Extending BPF filter in gencode.c of libpcap

["Ambika Tripathy" <Ambika.Tripathy () nethawk exfo com>]

Hello Experts,

 

I am trying to extend the BPF filters for few token like GTP-U to filter
all mobile IP.

 

For this I have modified gencode.c file after adding one token to filter
know as "gtp-u [teid]". This will help then take the mobile ip layer to
filter various mobile ip packets.

 

But the problem is the header length of gtp-u. It is not always 8 bytes.
If sequence number present then length of GTP-U header will be 12 bytes.


 

The basic idea is, when I see UDP packets having port 2152, I sift
"off_nl" to mobile IP by adding "off_nl+=20 <for IP header>+8<for udp
header>+8 <gtp-u header>"

 

but if I fix the gtp-u header length as 8 then the filter is wrong.

 

So the correct way will be:

 

If (dataoffset[off_nl+20+8+1]&0x7)

then

 off_nl+=20+8+12

else

 off_nl+=20+8+8

 

My problem is how I can implement above logic to extend my BPF filter
for GTP-U. 

 

This is possible when we can get the offset value in our application to
check it. But I have no idea how we can get the value of a particular
offset using BPF language using gencode.c implementation

 

Thanks in advance for replay.

 

Br,

Ambika

 

 

-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.