BPF syntax extension for GTP-U (mobile ip packet)

["Ambika Prasad Tripathy" <ambika.tripathy () nethawk exfo com>]

Hi Experts,

 

I am searching a way how to filter GTP packets and hence mobile IP data over
GTP-U. I can do that by applying index based filter for BPF. But can when I
see struct bpf_insn structure I think, if I modify the gencode.c/h and
grammer.y to extend the GTP based filter it can work.
 
But not sure whether it is possible or not. Please let me know is the idea
works to extend existing bpf syntax for GTP-C and what are the things I
should modify for it. Below is my idea.
 
e.g. 
proto gtp -> will filter all GTP-U data packets
 
mip <value> -> will filter all mobile IP address based comparing on value
field.
Src mip <value>-> will filter only those packet whose mobile src ip is as
value
dst mip <value>-> will filter only those packet whose mobile dst ip is as
value
 
Mproto <tcp/udp/ip/icmp> -> will compare the protocol layer above GTP-U
layer and filters
 
Mport <value> => will filter mobile transport ports 

Src mport <value> -> will filter only those packets whose src port is as
value

dst mport <value> -> will filter only those packets whose dst port is as
value

 

teid <value> -> only filter those gtp-u packets whose TEID is as value.

 

 

Any idea helps me a lot. Thanks in advance for help.

 

Br,

Ambika Prasad Tripathy

 

-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.