Neels Hofmeyr
4e1c680e59
Take care of two problems: - limitation of <= 1024 base chains in nftables, so far meaning we can establish at most 1024 GTP tunnel mappings. - mangling of source IP in prerouting so far meaning that the system needs to be configured to permit 'martian' packets The new ruleset separates in pre- and post-routing, so that we set a new destination IP address in pre-routing, and set a new source IP address in post-routing. Hence no problem with martian packet rejection. The new ruleset uses verdict maps, which are more efficient, and do not hit a limit of 1024 as base chains do. Before, the nft rule used one chain id. In the new ruleset, each tunmap now needs two distinct chain ids. Refactor. Related: SYS#6327 SYS#6264 Change-Id: Iccb975a1c0f8a2087f7b7dc4942a6b41f5675a13 |
||
|---|---|---|
| .. | ||
| Makefile.am | ||
| netinst.c | ||
| osmo_upf_main.c | ||
| up_endpoint.c | ||
| up_gtp_action.c | ||
| up_peer.c | ||
| up_peer_fsm.c | ||
| up_session.c | ||
| upf.c | ||
| upf_gtp.c | ||
| upf_gtpu_echo.c | ||
| upf_nft.c | ||
| upf_vty.c | ||