Change in osmo-upf[master]: implement GTP tunnel mapping via netfilter

Attention is currently required from: pespin. neels has posted comments on this change. ( https://gerrit.osmocom.org/c/osmo-upf/+/28309 ) Change subject: implement GTP tunnel mapping via netfilter ...................................................................... Patch Set 5: (1 comment) Patchset: PS5: i was able to login on the build slave via ssh and fixed the workspace. Only adding '--cap-add NET_ADMIN' is not sufficient, I also have to run as root in the docker container. An alternative would be to install /sbin/setcap in the docker image and add cap_net_admin to the osmo-upf binary. But then we face the dilemma that the user 'build' is not allowed to setcap. All of these problems with adding system crucial permissions to a gerrit job makes me consider other ways out: - do not run the vty tests in the gerrit job: no. The vty tests must be run. - add a cmdline option that switches off / mocks the kernel features solely for the purpose of running the VTY tests. OTOH, we will likely face the exact same problems in ttcn3 tests. We could switch off GTP kernel features there, too, but then we cannot verify that GTP handling is working as expected using actual GTP. At the moment the ttcn3-hacks/upf/ tests do not test actual GTP, but we most likely want to add that in the near future. Yet again it may not be desirable to actually employ the GTP kernel features (GTP module and nftables) on our build jobs, because i'm not sure that these features are actually being contained properly by docker. We would likely enable GTP capsulation and forwarding on the *host* system instead of inside the testing container ... ? I'd appreciate knowledge, opinions and input on this, if anyone has any. -- To view, visit https://gerrit.osmocom.org/c/osmo-upf/+/28309 To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings Gerrit-Project: osmo-upf Gerrit-Branch: master Gerrit-Change-Id: Ic0d319eb4f98cd51a5999c804c4203ab0bdda650 Gerrit-Change-Number: 28309 Gerrit-PatchSet: 5 Gerrit-Owner: neels <nhofmeyr(a)sysmocom.de> Gerrit-Reviewer: Jenkins Builder Gerrit-Reviewer: pespin <pespin(a)sysmocom.de> Gerrit-CC: laforge <laforge(a)osmocom.org> Gerrit-Attention: pespin <pespin(a)sysmocom.de> Gerrit-Comment-Date: Sun, 19 Jun 2022 15:44:54 +0000 Gerrit-HasComments: Yes Gerrit-Has-Labels: No Comment-In-Reply-To: neels <nhofmeyr(a)sysmocom.de> Gerrit-MessageType: comment