<div dir="ltr"><div class="gmail_default" style="font-family:georgia,serif">Well, the idea was to use libipsec to integrate IPSec functionality into OpenGGSN code, so OpenGGSN itself could set IPSec parameters and start connection.</div><div class="gmail_default" style="font-family:georgia,serif"><br></div><div class="gmail_default" style="font-family:georgia,serif">Maybe it has no sense or it is not an improvement, this is why I am asking you. I am no expert as you can see.</div><div class="gmail_default" style="font-family:georgia,serif"><br></div><div class="gmail_default" style="font-family:georgia,serif">What about writting a GTP traffic open source analyzer?</div><div class="gmail_default" style="font-family:georgia,serif">I started writting it a couple of years ago.</div><div class="gmail_default" style="font-family:georgia,serif">I used tcpdump output and parsed it with awk and got statistics about many things (especially errors, packets per protocols counting...).</div><div class="gmail_default" style="font-family:georgia,serif">It could be written in C this time.</div><div class="gmail_default" style="font-family:georgia,serif"><br></div><div class="gmail_default" style="font-family:georgia,serif">Could be interesting doing it properly?</div><div class="gmail_default" style="font-family:georgia,serif"><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">2016-03-21 17:18 GMT+01:00 Harald Welte <span dir="ltr"><<a href="mailto:laforge@gnumonks.org" target="_blank">laforge@gnumonks.org</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi Manuel,<br>
<span class=""><br>
On Mon, Mar 21, 2016 at 04:00:14PM +0100, Manuel José Muñoz Calero wrote:<br>
> I am evaluating these days the possibility to do something interesting<br>
> which could be used as my project and also to put my bit for the OpenGGSN<br>
> project.<br>
<br>
</span>thanks for reaching out about this.<br>
<span class=""><br>
> Long story short, what about me implementing IPSec for GTP-C in OpenGGSN?<br>
> Do you think it could be useful? Feasible?<br>
<br>
</span>I've quickly looked at the documents you linked, and they don't really<br>
state anything beyond "use IPsec for GTP". Specifically, the do not<br>
specify how to do key distribution, how to set up the SAs, whether they<br>
use a standard IKEv2 or something else, ...<br>
<br>
As Linux has a fairly complete IPsec implementation consisting of the<br>
kernel-level IPsec transforms with its netlink interface and e.g. the<br>
Strongswan userland, I don't really think there is anything that would<br>
need to be done in addition to configuring both this IPsec stack and<br>
OpenGGSN.<br>
<br>
So what exactly would you want to do? Am I missing something?<br>
<span class="HOEnZb"><font color="#888888"><br>
--<br>
- Harald Welte <<a href="mailto:laforge@gnumonks.org">laforge@gnumonks.org</a>> <a href="http://laforge.gnumonks.org/" rel="noreferrer" target="_blank">http://laforge.gnumonks.org/</a><br>
============================================================================<br>
"Privacy in residential applications is a desirable marketing option."<br>
(ETSI EN 300 175-7 Ch. A6)<br>
</font></span></blockquote></div><br></div>