2 Nov
2020
2 Nov
'20
3:29 a.m.
Hi Keith,
On Sat, Oct 31, 2020 at 08:27:34PM -0600, Keith wrote:
I have scanned 3GPP documents for info on the GGSN IP
network facing
side, IIUC how the GGSN responds there is "out of scope"
I'd agree to that.
- I'm specifically wondering about sending ICMP
host unreachable messages in
response to packets for IPs that are not currently active in the pool.
makes sense.
If so I would try to clean it up and submit to code
review.
please do, thanks!
Also if in agreement, would it be worth making it
switchable via a vty
param? I am thinking of where one might not want the IP space to be
probable, although I would assume that kind of thing is best left to the
local firewall implementation.
I think the GGSN "function" should not implement firewall policy.
However, given that generating and discarding a potentially very large
amount of ICMP host unreachable messages can consume a significant amount
of resources, I guess a vty option might make sense.
--
- Harald Welte <laforge(a)osmocom.org> http://laforge.gnumonks.org/
============================================================================
"Privacy in residential applications is a desirable marketing option."
(ETSI EN 300 175-7 Ch. A6)