This piece of software implementes GPRS Tunneling Protocol (GTP) for user plane.
The software has two components - one is the extension of iptables that
run in user-space. The other is the counterpart of the iptables extension
that runs in kernel space.
The project is licensed under GPL2+, see the COPYING and AUTHORS files for more
The GTPu tunneling is handled in two parts. The first part is the user-space
iptables target extension library (let's call it libxt). The second
part is the GTPu kernel loadable module (let's call it gtpu). The way it
is, once the user configures a GTPu tunnel attributes using iptables, the klm
is loaded by the kernel automatically and handles the IP packets according to
the GTPu tunnel attributes set by the user.
The user can set the action to be taken on a matching IP packet. The action can be
either of "add", "remove" or "transport" .
A GTPu tunnel has the following attributes:
- own IP address
- own GTPu tunnel id
- peer's IP address
- peer's GTPu tunnel id
The GTPU target is designed to work only on mangle table. Also, the user is
expected to add GTPU target to the PREROUTING chain, as the GTPU target will
modify the original IP packet before it is routed.
Once the user creates the rule in iptables, the matching IP packets go through
the gtpu klm, which acts upon the IP packet according to the action set by the
user. The action "Add" means the klm will add a GTPu header to the IP packet.
"Remove" will remove the GTPu header from the IP packet and "Transport" will
do a Remove first followed by an "Add" on the IP packet.
For example, consider the following command:
iptables -t mangle -A PREROUTING -d 10.10.10.1 -j GTPU --own-ip 192.168.0.98 --own-tun 100 --peer-ip 192.168.0.109 --peer-tun 101 --action add
This command will configure the system to add a GTPu header to any IP packet destined to 10.10.10.1.
The source IP address outer IP will be 192.168.0.109, the dest IP will be 192.168.0.98 and
the destination GTP tunnel id will be 101.
Similarly, consider the following command:
iptables -t mangle -A PREROUTING -s 192.168.0.109 -d 192.168.0.98 -p udp --dport 2152 -j GTPU --action remove
This command will process all the GTPu packets coming from 192.168.0.109 to 192.168.0.98 to
strip the GTPu header and forward the inner IP packet to the kernel's routing engine.
There are two source C files and one header file:
- libxt_GTPU.c : source file for iptables GTPU extension library (libxt)
- xt_GTPU.c : source file for gtpu kernel loadable module (klm)
- xt_GTPU.h : common header file, shared between the libxt and the klm
- Makefile : Makefile to build both the libxt and the klm
- cmd.sh : sample cmd file to show how the binaries can be used
See the INSTALL file to learn how to build the binaries.
3GPP TS 29.281 General Packet Radio System (GPRS)
Tunnelling Protocol User Plane (GTP-u)
Pradip Biswas <firstname.lastname@example.org>