1 /* $OpenBSD: print-gtp.c,v 1.6 2014/08/14 12:44:44 mpi Exp $ */ 2 /* 3 * Copyright (c) 2009, 2010 Joel Sing <jsing@openbsd.org> 4 * 5 * Permission to use, copy, modify, and distribute this software for any 6 * purpose with or without fee is hereby granted, provided that the above 7 * copyright notice and this permission notice appear in all copies. 8 * 9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 */ 17 18 /* 19 * Decoder for the GPRS Trunking Protocol (GTP). 20 * 21 * This work has been kindly sponsored by SystemNet (www.systemnet.no). 22 * 23 * GTPv0 standards are available from the ETSI website: 24 * 25 * http://pda.etsi.org/pda/ 26 * 27 * GTPv1 standards are available from the 3GPP website: 28 * 29 * http://www.3gpp.org/specifications 30 * 31 * The following standards have been referenced to create this decoder: 32 * 33 * ETSI GSM 09.60 - GPRS Tunnelling Protocol (GTPv0) 34 * ETSI GSM 12.15 - GPRS Charging (GTPv0') 35 * 36 * 3GPP TS 23.003 - Numbering, addressing and identification 37 * 3GPP TS 24.008 - Core network protocols 38 * 3GPP TS 29.002 - Mobile Application Part (MAP) specification 39 * 3GPP TS 29.060 - GPRS Tunnelling Protocol (GTPv1-C/GTPv1-U) 40 * 3GPP TS 32.295 - Charging Data Record (CDR) transfer (GTPv1') 41 */ 42 43 #include <sys/param.h> 44 #include <sys/time.h> 45 #include <sys/socket.h> 46 #include <sys/types.h> 47 48 #include <netinet/in.h> 49 #include <netinet/ip.h> 50 #include <netinet/ip_var.h> 51 52 #include <ctype.h> 53 #include <stdio.h> 54 #include <stdlib.h> 55 #include <string.h> 56 57 #include "addrtoname.h" 58 #include "interface.h" 59 #include "gtp.h" 60 61 void gtp_print(register const u_char *, u_int, u_short, u_short); 62 void gtp_decode_ie(register const u_char *, u_short, int); 63 void gtp_print_tbcd(register const u_char *, u_int); 64 void gtp_print_user_address(register const u_char *, u_int); 65 void gtp_print_apn(register const u_char *, u_int); 66 void gtp_print_str(const char **, u_int); 67 68 void gtp_v0_print(const u_char *, u_int, u_short, u_short); 69 void gtp_v0_print_prime(register const u_char *); 70 int gtp_v0_print_tv(register const u_char *, u_int); 71 int gtp_v0_print_tlv(register const u_char *, u_int); 72 73 void gtp_v1_print(const u_char *, u_int, u_short, u_short); 74 void gtp_v1_print_ctrl(register const u_char *, u_int, struct gtp_v1_hdr *); 75 void gtp_v1_print_user(register const u_char *, u_int, struct gtp_v1_hdr *); 76 void gtp_v1_print_prime(register const u_char *, struct gtp_v1_prime_hdr *); 77 int gtp_v1_print_tv(register const u_char *, u_int); 78 int gtp_v1_print_tlv(register const u_char *, u_int); 79 80 /* GTPv0 message types. */ 81 static struct tok gtp_v0_msgtype[] = { 82 83 { 1, "Echo Request" }, 84 { 2, "Echo Response" }, 85 { 3, "Version Not Supported" }, 86 { 4, "Node Alive Request" }, 87 { 5, "Node Alive Response" }, 88 { 6, "Redirection Request" }, 89 { 7, "Redirection Response" }, 90 { 16, "Create PDP Context Request" }, 91 { 17, "Create PDP Context Response" }, 92 { 18, "Update PDP Context Request" }, 93 { 19, "Update PDP Context Response" }, 94 { 20, "Delete PDP Context Request" }, 95 { 21, "Delete PDP Context Response" }, 96 { 22, "Create AA PDP Context Request" }, 97 { 23, "Create AA PDP Context Response" }, 98 { 24, "Delete AA PDP Context Request" }, 99 { 25, "Delete AA PDP Context Response" }, 100 { 26, "Error Indication" }, 101 { 27, "PDU Notification Request" }, 102 { 28, "PDU Notification Response" }, 103 { 29, "PDU Notification Reject Request" }, 104 { 30, "PDU Notification Reject Response" }, 105 { 32, "Send Routeing Information Request" }, 106 { 33, "Send Routeing Information Response" }, 107 { 34, "Failure Report Request" }, 108 { 35, "Failure Report Response" }, 109 { 36, "MS GPRS Present Request" }, 110 { 37, "MS GPRS Present Response" }, 111 { 48, "Identification Request" }, 112 { 49, "Identification Response" }, 113 { 50, "SGSN Context Request" }, 114 { 51, "SGSN Context Response" }, 115 { 52, "SGSN Context Acknowledge" }, 116 { 240, "Data Record Transfer Request" }, 117 { 241, "Data Record Transfer Response" }, 118 { 255, "T-PDU" }, 119 120 { 0, NULL } 121 }; 122 123 /* GTPv0 causes. */ 124 static struct tok gtp_v0_cause[] = { 125 126 { 0, "Request IMSI" }, 127 { 1, "Request IMEI" }, 128 { 2, "Request IMSI and IMEI" }, 129 { 3, "No identity needed" }, 130 { 4, "MS refuses" }, 131 { 5, "MS is not GPRS responding" }, 132 { 128, "Request accepted" }, 133 { 192, "Non-existent" }, 134 { 193, "Invalid message format" }, 135 { 194, "IMSI not known" }, 136 { 195, "MS is GPRS detached" }, 137 { 196, "MS is not GPRS responding" }, 138 { 197, "MS refuses" }, 139 { 198, "Version not supported" }, 140 { 199, "No resources available" }, 141 { 200, "Service not supported" }, 142 { 201, "Mandatory IE incorrect" }, 143 { 202, "Mandatory IE missing" }, 144 { 203, "Optional IE incorrect" }, 145 { 204, "System failure" }, 146 { 205, "Roaming restriction" }, 147 { 206, "P-TMSI signature mismatch" }, 148 { 207, "GPRS connection suspended" }, 149 { 208, "Authentication failure" }, 150 { 209, "User authentication failed" }, 151 152 { 0, NULL } 153 }; 154 155 /* GTPv1 message types. */ 156 static struct tok gtp_v1_msgtype[] = { 157 158 { 1, "Echo Request" }, 159 { 2, "Echo Response" }, 160 { 3, "Version Not Supported" }, 161 { 4, "Node Alive Request" }, 162 { 5, "Node Alive Response" }, 163 { 6, "Redirection Request" }, 164 { 7, "Redirection Response" }, 165 { 16, "Create PDP Context Request" }, 166 { 17, "Create PDP Context Response" }, 167 { 18, "Update PDP Context Request" }, 168 { 19, "Update PDP Context Response" }, 169 { 20, "Delete PDP Context Request" }, 170 { 21, "Delete PDP Context Response" }, 171 { 22, "Initiate PDP Context Activiation Request" }, 172 { 23, "Initiate PDP Context Activiation Response" }, 173 { 26, "Error Indication" }, 174 { 27, "PDU Notification Request" }, 175 { 28, "PDU Notification Response" }, 176 { 29, "PDU Notification Reject Request" }, 177 { 30, "PDU Notification Reject Response" }, 178 { 31, "Supported Extension Headers Notification" }, 179 { 32, "Send Routeing Information for GPRS Request" }, 180 { 33, "Send Routeing Information for GPRS Response" }, 181 { 34, "Failure Report Request" }, 182 { 35, "Failure Report Response" }, 183 { 36, "Note MS GPRS Present Request" }, 184 { 37, "Note MS GPRS Present Response" }, 185 { 48, "Identification Request" }, 186 { 49, "Identification Response" }, 187 { 50, "SGSN Context Request" }, 188 { 51, "SGSN Context Response" }, 189 { 52, "SGSN Context Acknowledge" }, 190 { 53, "Forward Relocation Request" }, 191 { 54, "Forward Relocation Response" }, 192 { 55, "Forward Relocation Complete" }, 193 { 56, "Relocation Cancel Request" }, 194 { 57, "Relocation Cancel Response" }, 195 { 58, "Forward SRNS Context" }, 196 { 59, "Forward Relocation Complete Acknowledge" }, 197 { 60, "Forward SRNS Context Acknowledge" }, 198 { 70, "RAN Information Relay" }, 199 { 96, "MBMS Notification Request" }, 200 { 97, "MBMS Notification Response" }, 201 { 98, "MBMS Notification Reject Request" }, 202 { 99, "MBMS Notification Reject Response" }, 203 { 100, "Create MBMS Context Request" }, 204 { 101, "Create MBMS Context Response" }, 205 { 102, "Update MBMS Context Request" }, 206 { 103, "Update MBMS Context Response" }, 207 { 104, "Delete MBMS Context Request" }, 208 { 105, "Delete MBMS Context Response" }, 209 { 112, "MBMS Registration Request" }, 210 { 113, "MBMS Registration Response" }, 211 { 114, "MBMS De-Registration Request" }, 212 { 115, "MBMS De-Registration Response" }, 213 { 116, "MBMS Session Start Request" }, 214 { 117, "MBMS Session Start Response" }, 215 { 118, "MBMS Session Stop Request" }, 216 { 119, "MBMS Session Stop Response" }, 217 { 120, "MBMS Session Update Request" }, 218 { 121, "MBMS Session Update Response" }, 219 { 128, "MBMS Info Change Notification Request" }, 220 { 129, "MBMS Info Change Notification Response" }, 221 { 240, "Data Record Transfer Request" }, 222 { 241, "Data Record Transfer Response" }, 223 { 255, "G-PDU" }, 224 225 { 0, NULL } 226 }; 227 228 /* GTPv1 Causes. */ 229 static struct tok gtp_v1_cause[] = { 230 231 /* GTPv1-C. */ 232 { 0, "Request IMSI" }, 233 { 1, "Request IMEI" }, 234 { 2, "Request IMSI and IMEI" }, 235 { 3, "No identity needed" }, 236 { 4, "MS refuses" }, 237 { 5, "MS is not GPRS responding" }, 238 { 128, "Request accepted" }, 239 { 192, "Non-existent" }, 240 { 193, "Invalid message format" }, 241 { 194, "IMSI not known" }, 242 { 195, "MS is GPRS detached" }, 243 { 196, "MS is not GPRS responding" }, 244 { 197, "MS refuses" }, 245 { 198, "Version not supported" }, 246 { 199, "No resources available" }, 247 { 200, "Service not supported" }, 248 { 201, "Mandatory IE incorrect" }, 249 { 202, "Mandatory IE missing" }, 250 { 203, "Optional IE incorrect" }, 251 { 204, "System failure" }, 252 { 205, "Roaming restriction" }, 253 { 206, "P-TMSI signature mismatch" }, 254 { 207, "GPRS connection suspended" }, 255 { 208, "Authentication failure" }, 256 { 209, "User authentication failed" }, 257 { 210, "Context not found" }, 258 { 211, "All dynamic PDP addresses are occupied" }, 259 { 212, "No memory is available" }, 260 { 213, "Relocation failure" }, 261 { 214, "Unknown mandatory extension header" }, 262 { 215, "Semantic error in the TFT operation" }, 263 { 216, "Syntactic error in the TFT operation" }, 264 { 217, "Semantic errors in packet filter(s)" }, 265 { 218, "Syntactic errors in packet filter(s)" }, 266 { 219, "Missing or unknown APN" }, 267 { 220, "Unknown PDP address or PDP type" }, 268 { 221, "PDP context without TFT already activated" }, 269 { 222, "APN access denied - no subscription" }, 270 { 223, "APN restriction type incompatibility with currently " 271 "active PDP contexts" }, 272 { 224, "MS MBMS capabilities insufficient" }, 273 { 225, "Invalid correlation-ID" }, 274 { 226, "MBMS bearer context superseded" }, 275 276 /* GTP'v1. */ 277 { 59, "System failure" }, 278 { 60, "The transmit buffers are becoming full" }, 279 { 61, "The receive buffers are becoming full" }, 280 { 62, "Another node is about to go down" }, 281 { 63, "This node is about to go down" }, 282 { 177, "CDR decoding error" }, 283 { 252, "Request related to possibly duplicated packets already " 284 "fulfilled" }, 285 { 253, "Request already fulfilled" }, 286 { 254, "Sequence numbers of released/cancelled packets IE incorrect" }, 287 { 255, "Request not fulfilled" }, 288 289 { 0, NULL } 290 }; 291 292 static int gtp_proto = -1; 293 294 void 295 gtp_print(register const u_char *cp, u_int length, u_short sport, u_short dport) 296 { 297 int version; 298 299 /* Decode GTP version. */ 300 TCHECK(cp[0]); 301 version = cp[0] >> GTP_VERSION_SHIFT; 302 303 if (version == GTP_VERSION_0) 304 gtp_v0_print(cp, length, sport, dport); 305 else if (version == GTP_VERSION_1) 306 gtp_v1_print(cp, length, sport, dport); 307 else 308 printf(" GTP (version %i)", version); 309 310 return; 311 312 trunc: 313 printf(" [|GTP]"); 314 } 315 316 /* 317 * Decode and print information elements from message. The actual work is 318 * handled in the appropriate Tag/Value (TV) or Tag/Length/Value (TLV) 319 * decoding routine. 320 */ 321 void 322 gtp_decode_ie(register const u_char *cp, u_short version, int len) 323 { 324 int val, ielen, iecount = 0; 325 326 if (len <= 0) 327 return; 328 329 printf(" {"); 330 331 while (len > 0) { 332 333 iecount++; 334 if (iecount > 1) 335 printf(" "); 336 337 TCHECK(cp[0]); 338 val = (u_int)cp[0]; 339 cp++; 340 341 printf("["); 342 343 switch (version) { 344 case GTP_VERSION_0: 345 if ((val & GTPV0_IE_TYPE_MASK) == 0) 346 ielen = gtp_v0_print_tv(cp, val); 347 else 348 ielen = gtp_v0_print_tlv(cp, val); 349 break; 350 351 case GTP_VERSION_1: 352 if ((val & GTPV1_IE_TYPE_MASK) == 0) 353 ielen = gtp_v1_print_tv(cp, val); 354 else 355 ielen = gtp_v1_print_tlv(cp, val); 356 break; 357 358 default: 359 /* Version not supported... */ 360 ielen = -1; 361 break; 362 } 363 364 printf("]"); 365 366 if (ielen < 0) 367 goto trunc; 368 369 len -= ielen; 370 cp += ielen - 1; 371 } 372 373 if (iecount > 0) 374 printf("}"); 375 376 return; 377 378 trunc: 379 printf(" [|%s]", tok2str(gtp_type, "GTP", gtp_proto)); 380 } 381 382 /* 383 * Decode and print telephony binary coded decimal. 384 */ 385 void 386 gtp_print_tbcd(register const u_char *cp, u_int len) 387 { 388 u_int8_t *data, bcd; 389 int i; 390 391 data = (u_int8_t *)cp; 392 for (i = 0; i < len; i++) { 393 bcd = *data & 0xf; 394 if (bcd != 0xf) 395 printf("%u", bcd); 396 bcd = *data >> 4; 397 if (bcd != 0xf) 398 printf("%u", bcd); 399 data++; 400 } 401 } 402 403 /* 404 * Decode and print an end user address. Format is detailed in 405 * GSM 09.60 section 7.9.18 and 3GPP 29.060 section 7.7.27. 406 */ 407 void 408 gtp_print_user_address(register const u_char *cp, u_int len) 409 { 410 u_int8_t org, type; 411 412 if (len < 2) 413 return; 414 415 org = (u_int8_t)cp[0] & 0xf; 416 type = (u_int8_t)cp[1]; 417 418 cp += 2; 419 420 if (org == 0x0 && type == 0x1) 421 printf(": PPP"); 422 else if (org == 0x1 && type == 0x21) { 423 if (len == 6) 424 printf(": %s", ipaddr_string(cp)); 425 else 426 printf(": IPv4"); 427 #ifdef INET6 428 } else if (org == 0x1 && type == 0x57) { 429 if (len == 18) 430 printf(": %s", ip6addr_string(cp)); 431 else 432 printf(": IPv6"); 433 #endif 434 } else 435 printf(" (org 0x%x, type 0x%x)", org, type); 436 } 437 438 /* 439 * Decode and print an Access Point Name. Format is detailed in 440 * 3GPP 24.008 section 10.5.6.1 and 3GPP 23.003 section 9.1. 441 */ 442 void 443 gtp_print_apn(register const u_char *cp, u_int len) 444 { 445 u_char label[100]; 446 u_int8_t llen; 447 448 if (len < 1 || len > 100) 449 return; 450 451 while (len > 0) { 452 453 llen = (u_int8_t)cp[0]; 454 if (llen > 99) 455 return; 456 457 bcopy(cp + 1, label, llen); 458 label[llen] = '\0'; 459 printf("%s", label); 460 461 cp += llen + 1; 462 len -= llen + 1; 463 464 if (len > 0) 465 printf("."); 466 467 } 468 } 469 470 /* Print string from array. */ 471 void 472 gtp_print_str(const char **strs, u_int index) 473 { 474 475 if (index >= (sizeof(*strs) / sizeof(*strs[0]))) 476 printf(": %u", index); 477 else if (strs[index] != NULL) 478 printf(": %s", strs[index]); 479 } 480 481 /* 482 * Decoding routines for GTP version 0. 483 */ 484 void 485 gtp_v0_print(const u_char *cp, u_int length, u_short sport, u_short dport) 486 { 487 struct gtp_v0_hdr *gh = (struct gtp_v0_hdr *)cp; 488 int len, version; 489 u_int64_t tid; 490 491 gtp_proto = GTP_V0_PROTO; 492 493 /* Check if this is GTP prime. */ 494 TCHECK(gh->flags); 495 if ((gh->flags & GTPV0_HDR_PROTO_TYPE) == 0) { 496 gtp_proto = GTP_V0_PRIME_PROTO; 497 gtp_v0_print_prime(cp); 498 return; 499 } 500 501 /* Print GTP header. */ 502 TCHECK(*gh); 503 cp += sizeof(struct gtp_v0_hdr); 504 len = ntohs(gh->length); 505 bcopy(&gh->tid, &tid, sizeof(tid)); 506 printf(" GTPv0 (len %u, seqno %u, flow %u, N-PDU %u, tid 0x%llx) ", 507 ntohs(gh->length), ntohs(gh->seqno), ntohs(gh->flow), 508 ntohs(gh->npduno), betoh64(tid)); 509 510 /* Decode GTP message. */ 511 printf("%s", tok2str(gtp_v0_msgtype, "Message Type %u", gh->msgtype)); 512 513 if (!vflag) 514 return; 515 516 if (gh->msgtype == GTPV0_T_PDU) { 517 518 TCHECK(cp[0]); 519 version = cp[0] >> 4; 520 521 printf(" { "); 522 523 if (version == 4) 524 ip_print(cp, len); 525 #ifdef INET6 526 else if (version == 6) 527 ip6_print(cp, len); 528 #endif 529 else 530 printf("Unknown IP version %u", version); 531 532 printf(" }"); 533 } else 534 gtp_decode_ie(cp, GTP_VERSION_0, len); 535 536 return; 537 538 trunc: 539 printf(" [|%s]", tok2str(gtp_type, "GTP", gtp_proto)); 540 } 541 542 void 543 gtp_v0_print_prime(register const u_char *cp) 544 { 545 struct gtp_v0_prime_hdr *gph = (struct gtp_v0_prime_hdr *)cp; 546 int len; 547 548 /* Decode GTP prime header. */ 549 TCHECK(*gph); 550 cp += sizeof(*gph); 551 552 len = ntohs(gph->length); 553 printf(" GTPv0' (len %u, seq %u) ", len, ntohs(gph->seqno)); 554 555 /* Decode GTP message. */ 556 printf("%s", tok2str(gtp_v0_msgtype, "Message Type %u", gph->msgtype)); 557 558 if (vflag) 559 gtp_decode_ie(cp, GTP_VERSION_0, len); 560 561 return; 562 563 trunc: 564 printf(" [|%s]", tok2str(gtp_type, "GTP", gtp_proto)); 565 } 566 567 int 568 gtp_v0_print_tv(register const u_char *cp, u_int value) 569 { 570 u_int32_t *dpl; 571 u_int16_t *dps; 572 u_int8_t data; 573 int ielen = -1; 574 575 switch (value) { 576 case GTPV0_TV_CAUSE: 577 578 /* 09.60 7.9.1 - Cause. */ 579 TCHECK(cp[0]); 580 data = (u_int8_t)cp[0]; 581 ielen = GTPV0_TV_CAUSE_LENGTH; 582 printf("Cause: %s", tok2str(gtp_v0_cause, "#%u", data)); 583 break; 584 585 case GTPV0_TV_IMSI: 586 587 /* 09.60 7.9.2 - International Mobile Subscriber Identity. */ 588 TCHECK2(cp[0], GTPV0_TV_IMSI_LENGTH - 1); 589 printf("IMSI "); 590 gtp_print_tbcd(cp, GTPV0_TV_IMSI_LENGTH - 1); 591 ielen = GTPV0_TV_IMSI_LENGTH; 592 break; 593 594 case GTPV0_TV_RAI: 595 596 /* 09.60 7.9.3 - Routing Area Identity (RAI). */ 597 TCHECK2(cp[0], GTPV0_TV_RAI_LENGTH - 1); 598 printf("RAI: MCC "); 599 data = cp[1] | 0xf0; 600 gtp_print_tbcd(cp, 1); 601 gtp_print_tbcd(&data, 1); 602 printf(", MNC "); 603 data = (cp[1] >> 4) | 0xf0; 604 gtp_print_tbcd(cp + 2, 1); 605 gtp_print_tbcd(&data, 1); 606 printf(", LAC 0x%x%x", cp[3], cp[4]); 607 printf(", RAC 0x%x", cp[5]); 608 ielen = GTPV0_TV_RAI_LENGTH; 609 break; 610 611 case GTPV0_TV_TLLI: 612 613 /* 09.60 7.9.4 - Temporary Logical Link Identity (TLLI). */ 614 TCHECK2(cp[0], GTPV0_TV_TLLI_LENGTH - 1); 615 dpl = (u_int32_t *)cp; 616 printf("TLLI 0x%x", ntohl(*dpl)); 617 ielen = GTPV0_TV_TLLI_LENGTH; 618 break; 619 620 case GTPV0_TV_PTMSI: 621 622 /* 09.60 7.9.5 - Packet TMSI (P-TMSI). */ 623 TCHECK2(cp[0], GTPV0_TV_PTMSI_LENGTH - 1); 624 dpl = (u_int32_t *)cp; 625 printf("P-TMSI 0x%x", ntohl(*dpl)); 626 ielen = GTPV0_TV_PTMSI_LENGTH; 627 break; 628 629 case GTPV0_TV_QOS: 630 631 /* 09.60 7.9.6 - Quality of Service (QoS) Profile. */ 632 TCHECK2(cp[0], GTPV0_TV_QOS_LENGTH - 1); 633 printf("QoS Profile"); /* XXX */ 634 ielen = GTPV0_TV_QOS_LENGTH; 635 break; 636 637 case GTPV0_TV_REORDER: 638 639 /* 09.60 7.9.7 - Reordering Required. */ 640 TCHECK2(cp[0], GTPV0_TV_REORDER_LENGTH - 1); 641 printf("Reordering Required: "); 642 if (cp[0] & 0x1) 643 printf("yes"); 644 else 645 printf("no"); 646 ielen = GTPV0_TV_REORDER_LENGTH; 647 break; 648 649 case GTPV0_TV_AUTH_TRIPLET: 650 651 /* 09.60 7.9.8 - Authentication Triplet. */ 652 TCHECK2(cp[0], GTPV0_TV_AUTH_TRIPLET_LENGTH - 1); 653 printf("Authentication"); /* XXX */ 654 ielen = GTPV0_TV_AUTH_TRIPLET_LENGTH; 655 break; 656 657 case GTPV0_TV_MAP_CAUSE: 658 659 /* 09.60 7.9.9 - MAP Cause. */ 660 TCHECK2(cp[0], GTPV0_TV_MAP_CAUSE_LENGTH - 1); 661 printf("MAP Cause: %u", cp[0]); 662 ielen = GTPV0_TV_MAP_CAUSE_LENGTH; 663 break; 664 665 case GTPV0_TV_PTMSI_SIGNATURE: 666 667 /* 09.60 7.9.10 - P-TMSI Signature. */ 668 /* Signature defined in GSM 04.08. */ 669 TCHECK2(cp[0], GTPV0_TV_PTMSI_SIGNATURE_LENGTH - 1); 670 printf("PTMSI Signature: 0x%x%x%x", cp[0], cp[1], cp[2]); 671 ielen = GTPV0_TV_PTMSI_SIGNATURE_LENGTH; 672 break; 673 674 case GTPV0_TV_MS_VALIDATED: 675 676 /* 09.60 7.9.11 - MS Validated. */ 677 TCHECK2(cp[0], GTPV0_TV_MS_VALIDATED_LENGTH - 1); 678 printf("MS Validated"); 679 if (cp[0] & 0x1) 680 printf("yes"); 681 else 682 printf("no"); 683 ielen = GTPV0_TV_MS_VALIDATED_LENGTH; 684 break; 685 686 case GTPV0_TV_RECOVERY: 687 688 /* 09.60 7.9.12 - Recovery. */ 689 TCHECK2(cp[0], GTPV0_TV_RECOVERY_LENGTH - 1); 690 printf("Recovery: Restart counter %u", cp[0]); 691 ielen = GTPV0_TV_RECOVERY_LENGTH; 692 break; 693 694 case GTPV0_TV_SELECTION_MODE: 695 696 /* 09.60 7.9.13 - Selection Mode. */ 697 TCHECK2(cp[0], GTPV0_TV_SELECTION_MODE_LENGTH - 1); 698 printf("Selection Mode"); /* XXX */ 699 ielen = GTPV0_TV_SELECTION_MODE_LENGTH; 700 break; 701 702 case GTPV0_TV_FLOW_LABEL_DATA_I: 703 704 /* 09.60 7.9.14 - Flow Label Data I. */ 705 TCHECK2(cp[0], GTPV0_TV_FLOW_LABEL_DATA_I_LENGTH - 1); 706 dps = (u_int16_t *)cp; 707 printf("Flow Label Data I: %u", ntohs(*dps)); 708 ielen = GTPV0_TV_FLOW_LABEL_DATA_I_LENGTH; 709 break; 710 711 case GTPV0_TV_FLOW_LABEL_SIGNALLING: 712 713 /* 09.60 7.9.15 - Flow Label Signalling. */ 714 TCHECK2(cp[0], GTPV0_TV_FLOW_LABEL_SIGNALLING_LENGTH - 1); 715 dps = (u_int16_t *)cp; 716 printf("Flow Label Signalling: %u", ntohs(*dps)); 717 ielen = GTPV0_TV_FLOW_LABEL_SIGNALLING_LENGTH; 718 break; 719 720 case GTPV0_TV_FLOW_LABEL_DATA_II: 721 722 /* 09.60 7.9.16 - Flow Label Data II. */ 723 TCHECK2(cp[0], GTPV0_TV_FLOW_LABEL_DATA_II_LENGTH - 1); 724 data = cp[0] & 0xf; 725 dps = (u_int16_t *)(cp + 1); 726 printf("Flow Label Data II: %u, NSAPI %u", ntohs(*dps), data); 727 ielen = GTPV0_TV_FLOW_LABEL_DATA_II_LENGTH; 728 break; 729 730 case GTPV0_TV_PACKET_XFER_CMD: 731 732 /* 12.15 7.3.4.5.3 - Packet Transfer Command. */ 733 TCHECK2(cp[0], GTPV0_TV_PACKET_XFER_CMD_LENGTH - 1); 734 printf("Packet Transfer Command"); 735 gtp_print_str(gtp_packet_xfer_cmd, cp[0]); 736 ielen = GTPV0_TV_PACKET_XFER_CMD_LENGTH; 737 break; 738 739 case GTPV0_TV_CHARGING_ID: 740 741 /* 09.60 7.9.17 - Charging ID. */ 742 TCHECK2(cp[0], GTPV0_TV_CHARGING_ID_LENGTH - 1); 743 dps = (u_int16_t *)cp; 744 printf("Charging ID: %u", ntohs(*dps)); 745 ielen = GTPV0_TV_CHARGING_ID_LENGTH; 746 break; 747 748 default: 749 printf("TV %u", value); 750 } 751 752 trunc: 753 return ielen; 754 } 755 756 int 757 gtp_v0_print_tlv(register const u_char *cp, u_int value) 758 { 759 u_int8_t data; 760 u_int16_t *lenp, *seqno, len; 761 int ielen = -1; 762 763 /* Get length of IE. */ 764 TCHECK2(cp[0], 2); 765 lenp = (u_int16_t *)cp; 766 cp += 2; 767 len = ntohs(*lenp); 768 TCHECK2(cp[0], len); 769 ielen = sizeof(data) + sizeof(len) + len; 770 771 switch (value) { 772 773 case GTPV0_TLV_END_USER_ADDRESS: 774 775 /* 09.60 7.9.18 - End User Address. */ 776 printf("End User Address"); 777 gtp_print_user_address(cp, len); 778 break; 779 780 case GTPV0_TLV_MM_CONTEXT: 781 782 /* 09.60 7.9.19 - MM Context. */ 783 printf("MM Context"); /* XXX */ 784 break; 785 786 case GTPV0_TLV_PDP_CONTEXT: 787 788 /* 09.60 7.9.20 - PDP Context. */ 789 printf("PDP Context"); /* XXX */ 790 break; 791 792 case GTPV0_TLV_ACCESS_POINT_NAME: 793 794 /* 09.60 7.9.21 - Access Point Name. */ 795 printf("AP Name: "); 796 gtp_print_apn(cp, len); 797 break; 798 799 case GTPV0_TLV_PROTOCOL_CONFIG_OPTIONS: 800 801 /* 09.60 7.9.22 - Protocol Configuration Options. */ 802 printf("Protocol Configuration Options"); /* XXX */ 803 break; 804 805 case GTPV0_TLV_GSN_ADDRESS: 806 807 /* 09.60 7.9.23 - GSN Address. */ 808 printf("GSN Address"); 809 if (len == 4) 810 printf(": %s", ipaddr_string(cp)); 811 #ifdef INET6 812 else if (len == 16) 813 printf(": %s", ip6addr_string(cp)); 814 #endif 815 break; 816 817 case GTPV0_TLV_MS_ISDN: 818 819 /* 09.60 7.9.24 - MS International PSTN/ISDN Number. */ 820 printf("MSISDN "); 821 data = (u_int8_t)cp[0]; /* XXX - Number type. */ 822 gtp_print_tbcd(cp + 1, len - 1); 823 break; 824 825 case GTPV0_TLV_CHARGING_GATEWAY_ADDRESS: 826 827 /* 09.60 7.9.25 - Charging Gateway Address. */ 828 printf("Charging Gateway"); 829 if (len == 4) 830 printf(": %s", ipaddr_string(cp)); 831 break; 832 833 case GTPV0_TLV_DATA_RECORD_PACKET: 834 835 /* 12.15 7.3.4.5.4 - Data Record Packet. */ 836 printf("Data Record: Records %u, Format %u, Format Version %u", 837 cp[0], cp[1], ntohs(*(u_int16_t *)(cp + 2))); 838 break; 839 840 case GTPV0_TLV_REQUESTS_RESPONDED: 841 842 /* 12.15 7.3.4.6 - Requests Responded. */ 843 printf("Requests Responded:"); 844 seqno = (u_int16_t *)cp; 845 while (len > 0) { 846 printf(" %u", ntohs(*seqno)); 847 seqno++; 848 len -= sizeof(*seqno); 849 } 850 break; 851 852 case GTPV0_TLV_RECOMMENDED_NODE: 853 854 /* 12.15 7.3.4.3 - Address of Recommended Node. */ 855 printf("Recommended Node"); 856 if (len == 4) 857 printf(": %s", ipaddr_string(cp)); 858 #ifdef INET6 859 else if (len == 16) 860 printf(": %s", ip6addr_string(cp)); 861 #endif 862 break; 863 864 case GTPV0_TLV_PRIVATE_EXTENSION: 865 866 printf("Private Extension"); 867 break; 868 869 default: 870 printf("TLV %u (len %u)", value, len); 871 } 872 873 return ielen; 874 875 trunc: 876 return -1; 877 } 878 879 /* 880 * Decoding for GTP version 1, which consists of GTPv1-C, GTPv1-U and GTPv1'. 881 */ 882 void 883 gtp_v1_print(const u_char *cp, u_int length, u_short sport, u_short dport) 884 { 885 struct gtp_v1_hdr *gh = (struct gtp_v1_hdr *)cp; 886 struct gtp_v1_hdr_ext *ghe = 0; 887 int nexthdr, hlen; 888 u_char *p = (u_char *)cp; 889 890 TCHECK(gh->flags); 891 if ((gh->flags & GTPV1_HDR_PROTO_TYPE) == 0) { 892 gtp_proto = GTP_V1_PRIME_PROTO; 893 printf(" GTPv1'"); 894 gtp_v1_print_prime(p, (struct gtp_v1_prime_hdr *)gh); 895 return; 896 } 897 898 if (dport == GTPV1_C_PORT || sport == GTPV1_C_PORT) { 899 gtp_proto = GTP_V1_CTRL_PROTO; 900 printf(" GTPv1-C"); 901 } else if (dport == GTPV1_U_PORT || sport == GTPV1_U_PORT) { 902 gtp_proto = GTP_V1_USER_PROTO; 903 printf(" GTPv1-U"); 904 } else if (dport == GTPV1_PRIME_PORT || sport == GTPV1_PRIME_PORT) { 905 gtp_proto = GTP_V1_PRIME_PROTO; 906 printf(" GTPv1'"); 907 } 908 909 /* Decode GTP header. */ 910 TCHECK(*gh); 911 p += sizeof(struct gtp_v1_hdr); 912 913 printf(" (teid %u, len %u)", ntohl(gh->teid), ntohs(gh->length)); 914 915 if (gh->flags & GTPV1_HDR_EXT) { 916 ghe = (struct gtp_v1_hdr_ext *)cp; 917 TCHECK(*ghe); 918 p += sizeof(struct gtp_v1_hdr_ext) - sizeof(struct gtp_v1_hdr); 919 } 920 921 if (gh->flags & GTPV1_HDR_SN_FLAG) 922 printf(" [seq %u]", ntohs(ghe->seqno)); 923 924 if (gh->flags & GTPV1_HDR_NPDU_FLAG) 925 printf(" [N-PDU %u]", ghe->npduno); 926 927 if (gh->flags & GTPV1_HDR_EH_FLAG) { 928 929 /* Process next header... */ 930 nexthdr = ghe->nexthdr; 931 while (nexthdr != GTPV1_EH_NONE) { 932 933 /* Header length is a 4 octet multiplier. */ 934 hlen = (int)p[0] * 4; 935 TCHECK2(p[0], hlen); 936 937 switch (nexthdr) { 938 case GTPV1_EH_MBMS_SUPPORT: 939 printf(" [MBMS Support]"); 940 break; 941 942 case GTPV1_EH_MSI_CHANGE_RPT: 943 printf(" [MS Info Change Reporting]"); 944 break; 945 946 case GTPV1_EH_PDCP_PDU_NO: 947 printf(" [PDCP PDU %u]", 948 ntohs(*(u_int16_t *)(p + 1))); 949 break; 950 951 case GTPV1_EH_SUSPEND_REQUEST: 952 printf(" [Suspend Request]"); 953 break; 954 955 case GTPV1_EH_SUSPEND_RESPONSE: 956 printf(" [Suspend Response]"); 957 break; 958 959 default: 960 printf(" [Unknown Header %u]", nexthdr); 961 } 962 963 p += hlen - 1; 964 nexthdr = (int)p[0]; 965 p++; 966 } 967 968 } 969 970 hlen = p - cp; 971 972 if (dport == GTPV1_C_PORT || sport == GTPV1_C_PORT) 973 gtp_v1_print_ctrl(p, hlen, gh); 974 else if (dport == GTPV1_U_PORT || sport == GTPV1_U_PORT) 975 gtp_v1_print_user(p, hlen, gh); 976 977 return; 978 979 trunc: 980 printf(" [|%s]", tok2str(gtp_type, "GTP", gtp_proto)); 981 } 982 983 void 984 gtp_v1_print_ctrl(register const u_char *cp, u_int hlen, struct gtp_v1_hdr *gh) 985 { 986 int len; 987 988 /* Decode GTP control message. */ 989 printf(" %s", tok2str(gtp_v1_msgtype, "Message Type %u", gh->msgtype)); 990 991 len = ntohs(gh->length) - hlen + sizeof(*gh); 992 if (vflag) 993 gtp_decode_ie(cp, GTP_VERSION_1, len); 994 } 995 996 void 997 gtp_v1_print_user(register const u_char *cp, u_int hlen, struct gtp_v1_hdr *gh) 998 { 999 int len, version; 1000 1001 /* Decode GTP user message. */ 1002 printf(" %s", tok2str(gtp_v1_msgtype, "Message Type %u", gh->msgtype)); 1003 1004 if (!vflag) 1005 return; 1006 1007 len = ntohs(gh->length) - hlen + sizeof(*gh); 1008 1009 if (gh->msgtype == GTPV1_G_PDU) { 1010 1011 TCHECK(cp[0]); 1012 version = cp[0] >> 4; 1013 1014 printf(" { "); 1015 1016 if (version == 4) 1017 ip_print(cp, len); 1018 #ifdef INET6 1019 else if (version == 6) 1020 ip6_print(cp, len); 1021 #endif 1022 else 1023 printf("Unknown IP version %u", version); 1024 1025 printf(" }"); 1026 1027 } else 1028 gtp_decode_ie(cp, GTP_VERSION_1, len); 1029 1030 return; 1031 1032 trunc: 1033 printf(" [|%s]", tok2str(gtp_type, "GTP", gtp_proto)); 1034 } 1035 1036 void 1037 gtp_v1_print_prime(register const u_char *cp, struct gtp_v1_prime_hdr *gph) 1038 { 1039 int len; 1040 1041 /* Decode GTP prime header. */ 1042 TCHECK(*gph); 1043 cp += sizeof(struct gtp_v1_prime_hdr); 1044 1045 len = ntohs(gph->length); 1046 printf(" (len %u, seq %u) ", len, ntohs(gph->seqno)); 1047 1048 /* Decode GTP message. */ 1049 printf("%s", tok2str(gtp_v1_msgtype, "Message Type %u", gph->msgtype)); 1050 1051 if (vflag) 1052 gtp_decode_ie(cp, GTP_VERSION_1, len); 1053 1054 return; 1055 1056 trunc: 1057 printf(" [|%s]", tok2str(gtp_type, "GTP", gtp_proto)); 1058 } 1059 1060 int 1061 gtp_v1_print_tv(register const u_char *cp, u_int value) 1062 { 1063 u_int32_t *dpl; 1064 u_int16_t *dps; 1065 u_int8_t data; 1066 int ielen = -1; 1067 1068 switch (value) { 1069 case GTPV1_TV_CAUSE: 1070 1071 /* 29.060 - 7.7.1 Cause. */ 1072 TCHECK(cp[0]); 1073 data = (u_int8_t)cp[0]; 1074 ielen = GTPV1_TV_CAUSE_LENGTH; 1075 printf("Cause: %s", tok2str(gtp_v1_cause, "#%u", data)); 1076 break; 1077 1078 case GTPV1_TV_IMSI: 1079 1080 /* 29.060 7.7.2 - International Mobile Subscriber Identity. */ 1081 TCHECK2(cp[0], GTPV1_TV_IMSI_LENGTH - 1); 1082 printf("IMSI "); 1083 gtp_print_tbcd(cp, GTPV1_TV_IMSI_LENGTH - 1); 1084 ielen = GTPV1_TV_IMSI_LENGTH; 1085 break; 1086 1087 case GTPV1_TV_RAI: 1088 1089 /* 29.060 7.7.3 - Routing Area Identity (RAI). */ 1090 TCHECK2(cp[0], GTPV1_TV_RAI_LENGTH - 1); 1091 printf("RAI: MCC "); 1092 data = cp[1] | 0xf0; 1093 gtp_print_tbcd(cp, 1); 1094 gtp_print_tbcd(&data, 1); 1095 printf(", MNC "); 1096 data = (cp[1] >> 4) | 0xf0; 1097 gtp_print_tbcd(cp + 2, 1); 1098 gtp_print_tbcd(&data, 1); 1099 printf(", LAC 0x%x%x", cp[3], cp[4]); 1100 printf(", RAC 0x%x", cp[5]); 1101 ielen = GTPV1_TV_RAI_LENGTH; 1102 break; 1103 1104 case GTPV1_TV_TLLI: 1105 1106 /* 29.060 7.7.4 - Temporary Logical Link Identity (TLLI). */ 1107 TCHECK2(cp[0], GTPV1_TV_TLLI_LENGTH - 1); 1108 dpl = (u_int32_t *)cp; 1109 printf("TLLI 0x%x", ntohl(*dpl)); 1110 ielen = GTPV1_TV_TLLI_LENGTH; 1111 break; 1112 1113 case GTPV1_TV_PTMSI: 1114 1115 /* 29.060 7.7.5 - Packet TMSI (P-TMSI). */ 1116 TCHECK2(cp[0], GTPV1_TV_PTMSI_LENGTH - 1); 1117 dpl = (u_int32_t *)cp; 1118 printf("P-TMSI 0x%x", ntohl(*dpl)); 1119 ielen = GTPV1_TV_PTMSI_LENGTH; 1120 break; 1121 1122 case GTPV1_TV_REORDER: 1123 1124 /* 29.060 7.7.6 - Reordering Required. */ 1125 TCHECK2(cp[0], GTPV1_TV_REORDER_LENGTH - 1); 1126 printf("Reordering Required: "); 1127 if (cp[0] & 0x1) 1128 printf("yes"); 1129 else 1130 printf("no"); 1131 ielen = GTPV1_TV_REORDER_LENGTH; 1132 break; 1133 1134 case GTPV1_TV_AUTH: 1135 1136 /* 29.060 7.7.7 - Authentication Triplet. */ 1137 TCHECK2(cp[0], GTPV1_TV_AUTH_LENGTH - 1); 1138 dpl = (u_int32_t *)cp; 1139 printf("Auth: RAND 0x%x%x%x%x, SRES 0x%x, Kc 0x%x%x", 1140 ntohl(dpl[0]), ntohl(dpl[1]), ntohl(dpl[2]), ntohl(dpl[3]), 1141 ntohl(dpl[4]), ntohl(dpl[5]), ntohl(dpl[6])); 1142 ielen = GTPV1_TV_AUTH_LENGTH; 1143 break; 1144 1145 case GTPV1_TV_MAP_CAUSE: 1146 1147 /* 29.060 7.7.8 - MAP Cause. */ 1148 /* Cause defined in 3GPP TS 29.002. */ 1149 TCHECK2(cp[0], GTPV1_TV_MAP_CAUSE_LENGTH - 1); 1150 printf("Map Cause: %u", cp[0]); 1151 ielen = GTPV1_TV_MAP_CAUSE_LENGTH; 1152 break; 1153 1154 case GTPV1_TV_PTMSI_SIGNATURE: 1155 1156 /* 29.060 7.7.9 - P-TMSI Signature. */ 1157 /* Signature defined in 3GPP TS 24.008. */ 1158 TCHECK2(cp[0], GTPV1_TV_PTMSI_SIGNATURE_LENGTH - 1); 1159 printf("PTMSI Signature: 0x%x%x%x", cp[0], cp[1], cp[2]); 1160 ielen = GTPV1_TV_PTMSI_SIGNATURE_LENGTH; 1161 break; 1162 1163 case GTPV1_TV_MS_VALIDATED: 1164 1165 /* 29.060 7.7.10 - MS Validated. */ 1166 TCHECK2(cp[0], GTPV1_TV_MS_VALIDATED_LENGTH - 1); 1167 printf("MS Validated: "); 1168 if (cp[0] & 0x1) 1169 printf("yes"); 1170 else 1171 printf("no"); 1172 ielen = GTPV1_TV_MS_VALIDATED_LENGTH; 1173 break; 1174 1175 case GTPV1_TV_RECOVERY: 1176 1177 /* 29.060 7.7.11 - Recovery. */ 1178 TCHECK2(cp[0], GTPV1_TV_RECOVERY_LENGTH - 1); 1179 printf("Recovery: Restart counter %u", cp[0]); 1180 ielen = GTPV1_TV_RECOVERY_LENGTH; 1181 break; 1182 1183 case GTPV1_TV_SELECTION_MODE: 1184 1185 /* 29.060 7.7.12 - Selection Mode. */ 1186 TCHECK2(cp[0], GTPV1_TV_SELECTION_MODE_LENGTH - 1); 1187 data = (u_int8_t)cp[0]; 1188 printf("Selection Mode: %u", data & 0x2); 1189 ielen = GTPV1_TV_SELECTION_MODE_LENGTH; 1190 break; 1191 1192 case GTPV1_TV_TEID_DATA_I: 1193 1194 /* 29.060 7.7.13 - Tunnel Endpoint Identifier Data I. */ 1195 TCHECK2(cp[0], GTPV1_TV_TEID_DATA_I_LENGTH - 1); 1196 dpl = (u_int32_t *)cp; 1197 printf("TEI Data I: %u", ntohl(*dpl)); 1198 ielen = GTPV1_TV_TEID_DATA_I_LENGTH; 1199 break; 1200 1201 case GTPV1_TV_TEID_CTRL: 1202 1203 /* 29.060 7.7.14 - Tunnel Endpoint Identifier Control Plane. */ 1204 TCHECK2(cp[0], GTPV1_TV_TEID_CTRL_LENGTH - 1); 1205 dpl = (u_int32_t *)cp; 1206 printf("TEI Control Plane: %u", ntohl(*dpl)); 1207 ielen = GTPV1_TV_TEID_CTRL_LENGTH; 1208 break; 1209 1210 case GTPV1_TV_TEID_DATA_II: 1211 1212 /* 29.060 7.7.15 - Tunnel Endpoint Identifier Data II. */ 1213 TCHECK2(cp[0], GTPV1_TV_TEID_DATA_II_LENGTH - 1); 1214 data = cp[0] & 0xf; 1215 dpl = (u_int32_t *)(cp + 1); 1216 printf("TEI Data II: %u, NSAPI %u", ntohl(*dpl), data); 1217 ielen = GTPV1_TV_TEID_DATA_II_LENGTH; 1218 break; 1219 1220 case GTPV1_TV_TEARDOWN: 1221 1222 /* 29.060 7.7.16 - Teardown Indicator. */ 1223 TCHECK2(cp[0], GTPV1_TV_TEARDOWN_LENGTH - 1); 1224 printf("Teardown: "); 1225 if (cp[0] & 0x1) 1226 printf("yes"); 1227 else 1228 printf("no"); 1229 ielen = GTPV1_TV_TEARDOWN_LENGTH; 1230 break; 1231 1232 case GTPV1_TV_NSAPI: 1233 1234 /* 29.060 7.7.17 - NSAPI. */ 1235 TCHECK2(cp[0], GTPV1_TV_NSAPI_LENGTH - 1); 1236 data = (u_int8_t)cp[0]; 1237 printf("NSAPI %u", data & 0xf); 1238 ielen = GTPV1_TV_NSAPI_LENGTH; 1239 break; 1240 1241 case GTPV1_TV_RANAP: 1242 1243 /* 29.060 7.7.18 - RANAP Cause. */ 1244 TCHECK2(cp[0], GTPV1_TV_RANAP_LENGTH - 1); 1245 printf("RANAP Cause: %u", cp[0]); 1246 ielen = GTPV1_TV_RANAP_LENGTH; 1247 break; 1248 1249 case GTPV1_TV_RAB_CONTEXT: 1250 1251 /* 29.060 7.7.19 - RAB Context. */ 1252 TCHECK2(cp[0], GTPV1_TV_RAB_CONTEXT_LENGTH - 1); 1253 data = cp[0] & 0xf; 1254 dps = (u_int16_t *)(cp + 1); 1255 printf("RAB Context: NSAPI %u, DL GTP-U Seq No %u," 1256 "UL GTP-U Seq No %u, DL PDCP Seq No %u, UL PDCP Seq No %u", 1257 data, ntohs(dps[0]), ntohs(dps[1]), ntohs(dps[2]), 1258 ntohs(dps[3])); 1259 ielen = GTPV1_TV_RAB_CONTEXT_LENGTH; 1260 break; 1261 1262 case GTPV1_TV_RADIO_PRIORITY_SMS: 1263 1264 /* 29.060 7.7.20 - Radio Priority SMS. */ 1265 TCHECK2(cp[0], GTPV1_TV_RADIO_PRI_SMS_LENGTH - 1); 1266 printf("Radio Priority SMS: %u", cp[0] & 0x7); 1267 ielen = GTPV1_TV_RADIO_PRI_SMS_LENGTH; 1268 break; 1269 1270 case GTPV1_TV_RADIO_PRIORITY: 1271 1272 /* 29.060 7.7.21 - Radio Priority. */ 1273 TCHECK2(cp[0], GTPV1_TV_RADIO_PRI_LENGTH - 1); 1274 data = cp[0] >> 4; 1275 printf("Radio Priority: %u, NSAPI %u", cp[0] & 0x7, data); 1276 ielen = GTPV1_TV_RADIO_PRI_LENGTH; 1277 break; 1278 1279 case GTPV1_TV_PACKET_FLOW_ID: 1280 1281 /* 29.060 7.7.22 - Packet Flow ID. */ 1282 TCHECK2(cp[0], GTPV1_TV_PACKET_FLOW_ID_LENGTH - 1); 1283 printf("Packet Flow ID: %u, NSAPI %u", cp[1], cp[0] & 0xf); 1284 ielen = GTPV1_TV_PACKET_FLOW_ID_LENGTH; 1285 break; 1286 1287 case GTPV1_TV_CHARGING: 1288 1289 /* 29.060 7.7.23 - Charging Characteristics. */ 1290 /* Charging defined in 3GPP TS 32.298. */ 1291 TCHECK2(cp[0], GTPV1_TV_CHARGING_LENGTH - 1); 1292 printf("Charging Characteristics"); /* XXX */ 1293 ielen = GTPV1_TV_CHARGING_LENGTH; 1294 break; 1295 1296 case GTPV1_TV_TRACE_REFERENCE: 1297 1298 /* 29.060 7.7.24 - Trace Reference. */ 1299 TCHECK2(cp[0], GTPV1_TV_TRACE_REFERENCE_LENGTH - 1); 1300 dps = (u_int16_t *)cp; 1301 printf("Trace Reference: %u", ntohs(*dps)); 1302 ielen = GTPV1_TV_TRACE_REFERENCE_LENGTH; 1303 break; 1304 1305 case GTPV1_TV_TRACE_TYPE: 1306 1307 /* 29.060 7.7.25 - Trace Type. */ 1308 /* Trace type defined in GSM 12.08. */ 1309 TCHECK2(cp[0], GTPV1_TV_TRACE_TYPE_LENGTH - 1); 1310 dps = (u_int16_t *)cp; 1311 printf("Trace Type: %u", ntohs(*dps)); 1312 ielen = GTPV1_TV_TRACE_TYPE_LENGTH; 1313 break; 1314 1315 case GTPV1_TV_MSNRR: 1316 1317 /* 29.060 7.7.26 - MS Not Reachable Reason. */ 1318 /* Reason defined in 3GPP TS 23.040. */ 1319 TCHECK2(cp[0], GTPV1_TV_MSNRR_LENGTH - 1); 1320 printf("MS NRR: %u", cp[0]); 1321 ielen = GTPV1_TV_MSNRR_LENGTH; 1322 break; 1323 1324 case GTPV1_TV_PACKET_XFER_CMD: 1325 1326 /* 32.295 6.2.4.5.2 - Packet Transfer Command. */ 1327 TCHECK2(cp[0], GTPV1_TV_PACKET_XFER_CMD_LENGTH - 1); 1328 printf("Packet Transfer Command"); 1329 gtp_print_str(gtp_packet_xfer_cmd, cp[0]); 1330 ielen = GTPV1_TV_PACKET_XFER_CMD_LENGTH; 1331 break; 1332 1333 case GTPV1_TV_CHARGING_ID: 1334 1335 /* 29.060 7.7.26 - Charging ID. */ 1336 TCHECK2(cp[0], GTPV1_TV_CHARGING_ID_LENGTH - 1); 1337 dpl = (u_int32_t *)cp; 1338 printf("Charging ID: %u", ntohl(*dpl)); 1339 ielen = GTPV1_TV_CHARGING_ID_LENGTH; 1340 break; 1341 1342 default: 1343 printf("TV %u", value); 1344 } 1345 1346 trunc: 1347 return ielen; 1348 } 1349 1350 int 1351 gtp_v1_print_tlv(register const u_char *cp, u_int value) 1352 { 1353 u_int8_t data; 1354 u_int16_t *lenp, *seqno, len; 1355 int ielen = -1; 1356 1357 /* Get length of IE. */ 1358 TCHECK2(cp[0], 2); 1359 lenp = (u_int16_t *)cp; 1360 cp += 2; 1361 len = ntohs(*lenp); 1362 TCHECK2(cp[0], len); 1363 ielen = sizeof(data) + sizeof(len) + len; 1364 1365 switch (value) { 1366 case GTPV1_TLV_END_USER_ADDRESS: 1367 1368 /* 3GPP 29.060 - 7.7.27 End User Address. */ 1369 printf("End User Address"); 1370 gtp_print_user_address(cp, len); 1371 break; 1372 1373 case GTPV1_TLV_MM_CONTEXT: 1374 1375 /* 29.060 7.7.28 - MM Context. */ 1376 printf("MM Context"); /* XXX */ 1377 break; 1378 1379 case GTPV1_TLV_PDP_CONTEXT: 1380 1381 /* 29.260 7.7.29 - PDP Context. */ 1382 printf("PDP Context"); /* XXX */ 1383 break; 1384 1385 case GTPV1_TLV_ACCESS_POINT_NAME: 1386 1387 /* 29.060 7.7.30 - Access Point Name. */ 1388 printf("AP Name: "); 1389 gtp_print_apn(cp, len); 1390 break; 1391 1392 case GTPV1_TLV_PROTOCOL_CONFIG_OPTIONS: 1393 1394 /* 29.060 7.7.31 - Protocol Configuration Options. */ 1395 /* Defined in 3GPP TS 24.008. */ 1396 printf("Config Options"); /* XXX */ 1397 break; 1398 1399 case GTPV1_TLV_GSN_ADDRESS: 1400 1401 /* 29.060 7.7.32 - GSN Address. */ 1402 /* Defined in 3GPP TS 23.003. */ 1403 printf("GSN Address"); 1404 if (len == 4) 1405 printf(": %s", ipaddr_string(cp)); 1406 #ifdef INET6 1407 else if (len == 16) 1408 printf(": %s", ip6addr_string(cp)); 1409 #endif 1410 break; 1411 1412 case GTPV1_TLV_MSISDN: 1413 1414 /* 29.060 7.7.33 - MS International PSTN/ISDN Number. */ 1415 printf("MSISDN "); 1416 data = (u_int8_t)cp[0]; /* XXX - Number type. */ 1417 gtp_print_tbcd(cp + 1, len - 1); 1418 break; 1419 1420 case GTPV1_TLV_QOS_PROFILE: 1421 1422 /* 29.060 7.7.34 - QoS Profile. */ 1423 /* QoS profile defined in 3GPP TS 24.008 10.5.6.5. */ 1424 printf("QoS Profile: "); 1425 data = (u_int8_t)cp[0]; 1426 printf("Delay Class %u, ", (data >> 3) & 0x7); 1427 printf("Reliability Class %u", data & 0x7); 1428 if (vflag > 1) { 1429 printf(", "); 1430 data = (u_int8_t)cp[1]; 1431 printf("Precedence Class %u", data & 0x7); 1432 /* XXX - Decode more QoS fields. */ 1433 } 1434 break; 1435 1436 case GTPV1_TLV_AUTHENTICATION: 1437 1438 /* 29.060 7.7.35 - Authentication. */ 1439 printf("Authentication"); /* XXX */ 1440 break; 1441 1442 case GTPV1_TLV_TRAFFIC_FLOW: 1443 1444 /* 29.060 7.7.36 - Traffic Flow Template. */ 1445 printf("Traffic Flow Template"); /* XXX */ 1446 break; 1447 1448 case GTPV1_TLV_TARGET_IDENTIFICATION: 1449 1450 /* 29.060 7.7.37 - Target Identification. */ 1451 printf("Target ID"); /* XXX */ 1452 break; 1453 1454 case GTPV1_TLV_UTRAN_CONTAINER: 1455 1456 /* 29.060 7.7.38 - UTRAN Transparent Container. */ 1457 printf("UTRAN Container"); /* XXX */ 1458 break; 1459 1460 case GTPV1_TLV_RAB_SETUP_INFORMATION: 1461 1462 /* 29.060 7.7.39 - RAB Setup Information. */ 1463 printf("RAB Setup"); /* XXX */ 1464 break; 1465 1466 case GTPV1_TLV_EXT_HEADER_TYPE_LIST: 1467 1468 /* 29.060 7.7.40 - Extension Header Type List. */ 1469 printf("Extension Header List"); /* XXX */ 1470 break; 1471 1472 case GTPV1_TLV_TRIGGER_ID: 1473 1474 /* 29.060 7.7.41 - Trigger ID. */ 1475 printf("Trigger ID"); /* XXX */ 1476 break; 1477 1478 case GTPV1_TLV_OMC_IDENTITY: 1479 1480 /* 29.060 7.7.42 - OMC Identity. */ 1481 printf("OMC Identity"); /* XXX */ 1482 break; 1483 1484 case GTPV1_TLV_RAN_CONTAINER: 1485 1486 /* 29.060 7.7.43 - RAN Transparent Container. */ 1487 printf("RAN Container"); /* XXX */ 1488 break; 1489 1490 case GTPV1_TLV_PDP_CONTEXT_PRIORITIZATION: 1491 1492 /* 29.060 7.7.45 - PDP Context Prioritization. */ 1493 printf("PDP Context Prioritization"); /* XXX */ 1494 break; 1495 1496 case GTPV1_TLV_ADDITIONAL_RAB_SETUP_INFO: 1497 1498 /* 29.060 7.7.45A - Additional RAB Setup Information. */ 1499 printf("Additional RAB Setup"); /* XXX */ 1500 break; 1501 1502 case GTPV1_TLV_SGSN_NUMBER: 1503 1504 /* 29.060 7.7.47 - SGSN Number. */ 1505 printf("SGSN Number"); /* XXX */ 1506 break; 1507 1508 case GTPV1_TLV_COMMON_FLAGS: 1509 1510 /* 29.060 7.7.48 - Common Flags. */ 1511 printf("Common Flags"); /* XXX */ 1512 break; 1513 1514 case GTPV1_TLV_APN_RESTRICTION: 1515 1516 /* 29.060 7.7.49 - APN Restriction. */ 1517 data = (u_int8_t)cp[0]; 1518 printf("APN Restriction: %u", data); 1519 break; 1520 1521 case GTPV1_TLV_RADIO_PRIORITY_LCS: 1522 1523 /* 29.060 7.7.25B - Radio Priority LCS. */ 1524 printf("Radio Priority LCS: %u", cp[0] & 0x7); 1525 break; 1526 1527 case GTPV1_TLV_RAT_TYPE: 1528 1529 /* 29.060 7.7.50 - RAT Type. */ 1530 printf("RAT"); 1531 gtp_print_str(gtp_rat_type, cp[0]); 1532 break; 1533 1534 case GTPV1_TLV_USER_LOCATION_INFO: 1535 1536 /* 29.060 7.7.51 - User Location Information. */ 1537 printf("ULI"); /* XXX */ 1538 break; 1539 1540 case GTPV1_TLV_MS_TIME_ZONE: 1541 1542 /* 29.060 7.7.52 - MS Time Zone. */ 1543 printf("MSTZ"); /* XXX */ 1544 break; 1545 1546 case GTPV1_TLV_IMEI_SV: 1547 1548 /* 29.060 7.7.53 - IMEI(SV). */ 1549 printf("IMEI(SV) "); 1550 gtp_print_tbcd(cp, len); 1551 break; 1552 1553 case GTPV1_TLV_CAMEL_CHARGING_CONTAINER: 1554 1555 /* 29.060 7.7.54 - CAMEL Charging Information Container. */ 1556 printf("CAMEL Charging"); /* XXX */ 1557 break; 1558 1559 case GTPV1_TLV_MBMS_UE_CONTEXT: 1560 1561 /* 29.060 7.7.55 - MBMS UE Context. */ 1562 printf("MBMS UE Context"); /* XXX */ 1563 break; 1564 1565 case GTPV1_TLV_TMGI: 1566 1567 /* 29.060 7.7.56 - Temporary Mobile Group Identity. */ 1568 printf("TMGI"); /* XXX */ 1569 break; 1570 1571 case GTPV1_TLV_RIM_ROUTING_ADDRESS: 1572 1573 /* 29.060 7.7.57 - RIM Routing Address. */ 1574 printf("RIM Routing Address"); /* XXX */ 1575 break; 1576 1577 case GTPV1_TLV_MBMS_PROTOCOL_CONFIG_OPTIONS: 1578 1579 /* 29.060 7.7.58 - MBMS Protocol Configuration Options. */ 1580 printf("MBMS Protocol Config Options"); /* XXX */ 1581 break; 1582 1583 case GTPV1_TLV_MBMS_SERVICE_AREA: 1584 1585 /* 29.060 7.7.60 - MBMS Service Area. */ 1586 printf("MBMS Service Area"); /* XXX */ 1587 break; 1588 1589 case GTPV1_TLV_SOURCE_RNC_PDCP_CONTEXT_INFO: 1590 1591 /* 29.060 7.7.61 - Source RNC PDCP Context Information. */ 1592 printf("Source RNC PDCP Context"); /* XXX */ 1593 break; 1594 1595 case GTPV1_TLV_ADDITIONAL_TRACE_INFO: 1596 1597 /* 29.060 7.7.62 - Additional Trace Information. */ 1598 printf("Additional Trace Info"); /* XXX */ 1599 break; 1600 1601 case GTPV1_TLV_HOP_COUNTER: 1602 1603 /* 29.060 7.7.63 - Hop Counter. */ 1604 printf("Hop Counter: %u", cp[0]); 1605 break; 1606 1607 case GTPV1_TLV_SELECTED_PLMN_ID: 1608 1609 /* 29.060 7.7.64 - Selected PLMN ID. */ 1610 printf("Selected PLMN ID"); /* XXX */ 1611 break; 1612 1613 case GTPV1_TLV_MBMS_SESSION_IDENTIFIER: 1614 1615 /* 29.060 7.7.65 - MBMS Session Identifier. */ 1616 printf("MBMS Session ID: %u", cp[0]); 1617 break; 1618 1619 case GTPV1_TLV_MBMS_2G_3G_INDICATOR: 1620 1621 /* 29.060 7.7.66 - MBMS 2G/3G Indicator. */ 1622 printf("MBMS 2G/3G Indicator"); 1623 gtp_print_str(mbms_2g3g_indicator, cp[0]); 1624 break; 1625 1626 case GTPV1_TLV_ENHANCED_NSAPI: 1627 1628 /* 29.060 7.7.67 - Enhanced NSAPI. */ 1629 printf("Enhanced NSAPI"); /* XXX */ 1630 break; 1631 1632 case GTPV1_TLV_MBMS_SESSION_DURATION: 1633 1634 /* 29.060 7.7.59 - MBMS Session Duration. */ 1635 printf("MBMS Session Duration"); /* XXX */ 1636 break; 1637 1638 case GTPV1_TLV_ADDITIONAL_MBMS_TRACE_INFO: 1639 1640 /* 29.060 7.7.68 - Additional MBMS Trace Info. */ 1641 printf("Additional MBMS Trace Info"); /* XXX */ 1642 break; 1643 1644 case GTPV1_TLV_MBMS_SESSION_REPITITION_NO: 1645 1646 /* 29.060 7.7.69 - MBMS Session Repetition Number. */ 1647 printf("MBMS Session Repetition No: %u", cp[0]); 1648 break; 1649 1650 case GTPV1_TLV_MBMS_TIME_TO_DATA_TRANSFER: 1651 1652 /* 29.060 7.7.70 - MBMS Time to Data Transfer. */ 1653 printf("MBMS Time to Data Transfer: %u", cp[0]); 1654 break; 1655 1656 case GTPV1_TLV_PS_HANDOVER_REQUEST_CONTEXT: 1657 1658 /* 29.060 7.7.71 - PS Handover Request Context (Void). */ 1659 break; 1660 1661 case GTPV1_TLV_BSS_CONTAINER: 1662 1663 /* 29.060 7.7.72 - BSS Container. */ 1664 printf("BSS Container"); /* XXX */ 1665 break; 1666 1667 case GTPV1_TLV_CELL_IDENTIFICATION: 1668 1669 /* 29.060 7.7.73 - Cell Identification. */ 1670 printf("Cell Identification"); /* XXX */ 1671 break; 1672 1673 case GTPV1_TLV_PDU_NUMBERS: 1674 1675 /* 29.060 7.7.74 - PDU Numbers. */ 1676 printf("PDU Numbers"); /* XXX */ 1677 break; 1678 1679 case GTPV1_TLV_BSSGP_CAUSE: 1680 1681 /* 29.060 7.7.75 - BSSGP Cause. */ 1682 printf("BSSGP Cause: %u", cp[0]); 1683 break; 1684 1685 case GTPV1_TLV_REQUIRED_MBMS_BEARER_CAP: 1686 1687 /* 29.060 7.7.76 - Required MBMS Bearer Cap. */ 1688 printf("Required MBMS Bearer Cap"); /* XXX */ 1689 break; 1690 1691 case GTPV1_TLV_RIM_ROUTING_ADDRESS_DISC: 1692 1693 /* 29.060 7.7.77 - RIM Routing Address Discriminator. */ 1694 printf("RIM Routing Address Discriminator: %u", cp[0] & 0xf); 1695 break; 1696 1697 case GTPV1_TLV_LIST_OF_SETUP_PFCS: 1698 1699 /* 29.060 7.7.78 - List of Setup PFCs. */ 1700 printf("List of Setup PFCs"); /* XXX */ 1701 break; 1702 1703 case GTPV1_TLV_PS_HANDOVER_XID_PARAMETERS: 1704 1705 /* 29.060 7.7.79 - PS Handover XID Parameters. */ 1706 printf("PS Handover XID Parameters"); /* XXX */ 1707 break; 1708 1709 case GTPV1_TLV_MS_INFO_CHANGE_REPORTING: 1710 1711 /* 29.060 7.7.80 - MS Info Change Reporting. */ 1712 printf("MS Info Change Reporting"); 1713 gtp_print_str(ms_info_change_rpt, cp[0]); 1714 break; 1715 1716 case GTPV1_TLV_DIRECT_TUNNEL_FLAGS: 1717 1718 /* 29.060 7.7.81 - Direct Tunnel Flags. */ 1719 printf("Direct Tunnel Flags"); /* XXX */ 1720 break; 1721 1722 case GTPV1_TLV_CORRELATION_ID: 1723 1724 /* 29.060 7.7.82 - Correlation ID. */ 1725 printf("Correlation ID"); /* XXX */ 1726 break; 1727 1728 case GTPV1_TLV_BEARER_CONTROL_MODE: 1729 1730 /* 29.060 7.7.83 - Bearer Control Mode. */ 1731 printf("Bearer Control Mode"); /* XXX */ 1732 break; 1733 1734 case GTPV1_TLV_MBMS_FLOW_IDENTIFIER: 1735 1736 /* 29.060 7.7.84 - MBMS Flow Identifier. */ 1737 printf("MBMS Flow Identifier"); /* XXX */ 1738 break; 1739 1740 case GTPV1_TLV_RELEASED_PACKETS: 1741 1742 /* 32.295 6.2.4.5.4 - Sequence Numbers of Released Packets. */ 1743 printf("Released Packets:"); 1744 seqno = (u_int16_t *)cp; 1745 while (len > 0) { 1746 printf(" %u", ntohs(*seqno)); 1747 seqno++; 1748 len -= sizeof(*seqno); 1749 } 1750 break; 1751 1752 case GTPV1_TLV_CANCELLED_PACKETS: 1753 1754 /* 32.295 6.2.4.5.5 - Sequence Numbers of Cancelled Packets. */ 1755 printf("Cancelled Packets:"); 1756 seqno = (u_int16_t *)cp; 1757 while (len > 0) { 1758 printf(" %u", ntohs(*seqno)); 1759 seqno++; 1760 len -= sizeof(*seqno); 1761 } 1762 break; 1763 1764 case GTPV1_TLV_CHARGING_GATEWAY_ADDRESS: 1765 1766 /* 29.060 7.7.44 - Charging Gateway Address. */ 1767 printf("Charging Gateway"); 1768 if (len == 4) 1769 printf(": %s", ipaddr_string(cp)); 1770 #ifdef INET6 1771 else if (len == 16) 1772 printf(": %s", ip6addr_string(cp)); 1773 #endif 1774 break; 1775 1776 case GTPV1_TLV_DATA_RECORD_PACKET: 1777 1778 /* 32.295 6.2.4.5.3 - Data Record Packet. */ 1779 printf("Data Record: Records %u, Format %u, Format Version %u", 1780 cp[0], cp[1], ntohs(*(u_int16_t *)(cp + 2))); 1781 break; 1782 1783 case GTPV1_TLV_REQUESTS_RESPONDED: 1784 1785 /* 32.295 6.2.4.6 - Requests Responded. */ 1786 printf("Requests Responded:"); 1787 seqno = (u_int16_t *)cp; 1788 while (len > 0) { 1789 printf(" %u", ntohs(*seqno)); 1790 seqno++; 1791 len -= sizeof(*seqno); 1792 } 1793 break; 1794 1795 case GTPV1_TLV_ADDRESS_OF_RECOMMENDED_NODE: 1796 1797 /* 32.295 6.2.4.3 - Address of Recommended Node. */ 1798 printf("Address of Recommended Node"); 1799 if (len == 4) 1800 printf(": %s", ipaddr_string(cp)); 1801 #ifdef INET6 1802 else if (len == 16) 1803 printf(": %s", ip6addr_string(cp)); 1804 #endif 1805 break; 1806 1807 case GTPV1_TLV_PRIVATE_EXTENSION: 1808 1809 /* 29.060 7.7.46 - Private Extension. */ 1810 printf("Private Extension"); 1811 break; 1812 1813 default: 1814 printf("TLV %u (len %u)", value, len); 1815 } 1816 1817 return ielen; 1818 1819 trunc: 1820 return -1; 1821 } 1822