnels), heed the Network
Instance IEs in PFCP session creation and return IP addresses in F-TEIDs
accordingly.
Related: SYS#6192
Related: I37bebc7d6ef75c3e6ae05e81b83a1b5895839a64 (osmo-ttcn3-hacks)
Change-Id: I15ee046a1c37b83b8a83527a67a6215a30106d81