Intercepting GPRS data
First Claim
Patent Images
1. A method performed by a firewall for intercepting GPRS tunneling protocol (GTP) packets, the method comprising:
- receiving, at a tunnel request engine of the firewall, a GTP tunnel request from a first GTP tunnel endpoint;
identifying, by the tunnel request engine, a user identifier associated with the GTP tunnel request;
identifying, by the tunnel request engine, a GTP tunnel over which GTP tunnel packets, that are to be intercepted, will travel based on the user identifier and a list of interception identifiers;
adding, by the tunnel request engine, a tunnel identifier for the GTP tunnel to a list of GTP tunnel identifiers recognized for interception;
forwarding, by the tunnel request engine, the GTP tunnel request to a second GTP tunnel endpoint;
after the adding the tunnel identifier to the list of GTP tunnel identifiers, receiving, at a tunnel packet engine of the firewall that is different than the tunnel request engine, GTP tunnel packets associated with the GTP tunnel, each of the GTP tunnel packets including tunnel identification information;
determining, by the tunnel packet engine, whether each of the GTP tunnel packets is to be intercepted based on a comparison of the tunnel identification information to the list of GTP tunnel identifiers, where the determining comprises comparing a user identifier in a header of one of the GTP tunnel packets with the list of interception identifiers, when the list of interception identifiers has been updated to include a new entry after the GTP tunnel over which the GTP tunnel packets that are to be intercepted has been created;
intercepting, by the tunnel packet engine, each of the GTP tunnel packets when there is a match between the tunnel identification information and the list of GTP tunnel identifiers;
intercepting, by the tunnel packet engine, the one of the GTP tunnel packets when there is a match between the user identifiers in the header of the one of the GTP tunnel packet and the list of interception identifiers; and
processing, by the tunnel packet engine, each of the intercepted GTP tunnel packets.
1 Assignment
0 Petitions
Accused Products
Abstract
GPRS Tunneling Protocol (“GTP”) packets are intercepted by receiving a GTP tunnel packet, determining whether the GTP tunnel packet is to be intercepted, intercepting GTP tunnel packets if it is determined that the GTP tunnel packet is to be intercepted, and processing the intercepted GTP tunnel packets. Multiple tunnels may be intercepted simultaneously and GTP tunnel packets from different tunnels may be processed differently. Implementations include both inline and offline interception of GTP traffic between SGSN and GGSN.
43 Citations
30 Claims
-
1. A method performed by a firewall for intercepting GPRS tunneling protocol (GTP) packets, the method comprising:
-
receiving, at a tunnel request engine of the firewall, a GTP tunnel request from a first GTP tunnel endpoint; identifying, by the tunnel request engine, a user identifier associated with the GTP tunnel request; identifying, by the tunnel request engine, a GTP tunnel over which GTP tunnel packets, that are to be intercepted, will travel based on the user identifier and a list of interception identifiers; adding, by the tunnel request engine, a tunnel identifier for the GTP tunnel to a list of GTP tunnel identifiers recognized for interception; forwarding, by the tunnel request engine, the GTP tunnel request to a second GTP tunnel endpoint; after the adding the tunnel identifier to the list of GTP tunnel identifiers, receiving, at a tunnel packet engine of the firewall that is different than the tunnel request engine, GTP tunnel packets associated with the GTP tunnel, each of the GTP tunnel packets including tunnel identification information; determining, by the tunnel packet engine, whether each of the GTP tunnel packets is to be intercepted based on a comparison of the tunnel identification information to the list of GTP tunnel identifiers, where the determining comprises comparing a user identifier in a header of one of the GTP tunnel packets with the list of interception identifiers, when the list of interception identifiers has been updated to include a new entry after the GTP tunnel over which the GTP tunnel packets that are to be intercepted has been created; intercepting, by the tunnel packet engine, each of the GTP tunnel packets when there is a match between the tunnel identification information and the list of GTP tunnel identifiers; intercepting, by the tunnel packet engine, the one of the GTP tunnel packets when there is a match between the user identifiers in the header of the one of the GTP tunnel packet and the list of interception identifiers; and processing, by the tunnel packet engine, each of the intercepted GTP tunnel packets. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A GPRS Tunneling Protocol (GTP) module, comprising:
-
a tunnel request engine operable to process received GTP tunnel requests; and a tunnel packet engine operable to process received GTP tunnel packets associated with a GTP tunnel created based on one of the GTP tunnel requests, where the tunnel request engine includes a list of interception identifiers to determine if the GTP tunnel packets should be intercepted and generates a list of GTP tunnel identifiers recognized for interception based on the received GTP tunnel requests, and where the tunnel packet engine identifies GTP tunnel packets to intercept based on the list of GTP tunnel identifiers and, when the list of interception identifiers has been updated to include a new entry after the GTP tunnel over which the GTP tunnel packets that are to be intercepted has been created, compares a user identifier in a header of one of the GTP tunnel packets with the list of interception identifiers to identify the one of the GTP tunnel packets to intercept. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25)
-
-
26. A method for intercepting GPRS tunneling protocol (GTP) packets, the method comprising:
-
receiving, at a tunnel request engine of a firewall, a GTP tunnel request from a GTP tunnel endpoint; identifying, by the tunnel request engine, a user identifier associated with the GTP tunnel request; comparing, by the tunnel request engine, the user identifier with a list of interception identifiers; adding, by the tunnel request engine and when the user identifier matches an interception identifier in the list of interception identifiers, a tunnel identifier for a GTP tunnel, associated with the GTP tunnel request, to a list of GTP tunnel identifiers recognized for interception; receiving, at a tunnel packet engine, of the firewall, that is different than the tunnel request engine, GTP tunnel packets associated with the GTP tunnel, each of the GTP tunnel packets including tunnel identification information; intercepting, by the tunnel packet engine, the GTP tunnel packets when the tunnel identification information matches one of the GTP tunnel identifiers; allowing, by the tunnel packet engine, the GTP tunnel packets to pass through the firewall when the tunnel identification information does not match one of the GTP tunnel identifiers; determining, by the tunnel packet engine and after the allowing, that the list of interception identifiers has been updated to include a new interception identifier entry; intercepting, by the tunnel packet engine and after the determining, one of the GTP tunnel packets when a user identifier of the one of the GTP tunnel packets matches one of the interception identifier in the updated list of interception identifiers; associating the one of the GTP tunnel packets, that was intercepted, with a tunnel identifier; and intercepting, by the tunnel packet engine, a subsequent one of the GTP tunnel packets based on the tunnel identifier of the one of the GTP tunnel packets. - View Dependent Claims (27, 28, 29, 30)
-
Specification