Well, the idea was to use libipsec to integrate IPSec functionality into OpenGGSN code, so OpenGGSN itself could set IPSec parameters and start connection.
Maybe it has no sense or it is not an improvement, this is why I am asking you. I am no expert as you can see.
What about writting a GTP traffic open source analyzer? I started writting it a couple of years ago. I used tcpdump output and parsed it with awk and got statistics about many things (especially errors, packets per protocols counting...). It could be written in C this time.
Could be interesting doing it properly?
2016-03-21 17:18 GMT+01:00 Harald Welte laforge@gnumonks.org:
Hi Manuel,
On Mon, Mar 21, 2016 at 04:00:14PM +0100, Manuel José Muñoz Calero wrote:
I am evaluating these days the possibility to do something interesting which could be used as my project and also to put my bit for the OpenGGSN project.
thanks for reaching out about this.
Long story short, what about me implementing IPSec for GTP-C in OpenGGSN? Do you think it could be useful? Feasible?
I've quickly looked at the documents you linked, and they don't really state anything beyond "use IPsec for GTP". Specifically, the do not specify how to do key distribution, how to set up the SAs, whether they use a standard IKEv2 or something else, ...
As Linux has a fairly complete IPsec implementation consisting of the kernel-level IPsec transforms with its netlink interface and e.g. the Strongswan userland, I don't really think there is anything that would need to be done in addition to configuring both this IPsec stack and OpenGGSN.
So what exactly would you want to do? Am I missing something?
--
- Harald Welte laforge@gnumonks.org
============================================================================ "Privacy in residential applications is a desirable marketing option." (ETSI EN 300 175-7 Ch. A6)