Attention is currently required from: laforge, pespin.

fixeria uploaded patch set #5 to this change.

View Change

nft_kpi: add udp/2152 filtering rules separately

Mixing declarative and imperative syntax is supported by recent
nftables versions, but is known to be broken in older releases.
This affects the nftables version currently provided by Osmocom
for Debian 12 (bookworm): 1.0.6.3~osmocom.429.7d98.

As a result, the generated ruleset ends up accepting all packets rather
than only udp/2152 as intended.  Consequently, the nftables counters do
not reflect GTP-U traffic alone, but also include signalling traffic.

Let's work this around by adding the udp/2152 filtering rules separately
using the imperative syntax.  Split the logic for adding a chain into
a separate function to avoid code duplication.

Change-Id: I36eb3b18751fc029297fb91545af2d28e61067fd
Related: SYS#7808
---
M src/osmo-hnbgw/nft_kpi.c
1 file changed, 19 insertions(+), 14 deletions(-)

git pull ssh://gerrit.osmocom.org:29418/osmo-hnbgw refs/changes/52/41752/5

To view, visit change 41752. To unsubscribe, or for help writing mail filters, visit settings.

Gerrit-MessageType: newpatchset
Gerrit-Project: osmo-hnbgw
Gerrit-Branch: master
Gerrit-Change-Id: I36eb3b18751fc029297fb91545af2d28e61067fd
Gerrit-Change-Number: 41752
Gerrit-PatchSet: 5
Gerrit-Owner: fixeria <vyanitskiy@sysmocom.de>
Gerrit-Reviewer: Jenkins Builder
Gerrit-CC: laforge <laforge@osmocom.org>
Gerrit-CC: pespin <pespin@sysmocom.de>
Gerrit-Attention: laforge <laforge@osmocom.org>
Gerrit-Attention: pespin <pespin@sysmocom.de>