1 /* $OpenBSD: print-gtp.c,v 1.5 2011/09/18 10:25:36 jsing Exp $ */ 2 /* 3 * Copyright (c) 2009, 2010 Joel Sing <jsing@openbsd.org> 4 * 5 * Permission to use, copy, modify, and distribute this software for any 6 * purpose with or without fee is hereby granted, provided that the above 7 * copyright notice and this permission notice appear in all copies. 8 * 9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 */ 17 18 /* 19 * Decoder for the GPRS Trunking Protocol (GTP). 20 * 21 * This work has been kindly sponsored by SystemNet (www.systemnet.no). 22 * 23 * GTPv0 standards are available from the ETSI website: 24 * 25 * http://pda.etsi.org/pda/ 26 * 27 * GTPv1 standards are available from the 3GPP website: 28 * 29 * http://www.3gpp.org/specifications 30 * 31 * The following standards have been referenced to create this decoder: 32 * 33 * ETSI GSM 09.60 - GPRS Tunnelling Protocol (GTPv0) 34 * ETSI GSM 12.15 - GPRS Charging (GTPv0') 35 * 36 * 3GPP TS 23.003 - Numbering, addressing and identification 37 * 3GPP TS 24.008 - Core network protocols 38 * 3GPP TS 29.002 - Mobile Application Part (MAP) specification 39 * 3GPP TS 29.060 - GPRS Tunnelling Protocol (GTPv1-C/GTPv1-U) 40 * 3GPP TS 32.295 - Charging Data Record (CDR) transfer (GTPv1') 41 */ 42 43 #include <sys/param.h> 44 #include <sys/time.h> 45 #include <sys/socket.h> 46 #include <sys/types.h> 47 48 #include <netinet/in.h> 49 #include <netinet/in_systm.h> 50 #include <netinet/ip.h> 51 #include <netinet/ip_var.h> 52 53 #include <ctype.h> 54 #include <stdio.h> 55 #include <stdlib.h> 56 #include <string.h> 57 58 #include "addrtoname.h" 59 #include "interface.h" 60 #include "gtp.h" 61 62 void gtp_print(register const u_char *, u_int, u_short, u_short); 63 void gtp_decode_ie(register const u_char *, u_short, int); 64 void gtp_print_tbcd(register const u_char *, u_int); 65 void gtp_print_user_address(register const u_char *, u_int); 66 void gtp_print_apn(register const u_char *, u_int); 67 void gtp_print_str(const char **, u_int); 68 69 void gtp_v0_print(const u_char *, u_int, u_short, u_short); 70 void gtp_v0_print_prime(register const u_char *); 71 int gtp_v0_print_tv(register const u_char *, u_int); 72 int gtp_v0_print_tlv(register const u_char *, u_int); 73 74 void gtp_v1_print(const u_char *, u_int, u_short, u_short); 75 void gtp_v1_print_ctrl(register const u_char *, u_int, struct gtp_v1_hdr *); 76 void gtp_v1_print_user(register const u_char *, u_int, struct gtp_v1_hdr *); 77 void gtp_v1_print_prime(register const u_char *, struct gtp_v1_prime_hdr *); 78 int gtp_v1_print_tv(register const u_char *, u_int); 79 int gtp_v1_print_tlv(register const u_char *, u_int); 80 81 /* GTPv0 message types. */ 82 static struct tok gtp_v0_msgtype[] = { 83 84 { 1, "Echo Request" }, 85 { 2, "Echo Response" }, 86 { 3, "Version Not Supported" }, 87 { 4, "Node Alive Request" }, 88 { 5, "Node Alive Response" }, 89 { 6, "Redirection Request" }, 90 { 7, "Redirection Response" }, 91 { 16, "Create PDP Context Request" }, 92 { 17, "Create PDP Context Response" }, 93 { 18, "Update PDP Context Request" }, 94 { 19, "Update PDP Context Response" }, 95 { 20, "Delete PDP Context Request" }, 96 { 21, "Delete PDP Context Response" }, 97 { 22, "Create AA PDP Context Request" }, 98 { 23, "Create AA PDP Context Response" }, 99 { 24, "Delete AA PDP Context Request" }, 100 { 25, "Delete AA PDP Context Response" }, 101 { 26, "Error Indication" }, 102 { 27, "PDU Notification Request" }, 103 { 28, "PDU Notification Response" }, 104 { 29, "PDU Notification Reject Request" }, 105 { 30, "PDU Notification Reject Response" }, 106 { 32, "Send Routeing Information Request" }, 107 { 33, "Send Routeing Information Response" }, 108 { 34, "Failure Report Request" }, 109 { 35, "Failure Report Response" }, 110 { 36, "MS GPRS Present Request" }, 111 { 37, "MS GPRS Present Response" }, 112 { 48, "Identification Request" }, 113 { 49, "Identification Response" }, 114 { 50, "SGSN Context Request" }, 115 { 51, "SGSN Context Response" }, 116 { 52, "SGSN Context Acknowledge" }, 117 { 240, "Data Record Transfer Request" }, 118 { 241, "Data Record Transfer Response" }, 119 { 255, "T-PDU" }, 120 121 { 0, NULL } 122 }; 123 124 /* GTPv0 causes. */ 125 static struct tok gtp_v0_cause[] = { 126 127 { 0, "Request IMSI" }, 128 { 1, "Request IMEI" }, 129 { 2, "Request IMSI and IMEI" }, 130 { 3, "No identity needed" }, 131 { 4, "MS refuses" }, 132 { 5, "MS is not GPRS responding" }, 133 { 128, "Request accepted" }, 134 { 192, "Non-existent" }, 135 { 193, "Invalid message format" }, 136 { 194, "IMSI not known" }, 137 { 195, "MS is GPRS detached" }, 138 { 196, "MS is not GPRS responding" }, 139 { 197, "MS refuses" }, 140 { 198, "Version not supported" }, 141 { 199, "No resources available" }, 142 { 200, "Service not supported" }, 143 { 201, "Mandatory IE incorrect" }, 144 { 202, "Mandatory IE missing" }, 145 { 203, "Optional IE incorrect" }, 146 { 204, "System failure" }, 147 { 205, "Roaming restriction" }, 148 { 206, "P-TMSI signature mismatch" }, 149 { 207, "GPRS connection suspended" }, 150 { 208, "Authentication failure" }, 151 { 209, "User authentication failed" }, 152 153 { 0, NULL } 154 }; 155 156 /* GTPv1 message types. */ 157 static struct tok gtp_v1_msgtype[] = { 158 159 { 1, "Echo Request" }, 160 { 2, "Echo Response" }, 161 { 3, "Version Not Supported" }, 162 { 4, "Node Alive Request" }, 163 { 5, "Node Alive Response" }, 164 { 6, "Redirection Request" }, 165 { 7, "Redirection Response" }, 166 { 16, "Create PDP Context Request" }, 167 { 17, "Create PDP Context Response" }, 168 { 18, "Update PDP Context Request" }, 169 { 19, "Update PDP Context Response" }, 170 { 20, "Delete PDP Context Request" }, 171 { 21, "Delete PDP Context Response" }, 172 { 22, "Initiate PDP Context Activiation Request" }, 173 { 23, "Initiate PDP Context Activiation Response" }, 174 { 26, "Error Indication" }, 175 { 27, "PDU Notification Request" }, 176 { 28, "PDU Notification Response" }, 177 { 29, "PDU Notification Reject Request" }, 178 { 30, "PDU Notification Reject Response" }, 179 { 31, "Supported Extension Headers Notification" }, 180 { 32, "Send Routeing Information for GPRS Request" }, 181 { 33, "Send Routeing Information for GPRS Response" }, 182 { 34, "Failure Report Request" }, 183 { 35, "Failure Report Response" }, 184 { 36, "Note MS GPRS Present Request" }, 185 { 37, "Note MS GPRS Present Response" }, 186 { 48, "Identification Request" }, 187 { 49, "Identification Response" }, 188 { 50, "SGSN Context Request" }, 189 { 51, "SGSN Context Response" }, 190 { 52, "SGSN Context Acknowledge" }, 191 { 53, "Forward Relocation Request" }, 192 { 54, "Forward Relocation Response" }, 193 { 55, "Forward Relocation Complete" }, 194 { 56, "Relocation Cancel Request" }, 195 { 57, "Relocation Cancel Response" }, 196 { 58, "Forward SRNS Context" }, 197 { 59, "Forward Relocation Complete Acknowledge" }, 198 { 60, "Forward SRNS Context Acknowledge" }, 199 { 70, "RAN Information Relay" }, 200 { 96, "MBMS Notification Request" }, 201 { 97, "MBMS Notification Response" }, 202 { 98, "MBMS Notification Reject Request" }, 203 { 99, "MBMS Notification Reject Response" }, 204 { 100, "Create MBMS Context Request" }, 205 { 101, "Create MBMS Context Response" }, 206 { 102, "Update MBMS Context Request" }, 207 { 103, "Update MBMS Context Response" }, 208 { 104, "Delete MBMS Context Request" }, 209 { 105, "Delete MBMS Context Response" }, 210 { 112, "MBMS Registration Request" }, 211 { 113, "MBMS Registration Response" }, 212 { 114, "MBMS De-Registration Request" }, 213 { 115, "MBMS De-Registration Response" }, 214 { 116, "MBMS Session Start Request" }, 215 { 117, "MBMS Session Start Response" }, 216 { 118, "MBMS Session Stop Request" }, 217 { 119, "MBMS Session Stop Response" }, 218 { 120, "MBMS Session Update Request" }, 219 { 121, "MBMS Session Update Response" }, 220 { 128, "MBMS Info Change Notification Request" }, 221 { 129, "MBMS Info Change Notification Response" }, 222 { 240, "Data Record Transfer Request" }, 223 { 241, "Data Record Transfer Response" }, 224 { 255, "G-PDU" }, 225 226 { 0, NULL } 227 }; 228 229 /* GTPv1 Causes. */ 230 static struct tok gtp_v1_cause[] = { 231 232 /* GTPv1-C. */ 233 { 0, "Request IMSI" }, 234 { 1, "Request IMEI" }, 235 { 2, "Request IMSI and IMEI" }, 236 { 3, "No identity needed" }, 237 { 4, "MS refuses" }, 238 { 5, "MS is not GPRS responding" }, 239 { 128, "Request accepted" }, 240 { 192, "Non-existent" }, 241 { 193, "Invalid message format" }, 242 { 194, "IMSI not known" }, 243 { 195, "MS is GPRS detached" }, 244 { 196, "MS is not GPRS responding" }, 245 { 197, "MS refuses" }, 246 { 198, "Version not supported" }, 247 { 199, "No resources available" }, 248 { 200, "Service not supported" }, 249 { 201, "Mandatory IE incorrect" }, 250 { 202, "Mandatory IE missing" }, 251 { 203, "Optional IE incorrect" }, 252 { 204, "System failure" }, 253 { 205, "Roaming restriction" }, 254 { 206, "P-TMSI signature mismatch" }, 255 { 207, "GPRS connection suspended" }, 256 { 208, "Authentication failure" }, 257 { 209, "User authentication failed" }, 258 { 210, "Context not found" }, 259 { 211, "All dynamic PDP addresses are occupied" }, 260 { 212, "No memory is available" }, 261 { 213, "Relocation failure" }, 262 { 214, "Unknown mandatory extension header" }, 263 { 215, "Semantic error in the TFT operation" }, 264 { 216, "Syntactic error in the TFT operation" }, 265 { 217, "Semantic errors in packet filter(s)" }, 266 { 218, "Syntactic errors in packet filter(s)" }, 267 { 219, "Missing or unknown APN" }, 268 { 220, "Unknown PDP address or PDP type" }, 269 { 221, "PDP context without TFT already activated" }, 270 { 222, "APN access denied - no subscription" }, 271 { 223, "APN restriction type incompatibility with currently " 272 "active PDP contexts" }, 273 { 224, "MS MBMS capabilities insufficient" }, 274 { 225, "Invalid correlation-ID" }, 275 { 226, "MBMS bearer context superseded" }, 276 277 /* GTP'v1. */ 278 { 59, "System failure" }, 279 { 60, "The transmit buffers are becoming full" }, 280 { 61, "The receive buffers are becoming full" }, 281 { 62, "Another node is about to go down" }, 282 { 63, "This node is about to go down" }, 283 { 177, "CDR decoding error" }, 284 { 252, "Request related to possibly duplicated packets already " 285 "fulfilled" }, 286 { 253, "Request already fulfilled" }, 287 { 254, "Sequence numbers of released/cancelled packets IE incorrect" }, 288 { 255, "Request not fulfilled" }, 289 290 { 0, NULL } 291 }; 292 293 static int gtp_proto = -1; 294 295 void 296 gtp_print(register const u_char *cp, u_int length, u_short sport, u_short dport) 297 { 298 int version; 299 300 /* Decode GTP version. */ 301 TCHECK(cp[0]); 302 version = cp[0] >> GTP_VERSION_SHIFT; 303 304 if (version == GTP_VERSION_0) 305 gtp_v0_print(cp, length, sport, dport); 306 else if (version == GTP_VERSION_1) 307 gtp_v1_print(cp, length, sport, dport); 308 else 309 printf(" GTP (version %i)", version); 310 311 return; 312 313 trunc: 314 printf(" [|GTP]"); 315 } 316 317 /* 318 * Decode and print information elements from message. The actual work is 319 * handled in the appropriate Tag/Value (TV) or Tag/Length/Value (TLV) 320 * decoding routine. 321 */ 322 void 323 gtp_decode_ie(register const u_char *cp, u_short version, int len) 324 { 325 int val, ielen, iecount = 0; 326 327 if (len <= 0) 328 return; 329 330 printf(" {"); 331 332 while (len > 0) { 333 334 iecount++; 335 if (iecount > 1) 336 printf(" "); 337 338 TCHECK(cp[0]); 339 val = (u_int)cp[0]; 340 cp++; 341 342 printf("["); 343 344 switch (version) { 345 case GTP_VERSION_0: 346 if ((val & GTPV0_IE_TYPE_MASK) == 0) 347 ielen = gtp_v0_print_tv(cp, val); 348 else 349 ielen = gtp_v0_print_tlv(cp, val); 350 break; 351 352 case GTP_VERSION_1: 353 if ((val & GTPV1_IE_TYPE_MASK) == 0) 354 ielen = gtp_v1_print_tv(cp, val); 355 else 356 ielen = gtp_v1_print_tlv(cp, val); 357 break; 358 359 default: 360 /* Version not supported... */ 361 ielen = -1; 362 break; 363 } 364 365 printf("]"); 366 367 if (ielen < 0) 368 goto trunc; 369 370 len -= ielen; 371 cp += ielen - 1; 372 } 373 374 if (iecount > 0) 375 printf("}"); 376 377 return; 378 379 trunc: 380 printf(" [|%s]", tok2str(gtp_type, "GTP", gtp_proto)); 381 } 382 383 /* 384 * Decode and print telephony binary coded decimal. 385 */ 386 void 387 gtp_print_tbcd(register const u_char *cp, u_int len) 388 { 389 u_int8_t *data, bcd; 390 int i; 391 392 data = (u_int8_t *)cp; 393 for (i = 0; i < len; i++) { 394 bcd = *data & 0xf; 395 if (bcd != 0xf) 396 printf("%u", bcd); 397 bcd = *data >> 4; 398 if (bcd != 0xf) 399 printf("%u", bcd); 400 data++; 401 } 402 } 403 404 /* 405 * Decode and print an end user address. Format is detailed in 406 * GSM 09.60 section 7.9.18 and 3GPP 29.060 section 7.7.27. 407 */ 408 void 409 gtp_print_user_address(register const u_char *cp, u_int len) 410 { 411 u_int8_t org, type; 412 413 if (len < 2) 414 return; 415 416 org = (u_int8_t)cp[0] & 0xf; 417 type = (u_int8_t)cp[1]; 418 419 cp += 2; 420 421 if (org == 0x0 && type == 0x1) 422 printf(": PPP"); 423 else if (org == 0x1 && type == 0x21) { 424 if (len == 6) 425 printf(": %s", ipaddr_string(cp)); 426 else 427 printf(": IPv4"); 428 #ifdef INET6 429 } else if (org == 0x1 && type == 0x57) { 430 if (len == 18) 431 printf(": %s", ip6addr_string(cp)); 432 else 433 printf(": IPv6"); 434 #endif 435 } else 436 printf(" (org 0x%x, type 0x%x)", org, type); 437 } 438 439 /* 440 * Decode and print an Access Point Name. Format is detailed in 441 * 3GPP 24.008 section 10.5.6.1 and 3GPP 23.003 section 9.1. 442 */ 443 void 444 gtp_print_apn(register const u_char *cp, u_int len) 445 { 446 u_char label[100]; 447 u_int8_t llen; 448 449 if (len < 1 || len > 100) 450 return; 451 452 while (len > 0) { 453 454 llen = (u_int8_t)cp[0]; 455 if (llen > 99) 456 return; 457 458 bcopy(cp + 1, label, llen); 459 label[llen] = '\0'; 460 printf("%s", label); 461 462 cp += llen + 1; 463 len -= llen + 1; 464 465 if (len > 0) 466 printf("."); 467 468 } 469 } 470 471 /* Print string from array. */ 472 void 473 gtp_print_str(const char **strs, u_int index) 474 { 475 476 if (index >= (sizeof(*strs) / sizeof(*strs[0]))) 477 printf(": %u", index); 478 else if (strs[index] != NULL) 479 printf(": %s", strs[index]); 480 } 481 482 /* 483 * Decoding routines for GTP version 0. 484 */ 485 void 486 gtp_v0_print(const u_char *cp, u_int length, u_short sport, u_short dport) 487 { 488 struct gtp_v0_hdr *gh = (struct gtp_v0_hdr *)cp; 489 int len, version; 490 u_int64_t tid; 491 492 gtp_proto = GTP_V0_PROTO; 493 494 /* Check if this is GTP prime. */ 495 TCHECK(gh->flags); 496 if ((gh->flags & GTPV0_HDR_PROTO_TYPE) == 0) { 497 gtp_proto = GTP_V0_PRIME_PROTO; 498 gtp_v0_print_prime(cp); 499 return; 500 } 501 502 /* Print GTP header. */ 503 TCHECK(*gh); 504 cp += sizeof(struct gtp_v0_hdr); 505 len = ntohs(gh->length); 506 bcopy(&gh->tid, &tid, sizeof(tid)); 507 printf(" GTPv0 (len %u, seqno %u, flow %u, N-PDU %u, tid 0x%llx) ", 508 ntohs(gh->length), ntohs(gh->seqno), ntohs(gh->flow), 509 ntohs(gh->npduno), betoh64(tid)); 510 511 /* Decode GTP message. */ 512 printf("%s", tok2str(gtp_v0_msgtype, "Message Type %u", gh->msgtype)); 513 514 if (!vflag) 515 return; 516 517 if (gh->msgtype == GTPV0_T_PDU) { 518 519 TCHECK(cp[0]); 520 version = cp[0] >> 4; 521 522 printf(" { "); 523 524 if (version == 4) 525 ip_print(cp, len); 526 #ifdef INET6 527 else if (version == 6) 528 ip6_print(cp, len); 529 #endif 530 else 531 printf("Unknown IP version %u", version); 532 533 printf(" }"); 534 } else 535 gtp_decode_ie(cp, GTP_VERSION_0, len); 536 537 return; 538 539 trunc: 540 printf(" [|%s]", tok2str(gtp_type, "GTP", gtp_proto)); 541 } 542 543 void 544 gtp_v0_print_prime(register const u_char *cp) 545 { 546 struct gtp_v0_prime_hdr *gph = (struct gtp_v0_prime_hdr *)cp; 547 int len; 548 549 /* Decode GTP prime header. */ 550 TCHECK(*gph); 551 cp += sizeof(*gph); 552 553 len = ntohs(gph->length); 554 printf(" GTPv0' (len %u, seq %u) ", len, ntohs(gph->seqno)); 555 556 /* Decode GTP message. */ 557 printf("%s", tok2str(gtp_v0_msgtype, "Message Type %u", gph->msgtype)); 558 559 if (vflag) 560 gtp_decode_ie(cp, GTP_VERSION_0, len); 561 562 return; 563 564 trunc: 565 printf(" [|%s]", tok2str(gtp_type, "GTP", gtp_proto)); 566 } 567 568 int 569 gtp_v0_print_tv(register const u_char *cp, u_int value) 570 { 571 u_int32_t *dpl; 572 u_int16_t *dps; 573 u_int8_t data; 574 int ielen = -1; 575 576 switch (value) { 577 case GTPV0_TV_CAUSE: 578 579 /* 09.60 7.9.1 - Cause. */ 580 TCHECK(cp[0]); 581 data = (u_int8_t)cp[0]; 582 ielen = GTPV0_TV_CAUSE_LENGTH; 583 printf("Cause: %s", tok2str(gtp_v0_cause, "#%u", data)); 584 break; 585 586 case GTPV0_TV_IMSI: 587 588 /* 09.60 7.9.2 - International Mobile Subscriber Identity. */ 589 TCHECK2(cp[0], GTPV0_TV_IMSI_LENGTH - 1); 590 printf("IMSI "); 591 gtp_print_tbcd(cp, GTPV0_TV_IMSI_LENGTH - 1); 592 ielen = GTPV0_TV_IMSI_LENGTH; 593 break; 594 595 case GTPV0_TV_RAI: 596 597 /* 09.60 7.9.3 - Routing Area Identity (RAI). */ 598 TCHECK2(cp[0], GTPV0_TV_RAI_LENGTH - 1); 599 printf("RAI: MCC "); 600 data = cp[1] | 0xf0; 601 gtp_print_tbcd(cp, 1); 602 gtp_print_tbcd(&data, 1); 603 printf(", MNC "); 604 data = (cp[1] >> 4) | 0xf0; 605 gtp_print_tbcd(cp + 2, 1); 606 gtp_print_tbcd(&data, 1); 607 printf(", LAC 0x%x%x", cp[3], cp[4]); 608 printf(", RAC 0x%x", cp[5]); 609 ielen = GTPV0_TV_RAI_LENGTH; 610 break; 611 612 case GTPV0_TV_TLLI: 613 614 /* 09.60 7.9.4 - Temporary Logical Link Identity (TLLI). */ 615 TCHECK2(cp[0], GTPV0_TV_TLLI_LENGTH - 1); 616 dpl = (u_int32_t *)cp; 617 printf("TLLI 0x%x", ntohl(*dpl)); 618 ielen = GTPV0_TV_TLLI_LENGTH; 619 break; 620 621 case GTPV0_TV_PTMSI: 622 623 /* 09.60 7.9.5 - Packet TMSI (P-TMSI). */ 624 TCHECK2(cp[0], GTPV0_TV_PTMSI_LENGTH - 1); 625 dpl = (u_int32_t *)cp; 626 printf("P-TMSI 0x%x", ntohl(*dpl)); 627 ielen = GTPV0_TV_PTMSI_LENGTH; 628 break; 629 630 case GTPV0_TV_QOS: 631 632 /* 09.60 7.9.6 - Quality of Service (QoS) Profile. */ 633 TCHECK2(cp[0], GTPV0_TV_QOS_LENGTH - 1); 634 printf("QoS Profile"); /* XXX */ 635 ielen = GTPV0_TV_QOS_LENGTH; 636 break; 637 638 case GTPV0_TV_REORDER: 639 640 /* 09.60 7.9.7 - Reordering Required. */ 641 TCHECK2(cp[0], GTPV0_TV_REORDER_LENGTH - 1); 642 printf("Reordering Required: "); 643 if (cp[0] & 0x1) 644 printf("yes"); 645 else 646 printf("no"); 647 ielen = GTPV0_TV_REORDER_LENGTH; 648 break; 649 650 case GTPV0_TV_AUTH_TRIPLET: 651 652 /* 09.60 7.9.8 - Authentication Triplet. */ 653 TCHECK2(cp[0], GTPV0_TV_AUTH_TRIPLET_LENGTH - 1); 654 printf("Authentication"); /* XXX */ 655 ielen = GTPV0_TV_AUTH_TRIPLET_LENGTH; 656 break; 657 658 case GTPV0_TV_MAP_CAUSE: 659 660 /* 09.60 7.9.9 - MAP Cause. */ 661 TCHECK2(cp[0], GTPV0_TV_MAP_CAUSE_LENGTH - 1); 662 printf("MAP Cause: %u", cp[0]); 663 ielen = GTPV0_TV_MAP_CAUSE_LENGTH; 664 break; 665 666 case GTPV0_TV_PTMSI_SIGNATURE: 667 668 /* 09.60 7.9.10 - P-TMSI Signature. */ 669 /* Signature defined in GSM 04.08. */ 670 TCHECK2(cp[0], GTPV0_TV_PTMSI_SIGNATURE_LENGTH - 1); 671 printf("PTMSI Signature: 0x%x%x%x", cp[0], cp[1], cp[2]); 672 ielen = GTPV0_TV_PTMSI_SIGNATURE_LENGTH; 673 break; 674 675 case GTPV0_TV_MS_VALIDATED: 676 677 /* 09.60 7.9.11 - MS Validated. */ 678 TCHECK2(cp[0], GTPV0_TV_MS_VALIDATED_LENGTH - 1); 679 printf("MS Validated"); 680 if (cp[0] & 0x1) 681 printf("yes"); 682 else 683 printf("no"); 684 ielen = GTPV0_TV_MS_VALIDATED_LENGTH; 685 break; 686 687 case GTPV0_TV_RECOVERY: 688 689 /* 09.60 7.9.12 - Recovery. */ 690 TCHECK2(cp[0], GTPV0_TV_RECOVERY_LENGTH - 1); 691 printf("Recovery: Restart counter %u", cp[0]); 692 ielen = GTPV0_TV_RECOVERY_LENGTH; 693 break; 694 695 case GTPV0_TV_SELECTION_MODE: 696 697 /* 09.60 7.9.13 - Selection Mode. */ 698 TCHECK2(cp[0], GTPV0_TV_SELECTION_MODE_LENGTH - 1); 699 printf("Selection Mode"); /* XXX */ 700 ielen = GTPV0_TV_SELECTION_MODE_LENGTH; 701 break; 702 703 case GTPV0_TV_FLOW_LABEL_DATA_I: 704 705 /* 09.60 7.9.14 - Flow Label Data I. */ 706 TCHECK2(cp[0], GTPV0_TV_FLOW_LABEL_DATA_I_LENGTH - 1); 707 dps = (u_int16_t *)cp; 708 printf("Flow Label Data I: %u", ntohs(*dps)); 709 ielen = GTPV0_TV_FLOW_LABEL_DATA_I_LENGTH; 710 break; 711 712 case GTPV0_TV_FLOW_LABEL_SIGNALLING: 713 714 /* 09.60 7.9.15 - Flow Label Signalling. */ 715 TCHECK2(cp[0], GTPV0_TV_FLOW_LABEL_SIGNALLING_LENGTH - 1); 716 dps = (u_int16_t *)cp; 717 printf("Flow Label Signalling: %u", ntohs(*dps)); 718 ielen = GTPV0_TV_FLOW_LABEL_SIGNALLING_LENGTH; 719 break; 720 721 case GTPV0_TV_FLOW_LABEL_DATA_II: 722 723 /* 09.60 7.9.16 - Flow Label Data II. */ 724 TCHECK2(cp[0], GTPV0_TV_FLOW_LABEL_DATA_II_LENGTH - 1); 725 data = cp[0] & 0xf; 726 dps = (u_int16_t *)(cp + 1); 727 printf("Flow Label Data II: %u, NSAPI %u", ntohs(*dps), data); 728 ielen = GTPV0_TV_FLOW_LABEL_DATA_II_LENGTH; 729 break; 730 731 case GTPV0_TV_PACKET_XFER_CMD: 732 733 /* 12.15 7.3.4.5.3 - Packet Transfer Command. */ 734 TCHECK2(cp[0], GTPV0_TV_PACKET_XFER_CMD_LENGTH - 1); 735 printf("Packet Transfer Command"); 736 gtp_print_str(gtp_packet_xfer_cmd, cp[0]); 737 ielen = GTPV0_TV_PACKET_XFER_CMD_LENGTH; 738 break; 739 740 case GTPV0_TV_CHARGING_ID: 741 742 /* 09.60 7.9.17 - Charging ID. */ 743 TCHECK2(cp[0], GTPV0_TV_CHARGING_ID_LENGTH - 1); 744 dps = (u_int16_t *)cp; 745 printf("Charging ID: %u", ntohs(*dps)); 746 ielen = GTPV0_TV_CHARGING_ID_LENGTH; 747 break; 748 749 default: 750 printf("TV %u", value); 751 } 752 753 trunc: 754 return ielen; 755 } 756 757 int 758 gtp_v0_print_tlv(register const u_char *cp, u_int value) 759 { 760 u_int8_t data; 761 u_int16_t *lenp, *seqno, len; 762 int ielen = -1; 763 764 /* Get length of IE. */ 765 TCHECK2(cp[0], 2); 766 lenp = (u_int16_t *)cp; 767 cp += 2; 768 len = ntohs(*lenp); 769 TCHECK2(cp[0], len); 770 ielen = sizeof(data) + sizeof(len) + len; 771 772 switch (value) { 773 774 case GTPV0_TLV_END_USER_ADDRESS: 775 776 /* 09.60 7.9.18 - End User Address. */ 777 printf("End User Address"); 778 gtp_print_user_address(cp, len); 779 break; 780 781 case GTPV0_TLV_MM_CONTEXT: 782 783 /* 09.60 7.9.19 - MM Context. */ 784 printf("MM Context"); /* XXX */ 785 break; 786 787 case GTPV0_TLV_PDP_CONTEXT: 788 789 /* 09.60 7.9.20 - PDP Context. */ 790 printf("PDP Context"); /* XXX */ 791 break; 792 793 case GTPV0_TLV_ACCESS_POINT_NAME: 794 795 /* 09.60 7.9.21 - Access Point Name. */ 796 printf("AP Name: "); 797 gtp_print_apn(cp, len); 798 break; 799 800 case GTPV0_TLV_PROTOCOL_CONFIG_OPTIONS: 801 802 /* 09.60 7.9.22 - Protocol Configuration Options. */ 803 printf("Protocol Configuration Options"); /* XXX */ 804 break; 805 806 case GTPV0_TLV_GSN_ADDRESS: 807 808 /* 09.60 7.9.23 - GSN Address. */ 809 printf("GSN Address"); 810 if (len == 4) 811 printf(": %s", ipaddr_string(cp)); 812 #ifdef INET6 813 else if (len == 16) 814 printf(": %s", ip6addr_string(cp)); 815 #endif 816 break; 817 818 case GTPV0_TLV_MS_ISDN: 819 820 /* 09.60 7.9.24 - MS International PSTN/ISDN Number. */ 821 printf("MSISDN "); 822 data = (u_int8_t)cp[0]; /* XXX - Number type. */ 823 gtp_print_tbcd(cp + 1, len - 1); 824 break; 825 826 case GTPV0_TLV_CHARGING_GATEWAY_ADDRESS: 827 828 /* 09.60 7.9.25 - Charging Gateway Address. */ 829 printf("Charging Gateway"); 830 if (len == 4) 831 printf(": %s", ipaddr_string(cp)); 832 break; 833 834 case GTPV0_TLV_DATA_RECORD_PACKET: 835 836 /* 12.15 7.3.4.5.4 - Data Record Packet. */ 837 printf("Data Record: Records %u, Format %u, Format Version %u", 838 cp[0], cp[1], ntohs(*(u_int16_t *)(cp + 2))); 839 break; 840 841 case GTPV0_TLV_REQUESTS_RESPONDED: 842 843 /* 12.15 7.3.4.6 - Requests Responded. */ 844 printf("Requests Responded:"); 845 seqno = (u_int16_t *)cp; 846 while (len > 0) { 847 printf(" %u", ntohs(*seqno)); 848 seqno++; 849 len -= sizeof(*seqno); 850 } 851 break; 852 853 case GTPV0_TLV_RECOMMENDED_NODE: 854 855 /* 12.15 7.3.4.3 - Address of Recommended Node. */ 856 printf("Recommended Node"); 857 if (len == 4) 858 printf(": %s", ipaddr_string(cp)); 859 #ifdef INET6 860 else if (len == 16) 861 printf(": %s", ip6addr_string(cp)); 862 #endif 863 break; 864 865 case GTPV0_TLV_PRIVATE_EXTENSION: 866 867 printf("Private Extension"); 868 break; 869 870 default: 871 printf("TLV %u (len %u)", value, len); 872 } 873 874 return ielen; 875 876 trunc: 877 return -1; 878 } 879 880 /* 881 * Decoding for GTP version 1, which consists of GTPv1-C, GTPv1-U and GTPv1'. 882 */ 883 void 884 gtp_v1_print(const u_char *cp, u_int length, u_short sport, u_short dport) 885 { 886 struct gtp_v1_hdr *gh = (struct gtp_v1_hdr *)cp; 887 struct gtp_v1_hdr_ext *ghe = 0; 888 int nexthdr, hlen; 889 u_char *p = (u_char *)cp; 890 891 TCHECK(gh->flags); 892 if ((gh->flags & GTPV1_HDR_PROTO_TYPE) == 0) { 893 gtp_proto = GTP_V1_PRIME_PROTO; 894 printf(" GTPv1'"); 895 gtp_v1_print_prime(p, (struct gtp_v1_prime_hdr *)gh); 896 return; 897 } 898 899 if (dport == GTPV1_C_PORT || sport == GTPV1_C_PORT) { 900 gtp_proto = GTP_V1_CTRL_PROTO; 901 printf(" GTPv1-C"); 902 } else if (dport == GTPV1_U_PORT || sport == GTPV1_U_PORT) { 903 gtp_proto = GTP_V1_USER_PROTO; 904 printf(" GTPv1-U"); 905 } else if (dport == GTPV1_PRIME_PORT || sport == GTPV1_PRIME_PORT) { 906 gtp_proto = GTP_V1_PRIME_PROTO; 907 printf(" GTPv1'"); 908 } 909 910 /* Decode GTP header. */ 911 TCHECK(*gh); 912 p += sizeof(struct gtp_v1_hdr); 913 914 printf(" (teid %u, len %u)", ntohl(gh->teid), ntohs(gh->length)); 915 916 if (gh->flags & GTPV1_HDR_EXT) { 917 ghe = (struct gtp_v1_hdr_ext *)cp; 918 TCHECK(*ghe); 919 p += sizeof(struct gtp_v1_hdr_ext) - sizeof(struct gtp_v1_hdr); 920 } 921 922 if (gh->flags & GTPV1_HDR_SN_FLAG) 923 printf(" [seq %u]", ntohs(ghe->seqno)); 924 925 if (gh->flags & GTPV1_HDR_NPDU_FLAG) 926 printf(" [N-PDU %u]", ghe->npduno); 927 928 if (gh->flags & GTPV1_HDR_EH_FLAG) { 929 930 /* Process next header... */ 931 nexthdr = ghe->nexthdr; 932 while (nexthdr != GTPV1_EH_NONE) { 933 934 /* Header length is a 4 octet multiplier. */ 935 hlen = (int)p[0] * 4; 936 TCHECK2(p[0], hlen); 937 938 switch (nexthdr) { 939 case GTPV1_EH_MBMS_SUPPORT: 940 printf(" [MBMS Support]"); 941 break; 942 943 case GTPV1_EH_MSI_CHANGE_RPT: 944 printf(" [MS Info Change Reporting]"); 945 break; 946 947 case GTPV1_EH_PDCP_PDU_NO: 948 printf(" [PDCP PDU %u]", 949 ntohs(*(u_int16_t *)(p + 1))); 950 break; 951 952 case GTPV1_EH_SUSPEND_REQUEST: 953 printf(" [Suspend Request]"); 954 break; 955 956 case GTPV1_EH_SUSPEND_RESPONSE: 957 printf(" [Suspend Response]"); 958 break; 959 960 default: 961 printf(" [Unknown Header %u]", nexthdr); 962 } 963 964 p += hlen - 1; 965 nexthdr = (int)p[0]; 966 p++; 967 } 968 969 } 970 971 hlen = p - cp; 972 973 if (dport == GTPV1_C_PORT || sport == GTPV1_C_PORT) 974 gtp_v1_print_ctrl(p, hlen, gh); 975 else if (dport == GTPV1_U_PORT || sport == GTPV1_U_PORT) 976 gtp_v1_print_user(p, hlen, gh); 977 978 return; 979 980 trunc: 981 printf(" [|%s]", tok2str(gtp_type, "GTP", gtp_proto)); 982 } 983 984 void 985 gtp_v1_print_ctrl(register const u_char *cp, u_int hlen, struct gtp_v1_hdr *gh) 986 { 987 int len; 988 989 /* Decode GTP control message. */ 990 printf(" %s", tok2str(gtp_v1_msgtype, "Message Type %u", gh->msgtype)); 991 992 len = ntohs(gh->length) - hlen + sizeof(*gh); 993 if (vflag) 994 gtp_decode_ie(cp, GTP_VERSION_1, len); 995 } 996 997 void 998 gtp_v1_print_user(register const u_char *cp, u_int hlen, struct gtp_v1_hdr *gh) 999 { 1000 int len, version; 1001 1002 /* Decode GTP user message. */ 1003 printf(" %s", tok2str(gtp_v1_msgtype, "Message Type %u", gh->msgtype)); 1004 1005 if (!vflag) 1006 return; 1007 1008 len = ntohs(gh->length) - hlen + sizeof(*gh); 1009 1010 if (gh->msgtype == GTPV1_G_PDU) { 1011 1012 TCHECK(cp[0]); 1013 version = cp[0] >> 4; 1014 1015 printf(" { "); 1016 1017 if (version == 4) 1018 ip_print(cp, len); 1019 #ifdef INET6 1020 else if (version == 6) 1021 ip6_print(cp, len); 1022 #endif 1023 else 1024 printf("Unknown IP version %u", version); 1025 1026 printf(" }"); 1027 1028 } else 1029 gtp_decode_ie(cp, GTP_VERSION_1, len); 1030 1031 return; 1032 1033 trunc: 1034 printf(" [|%s]", tok2str(gtp_type, "GTP", gtp_proto)); 1035 } 1036 1037 void 1038 gtp_v1_print_prime(register const u_char *cp, struct gtp_v1_prime_hdr *gph) 1039 { 1040 int len; 1041 1042 /* Decode GTP prime header. */ 1043 TCHECK(*gph); 1044 cp += sizeof(struct gtp_v1_prime_hdr); 1045 1046 len = ntohs(gph->length); 1047 printf(" (len %u, seq %u) ", len, ntohs(gph->seqno)); 1048 1049 /* Decode GTP message. */ 1050 printf("%s", tok2str(gtp_v1_msgtype, "Message Type %u", gph->msgtype)); 1051 1052 if (vflag) 1053 gtp_decode_ie(cp, GTP_VERSION_1, len); 1054 1055 return; 1056 1057 trunc: 1058 printf(" [|%s]", tok2str(gtp_type, "GTP", gtp_proto)); 1059 } 1060 1061 int 1062 gtp_v1_print_tv(register const u_char *cp, u_int value) 1063 { 1064 u_int32_t *dpl; 1065 u_int16_t *dps; 1066 u_int8_t data; 1067 int ielen = -1; 1068 1069 switch (value) { 1070 case GTPV1_TV_CAUSE: 1071 1072 /* 29.060 - 7.7.1 Cause. */ 1073 TCHECK(cp[0]); 1074 data = (u_int8_t)cp[0]; 1075 ielen = GTPV1_TV_CAUSE_LENGTH; 1076 printf("Cause: %s", tok2str(gtp_v1_cause, "#%u", data)); 1077 break; 1078 1079 case GTPV1_TV_IMSI: 1080 1081 /* 29.060 7.7.2 - International Mobile Subscriber Identity. */ 1082 TCHECK2(cp[0], GTPV1_TV_IMSI_LENGTH - 1); 1083 printf("IMSI "); 1084 gtp_print_tbcd(cp, GTPV1_TV_IMSI_LENGTH - 1); 1085 ielen = GTPV1_TV_IMSI_LENGTH; 1086 break; 1087 1088 case GTPV1_TV_RAI: 1089 1090 /* 29.060 7.7.3 - Routing Area Identity (RAI). */ 1091 TCHECK2(cp[0], GTPV1_TV_RAI_LENGTH - 1); 1092 printf("RAI: MCC "); 1093 data = cp[1] | 0xf0; 1094 gtp_print_tbcd(cp, 1); 1095 gtp_print_tbcd(&data, 1); 1096 printf(", MNC "); 1097 data = (cp[1] >> 4) | 0xf0; 1098 gtp_print_tbcd(cp + 2, 1); 1099 gtp_print_tbcd(&data, 1); 1100 printf(", LAC 0x%x%x", cp[3], cp[4]); 1101 printf(", RAC 0x%x", cp[5]); 1102 ielen = GTPV1_TV_RAI_LENGTH; 1103 break; 1104 1105 case GTPV1_TV_TLLI: 1106 1107 /* 29.060 7.7.4 - Temporary Logical Link Identity (TLLI). */ 1108 TCHECK2(cp[0], GTPV1_TV_TLLI_LENGTH - 1); 1109 dpl = (u_int32_t *)cp; 1110 printf("TLLI 0x%x", ntohl(*dpl)); 1111 ielen = GTPV1_TV_TLLI_LENGTH; 1112 break; 1113 1114 case GTPV1_TV_PTMSI: 1115 1116 /* 29.060 7.7.5 - Packet TMSI (P-TMSI). */ 1117 TCHECK2(cp[0], GTPV1_TV_PTMSI_LENGTH - 1); 1118 dpl = (u_int32_t *)cp; 1119 printf("P-TMSI 0x%x", ntohl(*dpl)); 1120 ielen = GTPV1_TV_PTMSI_LENGTH; 1121 break; 1122 1123 case GTPV1_TV_REORDER: 1124 1125 /* 29.060 7.7.6 - Reordering Required. */ 1126 TCHECK2(cp[0], GTPV1_TV_REORDER_LENGTH - 1); 1127 printf("Reordering Required: "); 1128 if (cp[0] & 0x1) 1129 printf("yes"); 1130 else 1131 printf("no"); 1132 ielen = GTPV1_TV_REORDER_LENGTH; 1133 break; 1134 1135 case GTPV1_TV_AUTH: 1136 1137 /* 29.060 7.7.7 - Authentication Triplet. */ 1138 TCHECK2(cp[0], GTPV1_TV_AUTH_LENGTH - 1); 1139 dpl = (u_int32_t *)cp; 1140 printf("Auth: RAND 0x%x%x%x%x, SRES 0x%x, Kc 0x%x%x", 1141 ntohl(dpl[0]), ntohl(dpl[1]), ntohl(dpl[2]), ntohl(dpl[3]), 1142 ntohl(dpl[4]), ntohl(dpl[5]), ntohl(dpl[6])); 1143 ielen = GTPV1_TV_AUTH_LENGTH; 1144 break; 1145 1146 case GTPV1_TV_MAP_CAUSE: 1147 1148 /* 29.060 7.7.8 - MAP Cause. */ 1149 /* Cause defined in 3GPP TS 29.002. */ 1150 TCHECK2(cp[0], GTPV1_TV_MAP_CAUSE_LENGTH - 1); 1151 printf("Map Cause: %u", cp[0]); 1152 ielen = GTPV1_TV_MAP_CAUSE_LENGTH; 1153 break; 1154 1155 case GTPV1_TV_PTMSI_SIGNATURE: 1156 1157 /* 29.060 7.7.9 - P-TMSI Signature. */ 1158 /* Signature defined in 3GPP TS 24.008. */ 1159 TCHECK2(cp[0], GTPV1_TV_PTMSI_SIGNATURE_LENGTH - 1); 1160 printf("PTMSI Signature: 0x%x%x%x", cp[0], cp[1], cp[2]); 1161 ielen = GTPV1_TV_PTMSI_SIGNATURE_LENGTH; 1162 break; 1163 1164 case GTPV1_TV_MS_VALIDATED: 1165 1166 /* 29.060 7.7.10 - MS Validated. */ 1167 TCHECK2(cp[0], GTPV1_TV_MS_VALIDATED_LENGTH - 1); 1168 printf("MS Validated: "); 1169 if (cp[0] & 0x1) 1170 printf("yes"); 1171 else 1172 printf("no"); 1173 ielen = GTPV1_TV_MS_VALIDATED_LENGTH; 1174 break; 1175 1176 case GTPV1_TV_RECOVERY: 1177 1178 /* 29.060 7.7.11 - Recovery. */ 1179 TCHECK2(cp[0], GTPV1_TV_RECOVERY_LENGTH - 1); 1180 printf("Recovery: Restart counter %u", cp[0]); 1181 ielen = GTPV1_TV_RECOVERY_LENGTH; 1182 break; 1183 1184 case GTPV1_TV_SELECTION_MODE: 1185 1186 /* 29.060 7.7.12 - Selection Mode. */ 1187 TCHECK2(cp[0], GTPV1_TV_SELECTION_MODE_LENGTH - 1); 1188 data = (u_int8_t)cp[0]; 1189 printf("Selection Mode: %u", data & 0x2); 1190 ielen = GTPV1_TV_SELECTION_MODE_LENGTH; 1191 break; 1192 1193 case GTPV1_TV_TEID_DATA_I: 1194 1195 /* 29.060 7.7.13 - Tunnel Endpoint Identifier Data I. */ 1196 TCHECK2(cp[0], GTPV1_TV_TEID_DATA_I_LENGTH - 1); 1197 dpl = (u_int32_t *)cp; 1198 printf("TEI Data I: %u", ntohl(*dpl)); 1199 ielen = GTPV1_TV_TEID_DATA_I_LENGTH; 1200 break; 1201 1202 case GTPV1_TV_TEID_CTRL: 1203 1204 /* 29.060 7.7.14 - Tunnel Endpoint Identifier Control Plane. */ 1205 TCHECK2(cp[0], GTPV1_TV_TEID_CTRL_LENGTH - 1); 1206 dpl = (u_int32_t *)cp; 1207 printf("TEI Control Plane: %u", ntohl(*dpl)); 1208 ielen = GTPV1_TV_TEID_CTRL_LENGTH; 1209 break; 1210 1211 case GTPV1_TV_TEID_DATA_II: 1212 1213 /* 29.060 7.7.15 - Tunnel Endpoint Identifier Data II. */ 1214 TCHECK2(cp[0], GTPV1_TV_TEID_DATA_II_LENGTH - 1); 1215 data = cp[0] & 0xf; 1216 dpl = (u_int32_t *)(cp + 1); 1217 printf("TEI Data II: %u, NSAPI %u", ntohl(*dpl), data); 1218 ielen = GTPV1_TV_TEID_DATA_II_LENGTH; 1219 break; 1220 1221 case GTPV1_TV_TEARDOWN: 1222 1223 /* 29.060 7.7.16 - Teardown Indicator. */ 1224 TCHECK2(cp[0], GTPV1_TV_TEARDOWN_LENGTH - 1); 1225 printf("Teardown: "); 1226 if (cp[0] & 0x1) 1227 printf("yes"); 1228 else 1229 printf("no"); 1230 ielen = GTPV1_TV_TEARDOWN_LENGTH; 1231 break; 1232 1233 case GTPV1_TV_NSAPI: 1234 1235 /* 29.060 7.7.17 - NSAPI. */ 1236 TCHECK2(cp[0], GTPV1_TV_NSAPI_LENGTH - 1); 1237 data = (u_int8_t)cp[0]; 1238 printf("NSAPI %u", data & 0xf); 1239 ielen = GTPV1_TV_NSAPI_LENGTH; 1240 break; 1241 1242 case GTPV1_TV_RANAP: 1243 1244 /* 29.060 7.7.18 - RANAP Cause. */ 1245 TCHECK2(cp[0], GTPV1_TV_RANAP_LENGTH - 1); 1246 printf("RANAP Cause: %u", cp[0]); 1247 ielen = GTPV1_TV_RANAP_LENGTH; 1248 break; 1249 1250 case GTPV1_TV_RAB_CONTEXT: 1251 1252 /* 29.060 7.7.19 - RAB Context. */ 1253 TCHECK2(cp[0], GTPV1_TV_RAB_CONTEXT_LENGTH - 1); 1254 data = cp[0] & 0xf; 1255 dps = (u_int16_t *)(cp + 1); 1256 printf("RAB Context: NSAPI %u, DL GTP-U Seq No %u," 1257 "UL GTP-U Seq No %u, DL PDCP Seq No %u, UL PDCP Seq No %u", 1258 data, ntohs(dps[0]), ntohs(dps[1]), ntohs(dps[2]), 1259 ntohs(dps[3])); 1260 ielen = GTPV1_TV_RAB_CONTEXT_LENGTH; 1261 break; 1262 1263 case GTPV1_TV_RADIO_PRIORITY_SMS: 1264 1265 /* 29.060 7.7.20 - Radio Priority SMS. */ 1266 TCHECK2(cp[0], GTPV1_TV_RADIO_PRI_SMS_LENGTH - 1); 1267 printf("Radio Priority SMS: %u", cp[0] & 0x7); 1268 ielen = GTPV1_TV_RADIO_PRI_SMS_LENGTH; 1269 break; 1270 1271 case GTPV1_TV_RADIO_PRIORITY: 1272 1273 /* 29.060 7.7.21 - Radio Priority. */ 1274 TCHECK2(cp[0], GTPV1_TV_RADIO_PRI_LENGTH - 1); 1275 data = cp[0] >> 4; 1276 printf("Radio Priority: %u, NSAPI %u", cp[0] & 0x7, data); 1277 ielen = GTPV1_TV_RADIO_PRI_LENGTH; 1278 break; 1279 1280 case GTPV1_TV_PACKET_FLOW_ID: 1281 1282 /* 29.060 7.7.22 - Packet Flow ID. */ 1283 TCHECK2(cp[0], GTPV1_TV_PACKET_FLOW_ID_LENGTH - 1); 1284 printf("Packet Flow ID: %u, NSAPI %u", cp[1], cp[0] & 0xf); 1285 ielen = GTPV1_TV_PACKET_FLOW_ID_LENGTH; 1286 break; 1287 1288 case GTPV1_TV_CHARGING: 1289 1290 /* 29.060 7.7.23 - Charging Characteristics. */ 1291 /* Charging defined in 3GPP TS 32.298. */ 1292 TCHECK2(cp[0], GTPV1_TV_CHARGING_LENGTH - 1); 1293 printf("Charging Characteristics"); /* XXX */ 1294 ielen = GTPV1_TV_CHARGING_LENGTH; 1295 break; 1296 1297 case GTPV1_TV_TRACE_REFERENCE: 1298 1299 /* 29.060 7.7.24 - Trace Reference. */ 1300 TCHECK2(cp[0], GTPV1_TV_TRACE_REFERENCE_LENGTH - 1); 1301 dps = (u_int16_t *)cp; 1302 printf("Trace Reference: %u", ntohs(*dps)); 1303 ielen = GTPV1_TV_TRACE_REFERENCE_LENGTH; 1304 break; 1305 1306 case GTPV1_TV_TRACE_TYPE: 1307 1308 /* 29.060 7.7.25 - Trace Type. */ 1309 /* Trace type defined in GSM 12.08. */ 1310 TCHECK2(cp[0], GTPV1_TV_TRACE_TYPE_LENGTH - 1); 1311 dps = (u_int16_t *)cp; 1312 printf("Trace Type: %u", ntohs(*dps)); 1313 ielen = GTPV1_TV_TRACE_TYPE_LENGTH; 1314 break; 1315 1316 case GTPV1_TV_MSNRR: 1317 1318 /* 29.060 7.7.26 - MS Not Reachable Reason. */ 1319 /* Reason defined in 3GPP TS 23.040. */ 1320 TCHECK2(cp[0], GTPV1_TV_MSNRR_LENGTH - 1); 1321 printf("MS NRR: %u", cp[0]); 1322 ielen = GTPV1_TV_MSNRR_LENGTH; 1323 break; 1324 1325 case GTPV1_TV_PACKET_XFER_CMD: 1326 1327 /* 32.295 6.2.4.5.2 - Packet Transfer Command. */ 1328 TCHECK2(cp[0], GTPV1_TV_PACKET_XFER_CMD_LENGTH - 1); 1329 printf("Packet Transfer Command"); 1330 gtp_print_str(gtp_packet_xfer_cmd, cp[0]); 1331 ielen = GTPV1_TV_PACKET_XFER_CMD_LENGTH; 1332 break; 1333 1334 case GTPV1_TV_CHARGING_ID: 1335 1336 /* 29.060 7.7.26 - Charging ID. */ 1337 TCHECK2(cp[0], GTPV1_TV_CHARGING_ID_LENGTH - 1); 1338 dpl = (u_int32_t *)cp; 1339 printf("Charging ID: %u", ntohl(*dpl)); 1340 ielen = GTPV1_TV_CHARGING_ID_LENGTH; 1341 break; 1342 1343 default: 1344 printf("TV %u", value); 1345 } 1346 1347 trunc: 1348 return ielen; 1349 } 1350 1351 int 1352 gtp_v1_print_tlv(register const u_char *cp, u_int value) 1353 { 1354 u_int8_t data; 1355 u_int16_t *lenp, *seqno, len; 1356 int ielen = -1; 1357 1358 /* Get length of IE. */ 1359 TCHECK2(cp[0], 2); 1360 lenp = (u_int16_t *)cp; 1361 cp += 2; 1362 len = ntohs(*lenp); 1363 TCHECK2(cp[0], len); 1364 ielen = sizeof(data) + sizeof(len) + len; 1365 1366 switch (value) { 1367 case GTPV1_TLV_END_USER_ADDRESS: 1368 1369 /* 3GPP 29.060 - 7.7.27 End User Address. */ 1370 printf("End User Address"); 1371 gtp_print_user_address(cp, len); 1372 break; 1373 1374 case GTPV1_TLV_MM_CONTEXT: 1375 1376 /* 29.060 7.7.28 - MM Context. */ 1377 printf("MM Context"); /* XXX */ 1378 break; 1379 1380 case GTPV1_TLV_PDP_CONTEXT: 1381 1382 /* 29.260 7.7.29 - PDP Context. */ 1383 printf("PDP Context"); /* XXX */ 1384 break; 1385 1386 case GTPV1_TLV_ACCESS_POINT_NAME: 1387 1388 /* 29.060 7.7.30 - Access Point Name. */ 1389 printf("AP Name: "); 1390 gtp_print_apn(cp, len); 1391 break; 1392 1393 case GTPV1_TLV_PROTOCOL_CONFIG_OPTIONS: 1394 1395 /* 29.060 7.7.31 - Protocol Configuration Options. */ 1396 /* Defined in 3GPP TS 24.008. */ 1397 printf("Config Options"); /* XXX */ 1398 break; 1399 1400 case GTPV1_TLV_GSN_ADDRESS: 1401 1402 /* 29.060 7.7.32 - GSN Address. */ 1403 /* Defined in 3GPP TS 23.003. */ 1404 printf("GSN Address"); 1405 if (len == 4) 1406 printf(": %s", ipaddr_string(cp)); 1407 #ifdef INET6 1408 else if (len == 16) 1409 printf(": %s", ip6addr_string(cp)); 1410 #endif 1411 break; 1412 1413 case GTPV1_TLV_MSISDN: 1414 1415 /* 29.060 7.7.33 - MS International PSTN/ISDN Number. */ 1416 printf("MSISDN "); 1417 data = (u_int8_t)cp[0]; /* XXX - Number type. */ 1418 gtp_print_tbcd(cp + 1, len - 1); 1419 break; 1420 1421 case GTPV1_TLV_QOS_PROFILE: 1422 1423 /* 29.060 7.7.34 - QoS Profile. */ 1424 /* QoS profile defined in 3GPP TS 24.008 10.5.6.5. */ 1425 printf("QoS Profile: "); 1426 data = (u_int8_t)cp[0]; 1427 printf("Delay Class %u, ", (data >> 3) & 0x7); 1428 printf("Reliability Class %u", data & 0x7); 1429 if (vflag > 1) { 1430 printf(", "); 1431 data = (u_int8_t)cp[1]; 1432 printf("Precedence Class %u", data & 0x7); 1433 /* XXX - Decode more QoS fields. */ 1434 } 1435 break; 1436 1437 case GTPV1_TLV_AUTHENTICATION: 1438 1439 /* 29.060 7.7.35 - Authentication. */ 1440 printf("Authentication"); /* XXX */ 1441 break; 1442 1443 case GTPV1_TLV_TRAFFIC_FLOW: 1444 1445 /* 29.060 7.7.36 - Traffic Flow Template. */ 1446 printf("Traffic Flow Template"); /* XXX */ 1447 break; 1448 1449 case GTPV1_TLV_TARGET_IDENTIFICATION: 1450 1451 /* 29.060 7.7.37 - Target Identification. */ 1452 printf("Target ID"); /* XXX */ 1453 break; 1454 1455 case GTPV1_TLV_UTRAN_CONTAINER: 1456 1457 /* 29.060 7.7.38 - UTRAN Transparent Container. */ 1458 printf("UTRAN Container"); /* XXX */ 1459 break; 1460 1461 case GTPV1_TLV_RAB_SETUP_INFORMATION: 1462 1463 /* 29.060 7.7.39 - RAB Setup Information. */ 1464 printf("RAB Setup"); /* XXX */ 1465 break; 1466 1467 case GTPV1_TLV_EXT_HEADER_TYPE_LIST: 1468 1469 /* 29.060 7.7.40 - Extension Header Type List. */ 1470 printf("Extension Header List"); /* XXX */ 1471 break; 1472 1473 case GTPV1_TLV_TRIGGER_ID: 1474 1475 /* 29.060 7.7.41 - Trigger ID. */ 1476 printf("Trigger ID"); /* XXX */ 1477 break; 1478 1479 case GTPV1_TLV_OMC_IDENTITY: 1480 1481 /* 29.060 7.7.42 - OMC Identity. */ 1482 printf("OMC Identity"); /* XXX */ 1483 break; 1484 1485 case GTPV1_TLV_RAN_CONTAINER: 1486 1487 /* 29.060 7.7.43 - RAN Transparent Container. */ 1488 printf("RAN Container"); /* XXX */ 1489 break; 1490 1491 case GTPV1_TLV_PDP_CONTEXT_PRIORITIZATION: 1492 1493 /* 29.060 7.7.45 - PDP Context Prioritization. */ 1494 printf("PDP Context Prioritization"); /* XXX */ 1495 break; 1496 1497 case GTPV1_TLV_ADDITIONAL_RAB_SETUP_INFO: 1498 1499 /* 29.060 7.7.45A - Additional RAB Setup Information. */ 1500 printf("Additional RAB Setup"); /* XXX */ 1501 break; 1502 1503 case GTPV1_TLV_SGSN_NUMBER: 1504 1505 /* 29.060 7.7.47 - SGSN Number. */ 1506 printf("SGSN Number"); /* XXX */ 1507 break; 1508 1509 case GTPV1_TLV_COMMON_FLAGS: 1510 1511 /* 29.060 7.7.48 - Common Flags. */ 1512 printf("Common Flags"); /* XXX */ 1513 break; 1514 1515 case GTPV1_TLV_APN_RESTRICTION: 1516 1517 /* 29.060 7.7.49 - APN Restriction. */ 1518 data = (u_int8_t)cp[0]; 1519 printf("APN Restriction: %u", data); 1520 break; 1521 1522 case GTPV1_TLV_RADIO_PRIORITY_LCS: 1523 1524 /* 29.060 7.7.25B - Radio Priority LCS. */ 1525 printf("Radio Priority LCS: %u", cp[0] & 0x7); 1526 break; 1527 1528 case GTPV1_TLV_RAT_TYPE: 1529 1530 /* 29.060 7.7.50 - RAT Type. */ 1531 printf("RAT"); 1532 gtp_print_str(gtp_rat_type, cp[0]); 1533 break; 1534 1535 case GTPV1_TLV_USER_LOCATION_INFO: 1536 1537 /* 29.060 7.7.51 - User Location Information. */ 1538 printf("ULI"); /* XXX */ 1539 break; 1540 1541 case GTPV1_TLV_MS_TIME_ZONE: 1542 1543 /* 29.060 7.7.52 - MS Time Zone. */ 1544 printf("MSTZ"); /* XXX */ 1545 break; 1546 1547 case GTPV1_TLV_IMEI_SV: 1548 1549 /* 29.060 7.7.53 - IMEI(SV). */ 1550 printf("IMEI(SV) "); 1551 gtp_print_tbcd(cp, len); 1552 break; 1553 1554 case GTPV1_TLV_CAMEL_CHARGING_CONTAINER: 1555 1556 /* 29.060 7.7.54 - CAMEL Charging Information Container. */ 1557 printf("CAMEL Charging"); /* XXX */ 1558 break; 1559 1560 case GTPV1_TLV_MBMS_UE_CONTEXT: 1561 1562 /* 29.060 7.7.55 - MBMS UE Context. */ 1563 printf("MBMS UE Context"); /* XXX */ 1564 break; 1565 1566 case GTPV1_TLV_TMGI: 1567 1568 /* 29.060 7.7.56 - Temporary Mobile Group Identity. */ 1569 printf("TMGI"); /* XXX */ 1570 break; 1571 1572 case GTPV1_TLV_RIM_ROUTING_ADDRESS: 1573 1574 /* 29.060 7.7.57 - RIM Routing Address. */ 1575 printf("RIM Routing Address"); /* XXX */ 1576 break; 1577 1578 case GTPV1_TLV_MBMS_PROTOCOL_CONFIG_OPTIONS: 1579 1580 /* 29.060 7.7.58 - MBMS Protocol Configuration Options. */ 1581 printf("MBMS Protocol Config Options"); /* XXX */ 1582 break; 1583 1584 case GTPV1_TLV_MBMS_SERVICE_AREA: 1585 1586 /* 29.060 7.7.60 - MBMS Service Area. */ 1587 printf("MBMS Service Area"); /* XXX */ 1588 break; 1589 1590 case GTPV1_TLV_SOURCE_RNC_PDCP_CONTEXT_INFO: 1591 1592 /* 29.060 7.7.61 - Source RNC PDCP Context Information. */ 1593 printf("Source RNC PDCP Context"); /* XXX */ 1594 break; 1595 1596 case GTPV1_TLV_ADDITIONAL_TRACE_INFO: 1597 1598 /* 29.060 7.7.62 - Additional Trace Information. */ 1599 printf("Additional Trace Info"); /* XXX */ 1600 break; 1601 1602 case GTPV1_TLV_HOP_COUNTER: 1603 1604 /* 29.060 7.7.63 - Hop Counter. */ 1605 printf("Hop Counter: %u", cp[0]); 1606 break; 1607 1608 case GTPV1_TLV_SELECTED_PLMN_ID: 1609 1610 /* 29.060 7.7.64 - Selected PLMN ID. */ 1611 printf("Selected PLMN ID"); /* XXX */ 1612 break; 1613 1614 case GTPV1_TLV_MBMS_SESSION_IDENTIFIER: 1615 1616 /* 29.060 7.7.65 - MBMS Session Identifier. */ 1617 printf("MBMS Session ID: %u", cp[0]); 1618 break; 1619 1620 case GTPV1_TLV_MBMS_2G_3G_INDICATOR: 1621 1622 /* 29.060 7.7.66 - MBMS 2G/3G Indicator. */ 1623 printf("MBMS 2G/3G Indicator"); 1624 gtp_print_str(mbms_2g3g_indicator, cp[0]); 1625 break; 1626 1627 case GTPV1_TLV_ENHANCED_NSAPI: 1628 1629 /* 29.060 7.7.67 - Enhanced NSAPI. */ 1630 printf("Enhanced NSAPI"); /* XXX */ 1631 break; 1632 1633 case GTPV1_TLV_MBMS_SESSION_DURATION: 1634 1635 /* 29.060 7.7.59 - MBMS Session Duration. */ 1636 printf("MBMS Session Duration"); /* XXX */ 1637 break; 1638 1639 case GTPV1_TLV_ADDITIONAL_MBMS_TRACE_INFO: 1640 1641 /* 29.060 7.7.68 - Additional MBMS Trace Info. */ 1642 printf("Additional MBMS Trace Info"); /* XXX */ 1643 break; 1644 1645 case GTPV1_TLV_MBMS_SESSION_REPITITION_NO: 1646 1647 /* 29.060 7.7.69 - MBMS Session Repetition Number. */ 1648 printf("MBMS Session Repetition No: %u", cp[0]); 1649 break; 1650 1651 case GTPV1_TLV_MBMS_TIME_TO_DATA_TRANSFER: 1652 1653 /* 29.060 7.7.70 - MBMS Time to Data Transfer. */ 1654 printf("MBMS Time to Data Transfer: %u", cp[0]); 1655 break; 1656 1657 case GTPV1_TLV_PS_HANDOVER_REQUEST_CONTEXT: 1658 1659 /* 29.060 7.7.71 - PS Handover Request Context (Void). */ 1660 break; 1661 1662 case GTPV1_TLV_BSS_CONTAINER: 1663 1664 /* 29.060 7.7.72 - BSS Container. */ 1665 printf("BSS Container"); /* XXX */ 1666 break; 1667 1668 case GTPV1_TLV_CELL_IDENTIFICATION: 1669 1670 /* 29.060 7.7.73 - Cell Identification. */ 1671 printf("Cell Identification"); /* XXX */ 1672 break; 1673 1674 case GTPV1_TLV_PDU_NUMBERS: 1675 1676 /* 29.060 7.7.74 - PDU Numbers. */ 1677 printf("PDU Numbers"); /* XXX */ 1678 break; 1679 1680 case GTPV1_TLV_BSSGP_CAUSE: 1681 1682 /* 29.060 7.7.75 - BSSGP Cause. */ 1683 printf("BSSGP Cause: %u", cp[0]); 1684 break; 1685 1686 case GTPV1_TLV_REQUIRED_MBMS_BEARER_CAP: 1687 1688 /* 29.060 7.7.76 - Required MBMS Bearer Cap. */ 1689 printf("Required MBMS Bearer Cap"); /* XXX */ 1690 break; 1691 1692 case GTPV1_TLV_RIM_ROUTING_ADDRESS_DISC: 1693 1694 /* 29.060 7.7.77 - RIM Routing Address Discriminator. */ 1695 printf("RIM Routing Address Discriminator: %u", cp[0] & 0xf); 1696 break; 1697 1698 case GTPV1_TLV_LIST_OF_SETUP_PFCS: 1699 1700 /* 29.060 7.7.78 - List of Setup PFCs. */ 1701 printf("List of Setup PFCs"); /* XXX */ 1702 break; 1703 1704 case GTPV1_TLV_PS_HANDOVER_XID_PARAMETERS: 1705 1706 /* 29.060 7.7.79 - PS Handover XID Parameters. */ 1707 printf("PS Handover XID Parameters"); /* XXX */ 1708 break; 1709 1710 case GTPV1_TLV_MS_INFO_CHANGE_REPORTING: 1711 1712 /* 29.060 7.7.80 - MS Info Change Reporting. */ 1713 printf("MS Info Change Reporting"); 1714 gtp_print_str(ms_info_change_rpt, cp[0]); 1715 break; 1716 1717 case GTPV1_TLV_DIRECT_TUNNEL_FLAGS: 1718 1719 /* 29.060 7.7.81 - Direct Tunnel Flags. */ 1720 printf("Direct Tunnel Flags"); /* XXX */ 1721 break; 1722 1723 case GTPV1_TLV_CORRELATION_ID: 1724 1725 /* 29.060 7.7.82 - Correlation ID. */ 1726 printf("Correlation ID"); /* XXX */ 1727 break; 1728 1729 case GTPV1_TLV_BEARER_CONTROL_MODE: 1730 1731 /* 29.060 7.7.83 - Bearer Control Mode. */ 1732 printf("Bearer Control Mode"); /* XXX */ 1733 break; 1734 1735 case GTPV1_TLV_MBMS_FLOW_IDENTIFIER: 1736 1737 /* 29.060 7.7.84 - MBMS Flow Identifier. */ 1738 printf("MBMS Flow Identifier"); /* XXX */ 1739 break; 1740 1741 case GTPV1_TLV_RELEASED_PACKETS: 1742 1743 /* 32.295 6.2.4.5.4 - Sequence Numbers of Released Packets. */ 1744 printf("Released Packets:"); 1745 seqno = (u_int16_t *)cp; 1746 while (len > 0) { 1747 printf(" %u", ntohs(*seqno)); 1748 seqno++; 1749 len -= sizeof(*seqno); 1750 } 1751 break; 1752 1753 case GTPV1_TLV_CANCELLED_PACKETS: 1754 1755 /* 32.295 6.2.4.5.5 - Sequence Numbers of Cancelled Packets. */ 1756 printf("Cancelled Packets:"); 1757 seqno = (u_int16_t *)cp; 1758 while (len > 0) { 1759 printf(" %u", ntohs(*seqno)); 1760 seqno++; 1761 len -= sizeof(*seqno); 1762 } 1763 break; 1764 1765 case GTPV1_TLV_CHARGING_GATEWAY_ADDRESS: 1766 1767 /* 29.060 7.7.44 - Charging Gateway Address. */ 1768 printf("Charging Gateway"); 1769 if (len == 4) 1770 printf(": %s", ipaddr_string(cp)); 1771 #ifdef INET6 1772 else if (len == 16) 1773 printf(": %s", ip6addr_string(cp)); 1774 #endif 1775 break; 1776 1777 case GTPV1_TLV_DATA_RECORD_PACKET: 1778 1779 /* 32.295 6.2.4.5.3 - Data Record Packet. */ 1780 printf("Data Record: Records %u, Format %u, Format Version %u", 1781 cp[0], cp[1], ntohs(*(u_int16_t *)(cp + 2))); 1782 break; 1783 1784 case GTPV1_TLV_REQUESTS_RESPONDED: 1785 1786 /* 32.295 6.2.4.6 - Requests Responded. */ 1787 printf("Requests Responded:"); 1788 seqno = (u_int16_t *)cp; 1789 while (len > 0) { 1790 printf(" %u", ntohs(*seqno)); 1791 seqno++; 1792 len -= sizeof(*seqno); 1793 } 1794 break; 1795 1796 case GTPV1_TLV_ADDRESS_OF_RECOMMENDED_NODE: 1797 1798 /* 32.295 6.2.4.3 - Address of Recommended Node. */ 1799 printf("Address of Recommended Node"); 1800 if (len == 4) 1801 printf(": %s", ipaddr_string(cp)); 1802 #ifdef INET6 1803 else if (len == 16) 1804 printf(": %s", ip6addr_string(cp)); 1805 #endif 1806 break; 1807 1808 case GTPV1_TLV_PRIVATE_EXTENSION: 1809 1810 /* 29.060 7.7.46 - Private Extension. */ 1811 printf("Private Extension"); 1812 break; 1813 1814 default: 1815 printf("TLV %u (len %u)", value, len); 1816 } 1817 1818 return ielen; 1819 1820 trunc: 1821 return -1; 1822 } 1823