Hi Keith, On Sat, Oct 31, 2020 at 08:27:34PM -0600, Keith wrote: > I have scanned 3GPP documents for info on the GGSN IP network facing > side, IIUC how the GGSN responds there is "out of scope"
I'd agree to that. > - I'm specifically wondering about sending ICMP host unreachable messages in > response to packets for IPs that are not currently active in the pool. makes sense. > If so I would try to clean it up and submit to code review. please do, thanks! > Also if in agreement, would it be worth making it switchable via a vty > param? I am thinking of where one might not want the IP space to be > probable, although I would assume that kind of thing is best left to the > local firewall implementation. I think the GGSN "function" should not implement firewall policy. However, given that generating and discarding a potentially very large amount of ICMP host unreachable messages can consume a significant amount of resources, I guess a vty option might make sense. -- - Harald Welte <[email protected]> http://laforge.gnumonks.org/ ============================================================================ "Privacy in residential applications is a desirable marketing option." (ETSI EN 300 175-7 Ch. A6)
