Neels Hofmeyr
4e1c680e59
Take care of two problems: - limitation of <= 1024 base chains in nftables, so far meaning we can establish at most 1024 GTP tunnel mappings. - mangling of source IP in prerouting so far meaning that the system needs to be configured to permit 'martian' packets The new ruleset separates in pre- and post-routing, so that we set a new destination IP address in pre-routing, and set a new source IP address in post-routing. Hence no problem with martian packet rejection. The new ruleset uses verdict maps, which are more efficient, and do not hit a limit of 1024 as base chains do. Before, the nft rule used one chain id. In the new ruleset, each tunmap now needs two distinct chain ids. Refactor. Related: SYS#6327 SYS#6264 Change-Id: Iccb975a1c0f8a2087f7b7dc4942a6b41f5675a13 |
||
|---|---|---|
| .. | ||
| Makefile.am | ||
| netinst.h | ||
| up_endpoint.h | ||
| up_gtp_action.h | ||
| up_peer.h | ||
| up_session.h | ||
| up_session_to_gtp.c | ||
| upf.h | ||
| upf_gtp.h | ||
| upf_gtpu_echo.h | ||
| upf_nft.h | ||