l free to reach out to Oliver
and/or me.
Regards,
Harald
--
- Harald Weltehttp://laforge.gnumonks.org/
"Privacy in residential applications is a desirable marketing option."
(ETSI EN 300 175-7 Ch. A6)
7;s
> nothing in the code to account for that.
Full ACK from my side here. Setting arbitrary bits in the GTP flags without
then actually encoding the required additional bits that those flags require
will produce broken packets.
On Sat, Jan 23, 2021 at 08:59:12PM +0100, Jonas Bonn wrote:
> Signed-off-by: Jonas Bonn
Acked-by: Harald Welte
--
- Harald Weltehttp://laforge.gnumonks.org/
"Privacy in residential applicati
On Sat, Jan 23, 2021 at 08:59:05PM +0100, Jonas Bonn wrote:
> Signed-off-by: Jonas Bonn
Acked-by: Harald Welte
--
- Harald Weltehttp://laforge.gnumonks.org/
"Privacy in residential applicati
Dear Jonas,
thanks for your effort in breaking this down into more digestible chunks
for further review.
> Signed-off-by: Jonas Bonn
Acked-by: Harald Welte
--
- Harald Weltehttp://laforge.gnumonks.
lines touched vs. size of the driver) like
this flow-based tunneling change.
Yes, I should have communicated better, that clearly was my fault. But
I was operating under the assumption that code only gets merged if the
maintainers actually ACK it. At least that's how I remember it from
my more a
low that process to happen.
Also acknowledged and supported from my side.
--
- Harald Weltehttp://laforge.gnumonks.org/
"Privacy in residential applic
Thanks for the patch.
Can you please point me to any open source user space program that can be used
to validate/verify this feature?
--
Sent from a mobile device. Please excuse my brevity.
or of intrducing proper IPv6 support
(including v4v6) in one go.
Regards,
Harald
--
- Harald Weltehttp://laforge.gnumonks.org/
"Privacy in resi
v4 and v6 in the same PDP context.
For the "peer" (outer) address, I think it is correct to assume only either v4
or v6.
But for the inner "ms" address, it is not.
Regards,
Harald
--
- Harald Weltehttp
ely no reason why a GTP kernel module
would have a mandatory dependency on IPv6.
--
- Harald Weltehttp://laforge.gnumonks.org/
"Privacy in residential ap
Hi Jonas,
On Fri, Dec 11, 2020 at 01:26:02PM +0100, Jonas Bonn wrote:
> Querying link info for the GTP interface doesn't reveal in which "role" the
> device is set to operate. Include this information in the info query
> result.
>
> Signed-off-by: Jonas
out some kind of way how the user (GTP-control instance) being
able to decide on that policy.
--
- Harald Weltehttp://laforge.gnumonks.org/
"Privacy in residential applications is a desirable marketing
On Fri, Dec 11, 2020 at 01:26:03PM +0100, Jonas Bonn wrote:
> Blindly assuming that packet transmission crosses namespaces results in
> skb marks being lost in the single namespace case.
>
> Signed-off-by: Jonas Bonn
Acked-by: Harald Welte
--
- Harald Welte
On Fri, Dec 11, 2020 at 01:26:05PM +0100, Jonas Bonn wrote:
> Set the devtype to 'gtp' when setting up the link.
>
> Signed-off-by: Jonas Bonn
Acked-by: Harald Welte
--
- Harald Weltehttp://l
#x27;s only a skb_dst_set (which doesn't call skb_dst_drop
internally)
--
- Harald Weltehttp://laforge.gnumonks.org/
"Privacy in residential applications is a des
an initial MTU for the GTP link of 1500 less worst-case
> tunnel overhead.
Thanks, LGTM. I would probably have gone to a #define or a 'const' variable,
but I guess compilers should be smart enough to figure out that this is
static at compile time even the way you wrote it.
Acked-by:
Looks good to me.
On Wed, Nov 04, 2020 at 03:27:47PM +0100, Heiner Kallweit wrote:
> Replace ip_tunnel_get_stats64() with the new identical core fucntion
> dev_get_tstats64().
>
> Signed-off-by: Heiner Kallweit
Acked-by: Harald Welte
--
- Harald Weltehttp://laforge.
where every single cellular equipment maker
uses Linux, but the most relevant real open source projects in the industry
are run by small enthusiast or very small players...
Regards,
Harald
--
- Harald Weltehttp://laforge.gnumonks.org/
=
heck
https://git.osmocom.org/osmo-ggsn/tree/lib/gtp-kernel.c for the libgtpnl
interface and https://git.osmocom.org/osmo-ggsn/tree/ggsn/ggsn.c for the
hearth of the logic, including the calls to the gtp_kernel_tunnel_*() API.
Hope this hel
On Mon, Oct 05, 2020 at 10:35:46PM +0200, Fabian Frederick wrote:
> use new helper for netstats settings
Acked-by: Harald Welte
--
- Harald Weltehttp://laforge.gnumonks.org/
"Privacy in res
bearers and QoS classes, for sure you need something
more advanced in terms of classification of packets.
Regards,
Harald
--
- Harald Weltehttp://laforge.gnumonks.org/
==
stem stat-up time.
'b' is performed frequently during runtime as the GGSN/P-GW function runs, as
subscribers attach to / detach from the cellular network.
By differentiating between those two, one could further constrain the
permissions
required at runtime.
Hi Nicolas,
On Thu, Aug 27, 2020 at 12:36:24AM +0200, Nicolas Dichtel wrote:
> Le 26/08/2020 à 20:52, Harald Welte a écrit :
> > Wouldn't it make sense to only allocate + fill those messages if we
> > actually knew a subscriber existed?
>
> In fact, this is actually
that multicast group.
Wouldn't it make sense to only allocate + fill those messages if we
actually knew a subscriber existed?
--
- Harald Weltehttp://laforge.gnumonks.org/
"Privacy in reside
, the
state
is highly volatile. Every time a subscriber registers/deregisters, goes in or
out of
coverage, in or out of airplane mode, etc. those PDP contexts go up and down.
Sending (unsolicited) notifications about all of those seems quite heavyweight
to me.
--
- Harald Welte
ll supported
stable kernel series (picked up hopefully distributions) that makes those
older kernels accept a larger-length sctp_event_subscribe structure from
userspace, *if* any of the additional members are 0 (memcmp the
difference between old and new).
Regards,
Harald
-
Dear Linux SCTP developers,
On Sun, Apr 19, 2020 at 12:25:36PM +0200, Harald Welte wrote:
> this patchset (merged back in Q4/2019) has broken ABI compatibility, more
> or less exactly as it was discussed/predicted in Message-Id
> <20190206201430.18830-1-jul...@arista.com>
>
27;t have the ability to test
any patches until my return on July 17. Maybe Pablo and/or Pau can have
a look meanwhile? Thanks in advance.
Regards,
Harald
--
- Harald Weltehttp://laforge.gnumonks.org/
===
the network stack, or
b) not use the existing tables/chains with their pre-defined semantics
but rather start new 'tables' which can then have different semantics
as defined at the time of their implementation.
My apologies if I misunderstood something about bpfilter. Feel free t
ributions to include/enable/support the feature, and then people
actually building their systems/products/software on top of those.
> Please see the wonderful work by Brendan Gregg and others which has
> basically made the GPL'ing of DTrace by Oracle entirely irrelevant and
> our Linux'
MHO).
> This is how cloud hosting environments work.
Yes, *one* particular use case. By far not every use case of Linux, or
Linux packet filtering.
--
- Harald Weltehttp://laforge.gnumonks.org/
"Priv
ents
against specific aspects of the current RFC.
2) You have indicated repeatedly that there are millions and millions of
netfilter/iptables users out there. So I fail to see the "even less
adoption" part. "Even less" than those millions and millions? SCNR.
Regard
lement NTFS inside the FAT
filesystem kernel module because distributors (or data centers) tend to
disable the NTFS module?!
How is kernel development these days constrained by what some users may
or may not put in their Kconfig? If they want a given feature, they
must enable it.
--
- Ha
y impractical.
Why is it practical to replace your kernel but not practical to replace
a small userspace tool running on top of it?
--
- Harald Weltehttp://laforge.gnumonks.org/
"Privacy in residential applica
I know you can't see how offloading is possible, but I hope
> are some further discussion you can see how that might work.
I'm looking forward to that point.
Regards,
Harald
--
- Harald Weltehttp://laforge.gnumonks.org/
==
Hi Daniel,
On Mon, Feb 19, 2018 at 01:03:17PM +0100, Daniel Borkmann wrote:
> Hi Harald,
>
> On 02/17/2018 01:11 PM, Harald Welte wrote:
> [...]
> >> As rule translation can potentially become very complex, this is performed
> >> entirely in user spac
ables and not nftables?
3) If something looks like existing iptables, it must behave *exactly*
like existing iptables, otherwise it is prone to break users security
in subtle and very dangerous ways.
Looking forward to the following discussion and on other points of view.
--
- Harald Weltehttp://laforge.gnumonks.org/
"Privacy in residential applications is a desirable marketing option."
(ETSI EN 300 175-7 Ch. A6)
ut you need that in both
cases, whether you use the existing userspace api or not.
Regards,
Harald
--
- Harald Weltehttp://laforge.gnumonks.org/
"Privacy in resi
t I would suggest this to
be a *very* carefully weighed decision after a detailed
analysis/discusison.
--
- Harald Weltehttp://laforge.gnumonks.org/
"Privacy in residential app
Hi Tom,
sorry for the delayed response. But I remain committed in pushing
the non-controversial part of your GTP patches forward.
On Sat, Oct 28, 2017 at 06:47:59PM +0200, Harald Welte wrote:
> Thanks. As indicated, I'm planning some testing later this weekend on
> the non-IPv6 patc
that.
For sure, the kernel networking maintainer can merge any patches,
including the proposed IPv6 patches as-is, and I will accept that. But
my vote as the original author and co-maintainer of the kernel GTP code
goes politely and respectfully against that - as I
will in fact *not* work with any
existing equipment/devices out there.
> Tested:
>
> Configured the matrix of IPv4/IPv6 mobile subscriber,
Please indicate how that testing was done, see my comment above.
Regards,
Har
erstanding.
--
- Harald Weltehttp://laforge.gnumonks.org/
"Privacy in residential applications is a desirable marketing option."
(ETSI EN 300 175-7 Ch. A6)
rojects. You can see from the osmo-gtp-kernel commit log it
took years of being a ultra-low-priority on-and-off project to ever get
to a point where we thought it was worth submitting it mainline.
Andreas deserves th
14 Add support for devnet
No concerns from my side
* 12/14 Configuration for zero UDP checksum
Up to Dave, he raised a question on it
* 13/14 Support for GRO
No concerns from my side
* 14/14 GSO support
No concerns from my side
BTW: Where have the iproute2/ip
ehavior of not using automatic source
address selection for encapsulated GTP packets but rather using the
source address of the socket is intended?
Do you further agree that the dst_cache support patch by Tom retains
that intended behavior and it should be merged?
--
- Harald Welte
, the offer of free hardware for a real cellular
network, and the extension of the test cases for GTP-U beyond the
already implemented very important IPv6 address allocation/assignment
which I believe your current code would not pass.
Regards,
Harald
--
Hi Tom,
On Tue, Sep 19, 2017 at 04:47:11PM -0700, Tom Herbert wrote:
> On Tue, Sep 19, 2017 at 4:19 PM, Harald Welte wrote:
>
> > I think there has to be a clear plan/architecture on how to implement
> > those bits in terms of the kernel/userspace split, and at least a pr
nal opinion,
and I'm not saying we should prevent people from using lower protection
if that's what they want.
--
- Harald Weltehttp://laforge.gnumonks.org/
"Privacy in residential applications is a desirable marketing option."
(ETSI EN 300 175-7 Ch. A6)
erspace.
But if there's another method that feels more usual to the kernel
community, I'm not against any changes - but given kernel policies, we'd
have to keep userspace compatbility, right?
Regards,
gue those 'interfaces added for easy
deveopment/benchmarking' should probably be clearly marked as such to
avoid raising the impression that this is what leads to a
standard-conforming / production-type setup.
--
- Harald Weltehttp://laforge.gnumonks.org/
==
Hi Tom,
On Tue, Sep 19, 2017 at 08:59:28AM -0700, Tom Herbert wrote:
> On Tue, Sep 19, 2017 at 5:43 AM, Harald Welte
> wrote:
> > On Mon, Sep 18, 2017 at 05:38:50PM -0700, Tom Herbert wrote:
> >> - IPv6 support
> >
> > see my detailed comments in othe
be race conditions, ...
The router advertisements and neighbor advertisements basically have the
semantics of one link per PDP context. Each of them is a point-to-point
link, and it's not one router advertisement that's sent to all of the
PDP contexts on that
ll as
the amount of memory (and thus capacity) in your core network elements.
I've recently implemented v6 + v4v6 support in osmo-ggsn (see
http://git.osmocom.org/osmo-ggsn/) in case you would like to see another
FOSS implementation for v6 + v4v6 - though in userspace, of course.
--
pable and non-GRO capable device
drivers, I'm fine with the patch.
--
- Harald Weltehttp://laforge.gnumonks.org/
"Privacy in residential applications is a des
is the global namespace concern in
case of static inline functions defined and used in the same .c file?
If it makes you happy, I'm all for adding the prefix - I just would like
to understand the rationale better, thanks :)
Regards,
Har
to see those separated, thanks.
--
- Harald Weltehttp://laforge.gnumonks.org/
"Privacy in residential applications is a desirable marketing option."
(ETSI EN 300 175-7 Ch. A6)
ed by and first be signaled on
GTP-C to the peer by the userspace daemon, which would then update the
PDP context in the kernel.
So I guess you're asking us to document that rationale as form of a
source code comment ?
--
- Harald Weltehttp
and vice-versa.
Your proposed patch is missing this kind of screening function and
I would imagine it could introduce all kinds of security problems :/
--
- Harald Weltehttp://laforge.gnumonks.org/
"Privacy
nless I'm missing something, I would currently vote for staying with
the current code, which uses the path MTU to the specific destination IP
address (the SGSN).
Regards,
Harald
--
- Harald Weltehttp://laforge.gnumonks.org/
eneric change (and
not something specifically required by flow/OVS) then it should be a
separate patch. Similarly to the cosmetic changes which should be a
separate patch.
--
- Harald Weltehttp://laforge.gnumonks.org/
===
st" means "remains allocated after the release of the network
device". Whatever you allocate during device creation you must
de-allocate on device release. I cannot tell you when exactly (as I'm
not familiar with OVS or flow-based tunneling, as indicateD). However,
I know for sure w
ADER +
> + sizeof(struct iphdr) +
> + sizeof(struct udphdr) +
> + sizeof(struct gtp0_header);
... and here you're using headroom for a GTPv0 header, despite (I think)
only supporting GTPv1 from this confi
e wonder how you did verify that your changes do not break
the existing operation with both GTPv0 and GTPv1?
> + // flow-based GTP1U encap
> + info = skb_tunnel_info(skb);
> + if (gtp->collect_md && info && ntohs(info->key.tp_dst) ==
e
subscribers' phone moves around different MME/S-GW/SGSN, each having
different source IP addresses.
--
- Harald Weltehttp://laforge.gnumonks.org/
"Privacy in residential a
I track the
reference count or get an idea who might hold references?
Regards,
Harald
--
- Harald Weltehttp://laforge.gnumonks.org/
"Privacy in residential applications is a
e :)
I simply have to find the least intrusive work-around to my liking for
the intentional but so far undocumented behavior of netdevices vanishing
into thin air. I'll manage.
--
- Harald Weltehttp://laforge.gnumonks.org/
c between the devices is possible.
This is just my two cents. Given my past involvement in Linux
networking I allow myself having an opinion on such matters. But if the
kernel networking community thinks it is ok to loose all references to a
physical network
Hi Cong,
On Tue, May 30, 2017 at 04:18:17PM -0700, Cong Wang wrote:
> On Tue, May 30, 2017 at 3:07 PM, Harald Welte wrote:
> > But, to the contrary, this doesn't happen. The unshare-created netns is
> > gone, but the netdevice did not get moved back to the root namespace
&
b) ethernet device. I would like to execute that
program as unprivileged user but still be able to bind to privileged
ports. And I want to do this using simple command-line tools without
all the bloat and overhead of "container" solutions that have 99% of
features I don't n
would be nice for general consistency.
Acked-by: Harald Welte
--
- Harald Weltehttp://laforge.gnumonks.org/
"Privacy in residential applications is a desirable marketing option."
On Wed, Mar 15, 2017 at 08:10:38PM +0100, Harald Welte wrote:
> I've modified the patch slightly, see below (compile-tested, but not
> otherwise tested yet). Basically rename the flags attribute to 'role',
> expand the commit log and removed unrelated cosmetic changes
Hi Pablo,
On Wed, Mar 15, 2017 at 06:23:48PM +0100, Pablo Neira Ayuso wrote:
> On Wed, Mar 15, 2017 at 05:39:16PM +0100, Harald Welte wrote:
> >
> > I would definitely like to see this move forward, particularly in order
> > to test the GGSN-side code.
>
> Agree
scripts
I would definitely like to see this move forward, particularly in order
to test the GGSN-side code.
Regards,
Harald
--
- Harald Weltehttp://laforge.gnumonks.org/
"Privacy in reside
obably saved many weeks of my work time in GPL
compliance / enforcement work. I understand this is a "niche use case",
though ;)
--
- Harald Welte http://netfilter.org/
"Frag
may think about, there are general rules
about how Linux kernel development is done (from coding style to merge
windows, and also userspace compatibility), and we all have to obey
them. There's little point in discussing about them, we all just have
to live with them.
Regards,
s rather like splitting
existing combined functionality in two parts, which can still be used
together, but also be used separately.
Or are you referring to something else?
In any case, I'm looking forward to the related technical discussion on
this mailing list[s] :)
Regards,
Hara
nd prepare for per socket lookup
> gtp: consolidate pdp context destruction into helper
> gtp: add socket to pdp context
I agree with the conceptual and architectural direction that you're
taking the code, and I also think your current patchset is good to go
ahead, so feel free to a
Hi all,
[intentionally breaking the thread here]
On Thu, Feb 23, 2017 at 05:46:57PM +0100, Harald Welte wrote:
> I'll try to cook up some instructions extending
> https://osmocom.org/projects/openggsn/wiki/OpenGGSN to cover also
> sgsnemu for a basic use case of establishing one
e a manual "HOWTO" and not yet anything that can be tested
> > automatically.
> >
> That would be good. Thanks!
I've spent some hours earlier today on this, I expect the document to be
ready at some point over the weekend.
--
- Harald Weltehttp://lafo
ke the step from MAP to DIAMETER),
they make damn sure that all the security issues are inherited from the
previous standards to ensure interoperability ;)
I understand and support the motivation to design robust systsems even
in the presence of broken/ignorant specs, but I think this is one of the
s
hing one single tunnel. That's
of course like a manual "HOWTO" and not yet anything that can be tested
automatically.
Regards,
Harald
--
- Harald Weltehttp://laforge.gnumonks.org/
"Privacy in residential applications is a desirable marketing option."
(ETSI EN 300 175-7 Ch. A6)
my choice, and I had to support the "loose matching", I would
make it a configuration option (sysctl? netlink attribute?) and default
to the more strict matching, including the source address. It just
seems to make much more sense and be more safe
GRX).
So in which situations specifically will thre be a S-GW side Address
change without associated GTP-C signaling informing the P-GW about the
new S-GW side Address + TEID?
Regards,
Harald
--
- Harald Weltehttp://laforge.gnumonks.org/
"Privacy in residential applications is a desirable marketing option."
(ETSI EN 300 175-7 Ch. A6)
In order to clarify what the module actually does, and how to use it,
let's add some basic documentation to the kernel tree, together with
pointers to related specs and projects.
Signed-off-by: Harald Welte
---
Documentation/networking/gtp.txt | 135 +
evel tools for testing
and experimentation, without the complexity of configuring + running an
Erlang GGSN/P-GW with all its dependencies.
--
- Harald Weltehttp://laforge.gnumonks.org/
"Privacy in re
t are to be tested), and then have
scripts that set up a gtp socket and gtp tunnels via the libgtp command
line tools, and throw packets at that. But I'm sure there must be
quite powerful frameworks for that kind of testing in the 21st century?
How do other tunneling implementations handle
just provide
a way to create broken configurations (and increase the memory use per
pdp context, of which you have many more than netdevs or gtp-sockets).
--
- Harald Weltehttp://laforge.gnumonks.org/
"
e PDP context
* packets get modified (TTL decrement, ...) where they are not supposed to
* you suddenly might get TTL exceeded, dest unreachable, ...) out of
nowhere into your user IP
* you introduce serious security issues by having the kernel IP routing
code between the outer IP (the operator R
> can have overlapping IP address ranges. The only sensible way to handle
> this, is to have a netdevice per APN. This breaks the current 1:1 relation
> between sockets and netdevices.
Indeed. So the question is how to do this best an
On Mon, Jan 30, 2017 at 05:37:10PM +0100, Andreas Schultz wrote:
> Signed-off-by: Andreas Schultz
Acked-by: Harald Welte
--
- Harald Weltehttp://laforge.gnumonks.org/
"Privacy in residential appl
ask for a bit more patience for patch review from me. Thanks for your
understanding.
Regards,
Harald
--
- Harald Weltehttp://laforge.gnumonks.org/
"Privacy in residential applications i
uld be applied.
> A future change will completely decouple the sockets from the
> network device. Till then, at least one of the sockets needs to
> be specified (either v0 or v1), the other is optional.
Makes sense.
--
- Harald Welte
gt;u.v0.tid, pctx);
(and other related changes) appear to be purely cosmetic and should thus
be unrelated to the function merging described in the change log
message.
--
- Harald Welte http://netfilter.org/
==
ed, this is outside of the scope
of the current kernel GTP tunneling module. Rather, it's more something
similar to static NAT between two pairs of addresses.
Regards,
Harald
--
- Harald Weltehttp://laforge.gnumonks.org/
===
ght just be my personal taste, not sure if
that's a general habit in the kernel networking code these days.
So with or without the re-ordering:
Acked-by: Harald Welte
--
- Harald Weltehttp://laforge.gnumonks.org/
=
Hi Andreas,
I agree with your changes (particularly those related to 3GPP specs)
like 2/5 and 5/5. Also, 1/5 is of course obvious.
For kernel topics like 3/5 and 4/5 I trust Pablo and the general netdev
crew to have better judgement than me.
--
- Harald Welte http
t
away without any further review...
--
- Harald Welte http://netfilter.org/
"Fragmentation is like classful addressing -- an interesting early
architectural error that shows how much experimen
[.tmp_vmlinux1] Error 1
This patch fixes it.
Signed-off-by: Harald Welte <[EMAIL PROTECTED]>
diff --git a/net/bridge/br_fdb.c b/net/bridge/br_fdb.c
index eb57502..bc40377 100644
--- a/net/bridge/br_fdb.c
+++ b/net/bridge/br_fdb.c
@@ -44,7 +44,7 @@ int __init br_fdb_init(void)
return
1 - 100 of 284 matches
Mail list logo
