1 /* $OpenBSD: print-gtp.c,v 1.1 2009/11/04 09:43:11 jsing Exp $ */ 2 /* 3 * Copyright (c) 2009 Joel Sing <jsing@openbsd.org> 4 * 5 * Permission to use, copy, modify, and distribute this software for any 6 * purpose with or without fee is hereby granted, provided that the above 7 * copyright notice and this permission notice appear in all copies. 8 * 9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 */ 17 18 /* 19 * Decoder for the GPRS Trunking Protocol (GTP). 20 * 21 * This work has been kindly sponsored by SystemNet (www.systemnet.no). 22 * 23 * GTPv0 standards are available from the ETSI website: 24 * 25 * http://pda.etsi.org/pda/ 26 * 27 * GTPv1 standards are available from the 3GPP website: 28 * 29 * http://www.3gpp.org/specifications 30 * 31 * The following standards have been referenced to create this decoder: 32 * 33 * ETSI GSM 09.60 - GPRS Tunnelling Protocol (GTPv0) 34 * ETSI GSM 12.15 - GPRS Charging (GTPv0') 35 * 36 * 3GPP TS 23.003 - Numbering, addressing and identification 37 * 3GPP TS 29.002 - Mobile Application Part (MAP) specification 38 * 3GPP TS 29.060 - GPRS Tunnelling Protocol (GTPv1-C/GTPv1-U) 39 * 3GPP TS 32.295 - Charging Data Record (CDR) transfer (GTPv1') 40 */ 41 42 #include <sys/param.h> 43 #include <sys/time.h> 44 #include <sys/socket.h> 45 #include <sys/types.h> 46 47 #include <netinet/in.h> 48 #include <netinet/in_systm.h> 49 #include <netinet/ip.h> 50 #include <netinet/ip_var.h> 51 52 #include <ctype.h> 53 #include <stdio.h> 54 #include <stdlib.h> 55 #include <string.h> 56 57 #include "addrtoname.h" 58 #include "interface.h" 59 #include "gtp.h" 60 61 void gtp_print(register const u_char *, u_int, u_short, u_short); 62 void gtp_decode_ie(register const u_char *, u_short, int); 63 void gtp_print_tbcd(register const u_char *, u_int); 64 void gtp_print_user_address(register const u_char *, u_int); 65 void gtp_print_str(const char **, u_int); 66 67 void gtp_v0_print(const u_char *, u_int, u_short, u_short); 68 void gtp_v0_print_prime(register const u_char *); 69 int gtp_v0_print_tv(register const u_char *, u_int); 70 int gtp_v0_print_tlv(register const u_char *, u_int); 71 72 void gtp_v1_print(const u_char *, u_int, u_short, u_short); 73 void gtp_v1_print_ctrl(register const u_char *, u_int, struct gtp_v1_hdr *); 74 void gtp_v1_print_user(register const u_char *, u_int, struct gtp_v1_hdr *); 75 void gtp_v1_print_prime(register const u_char *, struct gtp_v1_prime_hdr *); 76 int gtp_v1_print_tv(register const u_char *, u_int); 77 int gtp_v1_print_tlv(register const u_char *, u_int); 78 79 /* GTPv0 message types. */ 80 static struct tok gtp_v0_msgtype[] = { 81 82 { 1, "Echo Request" }, 83 { 2, "Echo Response" }, 84 { 3, "Version Not Supported" }, 85 { 4, "Node Alive Request" }, 86 { 5, "Node Alive Response" }, 87 { 6, "Redirection Request" }, 88 { 7, "Redirection Response" }, 89 { 16, "Create PDP Context Request" }, 90 { 17, "Create PDP Context Response" }, 91 { 18, "Update PDP Context Request" }, 92 { 19, "Update PDP Context Response" }, 93 { 20, "Delete PDP Context Request" }, 94 { 21, "Delete PDP Context Response" }, 95 { 22, "Create AA PDP Context Request" }, 96 { 23, "Create AA PDP Context Response" }, 97 { 24, "Delete AA PDP Context Request" }, 98 { 25, "Delete AA PDP Context Response" }, 99 { 26, "Error Indication" }, 100 { 27, "PDU Notification Request" }, 101 { 28, "PDU Notification Response" }, 102 { 29, "PDU Notification Reject Request" }, 103 { 30, "PDU Notification Reject Response" }, 104 { 32, "Send Routeing Information Request" }, 105 { 33, "Send Routeing Information Response" }, 106 { 34, "Failure Report Request" }, 107 { 35, "Failure Report Response" }, 108 { 36, "MS GPRS Present Request" }, 109 { 37, "MS GPRS Present Response" }, 110 { 48, "Identification Request" }, 111 { 49, "Identification Response" }, 112 { 50, "SGSN Context Request" }, 113 { 51, "SGSN Context Response" }, 114 { 52, "SGSN Context Acknowledge" }, 115 { 240, "Data Record Transfer Request" }, 116 { 241, "Data Record Transfer Response" }, 117 { 255, "T-PDU" }, 118 119 { 0, NULL } 120 }; 121 122 /* GTPv0 causes. */ 123 static struct tok gtp_v0_cause[] = { 124 125 { 0, "Request IMSI" }, 126 { 1, "Request IMEI" }, 127 { 2, "Request IMSI and IMEI" }, 128 { 3, "No identity needed" }, 129 { 4, "MS refuses" }, 130 { 5, "MS is not GPRS responding" }, 131 { 128, "Request accepted" }, 132 { 192, "Non-existent" }, 133 { 193, "Invalid message format" }, 134 { 194, "IMSI not known" }, 135 { 195, "MS is GPRS detached" }, 136 { 196, "MS is not GPRS responding" }, 137 { 197, "MS refuses" }, 138 { 198, "Version not supported" }, 139 { 199, "No resources available" }, 140 { 200, "Service not supported" }, 141 { 201, "Mandatory IE incorrect" }, 142 { 202, "Mandatory IE missing" }, 143 { 203, "Optional IE incorrect" }, 144 { 204, "System failure" }, 145 { 205, "Roaming restriction" }, 146 { 206, "P-TMSI signature mismatch" }, 147 { 207, "GPRS connection suspended" }, 148 { 208, "Authentication failure" }, 149 { 209, "User authentication failed" }, 150 151 { 0, NULL } 152 }; 153 154 /* GTPv1 message types. */ 155 static struct tok gtp_v1_msgtype[] = { 156 157 { 1, "Echo Request" }, 158 { 2, "Echo Response" }, 159 { 3, "Version Not Supported" }, 160 { 4, "Node Alive Request" }, 161 { 5, "Node Alive Response" }, 162 { 6, "Redirection Request" }, 163 { 7, "Redirection Response" }, 164 { 16, "Create PDP Context Request" }, 165 { 17, "Create PDP Context Response" }, 166 { 18, "Update PDP Context Request" }, 167 { 19, "Update PDP Context Response" }, 168 { 20, "Delete PDP Context Request" }, 169 { 21, "Delete PDP Context Response" }, 170 { 22, "Initiate PDP Context Activiation Request" }, 171 { 23, "Initiate PDP Context Activiation Response" }, 172 { 26, "Error Indication" }, 173 { 27, "PDU Notification Request" }, 174 { 28, "PDU Notification Response" }, 175 { 29, "PDU Notification Reject Request" }, 176 { 30, "PDU Notification Reject Response" }, 177 { 31, "Supported Extension Headers Notification" }, 178 { 32, "Send Routeing Information for GPRS Request" }, 179 { 33, "Send Routeing Information for GPRS Response" }, 180 { 34, "Failure Report Request" }, 181 { 35, "Failure Report Response" }, 182 { 36, "Note MS GPRS Present Request" }, 183 { 37, "Note MS GPRS Present Response" }, 184 { 48, "Identification Request" }, 185 { 49, "Identification Response" }, 186 { 50, "SGSN Context Request" }, 187 { 51, "SGSN Context Response" }, 188 { 52, "SGSN Context Acknowledge" }, 189 { 53, "Forward Relocation Request" }, 190 { 54, "Forward Relocation Response" }, 191 { 55, "Forward Relocation Complete" }, 192 { 56, "Relocation Cancel Request" }, 193 { 57, "Relocation Cancel Response" }, 194 { 58, "Forward SRNS Context" }, 195 { 59, "Forward Relocation Complete Acknowledge" }, 196 { 60, "Forward SRNS Context Acknowledge" }, 197 { 70, "RAN Information Relay" }, 198 { 96, "MBMS Notification Request" }, 199 { 97, "MBMS Notification Response" }, 200 { 98, "MBMS Notification Reject Request" }, 201 { 99, "MBMS Notification Reject Response" }, 202 { 100, "Create MBMS Context Request" }, 203 { 101, "Create MBMS Context Response" }, 204 { 102, "Update MBMS Context Request" }, 205 { 103, "Update MBMS Context Response" }, 206 { 104, "Delete MBMS Context Request" }, 207 { 105, "Delete MBMS Context Response" }, 208 { 112, "MBMS Registration Request" }, 209 { 113, "MBMS Registration Response" }, 210 { 114, "MBMS De-Registration Request" }, 211 { 115, "MBMS De-Registration Response" }, 212 { 116, "MBMS Session Start Request" }, 213 { 117, "MBMS Session Start Response" }, 214 { 118, "MBMS Session Stop Request" }, 215 { 119, "MBMS Session Stop Response" }, 216 { 120, "MBMS Session Update Request" }, 217 { 121, "MBMS Session Update Response" }, 218 { 128, "MBMS Info Change Notification Request" }, 219 { 129, "MBMS Info Change Notification Response" }, 220 { 240, "Data Record Transfer Request" }, 221 { 241, "Data Record Transfer Response" }, 222 { 255, "G-PDU" }, 223 224 { 0, NULL } 225 }; 226 227 /* GTPv1 Causes. */ 228 static struct tok gtp_v1_cause[] = { 229 230 /* GTPv1-C. */ 231 { 0, "Request IMSI" }, 232 { 1, "Request IMEI" }, 233 { 2, "Request IMSI and IMEI" }, 234 { 3, "No identity needed" }, 235 { 4, "MS refuses" }, 236 { 5, "MS is not GPRS responding" }, 237 { 128, "Request accepted" }, 238 { 192, "Non-existent" }, 239 { 193, "Invalid message format" }, 240 { 194, "IMSI not known" }, 241 { 195, "MS is GPRS detached" }, 242 { 196, "MS is not GPRS responding" }, 243 { 197, "MS refuses" }, 244 { 198, "Version not supported" }, 245 { 199, "No resources available" }, 246 { 200, "Service not supported" }, 247 { 201, "Mandatory IE incorrect" }, 248 { 202, "Mandatory IE missing" }, 249 { 203, "Optional IE incorrect" }, 250 { 204, "System failure" }, 251 { 205, "Roaming restriction" }, 252 { 206, "P-TMSI signature mismatch" }, 253 { 207, "GPRS connection suspended" }, 254 { 208, "Authentication failure" }, 255 { 209, "User authentication failed" }, 256 { 210, "Context not found" }, 257 { 211, "All dynamic PDP addresses are occupied" }, 258 { 212, "No memory is available" }, 259 { 213, "Relocation failure" }, 260 { 214, "Unknown mandatory extension header" }, 261 { 215, "Semantic error in the TFT operation" }, 262 { 216, "Syntactic error in the TFT operation" }, 263 { 217, "Semantic errors in packet filter(s)" }, 264 { 218, "Syntactic errors in packet filter(s)" }, 265 { 219, "Missing or unknown APN" }, 266 { 220, "Unknown PDP address or PDP type" }, 267 { 221, "PDP context without TFT already activated" }, 268 { 222, "APN access denied - no subscription" }, 269 { 223, "APN restriction type incompatibility with currently " 270 "active PDP contexts" }, 271 { 224, "MS MBMS capabilities insufficient" }, 272 { 225, "Invalid correlation-ID" }, 273 { 226, "MBMS bearer context superseded" }, 274 275 /* GTP'v1. */ 276 { 59, "System failure" }, 277 { 60, "The transmit buffers are becoming full" }, 278 { 61, "The receive buffers are becoming full" }, 279 { 62, "Another node is about to go down" }, 280 { 63, "This node is about to go down" }, 281 { 177, "CDR decoding error" }, 282 { 252, "Request related to possibly duplicated packets already " 283 "fulfilled" }, 284 { 253, "Request already fulfilled" }, 285 { 254, "Sequence numbers of released/cancelled packets IE incorrect" }, 286 { 255, "Request not fulfilled" }, 287 288 { 0, NULL } 289 }; 290 291 static int gtp_proto = -1; 292 293 void 294 gtp_print(register const u_char *cp, u_int length, u_short sport, u_short dport) 295 { 296 int version; 297 298 /* Decode GTP version. */ 299 TCHECK(cp[0]); 300 version = cp[0] >> GTP_VERSION_SHIFT; 301 302 if (version == GTP_VERSION_0) 303 gtp_v0_print(cp, length, sport, dport); 304 else if (version == GTP_VERSION_1) 305 gtp_v1_print(cp, length, sport, dport); 306 else 307 printf(" GTP (version %i)", version); 308 309 return; 310 311 trunc: 312 printf(" [|GTP]"); 313 } 314 315 /* 316 * Decode and print information elements from message. The actual work is 317 * handled in the appropriate Tag/Value (TV) or Tag/Length/Value (TLV) 318 * decoding routine. 319 */ 320 void 321 gtp_decode_ie(register const u_char *cp, u_short version, int len) 322 { 323 int val, ielen, iecount = 0; 324 325 if (len <= 0) 326 return; 327 328 printf(" {"); 329 330 while (len > 0) { 331 332 iecount++; 333 if (iecount > 1) 334 printf(" "); 335 336 TCHECK(cp[0]); 337 val = (u_int)cp[0]; 338 cp++; 339 340 printf("["); 341 342 switch (version) { 343 case GTP_VERSION_0: 344 if ((val & GTPV0_IE_TYPE_MASK) == 0) 345 ielen = gtp_v0_print_tv(cp, val); 346 else 347 ielen = gtp_v0_print_tlv(cp, val); 348 break; 349 350 case GTP_VERSION_1: 351 if ((val & GTPV1_IE_TYPE_MASK) == 0) 352 ielen = gtp_v1_print_tv(cp, val); 353 else 354 ielen = gtp_v1_print_tlv(cp, val); 355 break; 356 357 default: 358 /* Version not supported... */ 359 ielen = -1; 360 break; 361 } 362 363 printf("]"); 364 365 if (ielen < 0) 366 goto trunc; 367 368 len -= ielen; 369 cp += ielen - 1; 370 } 371 372 if (iecount > 0) 373 printf("}"); 374 375 return; 376 377 trunc: 378 printf(" [|%s]", tok2str(gtp_type, "GTP", gtp_proto)); 379 } 380 381 /* 382 * Decode and print telephony binary coded decimal. 383 */ 384 void 385 gtp_print_tbcd(register const u_char *cp, u_int len) 386 { 387 u_int8_t *data, bcd; 388 int i; 389 390 data = (u_int8_t *)cp; 391 for (i = 0; i < len; i++) { 392 bcd = *data & 0xf; 393 if (bcd != 0xf) 394 printf("%u", bcd); 395 bcd = *data >> 4; 396 if (bcd != 0xf) 397 printf("%u", bcd); 398 data++; 399 } 400 } 401 402 /* 403 * Decode and print an end user address. Format is detailed in 404 * GSM 09.60 section 7.9.18 and 3GPP 29.060 section 7.7.27. 405 */ 406 void 407 gtp_print_user_address(register const u_char *cp, u_int len) 408 { 409 u_int8_t org, type; 410 411 if (len < 2) 412 return; 413 414 org = (u_int8_t)cp[0] & 0xf; 415 type = (u_int8_t)cp[1]; 416 417 cp += 2; 418 419 if (org == 0x0 && type == 0x1) 420 printf(": PPP"); 421 else if (org == 0x1 && type == 0x21) { 422 if (len == 6) 423 printf(": %s", ipaddr_string(cp)); 424 else 425 printf(": IPv4"); 426 #ifdef INET6 427 } else if (org == 0x1 && type == 0x57) { 428 if (len == 18) 429 printf(": %s", ip6addr_string(cp)); 430 else 431 printf(": IPv6"); 432 #endif 433 } else 434 printf(" (org 0x%x, type 0x%x)", org, type); 435 } 436 437 /* Print string from array. */ 438 void 439 gtp_print_str(const char **strs, u_int index) 440 { 441 442 if (index >= (sizeof(*strs) / sizeof(*strs[0]))) 443 printf(": %u", index); 444 else if (strs[index] != NULL) 445 printf(": %s", strs[index]); 446 } 447 448 /* 449 * Decoding routines for GTP version 0. 450 */ 451 void 452 gtp_v0_print(const u_char *cp, u_int length, u_short sport, u_short dport) 453 { 454 struct gtp_v0_hdr *gh = (struct gtp_v0_hdr *)cp; 455 int len, version; 456 457 gtp_proto = GTP_V0_PROTO; 458 459 /* Check if this is GTP prime. */ 460 TCHECK(gh->flags); 461 if ((gh->flags & GTPV0_HDR_PROTO_TYPE) == 0) { 462 gtp_proto = GTP_V0_PRIME_PROTO; 463 gtp_v0_print_prime(cp); 464 return; 465 } 466 467 /* Print GTP header. */ 468 TCHECK(*gh); 469 cp += sizeof(struct gtp_v0_hdr); 470 len = ntohs(gh->length); 471 printf(" GTPv0 (len %u, seqno %u, flow %u, N-PDU %u, tid 0x%llx) ", 472 ntohs(gh->length), ntohs(gh->seqno), ntohs(gh->flow), 473 ntohs(gh->npduno), betoh64(gh->tid)); 474 475 /* Decode GTP message. */ 476 printf("%s", tok2str(gtp_v0_msgtype, "Message Type %u", gh->msgtype)); 477 478 if (!vflag) 479 return; 480 481 if (gh->msgtype == GTPV0_T_PDU) { 482 483 TCHECK(cp[0]); 484 version = cp[0] >> 4; 485 486 printf(" { "); 487 488 if (version == 4) 489 ip_print(cp, len); 490 #ifdef INET6 491 else if (version == 6) 492 ip6_print(cp, len); 493 #endif 494 else 495 printf("Unknown IP version %u", version); 496 497 printf(" }"); 498 } else 499 gtp_decode_ie(cp, GTP_VERSION_0, len); 500 501 return; 502 503 trunc: 504 printf(" [|%s]", tok2str(gtp_type, "GTP", gtp_proto)); 505 } 506 507 void 508 gtp_v0_print_prime(register const u_char *cp) 509 { 510 struct gtp_v0_prime_hdr *gph = (struct gtp_v0_prime_hdr *)cp; 511 int len; 512 513 /* Decode GTP prime header. */ 514 TCHECK(*gph); 515 cp += sizeof(*gph); 516 517 len = ntohs(gph->length); 518 printf(" GTPv0' (len %u, seq %u) ", len, ntohs(gph->seqno)); 519 520 /* Decode GTP message. */ 521 printf("%s", tok2str(gtp_v0_msgtype, "Message Type %u", gph->msgtype)); 522 523 if (vflag) 524 gtp_decode_ie(cp, GTP_VERSION_0, len); 525 526 return; 527 528 trunc: 529 printf(" [|%s]", tok2str(gtp_type, "GTP", gtp_proto)); 530 } 531 532 int 533 gtp_v0_print_tv(register const u_char *cp, u_int value) 534 { 535 u_int32_t *dpl; 536 u_int16_t *dps; 537 u_int8_t data; 538 int ielen = -1; 539 540 switch (value) { 541 case GTPV0_TV_CAUSE: 542 543 /* 09.60 7.9.1 - Cause. */ 544 TCHECK(cp[0]); 545 data = (u_int8_t)cp[0]; 546 ielen = GTPV0_TV_CAUSE_LENGTH; 547 printf("Cause: %s", tok2str(gtp_v0_cause, "#%u", data)); 548 break; 549 550 case GTPV0_TV_IMSI: 551 552 /* 09.60 7.9.2 - International Mobile Subscriber Identity. */ 553 TCHECK2(cp[0], GTPV0_TV_IMSI_LENGTH - 1); 554 printf("IMSI "); 555 gtp_print_tbcd(cp, GTPV0_TV_IMSI_LENGTH - 1); 556 ielen = GTPV0_TV_IMSI_LENGTH; 557 break; 558 559 case GTPV0_TV_RAI: 560 561 /* 09.60 7.9.3 - Routing Area Identity (RAI). */ 562 TCHECK2(cp[0], GTPV0_TV_RAI_LENGTH - 1); 563 printf("RAI: MCC "); 564 data = cp[1] | 0xf0; 565 gtp_print_tbcd(cp, 1); 566 gtp_print_tbcd(&data, 1); 567 printf(", MNC "); 568 data = (cp[1] >> 4) | 0xf0; 569 gtp_print_tbcd(cp + 2, 1); 570 gtp_print_tbcd(&data, 1); 571 printf(", LAC 0x%x%x", cp[3], cp[4]); 572 printf(", RAC 0x%x", cp[5]); 573 ielen = GTPV0_TV_RAI_LENGTH; 574 break; 575 576 case GTPV0_TV_TLLI: 577 578 /* 09.60 7.9.4 - Temporary Logical Link Identity (TLLI). */ 579 TCHECK2(cp[0], GTPV0_TV_TLLI_LENGTH - 1); 580 dpl = (u_int32_t *)cp; 581 printf("TLLI 0x%x", ntohl(*dpl)); 582 ielen = GTPV0_TV_TLLI_LENGTH; 583 break; 584 585 case GTPV0_TV_PTMSI: 586 587 /* 09.60 7.9.5 - Packet TMSI (P-TMSI). */ 588 TCHECK2(cp[0], GTPV0_TV_PTMSI_LENGTH - 1); 589 dpl = (u_int32_t *)cp; 590 printf("P-TMSI 0x%x", ntohl(*dpl)); 591 ielen = GTPV0_TV_PTMSI_LENGTH; 592 break; 593 594 case GTPV0_TV_QOS: 595 596 /* 09.60 7.9.6 - Quality of Service (QoS) Profile. */ 597 TCHECK2(cp[0], GTPV0_TV_QOS_LENGTH - 1); 598 printf("QoS Profile"); /* XXX */ 599 ielen = GTPV0_TV_QOS_LENGTH; 600 break; 601 602 case GTPV0_TV_REORDER: 603 604 /* 09.60 7.9.7 - Reordering Required. */ 605 TCHECK2(cp[0], GTPV0_TV_REORDER_LENGTH - 1); 606 printf("Reordering Required: "); 607 if (cp[0] & 0x1) 608 printf("yes"); 609 else 610 printf("no"); 611 ielen = GTPV0_TV_REORDER_LENGTH; 612 break; 613 614 case GTPV0_TV_AUTH_TRIPLET: 615 616 /* 09.60 7.9.8 - Authentication Triplet. */ 617 TCHECK2(cp[0], GTPV0_TV_AUTH_TRIPLET_LENGTH - 1); 618 printf("Authentication"); /* XXX */ 619 ielen = GTPV0_TV_AUTH_TRIPLET_LENGTH; 620 break; 621 622 case GTPV0_TV_MAP_CAUSE: 623 624 /* 09.60 7.9.9 - MAP Cause. */ 625 TCHECK2(cp[0], GTPV0_TV_MAP_CAUSE_LENGTH - 1); 626 printf("MAP Cause: %u", cp[0]); 627 ielen = GTPV0_TV_MAP_CAUSE_LENGTH; 628 break; 629 630 case GTPV0_TV_PTMSI_SIGNATURE: 631 632 /* 09.60 7.9.10 - P-TMSI Signature. */ 633 /* Signature defined in GSM 04.08. */ 634 TCHECK2(cp[0], GTPV0_TV_PTMSI_SIGNATURE_LENGTH - 1); 635 printf("PTMSI Signature: 0x%x%x%x", cp[0], cp[1], cp[2]); 636 ielen = GTPV0_TV_PTMSI_SIGNATURE_LENGTH; 637 break; 638 639 case GTPV0_TV_MS_VALIDATED: 640 641 /* 09.60 7.9.11 - MS Validated. */ 642 TCHECK2(cp[0], GTPV0_TV_MS_VALIDATED_LENGTH - 1); 643 printf("MS Validated"); 644 if (cp[0] & 0x1) 645 printf("yes"); 646 else 647 printf("no"); 648 ielen = GTPV0_TV_MS_VALIDATED_LENGTH; 649 break; 650 651 case GTPV0_TV_RECOVERY: 652 653 /* 09.60 7.9.12 - Recovery. */ 654 TCHECK2(cp[0], GTPV0_TV_RECOVERY_LENGTH - 1); 655 printf("Recovery: Restart counter %u", cp[0]); 656 ielen = GTPV0_TV_RECOVERY_LENGTH; 657 break; 658 659 case GTPV0_TV_SELECTION_MODE: 660 661 /* 09.60 7.9.13 - Selection Mode. */ 662 TCHECK2(cp[0], GTPV0_TV_SELECTION_MODE_LENGTH - 1); 663 printf("Selection Mode"); /* XXX */ 664 ielen = GTPV0_TV_SELECTION_MODE_LENGTH; 665 break; 666 667 case GTPV0_TV_FLOW_LABEL_DATA_I: 668 669 /* 09.60 7.9.14 - Flow Label Data I. */ 670 TCHECK2(cp[0], GTPV0_TV_FLOW_LABEL_DATA_I_LENGTH - 1); 671 dps = (u_int16_t *)cp; 672 printf("Flow Label Data I: %u", ntohs(*dps)); 673 ielen = GTPV0_TV_FLOW_LABEL_DATA_I_LENGTH; 674 break; 675 676 case GTPV0_TV_FLOW_LABEL_SIGNALLING: 677 678 /* 09.60 7.9.15 - Flow Label Signalling. */ 679 TCHECK2(cp[0], GTPV0_TV_FLOW_LABEL_SIGNALLING_LENGTH - 1); 680 dps = (u_int16_t *)cp; 681 printf("Flow Label Signalling: %u", ntohs(*dps)); 682 ielen = GTPV0_TV_FLOW_LABEL_SIGNALLING_LENGTH; 683 break; 684 685 case GTPV0_TV_FLOW_LABEL_DATA_II: 686 687 /* 09.60 7.9.16 - Flow Label Data II. */ 688 TCHECK2(cp[0], GTPV0_TV_FLOW_LABEL_DATA_II_LENGTH - 1); 689 data = cp[0] & 0xf; 690 dps = (u_int16_t *)(cp + 1); 691 printf("Flow Label Data II: %u, NSAPI %u", ntohs(*dps), data); 692 ielen = GTPV0_TV_FLOW_LABEL_DATA_II_LENGTH; 693 break; 694 695 case GTPV0_TV_PACKET_XFER_CMD: 696 697 /* 12.15 7.3.4.5.3 - Packet Transfer Command. */ 698 TCHECK2(cp[0], GTPV0_TV_PACKET_XFER_CMD_LENGTH - 1); 699 printf("Packet Transfer Command"); 700 gtp_print_str(gtp_packet_xfer_cmd, cp[0]); 701 ielen = GTPV0_TV_PACKET_XFER_CMD_LENGTH; 702 break; 703 704 case GTPV0_TV_CHARGING_ID: 705 706 /* 09.60 7.9.17 - Charging ID. */ 707 TCHECK2(cp[0], GTPV0_TV_CHARGING_ID_LENGTH - 1); 708 dps = (u_int16_t *)cp; 709 printf("Charging ID: %u", ntohs(*dps)); 710 ielen = GTPV0_TV_CHARGING_ID_LENGTH; 711 break; 712 713 default: 714 printf("TV %u", value); 715 } 716 717 trunc: 718 return ielen; 719 } 720 721 int 722 gtp_v0_print_tlv(register const u_char *cp, u_int value) 723 { 724 u_int8_t data; 725 u_int16_t *lenp, *seqno, len; 726 u_char *buf; 727 int ielen = -1; 728 729 /* Get length of IE. */ 730 TCHECK2(cp[0], 2); 731 lenp = (u_int16_t *)cp; 732 cp += 2; 733 len = ntohs(*lenp); 734 TCHECK2(cp[0], len); 735 ielen = sizeof(data) + sizeof(len) + len; 736 737 switch (value) { 738 739 case GTPV0_TLV_END_USER_ADDRESS: 740 741 /* 09.60 7.9.18 - End User Address. */ 742 printf("End User Address"); 743 gtp_print_user_address(cp, len); 744 break; 745 746 case GTPV0_TLV_MM_CONTEXT: 747 748 /* 09.60 7.9.19 - MM Context. */ 749 printf("MM Context"); /* XXX */ 750 break; 751 752 case GTPV0_TLV_PDP_CONTEXT: 753 754 /* 09.60 7.9.20 - PDP Context. */ 755 printf("PDP Context"); /* XXX */ 756 break; 757 758 case GTPV0_TLV_ACCESS_POINT_NAME: 759 760 /* 09.60 7.9.21 - Access Point Name. */ 761 printf("AP Name:"); 762 len = (u_int8_t)cp[0]; 763 if ((buf = malloc(len + 1)) != NULL) { 764 bcopy(cp + 1, buf, len); 765 buf[len] = '\0'; 766 printf(": %s", buf); 767 free(buf); 768 } 769 break; 770 771 case GTPV0_TLV_PROTOCOL_CONFIG_OPTIONS: 772 773 /* 09.60 7.9.22 - Protocol Configuration Options. */ 774 printf("Protocol Configuration Options"); /* XXX */ 775 break; 776 777 case GTPV0_TLV_GSN_ADDRESS: 778 779 /* 09.60 7.9.23 - GSN Address. */ 780 printf("GSN Address"); 781 if (len == 4) 782 printf(": %s", ipaddr_string(cp)); 783 #ifdef INET6 784 else if (len == 16) 785 printf(": %s", ip6addr_string(cp)); 786 #endif 787 break; 788 789 case GTPV0_TLV_MS_ISDN: 790 791 /* 09.60 7.9.24 - MS International PSTN/ISDN Number. */ 792 printf("MSISDN "); 793 data = (u_int8_t)cp[0]; /* XXX - Number type. */ 794 gtp_print_tbcd(cp + 1, len - 1); 795 break; 796 797 case GTPV0_TLV_CHARGING_GATEWAY_ADDRESS: 798 799 /* 09.60 7.9.25 - Charging Gateway Address. */ 800 printf("Charging Gateway"); 801 if (len == 4) 802 printf(": %s", ipaddr_string(cp)); 803 break; 804 805 case GTPV0_TLV_DATA_RECORD_PACKET: 806 807 /* 12.15 7.3.4.5.4 - Data Record Packet. */ 808 printf("Data Record: Records %u, Format %u, Format Version %u", 809 cp[0], cp[1], ntohs(*(u_int16_t *)(cp + 2))); 810 break; 811 812 case GTPV0_TLV_REQUESTS_RESPONDED: 813 814 /* 12.15 7.3.4.6 - Requests Responded. */ 815 printf("Requests Responded:"); 816 seqno = (u_int16_t *)cp; 817 while (len > 0) { 818 printf(" %u", ntohs(*seqno)); 819 seqno++; 820 len -= sizeof(*seqno); 821 } 822 break; 823 824 case GTPV0_TLV_RECOMMENDED_NODE: 825 826 /* 12.15 7.3.4.3 - Address of Recommended Node. */ 827 printf("Recommended Node"); 828 if (len == 4) 829 printf(": %s", ipaddr_string(cp)); 830 #ifdef INET6 831 else if (len == 16) 832 printf(": %s", ip6addr_string(cp)); 833 #endif 834 break; 835 836 case GTPV0_TLV_PRIVATE_EXTENSION: 837 838 printf("Private Extension"); 839 break; 840 841 default: 842 printf("TLV %u (len %u)", value, len); 843 } 844 845 return ielen; 846 847 trunc: 848 return -1; 849 } 850 851 /* 852 * Decoding for GTP version 1, which consists of GTPv1-C, GTPv1-U and GTPv1'. 853 */ 854 void 855 gtp_v1_print(const u_char *cp, u_int length, u_short sport, u_short dport) 856 { 857 struct gtp_v1_hdr *gh = (struct gtp_v1_hdr *)cp; 858 struct gtp_v1_hdr_ext *ghe = 0; 859 int nexthdr, hlen; 860 u_char *p = (u_char *)cp; 861 862 TCHECK(gh->flags); 863 if ((gh->flags && GTPV1_HDR_PROTO_TYPE) == 0) { 864 printf(" GTPv1'"); 865 gtp_proto = GTP_V1_PRIME_PROTO; 866 gtp_v1_print_prime(p, (struct gtp_v1_prime_hdr *)gh); 867 return; 868 } 869 870 if (dport == GTPV1_C_PORT || sport == GTPV1_C_PORT) { 871 gtp_proto = GTP_V1_CTRL_PROTO; 872 printf(" GTPv1-C"); 873 } else if (dport == GTPV1_U_PORT || sport == GTPV1_U_PORT) { 874 gtp_proto = GTP_V1_USER_PROTO; 875 printf(" GTPv1-U"); 876 } else if (dport == GTPV1_PRIME_PORT || sport == GTPV1_PRIME_PORT) { 877 gtp_proto = GTP_V1_PRIME_PROTO; 878 printf(" GTPv1'"); 879 } 880 881 /* Decode GTP header. */ 882 TCHECK(*gh); 883 p += sizeof(struct gtp_v1_hdr); 884 885 printf(" (teid %u, len %u)", ntohl(gh->teid), ntohs(gh->length)); 886 887 if (gh->flags & GTPV1_HDR_EXT) { 888 ghe = (struct gtp_v1_hdr_ext *)cp; 889 TCHECK(*ghe); 890 p += sizeof(struct gtp_v1_hdr_ext) - sizeof(struct gtp_v1_hdr); 891 } 892 893 if (gh->flags & GTPV1_HDR_SN_FLAG) 894 printf(" [seq %u]", ntohs(ghe->seqno)); 895 896 if (gh->flags & GTPV1_HDR_NPDU_FLAG) 897 printf(" [N-PDU %u]", ghe->npduno); 898 899 if (gh->flags & GTPV1_HDR_EH_FLAG) { 900 901 /* Process next header... */ 902 nexthdr = ghe->nexthdr; 903 while (nexthdr != GTPV1_EH_NONE) { 904 905 /* Header length is a 4 octet multiplier. */ 906 hlen = (int)p[0] * 4; 907 TCHECK2(p[0], hlen); 908 909 switch (nexthdr) { 910 case GTPV1_EH_MBMS_SUPPORT: 911 printf(" [MBMS Support]"); 912 break; 913 914 case GTPV1_EH_MSI_CHANGE_RPT: 915 printf(" [MS Info Change Reporting]"); 916 break; 917 918 case GTPV1_EH_PDCP_PDU_NO: 919 printf(" [PDCP PDU %u]", 920 ntohs(*(u_int16_t *)(p + 1))); 921 break; 922 923 case GTPV1_EH_SUSPEND_REQUEST: 924 printf(" [Suspend Request]"); 925 break; 926 927 case GTPV1_EH_SUSPEND_RESPONSE: 928 printf(" [Suspend Response]"); 929 break; 930 931 default: 932 printf(" [Unknown Header %u]", nexthdr); 933 } 934 935 p += hlen - 1; 936 nexthdr = (int)p[0]; 937 p++; 938 } 939 940 } 941 942 hlen = p - cp; 943 944 if (dport == GTPV1_C_PORT || sport == GTPV1_C_PORT) 945 gtp_v1_print_ctrl(p, hlen, gh); 946 else if (dport == GTPV1_U_PORT || sport == GTPV1_U_PORT) 947 gtp_v1_print_user(p, hlen, gh); 948 949 return; 950 951 trunc: 952 printf(" [|%s]", tok2str(gtp_type, "GTP", gtp_proto)); 953 } 954 955 void 956 gtp_v1_print_ctrl(register const u_char *cp, u_int hlen, struct gtp_v1_hdr *gh) 957 { 958 int len; 959 960 /* Decode GTP control message. */ 961 printf(" %s", tok2str(gtp_v1_msgtype, "Message Type %u", gh->msgtype)); 962 963 len = ntohs(gh->length) - hlen + sizeof(*gh); 964 if (vflag) 965 gtp_decode_ie(cp, GTP_VERSION_1, len); 966 } 967 968 void 969 gtp_v1_print_user(register const u_char *cp, u_int hlen, struct gtp_v1_hdr *gh) 970 { 971 int len, version; 972 973 /* Decode GTP user message. */ 974 printf(" %s", tok2str(gtp_v1_msgtype, "Message Type %u", gh->msgtype)); 975 976 if (!vflag) 977 return; 978 979 len = ntohs(gh->length) - hlen + sizeof(*gh); 980 981 if (gh->msgtype == GTPV1_G_PDU) { 982 983 TCHECK(cp[0]); 984 version = cp[0] >> 4; 985 986 printf(" { "); 987 988 if (version == 4) 989 ip_print(cp, len); 990 #ifdef INET6 991 else if (version == 6) 992 ip6_print(cp, len); 993 #endif 994 else 995 printf("Unknown IP version %u", version); 996 997 printf(" }"); 998 999 } else 1000 gtp_decode_ie(cp, GTP_VERSION_1, len); 1001 1002 return; 1003 1004 trunc: 1005 printf(" [|%s]", tok2str(gtp_type, "GTP", gtp_proto)); 1006 } 1007 1008 void 1009 gtp_v1_print_prime(register const u_char *cp, struct gtp_v1_prime_hdr *gph) 1010 { 1011 int len; 1012 1013 /* Decode GTP prime header. */ 1014 TCHECK(*gph); 1015 cp += sizeof(struct gtp_v1_prime_hdr); 1016 1017 len = ntohs(gph->length); 1018 printf(" (len %u, seq %u) ", len, ntohs(gph->seqno)); 1019 1020 /* Decode GTP message. */ 1021 printf("%s", tok2str(gtp_v1_msgtype, "Message Type %u", gph->msgtype)); 1022 1023 if (vflag) 1024 gtp_decode_ie(cp, GTP_VERSION_1, len); 1025 1026 return; 1027 1028 trunc: 1029 printf(" [|%s]", tok2str(gtp_type, "GTP", gtp_proto)); 1030 } 1031 1032 int 1033 gtp_v1_print_tv(register const u_char *cp, u_int value) 1034 { 1035 u_int32_t *dpl; 1036 u_int16_t *dps; 1037 u_int8_t data; 1038 int ielen = -1; 1039 1040 switch (value) { 1041 case GTPV1_TV_CAUSE: 1042 1043 /* 29.060 - 7.7.1 Cause. */ 1044 TCHECK(cp[0]); 1045 data = (u_int8_t)cp[0]; 1046 ielen = GTPV1_TV_CAUSE_LENGTH; 1047 printf("Cause: %s", tok2str(gtp_v1_cause, "#%u", data)); 1048 break; 1049 1050 case GTPV1_TV_IMSI: 1051 1052 /* 29.060 7.7.2 - International Mobile Subscriber Identity. */ 1053 TCHECK2(cp[0], GTPV1_TV_IMSI_LENGTH - 1); 1054 printf("IMSI "); 1055 gtp_print_tbcd(cp, GTPV1_TV_IMSI_LENGTH - 1); 1056 ielen = GTPV1_TV_IMSI_LENGTH; 1057 break; 1058 1059 case GTPV1_TV_RAI: 1060 1061 /* 29.060 7.7.3 - Routing Area Identity (RAI). */ 1062 TCHECK2(cp[0], GTPV1_TV_RAI_LENGTH - 1); 1063 printf("RAI: MCC "); 1064 data = cp[1] | 0xf0; 1065 gtp_print_tbcd(cp, 1); 1066 gtp_print_tbcd(&data, 1); 1067 printf(", MNC "); 1068 data = (cp[1] >> 4) | 0xf0; 1069 gtp_print_tbcd(cp + 2, 1); 1070 gtp_print_tbcd(&data, 1); 1071 printf(", LAC 0x%x%x", cp[3], cp[4]); 1072 printf(", RAC 0x%x", cp[5]); 1073 ielen = GTPV1_TV_RAI_LENGTH; 1074 break; 1075 1076 case GTPV1_TV_TLLI: 1077 1078 /* 29.060 7.7.4 - Temporary Logical Link Identity (TLLI). */ 1079 TCHECK2(cp[0], GTPV1_TV_TLLI_LENGTH - 1); 1080 dpl = (u_int32_t *)cp; 1081 printf("TLLI 0x%x", ntohl(*dpl)); 1082 ielen = GTPV1_TV_TLLI_LENGTH; 1083 break; 1084 1085 case GTPV1_TV_PTMSI: 1086 1087 /* 29.060 7.7.5 - Packet TMSI (P-TMSI). */ 1088 TCHECK2(cp[0], GTPV1_TV_PTMSI_LENGTH - 1); 1089 dpl = (u_int32_t *)cp; 1090 printf("P-TMSI 0x%x", ntohl(*dpl)); 1091 ielen = GTPV1_TV_PTMSI_LENGTH; 1092 break; 1093 1094 case GTPV1_TV_REORDER: 1095 1096 /* 29.060 7.7.6 - Reordering Required. */ 1097 TCHECK2(cp[0], GTPV1_TV_REORDER_LENGTH - 1); 1098 printf("Reordering Required: "); 1099 if (cp[0] & 0x1) 1100 printf("yes"); 1101 else 1102 printf("no"); 1103 ielen = GTPV1_TV_REORDER_LENGTH; 1104 break; 1105 1106 case GTPV1_TV_AUTH: 1107 1108 /* 29.060 7.7.7 - Authentication Triplet. */ 1109 TCHECK2(cp[0], GTPV1_TV_AUTH_LENGTH - 1); 1110 dpl = (u_int32_t *)cp; 1111 printf("Auth: RAND 0x%x%x%x%x, SRES 0x%x, Kc 0x%x%x", 1112 ntohl(dpl[0]), ntohl(dpl[1]), ntohl(dpl[2]), ntohl(dpl[3]), 1113 ntohl(dpl[4]), ntohl(dpl[5]), ntohl(dpl[6])); 1114 ielen = GTPV1_TV_AUTH_LENGTH; 1115 break; 1116 1117 case GTPV1_TV_MAP_CAUSE: 1118 1119 /* 29.060 7.7.8 - MAP Cause. */ 1120 /* Cause defined in 3GPP TS 29.002. */ 1121 TCHECK2(cp[0], GTPV1_TV_MAP_CAUSE_LENGTH - 1); 1122 printf("Map Cause: %u", cp[0]); 1123 ielen = GTPV1_TV_MAP_CAUSE_LENGTH; 1124 break; 1125 1126 case GTPV1_TV_PTMSI_SIGNATURE: 1127 1128 /* 29.060 7.7.9 - P-TMSI Signature. */ 1129 /* Signature defined in 3GPP TS 24.008. */ 1130 TCHECK2(cp[0], GTPV1_TV_PTMSI_SIGNATURE_LENGTH - 1); 1131 printf("PTMSI Signature: 0x%x%x%x", cp[0], cp[1], cp[2]); 1132 ielen = GTPV1_TV_PTMSI_SIGNATURE_LENGTH; 1133 break; 1134 1135 case GTPV1_TV_MS_VALIDATED: 1136 1137 /* 29.060 7.7.10 - MS Validated. */ 1138 TCHECK2(cp[0], GTPV1_TV_MS_VALIDATED_LENGTH - 1); 1139 printf("MS Validated: "); 1140 if (cp[0] & 0x1) 1141 printf("yes"); 1142 else 1143 printf("no"); 1144 ielen = GTPV1_TV_MS_VALIDATED_LENGTH; 1145 break; 1146 1147 case GTPV1_TV_RECOVERY: 1148 1149 /* 29.060 7.7.11 - Recovery. */ 1150 TCHECK2(cp[0], GTPV1_TV_RECOVERY_LENGTH - 1); 1151 printf("Recovery: Restart counter %u", cp[0]); 1152 ielen = GTPV1_TV_RECOVERY_LENGTH; 1153 break; 1154 1155 case GTPV1_TV_SELECTION_MODE: 1156 1157 /* 29.060 7.7.12 - Selection Mode. */ 1158 TCHECK2(cp[0], GTPV1_TV_SELECTION_MODE_LENGTH - 1); 1159 data = (u_int8_t)cp[0]; 1160 printf("Selection Mode: %u", data & 0x2); 1161 ielen = GTPV1_TV_SELECTION_MODE_LENGTH; 1162 break; 1163 1164 case GTPV1_TV_TEID_DATA_I: 1165 1166 /* 29.060 7.7.13 - Tunnel Endpoint Identifier Data I. */ 1167 TCHECK2(cp[0], GTPV1_TV_TEID_DATA_I_LENGTH - 1); 1168 dpl = (u_int32_t *)cp; 1169 printf("TEI Data I: %u", ntohl(*dpl)); 1170 ielen = GTPV1_TV_TEID_DATA_I_LENGTH; 1171 break; 1172 1173 case GTPV1_TV_TEID_CTRL: 1174 1175 /* 29.060 7.7.14 - Tunnel Endpoint Identifier Control Plane. */ 1176 TCHECK2(cp[0], GTPV1_TV_TEID_CTRL_LENGTH - 1); 1177 dpl = (u_int32_t *)cp; 1178 printf("TEI Control Plane: %u", ntohl(*dpl)); 1179 ielen = GTPV1_TV_TEID_CTRL_LENGTH; 1180 break; 1181 1182 case GTPV1_TV_TEID_DATA_II: 1183 1184 /* 29.060 7.7.15 - Tunnel Endpoint Identifier Data II. */ 1185 TCHECK2(cp[0], GTPV1_TV_TEID_DATA_II_LENGTH - 1); 1186 data = cp[0] & 0xf; 1187 dpl = (u_int32_t *)(cp + 1); 1188 printf("TEI Data II: %u, NSAPI %u", ntohl(*dpl), data); 1189 ielen = GTPV1_TV_TEID_DATA_II_LENGTH; 1190 break; 1191 1192 case GTPV1_TV_TEARDOWN: 1193 1194 /* 29.060 7.7.16 - Teardown Indicator. */ 1195 TCHECK2(cp[0], GTPV1_TV_TEARDOWN_LENGTH - 1); 1196 printf("Teardown: "); 1197 if (cp[0] & 0x1) 1198 printf("yes"); 1199 else 1200 printf("no"); 1201 ielen = GTPV1_TV_TEARDOWN_LENGTH; 1202 break; 1203 1204 case GTPV1_TV_NSAPI: 1205 1206 /* 29.060 7.7.17 - NSAPI. */ 1207 TCHECK2(cp[0], GTPV1_TV_NSAPI_LENGTH - 1); 1208 data = (u_int8_t)cp[0]; 1209 printf("NSAPI %u", data & 0xf); 1210 ielen = GTPV1_TV_NSAPI_LENGTH; 1211 break; 1212 1213 case GTPV1_TV_RANAP: 1214 1215 /* 29.060 7.7.18 - RANAP Cause. */ 1216 TCHECK2(cp[0], GTPV1_TV_RANAP_LENGTH - 1); 1217 printf("RANAP Cause: %u", cp[0]); 1218 ielen = GTPV1_TV_RANAP_LENGTH; 1219 break; 1220 1221 case GTPV1_TV_RAB_CONTEXT: 1222 1223 /* 29.060 7.7.19 - RAB Context. */ 1224 TCHECK2(cp[0], GTPV1_TV_RAB_CONTEXT_LENGTH - 1); 1225 data = cp[0] & 0xf; 1226 dps = (u_int16_t *)(cp + 1); 1227 printf("RAB Context: NSAPI %u, DL GTP-U Seq No %u," 1228 "UL GTP-U Seq No %u, DL PDCP Seq No %u, UL PDCP Seq No %u", 1229 data, ntohs(dps[0]), ntohs(dps[1]), ntohs(dps[2]), 1230 ntohs(dps[3])); 1231 ielen = GTPV1_TV_RAB_CONTEXT_LENGTH; 1232 break; 1233 1234 case GTPV1_TV_RADIO_PRIORITY_SMS: 1235 1236 /* 29.060 7.7.20 - Radio Priority SMS. */ 1237 TCHECK2(cp[0], GTPV1_TV_RADIO_PRI_SMS_LENGTH - 1); 1238 printf("Radio Priority SMS: %u", cp[0] & 0x7); 1239 ielen = GTPV1_TV_RADIO_PRI_SMS_LENGTH; 1240 break; 1241 1242 case GTPV1_TV_RADIO_PRIORITY: 1243 1244 /* 29.060 7.7.21 - Radio Priority. */ 1245 TCHECK2(cp[0], GTPV1_TV_RADIO_PRI_LENGTH - 1); 1246 data = cp[0] >> 4; 1247 printf("Radio Priority: %u, NSAPI %u", cp[0] & 0x7, data); 1248 ielen = GTPV1_TV_RADIO_PRI_LENGTH; 1249 break; 1250 1251 case GTPV1_TV_PACKET_FLOW_ID: 1252 1253 /* 29.060 7.7.22 - Packet Flow ID. */ 1254 TCHECK2(cp[0], GTPV1_TV_PACKET_FLOW_ID_LENGTH - 1); 1255 printf("Packet Flow ID: %u, NSAPI %u", cp[1], cp[0] & 0xf); 1256 ielen = GTPV1_TV_PACKET_FLOW_ID_LENGTH; 1257 break; 1258 1259 case GTPV1_TV_CHARGING: 1260 1261 /* 29.060 7.7.23 - Charging Characteristics. */ 1262 /* Charging defined in 3GPP TS 32.298. */ 1263 TCHECK2(cp[0], GTPV1_TV_CHARGING_LENGTH - 1); 1264 printf("Charging Characteristics"); /* XXX */ 1265 ielen = GTPV1_TV_CHARGING_LENGTH; 1266 break; 1267 1268 case GTPV1_TV_TRACE_REFERENCE: 1269 1270 /* 29.060 7.7.24 - Trace Reference. */ 1271 TCHECK2(cp[0], GTPV1_TV_TRACE_REFERENCE_LENGTH - 1); 1272 dps = (u_int16_t *)cp; 1273 printf("Trace Reference: %u", ntohs(*dps)); 1274 ielen = GTPV1_TV_TRACE_REFERENCE_LENGTH; 1275 break; 1276 1277 case GTPV1_TV_TRACE_TYPE: 1278 1279 /* 29.060 7.7.25 - Trace Type. */ 1280 /* Trace type defined in GSM 12.08. */ 1281 TCHECK2(cp[0], GTPV1_TV_TRACE_TYPE_LENGTH - 1); 1282 dps = (u_int16_t *)cp; 1283 printf("Trace Type: %u", ntohs(*dps)); 1284 ielen = GTPV1_TV_TRACE_TYPE_LENGTH; 1285 break; 1286 1287 case GTPV1_TV_MSNRR: 1288 1289 /* 29.060 7.7.26 - MS Not Reachable Reason. */ 1290 /* Reason defined in 3GPP TS 23.040. */ 1291 TCHECK2(cp[0], GTPV1_TV_MSNRR_LENGTH - 1); 1292 printf("MS NRR: %u", cp[0]); 1293 ielen = GTPV1_TV_MSNRR_LENGTH; 1294 break; 1295 1296 case GTPV1_TV_PACKET_XFER_CMD: 1297 1298 /* 32.295 6.2.4.5.2 - Packet Transfer Command. */ 1299 TCHECK2(cp[0], GTPV1_TV_PACKET_XFER_CMD_LENGTH - 1); 1300 printf("Packet Transfer Command"); 1301 gtp_print_str(gtp_packet_xfer_cmd, cp[0]); 1302 ielen = GTPV1_TV_PACKET_XFER_CMD_LENGTH; 1303 break; 1304 1305 case GTPV1_TV_CHARGING_ID: 1306 1307 /* 29.060 7.7.26 - Charging ID. */ 1308 TCHECK2(cp[0], GTPV1_TV_CHARGING_ID_LENGTH - 1); 1309 dpl = (u_int32_t *)cp; 1310 printf("Charging ID: %u", ntohl(*dpl)); 1311 ielen = GTPV1_TV_CHARGING_ID_LENGTH; 1312 break; 1313 1314 default: 1315 printf("TV %u", value); 1316 } 1317 1318 trunc: 1319 return ielen; 1320 } 1321 1322 int 1323 gtp_v1_print_tlv(register const u_char *cp, u_int value) 1324 { 1325 u_int8_t data; 1326 u_int16_t *lenp, *seqno, len; 1327 u_char *buf; 1328 int ielen = -1; 1329 1330 /* Get length of IE. */ 1331 TCHECK2(cp[0], 2); 1332 lenp = (u_int16_t *)cp; 1333 cp += 2; 1334 len = ntohs(*lenp); 1335 TCHECK2(cp[0], len); 1336 ielen = sizeof(data) + sizeof(len) + len; 1337 1338 switch (value) { 1339 case GTPV1_TLV_END_USER_ADDRESS: 1340 1341 /* 3GPP 29.060 - 7.7.27 End User Address. */ 1342 printf("End User Address"); 1343 gtp_print_user_address(cp, len); 1344 break; 1345 1346 case GTPV1_TLV_MM_CONTEXT: 1347 1348 /* 29.060 7.7.28 - MM Context. */ 1349 printf("MM Context"); /* XXX */ 1350 break; 1351 1352 case GTPV1_TLV_PDP_CONTEXT: 1353 1354 /* 29.260 7.7.29 - PDP Context. */ 1355 printf("PDP Context"); /* XXX */ 1356 break; 1357 1358 case GTPV1_TLV_ACCESS_POINT_NAME: 1359 1360 /* 29.060 7.7.30 - Access Point Name. */ 1361 printf("AP Name"); 1362 len = (u_int8_t)cp[0]; 1363 if ((buf = malloc(len + 1)) != NULL) { 1364 bcopy(cp + 1, buf, len); 1365 buf[len] = '\0'; 1366 printf(": %s", buf); 1367 free(buf); 1368 } 1369 break; 1370 1371 case GTPV1_TLV_PROTOCOL_CONFIG_OPTIONS: 1372 1373 /* 29.060 7.7.31 - Protocol Configuration Options. */ 1374 /* Defined in 3GPP TS 24.008. */ 1375 printf("Config Options"); /* XXX */ 1376 break; 1377 1378 case GTPV1_TLV_GSN_ADDRESS: 1379 1380 /* 29.060 7.7.32 - GSN Address. */ 1381 /* Defined in 3GPP TS 23.003. */ 1382 printf("GSN Address"); 1383 if (len == 4) 1384 printf(": %s", ipaddr_string(cp)); 1385 #ifdef INET6 1386 else if (len == 16) 1387 printf(": %s", ip6addr_string(cp)); 1388 #endif 1389 break; 1390 1391 case GTPV1_TLV_MSISDN: 1392 1393 /* 29.060 7.7.33 - MS International PSTN/ISDN Number. */ 1394 printf("MSISDN "); 1395 data = (u_int8_t)cp[0]; /* XXX - Number type. */ 1396 gtp_print_tbcd(cp + 1, len - 1); 1397 break; 1398 1399 case GTPV1_TLV_QOS_PROFILE: 1400 1401 /* 29.060 7.7.34 - QoS Profile. */ 1402 /* QoS profile defined in 3GPP TS 24.008 10.5.6.5. */ 1403 printf("QoS Profile: "); 1404 data = (u_int8_t)cp[0]; 1405 printf("Delay Class %u, ", (data >> 3) & 0x7); 1406 printf("Reliability Class %u", data & 0x7); 1407 if (vflag > 1) { 1408 printf(", "); 1409 data = (u_int8_t)cp[1]; 1410 printf("Precedence Class %u", data & 0x7); 1411 /* XXX - Decode more QoS fields. */ 1412 } 1413 break; 1414 1415 case GTPV1_TLV_AUTHENTICATION: 1416 1417 /* 29.060 7.7.35 - Authentication. */ 1418 printf("Authentication"); /* XXX */ 1419 break; 1420 1421 case GTPV1_TLV_TRAFFIC_FLOW: 1422 1423 /* 29.060 7.7.36 - Traffic Flow Template. */ 1424 printf("Traffic Flow Template"); /* XXX */ 1425 break; 1426 1427 case GTPV1_TLV_TARGET_IDENTIFICATION: 1428 1429 /* 29.060 7.7.37 - Target Identification. */ 1430 printf("Target ID"); /* XXX */ 1431 break; 1432 1433 case GTPV1_TLV_UTRAN_CONTAINER: 1434 1435 /* 29.060 7.7.38 - UTRAN Transparent Container. */ 1436 printf("UTRAN Container"); /* XXX */ 1437 break; 1438 1439 case GTPV1_TLV_RAB_SETUP_INFORMATION: 1440 1441 /* 29.060 7.7.39 - RAB Setup Information. */ 1442 printf("RAB Setup"); /* XXX */ 1443 break; 1444 1445 case GTPV1_TLV_EXT_HEADER_TYPE_LIST: 1446 1447 /* 29.060 7.7.40 - Extension Header Type List. */ 1448 printf("Extension Header List"); /* XXX */ 1449 break; 1450 1451 case GTPV1_TLV_TRIGGER_ID: 1452 1453 /* 29.060 7.7.41 - Trigger ID. */ 1454 printf("Trigger ID"); /* XXX */ 1455 break; 1456 1457 case GTPV1_TLV_OMC_IDENTITY: 1458 1459 /* 29.060 7.7.42 - OMC Identity. */ 1460 printf("OMC Identity"); /* XXX */ 1461 break; 1462 1463 case GTPV1_TLV_RAN_CONTAINER: 1464 1465 /* 29.060 7.7.43 - RAN Transparent Container. */ 1466 printf("RAN Container"); /* XXX */ 1467 break; 1468 1469 case GTPV1_TLV_PDP_CONTEXT_PRIORITIZATION: 1470 1471 /* 29.060 7.7.45 - PDP Context Prioritization. */ 1472 printf("PDP Context Prioritization"); /* XXX */ 1473 break; 1474 1475 case GTPV1_TLV_ADDITIONAL_RAB_SETUP_INFO: 1476 1477 /* 29.060 7.7.45A - Additional RAB Setup Information. */ 1478 printf("Additional RAB Setup"); /* XXX */ 1479 break; 1480 1481 case GTPV1_TLV_SGSN_NUMBER: 1482 1483 /* 29.060 7.7.47 - SGSN Number. */ 1484 printf("SGSN Number"); /* XXX */ 1485 break; 1486 1487 case GTPV1_TLV_COMMON_FLAGS: 1488 1489 /* 29.060 7.7.48 - Common Flags. */ 1490 printf("Common Flags"); /* XXX */ 1491 break; 1492 1493 case GTPV1_TLV_APN_RESTRICTION: 1494 1495 /* 29.060 7.7.49 - APN Restriction. */ 1496 data = (u_int8_t)cp[0]; 1497 printf("APN Restriction: %u", data); 1498 break; 1499 1500 case GTPV1_TLV_RADIO_PRIORITY_LCS: 1501 1502 /* 29.060 7.7.25B - Radio Priority LCS. */ 1503 printf("Radio Priority LCS: %u", cp[0] & 0x7); 1504 break; 1505 1506 case GTPV1_TLV_RAT_TYPE: 1507 1508 /* 29.060 7.7.50 - RAT Type. */ 1509 printf("RAT"); 1510 gtp_print_str(gtp_rat_type, cp[0]); 1511 break; 1512 1513 case GTPV1_TLV_USER_LOCATION_INFO: 1514 1515 /* 29.060 7.7.51 - User Location Information. */ 1516 printf("ULI"); /* XXX */ 1517 break; 1518 1519 case GTPV1_TLV_MS_TIME_ZONE: 1520 1521 /* 29.060 7.7.52 - MS Time Zone. */ 1522 printf("MSTZ"); /* XXX */ 1523 break; 1524 1525 case GTPV1_TLV_IMEI_SV: 1526 1527 /* 29.060 7.7.53 - IMEI(SV). */ 1528 printf("IMEI(SV) "); 1529 gtp_print_tbcd(cp, len); 1530 break; 1531 1532 case GTPV1_TLV_CAMEL_CHARGING_CONTAINER: 1533 1534 /* 29.060 7.7.54 - CAMEL Charging Information Container. */ 1535 printf("CAMEL Charging"); /* XXX */ 1536 break; 1537 1538 case GTPV1_TLV_MBMS_UE_CONTEXT: 1539 1540 /* 29.060 7.7.55 - MBMS UE Context. */ 1541 printf("MBMS UE Context"); /* XXX */ 1542 break; 1543 1544 case GTPV1_TLV_TMGI: 1545 1546 /* 29.060 7.7.56 - Temporary Mobile Group Identity. */ 1547 printf("TMGI"); /* XXX */ 1548 break; 1549 1550 case GTPV1_TLV_RIM_ROUTING_ADDRESS: 1551 1552 /* 29.060 7.7.57 - RIM Routing Address. */ 1553 printf("RIM Routing Address"); /* XXX */ 1554 break; 1555 1556 case GTPV1_TLV_MBMS_PROTOCOL_CONFIG_OPTIONS: 1557 1558 /* 29.060 7.7.58 - MBMS Protocol Configuration Options. */ 1559 printf("MBMS Protocol Config Options"); /* XXX */ 1560 break; 1561 1562 case GTPV1_TLV_MBMS_SERVICE_AREA: 1563 1564 /* 29.060 7.7.60 - MBMS Service Area. */ 1565 printf("MBMS Service Area"); /* XXX */ 1566 break; 1567 1568 case GTPV1_TLV_SOURCE_RNC_PDCP_CONTEXT_INFO: 1569 1570 /* 29.060 7.7.61 - Source RNC PDCP Context Information. */ 1571 printf("Source RNC PDCP Context"); /* XXX */ 1572 break; 1573 1574 case GTPV1_TLV_ADDITIONAL_TRACE_INFO: 1575 1576 /* 29.060 7.7.62 - Additional Trace Information. */ 1577 printf("Additional Trace Info"); /* XXX */ 1578 break; 1579 1580 case GTPV1_TLV_HOP_COUNTER: 1581 1582 /* 29.060 7.7.63 - Hop Counter. */ 1583 printf("Hop Counter: %u", cp[0]); 1584 break; 1585 1586 case GTPV1_TLV_SELECTED_PLMN_ID: 1587 1588 /* 29.060 7.7.64 - Selected PLMN ID. */ 1589 printf("Selected PLMN ID"); /* XXX */ 1590 break; 1591 1592 case GTPV1_TLV_MBMS_SESSION_IDENTIFIER: 1593 1594 /* 29.060 7.7.65 - MBMS Session Identifier. */ 1595 printf("MBMS Session ID: %u", cp[0]); 1596 break; 1597 1598 case GTPV1_TLV_MBMS_2G_3G_INDICATOR: 1599 1600 /* 29.060 7.7.66 - MBMS 2G/3G Indicator. */ 1601 printf("MBMS 2G/3G Indicator"); 1602 gtp_print_str(mbms_2g3g_indicator, cp[0]); 1603 break; 1604 1605 case GTPV1_TLV_ENHANCED_NSAPI: 1606 1607 /* 29.060 7.7.67 - Enhanced NSAPI. */ 1608 printf("Enhanced NSAPI"); /* XXX */ 1609 break; 1610 1611 case GTPV1_TLV_MBMS_SESSION_DURATION: 1612 1613 /* 29.060 7.7.59 - MBMS Session Duration. */ 1614 printf("MBMS Session Duration"); /* XXX */ 1615 break; 1616 1617 case GTPV1_TLV_ADDITIONAL_MBMS_TRACE_INFO: 1618 1619 /* 29.060 7.7.68 - Additional MBMS Trace Info. */ 1620 printf("Additional MBMS Trace Info"); /* XXX */ 1621 break; 1622 1623 case GTPV1_TLV_MBMS_SESSION_REPITITION_NO: 1624 1625 /* 29.060 7.7.69 - MBMS Session Repetition Number. */ 1626 printf("MBMS Session Repetition No: %u", cp[0]); 1627 break; 1628 1629 case GTPV1_TLV_MBMS_TIME_TO_DATA_TRANSFER: 1630 1631 /* 29.060 7.7.70 - MBMS Time to Data Transfer. */ 1632 printf("MBMS Time to Data Transfer: %u", cp[0]); 1633 break; 1634 1635 case GTPV1_TLV_PS_HANDOVER_REQUEST_CONTEXT: 1636 1637 /* 29.060 7.7.71 - PS Handover Request Context (Void). */ 1638 break; 1639 1640 case GTPV1_TLV_BSS_CONTAINER: 1641 1642 /* 29.060 7.7.72 - BSS Container. */ 1643 printf("BSS Container"); /* XXX */ 1644 break; 1645 1646 case GTPV1_TLV_CELL_IDENTIFICATION: 1647 1648 /* 29.060 7.7.73 - Cell Identification. */ 1649 printf("Cell Identification"); /* XXX */ 1650 break; 1651 1652 case GTPV1_TLV_PDU_NUMBERS: 1653 1654 /* 29.060 7.7.74 - PDU Numbers. */ 1655 printf("PDU Numbers"); /* XXX */ 1656 break; 1657 1658 case GTPV1_TLV_BSSGP_CAUSE: 1659 1660 /* 29.060 7.7.75 - BSSGP Cause. */ 1661 printf("BSSGP Cause: %u", cp[0]); 1662 break; 1663 1664 case GTPV1_TLV_REQUIRED_MBMS_BEARER_CAP: 1665 1666 /* 29.060 7.7.76 - Required MBMS Bearer Cap. */ 1667 printf("Required MBMS Bearer Cap"); /* XXX */ 1668 break; 1669 1670 case GTPV1_TLV_RIM_ROUTING_ADDRESS_DISC: 1671 1672 /* 29.060 7.7.77 - RIM Routing Address Discriminator. */ 1673 printf("RIM Routing Address Discriminator: %u", cp[0] & 0xf); 1674 break; 1675 1676 case GTPV1_TLV_LIST_OF_SETUP_PFCS: 1677 1678 /* 29.060 7.7.78 - List of Setup PFCs. */ 1679 printf("List of Setup PFCs"); /* XXX */ 1680 break; 1681 1682 case GTPV1_TLV_PS_HANDOVER_XID_PARAMETERS: 1683 1684 /* 29.060 7.7.79 - PS Handover XID Parameters. */ 1685 printf("PS Handover XID Parameters"); /* XXX */ 1686 break; 1687 1688 case GTPV1_TLV_MS_INFO_CHANGE_REPORTING: 1689 1690 /* 29.060 7.7.80 - MS Info Change Reporting. */ 1691 printf("MS Info Change Reporting"); 1692 gtp_print_str(ms_info_change_rpt, cp[0]); 1693 break; 1694 1695 case GTPV1_TLV_DIRECT_TUNNEL_FLAGS: 1696 1697 /* 29.060 7.7.81 - Direct Tunnel Flags. */ 1698 printf("Direct Tunnel Flags"); /* XXX */ 1699 break; 1700 1701 case GTPV1_TLV_CORRELATION_ID: 1702 1703 /* 29.060 7.7.82 - Correlation ID. */ 1704 printf("Correlation ID"); /* XXX */ 1705 break; 1706 1707 case GTPV1_TLV_BEARER_CONTROL_MODE: 1708 1709 /* 29.060 7.7.83 - Bearer Control Mode. */ 1710 printf("Bearer Control Mode"); /* XXX */ 1711 break; 1712 1713 case GTPV1_TLV_MBMS_FLOW_IDENTIFIER: 1714 1715 /* 29.060 7.7.84 - MBMS Flow Identifier. */ 1716 printf("MBMS Flow Identifier"); /* XXX */ 1717 break; 1718 1719 case GTPV1_TLV_RELEASED_PACKETS: 1720 1721 /* 32.295 6.2.4.5.4 - Sequence Numbers of Released Packets. */ 1722 printf("Released Packets:"); 1723 seqno = (u_int16_t *)cp; 1724 while (len > 0) { 1725 printf(" %u", ntohs(*seqno)); 1726 seqno++; 1727 len -= sizeof(*seqno); 1728 } 1729 break; 1730 1731 case GTPV1_TLV_CANCELLED_PACKETS: 1732 1733 /* 32.295 6.2.4.5.5 - Sequence Numbers of Cancelled Packets. */ 1734 printf("Cancelled Packets:"); 1735 seqno = (u_int16_t *)cp; 1736 while (len > 0) { 1737 printf(" %u", ntohs(*seqno)); 1738 seqno++; 1739 len -= sizeof(*seqno); 1740 } 1741 break; 1742 1743 case GTPV1_TLV_CHARGING_GATEWAY_ADDRESS: 1744 1745 /* 29.060 7.7.44 - Charging Gateway Address. */ 1746 printf("Charging Gateway"); 1747 if (len == 4) 1748 printf(": %s", ipaddr_string(cp)); 1749 #ifdef INET6 1750 else if (len == 16) 1751 printf(": %s", ip6addr_string(cp)); 1752 #endif 1753 break; 1754 1755 case GTPV1_TLV_DATA_RECORD_PACKET: 1756 1757 /* 32.295 6.2.4.5.3 - Data Record Packet. */ 1758 printf("Data Record: Records %u, Format %u, Format Version %u", 1759 cp[0], cp[1], ntohs(*(u_int16_t *)(cp + 2))); 1760 break; 1761 1762 case GTPV1_TLV_REQUESTS_RESPONDED: 1763 1764 /* 32.295 6.2.4.6 - Requests Responded. */ 1765 printf("Requests Responded:"); 1766 seqno = (u_int16_t *)cp; 1767 while (len > 0) { 1768 printf(" %u", ntohs(*seqno)); 1769 seqno++; 1770 len -= sizeof(*seqno); 1771 } 1772 break; 1773 1774 case GTPV1_TLV_ADDRESS_OF_RECOMMENDED_NODE: 1775 1776 /* 32.295 6.2.4.3 - Address of Recommended Node. */ 1777 printf("Address of Recommended Node"); 1778 if (len == 4) 1779 printf(": %s", ipaddr_string(cp)); 1780 #ifdef INET6 1781 else if (len == 16) 1782 printf(": %s", ip6addr_string(cp)); 1783 #endif 1784 break; 1785 1786 case GTPV1_TLV_PRIVATE_EXTENSION: 1787 1788 /* 29.060 7.7.46 - Private Extension. */ 1789 printf("Private Extension"); 1790 break; 1791 1792 default: 1793 printf("TLV %u (len %u)", value, len); 1794 } 1795 1796 return ielen; 1797 1798 trunc: 1799 return -1; 1800 } 1801