tcpdump mailing list archives
Extending BPF filter in gencode.c of libpcap
From: "Ambika Tripathy" <Ambika.Tripathy () nethawk exfo com>
Date: Wed, 24 Nov 2010 12:39:54 +0200
Hello Experts, I am trying to extend the BPF filters for few token like GTP-U to filter all mobile IP. For this I have modified gencode.c file after adding one token to filter know as "gtp-u [teid]". This will help then take the mobile ip layer to filter various mobile ip packets. But the problem is the header length of gtp-u. It is not always 8 bytes. If sequence number present then length of GTP-U header will be 12 bytes. The basic idea is, when I see UDP packets having port 2152, I sift "off_nl" to mobile IP by adding "off_nl+=20 <for IP header>+8<for udp header>+8 <gtp-u header>" but if I fix the gtp-u header length as 8 then the filter is wrong. So the correct way will be: If (dataoffset[off_nl+20+8+1]&0x7) then off_nl+=20+8+12 else off_nl+=20+8+8 My problem is how I can implement above logic to extend my BPF filter for GTP-U. This is possible when we can get the offset value in our application to check it. But I have no idea how we can get the value of a particular offset using BPF language using gencode.c implementation Thanks in advance for replay. Br, Ambika - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Current thread:
- Extending BPF filter in gencode.c of libpcap Ambika Tripathy (Nov 26)