Attention is currently required from: neels. Hello Jenkins Builder, I'd like you to reexamine a change. Please visit https://gerrit.osmocom.org/c/osmo-upf/+/31165 to look at the new patch set (#3). Change subject: tunmap: refactor nft ruleset: fix "martians" and "1024" ...................................................................... tunmap: refactor nft ruleset: fix "martians" and "1024" Take care of two problems: - limitation of <= 1024 base chains in nftables, so far meaning we can establish at most 1024 GTP tunnel mappings. - mangling of source IP in prerouting so far meaning that the system needs to be configured to permit 'martian' packets The new ruleset separates in pre- and post-routing, so that we set a new destination IP address in pre-routing, and set a new source IP address in post-routing. Hence no problem with martian packet rejection. The new ruleset uses verdict maps, which are more efficient, and do not hit a limit of 1024 as base chains do. Related: SYS#6327 SYS#6264 Change-Id: Iccb975a1c0f8a2087f7b7dc4942a6b41f5675a13 --- M include/osmocom/upf/upf.h M include/osmocom/upf/upf_nft.h M src/osmo-upf/up_gtp_action.c M src/osmo-upf/upf.c M src/osmo-upf/upf_nft.c M src/osmo-upf/upf_vty.c M tests/nft-rule.vty 7 files changed, 244 insertions(+), 82 deletions(-) git pull ssh://gerrit.osmocom.org:29418/osmo-upf refs/changes/65/31165/3 -- To view, visit https://gerrit.osmocom.org/c/osmo-upf/+/31165 To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings Gerrit-Project: osmo-upf Gerrit-Branch: master Gerrit-Change-Id: Iccb975a1c0f8a2087f7b7dc4942a6b41f5675a13 Gerrit-Change-Number: 31165 Gerrit-PatchSet: 3 Gerrit-Owner: neels &lt;nhofmeyr(a)sysmocom.de&gt; Gerrit-Reviewer: Jenkins Builder Gerrit-Attention: neels &lt;nhofmeyr(a)sysmocom.de&gt; Gerrit-MessageType: newpatchset