Well, the idea was to use libipsec to integrate IPSec functionality into OpenGGSN code, so OpenGGSN itself could set IPSec parameters and start connection.

Maybe it has no sense or it is not an improvement, this is why I am asking you. I am no expert as you can see.

What about writting a GTP traffic open source analyzer?

I started writting it a couple of years ago.

I used tcpdump output and parsed it with awk and got statistics about many things (especially errors, packets per protocols counting...).

It could be written in C this time.

Could be interesting doing it properly?

2016-03-21 17:18 GMT+01:00 Harald Welte <laforge@gnumonks.org>:

Hi Manuel,

On Mon, Mar 21, 2016 at 04:00:14PM +0100, Manuel José Muñoz Calero wrote:
> I am evaluating these days the possibility to do something interesting
> which could be used as my project and also to put my bit for the OpenGGSN
> project.

thanks for reaching out about this.

> Long story short, what about me implementing IPSec for GTP-C in OpenGGSN?
> Do you think it could be useful? Feasible?

I've quickly looked at the documents you linked, and they don't really
state anything beyond "use IPsec for GTP". Specifically, the do not
specify how to do key distribution, how to set up the SAs, whether they
use a standard IKEv2 or something else, ...

As Linux has a fairly complete IPsec implementation consisting of the
kernel-level IPsec transforms with its netlink interface and e.g. the
Strongswan userland, I don't really think there is anything that would
need to be done in addition to configuring both this IPsec stack and
OpenGGSN.

So what exactly would you want to do? Am I missing something?

--
- Harald Welte <laforge@gnumonks.org> http://laforge.gnumonks.org/
============================================================================
"Privacy in residential applications is a desirable marketing option."
(ETSI EN 300 175-7 Ch. A6)