1 /* $OpenBSD: print-gtp.c,v 1.13 2020/10/26 23:19:18 jca Exp $ */ 2 /* 3 * Copyright (c) 2009, 2010 Joel Sing <jsing@openbsd.org> 4 * 5 * Permission to use, copy, modify, and distribute this software for any 6 * purpose with or without fee is hereby granted, provided that the above 7 * copyright notice and this permission notice appear in all copies. 8 * 9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 */ 17 18 /* 19 * Decoder for the GPRS Trunking Protocol (GTP). 20 * 21 * This work has been kindly sponsored by SystemNet (www.systemnet.no). 22 * 23 * GTPv0 standards are available from the ETSI website: 24 * 25 * http://pda.etsi.org/pda/ 26 * 27 * GTPv1 standards are available from the 3GPP website: 28 * 29 * http://www.3gpp.org/specifications 30 * 31 * The following standards have been referenced to create this decoder: 32 * 33 * ETSI GSM 09.60 - GPRS Tunnelling Protocol (GTPv0) 34 * ETSI GSM 12.15 - GPRS Charging (GTPv0') 35 * 36 * 3GPP TS 23.003 - Numbering, addressing and identification 37 * 3GPP TS 24.008 - Core network protocols 38 * 3GPP TS 29.002 - Mobile Application Part (MAP) specification 39 * 3GPP TS 29.060 - GPRS Tunnelling Protocol (GTPv1-C/GTPv1-U) 40 * 3GPP TS 32.295 - Charging Data Record (CDR) transfer (GTPv1') 41 */ 42 43 #include <sys/time.h> 44 #include <sys/socket.h> 45 #include <sys/types.h> 46 47 #include <netinet/in.h> 48 #include <netinet/ip.h> 49 #include <netinet/ip_var.h> 50 51 #include <ctype.h> 52 #include <stdio.h> 53 #include <stdlib.h> 54 #include <string.h> 55 56 #include "addrtoname.h" 57 #include "interface.h" 58 #include "gtp.h" 59 60 #ifndef nitems 61 #define nitems(_a) (sizeof((_a)) / sizeof((_a)[0])) 62 #endif 63 64 void gtp_print(const u_char *, u_int, u_short, u_short); 65 void gtp_decode_ie(const u_char *, u_short, int); 66 void gtp_print_tbcd(const u_char *, u_int); 67 void gtp_print_user_address(const u_char *, u_int); 68 void gtp_print_apn(const u_char *, u_int); 69 void gtp_print_str(const char **, u_int, u_int); 70 71 void gtp_v0_print(const u_char *, u_int, u_short, u_short); 72 void gtp_v0_print_prime(const u_char *); 73 int gtp_v0_print_tv(const u_char *, u_int); 74 int gtp_v0_print_tlv(const u_char *, u_int); 75 76 void gtp_v1_print(const u_char *, u_int, u_short, u_short); 77 void gtp_v1_print_ctrl(const u_char *, u_int, struct gtp_v1_hdr *); 78 void gtp_v1_print_user(const u_char *, u_int, struct gtp_v1_hdr *); 79 void gtp_v1_print_prime(const u_char *, struct gtp_v1_prime_hdr *); 80 int gtp_v1_print_tv(const u_char *, u_int); 81 int gtp_v1_print_tlv(const u_char *, u_int); 82 83 /* GTPv0 message types. */ 84 static struct tok gtp_v0_msgtype[] = { 85 86 { 1, "Echo Request" }, 87 { 2, "Echo Response" }, 88 { 3, "Version Not Supported" }, 89 { 4, "Node Alive Request" }, 90 { 5, "Node Alive Response" }, 91 { 6, "Redirection Request" }, 92 { 7, "Redirection Response" }, 93 { 16, "Create PDP Context Request" }, 94 { 17, "Create PDP Context Response" }, 95 { 18, "Update PDP Context Request" }, 96 { 19, "Update PDP Context Response" }, 97 { 20, "Delete PDP Context Request" }, 98 { 21, "Delete PDP Context Response" }, 99 { 22, "Create AA PDP Context Request" }, 100 { 23, "Create AA PDP Context Response" }, 101 { 24, "Delete AA PDP Context Request" }, 102 { 25, "Delete AA PDP Context Response" }, 103 { 26, "Error Indication" }, 104 { 27, "PDU Notification Request" }, 105 { 28, "PDU Notification Response" }, 106 { 29, "PDU Notification Reject Request" }, 107 { 30, "PDU Notification Reject Response" }, 108 { 32, "Send Routeing Information Request" }, 109 { 33, "Send Routeing Information Response" }, 110 { 34, "Failure Report Request" }, 111 { 35, "Failure Report Response" }, 112 { 36, "MS GPRS Present Request" }, 113 { 37, "MS GPRS Present Response" }, 114 { 48, "Identification Request" }, 115 { 49, "Identification Response" }, 116 { 50, "SGSN Context Request" }, 117 { 51, "SGSN Context Response" }, 118 { 52, "SGSN Context Acknowledge" }, 119 { 240, "Data Record Transfer Request" }, 120 { 241, "Data Record Transfer Response" }, 121 { 255, "T-PDU" }, 122 123 { 0, NULL } 124 }; 125 126 /* GTPv0 causes. */ 127 static struct tok gtp_v0_cause[] = { 128 129 { 0, "Request IMSI" }, 130 { 1, "Request IMEI" }, 131 { 2, "Request IMSI and IMEI" }, 132 { 3, "No identity needed" }, 133 { 4, "MS refuses" }, 134 { 5, "MS is not GPRS responding" }, 135 { 128, "Request accepted" }, 136 { 192, "Non-existent" }, 137 { 193, "Invalid message format" }, 138 { 194, "IMSI not known" }, 139 { 195, "MS is GPRS detached" }, 140 { 196, "MS is not GPRS responding" }, 141 { 197, "MS refuses" }, 142 { 198, "Version not supported" }, 143 { 199, "No resources available" }, 144 { 200, "Service not supported" }, 145 { 201, "Mandatory IE incorrect" }, 146 { 202, "Mandatory IE missing" }, 147 { 203, "Optional IE incorrect" }, 148 { 204, "System failure" }, 149 { 205, "Roaming restriction" }, 150 { 206, "P-TMSI signature mismatch" }, 151 { 207, "GPRS connection suspended" }, 152 { 208, "Authentication failure" }, 153 { 209, "User authentication failed" }, 154 155 { 0, NULL } 156 }; 157 158 /* GTPv1 message types. */ 159 static struct tok gtp_v1_msgtype[] = { 160 161 { 1, "Echo Request" }, 162 { 2, "Echo Response" }, 163 { 3, "Version Not Supported" }, 164 { 4, "Node Alive Request" }, 165 { 5, "Node Alive Response" }, 166 { 6, "Redirection Request" }, 167 { 7, "Redirection Response" }, 168 { 16, "Create PDP Context Request" }, 169 { 17, "Create PDP Context Response" }, 170 { 18, "Update PDP Context Request" }, 171 { 19, "Update PDP Context Response" }, 172 { 20, "Delete PDP Context Request" }, 173 { 21, "Delete PDP Context Response" }, 174 { 22, "Initiate PDP Context Activiation Request" }, 175 { 23, "Initiate PDP Context Activiation Response" }, 176 { 26, "Error Indication" }, 177 { 27, "PDU Notification Request" }, 178 { 28, "PDU Notification Response" }, 179 { 29, "PDU Notification Reject Request" }, 180 { 30, "PDU Notification Reject Response" }, 181 { 31, "Supported Extension Headers Notification" }, 182 { 32, "Send Routeing Information for GPRS Request" }, 183 { 33, "Send Routeing Information for GPRS Response" }, 184 { 34, "Failure Report Request" }, 185 { 35, "Failure Report Response" }, 186 { 36, "Note MS GPRS Present Request" }, 187 { 37, "Note MS GPRS Present Response" }, 188 { 48, "Identification Request" }, 189 { 49, "Identification Response" }, 190 { 50, "SGSN Context Request" }, 191 { 51, "SGSN Context Response" }, 192 { 52, "SGSN Context Acknowledge" }, 193 { 53, "Forward Relocation Request" }, 194 { 54, "Forward Relocation Response" }, 195 { 55, "Forward Relocation Complete" }, 196 { 56, "Relocation Cancel Request" }, 197 { 57, "Relocation Cancel Response" }, 198 { 58, "Forward SRNS Context" }, 199 { 59, "Forward Relocation Complete Acknowledge" }, 200 { 60, "Forward SRNS Context Acknowledge" }, 201 { 70, "RAN Information Relay" }, 202 { 96, "MBMS Notification Request" }, 203 { 97, "MBMS Notification Response" }, 204 { 98, "MBMS Notification Reject Request" }, 205 { 99, "MBMS Notification Reject Response" }, 206 { 100, "Create MBMS Context Request" }, 207 { 101, "Create MBMS Context Response" }, 208 { 102, "Update MBMS Context Request" }, 209 { 103, "Update MBMS Context Response" }, 210 { 104, "Delete MBMS Context Request" }, 211 { 105, "Delete MBMS Context Response" }, 212 { 112, "MBMS Registration Request" }, 213 { 113, "MBMS Registration Response" }, 214 { 114, "MBMS De-Registration Request" }, 215 { 115, "MBMS De-Registration Response" }, 216 { 116, "MBMS Session Start Request" }, 217 { 117, "MBMS Session Start Response" }, 218 { 118, "MBMS Session Stop Request" }, 219 { 119, "MBMS Session Stop Response" }, 220 { 120, "MBMS Session Update Request" }, 221 { 121, "MBMS Session Update Response" }, 222 { 128, "MBMS Info Change Notification Request" }, 223 { 129, "MBMS Info Change Notification Response" }, 224 { 240, "Data Record Transfer Request" }, 225 { 241, "Data Record Transfer Response" }, 226 { 255, "G-PDU" }, 227 228 { 0, NULL } 229 }; 230 231 /* GTPv1 Causes. */ 232 static struct tok gtp_v1_cause[] = { 233 234 /* GTPv1-C. */ 235 { 0, "Request IMSI" }, 236 { 1, "Request IMEI" }, 237 { 2, "Request IMSI and IMEI" }, 238 { 3, "No identity needed" }, 239 { 4, "MS refuses" }, 240 { 5, "MS is not GPRS responding" }, 241 { 128, "Request accepted" }, 242 { 192, "Non-existent" }, 243 { 193, "Invalid message format" }, 244 { 194, "IMSI not known" }, 245 { 195, "MS is GPRS detached" }, 246 { 196, "MS is not GPRS responding" }, 247 { 197, "MS refuses" }, 248 { 198, "Version not supported" }, 249 { 199, "No resources available" }, 250 { 200, "Service not supported" }, 251 { 201, "Mandatory IE incorrect" }, 252 { 202, "Mandatory IE missing" }, 253 { 203, "Optional IE incorrect" }, 254 { 204, "System failure" }, 255 { 205, "Roaming restriction" }, 256 { 206, "P-TMSI signature mismatch" }, 257 { 207, "GPRS connection suspended" }, 258 { 208, "Authentication failure" }, 259 { 209, "User authentication failed" }, 260 { 210, "Context not found" }, 261 { 211, "All dynamic PDP addresses are occupied" }, 262 { 212, "No memory is available" }, 263 { 213, "Relocation failure" }, 264 { 214, "Unknown mandatory extension header" }, 265 { 215, "Semantic error in the TFT operation" }, 266 { 216, "Syntactic error in the TFT operation" }, 267 { 217, "Semantic errors in packet filter(s)" }, 268 { 218, "Syntactic errors in packet filter(s)" }, 269 { 219, "Missing or unknown APN" }, 270 { 220, "Unknown PDP address or PDP type" }, 271 { 221, "PDP context without TFT already activated" }, 272 { 222, "APN access denied - no subscription" }, 273 { 223, "APN restriction type incompatibility with currently " 274 "active PDP contexts" }, 275 { 224, "MS MBMS capabilities insufficient" }, 276 { 225, "Invalid correlation-ID" }, 277 { 226, "MBMS bearer context superseded" }, 278 279 /* GTP'v1. */ 280 { 59, "System failure" }, 281 { 60, "The transmit buffers are becoming full" }, 282 { 61, "The receive buffers are becoming full" }, 283 { 62, "Another node is about to go down" }, 284 { 63, "This node is about to go down" }, 285 { 177, "CDR decoding error" }, 286 { 252, "Request related to possibly duplicated packets already " 287 "fulfilled" }, 288 { 253, "Request already fulfilled" }, 289 { 254, "Sequence numbers of released/cancelled packets IE incorrect" }, 290 { 255, "Request not fulfilled" }, 291 292 { 0, NULL } 293 }; 294 295 static int gtp_proto = -1; 296 297 void 298 gtp_print(const u_char *cp, u_int length, u_short sport, u_short dport) 299 { 300 int version; 301 302 /* Decode GTP version. */ 303 TCHECK(cp[0]); 304 version = cp[0] >> GTP_VERSION_SHIFT; 305 306 if (version == GTP_VERSION_0) 307 gtp_v0_print(cp, length, sport, dport); 308 else if (version == GTP_VERSION_1) 309 gtp_v1_print(cp, length, sport, dport); 310 else 311 printf("GTP (version %i)", version); 312 313 return; 314 315 trunc: 316 printf("[|GTP]"); 317 } 318 319 /* 320 * Decode and print information elements from message. The actual work is 321 * handled in the appropriate Tag/Value (TV) or Tag/Length/Value (TLV) 322 * decoding routine. 323 */ 324 void 325 gtp_decode_ie(const u_char *cp, u_short version, int len) 326 { 327 int val, ielen, iecount = 0; 328 329 if (len <= 0) 330 return; 331 332 printf(" {"); 333 334 while (len > 0) { 335 336 iecount++; 337 if (iecount > 1) 338 printf(" "); 339 340 TCHECK(cp[0]); 341 val = (u_int)cp[0]; 342 cp++; 343 344 printf("["); 345 346 switch (version) { 347 case GTP_VERSION_0: 348 if ((val & GTPV0_IE_TYPE_MASK) == 0) 349 ielen = gtp_v0_print_tv(cp, val); 350 else 351 ielen = gtp_v0_print_tlv(cp, val); 352 break; 353 354 case GTP_VERSION_1: 355 if ((val & GTPV1_IE_TYPE_MASK) == 0) 356 ielen = gtp_v1_print_tv(cp, val); 357 else 358 ielen = gtp_v1_print_tlv(cp, val); 359 break; 360 361 default: 362 /* Version not supported... */ 363 ielen = -1; 364 break; 365 } 366 367 printf("]"); 368 369 if (ielen < 0) 370 goto trunc; 371 372 len -= ielen; 373 cp += ielen - 1; 374 } 375 376 if (iecount > 0) 377 printf("}"); 378 379 return; 380 381 trunc: 382 printf(" [|%s]", tok2str(gtp_type, "GTP", gtp_proto)); 383 } 384 385 /* 386 * Decode and print telephony binary coded decimal. 387 */ 388 void 389 gtp_print_tbcd(const u_char *cp, u_int len) 390 { 391 u_int8_t *data, bcd; 392 int i; 393 394 data = (u_int8_t *)cp; 395 for (i = 0; i < len; i++) { 396 bcd = *data & 0xf; 397 if (bcd != 0xf) 398 printf("%u", bcd); 399 bcd = *data >> 4; 400 if (bcd != 0xf) 401 printf("%u", bcd); 402 data++; 403 } 404 } 405 406 /* 407 * Decode and print an end user address. Format is detailed in 408 * GSM 09.60 section 7.9.18 and 3GPP 29.060 section 7.7.27. 409 */ 410 void 411 gtp_print_user_address(const u_char *cp, u_int len) 412 { 413 u_int8_t org, type; 414 415 if (len < 2) 416 return; 417 418 org = (u_int8_t)cp[0] & 0xf; 419 type = (u_int8_t)cp[1]; 420 421 cp += 2; 422 423 if (org == 0x0 && type == 0x1) 424 printf(": PPP"); 425 else if (org == 0x1 && type == 0x21) { 426 if (len == 6) 427 printf(": %s", ipaddr_string(cp)); 428 else 429 printf(": IPv4"); 430 } else if (org == 0x1 && type == 0x57) { 431 if (len == 18) 432 printf(": %s", ip6addr_string(cp)); 433 else 434 printf(": IPv6"); 435 } else 436 printf(" (org 0x%x, type 0x%x)", org, type); 437 } 438 439 /* 440 * Decode and print an Access Point Name. Format is detailed in 441 * 3GPP 24.008 section 10.5.6.1 and 3GPP 23.003 section 9.1. 442 */ 443 void 444 gtp_print_apn(const u_char *cp, u_int len) 445 { 446 u_char label[100]; 447 u_int8_t llen; 448 449 if (len < 1 || len > 100) 450 return; 451 452 while (len > 0) { 453 454 llen = (u_int8_t)cp[0]; 455 if (llen > 99) 456 return; 457 458 bcopy(cp + 1, label, llen); 459 label[llen] = '\0'; 460 printf("%s", label); 461 462 cp += llen + 1; 463 len -= llen + 1; 464 465 if (len > 0) 466 printf("."); 467 468 } 469 } 470 471 /* Print string from array. */ 472 void 473 gtp_print_str(const char **strs, u_int bound, u_int index) 474 { 475 if (index >= bound) 476 printf(": %u", index); 477 else if (strs[index] != NULL) 478 printf(": %s", strs[index]); 479 } 480 481 /* 482 * Decoding routines for GTP version 0. 483 */ 484 void 485 gtp_v0_print(const u_char *cp, u_int length, u_short sport, u_short dport) 486 { 487 struct gtp_v0_hdr *gh = (struct gtp_v0_hdr *)cp; 488 int len, version; 489 u_int64_t tid; 490 491 gtp_proto = GTP_V0_PROTO; 492 493 /* Check if this is GTP prime. */ 494 TCHECK(gh->flags); 495 if ((gh->flags & GTPV0_HDR_PROTO_TYPE) == 0) { 496 gtp_proto = GTP_V0_PRIME_PROTO; 497 gtp_v0_print_prime(cp); 498 return; 499 } 500 501 /* Print GTP header. */ 502 TCHECK(*gh); 503 cp += sizeof(struct gtp_v0_hdr); 504 len = ntohs(gh->length); 505 bcopy(&gh->tid, &tid, sizeof(tid)); 506 printf("GTPv0 (len %u, seqno %u, flow %u, N-PDU %u, tid 0x%llx) ", 507 ntohs(gh->length), ntohs(gh->seqno), ntohs(gh->flow), 508 ntohs(gh->npduno), betoh64(tid)); 509 510 /* Decode GTP message. */ 511 printf("%s", tok2str(gtp_v0_msgtype, "Message Type %u", gh->msgtype)); 512 513 if (!vflag) 514 return; 515 516 if (gh->msgtype == GTPV0_T_PDU) { 517 518 TCHECK(cp[0]); 519 version = cp[0] >> 4; 520 521 printf(" { "); 522 523 if (version == 4) 524 ip_print(cp, len); 525 else if (version == 6) 526 ip6_print(cp, len); 527 else 528 printf("Unknown IP version %u", version); 529 530 printf(" }"); 531 } else 532 gtp_decode_ie(cp, GTP_VERSION_0, len); 533 534 return; 535 536 trunc: 537 printf(" [|%s]", tok2str(gtp_type, "GTP", gtp_proto)); 538 } 539 540 void 541 gtp_v0_print_prime(const u_char *cp) 542 { 543 struct gtp_v0_prime_hdr *gph = (struct gtp_v0_prime_hdr *)cp; 544 int len; 545 546 /* Decode GTP prime header. */ 547 TCHECK(*gph); 548 cp += sizeof(*gph); 549 550 len = ntohs(gph->length); 551 printf("GTPv0' (len %u, seq %u) ", len, ntohs(gph->seqno)); 552 553 /* Decode GTP message. */ 554 printf("%s", tok2str(gtp_v0_msgtype, "Message Type %u", gph->msgtype)); 555 556 if (vflag) 557 gtp_decode_ie(cp, GTP_VERSION_0, len); 558 559 return; 560 561 trunc: 562 printf(" [|%s]", tok2str(gtp_type, "GTP", gtp_proto)); 563 } 564 565 int 566 gtp_v0_print_tv(const u_char *cp, u_int value) 567 { 568 u_int32_t *dpl; 569 u_int16_t *dps; 570 u_int8_t data; 571 int ielen = -1; 572 573 switch (value) { 574 case GTPV0_TV_CAUSE: 575 576 /* 09.60 7.9.1 - Cause. */ 577 TCHECK(cp[0]); 578 data = (u_int8_t)cp[0]; 579 ielen = GTPV0_TV_CAUSE_LENGTH; 580 printf("Cause: %s", tok2str(gtp_v0_cause, "#%u", data)); 581 break; 582 583 case GTPV0_TV_IMSI: 584 585 /* 09.60 7.9.2 - International Mobile Subscriber Identity. */ 586 TCHECK2(cp[0], GTPV0_TV_IMSI_LENGTH - 1); 587 printf("IMSI "); 588 gtp_print_tbcd(cp, GTPV0_TV_IMSI_LENGTH - 1); 589 ielen = GTPV0_TV_IMSI_LENGTH; 590 break; 591 592 case GTPV0_TV_RAI: 593 594 /* 09.60 7.9.3 - Routing Area Identity (RAI). */ 595 TCHECK2(cp[0], GTPV0_TV_RAI_LENGTH - 1); 596 printf("RAI: MCC "); 597 data = cp[1] | 0xf0; 598 gtp_print_tbcd(cp, 1); 599 gtp_print_tbcd(&data, 1); 600 printf(", MNC "); 601 data = (cp[1] >> 4) | 0xf0; 602 gtp_print_tbcd(cp + 2, 1); 603 gtp_print_tbcd(&data, 1); 604 printf(", LAC 0x%x%x", cp[3], cp[4]); 605 printf(", RAC 0x%x", cp[5]); 606 ielen = GTPV0_TV_RAI_LENGTH; 607 break; 608 609 case GTPV0_TV_TLLI: 610 611 /* 09.60 7.9.4 - Temporary Logical Link Identity (TLLI). */ 612 TCHECK2(cp[0], GTPV0_TV_TLLI_LENGTH - 1); 613 dpl = (u_int32_t *)cp; 614 printf("TLLI 0x%x", ntohl(*dpl)); 615 ielen = GTPV0_TV_TLLI_LENGTH; 616 break; 617 618 case GTPV0_TV_PTMSI: 619 620 /* 09.60 7.9.5 - Packet TMSI (P-TMSI). */ 621 TCHECK2(cp[0], GTPV0_TV_PTMSI_LENGTH - 1); 622 dpl = (u_int32_t *)cp; 623 printf("P-TMSI 0x%x", ntohl(*dpl)); 624 ielen = GTPV0_TV_PTMSI_LENGTH; 625 break; 626 627 case GTPV0_TV_QOS: 628 629 /* 09.60 7.9.6 - Quality of Service (QoS) Profile. */ 630 TCHECK2(cp[0], GTPV0_TV_QOS_LENGTH - 1); 631 printf("QoS Profile"); /* XXX */ 632 ielen = GTPV0_TV_QOS_LENGTH; 633 break; 634 635 case GTPV0_TV_REORDER: 636 637 /* 09.60 7.9.7 - Reordering Required. */ 638 TCHECK2(cp[0], GTPV0_TV_REORDER_LENGTH - 1); 639 printf("Reordering Required: "); 640 if (cp[0] & 0x1) 641 printf("yes"); 642 else 643 printf("no"); 644 ielen = GTPV0_TV_REORDER_LENGTH; 645 break; 646 647 case GTPV0_TV_AUTH_TRIPLET: 648 649 /* 09.60 7.9.8 - Authentication Triplet. */ 650 TCHECK2(cp[0], GTPV0_TV_AUTH_TRIPLET_LENGTH - 1); 651 printf("Authentication"); /* XXX */ 652 ielen = GTPV0_TV_AUTH_TRIPLET_LENGTH; 653 break; 654 655 case GTPV0_TV_MAP_CAUSE: 656 657 /* 09.60 7.9.9 - MAP Cause. */ 658 TCHECK2(cp[0], GTPV0_TV_MAP_CAUSE_LENGTH - 1); 659 printf("MAP Cause: %u", cp[0]); 660 ielen = GTPV0_TV_MAP_CAUSE_LENGTH; 661 break; 662 663 case GTPV0_TV_PTMSI_SIGNATURE: 664 665 /* 09.60 7.9.10 - P-TMSI Signature. */ 666 /* Signature defined in GSM 04.08. */ 667 TCHECK2(cp[0], GTPV0_TV_PTMSI_SIGNATURE_LENGTH - 1); 668 printf("PTMSI Signature: 0x%x%x%x", cp[0], cp[1], cp[2]); 669 ielen = GTPV0_TV_PTMSI_SIGNATURE_LENGTH; 670 break; 671 672 case GTPV0_TV_MS_VALIDATED: 673 674 /* 09.60 7.9.11 - MS Validated. */ 675 TCHECK2(cp[0], GTPV0_TV_MS_VALIDATED_LENGTH - 1); 676 printf("MS Validated"); 677 if (cp[0] & 0x1) 678 printf("yes"); 679 else 680 printf("no"); 681 ielen = GTPV0_TV_MS_VALIDATED_LENGTH; 682 break; 683 684 case GTPV0_TV_RECOVERY: 685 686 /* 09.60 7.9.12 - Recovery. */ 687 TCHECK2(cp[0], GTPV0_TV_RECOVERY_LENGTH - 1); 688 printf("Recovery: Restart counter %u", cp[0]); 689 ielen = GTPV0_TV_RECOVERY_LENGTH; 690 break; 691 692 case GTPV0_TV_SELECTION_MODE: 693 694 /* 09.60 7.9.13 - Selection Mode. */ 695 TCHECK2(cp[0], GTPV0_TV_SELECTION_MODE_LENGTH - 1); 696 printf("Selection Mode"); /* XXX */ 697 ielen = GTPV0_TV_SELECTION_MODE_LENGTH; 698 break; 699 700 case GTPV0_TV_FLOW_LABEL_DATA_I: 701 702 /* 09.60 7.9.14 - Flow Label Data I. */ 703 TCHECK2(cp[0], GTPV0_TV_FLOW_LABEL_DATA_I_LENGTH - 1); 704 dps = (u_int16_t *)cp; 705 printf("Flow Label Data I: %u", ntohs(*dps)); 706 ielen = GTPV0_TV_FLOW_LABEL_DATA_I_LENGTH; 707 break; 708 709 case GTPV0_TV_FLOW_LABEL_SIGNALLING: 710 711 /* 09.60 7.9.15 - Flow Label Signalling. */ 712 TCHECK2(cp[0], GTPV0_TV_FLOW_LABEL_SIGNALLING_LENGTH - 1); 713 dps = (u_int16_t *)cp; 714 printf("Flow Label Signalling: %u", ntohs(*dps)); 715 ielen = GTPV0_TV_FLOW_LABEL_SIGNALLING_LENGTH; 716 break; 717 718 case GTPV0_TV_FLOW_LABEL_DATA_II: 719 720 /* 09.60 7.9.16 - Flow Label Data II. */ 721 TCHECK2(cp[0], GTPV0_TV_FLOW_LABEL_DATA_II_LENGTH - 1); 722 data = cp[0] & 0xf; 723 dps = (u_int16_t *)(cp + 1); 724 printf("Flow Label Data II: %u, NSAPI %u", ntohs(*dps), data); 725 ielen = GTPV0_TV_FLOW_LABEL_DATA_II_LENGTH; 726 break; 727 728 case GTPV0_TV_PACKET_XFER_CMD: 729 730 /* 12.15 7.3.4.5.3 - Packet Transfer Command. */ 731 TCHECK2(cp[0], GTPV0_TV_PACKET_XFER_CMD_LENGTH - 1); 732 printf("Packet Transfer Command"); 733 gtp_print_str(gtp_packet_xfer_cmd, nitems(gtp_packet_xfer_cmd), 734 cp[0]); 735 ielen = GTPV0_TV_PACKET_XFER_CMD_LENGTH; 736 break; 737 738 case GTPV0_TV_CHARGING_ID: 739 740 /* 09.60 7.9.17 - Charging ID. */ 741 TCHECK2(cp[0], GTPV0_TV_CHARGING_ID_LENGTH - 1); 742 dps = (u_int16_t *)cp; 743 printf("Charging ID: %u", ntohs(*dps)); 744 ielen = GTPV0_TV_CHARGING_ID_LENGTH; 745 break; 746 747 default: 748 printf("TV %u", value); 749 } 750 751 trunc: 752 return ielen; 753 } 754 755 int 756 gtp_v0_print_tlv(const u_char *cp, u_int value) 757 { 758 u_int8_t data; 759 u_int16_t *lenp, *seqno, len; 760 int ielen = -1; 761 762 /* Get length of IE. */ 763 TCHECK2(cp[0], 2); 764 lenp = (u_int16_t *)cp; 765 cp += 2; 766 len = ntohs(*lenp); 767 TCHECK2(cp[0], len); 768 ielen = sizeof(data) + sizeof(len) + len; 769 770 switch (value) { 771 772 case GTPV0_TLV_END_USER_ADDRESS: 773 774 /* 09.60 7.9.18 - End User Address. */ 775 printf("End User Address"); 776 gtp_print_user_address(cp, len); 777 break; 778 779 case GTPV0_TLV_MM_CONTEXT: 780 781 /* 09.60 7.9.19 - MM Context. */ 782 printf("MM Context"); /* XXX */ 783 break; 784 785 case GTPV0_TLV_PDP_CONTEXT: 786 787 /* 09.60 7.9.20 - PDP Context. */ 788 printf("PDP Context"); /* XXX */ 789 break; 790 791 case GTPV0_TLV_ACCESS_POINT_NAME: 792 793 /* 09.60 7.9.21 - Access Point Name. */ 794 printf("AP Name: "); 795 gtp_print_apn(cp, len); 796 break; 797 798 case GTPV0_TLV_PROTOCOL_CONFIG_OPTIONS: 799 800 /* 09.60 7.9.22 - Protocol Configuration Options. */ 801 printf("Protocol Configuration Options"); /* XXX */ 802 break; 803 804 case GTPV0_TLV_GSN_ADDRESS: 805 806 /* 09.60 7.9.23 - GSN Address. */ 807 printf("GSN Address"); 808 if (len == 4) 809 printf(": %s", ipaddr_string(cp)); 810 else if (len == 16) 811 printf(": %s", ip6addr_string(cp)); 812 break; 813 814 case GTPV0_TLV_MS_ISDN: 815 816 /* 09.60 7.9.24 - MS International PSTN/ISDN Number. */ 817 printf("MSISDN "); 818 data = (u_int8_t)cp[0]; /* XXX - Number type. */ 819 gtp_print_tbcd(cp + 1, len - 1); 820 break; 821 822 case GTPV0_TLV_CHARGING_GATEWAY_ADDRESS: 823 824 /* 09.60 7.9.25 - Charging Gateway Address. */ 825 printf("Charging Gateway"); 826 if (len == 4) 827 printf(": %s", ipaddr_string(cp)); 828 break; 829 830 case GTPV0_TLV_DATA_RECORD_PACKET: 831 832 /* 12.15 7.3.4.5.4 - Data Record Packet. */ 833 printf("Data Record: Records %u, Format %u, Format Version %u", 834 cp[0], cp[1], ntohs(*(u_int16_t *)(cp + 2))); 835 break; 836 837 case GTPV0_TLV_REQUESTS_RESPONDED: 838 839 /* 12.15 7.3.4.6 - Requests Responded. */ 840 printf("Requests Responded:"); 841 seqno = (u_int16_t *)cp; 842 while (len > 0) { 843 printf(" %u", ntohs(*seqno)); 844 seqno++; 845 len -= sizeof(*seqno); 846 } 847 break; 848 849 case GTPV0_TLV_RECOMMENDED_NODE: 850 851 /* 12.15 7.3.4.3 - Address of Recommended Node. */ 852 printf("Recommended Node"); 853 if (len == 4) 854 printf(": %s", ipaddr_string(cp)); 855 else if (len == 16) 856 printf(": %s", ip6addr_string(cp)); 857 break; 858 859 case GTPV0_TLV_PRIVATE_EXTENSION: 860 861 printf("Private Extension"); 862 break; 863 864 default: 865 printf("TLV %u (len %u)", value, len); 866 } 867 868 return ielen; 869 870 trunc: 871 return -1; 872 } 873 874 /* 875 * Decoding for GTP version 1, which consists of GTPv1-C, GTPv1-U and GTPv1'. 876 */ 877 void 878 gtp_v1_print(const u_char *cp, u_int length, u_short sport, u_short dport) 879 { 880 struct gtp_v1_hdr *gh = (struct gtp_v1_hdr *)cp; 881 struct gtp_v1_hdr_ext *ghe = NULL; 882 int nexthdr, hlen; 883 u_char *p = (u_char *)cp; 884 885 TCHECK(gh->flags); 886 if ((gh->flags & GTPV1_HDR_PROTO_TYPE) == 0) { 887 gtp_proto = GTP_V1_PRIME_PROTO; 888 printf(" GTPv1'"); 889 gtp_v1_print_prime(p, (struct gtp_v1_prime_hdr *)gh); 890 return; 891 } 892 893 if (dport == GTPV1_C_PORT || sport == GTPV1_C_PORT) { 894 gtp_proto = GTP_V1_CTRL_PROTO; 895 printf(" GTPv1-C"); 896 } else if (dport == GTPV1_U_PORT || sport == GTPV1_U_PORT) { 897 gtp_proto = GTP_V1_USER_PROTO; 898 printf(" GTPv1-U"); 899 } else if (dport == GTPV1_PRIME_PORT || sport == GTPV1_PRIME_PORT) { 900 gtp_proto = GTP_V1_PRIME_PROTO; 901 printf(" GTPv1'"); 902 } 903 904 /* Decode GTP header. */ 905 TCHECK(*gh); 906 p += sizeof(struct gtp_v1_hdr); 907 908 printf(" (teid %u, len %u)", ntohl(gh->teid), ntohs(gh->length)); 909 910 if (gh->flags & GTPV1_HDR_EXT) { 911 ghe = (struct gtp_v1_hdr_ext *)cp; 912 TCHECK(*ghe); 913 p += sizeof(struct gtp_v1_hdr_ext) - sizeof(struct gtp_v1_hdr); 914 } 915 916 if (gh->flags & GTPV1_HDR_SN_FLAG) 917 printf(" [seq %u]", ntohs(ghe->seqno)); 918 919 if (gh->flags & GTPV1_HDR_NPDU_FLAG) 920 printf(" [N-PDU %u]", ghe->npduno); 921 922 if (gh->flags & GTPV1_HDR_EH_FLAG) { 923 924 /* Process next header... */ 925 nexthdr = ghe->nexthdr; 926 while (nexthdr != GTPV1_EH_NONE) { 927 928 /* Header length is a 4 octet multiplier. */ 929 hlen = (int)p[0] * 4; 930 if (hlen == 0) { 931 printf(" [Invalid zero-length header %u]", 932 nexthdr); 933 goto trunc; 934 } 935 TCHECK2(p[0], hlen); 936 937 switch (nexthdr) { 938 case GTPV1_EH_MBMS_SUPPORT: 939 printf(" [MBMS Support]"); 940 break; 941 942 case GTPV1_EH_MSI_CHANGE_RPT: 943 printf(" [MS Info Change Reporting]"); 944 break; 945 946 case GTPV1_EH_PDCP_PDU_NO: 947 printf(" [PDCP PDU %u]", 948 ntohs(*(u_int16_t *)(p + 1))); 949 break; 950 951 case GTPV1_EH_SUSPEND_REQUEST: 952 printf(" [Suspend Request]"); 953 break; 954 955 case GTPV1_EH_SUSPEND_RESPONSE: 956 printf(" [Suspend Response]"); 957 break; 958 959 default: 960 printf(" [Unknown Header %u]", nexthdr); 961 } 962 963 p += hlen - 1; 964 nexthdr = (int)p[0]; 965 p++; 966 } 967 968 } 969 970 hlen = p - cp; 971 972 if (dport == GTPV1_C_PORT || sport == GTPV1_C_PORT) 973 gtp_v1_print_ctrl(p, hlen, gh); 974 else if (dport == GTPV1_U_PORT || sport == GTPV1_U_PORT) 975 gtp_v1_print_user(p, hlen, gh); 976 977 return; 978 979 trunc: 980 printf(" [|%s]", tok2str(gtp_type, "GTP", gtp_proto)); 981 } 982 983 void 984 gtp_v1_print_ctrl(const u_char *cp, u_int hlen, struct gtp_v1_hdr *gh) 985 { 986 int len; 987 988 /* Decode GTP control message. */ 989 printf(" %s", tok2str(gtp_v1_msgtype, "Message Type %u", gh->msgtype)); 990 991 len = ntohs(gh->length) - hlen + sizeof(*gh); 992 if (vflag) 993 gtp_decode_ie(cp, GTP_VERSION_1, len); 994 } 995 996 void 997 gtp_v1_print_user(const u_char *cp, u_int hlen, struct gtp_v1_hdr *gh) 998 { 999 int len, version; 1000 1001 /* Decode GTP user message. */ 1002 printf(" %s", tok2str(gtp_v1_msgtype, "Message Type %u", gh->msgtype)); 1003 1004 if (!vflag) 1005 return; 1006 1007 len = ntohs(gh->length) - hlen + sizeof(*gh); 1008 1009 if (gh->msgtype == GTPV1_G_PDU) { 1010 1011 TCHECK(cp[0]); 1012 version = cp[0] >> 4; 1013 1014 printf(" { "); 1015 1016 if (version == 4) 1017 ip_print(cp, len); 1018 else if (version == 6) 1019 ip6_print(cp, len); 1020 else 1021 printf("Unknown IP version %u", version); 1022 1023 printf(" }"); 1024 1025 } else 1026 gtp_decode_ie(cp, GTP_VERSION_1, len); 1027 1028 return; 1029 1030 trunc: 1031 printf(" [|%s]", tok2str(gtp_type, "GTP", gtp_proto)); 1032 } 1033 1034 void 1035 gtp_v1_print_prime(const u_char *cp, struct gtp_v1_prime_hdr *gph) 1036 { 1037 int len; 1038 1039 /* Decode GTP prime header. */ 1040 TCHECK(*gph); 1041 cp += sizeof(struct gtp_v1_prime_hdr); 1042 1043 len = ntohs(gph->length); 1044 printf(" (len %u, seq %u) ", len, ntohs(gph->seqno)); 1045 1046 /* Decode GTP message. */ 1047 printf("%s", tok2str(gtp_v1_msgtype, "Message Type %u", gph->msgtype)); 1048 1049 if (vflag) 1050 gtp_decode_ie(cp, GTP_VERSION_1, len); 1051 1052 return; 1053 1054 trunc: 1055 printf(" [|%s]", tok2str(gtp_type, "GTP", gtp_proto)); 1056 } 1057 1058 int 1059 gtp_v1_print_tv(const u_char *cp, u_int value) 1060 { 1061 u_int32_t *dpl; 1062 u_int16_t *dps; 1063 u_int8_t data; 1064 int ielen = -1; 1065 1066 switch (value) { 1067 case GTPV1_TV_CAUSE: 1068 1069 /* 29.060 - 7.7.1 Cause. */ 1070 TCHECK(cp[0]); 1071 data = (u_int8_t)cp[0]; 1072 ielen = GTPV1_TV_CAUSE_LENGTH; 1073 printf("Cause: %s", tok2str(gtp_v1_cause, "#%u", data)); 1074 break; 1075 1076 case GTPV1_TV_IMSI: 1077 1078 /* 29.060 7.7.2 - International Mobile Subscriber Identity. */ 1079 TCHECK2(cp[0], GTPV1_TV_IMSI_LENGTH - 1); 1080 printf("IMSI "); 1081 gtp_print_tbcd(cp, GTPV1_TV_IMSI_LENGTH - 1); 1082 ielen = GTPV1_TV_IMSI_LENGTH; 1083 break; 1084 1085 case GTPV1_TV_RAI: 1086 1087 /* 29.060 7.7.3 - Routing Area Identity (RAI). */ 1088 TCHECK2(cp[0], GTPV1_TV_RAI_LENGTH - 1); 1089 printf("RAI: MCC "); 1090 data = cp[1] | 0xf0; 1091 gtp_print_tbcd(cp, 1); 1092 gtp_print_tbcd(&data, 1); 1093 printf(", MNC "); 1094 data = (cp[1] >> 4) | 0xf0; 1095 gtp_print_tbcd(cp + 2, 1); 1096 gtp_print_tbcd(&data, 1); 1097 printf(", LAC 0x%x%x", cp[3], cp[4]); 1098 printf(", RAC 0x%x", cp[5]); 1099 ielen = GTPV1_TV_RAI_LENGTH; 1100 break; 1101 1102 case GTPV1_TV_TLLI: 1103 1104 /* 29.060 7.7.4 - Temporary Logical Link Identity (TLLI). */ 1105 TCHECK2(cp[0], GTPV1_TV_TLLI_LENGTH - 1); 1106 dpl = (u_int32_t *)cp; 1107 printf("TLLI 0x%x", ntohl(*dpl)); 1108 ielen = GTPV1_TV_TLLI_LENGTH; 1109 break; 1110 1111 case GTPV1_TV_PTMSI: 1112 1113 /* 29.060 7.7.5 - Packet TMSI (P-TMSI). */ 1114 TCHECK2(cp[0], GTPV1_TV_PTMSI_LENGTH - 1); 1115 dpl = (u_int32_t *)cp; 1116 printf("P-TMSI 0x%x", ntohl(*dpl)); 1117 ielen = GTPV1_TV_PTMSI_LENGTH; 1118 break; 1119 1120 case GTPV1_TV_REORDER: 1121 1122 /* 29.060 7.7.6 - Reordering Required. */ 1123 TCHECK2(cp[0], GTPV1_TV_REORDER_LENGTH - 1); 1124 printf("Reordering Required: "); 1125 if (cp[0] & 0x1) 1126 printf("yes"); 1127 else 1128 printf("no"); 1129 ielen = GTPV1_TV_REORDER_LENGTH; 1130 break; 1131 1132 case GTPV1_TV_AUTH: 1133 1134 /* 29.060 7.7.7 - Authentication Triplet. */ 1135 TCHECK2(cp[0], GTPV1_TV_AUTH_LENGTH - 1); 1136 dpl = (u_int32_t *)cp; 1137 printf("Auth: RAND 0x%x%x%x%x, SRES 0x%x, Kc 0x%x%x", 1138 ntohl(dpl[0]), ntohl(dpl[1]), ntohl(dpl[2]), ntohl(dpl[3]), 1139 ntohl(dpl[4]), ntohl(dpl[5]), ntohl(dpl[6])); 1140 ielen = GTPV1_TV_AUTH_LENGTH; 1141 break; 1142 1143 case GTPV1_TV_MAP_CAUSE: 1144 1145 /* 29.060 7.7.8 - MAP Cause. */ 1146 /* Cause defined in 3GPP TS 29.002. */ 1147 TCHECK2(cp[0], GTPV1_TV_MAP_CAUSE_LENGTH - 1); 1148 printf("Map Cause: %u", cp[0]); 1149 ielen = GTPV1_TV_MAP_CAUSE_LENGTH; 1150 break; 1151 1152 case GTPV1_TV_PTMSI_SIGNATURE: 1153 1154 /* 29.060 7.7.9 - P-TMSI Signature. */ 1155 /* Signature defined in 3GPP TS 24.008. */ 1156 TCHECK2(cp[0], GTPV1_TV_PTMSI_SIGNATURE_LENGTH - 1); 1157 printf("PTMSI Signature: 0x%x%x%x", cp[0], cp[1], cp[2]); 1158 ielen = GTPV1_TV_PTMSI_SIGNATURE_LENGTH; 1159 break; 1160 1161 case GTPV1_TV_MS_VALIDATED: 1162 1163 /* 29.060 7.7.10 - MS Validated. */ 1164 TCHECK2(cp[0], GTPV1_TV_MS_VALIDATED_LENGTH - 1); 1165 printf("MS Validated: "); 1166 if (cp[0] & 0x1) 1167 printf("yes"); 1168 else 1169 printf("no"); 1170 ielen = GTPV1_TV_MS_VALIDATED_LENGTH; 1171 break; 1172 1173 case GTPV1_TV_RECOVERY: 1174 1175 /* 29.060 7.7.11 - Recovery. */ 1176 TCHECK2(cp[0], GTPV1_TV_RECOVERY_LENGTH - 1); 1177 printf("Recovery: Restart counter %u", cp[0]); 1178 ielen = GTPV1_TV_RECOVERY_LENGTH; 1179 break; 1180 1181 case GTPV1_TV_SELECTION_MODE: 1182 1183 /* 29.060 7.7.12 - Selection Mode. */ 1184 TCHECK2(cp[0], GTPV1_TV_SELECTION_MODE_LENGTH - 1); 1185 data = (u_int8_t)cp[0]; 1186 printf("Selection Mode: %u", data & 0x2); 1187 ielen = GTPV1_TV_SELECTION_MODE_LENGTH; 1188 break; 1189 1190 case GTPV1_TV_TEID_DATA_I: 1191 1192 /* 29.060 7.7.13 - Tunnel Endpoint Identifier Data I. */ 1193 TCHECK2(cp[0], GTPV1_TV_TEID_DATA_I_LENGTH - 1); 1194 dpl = (u_int32_t *)cp; 1195 printf("TEI Data I: %u", ntohl(*dpl)); 1196 ielen = GTPV1_TV_TEID_DATA_I_LENGTH; 1197 break; 1198 1199 case GTPV1_TV_TEID_CTRL: 1200 1201 /* 29.060 7.7.14 - Tunnel Endpoint Identifier Control Plane. */ 1202 TCHECK2(cp[0], GTPV1_TV_TEID_CTRL_LENGTH - 1); 1203 dpl = (u_int32_t *)cp; 1204 printf("TEI Control Plane: %u", ntohl(*dpl)); 1205 ielen = GTPV1_TV_TEID_CTRL_LENGTH; 1206 break; 1207 1208 case GTPV1_TV_TEID_DATA_II: 1209 1210 /* 29.060 7.7.15 - Tunnel Endpoint Identifier Data II. */ 1211 TCHECK2(cp[0], GTPV1_TV_TEID_DATA_II_LENGTH - 1); 1212 data = cp[0] & 0xf; 1213 dpl = (u_int32_t *)(cp + 1); 1214 printf("TEI Data II: %u, NSAPI %u", ntohl(*dpl), data); 1215 ielen = GTPV1_TV_TEID_DATA_II_LENGTH; 1216 break; 1217 1218 case GTPV1_TV_TEARDOWN: 1219 1220 /* 29.060 7.7.16 - Teardown Indicator. */ 1221 TCHECK2(cp[0], GTPV1_TV_TEARDOWN_LENGTH - 1); 1222 printf("Teardown: "); 1223 if (cp[0] & 0x1) 1224 printf("yes"); 1225 else 1226 printf("no"); 1227 ielen = GTPV1_TV_TEARDOWN_LENGTH; 1228 break; 1229 1230 case GTPV1_TV_NSAPI: 1231 1232 /* 29.060 7.7.17 - NSAPI. */ 1233 TCHECK2(cp[0], GTPV1_TV_NSAPI_LENGTH - 1); 1234 data = (u_int8_t)cp[0]; 1235 printf("NSAPI %u", data & 0xf); 1236 ielen = GTPV1_TV_NSAPI_LENGTH; 1237 break; 1238 1239 case GTPV1_TV_RANAP: 1240 1241 /* 29.060 7.7.18 - RANAP Cause. */ 1242 TCHECK2(cp[0], GTPV1_TV_RANAP_LENGTH - 1); 1243 printf("RANAP Cause: %u", cp[0]); 1244 ielen = GTPV1_TV_RANAP_LENGTH; 1245 break; 1246 1247 case GTPV1_TV_RAB_CONTEXT: 1248 1249 /* 29.060 7.7.19 - RAB Context. */ 1250 TCHECK2(cp[0], GTPV1_TV_RAB_CONTEXT_LENGTH - 1); 1251 data = cp[0] & 0xf; 1252 dps = (u_int16_t *)(cp + 1); 1253 printf("RAB Context: NSAPI %u, DL GTP-U Seq No %u," 1254 "UL GTP-U Seq No %u, DL PDCP Seq No %u, UL PDCP Seq No %u", 1255 data, ntohs(dps[0]), ntohs(dps[1]), ntohs(dps[2]), 1256 ntohs(dps[3])); 1257 ielen = GTPV1_TV_RAB_CONTEXT_LENGTH; 1258 break; 1259 1260 case GTPV1_TV_RADIO_PRIORITY_SMS: 1261 1262 /* 29.060 7.7.20 - Radio Priority SMS. */ 1263 TCHECK2(cp[0], GTPV1_TV_RADIO_PRI_SMS_LENGTH - 1); 1264 printf("Radio Priority SMS: %u", cp[0] & 0x7); 1265 ielen = GTPV1_TV_RADIO_PRI_SMS_LENGTH; 1266 break; 1267 1268 case GTPV1_TV_RADIO_PRIORITY: 1269 1270 /* 29.060 7.7.21 - Radio Priority. */ 1271 TCHECK2(cp[0], GTPV1_TV_RADIO_PRI_LENGTH - 1); 1272 data = cp[0] >> 4; 1273 printf("Radio Priority: %u, NSAPI %u", cp[0] & 0x7, data); 1274 ielen = GTPV1_TV_RADIO_PRI_LENGTH; 1275 break; 1276 1277 case GTPV1_TV_PACKET_FLOW_ID: 1278 1279 /* 29.060 7.7.22 - Packet Flow ID. */ 1280 TCHECK2(cp[0], GTPV1_TV_PACKET_FLOW_ID_LENGTH - 1); 1281 printf("Packet Flow ID: %u, NSAPI %u", cp[1], cp[0] & 0xf); 1282 ielen = GTPV1_TV_PACKET_FLOW_ID_LENGTH; 1283 break; 1284 1285 case GTPV1_TV_CHARGING: 1286 1287 /* 29.060 7.7.23 - Charging Characteristics. */ 1288 /* Charging defined in 3GPP TS 32.298. */ 1289 TCHECK2(cp[0], GTPV1_TV_CHARGING_LENGTH - 1); 1290 printf("Charging Characteristics"); /* XXX */ 1291 ielen = GTPV1_TV_CHARGING_LENGTH; 1292 break; 1293 1294 case GTPV1_TV_TRACE_REFERENCE: 1295 1296 /* 29.060 7.7.24 - Trace Reference. */ 1297 TCHECK2(cp[0], GTPV1_TV_TRACE_REFERENCE_LENGTH - 1); 1298 dps = (u_int16_t *)cp; 1299 printf("Trace Reference: %u", ntohs(*dps)); 1300 ielen = GTPV1_TV_TRACE_REFERENCE_LENGTH; 1301 break; 1302 1303 case GTPV1_TV_TRACE_TYPE: 1304 1305 /* 29.060 7.7.25 - Trace Type. */ 1306 /* Trace type defined in GSM 12.08. */ 1307 TCHECK2(cp[0], GTPV1_TV_TRACE_TYPE_LENGTH - 1); 1308 dps = (u_int16_t *)cp; 1309 printf("Trace Type: %u", ntohs(*dps)); 1310 ielen = GTPV1_TV_TRACE_TYPE_LENGTH; 1311 break; 1312 1313 case GTPV1_TV_MSNRR: 1314 1315 /* 29.060 7.7.26 - MS Not Reachable Reason. */ 1316 /* Reason defined in 3GPP TS 23.040. */ 1317 TCHECK2(cp[0], GTPV1_TV_MSNRR_LENGTH - 1); 1318 printf("MS NRR: %u", cp[0]); 1319 ielen = GTPV1_TV_MSNRR_LENGTH; 1320 break; 1321 1322 case GTPV1_TV_PACKET_XFER_CMD: 1323 1324 /* 32.295 6.2.4.5.2 - Packet Transfer Command. */ 1325 TCHECK2(cp[0], GTPV1_TV_PACKET_XFER_CMD_LENGTH - 1); 1326 printf("Packet Transfer Command"); 1327 gtp_print_str(gtp_packet_xfer_cmd, nitems(gtp_packet_xfer_cmd), 1328 cp[0]); 1329 ielen = GTPV1_TV_PACKET_XFER_CMD_LENGTH; 1330 break; 1331 1332 case GTPV1_TV_CHARGING_ID: 1333 1334 /* 29.060 7.7.26 - Charging ID. */ 1335 TCHECK2(cp[0], GTPV1_TV_CHARGING_ID_LENGTH - 1); 1336 dpl = (u_int32_t *)cp; 1337 printf("Charging ID: %u", ntohl(*dpl)); 1338 ielen = GTPV1_TV_CHARGING_ID_LENGTH; 1339 break; 1340 1341 default: 1342 printf("TV %u", value); 1343 } 1344 1345 trunc: 1346 return ielen; 1347 } 1348 1349 int 1350 gtp_v1_print_tlv(const u_char *cp, u_int value) 1351 { 1352 u_int8_t data; 1353 u_int16_t *lenp, *seqno, len; 1354 int ielen = -1; 1355 1356 /* Get length of IE. */ 1357 TCHECK2(cp[0], 2); 1358 lenp = (u_int16_t *)cp; 1359 cp += 2; 1360 len = ntohs(*lenp); 1361 TCHECK2(cp[0], len); 1362 ielen = sizeof(data) + sizeof(len) + len; 1363 1364 switch (value) { 1365 case GTPV1_TLV_END_USER_ADDRESS: 1366 1367 /* 3GPP 29.060 - 7.7.27 End User Address. */ 1368 printf("End User Address"); 1369 gtp_print_user_address(cp, len); 1370 break; 1371 1372 case GTPV1_TLV_MM_CONTEXT: 1373 1374 /* 29.060 7.7.28 - MM Context. */ 1375 printf("MM Context"); /* XXX */ 1376 break; 1377 1378 case GTPV1_TLV_PDP_CONTEXT: 1379 1380 /* 29.260 7.7.29 - PDP Context. */ 1381 printf("PDP Context"); /* XXX */ 1382 break; 1383 1384 case GTPV1_TLV_ACCESS_POINT_NAME: 1385 1386 /* 29.060 7.7.30 - Access Point Name. */ 1387 printf("AP Name: "); 1388 gtp_print_apn(cp, len); 1389 break; 1390 1391 case GTPV1_TLV_PROTOCOL_CONFIG_OPTIONS: 1392 1393 /* 29.060 7.7.31 - Protocol Configuration Options. */ 1394 /* Defined in 3GPP TS 24.008. */ 1395 printf("Config Options"); /* XXX */ 1396 break; 1397 1398 case GTPV1_TLV_GSN_ADDRESS: 1399 1400 /* 29.060 7.7.32 - GSN Address. */ 1401 /* Defined in 3GPP TS 23.003. */ 1402 printf("GSN Address"); 1403 if (len == 4) 1404 printf(": %s", ipaddr_string(cp)); 1405 else if (len == 16) 1406 printf(": %s", ip6addr_string(cp)); 1407 break; 1408 1409 case GTPV1_TLV_MSISDN: 1410 1411 /* 29.060 7.7.33 - MS International PSTN/ISDN Number. */ 1412 printf("MSISDN "); 1413 data = (u_int8_t)cp[0]; /* XXX - Number type. */ 1414 gtp_print_tbcd(cp + 1, len - 1); 1415 break; 1416 1417 case GTPV1_TLV_QOS_PROFILE: 1418 1419 /* 29.060 7.7.34 - QoS Profile. */ 1420 /* QoS profile defined in 3GPP TS 24.008 10.5.6.5. */ 1421 printf("QoS Profile: "); 1422 data = (u_int8_t)cp[0]; 1423 printf("Delay Class %u, ", (data >> 3) & 0x7); 1424 printf("Reliability Class %u", data & 0x7); 1425 if (vflag > 1) { 1426 printf(", "); 1427 data = (u_int8_t)cp[1]; 1428 printf("Precedence Class %u", data & 0x7); 1429 /* XXX - Decode more QoS fields. */ 1430 } 1431 break; 1432 1433 case GTPV1_TLV_AUTHENTICATION: 1434 1435 /* 29.060 7.7.35 - Authentication. */ 1436 printf("Authentication"); /* XXX */ 1437 break; 1438 1439 case GTPV1_TLV_TRAFFIC_FLOW: 1440 1441 /* 29.060 7.7.36 - Traffic Flow Template. */ 1442 printf("Traffic Flow Template"); /* XXX */ 1443 break; 1444 1445 case GTPV1_TLV_TARGET_IDENTIFICATION: 1446 1447 /* 29.060 7.7.37 - Target Identification. */ 1448 printf("Target ID"); /* XXX */ 1449 break; 1450 1451 case GTPV1_TLV_UTRAN_CONTAINER: 1452 1453 /* 29.060 7.7.38 - UTRAN Transparent Container. */ 1454 printf("UTRAN Container"); /* XXX */ 1455 break; 1456 1457 case GTPV1_TLV_RAB_SETUP_INFORMATION: 1458 1459 /* 29.060 7.7.39 - RAB Setup Information. */ 1460 printf("RAB Setup"); /* XXX */ 1461 break; 1462 1463 case GTPV1_TLV_EXT_HEADER_TYPE_LIST: 1464 1465 /* 29.060 7.7.40 - Extension Header Type List. */ 1466 printf("Extension Header List"); /* XXX */ 1467 break; 1468 1469 case GTPV1_TLV_TRIGGER_ID: 1470 1471 /* 29.060 7.7.41 - Trigger ID. */ 1472 printf("Trigger ID"); /* XXX */ 1473 break; 1474 1475 case GTPV1_TLV_OMC_IDENTITY: 1476 1477 /* 29.060 7.7.42 - OMC Identity. */ 1478 printf("OMC Identity"); /* XXX */ 1479 break; 1480 1481 case GTPV1_TLV_RAN_CONTAINER: 1482 1483 /* 29.060 7.7.43 - RAN Transparent Container. */ 1484 printf("RAN Container"); /* XXX */ 1485 break; 1486 1487 case GTPV1_TLV_PDP_CONTEXT_PRIORITIZATION: 1488 1489 /* 29.060 7.7.45 - PDP Context Prioritization. */ 1490 printf("PDP Context Prioritization"); /* XXX */ 1491 break; 1492 1493 case GTPV1_TLV_ADDITIONAL_RAB_SETUP_INFO: 1494 1495 /* 29.060 7.7.45A - Additional RAB Setup Information. */ 1496 printf("Additional RAB Setup"); /* XXX */ 1497 break; 1498 1499 case GTPV1_TLV_SGSN_NUMBER: 1500 1501 /* 29.060 7.7.47 - SGSN Number. */ 1502 printf("SGSN Number"); /* XXX */ 1503 break; 1504 1505 case GTPV1_TLV_COMMON_FLAGS: 1506 1507 /* 29.060 7.7.48 - Common Flags. */ 1508 printf("Common Flags"); /* XXX */ 1509 break; 1510 1511 case GTPV1_TLV_APN_RESTRICTION: 1512 1513 /* 29.060 7.7.49 - APN Restriction. */ 1514 data = (u_int8_t)cp[0]; 1515 printf("APN Restriction: %u", data); 1516 break; 1517 1518 case GTPV1_TLV_RADIO_PRIORITY_LCS: 1519 1520 /* 29.060 7.7.25B - Radio Priority LCS. */ 1521 printf("Radio Priority LCS: %u", cp[0] & 0x7); 1522 break; 1523 1524 case GTPV1_TLV_RAT_TYPE: 1525 1526 /* 29.060 7.7.50 - RAT Type. */ 1527 printf("RAT"); 1528 gtp_print_str(gtp_rat_type, nitems(gtp_rat_type), cp[0]); 1529 break; 1530 1531 case GTPV1_TLV_USER_LOCATION_INFO: 1532 1533 /* 29.060 7.7.51 - User Location Information. */ 1534 printf("ULI"); /* XXX */ 1535 break; 1536 1537 case GTPV1_TLV_MS_TIME_ZONE: 1538 1539 /* 29.060 7.7.52 - MS Time Zone. */ 1540 printf("MSTZ"); /* XXX */ 1541 break; 1542 1543 case GTPV1_TLV_IMEI_SV: 1544 1545 /* 29.060 7.7.53 - IMEI(SV). */ 1546 printf("IMEI(SV) "); 1547 gtp_print_tbcd(cp, len); 1548 break; 1549 1550 case GTPV1_TLV_CAMEL_CHARGING_CONTAINER: 1551 1552 /* 29.060 7.7.54 - CAMEL Charging Information Container. */ 1553 printf("CAMEL Charging"); /* XXX */ 1554 break; 1555 1556 case GTPV1_TLV_MBMS_UE_CONTEXT: 1557 1558 /* 29.060 7.7.55 - MBMS UE Context. */ 1559 printf("MBMS UE Context"); /* XXX */ 1560 break; 1561 1562 case GTPV1_TLV_TMGI: 1563 1564 /* 29.060 7.7.56 - Temporary Mobile Group Identity. */ 1565 printf("TMGI"); /* XXX */ 1566 break; 1567 1568 case GTPV1_TLV_RIM_ROUTING_ADDRESS: 1569 1570 /* 29.060 7.7.57 - RIM Routing Address. */ 1571 printf("RIM Routing Address"); /* XXX */ 1572 break; 1573 1574 case GTPV1_TLV_MBMS_PROTOCOL_CONFIG_OPTIONS: 1575 1576 /* 29.060 7.7.58 - MBMS Protocol Configuration Options. */ 1577 printf("MBMS Protocol Config Options"); /* XXX */ 1578 break; 1579 1580 case GTPV1_TLV_MBMS_SERVICE_AREA: 1581 1582 /* 29.060 7.7.60 - MBMS Service Area. */ 1583 printf("MBMS Service Area"); /* XXX */ 1584 break; 1585 1586 case GTPV1_TLV_SOURCE_RNC_PDCP_CONTEXT_INFO: 1587 1588 /* 29.060 7.7.61 - Source RNC PDCP Context Information. */ 1589 printf("Source RNC PDCP Context"); /* XXX */ 1590 break; 1591 1592 case GTPV1_TLV_ADDITIONAL_TRACE_INFO: 1593 1594 /* 29.060 7.7.62 - Additional Trace Information. */ 1595 printf("Additional Trace Info"); /* XXX */ 1596 break; 1597 1598 case GTPV1_TLV_HOP_COUNTER: 1599 1600 /* 29.060 7.7.63 - Hop Counter. */ 1601 printf("Hop Counter: %u", cp[0]); 1602 break; 1603 1604 case GTPV1_TLV_SELECTED_PLMN_ID: 1605 1606 /* 29.060 7.7.64 - Selected PLMN ID. */ 1607 printf("Selected PLMN ID"); /* XXX */ 1608 break; 1609 1610 case GTPV1_TLV_MBMS_SESSION_IDENTIFIER: 1611 1612 /* 29.060 7.7.65 - MBMS Session Identifier. */ 1613 printf("MBMS Session ID: %u", cp[0]); 1614 break; 1615 1616 case GTPV1_TLV_MBMS_2G_3G_INDICATOR: 1617 1618 /* 29.060 7.7.66 - MBMS 2G/3G Indicator. */ 1619 printf("MBMS 2G/3G Indicator"); 1620 gtp_print_str(mbms_2g3g_indicator, nitems(mbms_2g3g_indicator), 1621 cp[0]); 1622 break; 1623 1624 case GTPV1_TLV_ENHANCED_NSAPI: 1625 1626 /* 29.060 7.7.67 - Enhanced NSAPI. */ 1627 printf("Enhanced NSAPI"); /* XXX */ 1628 break; 1629 1630 case GTPV1_TLV_MBMS_SESSION_DURATION: 1631 1632 /* 29.060 7.7.59 - MBMS Session Duration. */ 1633 printf("MBMS Session Duration"); /* XXX */ 1634 break; 1635 1636 case GTPV1_TLV_ADDITIONAL_MBMS_TRACE_INFO: 1637 1638 /* 29.060 7.7.68 - Additional MBMS Trace Info. */ 1639 printf("Additional MBMS Trace Info"); /* XXX */ 1640 break; 1641 1642 case GTPV1_TLV_MBMS_SESSION_REPITITION_NO: 1643 1644 /* 29.060 7.7.69 - MBMS Session Repetition Number. */ 1645 printf("MBMS Session Repetition No: %u", cp[0]); 1646 break; 1647 1648 case GTPV1_TLV_MBMS_TIME_TO_DATA_TRANSFER: 1649 1650 /* 29.060 7.7.70 - MBMS Time to Data Transfer. */ 1651 printf("MBMS Time to Data Transfer: %u", cp[0]); 1652 break; 1653 1654 case GTPV1_TLV_PS_HANDOVER_REQUEST_CONTEXT: 1655 1656 /* 29.060 7.7.71 - PS Handover Request Context (Void). */ 1657 break; 1658 1659 case GTPV1_TLV_BSS_CONTAINER: 1660 1661 /* 29.060 7.7.72 - BSS Container. */ 1662 printf("BSS Container"); /* XXX */ 1663 break; 1664 1665 case GTPV1_TLV_CELL_IDENTIFICATION: 1666 1667 /* 29.060 7.7.73 - Cell Identification. */ 1668 printf("Cell Identification"); /* XXX */ 1669 break; 1670 1671 case GTPV1_TLV_PDU_NUMBERS: 1672 1673 /* 29.060 7.7.74 - PDU Numbers. */ 1674 printf("PDU Numbers"); /* XXX */ 1675 break; 1676 1677 case GTPV1_TLV_BSSGP_CAUSE: 1678 1679 /* 29.060 7.7.75 - BSSGP Cause. */ 1680 printf("BSSGP Cause: %u", cp[0]); 1681 break; 1682 1683 case GTPV1_TLV_REQUIRED_MBMS_BEARER_CAP: 1684 1685 /* 29.060 7.7.76 - Required MBMS Bearer Cap. */ 1686 printf("Required MBMS Bearer Cap"); /* XXX */ 1687 break; 1688 1689 case GTPV1_TLV_RIM_ROUTING_ADDRESS_DISC: 1690 1691 /* 29.060 7.7.77 - RIM Routing Address Discriminator. */ 1692 printf("RIM Routing Address Discriminator: %u", cp[0] & 0xf); 1693 break; 1694 1695 case GTPV1_TLV_LIST_OF_SETUP_PFCS: 1696 1697 /* 29.060 7.7.78 - List of Setup PFCs. */ 1698 printf("List of Setup PFCs"); /* XXX */ 1699 break; 1700 1701 case GTPV1_TLV_PS_HANDOVER_XID_PARAMETERS: 1702 1703 /* 29.060 7.7.79 - PS Handover XID Parameters. */ 1704 printf("PS Handover XID Parameters"); /* XXX */ 1705 break; 1706 1707 case GTPV1_TLV_MS_INFO_CHANGE_REPORTING: 1708 1709 /* 29.060 7.7.80 - MS Info Change Reporting. */ 1710 printf("MS Info Change Reporting"); 1711 gtp_print_str(ms_info_change_rpt, nitems(ms_info_change_rpt), 1712 cp[0]); 1713 break; 1714 1715 case GTPV1_TLV_DIRECT_TUNNEL_FLAGS: 1716 1717 /* 29.060 7.7.81 - Direct Tunnel Flags. */ 1718 printf("Direct Tunnel Flags"); /* XXX */ 1719 break; 1720 1721 case GTPV1_TLV_CORRELATION_ID: 1722 1723 /* 29.060 7.7.82 - Correlation ID. */ 1724 printf("Correlation ID"); /* XXX */ 1725 break; 1726 1727 case GTPV1_TLV_BEARER_CONTROL_MODE: 1728 1729 /* 29.060 7.7.83 - Bearer Control Mode. */ 1730 printf("Bearer Control Mode"); /* XXX */ 1731 break; 1732 1733 case GTPV1_TLV_MBMS_FLOW_IDENTIFIER: 1734 1735 /* 29.060 7.7.84 - MBMS Flow Identifier. */ 1736 printf("MBMS Flow Identifier"); /* XXX */ 1737 break; 1738 1739 case GTPV1_TLV_RELEASED_PACKETS: 1740 1741 /* 32.295 6.2.4.5.4 - Sequence Numbers of Released Packets. */ 1742 printf("Released Packets:"); 1743 seqno = (u_int16_t *)cp; 1744 while (len > 0) { 1745 printf(" %u", ntohs(*seqno)); 1746 seqno++; 1747 len -= sizeof(*seqno); 1748 } 1749 break; 1750 1751 case GTPV1_TLV_CANCELLED_PACKETS: 1752 1753 /* 32.295 6.2.4.5.5 - Sequence Numbers of Cancelled Packets. */ 1754 printf("Cancelled Packets:"); 1755 seqno = (u_int16_t *)cp; 1756 while (len > 0) { 1757 printf(" %u", ntohs(*seqno)); 1758 seqno++; 1759 len -= sizeof(*seqno); 1760 } 1761 break; 1762 1763 case GTPV1_TLV_CHARGING_GATEWAY_ADDRESS: 1764 1765 /* 29.060 7.7.44 - Charging Gateway Address. */ 1766 printf("Charging Gateway"); 1767 if (len == 4) 1768 printf(": %s", ipaddr_string(cp)); 1769 else if (len == 16) 1770 printf(": %s", ip6addr_string(cp)); 1771 break; 1772 1773 case GTPV1_TLV_DATA_RECORD_PACKET: 1774 1775 /* 32.295 6.2.4.5.3 - Data Record Packet. */ 1776 printf("Data Record: Records %u, Format %u, Format Version %u", 1777 cp[0], cp[1], ntohs(*(u_int16_t *)(cp + 2))); 1778 break; 1779 1780 case GTPV1_TLV_REQUESTS_RESPONDED: 1781 1782 /* 32.295 6.2.4.6 - Requests Responded. */ 1783 printf("Requests Responded:"); 1784 seqno = (u_int16_t *)cp; 1785 while (len > 0) { 1786 printf(" %u", ntohs(*seqno)); 1787 seqno++; 1788 len -= sizeof(*seqno); 1789 } 1790 break; 1791 1792 case GTPV1_TLV_ADDRESS_OF_RECOMMENDED_NODE: 1793 1794 /* 32.295 6.2.4.3 - Address of Recommended Node. */ 1795 printf("Address of Recommended Node"); 1796 if (len == 4) 1797 printf(": %s", ipaddr_string(cp)); 1798 else if (len == 16) 1799 printf(": %s", ip6addr_string(cp)); 1800 break; 1801 1802 case GTPV1_TLV_PRIVATE_EXTENSION: 1803 1804 /* 29.060 7.7.46 - Private Extension. */ 1805 printf("Private Extension"); 1806 break; 1807 1808 default: 1809 printf("TLV %u (len %u)", value, len); 1810 } 1811 1812 return ielen; 1813 1814 trunc: 1815 return -1; 1816 } 1817