Pablo Neira Ayuso b6fc0956ac gtp: properly parse extension headers
Currently GTP packets are dropped if the next extension field is set to
non-zero value, but this are valid GTP packets.

TS 29.281 provides a longer header format, which is defined as struct
gtp1_header_long. Such long header format is used if any of the S, PN, E
flags is set.

This long header is 4 bytes longer than struct gtp1_header, plus
variable length (optional) extension headers. The next extension header
field is zero is no extension header is provided.

The extension header is composed of a length field which includes total
number of 4 byte words including the extension header itself (1 byte),
payload (variable length) and next type (1 byte). The extension header
size and its payload is aligned to 4 bytes.

A GTP packet might come with a chain extensions headers, which makes it
slightly cumbersome to parse because the extension next header field
comes at the end of the extension header, and there is a need to check
if this field becomes zero to stop the extension header parser.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2024-05-07 01:35:55 +02:00

87 lines
1.5 KiB
C

/* SPDX-License-Identifier: GPL-2.0 */
#ifndef _GTP_H_
#define _GTP_H_
#include <linux/netdevice.h>
#include <linux/types.h>
#include <net/rtnetlink.h>
/* General GTP protocol related definitions. */
#define GTP0_PORT 3386
#define GTP1U_PORT 2152
/* GTP messages types */
#define GTP_ECHO_REQ 1 /* Echo Request */
#define GTP_ECHO_RSP 2 /* Echo Response */
#define GTP_TPDU 255
#define GTPIE_RECOVERY 14
struct gtp0_header { /* According to GSM TS 09.60. */
__u8 flags;
__u8 type;
__be16 length;
__be16 seq;
__be16 flow;
__u8 number;
__u8 spare[3];
__be64 tid;
} __attribute__ ((packed));
struct gtp1_header { /* According to 3GPP TS 29.060. */
__u8 flags;
__u8 type;
__be16 length;
__be32 tid;
} __attribute__ ((packed));
struct gtp1_header_long { /* According to 3GPP TS 29.060. */
__u8 flags;
__u8 type;
__be16 length;
__be32 tid;
__be16 seq;
__u8 npdu;
__u8 next;
} __packed;
/* GTP Information Element */
struct gtp_ie {
__u8 tag;
__u8 val;
} __packed;
struct gtp0_packet {
struct gtp0_header gtp0_h;
struct gtp_ie ie;
} __packed;
struct gtp1u_packet {
struct gtp1_header_long gtp1u_h;
struct gtp_ie ie;
} __packed;
struct gtp_pdu_session_info { /* According to 3GPP TS 38.415. */
u8 pdu_type;
u8 qfi;
};
static inline bool netif_is_gtp(const struct net_device *dev)
{
return dev->rtnl_link_ops &&
!strcmp(dev->rtnl_link_ops->kind, "gtp");
}
#define GTP1_F_NPDU 0x01
#define GTP1_F_SEQ 0x02
#define GTP1_F_EXTHDR 0x04
#define GTP1_F_MASK 0x07
struct gtp_ext_hdr {
__u8 len;
__u8 data[];
};
#endif