On 19/09/17 02:38, Tom Herbert wrote:
Add new configuration of GTP interfaces that allow specifying a port to listen on (as opposed to having to get sockets from a userspace control plane). This allows GTP interfaces to be configured and the data path tested without requiring a GTP-C daemon.
This would imply that you can have multiple independent GTP sockets on the same IP address.That is not permitted by the GTP specifications. 3GPP TS 29.281, section 4.3 states clearly that there is "only" one GTP entity per IP address.A PDP context is defined by the destination IP and the TEID. The destination port is not part of the identity of a PDP context.
Even the source IP and source port are not part of the tunnel identity. This makes is possible to send traffic from a new SGSN/SGW during handover before the control protocol has announced the handover.
At this point the usual response is: THAT IS NOT SAFE. Yes, GTP has been designed for cooperative networks only and should not be used on hostile/unsecured networks.
On the sending side, using multiple ports is permitted as long as the default GTP port is always able to receive incoming messages.
Andreas [...]
