mirror of
https://github.com/zeek/zeek.git
synced 2025-10-17 05:58:20 +00:00
9edbf3e53c
This currently supports automatic decapsulation of GTP-U packets on UDP port 2152. The GTPv1 headers for such tunnels can be inspected by handling the "gtpv1_g_pdu_packet" event, which has a parameter of type "gtpv1_hdr". Analyzer and test cases are derived from submissions by Carsten Langer. Addresses #690.
29 lines
636 B
C++
29 lines
636 B
C++
#ifndef GTPv1_h
|
|
#define GTPv1_h
|
|
|
|
#include "gtpv1_pac.h"
|
|
|
|
class GTPv1_Analyzer : public Analyzer {
|
|
public:
|
|
GTPv1_Analyzer(Connection* conn);
|
|
virtual ~GTPv1_Analyzer();
|
|
|
|
virtual void Done();
|
|
virtual void DeliverPacket(int len, const u_char* data, bool orig,
|
|
int seq, const IP_Hdr* ip, int caplen);
|
|
|
|
static Analyzer* InstantiateAnalyzer(Connection* conn)
|
|
{ return new GTPv1_Analyzer(conn); }
|
|
|
|
static bool Available()
|
|
{ return BifConst::Tunnel::enable_gtpv1 &&
|
|
BifConst::Tunnel::max_depth > 0; }
|
|
|
|
protected:
|
|
friend class AnalyzerTimer;
|
|
void ExpireTimer(double t);
|
|
|
|
binpac::GTPv1::GTPv1_Conn* interp;
|
|
};
|
|
|
|
#endif
|