[PATCH 3/3] selinux: Add SELinux GTP support

Harald Welte laforge at gnumonks.org
Tue Oct 13 20:42:27 UTC 2020


Hi Richard and list[s],

On Tue, Oct 13, 2020 at 05:38:16PM +0100, Richard Haines wrote:
> There is in development a 5G version of GTP at [1]. 

Please note that there is no such thing as "5G version of GTP".  The GTP-U
(user plane) did not change between 2G, 3G, 4G or even 5G:  IT is still the
same protocol version (GTPv1-U), which you can see from looking at
3GPP TS 29.281 even in its latest release (Rel 15), which is what the authors
of the "gtp5g" github repository reference.

What has changed over time is how the protocol is used, and what kind of
QoS/classification features are added in order to use different GTP
tunnels for different traffic (to the same subscriber / IP address) in
order to subject it to different QoS within the 3GPP network.  This
functionality, by the way, can also be used in 4G networks, and even in
3G/2G networks that follow some of the later releases.

The "gtp5g" module hence should in my point not be a separate module,
but it should be broken down in incremental feature enhancements to the
existing in-kernel GTP user plane module.  The netlink interface should
also obviously be extended in a backwards-compatible way.

My most active kernel years are long gone, but I still think we never
have two implementations of the same protocol (GTPv1U in this case) in
the Kernel.

One could of course also consider to switch to a completely new
implementation / rewrite, but only if it is backwards compatible in
terms of use cases as well as the netlink interface (and hence existing
users of the GTPv1U kernel support).

> The other component that seems to be widely used in these systems is
> SCTP that I added hooks to a few years ago, [...]

indeed, SCTP is extremely heavily used in all cellular systems, from 2G
to 4G (with a peak in 4G), but still used on some 5G interfaces.

Unfortunately it is the tradition (until today) that none of the
industry players that need and use those protocols (GTP, SCTP) seem
to be participating in the development and maintenance effort of related
implementation.  So rather than Nokia, Ericsson or others improving the
in-kernel SCTP, their Linux based devices tend to roll their own
[userspace] SCTP implementations.

Even while in 2020 everybody in "marketing land" speaks about "open
source" in the context of cellular/5G, it is not happening.  It is only
open-washing in order to appear attractive.  In reality, anyone in this
industry derives a *massive* revenue from their patent royalty
collection and they would do anything but release or contribute to code
that comes with an explicit or implicit patent license grant.

So here we are, in 2020, where every single cellular equipment maker
uses Linux, but the most relevant real open source projects in the industry
are run by small enthusiast or very small players...

Regards,
	Harald
-- 
- Harald Welte <laforge at gnumonks.org>           http://laforge.gnumonks.org/
============================================================================
"Privacy in residential applications is a desirable marketing option."
                                                  (ETSI EN 300 175-7 Ch. A6)



More information about the Linux-security-module-archive mailing list