December 2022 - gerrit-log - lists.osmocom.org

Change in libosmo-pfcp[master]: fix coding of Network Instance IE

by neels

Attention is currently required from: fixeria. neels has posted comments on this change. ( https://gerrit.osmocom.org/c/libosmo-pfcp/+/30406 ) Change subject: fix coding of Network Instance IE ...................................................................... Patch Set 1: (1 comment) Patchset: PS1: I wasn't aware / looked but didn't find the apn.c ones. They should work. BTW, i had found another implementation in osmo-hlr.git and they didn't fit so well with the msgb target, using avoidable dynamic allocation: osmo_mdns_rfc_qname_encode() osmo_mdns_rfc_qname_decode() maybe we should also replace those with the apn.c implementations -- To view, visit https://gerrit.osmocom.org/c/libosmo-pfcp/+/30406 To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings Gerrit-Project: libosmo-pfcp Gerrit-Branch: master Gerrit-Change-Id: I9d67464ef0f92b0512cfd6e48d203f8828a82a19 Gerrit-Change-Number: 30406 Gerrit-PatchSet: 1 Gerrit-Owner: neels <nhofmeyr(a)sysmocom.de> Gerrit-Reviewer: Jenkins Builder Gerrit-Reviewer: fixeria <vyanitskiy(a)sysmocom.de> Gerrit-Reviewer: laforge <laforge(a)osmocom.org> Gerrit-CC: pespin <pespin(a)sysmocom.de> Gerrit-Attention: fixeria <vyanitskiy(a)sysmocom.de> Gerrit-Comment-Date: Thu, 08 Dec 2022 00:35:18 +0000 Gerrit-HasComments: Yes Gerrit-Has-Labels: No Gerrit-MessageType: comment

2 years, 6 months

1
0
0 0

Change in osmo-upf[master]: vty: add: show nft-rule tunmap example

by neels

neels has uploaded this change for review. ( https://gerrit.osmocom.org/c/osmo-upf/+/30499 ) Change subject: vty: add: show nft-rule tunmap example ...................................................................... vty: add: show nft-rule tunmap example Add VTY command to print out an nftables ruleset that osmo-upf produces, with arbitrary IP addrs / TEIDs inserted. This allows tracking in *.vty tests how the nftables rulesets are changed by patches. future: - Adding the 'tunmap' keyword to allow adding show commands for different uses of nftables. - Adding the 'example' keyword to allow adding show commands for actual tunmap IDs / PFCP session IDs / ... - Matches upcoming vty commands 'nft-rule tunmap append .NFT_RULE' 'no nft-rule tunmap append' 'show nft-rule tunmap append' Add new separate nft-rule.vty -- more to come here in upcoming patch. Change-Id: I9b57aa492c051e480c9bd819ae58f8f59a13af40 --- M src/osmo-upf/upf_nft.c M src/osmo-upf/upf_vty.c A tests/nft-rule.vty M tests/upf.vty 4 files changed, 65 insertions(+), 3 deletions(-) git pull ssh://gerrit.osmocom.org:29418/osmo-upf refs/changes/99/30499/1 diff --git a/src/osmo-upf/upf_nft.c b/src/osmo-upf/upf_nft.c index afc2fac..a0f005d 100644 --- a/src/osmo-upf/upf_nft.c +++ b/src/osmo-upf/upf_nft.c @@ -64,6 +64,12 @@ int upf_nft_init() { int rc; + + /* Always set up the default settings, also in mockup mode, so that the VTY reflects sane values */ + if (!g_upf->nft.table_name) + g_upf->nft.table_name = talloc_strdup(g_upf, "osmo-upf"); + + /* When in mockup mode, do not set up nft_ctx and netfilter table */ if (g_upf->nft.mockup) { LOGP(DNFT, LOGL_NOTICE, "tunmap/mockup active: not allocating libnftables nft_ctx. FOR TESTING PURPOSES ONLY.\n"); @@ -76,9 +82,6 @@ return -EIO; } - if (!g_upf->nft.table_name) - g_upf->nft.table_name = talloc_strdup(g_upf, "osmo-upf"); - rc = upf_nft_run(upf_nft_ruleset_table_create(OTC_SELECT, g_upf->nft.table_name)); if (rc) { LOGP(DNFT, LOGL_ERROR, "Failed to create nft table %s\n", diff --git a/src/osmo-upf/upf_vty.c b/src/osmo-upf/upf_vty.c index aff7590..6d74b21 100644 --- a/src/osmo-upf/upf_vty.c +++ b/src/osmo-upf/upf_vty.c @@ -254,6 +254,43 @@ return CMD_SUCCESS; } +#define NFT_RULE_STR "nftables rule specifics\n" +#define TUNMAP_STR "GTP tunmap use case (a.k.a. forwarding between two GTP tunnels)\n" + +DEFUN(show_nft_rule_tunmap_example, show_nft_rule_tunmap_example_cmd, + "show nft-rule tunmap example", + SHOW_STR NFT_RULE_STR TUNMAP_STR + "Print a complete nftables ruleset for a tunmap filled with example IP addresses and TEIDs\n") +{ + struct osmo_sockaddr_str str = {}; + struct upf_nft_tunmap_desc d = { + .access = { + .local_teid = 0x201, + .remote_teid = 0x102, + }, + .core = { + .local_teid = 0x203, + .remote_teid = 0x302, + }, + .id = 123, + }; + + osmo_sockaddr_str_from_str2(&str, "1.1.1.1"); + osmo_sockaddr_str_to_sockaddr(&str, &d.access.gtp_remote_addr.u.sas); + + osmo_sockaddr_str_from_str2(&str, "2.2.2.1"); + osmo_sockaddr_str_to_sockaddr(&str, &d.access.gtp_local_addr.u.sas); + + osmo_sockaddr_str_from_str2(&str, "2.2.2.3"); + osmo_sockaddr_str_to_sockaddr(&str, &d.core.gtp_local_addr.u.sas); + + osmo_sockaddr_str_from_str2(&str, "3.3.3.3"); + osmo_sockaddr_str_to_sockaddr(&str, &d.core.gtp_remote_addr.u.sas); + + vty_out(vty, "%s%s", upf_nft_tunmap_get_ruleset_str(OTC_SELECT, &d), VTY_NEWLINE); + return CMD_SUCCESS; +} + static struct cmd_node cfg_netinst_node = { NETINST_NODE, "%s(config-netinst)# ", @@ -435,6 +472,7 @@ install_element(TUNMAP_NODE, &cfg_tunmap_mockup_cmd); install_element(TUNMAP_NODE, &cfg_tunmap_no_mockup_cmd); install_element(TUNMAP_NODE, &cfg_tunmap_table_name_cmd); + install_element(TUNMAP_NODE, &show_nft_rule_tunmap_example_cmd); install_node(&cfg_netinst_node, config_write_netinst); install_element(CONFIG_NODE, &cfg_netinst_cmd); diff --git a/tests/nft-rule.vty b/tests/nft-rule.vty new file mode 100644 index 0000000..f328871 --- /dev/null +++ b/tests/nft-rule.vty @@ -0,0 +1,8 @@ +OsmoUPF> enable +OsmoUPF# configure terminal +OsmoUPF(config)# tunmap + +OsmoUPF(config-tunmap)# show nft-rule tunmap example +add chain inet osmo-upf tunmap123 { type filter hook prerouting priority -300; } +add rule inet osmo-upf tunmap123 meta l4proto udp ip daddr 2.2.2.1 @ih,32,32 0x00000201 ip saddr set 2.2.2.3 ip daddr set 3.3.3.3 @ih,32,32 set 0x00000302 counter; +add rule inet osmo-upf tunmap123 meta l4proto udp ip daddr 2.2.2.3 @ih,32,32 0x00000203 ip saddr set 2.2.2.1 ip daddr set 1.1.1.1 @ih,32,32 set 0x00000102 counter; diff --git a/tests/upf.vty b/tests/upf.vty index 5100b17..8931719 100644 --- a/tests/upf.vty +++ b/tests/upf.vty @@ -52,6 +52,7 @@ mockup no mockup table-name TABLE_NAME + show nft-rule tunmap example OsmoUPF(config-tunmap)# exit OsmoUPF(config)# tunmap @@ -60,6 +61,7 @@ mockup no mockup table-name TABLE_NAME + show nft-rule tunmap example OsmoUPF(config-tunmap)# mockup? mockup don't actually send rulesets to nftables, just return success @@ -70,3 +72,14 @@ table-name Set the nft inet table name to create and place GTP tunnel forwarding chains in (as in 'nft add table inet foo'). If multiple instances of osmo-upf are running on the same system, each osmo-upf must have its own table name. Otherwise the names of created forwarding chains will collide. The default table name is "osmo-upf". OsmoUPF(config-tunmap)# table-name ? TABLE_NAME nft inet table name + +OsmoUPF(config-tunmap)# show? + show Show running system information +OsmoUPF(config-tunmap)# show ? +... + nft-rule nftables rule specifics +... +OsmoUPF(config-tunmap)# show nft-rule ? + tunmap GTP tunmap use case (a.k.a. forwarding between two GTP tunnels) +OsmoUPF(config-tunmap)# show nft-rule tunmap ? + example Print a complete nftables ruleset for a tunmap filled with example IP addresses and TEIDs -- To view, visit https://gerrit.osmocom.org/c/osmo-upf/+/30499 To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings Gerrit-Project: osmo-upf Gerrit-Branch: master Gerrit-Change-Id: I9b57aa492c051e480c9bd819ae58f8f59a13af40 Gerrit-Change-Number: 30499 Gerrit-PatchSet: 1 Gerrit-Owner: neels <nhofmeyr(a)sysmocom.de> Gerrit-MessageType: newchange

2 years, 6 months

1
0
0 0

Change in osmo-upf[master]: nft: append 'accept' to each rule

by neels

neels has uploaded this change for review. ( https://gerrit.osmocom.org/c/osmo-upf/+/30501 ) Change subject: nft: append 'accept' to each rule ...................................................................... nft: append 'accept' to each rule This 'accept' is not an optional addition, it should always be present. (Just saying because previous patch added a VTY command to configure additions to the rules, and this patch is orthogonal to that.) Related: OS#5810 Change-Id: I129133cc5d7180ce3761d5604d602d23a5ef9825 --- M src/osmo-upf/upf_nft.c M tests/nft-rule.vty 2 files changed, 11 insertions(+), 10 deletions(-) git pull ssh://gerrit.osmocom.org:29418/osmo-upf refs/changes/01/30501/1 diff --git a/src/osmo-upf/upf_nft.c b/src/osmo-upf/upf_nft.c index bf5d2c7..54ba32f 100644 --- a/src/osmo-upf/upf_nft.c +++ b/src/osmo-upf/upf_nft.c @@ -162,6 +162,7 @@ OSMO_STRBUF_PRINTF(sb, " %s", i->str); } + OSMO_STRBUF_PRINTF(sb, " accept"); OSMO_STRBUF_PRINTF(sb, ";\n"); return sb.chars_needed; diff --git a/tests/nft-rule.vty b/tests/nft-rule.vty index 7e8952b..c52ef0e 100644 --- a/tests/nft-rule.vty +++ b/tests/nft-rule.vty @@ -6,16 +6,16 @@ no nft-rule tunmap append OsmoUPF(config-tunmap)# show nft-rule tunmap example add chain inet osmo-upf tunmap123 { type filter hook prerouting priority -300; } -add rule inet osmo-upf tunmap123 meta l4proto udp ip daddr 2.2.2.1 @ih,32,32 0x00000201 ip saddr set 2.2.2.3 ip daddr set 3.3.3.3 @ih,32,32 set 0x00000302 counter; -add rule inet osmo-upf tunmap123 meta l4proto udp ip daddr 2.2.2.3 @ih,32,32 0x00000203 ip saddr set 2.2.2.1 ip daddr set 1.1.1.1 @ih,32,32 set 0x00000102 counter; +add rule inet osmo-upf tunmap123 meta l4proto udp ip daddr 2.2.2.1 @ih,32,32 0x00000201 ip saddr set 2.2.2.3 ip daddr set 3.3.3.3 @ih,32,32 set 0x00000302 counter accept; +add rule inet osmo-upf tunmap123 meta l4proto udp ip daddr 2.2.2.3 @ih,32,32 0x00000203 ip saddr set 2.2.2.1 ip daddr set 1.1.1.1 @ih,32,32 set 0x00000102 counter accept; OsmoUPF(config-tunmap)# nft-rule tunmap append meta nftrace set 1 OsmoUPF(config-tunmap)# show nft-rule tunmap append nft-rule tunmap append meta nftrace set 1 OsmoUPF(config-tunmap)# show nft-rule tunmap example add chain inet osmo-upf tunmap123 { type filter hook prerouting priority -300; } -add rule inet osmo-upf tunmap123 meta l4proto udp ip daddr 2.2.2.1 @ih,32,32 0x00000201 ip saddr set 2.2.2.3 ip daddr set 3.3.3.3 @ih,32,32 set 0x00000302 counter meta nftrace set 1; -add rule inet osmo-upf tunmap123 meta l4proto udp ip daddr 2.2.2.3 @ih,32,32 0x00000203 ip saddr set 2.2.2.1 ip daddr set 1.1.1.1 @ih,32,32 set 0x00000102 counter meta nftrace set 1; +add rule inet osmo-upf tunmap123 meta l4proto udp ip daddr 2.2.2.1 @ih,32,32 0x00000201 ip saddr set 2.2.2.3 ip daddr set 3.3.3.3 @ih,32,32 set 0x00000302 counter meta nftrace set 1 accept; +add rule inet osmo-upf tunmap123 meta l4proto udp ip daddr 2.2.2.3 @ih,32,32 0x00000203 ip saddr set 2.2.2.1 ip daddr set 1.1.1.1 @ih,32,32 set 0x00000102 counter meta nftrace set 1 accept; OsmoUPF(config-tunmap)# nft-rule tunmap append foo OsmoUPF(config-tunmap)# show nft-rule tunmap append @@ -23,8 +23,8 @@ nft-rule tunmap append foo OsmoUPF(config-tunmap)# show nft-rule tunmap example add chain inet osmo-upf tunmap123 { type filter hook prerouting priority -300; } -add rule inet osmo-upf tunmap123 meta l4proto udp ip daddr 2.2.2.1 @ih,32,32 0x00000201 ip saddr set 2.2.2.3 ip daddr set 3.3.3.3 @ih,32,32 set 0x00000302 counter meta nftrace set 1 foo; -add rule inet osmo-upf tunmap123 meta l4proto udp ip daddr 2.2.2.3 @ih,32,32 0x00000203 ip saddr set 2.2.2.1 ip daddr set 1.1.1.1 @ih,32,32 set 0x00000102 counter meta nftrace set 1 foo; +add rule inet osmo-upf tunmap123 meta l4proto udp ip daddr 2.2.2.1 @ih,32,32 0x00000201 ip saddr set 2.2.2.3 ip daddr set 3.3.3.3 @ih,32,32 set 0x00000302 counter meta nftrace set 1 foo accept; +add rule inet osmo-upf tunmap123 meta l4proto udp ip daddr 2.2.2.3 @ih,32,32 0x00000203 ip saddr set 2.2.2.1 ip daddr set 1.1.1.1 @ih,32,32 set 0x00000102 counter meta nftrace set 1 foo accept; OsmoUPF(config-tunmap)# nft-rule tunmap append bar OsmoUPF(config-tunmap)# show nft-rule tunmap append @@ -33,8 +33,8 @@ nft-rule tunmap append bar OsmoUPF(config-tunmap)# show nft-rule tunmap example add chain inet osmo-upf tunmap123 { type filter hook prerouting priority -300; } -add rule inet osmo-upf tunmap123 meta l4proto udp ip daddr 2.2.2.1 @ih,32,32 0x00000201 ip saddr set 2.2.2.3 ip daddr set 3.3.3.3 @ih,32,32 set 0x00000302 counter meta nftrace set 1 foo bar; -add rule inet osmo-upf tunmap123 meta l4proto udp ip daddr 2.2.2.3 @ih,32,32 0x00000203 ip saddr set 2.2.2.1 ip daddr set 1.1.1.1 @ih,32,32 set 0x00000102 counter meta nftrace set 1 foo bar; +add rule inet osmo-upf tunmap123 meta l4proto udp ip daddr 2.2.2.1 @ih,32,32 0x00000201 ip saddr set 2.2.2.3 ip daddr set 3.3.3.3 @ih,32,32 set 0x00000302 counter meta nftrace set 1 foo bar accept; +add rule inet osmo-upf tunmap123 meta l4proto udp ip daddr 2.2.2.3 @ih,32,32 0x00000203 ip saddr set 2.2.2.1 ip daddr set 1.1.1.1 @ih,32,32 set 0x00000102 counter meta nftrace set 1 foo bar accept; OsmoUPF(config-tunmap)# show running-config ... @@ -50,5 +50,5 @@ no nft-rule tunmap append OsmoUPF(config-tunmap)# show nft-rule tunmap example add chain inet osmo-upf tunmap123 { type filter hook prerouting priority -300; } -add rule inet osmo-upf tunmap123 meta l4proto udp ip daddr 2.2.2.1 @ih,32,32 0x00000201 ip saddr set 2.2.2.3 ip daddr set 3.3.3.3 @ih,32,32 set 0x00000302 counter; -add rule inet osmo-upf tunmap123 meta l4proto udp ip daddr 2.2.2.3 @ih,32,32 0x00000203 ip saddr set 2.2.2.1 ip daddr set 1.1.1.1 @ih,32,32 set 0x00000102 counter; +add rule inet osmo-upf tunmap123 meta l4proto udp ip daddr 2.2.2.1 @ih,32,32 0x00000201 ip saddr set 2.2.2.3 ip daddr set 3.3.3.3 @ih,32,32 set 0x00000302 counter accept; +add rule inet osmo-upf tunmap123 meta l4proto udp ip daddr 2.2.2.3 @ih,32,32 0x00000203 ip saddr set 2.2.2.1 ip daddr set 1.1.1.1 @ih,32,32 set 0x00000102 counter accept; -- To view, visit https://gerrit.osmocom.org/c/osmo-upf/+/30501 To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings Gerrit-Project: osmo-upf Gerrit-Branch: master Gerrit-Change-Id: I129133cc5d7180ce3761d5604d602d23a5ef9825 Gerrit-Change-Number: 30501 Gerrit-PatchSet: 1 Gerrit-Owner: neels <nhofmeyr(a)sysmocom.de> Gerrit-MessageType: newchange

2 years, 6 months

1
0
0 0

Change in osmo-upf[master]: add cfg: tunmap / nft-rule append

by neels

neels has uploaded this change for review. ( https://gerrit.osmocom.org/c/osmo-upf/+/30500 ) Change subject: add cfg: tunmap / nft-rule append ...................................................................... add cfg: tunmap / nft-rule append It can be useful to add 'meta nftrace set 1' to nftables rules to help analysis / site debugging. Add the possibility to do this by cfg. Instead of adding the fixed string of 'meta nftrace set 1', allow appending arbitrary strings to the nftables rules, to accomodate any other future tweaks that may be useful. Related: SYS#6192 Change-Id: Ia1fac67108902a48b43d8d1dc184ccf541fd9ba8 --- M include/osmocom/upf/upf.h M include/osmocom/upf/upf_nft.h M src/osmo-upf/up_gtp_action.c M src/osmo-upf/upf.c M src/osmo-upf/upf_nft.c M src/osmo-upf/upf_vty.c M tests/nft-rule.vty M tests/upf.vty 8 files changed, 153 insertions(+), 15 deletions(-) git pull ssh://gerrit.osmocom.org:29418/osmo-upf refs/changes/00/30500/1 diff --git a/include/osmocom/upf/upf.h b/include/osmocom/upf/upf.h index 735a724..fd4019c 100644 --- a/include/osmocom/upf/upf.h +++ b/include/osmocom/upf/upf.h @@ -66,6 +66,12 @@ struct llist_head devs; }; +/* Item in an llist of string pointers */ +struct string_listitem { + struct llist_head entry; + char *str; +}; + struct g_upf { struct ctrl_handle *ctrl; @@ -100,6 +106,9 @@ char *table_name; int priority; uint32_t next_id_state; + + /* list of struct string_listitem */ + struct llist_head rule_append; } nft; struct llist_head netinst; diff --git a/include/osmocom/upf/upf_nft.h b/include/osmocom/upf/upf_nft.h index 4cdcb51..8333877 100644 --- a/include/osmocom/upf/upf_nft.h +++ b/include/osmocom/upf/upf_nft.h @@ -49,6 +49,7 @@ int upf_nft_init(); int upf_nft_free(); -char *upf_nft_tunmap_get_ruleset_str(void *ctx, struct upf_nft_tunmap_desc *tunmap); -int upf_nft_tunmap_create(struct upf_nft_tunmap_desc *tunmap); +char *upf_nft_tunmap_get_ruleset_str(void *ctx, struct upf_nft_tunmap_desc *tunmap, + const struct llist_head *rule_append); +int upf_nft_tunmap_create(struct upf_nft_tunmap_desc *tunmap, const struct llist_head *rule_append); int upf_nft_tunmap_delete(struct upf_nft_tunmap_desc *tunmap); diff --git a/src/osmo-upf/up_gtp_action.c b/src/osmo-upf/up_gtp_action.c index 84af8e5..8ce8a6f 100644 --- a/src/osmo-upf/up_gtp_action.c +++ b/src/osmo-upf/up_gtp_action.c @@ -130,7 +130,7 @@ return -ENOENT; } if (enable) - rc = upf_nft_tunmap_create(&a->tunmap); + rc = upf_nft_tunmap_create(&a->tunmap, &g_upf->nft.rule_append); else rc = upf_nft_tunmap_delete(&a->tunmap); if (rc) { diff --git a/src/osmo-upf/upf.c b/src/osmo-upf/upf.c index 0a84799..1476270 100644 --- a/src/osmo-upf/upf.c +++ b/src/osmo-upf/upf.c @@ -61,6 +61,7 @@ INIT_LLIST_HEAD(&g_upf->gtp.vty_cfg.devs); INIT_LLIST_HEAD(&g_upf->gtp.devs); + INIT_LLIST_HEAD(&g_upf->nft.rule_append); INIT_LLIST_HEAD(&g_upf->netinst); } diff --git a/src/osmo-upf/upf_nft.c b/src/osmo-upf/upf_nft.c index a0f005d..bf5d2c7 100644 --- a/src/osmo-upf/upf_nft.c +++ b/src/osmo-upf/upf_nft.c @@ -126,9 +126,11 @@ static int tunmap_single_direction(char *buf, size_t buflen, const struct upf_nft_args *args, const struct upf_nft_args_peer *from_peer, - const struct upf_nft_args_peer *to_peer) + const struct upf_nft_args_peer *to_peer, + const struct llist_head *rule_append) { struct osmo_strbuf sb = { .buf = buf, .len = buflen }; + OSMO_STRBUF_PRINTF(sb, "add rule inet %s " NFT_CHAIN_NAME_PREFIX_TUNMAP "%u", args->table_name, args->chain_id); /* Match only UDP packets */ @@ -153,12 +155,20 @@ OSMO_STRBUF_PRINTF(sb, " @ih,32,32 set 0x%08x", to_peer->teid_remote); OSMO_STRBUF_PRINTF(sb, " counter"); + + if (rule_append) { + struct string_listitem *i; + llist_for_each_entry(i, rule_append, entry) + OSMO_STRBUF_PRINTF(sb, " %s", i->str); + } + OSMO_STRBUF_PRINTF(sb, ";\n"); return sb.chars_needed; } -static int upf_nft_ruleset_tunmap_create_buf(char *buf, size_t buflen, const struct upf_nft_args *args) +static int upf_nft_ruleset_tunmap_create_buf(char *buf, size_t buflen, const struct upf_nft_args *args, + const struct llist_head *rule_append) { struct osmo_strbuf sb = { .buf = buf, .len = buflen }; @@ -167,16 +177,17 @@ args->table_name, args->chain_id, args->priority); /* Forwarding from peer_a to peer_b */ - OSMO_STRBUF_APPEND(sb, tunmap_single_direction, args, &args->peer_a, &args->peer_b); + OSMO_STRBUF_APPEND(sb, tunmap_single_direction, args, &args->peer_a, &args->peer_b, rule_append); /* And from peer_b to peer_a */ - OSMO_STRBUF_APPEND(sb, tunmap_single_direction, args, &args->peer_b, &args->peer_a); + OSMO_STRBUF_APPEND(sb, tunmap_single_direction, args, &args->peer_b, &args->peer_a, rule_append); return sb.chars_needed; } -static char *upf_nft_ruleset_tunmap_create_c(void *ctx, const struct upf_nft_args *args) +static char *upf_nft_ruleset_tunmap_create_c(void *ctx, const struct upf_nft_args *args, + const struct llist_head *rule_append) { - OSMO_NAME_C_IMPL(ctx, 512, "ERROR", upf_nft_ruleset_tunmap_create_buf, args) + OSMO_NAME_C_IMPL(ctx, 512, "ERROR", upf_nft_ruleset_tunmap_create_buf, args, rule_append) } static int upf_nft_ruleset_tunmap_delete_buf(char *buf, size_t buflen, const struct upf_nft_args *args) @@ -219,7 +230,8 @@ osmo_sockaddr_set_port(&args->peer_b.addr_local.u.sa, 0); } -char *upf_nft_tunmap_get_ruleset_str(void *ctx, struct upf_nft_tunmap_desc *tunmap) +char *upf_nft_tunmap_get_ruleset_str(void *ctx, struct upf_nft_tunmap_desc *tunmap, + const struct llist_head *rule_append) { struct upf_nft_args args; @@ -232,12 +244,12 @@ } upf_nft_args_from_tunmap_desc(&args, tunmap); - return upf_nft_ruleset_tunmap_create_c(ctx, &args); + return upf_nft_ruleset_tunmap_create_c(ctx, &args, rule_append); } -int upf_nft_tunmap_create(struct upf_nft_tunmap_desc *tunmap) +int upf_nft_tunmap_create(struct upf_nft_tunmap_desc *tunmap, const struct llist_head *rule_append) { - return upf_nft_run(upf_nft_tunmap_get_ruleset_str(OTC_SELECT, tunmap)); + return upf_nft_run(upf_nft_tunmap_get_ruleset_str(OTC_SELECT, tunmap, rule_append)); } int upf_nft_tunmap_delete(struct upf_nft_tunmap_desc *tunmap) diff --git a/src/osmo-upf/upf_vty.c b/src/osmo-upf/upf_vty.c index 6d74b21..4c683c8 100644 --- a/src/osmo-upf/upf_vty.c +++ b/src/osmo-upf/upf_vty.c @@ -215,6 +215,8 @@ static int config_write_tunmap(struct vty *vty) { + struct string_listitem *i; + vty_out(vty, "tunmap%s", VTY_NEWLINE); if (g_upf->nft.mockup) @@ -222,6 +224,9 @@ if (g_upf->nft.table_name && strcmp(g_upf->nft.table_name, "osmo-upf")) vty_out(vty, " table-name %s%s", g_upf->nft.table_name, VTY_NEWLINE); + + llist_for_each_entry(i, &g_upf->nft.rule_append, entry) + vty_out(vty, " nft-rule tunmap append %s%s", i->str, VTY_NEWLINE); return CMD_SUCCESS; } @@ -257,6 +262,49 @@ #define NFT_RULE_STR "nftables rule specifics\n" #define TUNMAP_STR "GTP tunmap use case (a.k.a. forwarding between two GTP tunnels)\n" +DEFUN(cfg_tunmap_nft_rule_append, cfg_tunmap_nft_rule_append_cmd, + "nft-rule tunmap append .NFT_RULE", + NFT_RULE_STR TUNMAP_STR + "To each tunmap nft rule, append the given text. For example, 'nft-rule append meta nftrace set 1' adds the nftables" + " instructions 'meta nftrace set 1' to each of the tunmap rules passed to netfilter. This command is cumulative," + " multiple 'nft-rule append' will append all of the items.\n" + "The text to append\n") +{ + struct string_listitem *i; + i = talloc_zero(g_upf, struct string_listitem); + i->str = argv_concat(argv, argc, 0); + talloc_steal(i, i->str); + llist_add_tail(&i->entry, &g_upf->nft.rule_append); + return CMD_SUCCESS; +} + +DEFUN(cfg_tunmap_no_nft_rule_append, cfg_tunmap_no_nft_rule_append_cmd, + "no nft-rule tunmap append", + NO_STR NFT_RULE_STR TUNMAP_STR + "Drop all additions to tunmap nft rules added by earlier 'nft-rule append' config\n") +{ + struct string_listitem *i; + while ((i = llist_first_entry_or_null(&g_upf->nft.rule_append, struct string_listitem, entry))) { + llist_del(&i->entry); + talloc_free(i); + } + return CMD_SUCCESS; +} + +DEFUN(show_nft_rule_append, show_nft_rule_append_cmd, + "show nft-rule tunmap append", + SHOW_STR NFT_RULE_STR TUNMAP_STR "List all tunmap 'nft-rule append' entries\n") +{ + struct string_listitem *i; + if (llist_empty(&g_upf->nft.rule_append)) { + vty_out(vty, " no nft-rule tunmap append%s", VTY_NEWLINE); + return CMD_SUCCESS; + } + llist_for_each_entry(i, &g_upf->nft.rule_append, entry) + vty_out(vty, " nft-rule tunmap append %s%s", i->str, VTY_NEWLINE); + return CMD_SUCCESS; +} + DEFUN(show_nft_rule_tunmap_example, show_nft_rule_tunmap_example_cmd, "show nft-rule tunmap example", SHOW_STR NFT_RULE_STR TUNMAP_STR @@ -287,7 +335,7 @@ osmo_sockaddr_str_from_str2(&str, "3.3.3.3"); osmo_sockaddr_str_to_sockaddr(&str, &d.core.gtp_remote_addr.u.sas); - vty_out(vty, "%s%s", upf_nft_tunmap_get_ruleset_str(OTC_SELECT, &d), VTY_NEWLINE); + vty_out(vty, "%s%s", upf_nft_tunmap_get_ruleset_str(OTC_SELECT, &d, &g_upf->nft.rule_append), VTY_NEWLINE); return CMD_SUCCESS; } @@ -449,6 +497,7 @@ install_element_ve(&show_gtp_cmd); install_element_ve(&show_session_cmd); install_element_ve(&show_netinst_cmd); + install_element_ve(&show_nft_rule_append_cmd); install_node(&cfg_pfcp_node, config_write_pfcp); install_element(CONFIG_NODE, &cfg_pfcp_cmd); @@ -472,6 +521,9 @@ install_element(TUNMAP_NODE, &cfg_tunmap_mockup_cmd); install_element(TUNMAP_NODE, &cfg_tunmap_no_mockup_cmd); install_element(TUNMAP_NODE, &cfg_tunmap_table_name_cmd); + install_element(TUNMAP_NODE, &cfg_tunmap_nft_rule_append_cmd); + install_element(TUNMAP_NODE, &cfg_tunmap_no_nft_rule_append_cmd); + install_element(TUNMAP_NODE, &show_nft_rule_append_cmd); install_element(TUNMAP_NODE, &show_nft_rule_tunmap_example_cmd); install_node(&cfg_netinst_node, config_write_netinst); diff --git a/tests/nft-rule.vty b/tests/nft-rule.vty index f328871..7e8952b 100644 --- a/tests/nft-rule.vty +++ b/tests/nft-rule.vty @@ -2,6 +2,52 @@ OsmoUPF# configure terminal OsmoUPF(config)# tunmap +OsmoUPF(config-tunmap)# show nft-rule tunmap append + no nft-rule tunmap append +OsmoUPF(config-tunmap)# show nft-rule tunmap example +add chain inet osmo-upf tunmap123 { type filter hook prerouting priority -300; } +add rule inet osmo-upf tunmap123 meta l4proto udp ip daddr 2.2.2.1 @ih,32,32 0x00000201 ip saddr set 2.2.2.3 ip daddr set 3.3.3.3 @ih,32,32 set 0x00000302 counter; +add rule inet osmo-upf tunmap123 meta l4proto udp ip daddr 2.2.2.3 @ih,32,32 0x00000203 ip saddr set 2.2.2.1 ip daddr set 1.1.1.1 @ih,32,32 set 0x00000102 counter; + +OsmoUPF(config-tunmap)# nft-rule tunmap append meta nftrace set 1 +OsmoUPF(config-tunmap)# show nft-rule tunmap append + nft-rule tunmap append meta nftrace set 1 +OsmoUPF(config-tunmap)# show nft-rule tunmap example +add chain inet osmo-upf tunmap123 { type filter hook prerouting priority -300; } +add rule inet osmo-upf tunmap123 meta l4proto udp ip daddr 2.2.2.1 @ih,32,32 0x00000201 ip saddr set 2.2.2.3 ip daddr set 3.3.3.3 @ih,32,32 set 0x00000302 counter meta nftrace set 1; +add rule inet osmo-upf tunmap123 meta l4proto udp ip daddr 2.2.2.3 @ih,32,32 0x00000203 ip saddr set 2.2.2.1 ip daddr set 1.1.1.1 @ih,32,32 set 0x00000102 counter meta nftrace set 1; + +OsmoUPF(config-tunmap)# nft-rule tunmap append foo +OsmoUPF(config-tunmap)# show nft-rule tunmap append + nft-rule tunmap append meta nftrace set 1 + nft-rule tunmap append foo +OsmoUPF(config-tunmap)# show nft-rule tunmap example +add chain inet osmo-upf tunmap123 { type filter hook prerouting priority -300; } +add rule inet osmo-upf tunmap123 meta l4proto udp ip daddr 2.2.2.1 @ih,32,32 0x00000201 ip saddr set 2.2.2.3 ip daddr set 3.3.3.3 @ih,32,32 set 0x00000302 counter meta nftrace set 1 foo; +add rule inet osmo-upf tunmap123 meta l4proto udp ip daddr 2.2.2.3 @ih,32,32 0x00000203 ip saddr set 2.2.2.1 ip daddr set 1.1.1.1 @ih,32,32 set 0x00000102 counter meta nftrace set 1 foo; + +OsmoUPF(config-tunmap)# nft-rule tunmap append bar +OsmoUPF(config-tunmap)# show nft-rule tunmap append + nft-rule tunmap append meta nftrace set 1 + nft-rule tunmap append foo + nft-rule tunmap append bar +OsmoUPF(config-tunmap)# show nft-rule tunmap example +add chain inet osmo-upf tunmap123 { type filter hook prerouting priority -300; } +add rule inet osmo-upf tunmap123 meta l4proto udp ip daddr 2.2.2.1 @ih,32,32 0x00000201 ip saddr set 2.2.2.3 ip daddr set 3.3.3.3 @ih,32,32 set 0x00000302 counter meta nftrace set 1 foo bar; +add rule inet osmo-upf tunmap123 meta l4proto udp ip daddr 2.2.2.3 @ih,32,32 0x00000203 ip saddr set 2.2.2.1 ip daddr set 1.1.1.1 @ih,32,32 set 0x00000102 counter meta nftrace set 1 foo bar; + +OsmoUPF(config-tunmap)# show running-config +... +tunmap +... + nft-rule tunmap append meta nftrace set 1 + nft-rule tunmap append foo + nft-rule tunmap append bar +... + +OsmoUPF(config-tunmap)# no nft-rule tunmap append +OsmoUPF(config-tunmap)# show nft-rule tunmap append + no nft-rule tunmap append OsmoUPF(config-tunmap)# show nft-rule tunmap example add chain inet osmo-upf tunmap123 { type filter hook prerouting priority -300; } add rule inet osmo-upf tunmap123 meta l4proto udp ip daddr 2.2.2.1 @ih,32,32 0x00000201 ip saddr set 2.2.2.3 ip daddr set 3.3.3.3 @ih,32,32 set 0x00000302 counter; diff --git a/tests/upf.vty b/tests/upf.vty index 8931719..51ebeb3 100644 --- a/tests/upf.vty +++ b/tests/upf.vty @@ -52,6 +52,9 @@ mockup no mockup table-name TABLE_NAME + nft-rule tunmap append .NFT_RULE + no nft-rule tunmap append + show nft-rule tunmap append show nft-rule tunmap example OsmoUPF(config-tunmap)# exit @@ -61,18 +64,31 @@ mockup no mockup table-name TABLE_NAME + nft-rule tunmap append .NFT_RULE + no nft-rule tunmap append + show nft-rule tunmap append show nft-rule tunmap example OsmoUPF(config-tunmap)# mockup? mockup don't actually send rulesets to nftables, just return success OsmoUPF(config-tunmap)# no ? - mockup operate nftables rulesets normally + mockup operate nftables rulesets normally + nft-rule nftables rule specifics OsmoUPF(config-tunmap)# table-name? table-name Set the nft inet table name to create and place GTP tunnel forwarding chains in (as in 'nft add table inet foo'). If multiple instances of osmo-upf are running on the same system, each osmo-upf must have its own table name. Otherwise the names of created forwarding chains will collide. The default table name is "osmo-upf". OsmoUPF(config-tunmap)# table-name ? TABLE_NAME nft inet table name +OsmoUPF(config-tunmap)# nft-rule? + nft-rule nftables rule specifics +OsmoUPF(config-tunmap)# nft-rule ? + tunmap GTP tunmap use case (a.k.a. forwarding between two GTP tunnels) +OsmoUPF(config-tunmap)# nft-rule tunmap ? + append To each tunmap nft rule, append the given text. For example, 'nft-rule append meta nftrace set 1' adds the nftables instructions 'meta nftrace set 1' to each of the tunmap rules passed to netfilter. This command is cumulative, multiple 'nft-rule append' will append all of the items. +OsmoUPF(config-tunmap)# nft-rule tunmap append ? + NFT_RULE The text to append + OsmoUPF(config-tunmap)# show? show Show running system information OsmoUPF(config-tunmap)# show ? @@ -82,4 +98,5 @@ OsmoUPF(config-tunmap)# show nft-rule ? tunmap GTP tunmap use case (a.k.a. forwarding between two GTP tunnels) OsmoUPF(config-tunmap)# show nft-rule tunmap ? + append List all tunmap 'nft-rule append' entries example Print a complete nftables ruleset for a tunmap filled with example IP addresses and TEIDs -- To view, visit https://gerrit.osmocom.org/c/osmo-upf/+/30500 To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings Gerrit-Project: osmo-upf Gerrit-Branch: master Gerrit-Change-Id: Ia1fac67108902a48b43d8d1dc184ccf541fd9ba8 Gerrit-Change-Number: 30500 Gerrit-PatchSet: 1 Gerrit-Owner: neels <nhofmeyr(a)sysmocom.de> Gerrit-MessageType: newchange

2 years, 6 months

1
0
0 0

Change in osmo-upf[master]: nft: rewrite source IP in outgoing GTP-U

by neels

neels has uploaded this change for review. ( https://gerrit.osmocom.org/c/osmo-upf/+/30493 ) Change subject: nft: rewrite source IP in outgoing GTP-U ...................................................................... nft: rewrite source IP in outgoing GTP-U Change-Id: I6d293c1dc69d1bab714564f48e3f85b769501d13 --- M src/osmo-upf/upf_nft.c 1 file changed, 4 insertions(+), 0 deletions(-) git pull ssh://gerrit.osmocom.org:29418/osmo-upf refs/changes/93/30493/1 diff --git a/src/osmo-upf/upf_nft.c b/src/osmo-upf/upf_nft.c index 695ec20..a8ca90d 100644 --- a/src/osmo-upf/upf_nft.c +++ b/src/osmo-upf/upf_nft.c @@ -136,6 +136,10 @@ /* Match on the TEID in the header */ OSMO_STRBUF_PRINTF(sb, " @ih,32,32 0x%08x", from_peer->teid_local); + /* Change outgoing address to local IP on outgoing interface */ + OSMO_STRBUF_PRINTF(sb, " ip saddr set "); + OSMO_STRBUF_APPEND(sb, osmo_sockaddr_to_str_buf2, to_peer->addr_local); + /* Change destination address to to_peer */ OSMO_STRBUF_PRINTF(sb, " ip daddr set "); OSMO_STRBUF_APPEND(sb, osmo_sockaddr_to_str_buf2, to_peer->addr_remote); -- To view, visit https://gerrit.osmocom.org/c/osmo-upf/+/30493 To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings Gerrit-Project: osmo-upf Gerrit-Branch: master Gerrit-Change-Id: I6d293c1dc69d1bab714564f48e3f85b769501d13 Gerrit-Change-Number: 30493 Gerrit-PatchSet: 1 Gerrit-Owner: neels <nhofmeyr(a)sysmocom.de> Gerrit-MessageType: newchange

2 years, 6 months

1
0
0 0

Change in osmo-upf[master]: nft: incoming GTP-U: match on local IP, not remote IP

by neels

neels has uploaded this change for review. ( https://gerrit.osmocom.org/c/osmo-upf/+/30492 ) Change subject: nft: incoming GTP-U: match on local IP, not remote IP ...................................................................... nft: incoming GTP-U: match on local IP, not remote IP Change-Id: Ib6db148ca350107b2fc7adcaec0fc2930ffcbcde --- M src/osmo-upf/upf_nft.c 1 file changed, 3 insertions(+), 3 deletions(-) git pull ssh://gerrit.osmocom.org:29418/osmo-upf refs/changes/92/30492/1 diff --git a/src/osmo-upf/upf_nft.c b/src/osmo-upf/upf_nft.c index 1b7d9c0..695ec20 100644 --- a/src/osmo-upf/upf_nft.c +++ b/src/osmo-upf/upf_nft.c @@ -129,9 +129,9 @@ /* Match only UDP packets */ OSMO_STRBUF_PRINTF(sb, " meta l4proto udp"); - /* Match on packets coming in from from_peer */ - OSMO_STRBUF_PRINTF(sb, " ip saddr "); - OSMO_STRBUF_APPEND(sb, osmo_sockaddr_to_str_buf2, from_peer->addr_remote); + /* Match on packets coming in at specific local IP */ + OSMO_STRBUF_PRINTF(sb, " ip daddr "); + OSMO_STRBUF_APPEND(sb, osmo_sockaddr_to_str_buf2, from_peer->addr_local); /* Match on the TEID in the header */ OSMO_STRBUF_PRINTF(sb, " @ih,32,32 0x%08x", from_peer->teid_local); -- To view, visit https://gerrit.osmocom.org/c/osmo-upf/+/30492 To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings Gerrit-Project: osmo-upf Gerrit-Branch: master Gerrit-Change-Id: Ib6db148ca350107b2fc7adcaec0fc2930ffcbcde Gerrit-Change-Number: 30492 Gerrit-PatchSet: 1 Gerrit-Owner: neels <nhofmeyr(a)sysmocom.de> Gerrit-MessageType: newchange

2 years, 6 months

1
0
0 0

Change in osmo-upf[master]: nft: end each rule in semicolon

by neels

neels has uploaded this change for review. ( https://gerrit.osmocom.org/c/osmo-upf/+/30495 ) Change subject: nft: end each rule in semicolon ...................................................................... nft: end each rule in semicolon also cosmetic: put the line ending in a separate PRINTF so that adding or removing items to the rule in future patches does not affect the line ending. Change-Id: I6ff6f59fb24a18596aa60848fb00ac70deb1985f --- M src/osmo-upf/upf_nft.c 1 file changed, 2 insertions(+), 1 deletion(-) git pull ssh://gerrit.osmocom.org:29418/osmo-upf refs/changes/95/30495/1 diff --git a/src/osmo-upf/upf_nft.c b/src/osmo-upf/upf_nft.c index 0b270ff..4dfea6c 100644 --- a/src/osmo-upf/upf_nft.c +++ b/src/osmo-upf/upf_nft.c @@ -149,7 +149,8 @@ /* Change the TEID in the header to the one to_peer expects */ OSMO_STRBUF_PRINTF(sb, " @ih,32,32 set 0x%08x", to_peer->teid_remote); - OSMO_STRBUF_PRINTF(sb, " counter\n"); + OSMO_STRBUF_PRINTF(sb, " counter"); + OSMO_STRBUF_PRINTF(sb, ";\n"); return sb.chars_needed; } -- To view, visit https://gerrit.osmocom.org/c/osmo-upf/+/30495 To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings Gerrit-Project: osmo-upf Gerrit-Branch: master Gerrit-Change-Id: I6ff6f59fb24a18596aa60848fb00ac70deb1985f Gerrit-Change-Number: 30495 Gerrit-PatchSet: 1 Gerrit-Owner: neels <nhofmeyr(a)sysmocom.de> Gerrit-MessageType: newchange

2 years, 6 months

1
0
0 0

Change in osmo-upf[master]: nft: rename addr to addr_remote, add addr_local

by neels

neels has uploaded this change for review. ( https://gerrit.osmocom.org/c/osmo-upf/+/30491 ) Change subject: nft: rename addr to addr_remote, add addr_local ...................................................................... nft: rename addr to addr_remote, add addr_local Change-Id: I8d2ca99b17c26d1a869f4d84ad57157d29d9750b --- M src/osmo-upf/upf_nft.c 1 file changed, 9 insertions(+), 5 deletions(-) git pull ssh://gerrit.osmocom.org:29418/osmo-upf refs/changes/91/30491/1 diff --git a/src/osmo-upf/upf_nft.c b/src/osmo-upf/upf_nft.c index 4a2ca23..1b7d9c0 100644 --- a/src/osmo-upf/upf_nft.c +++ b/src/osmo-upf/upf_nft.c @@ -98,9 +98,11 @@ struct upf_nft_args_peer { /* The source IP address in packets received from this peer */ - const struct osmo_sockaddr *addr; + const struct osmo_sockaddr *addr_remote; /* The TEID that we send to the peer in GTP packets. */ uint32_t teid_remote; + /* The local destination IP address in packets received from this peer */ + const struct osmo_sockaddr *addr_local; /* The TEID that the peer sends to us in GTP packets. */ uint32_t teid_local; }; @@ -129,14 +131,14 @@ /* Match on packets coming in from from_peer */ OSMO_STRBUF_PRINTF(sb, " ip saddr "); - OSMO_STRBUF_APPEND(sb, osmo_sockaddr_to_str_buf2, from_peer->addr); + OSMO_STRBUF_APPEND(sb, osmo_sockaddr_to_str_buf2, from_peer->addr_remote); /* Match on the TEID in the header */ OSMO_STRBUF_PRINTF(sb, " @ih,32,32 0x%08x", from_peer->teid_local); /* Change destination address to to_peer */ OSMO_STRBUF_PRINTF(sb, " ip daddr set "); - OSMO_STRBUF_APPEND(sb, osmo_sockaddr_to_str_buf2, to_peer->addr); + OSMO_STRBUF_APPEND(sb, osmo_sockaddr_to_str_buf2, to_peer->addr_remote); /* Change the TEID in the header to the one to_peer expects */ OSMO_STRBUF_PRINTF(sb, " @ih,32,32 set 0x%08x", to_peer->teid_remote); @@ -187,13 +189,15 @@ .chain_id = tunmap->id, .priority = g_upf->nft.priority, .peer_a = { - .addr = &tunmap->access.gtp_remote_addr, + .addr_remote = &tunmap->access.gtp_remote_addr, .teid_remote = tunmap->access.remote_teid, + .addr_local = &tunmap->access.gtp_local_addr, .teid_local = tunmap->access.local_teid, }, .peer_b = { - .addr = &tunmap->core.gtp_remote_addr, + .addr_remote = &tunmap->core.gtp_remote_addr, .teid_remote = tunmap->core.remote_teid, + .addr_local = &tunmap->core.gtp_local_addr, .teid_local = tunmap->core.local_teid, }, }; -- To view, visit https://gerrit.osmocom.org/c/osmo-upf/+/30491 To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings Gerrit-Project: osmo-upf Gerrit-Branch: master Gerrit-Change-Id: I8d2ca99b17c26d1a869f4d84ad57157d29d9750b Gerrit-Change-Number: 30491 Gerrit-PatchSet: 1 Gerrit-Owner: neels <nhofmeyr(a)sysmocom.de> Gerrit-MessageType: newchange

2 years, 6 months

1
0
0 0

Change in osmo-upf[master]: nft: log nft rulesets on debug log

by neels

neels has uploaded this change for review. ( https://gerrit.osmocom.org/c/osmo-upf/+/30494 ) Change subject: nft: log nft rulesets on debug log ...................................................................... nft: log nft rulesets on debug log Change-Id: I4436d107dc37abf3669970e8e5346d714dd17192 --- M src/osmo-upf/upf_nft.c 1 file changed, 2 insertions(+), 0 deletions(-) git pull ssh://gerrit.osmocom.org:29418/osmo-upf refs/changes/94/30494/1 diff --git a/src/osmo-upf/upf_nft.c b/src/osmo-upf/upf_nft.c index a8ca90d..0b270ff 100644 --- a/src/osmo-upf/upf_nft.c +++ b/src/osmo-upf/upf_nft.c @@ -56,6 +56,8 @@ rc, osmo_quote_str_c(OTC_SELECT, ruleset, -1)); return -EIO; } + + LOGP(DNFT, LOGL_DEBUG, "set up nft ruleset: %s\n", osmo_quote_str_c(OTC_SELECT, ruleset, -1)); return 0; } -- To view, visit https://gerrit.osmocom.org/c/osmo-upf/+/30494 To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings Gerrit-Project: osmo-upf Gerrit-Branch: master Gerrit-Change-Id: I4436d107dc37abf3669970e8e5346d714dd17192 Gerrit-Change-Number: 30494 Gerrit-PatchSet: 1 Gerrit-Owner: neels <nhofmeyr(a)sysmocom.de> Gerrit-MessageType: newchange

2 years, 6 months

1
0
0 0

Change in osmo-upf[master]: nft: ensure to assign rule id only once

by neels

neels has uploaded this change for review. ( https://gerrit.osmocom.org/c/osmo-upf/+/30496 ) Change subject: nft: ensure to assign rule id only once ...................................................................... nft: ensure to assign rule id only once Make sure an assigned id is not overwritten. So far this function was guaranteed to be called only once. But I would like to allow getting the nftables ruleset string more than once in a future patch. Prepare that. Change-Id: I4e8c48c01fb2f5d4cfd223fe03abbf15b1a55670 --- M include/osmocom/upf/upf_nft.h M src/osmo-upf/upf_nft.c 2 files changed, 7 insertions(+), 2 deletions(-) git pull ssh://gerrit.osmocom.org:29418/osmo-upf refs/changes/96/30496/1 diff --git a/include/osmocom/upf/upf_nft.h b/include/osmocom/upf/upf_nft.h index 9108a4f..fe8bb12 100644 --- a/include/osmocom/upf/upf_nft.h +++ b/include/osmocom/upf/upf_nft.h @@ -42,6 +42,7 @@ struct osmo_sockaddr gtp_remote_addr; uint32_t remote_teid; } core; + /* id as in ruleset name 'tunmap<id>'. If zero, no id has been assigned yet. */ uint32_t id; }; diff --git a/src/osmo-upf/upf_nft.c b/src/osmo-upf/upf_nft.c index 4dfea6c..c34cbfb 100644 --- a/src/osmo-upf/upf_nft.c +++ b/src/osmo-upf/upf_nft.c @@ -215,8 +215,12 @@ struct upf_nft_args args; /* Give this tunnel mapping a new id, returned to the caller so that the tunnel mapping can be deleted later */ - g_upf->nft.next_id_state++; - tunmap->id = g_upf->nft.next_id_state; + if (!tunmap->id) { + g_upf->nft.next_id_state++; + if (!g_upf->nft.next_id_state) + g_upf->nft.next_id_state++; + tunmap->id = g_upf->nft.next_id_state; + } upf_nft_args_from_tunmap_desc(&args, tunmap); return upf_nft_run(upf_nft_ruleset_tunmap_create_c(OTC_SELECT, &args)); -- To view, visit https://gerrit.osmocom.org/c/osmo-upf/+/30496 To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings Gerrit-Project: osmo-upf Gerrit-Branch: master Gerrit-Change-Id: I4e8c48c01fb2f5d4cfd223fe03abbf15b1a55670 Gerrit-Change-Number: 30496 Gerrit-PatchSet: 1 Gerrit-Owner: neels <nhofmeyr(a)sysmocom.de> Gerrit-MessageType: newchange

2 years, 6 months

1
0
0 0

2025

2024

2023

2022

gerrit-log December 2022