1 /* $OpenBSD: print-gtp.c,v 1.12 2020/05/20 01:20:37 dlg Exp $ */ 2 /* 3 * Copyright (c) 2009, 2010 Joel Sing <jsing@openbsd.org> 4 * 5 * Permission to use, copy, modify, and distribute this software for any 6 * purpose with or without fee is hereby granted, provided that the above 7 * copyright notice and this permission notice appear in all copies. 8 * 9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 */ 17 18 /* 19 * Decoder for the GPRS Trunking Protocol (GTP). 20 * 21 * This work has been kindly sponsored by SystemNet (www.systemnet.no). 22 * 23 * GTPv0 standards are available from the ETSI website: 24 * 25 * http://pda.etsi.org/pda/ 26 * 27 * GTPv1 standards are available from the 3GPP website: 28 * 29 * http://www.3gpp.org/specifications 30 * 31 * The following standards have been referenced to create this decoder: 32 * 33 * ETSI GSM 09.60 - GPRS Tunnelling Protocol (GTPv0) 34 * ETSI GSM 12.15 - GPRS Charging (GTPv0') 35 * 36 * 3GPP TS 23.003 - Numbering, addressing and identification 37 * 3GPP TS 24.008 - Core network protocols 38 * 3GPP TS 29.002 - Mobile Application Part (MAP) specification 39 * 3GPP TS 29.060 - GPRS Tunnelling Protocol (GTPv1-C/GTPv1-U) 40 * 3GPP TS 32.295 - Charging Data Record (CDR) transfer (GTPv1') 41 */ 42 43 #include <sys/time.h> 44 #include <sys/socket.h> 45 #include <sys/types.h> 46 47 #include <netinet/in.h> 48 #include <netinet/ip.h> 49 #include <netinet/ip_var.h> 50 51 #include <ctype.h> 52 #include <stdio.h> 53 #include <stdlib.h> 54 #include <string.h> 55 56 #include "addrtoname.h" 57 #include "interface.h" 58 #include "gtp.h" 59 60 #ifndef nitems 61 #define nitems(_a) (sizeof((_a)) / sizeof((_a)[0])) 62 #endif 63 64 void gtp_print(const u_char *, u_int, u_short, u_short); 65 void gtp_decode_ie(const u_char *, u_short, int); 66 void gtp_print_tbcd(const u_char *, u_int); 67 void gtp_print_user_address(const u_char *, u_int); 68 void gtp_print_apn(const u_char *, u_int); 69 void gtp_print_str(const char **, u_int, u_int); 70 71 void gtp_v0_print(const u_char *, u_int, u_short, u_short); 72 void gtp_v0_print_prime(const u_char *); 73 int gtp_v0_print_tv(const u_char *, u_int); 74 int gtp_v0_print_tlv(const u_char *, u_int); 75 76 void gtp_v1_print(const u_char *, u_int, u_short, u_short); 77 void gtp_v1_print_ctrl(const u_char *, u_int, struct gtp_v1_hdr *); 78 void gtp_v1_print_user(const u_char *, u_int, struct gtp_v1_hdr *); 79 void gtp_v1_print_prime(const u_char *, struct gtp_v1_prime_hdr *); 80 int gtp_v1_print_tv(const u_char *, u_int); 81 int gtp_v1_print_tlv(const u_char *, u_int); 82 83 /* GTPv0 message types. */ 84 static struct tok gtp_v0_msgtype[] = { 85 86 { 1, "Echo Request" }, 87 { 2, "Echo Response" }, 88 { 3, "Version Not Supported" }, 89 { 4, "Node Alive Request" }, 90 { 5, "Node Alive Response" }, 91 { 6, "Redirection Request" }, 92 { 7, "Redirection Response" }, 93 { 16, "Create PDP Context Request" }, 94 { 17, "Create PDP Context Response" }, 95 { 18, "Update PDP Context Request" }, 96 { 19, "Update PDP Context Response" }, 97 { 20, "Delete PDP Context Request" }, 98 { 21, "Delete PDP Context Response" }, 99 { 22, "Create AA PDP Context Request" }, 100 { 23, "Create AA PDP Context Response" }, 101 { 24, "Delete AA PDP Context Request" }, 102 { 25, "Delete AA PDP Context Response" }, 103 { 26, "Error Indication" }, 104 { 27, "PDU Notification Request" }, 105 { 28, "PDU Notification Response" }, 106 { 29, "PDU Notification Reject Request" }, 107 { 30, "PDU Notification Reject Response" }, 108 { 32, "Send Routeing Information Request" }, 109 { 33, "Send Routeing Information Response" }, 110 { 34, "Failure Report Request" }, 111 { 35, "Failure Report Response" }, 112 { 36, "MS GPRS Present Request" }, 113 { 37, "MS GPRS Present Response" }, 114 { 48, "Identification Request" }, 115 { 49, "Identification Response" }, 116 { 50, "SGSN Context Request" }, 117 { 51, "SGSN Context Response" }, 118 { 52, "SGSN Context Acknowledge" }, 119 { 240, "Data Record Transfer Request" }, 120 { 241, "Data Record Transfer Response" }, 121 { 255, "T-PDU" }, 122 123 { 0, NULL } 124 }; 125 126 /* GTPv0 causes. */ 127 static struct tok gtp_v0_cause[] = { 128 129 { 0, "Request IMSI" }, 130 { 1, "Request IMEI" }, 131 { 2, "Request IMSI and IMEI" }, 132 { 3, "No identity needed" }, 133 { 4, "MS refuses" }, 134 { 5, "MS is not GPRS responding" }, 135 { 128, "Request accepted" }, 136 { 192, "Non-existent" }, 137 { 193, "Invalid message format" }, 138 { 194, "IMSI not known" }, 139 { 195, "MS is GPRS detached" }, 140 { 196, "MS is not GPRS responding" }, 141 { 197, "MS refuses" }, 142 { 198, "Version not supported" }, 143 { 199, "No resources available" }, 144 { 200, "Service not supported" }, 145 { 201, "Mandatory IE incorrect" }, 146 { 202, "Mandatory IE missing" }, 147 { 203, "Optional IE incorrect" }, 148 { 204, "System failure" }, 149 { 205, "Roaming restriction" }, 150 { 206, "P-TMSI signature mismatch" }, 151 { 207, "GPRS connection suspended" }, 152 { 208, "Authentication failure" }, 153 { 209, "User authentication failed" }, 154 155 { 0, NULL } 156 }; 157 158 /* GTPv1 message types. */ 159 static struct tok gtp_v1_msgtype[] = { 160 161 { 1, "Echo Request" }, 162 { 2, "Echo Response" }, 163 { 3, "Version Not Supported" }, 164 { 4, "Node Alive Request" }, 165 { 5, "Node Alive Response" }, 166 { 6, "Redirection Request" }, 167 { 7, "Redirection Response" }, 168 { 16, "Create PDP Context Request" }, 169 { 17, "Create PDP Context Response" }, 170 { 18, "Update PDP Context Request" }, 171 { 19, "Update PDP Context Response" }, 172 { 20, "Delete PDP Context Request" }, 173 { 21, "Delete PDP Context Response" }, 174 { 22, "Initiate PDP Context Activiation Request" }, 175 { 23, "Initiate PDP Context Activiation Response" }, 176 { 26, "Error Indication" }, 177 { 27, "PDU Notification Request" }, 178 { 28, "PDU Notification Response" }, 179 { 29, "PDU Notification Reject Request" }, 180 { 30, "PDU Notification Reject Response" }, 181 { 31, "Supported Extension Headers Notification" }, 182 { 32, "Send Routeing Information for GPRS Request" }, 183 { 33, "Send Routeing Information for GPRS Response" }, 184 { 34, "Failure Report Request" }, 185 { 35, "Failure Report Response" }, 186 { 36, "Note MS GPRS Present Request" }, 187 { 37, "Note MS GPRS Present Response" }, 188 { 48, "Identification Request" }, 189 { 49, "Identification Response" }, 190 { 50, "SGSN Context Request" }, 191 { 51, "SGSN Context Response" }, 192 { 52, "SGSN Context Acknowledge" }, 193 { 53, "Forward Relocation Request" }, 194 { 54, "Forward Relocation Response" }, 195 { 55, "Forward Relocation Complete" }, 196 { 56, "Relocation Cancel Request" }, 197 { 57, "Relocation Cancel Response" }, 198 { 58, "Forward SRNS Context" }, 199 { 59, "Forward Relocation Complete Acknowledge" }, 200 { 60, "Forward SRNS Context Acknowledge" }, 201 { 70, "RAN Information Relay" }, 202 { 96, "MBMS Notification Request" }, 203 { 97, "MBMS Notification Response" }, 204 { 98, "MBMS Notification Reject Request" }, 205 { 99, "MBMS Notification Reject Response" }, 206 { 100, "Create MBMS Context Request" }, 207 { 101, "Create MBMS Context Response" }, 208 { 102, "Update MBMS Context Request" }, 209 { 103, "Update MBMS Context Response" }, 210 { 104, "Delete MBMS Context Request" }, 211 { 105, "Delete MBMS Context Response" }, 212 { 112, "MBMS Registration Request" }, 213 { 113, "MBMS Registration Response" }, 214 { 114, "MBMS De-Registration Request" }, 215 { 115, "MBMS De-Registration Response" }, 216 { 116, "MBMS Session Start Request" }, 217 { 117, "MBMS Session Start Response" }, 218 { 118, "MBMS Session Stop Request" }, 219 { 119, "MBMS Session Stop Response" }, 220 { 120, "MBMS Session Update Request" }, 221 { 121, "MBMS Session Update Response" }, 222 { 128, "MBMS Info Change Notification Request" }, 223 { 129, "MBMS Info Change Notification Response" }, 224 { 240, "Data Record Transfer Request" }, 225 { 241, "Data Record Transfer Response" }, 226 { 255, "G-PDU" }, 227 228 { 0, NULL } 229 }; 230 231 /* GTPv1 Causes. */ 232 static struct tok gtp_v1_cause[] = { 233 234 /* GTPv1-C. */ 235 { 0, "Request IMSI" }, 236 { 1, "Request IMEI" }, 237 { 2, "Request IMSI and IMEI" }, 238 { 3, "No identity needed" }, 239 { 4, "MS refuses" }, 240 { 5, "MS is not GPRS responding" }, 241 { 128, "Request accepted" }, 242 { 192, "Non-existent" }, 243 { 193, "Invalid message format" }, 244 { 194, "IMSI not known" }, 245 { 195, "MS is GPRS detached" }, 246 { 196, "MS is not GPRS responding" }, 247 { 197, "MS refuses" }, 248 { 198, "Version not supported" }, 249 { 199, "No resources available" }, 250 { 200, "Service not supported" }, 251 { 201, "Mandatory IE incorrect" }, 252 { 202, "Mandatory IE missing" }, 253 { 203, "Optional IE incorrect" }, 254 { 204, "System failure" }, 255 { 205, "Roaming restriction" }, 256 { 206, "P-TMSI signature mismatch" }, 257 { 207, "GPRS connection suspended" }, 258 { 208, "Authentication failure" }, 259 { 209, "User authentication failed" }, 260 { 210, "Context not found" }, 261 { 211, "All dynamic PDP addresses are occupied" }, 262 { 212, "No memory is available" }, 263 { 213, "Relocation failure" }, 264 { 214, "Unknown mandatory extension header" }, 265 { 215, "Semantic error in the TFT operation" }, 266 { 216, "Syntactic error in the TFT operation" }, 267 { 217, "Semantic errors in packet filter(s)" }, 268 { 218, "Syntactic errors in packet filter(s)" }, 269 { 219, "Missing or unknown APN" }, 270 { 220, "Unknown PDP address or PDP type" }, 271 { 221, "PDP context without TFT already activated" }, 272 { 222, "APN access denied - no subscription" }, 273 { 223, "APN restriction type incompatibility with currently " 274 "active PDP contexts" }, 275 { 224, "MS MBMS capabilities insufficient" }, 276 { 225, "Invalid correlation-ID" }, 277 { 226, "MBMS bearer context superseded" }, 278 279 /* GTP'v1. */ 280 { 59, "System failure" }, 281 { 60, "The transmit buffers are becoming full" }, 282 { 61, "The receive buffers are becoming full" }, 283 { 62, "Another node is about to go down" }, 284 { 63, "This node is about to go down" }, 285 { 177, "CDR decoding error" }, 286 { 252, "Request related to possibly duplicated packets already " 287 "fulfilled" }, 288 { 253, "Request already fulfilled" }, 289 { 254, "Sequence numbers of released/cancelled packets IE incorrect" }, 290 { 255, "Request not fulfilled" }, 291 292 { 0, NULL } 293 }; 294 295 static int gtp_proto = -1; 296 297 void 298 gtp_print(const u_char *cp, u_int length, u_short sport, u_short dport) 299 { 300 int version; 301 302 /* Decode GTP version. */ 303 TCHECK(cp[0]); 304 version = cp[0] >> GTP_VERSION_SHIFT; 305 306 if (version == GTP_VERSION_0) 307 gtp_v0_print(cp, length, sport, dport); 308 else if (version == GTP_VERSION_1) 309 gtp_v1_print(cp, length, sport, dport); 310 else 311 printf("GTP (version %i)", version); 312 313 return; 314 315 trunc: 316 printf("[|GTP]"); 317 } 318 319 /* 320 * Decode and print information elements from message. The actual work is 321 * handled in the appropriate Tag/Value (TV) or Tag/Length/Value (TLV) 322 * decoding routine. 323 */ 324 void 325 gtp_decode_ie(const u_char *cp, u_short version, int len) 326 { 327 int val, ielen, iecount = 0; 328 329 if (len <= 0) 330 return; 331 332 printf(" {"); 333 334 while (len > 0) { 335 336 iecount++; 337 if (iecount > 1) 338 printf(" "); 339 340 TCHECK(cp[0]); 341 val = (u_int)cp[0]; 342 cp++; 343 344 printf("["); 345 346 switch (version) { 347 case GTP_VERSION_0: 348 if ((val & GTPV0_IE_TYPE_MASK) == 0) 349 ielen = gtp_v0_print_tv(cp, val); 350 else 351 ielen = gtp_v0_print_tlv(cp, val); 352 break; 353 354 case GTP_VERSION_1: 355 if ((val & GTPV1_IE_TYPE_MASK) == 0) 356 ielen = gtp_v1_print_tv(cp, val); 357 else 358 ielen = gtp_v1_print_tlv(cp, val); 359 break; 360 361 default: 362 /* Version not supported... */ 363 ielen = -1; 364 break; 365 } 366 367 printf("]"); 368 369 if (ielen < 0) 370 goto trunc; 371 372 len -= ielen; 373 cp += ielen - 1; 374 } 375 376 if (iecount > 0) 377 printf("}"); 378 379 return; 380 381 trunc: 382 printf(" [|%s]", tok2str(gtp_type, "GTP", gtp_proto)); 383 } 384 385 /* 386 * Decode and print telephony binary coded decimal. 387 */ 388 void 389 gtp_print_tbcd(const u_char *cp, u_int len) 390 { 391 u_int8_t *data, bcd; 392 int i; 393 394 data = (u_int8_t *)cp; 395 for (i = 0; i < len; i++) { 396 bcd = *data & 0xf; 397 if (bcd != 0xf) 398 printf("%u", bcd); 399 bcd = *data >> 4; 400 if (bcd != 0xf) 401 printf("%u", bcd); 402 data++; 403 } 404 } 405 406 /* 407 * Decode and print an end user address. Format is detailed in 408 * GSM 09.60 section 7.9.18 and 3GPP 29.060 section 7.7.27. 409 */ 410 void 411 gtp_print_user_address(const u_char *cp, u_int len) 412 { 413 u_int8_t org, type; 414 415 if (len < 2) 416 return; 417 418 org = (u_int8_t)cp[0] & 0xf; 419 type = (u_int8_t)cp[1]; 420 421 cp += 2; 422 423 if (org == 0x0 && type == 0x1) 424 printf(": PPP"); 425 else if (org == 0x1 && type == 0x21) { 426 if (len == 6) 427 printf(": %s", ipaddr_string(cp)); 428 else 429 printf(": IPv4"); 430 } else if (org == 0x1 && type == 0x57) { 431 if (len == 18) 432 printf(": %s", ip6addr_string(cp)); 433 else 434 printf(": IPv6"); 435 } else 436 printf(" (org 0x%x, type 0x%x)", org, type); 437 } 438 439 /* 440 * Decode and print an Access Point Name. Format is detailed in 441 * 3GPP 24.008 section 10.5.6.1 and 3GPP 23.003 section 9.1. 442 */ 443 void 444 gtp_print_apn(const u_char *cp, u_int len) 445 { 446 u_char label[100]; 447 u_int8_t llen; 448 449 if (len < 1 || len > 100) 450 return; 451 452 while (len > 0) { 453 454 llen = (u_int8_t)cp[0]; 455 if (llen > 99) 456 return; 457 458 bcopy(cp + 1, label, llen); 459 label[llen] = '\0'; 460 printf("%s", label); 461 462 cp += llen + 1; 463 len -= llen + 1; 464 465 if (len > 0) 466 printf("."); 467 468 } 469 } 470 471 /* Print string from array. */ 472 void 473 gtp_print_str(const char **strs, u_int bound, u_int index) 474 { 475 if (index >= bound) 476 printf(": %u", index); 477 else if (strs[index] != NULL) 478 printf(": %s", strs[index]); 479 } 480 481 /* 482 * Decoding routines for GTP version 0. 483 */ 484 void 485 gtp_v0_print(const u_char *cp, u_int length, u_short sport, u_short dport) 486 { 487 struct gtp_v0_hdr *gh = (struct gtp_v0_hdr *)cp; 488 int len, version; 489 u_int64_t tid; 490 491 gtp_proto = GTP_V0_PROTO; 492 493 /* Check if this is GTP prime. */ 494 TCHECK(gh->flags); 495 if ((gh->flags & GTPV0_HDR_PROTO_TYPE) == 0) { 496 gtp_proto = GTP_V0_PRIME_PROTO; 497 gtp_v0_print_prime(cp); 498 return; 499 } 500 501 /* Print GTP header. */ 502 TCHECK(*gh); 503 cp += sizeof(struct gtp_v0_hdr); 504 len = ntohs(gh->length); 505 bcopy(&gh->tid, &tid, sizeof(tid)); 506 printf("GTPv0 (len %u, seqno %u, flow %u, N-PDU %u, tid 0x%llx) ", 507 ntohs(gh->length), ntohs(gh->seqno), ntohs(gh->flow), 508 ntohs(gh->npduno), betoh64(tid)); 509 510 /* Decode GTP message. */ 511 printf("%s", tok2str(gtp_v0_msgtype, "Message Type %u", gh->msgtype)); 512 513 if (!vflag) 514 return; 515 516 if (gh->msgtype == GTPV0_T_PDU) { 517 518 TCHECK(cp[0]); 519 version = cp[0] >> 4; 520 521 printf(" { "); 522 523 if (version == 4) 524 ip_print(cp, len); 525 else if (version == 6) 526 ip6_print(cp, len); 527 else 528 printf("Unknown IP version %u", version); 529 530 printf(" }"); 531 } else 532 gtp_decode_ie(cp, GTP_VERSION_0, len); 533 534 return; 535 536 trunc: 537 printf(" [|%s]", tok2str(gtp_type, "GTP", gtp_proto)); 538 } 539 540 void 541 gtp_v0_print_prime(const u_char *cp) 542 { 543 struct gtp_v0_prime_hdr *gph = (struct gtp_v0_prime_hdr *)cp; 544 int len; 545 546 /* Decode GTP prime header. */ 547 TCHECK(*gph); 548 cp += sizeof(*gph); 549 550 len = ntohs(gph->length); 551 printf("GTPv0' (len %u, seq %u) ", len, ntohs(gph->seqno)); 552 553 /* Decode GTP message. */ 554 printf("%s", tok2str(gtp_v0_msgtype, "Message Type %u", gph->msgtype)); 555 556 if (vflag) 557 gtp_decode_ie(cp, GTP_VERSION_0, len); 558 559 return; 560 561 trunc: 562 printf(" [|%s]", tok2str(gtp_type, "GTP", gtp_proto)); 563 } 564 565 int 566 gtp_v0_print_tv(const u_char *cp, u_int value) 567 { 568 u_int32_t *dpl; 569 u_int16_t *dps; 570 u_int8_t data; 571 int ielen = -1; 572 573 switch (value) { 574 case GTPV0_TV_CAUSE: 575 576 /* 09.60 7.9.1 - Cause. */ 577 TCHECK(cp[0]); 578 data = (u_int8_t)cp[0]; 579 ielen = GTPV0_TV_CAUSE_LENGTH; 580 printf("Cause: %s", tok2str(gtp_v0_cause, "#%u", data)); 581 break; 582 583 case GTPV0_TV_IMSI: 584 585 /* 09.60 7.9.2 - International Mobile Subscriber Identity. */ 586 TCHECK2(cp[0], GTPV0_TV_IMSI_LENGTH - 1); 587 printf("IMSI "); 588 gtp_print_tbcd(cp, GTPV0_TV_IMSI_LENGTH - 1); 589 ielen = GTPV0_TV_IMSI_LENGTH; 590 break; 591 592 case GTPV0_TV_RAI: 593 594 /* 09.60 7.9.3 - Routing Area Identity (RAI). */ 595 TCHECK2(cp[0], GTPV0_TV_RAI_LENGTH - 1); 596 printf("RAI: MCC "); 597 data = cp[1] | 0xf0; 598 gtp_print_tbcd(cp, 1); 599 gtp_print_tbcd(&data, 1); 600 printf(", MNC "); 601 data = (cp[1] >> 4) | 0xf0; 602 gtp_print_tbcd(cp + 2, 1); 603 gtp_print_tbcd(&data, 1); 604 printf(", LAC 0x%x%x", cp[3], cp[4]); 605 printf(", RAC 0x%x", cp[5]); 606 ielen = GTPV0_TV_RAI_LENGTH; 607 break; 608 609 case GTPV0_TV_TLLI: 610 611 /* 09.60 7.9.4 - Temporary Logical Link Identity (TLLI). */ 612 TCHECK2(cp[0], GTPV0_TV_TLLI_LENGTH - 1); 613 dpl = (u_int32_t *)cp; 614 printf("TLLI 0x%x", ntohl(*dpl)); 615 ielen = GTPV0_TV_TLLI_LENGTH; 616 break; 617 618 case GTPV0_TV_PTMSI: 619 620 /* 09.60 7.9.5 - Packet TMSI (P-TMSI). */ 621 TCHECK2(cp[0], GTPV0_TV_PTMSI_LENGTH - 1); 622 dpl = (u_int32_t *)cp; 623 printf("P-TMSI 0x%x", ntohl(*dpl)); 624 ielen = GTPV0_TV_PTMSI_LENGTH; 625 break; 626 627 case GTPV0_TV_QOS: 628 629 /* 09.60 7.9.6 - Quality of Service (QoS) Profile. */ 630 TCHECK2(cp[0], GTPV0_TV_QOS_LENGTH - 1); 631 printf("QoS Profile"); /* XXX */ 632 ielen = GTPV0_TV_QOS_LENGTH; 633 break; 634 635 case GTPV0_TV_REORDER: 636 637 /* 09.60 7.9.7 - Reordering Required. */ 638 TCHECK2(cp[0], GTPV0_TV_REORDER_LENGTH - 1); 639 printf("Reordering Required: "); 640 if (cp[0] & 0x1) 641 printf("yes"); 642 else 643 printf("no"); 644 ielen = GTPV0_TV_REORDER_LENGTH; 645 break; 646 647 case GTPV0_TV_AUTH_TRIPLET: 648 649 /* 09.60 7.9.8 - Authentication Triplet. */ 650 TCHECK2(cp[0], GTPV0_TV_AUTH_TRIPLET_LENGTH - 1); 651 printf("Authentication"); /* XXX */ 652 ielen = GTPV0_TV_AUTH_TRIPLET_LENGTH; 653 break; 654 655 case GTPV0_TV_MAP_CAUSE: 656 657 /* 09.60 7.9.9 - MAP Cause. */ 658 TCHECK2(cp[0], GTPV0_TV_MAP_CAUSE_LENGTH - 1); 659 printf("MAP Cause: %u", cp[0]); 660 ielen = GTPV0_TV_MAP_CAUSE_LENGTH; 661 break; 662 663 case GTPV0_TV_PTMSI_SIGNATURE: 664 665 /* 09.60 7.9.10 - P-TMSI Signature. */ 666 /* Signature defined in GSM 04.08. */ 667 TCHECK2(cp[0], GTPV0_TV_PTMSI_SIGNATURE_LENGTH - 1); 668 printf("PTMSI Signature: 0x%x%x%x", cp[0], cp[1], cp[2]); 669 ielen = GTPV0_TV_PTMSI_SIGNATURE_LENGTH; 670 break; 671 672 case GTPV0_TV_MS_VALIDATED: 673 674 /* 09.60 7.9.11 - MS Validated. */ 675 TCHECK2(cp[0], GTPV0_TV_MS_VALIDATED_LENGTH - 1); 676 printf("MS Validated"); 677 if (cp[0] & 0x1) 678 printf("yes"); 679 else 680 printf("no"); 681 ielen = GTPV0_TV_MS_VALIDATED_LENGTH; 682 break; 683 684 case GTPV0_TV_RECOVERY: 685 686 /* 09.60 7.9.12 - Recovery. */ 687 TCHECK2(cp[0], GTPV0_TV_RECOVERY_LENGTH - 1); 688 printf("Recovery: Restart counter %u", cp[0]); 689 ielen = GTPV0_TV_RECOVERY_LENGTH; 690 break; 691 692 case GTPV0_TV_SELECTION_MODE: 693 694 /* 09.60 7.9.13 - Selection Mode. */ 695 TCHECK2(cp[0], GTPV0_TV_SELECTION_MODE_LENGTH - 1); 696 printf("Selection Mode"); /* XXX */ 697 ielen = GTPV0_TV_SELECTION_MODE_LENGTH; 698 break; 699 700 case GTPV0_TV_FLOW_LABEL_DATA_I: 701 702 /* 09.60 7.9.14 - Flow Label Data I. */ 703 TCHECK2(cp[0], GTPV0_TV_FLOW_LABEL_DATA_I_LENGTH - 1); 704 dps = (u_int16_t *)cp; 705 printf("Flow Label Data I: %u", ntohs(*dps)); 706 ielen = GTPV0_TV_FLOW_LABEL_DATA_I_LENGTH; 707 break; 708 709 case GTPV0_TV_FLOW_LABEL_SIGNALLING: 710 711 /* 09.60 7.9.15 - Flow Label Signalling. */ 712 TCHECK2(cp[0], GTPV0_TV_FLOW_LABEL_SIGNALLING_LENGTH - 1); 713 dps = (u_int16_t *)cp; 714 printf("Flow Label Signalling: %u", ntohs(*dps)); 715 ielen = GTPV0_TV_FLOW_LABEL_SIGNALLING_LENGTH; 716 break; 717 718 case GTPV0_TV_FLOW_LABEL_DATA_II: 719 720 /* 09.60 7.9.16 - Flow Label Data II. */ 721 TCHECK2(cp[0], GTPV0_TV_FLOW_LABEL_DATA_II_LENGTH - 1); 722 data = cp[0] & 0xf; 723 dps = (u_int16_t *)(cp + 1); 724 printf("Flow Label Data II: %u, NSAPI %u", ntohs(*dps), data); 725 ielen = GTPV0_TV_FLOW_LABEL_DATA_II_LENGTH; 726 break; 727 728 case GTPV0_TV_PACKET_XFER_CMD: 729 730 /* 12.15 7.3.4.5.3 - Packet Transfer Command. */ 731 TCHECK2(cp[0], GTPV0_TV_PACKET_XFER_CMD_LENGTH - 1); 732 printf("Packet Transfer Command"); 733 gtp_print_str(gtp_packet_xfer_cmd, nitems(gtp_packet_xfer_cmd), 734 cp[0]); 735 ielen = GTPV0_TV_PACKET_XFER_CMD_LENGTH; 736 break; 737 738 case GTPV0_TV_CHARGING_ID: 739 740 /* 09.60 7.9.17 - Charging ID. */ 741 TCHECK2(cp[0], GTPV0_TV_CHARGING_ID_LENGTH - 1); 742 dps = (u_int16_t *)cp; 743 printf("Charging ID: %u", ntohs(*dps)); 744 ielen = GTPV0_TV_CHARGING_ID_LENGTH; 745 break; 746 747 default: 748 printf("TV %u", value); 749 } 750 751 trunc: 752 return ielen; 753 } 754 755 int 756 gtp_v0_print_tlv(const u_char *cp, u_int value) 757 { 758 u_int8_t data; 759 u_int16_t *lenp, *seqno, len; 760 int ielen = -1; 761 762 /* Get length of IE. */ 763 TCHECK2(cp[0], 2); 764 lenp = (u_int16_t *)cp; 765 cp += 2; 766 len = ntohs(*lenp); 767 TCHECK2(cp[0], len); 768 ielen = sizeof(data) + sizeof(len) + len; 769 770 switch (value) { 771 772 case GTPV0_TLV_END_USER_ADDRESS: 773 774 /* 09.60 7.9.18 - End User Address. */ 775 printf("End User Address"); 776 gtp_print_user_address(cp, len); 777 break; 778 779 case GTPV0_TLV_MM_CONTEXT: 780 781 /* 09.60 7.9.19 - MM Context. */ 782 printf("MM Context"); /* XXX */ 783 break; 784 785 case GTPV0_TLV_PDP_CONTEXT: 786 787 /* 09.60 7.9.20 - PDP Context. */ 788 printf("PDP Context"); /* XXX */ 789 break; 790 791 case GTPV0_TLV_ACCESS_POINT_NAME: 792 793 /* 09.60 7.9.21 - Access Point Name. */ 794 printf("AP Name: "); 795 gtp_print_apn(cp, len); 796 break; 797 798 case GTPV0_TLV_PROTOCOL_CONFIG_OPTIONS: 799 800 /* 09.60 7.9.22 - Protocol Configuration Options. */ 801 printf("Protocol Configuration Options"); /* XXX */ 802 break; 803 804 case GTPV0_TLV_GSN_ADDRESS: 805 806 /* 09.60 7.9.23 - GSN Address. */ 807 printf("GSN Address"); 808 if (len == 4) 809 printf(": %s", ipaddr_string(cp)); 810 else if (len == 16) 811 printf(": %s", ip6addr_string(cp)); 812 break; 813 814 case GTPV0_TLV_MS_ISDN: 815 816 /* 09.60 7.9.24 - MS International PSTN/ISDN Number. */ 817 printf("MSISDN "); 818 data = (u_int8_t)cp[0]; /* XXX - Number type. */ 819 gtp_print_tbcd(cp + 1, len - 1); 820 break; 821 822 case GTPV0_TLV_CHARGING_GATEWAY_ADDRESS: 823 824 /* 09.60 7.9.25 - Charging Gateway Address. */ 825 printf("Charging Gateway"); 826 if (len == 4) 827 printf(": %s", ipaddr_string(cp)); 828 break; 829 830 case GTPV0_TLV_DATA_RECORD_PACKET: 831 832 /* 12.15 7.3.4.5.4 - Data Record Packet. */ 833 printf("Data Record: Records %u, Format %u, Format Version %u", 834 cp[0], cp[1], ntohs(*(u_int16_t *)(cp + 2))); 835 break; 836 837 case GTPV0_TLV_REQUESTS_RESPONDED: 838 839 /* 12.15 7.3.4.6 - Requests Responded. */ 840 printf("Requests Responded:"); 841 seqno = (u_int16_t *)cp; 842 while (len > 0) { 843 printf(" %u", ntohs(*seqno)); 844 seqno++; 845 len -= sizeof(*seqno); 846 } 847 break; 848 849 case GTPV0_TLV_RECOMMENDED_NODE: 850 851 /* 12.15 7.3.4.3 - Address of Recommended Node. */ 852 printf("Recommended Node"); 853 if (len == 4) 854 printf(": %s", ipaddr_string(cp)); 855 else if (len == 16) 856 printf(": %s", ip6addr_string(cp)); 857 break; 858 859 case GTPV0_TLV_PRIVATE_EXTENSION: 860 861 printf("Private Extension"); 862 break; 863 864 default: 865 printf("TLV %u (len %u)", value, len); 866 } 867 868 return ielen; 869 870 trunc: 871 return -1; 872 } 873 874 /* 875 * Decoding for GTP version 1, which consists of GTPv1-C, GTPv1-U and GTPv1'. 876 */ 877 void 878 gtp_v1_print(const u_char *cp, u_int length, u_short sport, u_short dport) 879 { 880 struct gtp_v1_hdr *gh = (struct gtp_v1_hdr *)cp; 881 struct gtp_v1_hdr_ext *ghe = NULL; 882 int nexthdr, hlen; 883 u_char *p = (u_char *)cp; 884 885 TCHECK(gh->flags); 886 if ((gh->flags & GTPV1_HDR_PROTO_TYPE) == 0) { 887 gtp_proto = GTP_V1_PRIME_PROTO; 888 printf(" GTPv1'"); 889 gtp_v1_print_prime(p, (struct gtp_v1_prime_hdr *)gh); 890 return; 891 } 892 893 if (dport == GTPV1_C_PORT || sport == GTPV1_C_PORT) { 894 gtp_proto = GTP_V1_CTRL_PROTO; 895 printf(" GTPv1-C"); 896 } else if (dport == GTPV1_U_PORT || sport == GTPV1_U_PORT) { 897 gtp_proto = GTP_V1_USER_PROTO; 898 printf(" GTPv1-U"); 899 } else if (dport == GTPV1_PRIME_PORT || sport == GTPV1_PRIME_PORT) { 900 gtp_proto = GTP_V1_PRIME_PROTO; 901 printf(" GTPv1'"); 902 } 903 904 /* Decode GTP header. */ 905 TCHECK(*gh); 906 p += sizeof(struct gtp_v1_hdr); 907 908 printf(" (teid %u, len %u)", ntohl(gh->teid), ntohs(gh->length)); 909 910 if (gh->flags & GTPV1_HDR_EXT) { 911 ghe = (struct gtp_v1_hdr_ext *)cp; 912 TCHECK(*ghe); 913 p += sizeof(struct gtp_v1_hdr_ext) - sizeof(struct gtp_v1_hdr); 914 } 915 916 if (gh->flags & GTPV1_HDR_SN_FLAG) 917 printf(" [seq %u]", ntohs(ghe->seqno)); 918 919 if (gh->flags & GTPV1_HDR_NPDU_FLAG) 920 printf(" [N-PDU %u]", ghe->npduno); 921 922 if (gh->flags & GTPV1_HDR_EH_FLAG) { 923 924 /* Process next header... */ 925 nexthdr = ghe->nexthdr; 926 while (nexthdr != GTPV1_EH_NONE) { 927 928 /* Header length is a 4 octet multiplier. */ 929 hlen = (int)p[0] * 4; 930 TCHECK2(p[0], hlen); 931 932 switch (nexthdr) { 933 case GTPV1_EH_MBMS_SUPPORT: 934 printf(" [MBMS Support]"); 935 break; 936 937 case GTPV1_EH_MSI_CHANGE_RPT: 938 printf(" [MS Info Change Reporting]"); 939 break; 940 941 case GTPV1_EH_PDCP_PDU_NO: 942 printf(" [PDCP PDU %u]", 943 ntohs(*(u_int16_t *)(p + 1))); 944 break; 945 946 case GTPV1_EH_SUSPEND_REQUEST: 947 printf(" [Suspend Request]"); 948 break; 949 950 case GTPV1_EH_SUSPEND_RESPONSE: 951 printf(" [Suspend Response]"); 952 break; 953 954 default: 955 printf(" [Unknown Header %u]", nexthdr); 956 } 957 958 p += hlen - 1; 959 nexthdr = (int)p[0]; 960 p++; 961 } 962 963 } 964 965 hlen = p - cp; 966 967 if (dport == GTPV1_C_PORT || sport == GTPV1_C_PORT) 968 gtp_v1_print_ctrl(p, hlen, gh); 969 else if (dport == GTPV1_U_PORT || sport == GTPV1_U_PORT) 970 gtp_v1_print_user(p, hlen, gh); 971 972 return; 973 974 trunc: 975 printf(" [|%s]", tok2str(gtp_type, "GTP", gtp_proto)); 976 } 977 978 void 979 gtp_v1_print_ctrl(const u_char *cp, u_int hlen, struct gtp_v1_hdr *gh) 980 { 981 int len; 982 983 /* Decode GTP control message. */ 984 printf(" %s", tok2str(gtp_v1_msgtype, "Message Type %u", gh->msgtype)); 985 986 len = ntohs(gh->length) - hlen + sizeof(*gh); 987 if (vflag) 988 gtp_decode_ie(cp, GTP_VERSION_1, len); 989 } 990 991 void 992 gtp_v1_print_user(const u_char *cp, u_int hlen, struct gtp_v1_hdr *gh) 993 { 994 int len, version; 995 996 /* Decode GTP user message. */ 997 printf(" %s", tok2str(gtp_v1_msgtype, "Message Type %u", gh->msgtype)); 998 999 if (!vflag) 1000 return; 1001 1002 len = ntohs(gh->length) - hlen + sizeof(*gh); 1003 1004 if (gh->msgtype == GTPV1_G_PDU) { 1005 1006 TCHECK(cp[0]); 1007 version = cp[0] >> 4; 1008 1009 printf(" { "); 1010 1011 if (version == 4) 1012 ip_print(cp, len); 1013 else if (version == 6) 1014 ip6_print(cp, len); 1015 else 1016 printf("Unknown IP version %u", version); 1017 1018 printf(" }"); 1019 1020 } else 1021 gtp_decode_ie(cp, GTP_VERSION_1, len); 1022 1023 return; 1024 1025 trunc: 1026 printf(" [|%s]", tok2str(gtp_type, "GTP", gtp_proto)); 1027 } 1028 1029 void 1030 gtp_v1_print_prime(const u_char *cp, struct gtp_v1_prime_hdr *gph) 1031 { 1032 int len; 1033 1034 /* Decode GTP prime header. */ 1035 TCHECK(*gph); 1036 cp += sizeof(struct gtp_v1_prime_hdr); 1037 1038 len = ntohs(gph->length); 1039 printf(" (len %u, seq %u) ", len, ntohs(gph->seqno)); 1040 1041 /* Decode GTP message. */ 1042 printf("%s", tok2str(gtp_v1_msgtype, "Message Type %u", gph->msgtype)); 1043 1044 if (vflag) 1045 gtp_decode_ie(cp, GTP_VERSION_1, len); 1046 1047 return; 1048 1049 trunc: 1050 printf(" [|%s]", tok2str(gtp_type, "GTP", gtp_proto)); 1051 } 1052 1053 int 1054 gtp_v1_print_tv(const u_char *cp, u_int value) 1055 { 1056 u_int32_t *dpl; 1057 u_int16_t *dps; 1058 u_int8_t data; 1059 int ielen = -1; 1060 1061 switch (value) { 1062 case GTPV1_TV_CAUSE: 1063 1064 /* 29.060 - 7.7.1 Cause. */ 1065 TCHECK(cp[0]); 1066 data = (u_int8_t)cp[0]; 1067 ielen = GTPV1_TV_CAUSE_LENGTH; 1068 printf("Cause: %s", tok2str(gtp_v1_cause, "#%u", data)); 1069 break; 1070 1071 case GTPV1_TV_IMSI: 1072 1073 /* 29.060 7.7.2 - International Mobile Subscriber Identity. */ 1074 TCHECK2(cp[0], GTPV1_TV_IMSI_LENGTH - 1); 1075 printf("IMSI "); 1076 gtp_print_tbcd(cp, GTPV1_TV_IMSI_LENGTH - 1); 1077 ielen = GTPV1_TV_IMSI_LENGTH; 1078 break; 1079 1080 case GTPV1_TV_RAI: 1081 1082 /* 29.060 7.7.3 - Routing Area Identity (RAI). */ 1083 TCHECK2(cp[0], GTPV1_TV_RAI_LENGTH - 1); 1084 printf("RAI: MCC "); 1085 data = cp[1] | 0xf0; 1086 gtp_print_tbcd(cp, 1); 1087 gtp_print_tbcd(&data, 1); 1088 printf(", MNC "); 1089 data = (cp[1] >> 4) | 0xf0; 1090 gtp_print_tbcd(cp + 2, 1); 1091 gtp_print_tbcd(&data, 1); 1092 printf(", LAC 0x%x%x", cp[3], cp[4]); 1093 printf(", RAC 0x%x", cp[5]); 1094 ielen = GTPV1_TV_RAI_LENGTH; 1095 break; 1096 1097 case GTPV1_TV_TLLI: 1098 1099 /* 29.060 7.7.4 - Temporary Logical Link Identity (TLLI). */ 1100 TCHECK2(cp[0], GTPV1_TV_TLLI_LENGTH - 1); 1101 dpl = (u_int32_t *)cp; 1102 printf("TLLI 0x%x", ntohl(*dpl)); 1103 ielen = GTPV1_TV_TLLI_LENGTH; 1104 break; 1105 1106 case GTPV1_TV_PTMSI: 1107 1108 /* 29.060 7.7.5 - Packet TMSI (P-TMSI). */ 1109 TCHECK2(cp[0], GTPV1_TV_PTMSI_LENGTH - 1); 1110 dpl = (u_int32_t *)cp; 1111 printf("P-TMSI 0x%x", ntohl(*dpl)); 1112 ielen = GTPV1_TV_PTMSI_LENGTH; 1113 break; 1114 1115 case GTPV1_TV_REORDER: 1116 1117 /* 29.060 7.7.6 - Reordering Required. */ 1118 TCHECK2(cp[0], GTPV1_TV_REORDER_LENGTH - 1); 1119 printf("Reordering Required: "); 1120 if (cp[0] & 0x1) 1121 printf("yes"); 1122 else 1123 printf("no"); 1124 ielen = GTPV1_TV_REORDER_LENGTH; 1125 break; 1126 1127 case GTPV1_TV_AUTH: 1128 1129 /* 29.060 7.7.7 - Authentication Triplet. */ 1130 TCHECK2(cp[0], GTPV1_TV_AUTH_LENGTH - 1); 1131 dpl = (u_int32_t *)cp; 1132 printf("Auth: RAND 0x%x%x%x%x, SRES 0x%x, Kc 0x%x%x", 1133 ntohl(dpl[0]), ntohl(dpl[1]), ntohl(dpl[2]), ntohl(dpl[3]), 1134 ntohl(dpl[4]), ntohl(dpl[5]), ntohl(dpl[6])); 1135 ielen = GTPV1_TV_AUTH_LENGTH; 1136 break; 1137 1138 case GTPV1_TV_MAP_CAUSE: 1139 1140 /* 29.060 7.7.8 - MAP Cause. */ 1141 /* Cause defined in 3GPP TS 29.002. */ 1142 TCHECK2(cp[0], GTPV1_TV_MAP_CAUSE_LENGTH - 1); 1143 printf("Map Cause: %u", cp[0]); 1144 ielen = GTPV1_TV_MAP_CAUSE_LENGTH; 1145 break; 1146 1147 case GTPV1_TV_PTMSI_SIGNATURE: 1148 1149 /* 29.060 7.7.9 - P-TMSI Signature. */ 1150 /* Signature defined in 3GPP TS 24.008. */ 1151 TCHECK2(cp[0], GTPV1_TV_PTMSI_SIGNATURE_LENGTH - 1); 1152 printf("PTMSI Signature: 0x%x%x%x", cp[0], cp[1], cp[2]); 1153 ielen = GTPV1_TV_PTMSI_SIGNATURE_LENGTH; 1154 break; 1155 1156 case GTPV1_TV_MS_VALIDATED: 1157 1158 /* 29.060 7.7.10 - MS Validated. */ 1159 TCHECK2(cp[0], GTPV1_TV_MS_VALIDATED_LENGTH - 1); 1160 printf("MS Validated: "); 1161 if (cp[0] & 0x1) 1162 printf("yes"); 1163 else 1164 printf("no"); 1165 ielen = GTPV1_TV_MS_VALIDATED_LENGTH; 1166 break; 1167 1168 case GTPV1_TV_RECOVERY: 1169 1170 /* 29.060 7.7.11 - Recovery. */ 1171 TCHECK2(cp[0], GTPV1_TV_RECOVERY_LENGTH - 1); 1172 printf("Recovery: Restart counter %u", cp[0]); 1173 ielen = GTPV1_TV_RECOVERY_LENGTH; 1174 break; 1175 1176 case GTPV1_TV_SELECTION_MODE: 1177 1178 /* 29.060 7.7.12 - Selection Mode. */ 1179 TCHECK2(cp[0], GTPV1_TV_SELECTION_MODE_LENGTH - 1); 1180 data = (u_int8_t)cp[0]; 1181 printf("Selection Mode: %u", data & 0x2); 1182 ielen = GTPV1_TV_SELECTION_MODE_LENGTH; 1183 break; 1184 1185 case GTPV1_TV_TEID_DATA_I: 1186 1187 /* 29.060 7.7.13 - Tunnel Endpoint Identifier Data I. */ 1188 TCHECK2(cp[0], GTPV1_TV_TEID_DATA_I_LENGTH - 1); 1189 dpl = (u_int32_t *)cp; 1190 printf("TEI Data I: %u", ntohl(*dpl)); 1191 ielen = GTPV1_TV_TEID_DATA_I_LENGTH; 1192 break; 1193 1194 case GTPV1_TV_TEID_CTRL: 1195 1196 /* 29.060 7.7.14 - Tunnel Endpoint Identifier Control Plane. */ 1197 TCHECK2(cp[0], GTPV1_TV_TEID_CTRL_LENGTH - 1); 1198 dpl = (u_int32_t *)cp; 1199 printf("TEI Control Plane: %u", ntohl(*dpl)); 1200 ielen = GTPV1_TV_TEID_CTRL_LENGTH; 1201 break; 1202 1203 case GTPV1_TV_TEID_DATA_II: 1204 1205 /* 29.060 7.7.15 - Tunnel Endpoint Identifier Data II. */ 1206 TCHECK2(cp[0], GTPV1_TV_TEID_DATA_II_LENGTH - 1); 1207 data = cp[0] & 0xf; 1208 dpl = (u_int32_t *)(cp + 1); 1209 printf("TEI Data II: %u, NSAPI %u", ntohl(*dpl), data); 1210 ielen = GTPV1_TV_TEID_DATA_II_LENGTH; 1211 break; 1212 1213 case GTPV1_TV_TEARDOWN: 1214 1215 /* 29.060 7.7.16 - Teardown Indicator. */ 1216 TCHECK2(cp[0], GTPV1_TV_TEARDOWN_LENGTH - 1); 1217 printf("Teardown: "); 1218 if (cp[0] & 0x1) 1219 printf("yes"); 1220 else 1221 printf("no"); 1222 ielen = GTPV1_TV_TEARDOWN_LENGTH; 1223 break; 1224 1225 case GTPV1_TV_NSAPI: 1226 1227 /* 29.060 7.7.17 - NSAPI. */ 1228 TCHECK2(cp[0], GTPV1_TV_NSAPI_LENGTH - 1); 1229 data = (u_int8_t)cp[0]; 1230 printf("NSAPI %u", data & 0xf); 1231 ielen = GTPV1_TV_NSAPI_LENGTH; 1232 break; 1233 1234 case GTPV1_TV_RANAP: 1235 1236 /* 29.060 7.7.18 - RANAP Cause. */ 1237 TCHECK2(cp[0], GTPV1_TV_RANAP_LENGTH - 1); 1238 printf("RANAP Cause: %u", cp[0]); 1239 ielen = GTPV1_TV_RANAP_LENGTH; 1240 break; 1241 1242 case GTPV1_TV_RAB_CONTEXT: 1243 1244 /* 29.060 7.7.19 - RAB Context. */ 1245 TCHECK2(cp[0], GTPV1_TV_RAB_CONTEXT_LENGTH - 1); 1246 data = cp[0] & 0xf; 1247 dps = (u_int16_t *)(cp + 1); 1248 printf("RAB Context: NSAPI %u, DL GTP-U Seq No %u," 1249 "UL GTP-U Seq No %u, DL PDCP Seq No %u, UL PDCP Seq No %u", 1250 data, ntohs(dps[0]), ntohs(dps[1]), ntohs(dps[2]), 1251 ntohs(dps[3])); 1252 ielen = GTPV1_TV_RAB_CONTEXT_LENGTH; 1253 break; 1254 1255 case GTPV1_TV_RADIO_PRIORITY_SMS: 1256 1257 /* 29.060 7.7.20 - Radio Priority SMS. */ 1258 TCHECK2(cp[0], GTPV1_TV_RADIO_PRI_SMS_LENGTH - 1); 1259 printf("Radio Priority SMS: %u", cp[0] & 0x7); 1260 ielen = GTPV1_TV_RADIO_PRI_SMS_LENGTH; 1261 break; 1262 1263 case GTPV1_TV_RADIO_PRIORITY: 1264 1265 /* 29.060 7.7.21 - Radio Priority. */ 1266 TCHECK2(cp[0], GTPV1_TV_RADIO_PRI_LENGTH - 1); 1267 data = cp[0] >> 4; 1268 printf("Radio Priority: %u, NSAPI %u", cp[0] & 0x7, data); 1269 ielen = GTPV1_TV_RADIO_PRI_LENGTH; 1270 break; 1271 1272 case GTPV1_TV_PACKET_FLOW_ID: 1273 1274 /* 29.060 7.7.22 - Packet Flow ID. */ 1275 TCHECK2(cp[0], GTPV1_TV_PACKET_FLOW_ID_LENGTH - 1); 1276 printf("Packet Flow ID: %u, NSAPI %u", cp[1], cp[0] & 0xf); 1277 ielen = GTPV1_TV_PACKET_FLOW_ID_LENGTH; 1278 break; 1279 1280 case GTPV1_TV_CHARGING: 1281 1282 /* 29.060 7.7.23 - Charging Characteristics. */ 1283 /* Charging defined in 3GPP TS 32.298. */ 1284 TCHECK2(cp[0], GTPV1_TV_CHARGING_LENGTH - 1); 1285 printf("Charging Characteristics"); /* XXX */ 1286 ielen = GTPV1_TV_CHARGING_LENGTH; 1287 break; 1288 1289 case GTPV1_TV_TRACE_REFERENCE: 1290 1291 /* 29.060 7.7.24 - Trace Reference. */ 1292 TCHECK2(cp[0], GTPV1_TV_TRACE_REFERENCE_LENGTH - 1); 1293 dps = (u_int16_t *)cp; 1294 printf("Trace Reference: %u", ntohs(*dps)); 1295 ielen = GTPV1_TV_TRACE_REFERENCE_LENGTH; 1296 break; 1297 1298 case GTPV1_TV_TRACE_TYPE: 1299 1300 /* 29.060 7.7.25 - Trace Type. */ 1301 /* Trace type defined in GSM 12.08. */ 1302 TCHECK2(cp[0], GTPV1_TV_TRACE_TYPE_LENGTH - 1); 1303 dps = (u_int16_t *)cp; 1304 printf("Trace Type: %u", ntohs(*dps)); 1305 ielen = GTPV1_TV_TRACE_TYPE_LENGTH; 1306 break; 1307 1308 case GTPV1_TV_MSNRR: 1309 1310 /* 29.060 7.7.26 - MS Not Reachable Reason. */ 1311 /* Reason defined in 3GPP TS 23.040. */ 1312 TCHECK2(cp[0], GTPV1_TV_MSNRR_LENGTH - 1); 1313 printf("MS NRR: %u", cp[0]); 1314 ielen = GTPV1_TV_MSNRR_LENGTH; 1315 break; 1316 1317 case GTPV1_TV_PACKET_XFER_CMD: 1318 1319 /* 32.295 6.2.4.5.2 - Packet Transfer Command. */ 1320 TCHECK2(cp[0], GTPV1_TV_PACKET_XFER_CMD_LENGTH - 1); 1321 printf("Packet Transfer Command"); 1322 gtp_print_str(gtp_packet_xfer_cmd, nitems(gtp_packet_xfer_cmd), 1323 cp[0]); 1324 ielen = GTPV1_TV_PACKET_XFER_CMD_LENGTH; 1325 break; 1326 1327 case GTPV1_TV_CHARGING_ID: 1328 1329 /* 29.060 7.7.26 - Charging ID. */ 1330 TCHECK2(cp[0], GTPV1_TV_CHARGING_ID_LENGTH - 1); 1331 dpl = (u_int32_t *)cp; 1332 printf("Charging ID: %u", ntohl(*dpl)); 1333 ielen = GTPV1_TV_CHARGING_ID_LENGTH; 1334 break; 1335 1336 default: 1337 printf("TV %u", value); 1338 } 1339 1340 trunc: 1341 return ielen; 1342 } 1343 1344 int 1345 gtp_v1_print_tlv(const u_char *cp, u_int value) 1346 { 1347 u_int8_t data; 1348 u_int16_t *lenp, *seqno, len; 1349 int ielen = -1; 1350 1351 /* Get length of IE. */ 1352 TCHECK2(cp[0], 2); 1353 lenp = (u_int16_t *)cp; 1354 cp += 2; 1355 len = ntohs(*lenp); 1356 TCHECK2(cp[0], len); 1357 ielen = sizeof(data) + sizeof(len) + len; 1358 1359 switch (value) { 1360 case GTPV1_TLV_END_USER_ADDRESS: 1361 1362 /* 3GPP 29.060 - 7.7.27 End User Address. */ 1363 printf("End User Address"); 1364 gtp_print_user_address(cp, len); 1365 break; 1366 1367 case GTPV1_TLV_MM_CONTEXT: 1368 1369 /* 29.060 7.7.28 - MM Context. */ 1370 printf("MM Context"); /* XXX */ 1371 break; 1372 1373 case GTPV1_TLV_PDP_CONTEXT: 1374 1375 /* 29.260 7.7.29 - PDP Context. */ 1376 printf("PDP Context"); /* XXX */ 1377 break; 1378 1379 case GTPV1_TLV_ACCESS_POINT_NAME: 1380 1381 /* 29.060 7.7.30 - Access Point Name. */ 1382 printf("AP Name: "); 1383 gtp_print_apn(cp, len); 1384 break; 1385 1386 case GTPV1_TLV_PROTOCOL_CONFIG_OPTIONS: 1387 1388 /* 29.060 7.7.31 - Protocol Configuration Options. */ 1389 /* Defined in 3GPP TS 24.008. */ 1390 printf("Config Options"); /* XXX */ 1391 break; 1392 1393 case GTPV1_TLV_GSN_ADDRESS: 1394 1395 /* 29.060 7.7.32 - GSN Address. */ 1396 /* Defined in 3GPP TS 23.003. */ 1397 printf("GSN Address"); 1398 if (len == 4) 1399 printf(": %s", ipaddr_string(cp)); 1400 else if (len == 16) 1401 printf(": %s", ip6addr_string(cp)); 1402 break; 1403 1404 case GTPV1_TLV_MSISDN: 1405 1406 /* 29.060 7.7.33 - MS International PSTN/ISDN Number. */ 1407 printf("MSISDN "); 1408 data = (u_int8_t)cp[0]; /* XXX - Number type. */ 1409 gtp_print_tbcd(cp + 1, len - 1); 1410 break; 1411 1412 case GTPV1_TLV_QOS_PROFILE: 1413 1414 /* 29.060 7.7.34 - QoS Profile. */ 1415 /* QoS profile defined in 3GPP TS 24.008 10.5.6.5. */ 1416 printf("QoS Profile: "); 1417 data = (u_int8_t)cp[0]; 1418 printf("Delay Class %u, ", (data >> 3) & 0x7); 1419 printf("Reliability Class %u", data & 0x7); 1420 if (vflag > 1) { 1421 printf(", "); 1422 data = (u_int8_t)cp[1]; 1423 printf("Precedence Class %u", data & 0x7); 1424 /* XXX - Decode more QoS fields. */ 1425 } 1426 break; 1427 1428 case GTPV1_TLV_AUTHENTICATION: 1429 1430 /* 29.060 7.7.35 - Authentication. */ 1431 printf("Authentication"); /* XXX */ 1432 break; 1433 1434 case GTPV1_TLV_TRAFFIC_FLOW: 1435 1436 /* 29.060 7.7.36 - Traffic Flow Template. */ 1437 printf("Traffic Flow Template"); /* XXX */ 1438 break; 1439 1440 case GTPV1_TLV_TARGET_IDENTIFICATION: 1441 1442 /* 29.060 7.7.37 - Target Identification. */ 1443 printf("Target ID"); /* XXX */ 1444 break; 1445 1446 case GTPV1_TLV_UTRAN_CONTAINER: 1447 1448 /* 29.060 7.7.38 - UTRAN Transparent Container. */ 1449 printf("UTRAN Container"); /* XXX */ 1450 break; 1451 1452 case GTPV1_TLV_RAB_SETUP_INFORMATION: 1453 1454 /* 29.060 7.7.39 - RAB Setup Information. */ 1455 printf("RAB Setup"); /* XXX */ 1456 break; 1457 1458 case GTPV1_TLV_EXT_HEADER_TYPE_LIST: 1459 1460 /* 29.060 7.7.40 - Extension Header Type List. */ 1461 printf("Extension Header List"); /* XXX */ 1462 break; 1463 1464 case GTPV1_TLV_TRIGGER_ID: 1465 1466 /* 29.060 7.7.41 - Trigger ID. */ 1467 printf("Trigger ID"); /* XXX */ 1468 break; 1469 1470 case GTPV1_TLV_OMC_IDENTITY: 1471 1472 /* 29.060 7.7.42 - OMC Identity. */ 1473 printf("OMC Identity"); /* XXX */ 1474 break; 1475 1476 case GTPV1_TLV_RAN_CONTAINER: 1477 1478 /* 29.060 7.7.43 - RAN Transparent Container. */ 1479 printf("RAN Container"); /* XXX */ 1480 break; 1481 1482 case GTPV1_TLV_PDP_CONTEXT_PRIORITIZATION: 1483 1484 /* 29.060 7.7.45 - PDP Context Prioritization. */ 1485 printf("PDP Context Prioritization"); /* XXX */ 1486 break; 1487 1488 case GTPV1_TLV_ADDITIONAL_RAB_SETUP_INFO: 1489 1490 /* 29.060 7.7.45A - Additional RAB Setup Information. */ 1491 printf("Additional RAB Setup"); /* XXX */ 1492 break; 1493 1494 case GTPV1_TLV_SGSN_NUMBER: 1495 1496 /* 29.060 7.7.47 - SGSN Number. */ 1497 printf("SGSN Number"); /* XXX */ 1498 break; 1499 1500 case GTPV1_TLV_COMMON_FLAGS: 1501 1502 /* 29.060 7.7.48 - Common Flags. */ 1503 printf("Common Flags"); /* XXX */ 1504 break; 1505 1506 case GTPV1_TLV_APN_RESTRICTION: 1507 1508 /* 29.060 7.7.49 - APN Restriction. */ 1509 data = (u_int8_t)cp[0]; 1510 printf("APN Restriction: %u", data); 1511 break; 1512 1513 case GTPV1_TLV_RADIO_PRIORITY_LCS: 1514 1515 /* 29.060 7.7.25B - Radio Priority LCS. */ 1516 printf("Radio Priority LCS: %u", cp[0] & 0x7); 1517 break; 1518 1519 case GTPV1_TLV_RAT_TYPE: 1520 1521 /* 29.060 7.7.50 - RAT Type. */ 1522 printf("RAT"); 1523 gtp_print_str(gtp_rat_type, nitems(gtp_rat_type), cp[0]); 1524 break; 1525 1526 case GTPV1_TLV_USER_LOCATION_INFO: 1527 1528 /* 29.060 7.7.51 - User Location Information. */ 1529 printf("ULI"); /* XXX */ 1530 break; 1531 1532 case GTPV1_TLV_MS_TIME_ZONE: 1533 1534 /* 29.060 7.7.52 - MS Time Zone. */ 1535 printf("MSTZ"); /* XXX */ 1536 break; 1537 1538 case GTPV1_TLV_IMEI_SV: 1539 1540 /* 29.060 7.7.53 - IMEI(SV). */ 1541 printf("IMEI(SV) "); 1542 gtp_print_tbcd(cp, len); 1543 break; 1544 1545 case GTPV1_TLV_CAMEL_CHARGING_CONTAINER: 1546 1547 /* 29.060 7.7.54 - CAMEL Charging Information Container. */ 1548 printf("CAMEL Charging"); /* XXX */ 1549 break; 1550 1551 case GTPV1_TLV_MBMS_UE_CONTEXT: 1552 1553 /* 29.060 7.7.55 - MBMS UE Context. */ 1554 printf("MBMS UE Context"); /* XXX */ 1555 break; 1556 1557 case GTPV1_TLV_TMGI: 1558 1559 /* 29.060 7.7.56 - Temporary Mobile Group Identity. */ 1560 printf("TMGI"); /* XXX */ 1561 break; 1562 1563 case GTPV1_TLV_RIM_ROUTING_ADDRESS: 1564 1565 /* 29.060 7.7.57 - RIM Routing Address. */ 1566 printf("RIM Routing Address"); /* XXX */ 1567 break; 1568 1569 case GTPV1_TLV_MBMS_PROTOCOL_CONFIG_OPTIONS: 1570 1571 /* 29.060 7.7.58 - MBMS Protocol Configuration Options. */ 1572 printf("MBMS Protocol Config Options"); /* XXX */ 1573 break; 1574 1575 case GTPV1_TLV_MBMS_SERVICE_AREA: 1576 1577 /* 29.060 7.7.60 - MBMS Service Area. */ 1578 printf("MBMS Service Area"); /* XXX */ 1579 break; 1580 1581 case GTPV1_TLV_SOURCE_RNC_PDCP_CONTEXT_INFO: 1582 1583 /* 29.060 7.7.61 - Source RNC PDCP Context Information. */ 1584 printf("Source RNC PDCP Context"); /* XXX */ 1585 break; 1586 1587 case GTPV1_TLV_ADDITIONAL_TRACE_INFO: 1588 1589 /* 29.060 7.7.62 - Additional Trace Information. */ 1590 printf("Additional Trace Info"); /* XXX */ 1591 break; 1592 1593 case GTPV1_TLV_HOP_COUNTER: 1594 1595 /* 29.060 7.7.63 - Hop Counter. */ 1596 printf("Hop Counter: %u", cp[0]); 1597 break; 1598 1599 case GTPV1_TLV_SELECTED_PLMN_ID: 1600 1601 /* 29.060 7.7.64 - Selected PLMN ID. */ 1602 printf("Selected PLMN ID"); /* XXX */ 1603 break; 1604 1605 case GTPV1_TLV_MBMS_SESSION_IDENTIFIER: 1606 1607 /* 29.060 7.7.65 - MBMS Session Identifier. */ 1608 printf("MBMS Session ID: %u", cp[0]); 1609 break; 1610 1611 case GTPV1_TLV_MBMS_2G_3G_INDICATOR: 1612 1613 /* 29.060 7.7.66 - MBMS 2G/3G Indicator. */ 1614 printf("MBMS 2G/3G Indicator"); 1615 gtp_print_str(mbms_2g3g_indicator, nitems(mbms_2g3g_indicator), 1616 cp[0]); 1617 break; 1618 1619 case GTPV1_TLV_ENHANCED_NSAPI: 1620 1621 /* 29.060 7.7.67 - Enhanced NSAPI. */ 1622 printf("Enhanced NSAPI"); /* XXX */ 1623 break; 1624 1625 case GTPV1_TLV_MBMS_SESSION_DURATION: 1626 1627 /* 29.060 7.7.59 - MBMS Session Duration. */ 1628 printf("MBMS Session Duration"); /* XXX */ 1629 break; 1630 1631 case GTPV1_TLV_ADDITIONAL_MBMS_TRACE_INFO: 1632 1633 /* 29.060 7.7.68 - Additional MBMS Trace Info. */ 1634 printf("Additional MBMS Trace Info"); /* XXX */ 1635 break; 1636 1637 case GTPV1_TLV_MBMS_SESSION_REPITITION_NO: 1638 1639 /* 29.060 7.7.69 - MBMS Session Repetition Number. */ 1640 printf("MBMS Session Repetition No: %u", cp[0]); 1641 break; 1642 1643 case GTPV1_TLV_MBMS_TIME_TO_DATA_TRANSFER: 1644 1645 /* 29.060 7.7.70 - MBMS Time to Data Transfer. */ 1646 printf("MBMS Time to Data Transfer: %u", cp[0]); 1647 break; 1648 1649 case GTPV1_TLV_PS_HANDOVER_REQUEST_CONTEXT: 1650 1651 /* 29.060 7.7.71 - PS Handover Request Context (Void). */ 1652 break; 1653 1654 case GTPV1_TLV_BSS_CONTAINER: 1655 1656 /* 29.060 7.7.72 - BSS Container. */ 1657 printf("BSS Container"); /* XXX */ 1658 break; 1659 1660 case GTPV1_TLV_CELL_IDENTIFICATION: 1661 1662 /* 29.060 7.7.73 - Cell Identification. */ 1663 printf("Cell Identification"); /* XXX */ 1664 break; 1665 1666 case GTPV1_TLV_PDU_NUMBERS: 1667 1668 /* 29.060 7.7.74 - PDU Numbers. */ 1669 printf("PDU Numbers"); /* XXX */ 1670 break; 1671 1672 case GTPV1_TLV_BSSGP_CAUSE: 1673 1674 /* 29.060 7.7.75 - BSSGP Cause. */ 1675 printf("BSSGP Cause: %u", cp[0]); 1676 break; 1677 1678 case GTPV1_TLV_REQUIRED_MBMS_BEARER_CAP: 1679 1680 /* 29.060 7.7.76 - Required MBMS Bearer Cap. */ 1681 printf("Required MBMS Bearer Cap"); /* XXX */ 1682 break; 1683 1684 case GTPV1_TLV_RIM_ROUTING_ADDRESS_DISC: 1685 1686 /* 29.060 7.7.77 - RIM Routing Address Discriminator. */ 1687 printf("RIM Routing Address Discriminator: %u", cp[0] & 0xf); 1688 break; 1689 1690 case GTPV1_TLV_LIST_OF_SETUP_PFCS: 1691 1692 /* 29.060 7.7.78 - List of Setup PFCs. */ 1693 printf("List of Setup PFCs"); /* XXX */ 1694 break; 1695 1696 case GTPV1_TLV_PS_HANDOVER_XID_PARAMETERS: 1697 1698 /* 29.060 7.7.79 - PS Handover XID Parameters. */ 1699 printf("PS Handover XID Parameters"); /* XXX */ 1700 break; 1701 1702 case GTPV1_TLV_MS_INFO_CHANGE_REPORTING: 1703 1704 /* 29.060 7.7.80 - MS Info Change Reporting. */ 1705 printf("MS Info Change Reporting"); 1706 gtp_print_str(ms_info_change_rpt, nitems(ms_info_change_rpt), 1707 cp[0]); 1708 break; 1709 1710 case GTPV1_TLV_DIRECT_TUNNEL_FLAGS: 1711 1712 /* 29.060 7.7.81 - Direct Tunnel Flags. */ 1713 printf("Direct Tunnel Flags"); /* XXX */ 1714 break; 1715 1716 case GTPV1_TLV_CORRELATION_ID: 1717 1718 /* 29.060 7.7.82 - Correlation ID. */ 1719 printf("Correlation ID"); /* XXX */ 1720 break; 1721 1722 case GTPV1_TLV_BEARER_CONTROL_MODE: 1723 1724 /* 29.060 7.7.83 - Bearer Control Mode. */ 1725 printf("Bearer Control Mode"); /* XXX */ 1726 break; 1727 1728 case GTPV1_TLV_MBMS_FLOW_IDENTIFIER: 1729 1730 /* 29.060 7.7.84 - MBMS Flow Identifier. */ 1731 printf("MBMS Flow Identifier"); /* XXX */ 1732 break; 1733 1734 case GTPV1_TLV_RELEASED_PACKETS: 1735 1736 /* 32.295 6.2.4.5.4 - Sequence Numbers of Released Packets. */ 1737 printf("Released Packets:"); 1738 seqno = (u_int16_t *)cp; 1739 while (len > 0) { 1740 printf(" %u", ntohs(*seqno)); 1741 seqno++; 1742 len -= sizeof(*seqno); 1743 } 1744 break; 1745 1746 case GTPV1_TLV_CANCELLED_PACKETS: 1747 1748 /* 32.295 6.2.4.5.5 - Sequence Numbers of Cancelled Packets. */ 1749 printf("Cancelled Packets:"); 1750 seqno = (u_int16_t *)cp; 1751 while (len > 0) { 1752 printf(" %u", ntohs(*seqno)); 1753 seqno++; 1754 len -= sizeof(*seqno); 1755 } 1756 break; 1757 1758 case GTPV1_TLV_CHARGING_GATEWAY_ADDRESS: 1759 1760 /* 29.060 7.7.44 - Charging Gateway Address. */ 1761 printf("Charging Gateway"); 1762 if (len == 4) 1763 printf(": %s", ipaddr_string(cp)); 1764 else if (len == 16) 1765 printf(": %s", ip6addr_string(cp)); 1766 break; 1767 1768 case GTPV1_TLV_DATA_RECORD_PACKET: 1769 1770 /* 32.295 6.2.4.5.3 - Data Record Packet. */ 1771 printf("Data Record: Records %u, Format %u, Format Version %u", 1772 cp[0], cp[1], ntohs(*(u_int16_t *)(cp + 2))); 1773 break; 1774 1775 case GTPV1_TLV_REQUESTS_RESPONDED: 1776 1777 /* 32.295 6.2.4.6 - Requests Responded. */ 1778 printf("Requests Responded:"); 1779 seqno = (u_int16_t *)cp; 1780 while (len > 0) { 1781 printf(" %u", ntohs(*seqno)); 1782 seqno++; 1783 len -= sizeof(*seqno); 1784 } 1785 break; 1786 1787 case GTPV1_TLV_ADDRESS_OF_RECOMMENDED_NODE: 1788 1789 /* 32.295 6.2.4.3 - Address of Recommended Node. */ 1790 printf("Address of Recommended Node"); 1791 if (len == 4) 1792 printf(": %s", ipaddr_string(cp)); 1793 else if (len == 16) 1794 printf(": %s", ip6addr_string(cp)); 1795 break; 1796 1797 case GTPV1_TLV_PRIVATE_EXTENSION: 1798 1799 /* 29.060 7.7.46 - Private Extension. */ 1800 printf("Private Extension"); 1801 break; 1802 1803 default: 1804 printf("TLV %u (len %u)", value, len); 1805 } 1806 1807 return ielen; 1808 1809 trunc: 1810 return -1; 1811 } 1812