mirror of
https://gitea.osmocom.org/cellular-infrastructure/osmo-upf.git
synced 2025-10-23 00:02:03 +00:00
0d96ea1730
We see GTP-U originating from ports other than 2152 in the field. When
osmo-upf forwards these, we want to forward from our GTP-U port 2152,
since that is the only port osmo-upf has bound for GTP-U (for echo).
According to 3GPP TS 29.060, the *destination* port for GTP-U shall be
2152 -- but the source port is apparently allowed to be different.
Before this patch, we would forward GTP-U like this:
3.3.3.3:33333 -> (3.3.3.4:2152 UPF 2.2.2.2:33333) -> 1.1.1.1:2152
^^^^^
Instead we want to always send from UDP source port 2152:
3.3.3.3:33333 -> (3.3.3.4:2152 UPF 2.2.2.2:2152) -> 1.1.1.1:2152
^^^^
This hasn't shown up before because so far all GTP-U peers we saw
consistently used source port 2152.
Related: SYS#6773
Change-Id: Idaf43f1c2b915846b50a8b97305f0229e34ad539
47 lines
2.3 KiB
Plaintext
47 lines
2.3 KiB
Plaintext
OsmoUPF> enable
|
|
OsmoUPF# configure terminal
|
|
OsmoUPF(config)# tunmap
|
|
|
|
OsmoUPF(config-tunmap)# show nft-rule tunmap example
|
|
% init verdict map:
|
|
add table inet osmo-upf { flags owner; };
|
|
|
|
add chain inet osmo-upf pre { type filter hook prerouting priority -300; policy accept; };
|
|
add chain inet osmo-upf post { type filter hook postrouting priority 400; policy accept; };
|
|
add map inet osmo-upf tunmap-pre { typeof ip daddr . @ih,32,32 : verdict; };
|
|
add map inet osmo-upf tunmap-post { typeof meta mark : verdict; };
|
|
add rule inet osmo-upf pre udp dport 2152 ip daddr . @ih,32,32 vmap @tunmap-pre;
|
|
add rule inet osmo-upf post meta mark vmap @tunmap-post;
|
|
|
|
% add tunmap:
|
|
% ACCESS 1.1.1.1:0x102 <---> 2.2.2.1:0x201 UPF 2.2.2.3:0x203 <---> 3.3.3.3:0x302 CORE
|
|
add chain inet osmo-upf tunmap-pre-123;
|
|
add rule inet osmo-upf tunmap-pre-123 ip daddr set 3.3.3.3 meta mark set 123 counter accept;
|
|
add chain inet osmo-upf tunmap-post-123;
|
|
add rule inet osmo-upf tunmap-post-123 ip saddr set 2.2.2.3 udp sport set 2152 @ih,32,32 set 0x302 counter accept;
|
|
add element inet osmo-upf tunmap-pre { 2.2.2.1 . 0x201 : jump tunmap-pre-123 };
|
|
add element inet osmo-upf tunmap-post { 123 : jump tunmap-post-123 };
|
|
add chain inet osmo-upf tunmap-pre-321;
|
|
add rule inet osmo-upf tunmap-pre-321 ip daddr set 1.1.1.1 meta mark set 321 counter accept;
|
|
add chain inet osmo-upf tunmap-post-321;
|
|
add rule inet osmo-upf tunmap-post-321 ip saddr set 2.2.2.1 udp sport set 2152 @ih,32,32 set 0x102 counter accept;
|
|
add element inet osmo-upf tunmap-pre { 2.2.2.3 . 0x203 : jump tunmap-pre-321 };
|
|
add element inet osmo-upf tunmap-post { 321 : jump tunmap-post-321 };
|
|
|
|
% delete tunmap:
|
|
delete element inet osmo-upf tunmap-pre { 2.2.2.1 . 0x201 };
|
|
delete element inet osmo-upf tunmap-post { 123 };
|
|
delete chain inet osmo-upf tunmap-pre-123;
|
|
delete chain inet osmo-upf tunmap-post-123;
|
|
delete element inet osmo-upf tunmap-pre { 2.2.2.3 . 0x203 };
|
|
delete element inet osmo-upf tunmap-post { 321 };
|
|
delete chain inet osmo-upf tunmap-pre-321;
|
|
delete chain inet osmo-upf tunmap-post-321;
|
|
|
|
OsmoUPF(config-tunmap)# show nft-rule tunmap append
|
|
% deprecated config option: 'show nft-rule tunmap append'
|
|
OsmoUPF(config-tunmap)# nft-rule tunmap append meta nftrace set 1
|
|
% deprecated config option: 'nft-rule tunmap append'
|
|
OsmoUPF(config-tunmap)# no nft-rule tunmap append
|
|
% deprecated config option: 'no nft-rule tunmap append'
|