1 /* $OpenBSD: print-gtp.c,v 1.11 2018/10/22 16:12:45 kn Exp $ */ 2 /* 3 * Copyright (c) 2009, 2010 Joel Sing <jsing@openbsd.org> 4 * 5 * Permission to use, copy, modify, and distribute this software for any 6 * purpose with or without fee is hereby granted, provided that the above 7 * copyright notice and this permission notice appear in all copies. 8 * 9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 */ 17 18 /* 19 * Decoder for the GPRS Trunking Protocol (GTP). 20 * 21 * This work has been kindly sponsored by SystemNet (www.systemnet.no). 22 * 23 * GTPv0 standards are available from the ETSI website: 24 * 25 * http://pda.etsi.org/pda/ 26 * 27 * GTPv1 standards are available from the 3GPP website: 28 * 29 * http://www.3gpp.org/specifications 30 * 31 * The following standards have been referenced to create this decoder: 32 * 33 * ETSI GSM 09.60 - GPRS Tunnelling Protocol (GTPv0) 34 * ETSI GSM 12.15 - GPRS Charging (GTPv0') 35 * 36 * 3GPP TS 23.003 - Numbering, addressing and identification 37 * 3GPP TS 24.008 - Core network protocols 38 * 3GPP TS 29.002 - Mobile Application Part (MAP) specification 39 * 3GPP TS 29.060 - GPRS Tunnelling Protocol (GTPv1-C/GTPv1-U) 40 * 3GPP TS 32.295 - Charging Data Record (CDR) transfer (GTPv1') 41 */ 42 43 #include <sys/time.h> 44 #include <sys/socket.h> 45 #include <sys/types.h> 46 47 #include <netinet/in.h> 48 #include <netinet/ip.h> 49 #include <netinet/ip_var.h> 50 51 #include <ctype.h> 52 #include <stdio.h> 53 #include <stdlib.h> 54 #include <string.h> 55 56 #include "addrtoname.h" 57 #include "interface.h" 58 #include "gtp.h" 59 60 void gtp_print(const u_char *, u_int, u_short, u_short); 61 void gtp_decode_ie(const u_char *, u_short, int); 62 void gtp_print_tbcd(const u_char *, u_int); 63 void gtp_print_user_address(const u_char *, u_int); 64 void gtp_print_apn(const u_char *, u_int); 65 void gtp_print_str(const char **, u_int); 66 67 void gtp_v0_print(const u_char *, u_int, u_short, u_short); 68 void gtp_v0_print_prime(const u_char *); 69 int gtp_v0_print_tv(const u_char *, u_int); 70 int gtp_v0_print_tlv(const u_char *, u_int); 71 72 void gtp_v1_print(const u_char *, u_int, u_short, u_short); 73 void gtp_v1_print_ctrl(const u_char *, u_int, struct gtp_v1_hdr *); 74 void gtp_v1_print_user(const u_char *, u_int, struct gtp_v1_hdr *); 75 void gtp_v1_print_prime(const u_char *, struct gtp_v1_prime_hdr *); 76 int gtp_v1_print_tv(const u_char *, u_int); 77 int gtp_v1_print_tlv(const u_char *, u_int); 78 79 /* GTPv0 message types. */ 80 static struct tok gtp_v0_msgtype[] = { 81 82 { 1, "Echo Request" }, 83 { 2, "Echo Response" }, 84 { 3, "Version Not Supported" }, 85 { 4, "Node Alive Request" }, 86 { 5, "Node Alive Response" }, 87 { 6, "Redirection Request" }, 88 { 7, "Redirection Response" }, 89 { 16, "Create PDP Context Request" }, 90 { 17, "Create PDP Context Response" }, 91 { 18, "Update PDP Context Request" }, 92 { 19, "Update PDP Context Response" }, 93 { 20, "Delete PDP Context Request" }, 94 { 21, "Delete PDP Context Response" }, 95 { 22, "Create AA PDP Context Request" }, 96 { 23, "Create AA PDP Context Response" }, 97 { 24, "Delete AA PDP Context Request" }, 98 { 25, "Delete AA PDP Context Response" }, 99 { 26, "Error Indication" }, 100 { 27, "PDU Notification Request" }, 101 { 28, "PDU Notification Response" }, 102 { 29, "PDU Notification Reject Request" }, 103 { 30, "PDU Notification Reject Response" }, 104 { 32, "Send Routeing Information Request" }, 105 { 33, "Send Routeing Information Response" }, 106 { 34, "Failure Report Request" }, 107 { 35, "Failure Report Response" }, 108 { 36, "MS GPRS Present Request" }, 109 { 37, "MS GPRS Present Response" }, 110 { 48, "Identification Request" }, 111 { 49, "Identification Response" }, 112 { 50, "SGSN Context Request" }, 113 { 51, "SGSN Context Response" }, 114 { 52, "SGSN Context Acknowledge" }, 115 { 240, "Data Record Transfer Request" }, 116 { 241, "Data Record Transfer Response" }, 117 { 255, "T-PDU" }, 118 119 { 0, NULL } 120 }; 121 122 /* GTPv0 causes. */ 123 static struct tok gtp_v0_cause[] = { 124 125 { 0, "Request IMSI" }, 126 { 1, "Request IMEI" }, 127 { 2, "Request IMSI and IMEI" }, 128 { 3, "No identity needed" }, 129 { 4, "MS refuses" }, 130 { 5, "MS is not GPRS responding" }, 131 { 128, "Request accepted" }, 132 { 192, "Non-existent" }, 133 { 193, "Invalid message format" }, 134 { 194, "IMSI not known" }, 135 { 195, "MS is GPRS detached" }, 136 { 196, "MS is not GPRS responding" }, 137 { 197, "MS refuses" }, 138 { 198, "Version not supported" }, 139 { 199, "No resources available" }, 140 { 200, "Service not supported" }, 141 { 201, "Mandatory IE incorrect" }, 142 { 202, "Mandatory IE missing" }, 143 { 203, "Optional IE incorrect" }, 144 { 204, "System failure" }, 145 { 205, "Roaming restriction" }, 146 { 206, "P-TMSI signature mismatch" }, 147 { 207, "GPRS connection suspended" }, 148 { 208, "Authentication failure" }, 149 { 209, "User authentication failed" }, 150 151 { 0, NULL } 152 }; 153 154 /* GTPv1 message types. */ 155 static struct tok gtp_v1_msgtype[] = { 156 157 { 1, "Echo Request" }, 158 { 2, "Echo Response" }, 159 { 3, "Version Not Supported" }, 160 { 4, "Node Alive Request" }, 161 { 5, "Node Alive Response" }, 162 { 6, "Redirection Request" }, 163 { 7, "Redirection Response" }, 164 { 16, "Create PDP Context Request" }, 165 { 17, "Create PDP Context Response" }, 166 { 18, "Update PDP Context Request" }, 167 { 19, "Update PDP Context Response" }, 168 { 20, "Delete PDP Context Request" }, 169 { 21, "Delete PDP Context Response" }, 170 { 22, "Initiate PDP Context Activiation Request" }, 171 { 23, "Initiate PDP Context Activiation Response" }, 172 { 26, "Error Indication" }, 173 { 27, "PDU Notification Request" }, 174 { 28, "PDU Notification Response" }, 175 { 29, "PDU Notification Reject Request" }, 176 { 30, "PDU Notification Reject Response" }, 177 { 31, "Supported Extension Headers Notification" }, 178 { 32, "Send Routeing Information for GPRS Request" }, 179 { 33, "Send Routeing Information for GPRS Response" }, 180 { 34, "Failure Report Request" }, 181 { 35, "Failure Report Response" }, 182 { 36, "Note MS GPRS Present Request" }, 183 { 37, "Note MS GPRS Present Response" }, 184 { 48, "Identification Request" }, 185 { 49, "Identification Response" }, 186 { 50, "SGSN Context Request" }, 187 { 51, "SGSN Context Response" }, 188 { 52, "SGSN Context Acknowledge" }, 189 { 53, "Forward Relocation Request" }, 190 { 54, "Forward Relocation Response" }, 191 { 55, "Forward Relocation Complete" }, 192 { 56, "Relocation Cancel Request" }, 193 { 57, "Relocation Cancel Response" }, 194 { 58, "Forward SRNS Context" }, 195 { 59, "Forward Relocation Complete Acknowledge" }, 196 { 60, "Forward SRNS Context Acknowledge" }, 197 { 70, "RAN Information Relay" }, 198 { 96, "MBMS Notification Request" }, 199 { 97, "MBMS Notification Response" }, 200 { 98, "MBMS Notification Reject Request" }, 201 { 99, "MBMS Notification Reject Response" }, 202 { 100, "Create MBMS Context Request" }, 203 { 101, "Create MBMS Context Response" }, 204 { 102, "Update MBMS Context Request" }, 205 { 103, "Update MBMS Context Response" }, 206 { 104, "Delete MBMS Context Request" }, 207 { 105, "Delete MBMS Context Response" }, 208 { 112, "MBMS Registration Request" }, 209 { 113, "MBMS Registration Response" }, 210 { 114, "MBMS De-Registration Request" }, 211 { 115, "MBMS De-Registration Response" }, 212 { 116, "MBMS Session Start Request" }, 213 { 117, "MBMS Session Start Response" }, 214 { 118, "MBMS Session Stop Request" }, 215 { 119, "MBMS Session Stop Response" }, 216 { 120, "MBMS Session Update Request" }, 217 { 121, "MBMS Session Update Response" }, 218 { 128, "MBMS Info Change Notification Request" }, 219 { 129, "MBMS Info Change Notification Response" }, 220 { 240, "Data Record Transfer Request" }, 221 { 241, "Data Record Transfer Response" }, 222 { 255, "G-PDU" }, 223 224 { 0, NULL } 225 }; 226 227 /* GTPv1 Causes. */ 228 static struct tok gtp_v1_cause[] = { 229 230 /* GTPv1-C. */ 231 { 0, "Request IMSI" }, 232 { 1, "Request IMEI" }, 233 { 2, "Request IMSI and IMEI" }, 234 { 3, "No identity needed" }, 235 { 4, "MS refuses" }, 236 { 5, "MS is not GPRS responding" }, 237 { 128, "Request accepted" }, 238 { 192, "Non-existent" }, 239 { 193, "Invalid message format" }, 240 { 194, "IMSI not known" }, 241 { 195, "MS is GPRS detached" }, 242 { 196, "MS is not GPRS responding" }, 243 { 197, "MS refuses" }, 244 { 198, "Version not supported" }, 245 { 199, "No resources available" }, 246 { 200, "Service not supported" }, 247 { 201, "Mandatory IE incorrect" }, 248 { 202, "Mandatory IE missing" }, 249 { 203, "Optional IE incorrect" }, 250 { 204, "System failure" }, 251 { 205, "Roaming restriction" }, 252 { 206, "P-TMSI signature mismatch" }, 253 { 207, "GPRS connection suspended" }, 254 { 208, "Authentication failure" }, 255 { 209, "User authentication failed" }, 256 { 210, "Context not found" }, 257 { 211, "All dynamic PDP addresses are occupied" }, 258 { 212, "No memory is available" }, 259 { 213, "Relocation failure" }, 260 { 214, "Unknown mandatory extension header" }, 261 { 215, "Semantic error in the TFT operation" }, 262 { 216, "Syntactic error in the TFT operation" }, 263 { 217, "Semantic errors in packet filter(s)" }, 264 { 218, "Syntactic errors in packet filter(s)" }, 265 { 219, "Missing or unknown APN" }, 266 { 220, "Unknown PDP address or PDP type" }, 267 { 221, "PDP context without TFT already activated" }, 268 { 222, "APN access denied - no subscription" }, 269 { 223, "APN restriction type incompatibility with currently " 270 "active PDP contexts" }, 271 { 224, "MS MBMS capabilities insufficient" }, 272 { 225, "Invalid correlation-ID" }, 273 { 226, "MBMS bearer context superseded" }, 274 275 /* GTP'v1. */ 276 { 59, "System failure" }, 277 { 60, "The transmit buffers are becoming full" }, 278 { 61, "The receive buffers are becoming full" }, 279 { 62, "Another node is about to go down" }, 280 { 63, "This node is about to go down" }, 281 { 177, "CDR decoding error" }, 282 { 252, "Request related to possibly duplicated packets already " 283 "fulfilled" }, 284 { 253, "Request already fulfilled" }, 285 { 254, "Sequence numbers of released/cancelled packets IE incorrect" }, 286 { 255, "Request not fulfilled" }, 287 288 { 0, NULL } 289 }; 290 291 static int gtp_proto = -1; 292 293 void 294 gtp_print(const u_char *cp, u_int length, u_short sport, u_short dport) 295 { 296 int version; 297 298 /* Decode GTP version. */ 299 TCHECK(cp[0]); 300 version = cp[0] >> GTP_VERSION_SHIFT; 301 302 if (version == GTP_VERSION_0) 303 gtp_v0_print(cp, length, sport, dport); 304 else if (version == GTP_VERSION_1) 305 gtp_v1_print(cp, length, sport, dport); 306 else 307 printf("GTP (version %i)", version); 308 309 return; 310 311 trunc: 312 printf("[|GTP]"); 313 } 314 315 /* 316 * Decode and print information elements from message. The actual work is 317 * handled in the appropriate Tag/Value (TV) or Tag/Length/Value (TLV) 318 * decoding routine. 319 */ 320 void 321 gtp_decode_ie(const u_char *cp, u_short version, int len) 322 { 323 int val, ielen, iecount = 0; 324 325 if (len <= 0) 326 return; 327 328 printf(" {"); 329 330 while (len > 0) { 331 332 iecount++; 333 if (iecount > 1) 334 printf(" "); 335 336 TCHECK(cp[0]); 337 val = (u_int)cp[0]; 338 cp++; 339 340 printf("["); 341 342 switch (version) { 343 case GTP_VERSION_0: 344 if ((val & GTPV0_IE_TYPE_MASK) == 0) 345 ielen = gtp_v0_print_tv(cp, val); 346 else 347 ielen = gtp_v0_print_tlv(cp, val); 348 break; 349 350 case GTP_VERSION_1: 351 if ((val & GTPV1_IE_TYPE_MASK) == 0) 352 ielen = gtp_v1_print_tv(cp, val); 353 else 354 ielen = gtp_v1_print_tlv(cp, val); 355 break; 356 357 default: 358 /* Version not supported... */ 359 ielen = -1; 360 break; 361 } 362 363 printf("]"); 364 365 if (ielen < 0) 366 goto trunc; 367 368 len -= ielen; 369 cp += ielen - 1; 370 } 371 372 if (iecount > 0) 373 printf("}"); 374 375 return; 376 377 trunc: 378 printf(" [|%s]", tok2str(gtp_type, "GTP", gtp_proto)); 379 } 380 381 /* 382 * Decode and print telephony binary coded decimal. 383 */ 384 void 385 gtp_print_tbcd(const u_char *cp, u_int len) 386 { 387 u_int8_t *data, bcd; 388 int i; 389 390 data = (u_int8_t *)cp; 391 for (i = 0; i < len; i++) { 392 bcd = *data & 0xf; 393 if (bcd != 0xf) 394 printf("%u", bcd); 395 bcd = *data >> 4; 396 if (bcd != 0xf) 397 printf("%u", bcd); 398 data++; 399 } 400 } 401 402 /* 403 * Decode and print an end user address. Format is detailed in 404 * GSM 09.60 section 7.9.18 and 3GPP 29.060 section 7.7.27. 405 */ 406 void 407 gtp_print_user_address(const u_char *cp, u_int len) 408 { 409 u_int8_t org, type; 410 411 if (len < 2) 412 return; 413 414 org = (u_int8_t)cp[0] & 0xf; 415 type = (u_int8_t)cp[1]; 416 417 cp += 2; 418 419 if (org == 0x0 && type == 0x1) 420 printf(": PPP"); 421 else if (org == 0x1 && type == 0x21) { 422 if (len == 6) 423 printf(": %s", ipaddr_string(cp)); 424 else 425 printf(": IPv4"); 426 } else if (org == 0x1 && type == 0x57) { 427 if (len == 18) 428 printf(": %s", ip6addr_string(cp)); 429 else 430 printf(": IPv6"); 431 } else 432 printf(" (org 0x%x, type 0x%x)", org, type); 433 } 434 435 /* 436 * Decode and print an Access Point Name. Format is detailed in 437 * 3GPP 24.008 section 10.5.6.1 and 3GPP 23.003 section 9.1. 438 */ 439 void 440 gtp_print_apn(const u_char *cp, u_int len) 441 { 442 u_char label[100]; 443 u_int8_t llen; 444 445 if (len < 1 || len > 100) 446 return; 447 448 while (len > 0) { 449 450 llen = (u_int8_t)cp[0]; 451 if (llen > 99) 452 return; 453 454 bcopy(cp + 1, label, llen); 455 label[llen] = '\0'; 456 printf("%s", label); 457 458 cp += llen + 1; 459 len -= llen + 1; 460 461 if (len > 0) 462 printf("."); 463 464 } 465 } 466 467 /* Print string from array. */ 468 void 469 gtp_print_str(const char **strs, u_int index) 470 { 471 472 if (index >= (sizeof(*strs) / sizeof(*strs[0]))) 473 printf(": %u", index); 474 else if (strs[index] != NULL) 475 printf(": %s", strs[index]); 476 } 477 478 /* 479 * Decoding routines for GTP version 0. 480 */ 481 void 482 gtp_v0_print(const u_char *cp, u_int length, u_short sport, u_short dport) 483 { 484 struct gtp_v0_hdr *gh = (struct gtp_v0_hdr *)cp; 485 int len, version; 486 u_int64_t tid; 487 488 gtp_proto = GTP_V0_PROTO; 489 490 /* Check if this is GTP prime. */ 491 TCHECK(gh->flags); 492 if ((gh->flags & GTPV0_HDR_PROTO_TYPE) == 0) { 493 gtp_proto = GTP_V0_PRIME_PROTO; 494 gtp_v0_print_prime(cp); 495 return; 496 } 497 498 /* Print GTP header. */ 499 TCHECK(*gh); 500 cp += sizeof(struct gtp_v0_hdr); 501 len = ntohs(gh->length); 502 bcopy(&gh->tid, &tid, sizeof(tid)); 503 printf("GTPv0 (len %u, seqno %u, flow %u, N-PDU %u, tid 0x%llx) ", 504 ntohs(gh->length), ntohs(gh->seqno), ntohs(gh->flow), 505 ntohs(gh->npduno), betoh64(tid)); 506 507 /* Decode GTP message. */ 508 printf("%s", tok2str(gtp_v0_msgtype, "Message Type %u", gh->msgtype)); 509 510 if (!vflag) 511 return; 512 513 if (gh->msgtype == GTPV0_T_PDU) { 514 515 TCHECK(cp[0]); 516 version = cp[0] >> 4; 517 518 printf(" { "); 519 520 if (version == 4) 521 ip_print(cp, len); 522 else if (version == 6) 523 ip6_print(cp, len); 524 else 525 printf("Unknown IP version %u", version); 526 527 printf(" }"); 528 } else 529 gtp_decode_ie(cp, GTP_VERSION_0, len); 530 531 return; 532 533 trunc: 534 printf(" [|%s]", tok2str(gtp_type, "GTP", gtp_proto)); 535 } 536 537 void 538 gtp_v0_print_prime(const u_char *cp) 539 { 540 struct gtp_v0_prime_hdr *gph = (struct gtp_v0_prime_hdr *)cp; 541 int len; 542 543 /* Decode GTP prime header. */ 544 TCHECK(*gph); 545 cp += sizeof(*gph); 546 547 len = ntohs(gph->length); 548 printf("GTPv0' (len %u, seq %u) ", len, ntohs(gph->seqno)); 549 550 /* Decode GTP message. */ 551 printf("%s", tok2str(gtp_v0_msgtype, "Message Type %u", gph->msgtype)); 552 553 if (vflag) 554 gtp_decode_ie(cp, GTP_VERSION_0, len); 555 556 return; 557 558 trunc: 559 printf(" [|%s]", tok2str(gtp_type, "GTP", gtp_proto)); 560 } 561 562 int 563 gtp_v0_print_tv(const u_char *cp, u_int value) 564 { 565 u_int32_t *dpl; 566 u_int16_t *dps; 567 u_int8_t data; 568 int ielen = -1; 569 570 switch (value) { 571 case GTPV0_TV_CAUSE: 572 573 /* 09.60 7.9.1 - Cause. */ 574 TCHECK(cp[0]); 575 data = (u_int8_t)cp[0]; 576 ielen = GTPV0_TV_CAUSE_LENGTH; 577 printf("Cause: %s", tok2str(gtp_v0_cause, "#%u", data)); 578 break; 579 580 case GTPV0_TV_IMSI: 581 582 /* 09.60 7.9.2 - International Mobile Subscriber Identity. */ 583 TCHECK2(cp[0], GTPV0_TV_IMSI_LENGTH - 1); 584 printf("IMSI "); 585 gtp_print_tbcd(cp, GTPV0_TV_IMSI_LENGTH - 1); 586 ielen = GTPV0_TV_IMSI_LENGTH; 587 break; 588 589 case GTPV0_TV_RAI: 590 591 /* 09.60 7.9.3 - Routing Area Identity (RAI). */ 592 TCHECK2(cp[0], GTPV0_TV_RAI_LENGTH - 1); 593 printf("RAI: MCC "); 594 data = cp[1] | 0xf0; 595 gtp_print_tbcd(cp, 1); 596 gtp_print_tbcd(&data, 1); 597 printf(", MNC "); 598 data = (cp[1] >> 4) | 0xf0; 599 gtp_print_tbcd(cp + 2, 1); 600 gtp_print_tbcd(&data, 1); 601 printf(", LAC 0x%x%x", cp[3], cp[4]); 602 printf(", RAC 0x%x", cp[5]); 603 ielen = GTPV0_TV_RAI_LENGTH; 604 break; 605 606 case GTPV0_TV_TLLI: 607 608 /* 09.60 7.9.4 - Temporary Logical Link Identity (TLLI). */ 609 TCHECK2(cp[0], GTPV0_TV_TLLI_LENGTH - 1); 610 dpl = (u_int32_t *)cp; 611 printf("TLLI 0x%x", ntohl(*dpl)); 612 ielen = GTPV0_TV_TLLI_LENGTH; 613 break; 614 615 case GTPV0_TV_PTMSI: 616 617 /* 09.60 7.9.5 - Packet TMSI (P-TMSI). */ 618 TCHECK2(cp[0], GTPV0_TV_PTMSI_LENGTH - 1); 619 dpl = (u_int32_t *)cp; 620 printf("P-TMSI 0x%x", ntohl(*dpl)); 621 ielen = GTPV0_TV_PTMSI_LENGTH; 622 break; 623 624 case GTPV0_TV_QOS: 625 626 /* 09.60 7.9.6 - Quality of Service (QoS) Profile. */ 627 TCHECK2(cp[0], GTPV0_TV_QOS_LENGTH - 1); 628 printf("QoS Profile"); /* XXX */ 629 ielen = GTPV0_TV_QOS_LENGTH; 630 break; 631 632 case GTPV0_TV_REORDER: 633 634 /* 09.60 7.9.7 - Reordering Required. */ 635 TCHECK2(cp[0], GTPV0_TV_REORDER_LENGTH - 1); 636 printf("Reordering Required: "); 637 if (cp[0] & 0x1) 638 printf("yes"); 639 else 640 printf("no"); 641 ielen = GTPV0_TV_REORDER_LENGTH; 642 break; 643 644 case GTPV0_TV_AUTH_TRIPLET: 645 646 /* 09.60 7.9.8 - Authentication Triplet. */ 647 TCHECK2(cp[0], GTPV0_TV_AUTH_TRIPLET_LENGTH - 1); 648 printf("Authentication"); /* XXX */ 649 ielen = GTPV0_TV_AUTH_TRIPLET_LENGTH; 650 break; 651 652 case GTPV0_TV_MAP_CAUSE: 653 654 /* 09.60 7.9.9 - MAP Cause. */ 655 TCHECK2(cp[0], GTPV0_TV_MAP_CAUSE_LENGTH - 1); 656 printf("MAP Cause: %u", cp[0]); 657 ielen = GTPV0_TV_MAP_CAUSE_LENGTH; 658 break; 659 660 case GTPV0_TV_PTMSI_SIGNATURE: 661 662 /* 09.60 7.9.10 - P-TMSI Signature. */ 663 /* Signature defined in GSM 04.08. */ 664 TCHECK2(cp[0], GTPV0_TV_PTMSI_SIGNATURE_LENGTH - 1); 665 printf("PTMSI Signature: 0x%x%x%x", cp[0], cp[1], cp[2]); 666 ielen = GTPV0_TV_PTMSI_SIGNATURE_LENGTH; 667 break; 668 669 case GTPV0_TV_MS_VALIDATED: 670 671 /* 09.60 7.9.11 - MS Validated. */ 672 TCHECK2(cp[0], GTPV0_TV_MS_VALIDATED_LENGTH - 1); 673 printf("MS Validated"); 674 if (cp[0] & 0x1) 675 printf("yes"); 676 else 677 printf("no"); 678 ielen = GTPV0_TV_MS_VALIDATED_LENGTH; 679 break; 680 681 case GTPV0_TV_RECOVERY: 682 683 /* 09.60 7.9.12 - Recovery. */ 684 TCHECK2(cp[0], GTPV0_TV_RECOVERY_LENGTH - 1); 685 printf("Recovery: Restart counter %u", cp[0]); 686 ielen = GTPV0_TV_RECOVERY_LENGTH; 687 break; 688 689 case GTPV0_TV_SELECTION_MODE: 690 691 /* 09.60 7.9.13 - Selection Mode. */ 692 TCHECK2(cp[0], GTPV0_TV_SELECTION_MODE_LENGTH - 1); 693 printf("Selection Mode"); /* XXX */ 694 ielen = GTPV0_TV_SELECTION_MODE_LENGTH; 695 break; 696 697 case GTPV0_TV_FLOW_LABEL_DATA_I: 698 699 /* 09.60 7.9.14 - Flow Label Data I. */ 700 TCHECK2(cp[0], GTPV0_TV_FLOW_LABEL_DATA_I_LENGTH - 1); 701 dps = (u_int16_t *)cp; 702 printf("Flow Label Data I: %u", ntohs(*dps)); 703 ielen = GTPV0_TV_FLOW_LABEL_DATA_I_LENGTH; 704 break; 705 706 case GTPV0_TV_FLOW_LABEL_SIGNALLING: 707 708 /* 09.60 7.9.15 - Flow Label Signalling. */ 709 TCHECK2(cp[0], GTPV0_TV_FLOW_LABEL_SIGNALLING_LENGTH - 1); 710 dps = (u_int16_t *)cp; 711 printf("Flow Label Signalling: %u", ntohs(*dps)); 712 ielen = GTPV0_TV_FLOW_LABEL_SIGNALLING_LENGTH; 713 break; 714 715 case GTPV0_TV_FLOW_LABEL_DATA_II: 716 717 /* 09.60 7.9.16 - Flow Label Data II. */ 718 TCHECK2(cp[0], GTPV0_TV_FLOW_LABEL_DATA_II_LENGTH - 1); 719 data = cp[0] & 0xf; 720 dps = (u_int16_t *)(cp + 1); 721 printf("Flow Label Data II: %u, NSAPI %u", ntohs(*dps), data); 722 ielen = GTPV0_TV_FLOW_LABEL_DATA_II_LENGTH; 723 break; 724 725 case GTPV0_TV_PACKET_XFER_CMD: 726 727 /* 12.15 7.3.4.5.3 - Packet Transfer Command. */ 728 TCHECK2(cp[0], GTPV0_TV_PACKET_XFER_CMD_LENGTH - 1); 729 printf("Packet Transfer Command"); 730 gtp_print_str(gtp_packet_xfer_cmd, cp[0]); 731 ielen = GTPV0_TV_PACKET_XFER_CMD_LENGTH; 732 break; 733 734 case GTPV0_TV_CHARGING_ID: 735 736 /* 09.60 7.9.17 - Charging ID. */ 737 TCHECK2(cp[0], GTPV0_TV_CHARGING_ID_LENGTH - 1); 738 dps = (u_int16_t *)cp; 739 printf("Charging ID: %u", ntohs(*dps)); 740 ielen = GTPV0_TV_CHARGING_ID_LENGTH; 741 break; 742 743 default: 744 printf("TV %u", value); 745 } 746 747 trunc: 748 return ielen; 749 } 750 751 int 752 gtp_v0_print_tlv(const u_char *cp, u_int value) 753 { 754 u_int8_t data; 755 u_int16_t *lenp, *seqno, len; 756 int ielen = -1; 757 758 /* Get length of IE. */ 759 TCHECK2(cp[0], 2); 760 lenp = (u_int16_t *)cp; 761 cp += 2; 762 len = ntohs(*lenp); 763 TCHECK2(cp[0], len); 764 ielen = sizeof(data) + sizeof(len) + len; 765 766 switch (value) { 767 768 case GTPV0_TLV_END_USER_ADDRESS: 769 770 /* 09.60 7.9.18 - End User Address. */ 771 printf("End User Address"); 772 gtp_print_user_address(cp, len); 773 break; 774 775 case GTPV0_TLV_MM_CONTEXT: 776 777 /* 09.60 7.9.19 - MM Context. */ 778 printf("MM Context"); /* XXX */ 779 break; 780 781 case GTPV0_TLV_PDP_CONTEXT: 782 783 /* 09.60 7.9.20 - PDP Context. */ 784 printf("PDP Context"); /* XXX */ 785 break; 786 787 case GTPV0_TLV_ACCESS_POINT_NAME: 788 789 /* 09.60 7.9.21 - Access Point Name. */ 790 printf("AP Name: "); 791 gtp_print_apn(cp, len); 792 break; 793 794 case GTPV0_TLV_PROTOCOL_CONFIG_OPTIONS: 795 796 /* 09.60 7.9.22 - Protocol Configuration Options. */ 797 printf("Protocol Configuration Options"); /* XXX */ 798 break; 799 800 case GTPV0_TLV_GSN_ADDRESS: 801 802 /* 09.60 7.9.23 - GSN Address. */ 803 printf("GSN Address"); 804 if (len == 4) 805 printf(": %s", ipaddr_string(cp)); 806 else if (len == 16) 807 printf(": %s", ip6addr_string(cp)); 808 break; 809 810 case GTPV0_TLV_MS_ISDN: 811 812 /* 09.60 7.9.24 - MS International PSTN/ISDN Number. */ 813 printf("MSISDN "); 814 data = (u_int8_t)cp[0]; /* XXX - Number type. */ 815 gtp_print_tbcd(cp + 1, len - 1); 816 break; 817 818 case GTPV0_TLV_CHARGING_GATEWAY_ADDRESS: 819 820 /* 09.60 7.9.25 - Charging Gateway Address. */ 821 printf("Charging Gateway"); 822 if (len == 4) 823 printf(": %s", ipaddr_string(cp)); 824 break; 825 826 case GTPV0_TLV_DATA_RECORD_PACKET: 827 828 /* 12.15 7.3.4.5.4 - Data Record Packet. */ 829 printf("Data Record: Records %u, Format %u, Format Version %u", 830 cp[0], cp[1], ntohs(*(u_int16_t *)(cp + 2))); 831 break; 832 833 case GTPV0_TLV_REQUESTS_RESPONDED: 834 835 /* 12.15 7.3.4.6 - Requests Responded. */ 836 printf("Requests Responded:"); 837 seqno = (u_int16_t *)cp; 838 while (len > 0) { 839 printf(" %u", ntohs(*seqno)); 840 seqno++; 841 len -= sizeof(*seqno); 842 } 843 break; 844 845 case GTPV0_TLV_RECOMMENDED_NODE: 846 847 /* 12.15 7.3.4.3 - Address of Recommended Node. */ 848 printf("Recommended Node"); 849 if (len == 4) 850 printf(": %s", ipaddr_string(cp)); 851 else if (len == 16) 852 printf(": %s", ip6addr_string(cp)); 853 break; 854 855 case GTPV0_TLV_PRIVATE_EXTENSION: 856 857 printf("Private Extension"); 858 break; 859 860 default: 861 printf("TLV %u (len %u)", value, len); 862 } 863 864 return ielen; 865 866 trunc: 867 return -1; 868 } 869 870 /* 871 * Decoding for GTP version 1, which consists of GTPv1-C, GTPv1-U and GTPv1'. 872 */ 873 void 874 gtp_v1_print(const u_char *cp, u_int length, u_short sport, u_short dport) 875 { 876 struct gtp_v1_hdr *gh = (struct gtp_v1_hdr *)cp; 877 struct gtp_v1_hdr_ext *ghe = NULL; 878 int nexthdr, hlen; 879 u_char *p = (u_char *)cp; 880 881 TCHECK(gh->flags); 882 if ((gh->flags & GTPV1_HDR_PROTO_TYPE) == 0) { 883 gtp_proto = GTP_V1_PRIME_PROTO; 884 printf(" GTPv1'"); 885 gtp_v1_print_prime(p, (struct gtp_v1_prime_hdr *)gh); 886 return; 887 } 888 889 if (dport == GTPV1_C_PORT || sport == GTPV1_C_PORT) { 890 gtp_proto = GTP_V1_CTRL_PROTO; 891 printf(" GTPv1-C"); 892 } else if (dport == GTPV1_U_PORT || sport == GTPV1_U_PORT) { 893 gtp_proto = GTP_V1_USER_PROTO; 894 printf(" GTPv1-U"); 895 } else if (dport == GTPV1_PRIME_PORT || sport == GTPV1_PRIME_PORT) { 896 gtp_proto = GTP_V1_PRIME_PROTO; 897 printf(" GTPv1'"); 898 } 899 900 /* Decode GTP header. */ 901 TCHECK(*gh); 902 p += sizeof(struct gtp_v1_hdr); 903 904 printf(" (teid %u, len %u)", ntohl(gh->teid), ntohs(gh->length)); 905 906 if (gh->flags & GTPV1_HDR_EXT) { 907 ghe = (struct gtp_v1_hdr_ext *)cp; 908 TCHECK(*ghe); 909 p += sizeof(struct gtp_v1_hdr_ext) - sizeof(struct gtp_v1_hdr); 910 } 911 912 if (gh->flags & GTPV1_HDR_SN_FLAG) 913 printf(" [seq %u]", ntohs(ghe->seqno)); 914 915 if (gh->flags & GTPV1_HDR_NPDU_FLAG) 916 printf(" [N-PDU %u]", ghe->npduno); 917 918 if (gh->flags & GTPV1_HDR_EH_FLAG) { 919 920 /* Process next header... */ 921 nexthdr = ghe->nexthdr; 922 while (nexthdr != GTPV1_EH_NONE) { 923 924 /* Header length is a 4 octet multiplier. */ 925 hlen = (int)p[0] * 4; 926 TCHECK2(p[0], hlen); 927 928 switch (nexthdr) { 929 case GTPV1_EH_MBMS_SUPPORT: 930 printf(" [MBMS Support]"); 931 break; 932 933 case GTPV1_EH_MSI_CHANGE_RPT: 934 printf(" [MS Info Change Reporting]"); 935 break; 936 937 case GTPV1_EH_PDCP_PDU_NO: 938 printf(" [PDCP PDU %u]", 939 ntohs(*(u_int16_t *)(p + 1))); 940 break; 941 942 case GTPV1_EH_SUSPEND_REQUEST: 943 printf(" [Suspend Request]"); 944 break; 945 946 case GTPV1_EH_SUSPEND_RESPONSE: 947 printf(" [Suspend Response]"); 948 break; 949 950 default: 951 printf(" [Unknown Header %u]", nexthdr); 952 } 953 954 p += hlen - 1; 955 nexthdr = (int)p[0]; 956 p++; 957 } 958 959 } 960 961 hlen = p - cp; 962 963 if (dport == GTPV1_C_PORT || sport == GTPV1_C_PORT) 964 gtp_v1_print_ctrl(p, hlen, gh); 965 else if (dport == GTPV1_U_PORT || sport == GTPV1_U_PORT) 966 gtp_v1_print_user(p, hlen, gh); 967 968 return; 969 970 trunc: 971 printf(" [|%s]", tok2str(gtp_type, "GTP", gtp_proto)); 972 } 973 974 void 975 gtp_v1_print_ctrl(const u_char *cp, u_int hlen, struct gtp_v1_hdr *gh) 976 { 977 int len; 978 979 /* Decode GTP control message. */ 980 printf(" %s", tok2str(gtp_v1_msgtype, "Message Type %u", gh->msgtype)); 981 982 len = ntohs(gh->length) - hlen + sizeof(*gh); 983 if (vflag) 984 gtp_decode_ie(cp, GTP_VERSION_1, len); 985 } 986 987 void 988 gtp_v1_print_user(const u_char *cp, u_int hlen, struct gtp_v1_hdr *gh) 989 { 990 int len, version; 991 992 /* Decode GTP user message. */ 993 printf(" %s", tok2str(gtp_v1_msgtype, "Message Type %u", gh->msgtype)); 994 995 if (!vflag) 996 return; 997 998 len = ntohs(gh->length) - hlen + sizeof(*gh); 999 1000 if (gh->msgtype == GTPV1_G_PDU) { 1001 1002 TCHECK(cp[0]); 1003 version = cp[0] >> 4; 1004 1005 printf(" { "); 1006 1007 if (version == 4) 1008 ip_print(cp, len); 1009 else if (version == 6) 1010 ip6_print(cp, len); 1011 else 1012 printf("Unknown IP version %u", version); 1013 1014 printf(" }"); 1015 1016 } else 1017 gtp_decode_ie(cp, GTP_VERSION_1, len); 1018 1019 return; 1020 1021 trunc: 1022 printf(" [|%s]", tok2str(gtp_type, "GTP", gtp_proto)); 1023 } 1024 1025 void 1026 gtp_v1_print_prime(const u_char *cp, struct gtp_v1_prime_hdr *gph) 1027 { 1028 int len; 1029 1030 /* Decode GTP prime header. */ 1031 TCHECK(*gph); 1032 cp += sizeof(struct gtp_v1_prime_hdr); 1033 1034 len = ntohs(gph->length); 1035 printf(" (len %u, seq %u) ", len, ntohs(gph->seqno)); 1036 1037 /* Decode GTP message. */ 1038 printf("%s", tok2str(gtp_v1_msgtype, "Message Type %u", gph->msgtype)); 1039 1040 if (vflag) 1041 gtp_decode_ie(cp, GTP_VERSION_1, len); 1042 1043 return; 1044 1045 trunc: 1046 printf(" [|%s]", tok2str(gtp_type, "GTP", gtp_proto)); 1047 } 1048 1049 int 1050 gtp_v1_print_tv(const u_char *cp, u_int value) 1051 { 1052 u_int32_t *dpl; 1053 u_int16_t *dps; 1054 u_int8_t data; 1055 int ielen = -1; 1056 1057 switch (value) { 1058 case GTPV1_TV_CAUSE: 1059 1060 /* 29.060 - 7.7.1 Cause. */ 1061 TCHECK(cp[0]); 1062 data = (u_int8_t)cp[0]; 1063 ielen = GTPV1_TV_CAUSE_LENGTH; 1064 printf("Cause: %s", tok2str(gtp_v1_cause, "#%u", data)); 1065 break; 1066 1067 case GTPV1_TV_IMSI: 1068 1069 /* 29.060 7.7.2 - International Mobile Subscriber Identity. */ 1070 TCHECK2(cp[0], GTPV1_TV_IMSI_LENGTH - 1); 1071 printf("IMSI "); 1072 gtp_print_tbcd(cp, GTPV1_TV_IMSI_LENGTH - 1); 1073 ielen = GTPV1_TV_IMSI_LENGTH; 1074 break; 1075 1076 case GTPV1_TV_RAI: 1077 1078 /* 29.060 7.7.3 - Routing Area Identity (RAI). */ 1079 TCHECK2(cp[0], GTPV1_TV_RAI_LENGTH - 1); 1080 printf("RAI: MCC "); 1081 data = cp[1] | 0xf0; 1082 gtp_print_tbcd(cp, 1); 1083 gtp_print_tbcd(&data, 1); 1084 printf(", MNC "); 1085 data = (cp[1] >> 4) | 0xf0; 1086 gtp_print_tbcd(cp + 2, 1); 1087 gtp_print_tbcd(&data, 1); 1088 printf(", LAC 0x%x%x", cp[3], cp[4]); 1089 printf(", RAC 0x%x", cp[5]); 1090 ielen = GTPV1_TV_RAI_LENGTH; 1091 break; 1092 1093 case GTPV1_TV_TLLI: 1094 1095 /* 29.060 7.7.4 - Temporary Logical Link Identity (TLLI). */ 1096 TCHECK2(cp[0], GTPV1_TV_TLLI_LENGTH - 1); 1097 dpl = (u_int32_t *)cp; 1098 printf("TLLI 0x%x", ntohl(*dpl)); 1099 ielen = GTPV1_TV_TLLI_LENGTH; 1100 break; 1101 1102 case GTPV1_TV_PTMSI: 1103 1104 /* 29.060 7.7.5 - Packet TMSI (P-TMSI). */ 1105 TCHECK2(cp[0], GTPV1_TV_PTMSI_LENGTH - 1); 1106 dpl = (u_int32_t *)cp; 1107 printf("P-TMSI 0x%x", ntohl(*dpl)); 1108 ielen = GTPV1_TV_PTMSI_LENGTH; 1109 break; 1110 1111 case GTPV1_TV_REORDER: 1112 1113 /* 29.060 7.7.6 - Reordering Required. */ 1114 TCHECK2(cp[0], GTPV1_TV_REORDER_LENGTH - 1); 1115 printf("Reordering Required: "); 1116 if (cp[0] & 0x1) 1117 printf("yes"); 1118 else 1119 printf("no"); 1120 ielen = GTPV1_TV_REORDER_LENGTH; 1121 break; 1122 1123 case GTPV1_TV_AUTH: 1124 1125 /* 29.060 7.7.7 - Authentication Triplet. */ 1126 TCHECK2(cp[0], GTPV1_TV_AUTH_LENGTH - 1); 1127 dpl = (u_int32_t *)cp; 1128 printf("Auth: RAND 0x%x%x%x%x, SRES 0x%x, Kc 0x%x%x", 1129 ntohl(dpl[0]), ntohl(dpl[1]), ntohl(dpl[2]), ntohl(dpl[3]), 1130 ntohl(dpl[4]), ntohl(dpl[5]), ntohl(dpl[6])); 1131 ielen = GTPV1_TV_AUTH_LENGTH; 1132 break; 1133 1134 case GTPV1_TV_MAP_CAUSE: 1135 1136 /* 29.060 7.7.8 - MAP Cause. */ 1137 /* Cause defined in 3GPP TS 29.002. */ 1138 TCHECK2(cp[0], GTPV1_TV_MAP_CAUSE_LENGTH - 1); 1139 printf("Map Cause: %u", cp[0]); 1140 ielen = GTPV1_TV_MAP_CAUSE_LENGTH; 1141 break; 1142 1143 case GTPV1_TV_PTMSI_SIGNATURE: 1144 1145 /* 29.060 7.7.9 - P-TMSI Signature. */ 1146 /* Signature defined in 3GPP TS 24.008. */ 1147 TCHECK2(cp[0], GTPV1_TV_PTMSI_SIGNATURE_LENGTH - 1); 1148 printf("PTMSI Signature: 0x%x%x%x", cp[0], cp[1], cp[2]); 1149 ielen = GTPV1_TV_PTMSI_SIGNATURE_LENGTH; 1150 break; 1151 1152 case GTPV1_TV_MS_VALIDATED: 1153 1154 /* 29.060 7.7.10 - MS Validated. */ 1155 TCHECK2(cp[0], GTPV1_TV_MS_VALIDATED_LENGTH - 1); 1156 printf("MS Validated: "); 1157 if (cp[0] & 0x1) 1158 printf("yes"); 1159 else 1160 printf("no"); 1161 ielen = GTPV1_TV_MS_VALIDATED_LENGTH; 1162 break; 1163 1164 case GTPV1_TV_RECOVERY: 1165 1166 /* 29.060 7.7.11 - Recovery. */ 1167 TCHECK2(cp[0], GTPV1_TV_RECOVERY_LENGTH - 1); 1168 printf("Recovery: Restart counter %u", cp[0]); 1169 ielen = GTPV1_TV_RECOVERY_LENGTH; 1170 break; 1171 1172 case GTPV1_TV_SELECTION_MODE: 1173 1174 /* 29.060 7.7.12 - Selection Mode. */ 1175 TCHECK2(cp[0], GTPV1_TV_SELECTION_MODE_LENGTH - 1); 1176 data = (u_int8_t)cp[0]; 1177 printf("Selection Mode: %u", data & 0x2); 1178 ielen = GTPV1_TV_SELECTION_MODE_LENGTH; 1179 break; 1180 1181 case GTPV1_TV_TEID_DATA_I: 1182 1183 /* 29.060 7.7.13 - Tunnel Endpoint Identifier Data I. */ 1184 TCHECK2(cp[0], GTPV1_TV_TEID_DATA_I_LENGTH - 1); 1185 dpl = (u_int32_t *)cp; 1186 printf("TEI Data I: %u", ntohl(*dpl)); 1187 ielen = GTPV1_TV_TEID_DATA_I_LENGTH; 1188 break; 1189 1190 case GTPV1_TV_TEID_CTRL: 1191 1192 /* 29.060 7.7.14 - Tunnel Endpoint Identifier Control Plane. */ 1193 TCHECK2(cp[0], GTPV1_TV_TEID_CTRL_LENGTH - 1); 1194 dpl = (u_int32_t *)cp; 1195 printf("TEI Control Plane: %u", ntohl(*dpl)); 1196 ielen = GTPV1_TV_TEID_CTRL_LENGTH; 1197 break; 1198 1199 case GTPV1_TV_TEID_DATA_II: 1200 1201 /* 29.060 7.7.15 - Tunnel Endpoint Identifier Data II. */ 1202 TCHECK2(cp[0], GTPV1_TV_TEID_DATA_II_LENGTH - 1); 1203 data = cp[0] & 0xf; 1204 dpl = (u_int32_t *)(cp + 1); 1205 printf("TEI Data II: %u, NSAPI %u", ntohl(*dpl), data); 1206 ielen = GTPV1_TV_TEID_DATA_II_LENGTH; 1207 break; 1208 1209 case GTPV1_TV_TEARDOWN: 1210 1211 /* 29.060 7.7.16 - Teardown Indicator. */ 1212 TCHECK2(cp[0], GTPV1_TV_TEARDOWN_LENGTH - 1); 1213 printf("Teardown: "); 1214 if (cp[0] & 0x1) 1215 printf("yes"); 1216 else 1217 printf("no"); 1218 ielen = GTPV1_TV_TEARDOWN_LENGTH; 1219 break; 1220 1221 case GTPV1_TV_NSAPI: 1222 1223 /* 29.060 7.7.17 - NSAPI. */ 1224 TCHECK2(cp[0], GTPV1_TV_NSAPI_LENGTH - 1); 1225 data = (u_int8_t)cp[0]; 1226 printf("NSAPI %u", data & 0xf); 1227 ielen = GTPV1_TV_NSAPI_LENGTH; 1228 break; 1229 1230 case GTPV1_TV_RANAP: 1231 1232 /* 29.060 7.7.18 - RANAP Cause. */ 1233 TCHECK2(cp[0], GTPV1_TV_RANAP_LENGTH - 1); 1234 printf("RANAP Cause: %u", cp[0]); 1235 ielen = GTPV1_TV_RANAP_LENGTH; 1236 break; 1237 1238 case GTPV1_TV_RAB_CONTEXT: 1239 1240 /* 29.060 7.7.19 - RAB Context. */ 1241 TCHECK2(cp[0], GTPV1_TV_RAB_CONTEXT_LENGTH - 1); 1242 data = cp[0] & 0xf; 1243 dps = (u_int16_t *)(cp + 1); 1244 printf("RAB Context: NSAPI %u, DL GTP-U Seq No %u," 1245 "UL GTP-U Seq No %u, DL PDCP Seq No %u, UL PDCP Seq No %u", 1246 data, ntohs(dps[0]), ntohs(dps[1]), ntohs(dps[2]), 1247 ntohs(dps[3])); 1248 ielen = GTPV1_TV_RAB_CONTEXT_LENGTH; 1249 break; 1250 1251 case GTPV1_TV_RADIO_PRIORITY_SMS: 1252 1253 /* 29.060 7.7.20 - Radio Priority SMS. */ 1254 TCHECK2(cp[0], GTPV1_TV_RADIO_PRI_SMS_LENGTH - 1); 1255 printf("Radio Priority SMS: %u", cp[0] & 0x7); 1256 ielen = GTPV1_TV_RADIO_PRI_SMS_LENGTH; 1257 break; 1258 1259 case GTPV1_TV_RADIO_PRIORITY: 1260 1261 /* 29.060 7.7.21 - Radio Priority. */ 1262 TCHECK2(cp[0], GTPV1_TV_RADIO_PRI_LENGTH - 1); 1263 data = cp[0] >> 4; 1264 printf("Radio Priority: %u, NSAPI %u", cp[0] & 0x7, data); 1265 ielen = GTPV1_TV_RADIO_PRI_LENGTH; 1266 break; 1267 1268 case GTPV1_TV_PACKET_FLOW_ID: 1269 1270 /* 29.060 7.7.22 - Packet Flow ID. */ 1271 TCHECK2(cp[0], GTPV1_TV_PACKET_FLOW_ID_LENGTH - 1); 1272 printf("Packet Flow ID: %u, NSAPI %u", cp[1], cp[0] & 0xf); 1273 ielen = GTPV1_TV_PACKET_FLOW_ID_LENGTH; 1274 break; 1275 1276 case GTPV1_TV_CHARGING: 1277 1278 /* 29.060 7.7.23 - Charging Characteristics. */ 1279 /* Charging defined in 3GPP TS 32.298. */ 1280 TCHECK2(cp[0], GTPV1_TV_CHARGING_LENGTH - 1); 1281 printf("Charging Characteristics"); /* XXX */ 1282 ielen = GTPV1_TV_CHARGING_LENGTH; 1283 break; 1284 1285 case GTPV1_TV_TRACE_REFERENCE: 1286 1287 /* 29.060 7.7.24 - Trace Reference. */ 1288 TCHECK2(cp[0], GTPV1_TV_TRACE_REFERENCE_LENGTH - 1); 1289 dps = (u_int16_t *)cp; 1290 printf("Trace Reference: %u", ntohs(*dps)); 1291 ielen = GTPV1_TV_TRACE_REFERENCE_LENGTH; 1292 break; 1293 1294 case GTPV1_TV_TRACE_TYPE: 1295 1296 /* 29.060 7.7.25 - Trace Type. */ 1297 /* Trace type defined in GSM 12.08. */ 1298 TCHECK2(cp[0], GTPV1_TV_TRACE_TYPE_LENGTH - 1); 1299 dps = (u_int16_t *)cp; 1300 printf("Trace Type: %u", ntohs(*dps)); 1301 ielen = GTPV1_TV_TRACE_TYPE_LENGTH; 1302 break; 1303 1304 case GTPV1_TV_MSNRR: 1305 1306 /* 29.060 7.7.26 - MS Not Reachable Reason. */ 1307 /* Reason defined in 3GPP TS 23.040. */ 1308 TCHECK2(cp[0], GTPV1_TV_MSNRR_LENGTH - 1); 1309 printf("MS NRR: %u", cp[0]); 1310 ielen = GTPV1_TV_MSNRR_LENGTH; 1311 break; 1312 1313 case GTPV1_TV_PACKET_XFER_CMD: 1314 1315 /* 32.295 6.2.4.5.2 - Packet Transfer Command. */ 1316 TCHECK2(cp[0], GTPV1_TV_PACKET_XFER_CMD_LENGTH - 1); 1317 printf("Packet Transfer Command"); 1318 gtp_print_str(gtp_packet_xfer_cmd, cp[0]); 1319 ielen = GTPV1_TV_PACKET_XFER_CMD_LENGTH; 1320 break; 1321 1322 case GTPV1_TV_CHARGING_ID: 1323 1324 /* 29.060 7.7.26 - Charging ID. */ 1325 TCHECK2(cp[0], GTPV1_TV_CHARGING_ID_LENGTH - 1); 1326 dpl = (u_int32_t *)cp; 1327 printf("Charging ID: %u", ntohl(*dpl)); 1328 ielen = GTPV1_TV_CHARGING_ID_LENGTH; 1329 break; 1330 1331 default: 1332 printf("TV %u", value); 1333 } 1334 1335 trunc: 1336 return ielen; 1337 } 1338 1339 int 1340 gtp_v1_print_tlv(const u_char *cp, u_int value) 1341 { 1342 u_int8_t data; 1343 u_int16_t *lenp, *seqno, len; 1344 int ielen = -1; 1345 1346 /* Get length of IE. */ 1347 TCHECK2(cp[0], 2); 1348 lenp = (u_int16_t *)cp; 1349 cp += 2; 1350 len = ntohs(*lenp); 1351 TCHECK2(cp[0], len); 1352 ielen = sizeof(data) + sizeof(len) + len; 1353 1354 switch (value) { 1355 case GTPV1_TLV_END_USER_ADDRESS: 1356 1357 /* 3GPP 29.060 - 7.7.27 End User Address. */ 1358 printf("End User Address"); 1359 gtp_print_user_address(cp, len); 1360 break; 1361 1362 case GTPV1_TLV_MM_CONTEXT: 1363 1364 /* 29.060 7.7.28 - MM Context. */ 1365 printf("MM Context"); /* XXX */ 1366 break; 1367 1368 case GTPV1_TLV_PDP_CONTEXT: 1369 1370 /* 29.260 7.7.29 - PDP Context. */ 1371 printf("PDP Context"); /* XXX */ 1372 break; 1373 1374 case GTPV1_TLV_ACCESS_POINT_NAME: 1375 1376 /* 29.060 7.7.30 - Access Point Name. */ 1377 printf("AP Name: "); 1378 gtp_print_apn(cp, len); 1379 break; 1380 1381 case GTPV1_TLV_PROTOCOL_CONFIG_OPTIONS: 1382 1383 /* 29.060 7.7.31 - Protocol Configuration Options. */ 1384 /* Defined in 3GPP TS 24.008. */ 1385 printf("Config Options"); /* XXX */ 1386 break; 1387 1388 case GTPV1_TLV_GSN_ADDRESS: 1389 1390 /* 29.060 7.7.32 - GSN Address. */ 1391 /* Defined in 3GPP TS 23.003. */ 1392 printf("GSN Address"); 1393 if (len == 4) 1394 printf(": %s", ipaddr_string(cp)); 1395 else if (len == 16) 1396 printf(": %s", ip6addr_string(cp)); 1397 break; 1398 1399 case GTPV1_TLV_MSISDN: 1400 1401 /* 29.060 7.7.33 - MS International PSTN/ISDN Number. */ 1402 printf("MSISDN "); 1403 data = (u_int8_t)cp[0]; /* XXX - Number type. */ 1404 gtp_print_tbcd(cp + 1, len - 1); 1405 break; 1406 1407 case GTPV1_TLV_QOS_PROFILE: 1408 1409 /* 29.060 7.7.34 - QoS Profile. */ 1410 /* QoS profile defined in 3GPP TS 24.008 10.5.6.5. */ 1411 printf("QoS Profile: "); 1412 data = (u_int8_t)cp[0]; 1413 printf("Delay Class %u, ", (data >> 3) & 0x7); 1414 printf("Reliability Class %u", data & 0x7); 1415 if (vflag > 1) { 1416 printf(", "); 1417 data = (u_int8_t)cp[1]; 1418 printf("Precedence Class %u", data & 0x7); 1419 /* XXX - Decode more QoS fields. */ 1420 } 1421 break; 1422 1423 case GTPV1_TLV_AUTHENTICATION: 1424 1425 /* 29.060 7.7.35 - Authentication. */ 1426 printf("Authentication"); /* XXX */ 1427 break; 1428 1429 case GTPV1_TLV_TRAFFIC_FLOW: 1430 1431 /* 29.060 7.7.36 - Traffic Flow Template. */ 1432 printf("Traffic Flow Template"); /* XXX */ 1433 break; 1434 1435 case GTPV1_TLV_TARGET_IDENTIFICATION: 1436 1437 /* 29.060 7.7.37 - Target Identification. */ 1438 printf("Target ID"); /* XXX */ 1439 break; 1440 1441 case GTPV1_TLV_UTRAN_CONTAINER: 1442 1443 /* 29.060 7.7.38 - UTRAN Transparent Container. */ 1444 printf("UTRAN Container"); /* XXX */ 1445 break; 1446 1447 case GTPV1_TLV_RAB_SETUP_INFORMATION: 1448 1449 /* 29.060 7.7.39 - RAB Setup Information. */ 1450 printf("RAB Setup"); /* XXX */ 1451 break; 1452 1453 case GTPV1_TLV_EXT_HEADER_TYPE_LIST: 1454 1455 /* 29.060 7.7.40 - Extension Header Type List. */ 1456 printf("Extension Header List"); /* XXX */ 1457 break; 1458 1459 case GTPV1_TLV_TRIGGER_ID: 1460 1461 /* 29.060 7.7.41 - Trigger ID. */ 1462 printf("Trigger ID"); /* XXX */ 1463 break; 1464 1465 case GTPV1_TLV_OMC_IDENTITY: 1466 1467 /* 29.060 7.7.42 - OMC Identity. */ 1468 printf("OMC Identity"); /* XXX */ 1469 break; 1470 1471 case GTPV1_TLV_RAN_CONTAINER: 1472 1473 /* 29.060 7.7.43 - RAN Transparent Container. */ 1474 printf("RAN Container"); /* XXX */ 1475 break; 1476 1477 case GTPV1_TLV_PDP_CONTEXT_PRIORITIZATION: 1478 1479 /* 29.060 7.7.45 - PDP Context Prioritization. */ 1480 printf("PDP Context Prioritization"); /* XXX */ 1481 break; 1482 1483 case GTPV1_TLV_ADDITIONAL_RAB_SETUP_INFO: 1484 1485 /* 29.060 7.7.45A - Additional RAB Setup Information. */ 1486 printf("Additional RAB Setup"); /* XXX */ 1487 break; 1488 1489 case GTPV1_TLV_SGSN_NUMBER: 1490 1491 /* 29.060 7.7.47 - SGSN Number. */ 1492 printf("SGSN Number"); /* XXX */ 1493 break; 1494 1495 case GTPV1_TLV_COMMON_FLAGS: 1496 1497 /* 29.060 7.7.48 - Common Flags. */ 1498 printf("Common Flags"); /* XXX */ 1499 break; 1500 1501 case GTPV1_TLV_APN_RESTRICTION: 1502 1503 /* 29.060 7.7.49 - APN Restriction. */ 1504 data = (u_int8_t)cp[0]; 1505 printf("APN Restriction: %u", data); 1506 break; 1507 1508 case GTPV1_TLV_RADIO_PRIORITY_LCS: 1509 1510 /* 29.060 7.7.25B - Radio Priority LCS. */ 1511 printf("Radio Priority LCS: %u", cp[0] & 0x7); 1512 break; 1513 1514 case GTPV1_TLV_RAT_TYPE: 1515 1516 /* 29.060 7.7.50 - RAT Type. */ 1517 printf("RAT"); 1518 gtp_print_str(gtp_rat_type, cp[0]); 1519 break; 1520 1521 case GTPV1_TLV_USER_LOCATION_INFO: 1522 1523 /* 29.060 7.7.51 - User Location Information. */ 1524 printf("ULI"); /* XXX */ 1525 break; 1526 1527 case GTPV1_TLV_MS_TIME_ZONE: 1528 1529 /* 29.060 7.7.52 - MS Time Zone. */ 1530 printf("MSTZ"); /* XXX */ 1531 break; 1532 1533 case GTPV1_TLV_IMEI_SV: 1534 1535 /* 29.060 7.7.53 - IMEI(SV). */ 1536 printf("IMEI(SV) "); 1537 gtp_print_tbcd(cp, len); 1538 break; 1539 1540 case GTPV1_TLV_CAMEL_CHARGING_CONTAINER: 1541 1542 /* 29.060 7.7.54 - CAMEL Charging Information Container. */ 1543 printf("CAMEL Charging"); /* XXX */ 1544 break; 1545 1546 case GTPV1_TLV_MBMS_UE_CONTEXT: 1547 1548 /* 29.060 7.7.55 - MBMS UE Context. */ 1549 printf("MBMS UE Context"); /* XXX */ 1550 break; 1551 1552 case GTPV1_TLV_TMGI: 1553 1554 /* 29.060 7.7.56 - Temporary Mobile Group Identity. */ 1555 printf("TMGI"); /* XXX */ 1556 break; 1557 1558 case GTPV1_TLV_RIM_ROUTING_ADDRESS: 1559 1560 /* 29.060 7.7.57 - RIM Routing Address. */ 1561 printf("RIM Routing Address"); /* XXX */ 1562 break; 1563 1564 case GTPV1_TLV_MBMS_PROTOCOL_CONFIG_OPTIONS: 1565 1566 /* 29.060 7.7.58 - MBMS Protocol Configuration Options. */ 1567 printf("MBMS Protocol Config Options"); /* XXX */ 1568 break; 1569 1570 case GTPV1_TLV_MBMS_SERVICE_AREA: 1571 1572 /* 29.060 7.7.60 - MBMS Service Area. */ 1573 printf("MBMS Service Area"); /* XXX */ 1574 break; 1575 1576 case GTPV1_TLV_SOURCE_RNC_PDCP_CONTEXT_INFO: 1577 1578 /* 29.060 7.7.61 - Source RNC PDCP Context Information. */ 1579 printf("Source RNC PDCP Context"); /* XXX */ 1580 break; 1581 1582 case GTPV1_TLV_ADDITIONAL_TRACE_INFO: 1583 1584 /* 29.060 7.7.62 - Additional Trace Information. */ 1585 printf("Additional Trace Info"); /* XXX */ 1586 break; 1587 1588 case GTPV1_TLV_HOP_COUNTER: 1589 1590 /* 29.060 7.7.63 - Hop Counter. */ 1591 printf("Hop Counter: %u", cp[0]); 1592 break; 1593 1594 case GTPV1_TLV_SELECTED_PLMN_ID: 1595 1596 /* 29.060 7.7.64 - Selected PLMN ID. */ 1597 printf("Selected PLMN ID"); /* XXX */ 1598 break; 1599 1600 case GTPV1_TLV_MBMS_SESSION_IDENTIFIER: 1601 1602 /* 29.060 7.7.65 - MBMS Session Identifier. */ 1603 printf("MBMS Session ID: %u", cp[0]); 1604 break; 1605 1606 case GTPV1_TLV_MBMS_2G_3G_INDICATOR: 1607 1608 /* 29.060 7.7.66 - MBMS 2G/3G Indicator. */ 1609 printf("MBMS 2G/3G Indicator"); 1610 gtp_print_str(mbms_2g3g_indicator, cp[0]); 1611 break; 1612 1613 case GTPV1_TLV_ENHANCED_NSAPI: 1614 1615 /* 29.060 7.7.67 - Enhanced NSAPI. */ 1616 printf("Enhanced NSAPI"); /* XXX */ 1617 break; 1618 1619 case GTPV1_TLV_MBMS_SESSION_DURATION: 1620 1621 /* 29.060 7.7.59 - MBMS Session Duration. */ 1622 printf("MBMS Session Duration"); /* XXX */ 1623 break; 1624 1625 case GTPV1_TLV_ADDITIONAL_MBMS_TRACE_INFO: 1626 1627 /* 29.060 7.7.68 - Additional MBMS Trace Info. */ 1628 printf("Additional MBMS Trace Info"); /* XXX */ 1629 break; 1630 1631 case GTPV1_TLV_MBMS_SESSION_REPITITION_NO: 1632 1633 /* 29.060 7.7.69 - MBMS Session Repetition Number. */ 1634 printf("MBMS Session Repetition No: %u", cp[0]); 1635 break; 1636 1637 case GTPV1_TLV_MBMS_TIME_TO_DATA_TRANSFER: 1638 1639 /* 29.060 7.7.70 - MBMS Time to Data Transfer. */ 1640 printf("MBMS Time to Data Transfer: %u", cp[0]); 1641 break; 1642 1643 case GTPV1_TLV_PS_HANDOVER_REQUEST_CONTEXT: 1644 1645 /* 29.060 7.7.71 - PS Handover Request Context (Void). */ 1646 break; 1647 1648 case GTPV1_TLV_BSS_CONTAINER: 1649 1650 /* 29.060 7.7.72 - BSS Container. */ 1651 printf("BSS Container"); /* XXX */ 1652 break; 1653 1654 case GTPV1_TLV_CELL_IDENTIFICATION: 1655 1656 /* 29.060 7.7.73 - Cell Identification. */ 1657 printf("Cell Identification"); /* XXX */ 1658 break; 1659 1660 case GTPV1_TLV_PDU_NUMBERS: 1661 1662 /* 29.060 7.7.74 - PDU Numbers. */ 1663 printf("PDU Numbers"); /* XXX */ 1664 break; 1665 1666 case GTPV1_TLV_BSSGP_CAUSE: 1667 1668 /* 29.060 7.7.75 - BSSGP Cause. */ 1669 printf("BSSGP Cause: %u", cp[0]); 1670 break; 1671 1672 case GTPV1_TLV_REQUIRED_MBMS_BEARER_CAP: 1673 1674 /* 29.060 7.7.76 - Required MBMS Bearer Cap. */ 1675 printf("Required MBMS Bearer Cap"); /* XXX */ 1676 break; 1677 1678 case GTPV1_TLV_RIM_ROUTING_ADDRESS_DISC: 1679 1680 /* 29.060 7.7.77 - RIM Routing Address Discriminator. */ 1681 printf("RIM Routing Address Discriminator: %u", cp[0] & 0xf); 1682 break; 1683 1684 case GTPV1_TLV_LIST_OF_SETUP_PFCS: 1685 1686 /* 29.060 7.7.78 - List of Setup PFCs. */ 1687 printf("List of Setup PFCs"); /* XXX */ 1688 break; 1689 1690 case GTPV1_TLV_PS_HANDOVER_XID_PARAMETERS: 1691 1692 /* 29.060 7.7.79 - PS Handover XID Parameters. */ 1693 printf("PS Handover XID Parameters"); /* XXX */ 1694 break; 1695 1696 case GTPV1_TLV_MS_INFO_CHANGE_REPORTING: 1697 1698 /* 29.060 7.7.80 - MS Info Change Reporting. */ 1699 printf("MS Info Change Reporting"); 1700 gtp_print_str(ms_info_change_rpt, cp[0]); 1701 break; 1702 1703 case GTPV1_TLV_DIRECT_TUNNEL_FLAGS: 1704 1705 /* 29.060 7.7.81 - Direct Tunnel Flags. */ 1706 printf("Direct Tunnel Flags"); /* XXX */ 1707 break; 1708 1709 case GTPV1_TLV_CORRELATION_ID: 1710 1711 /* 29.060 7.7.82 - Correlation ID. */ 1712 printf("Correlation ID"); /* XXX */ 1713 break; 1714 1715 case GTPV1_TLV_BEARER_CONTROL_MODE: 1716 1717 /* 29.060 7.7.83 - Bearer Control Mode. */ 1718 printf("Bearer Control Mode"); /* XXX */ 1719 break; 1720 1721 case GTPV1_TLV_MBMS_FLOW_IDENTIFIER: 1722 1723 /* 29.060 7.7.84 - MBMS Flow Identifier. */ 1724 printf("MBMS Flow Identifier"); /* XXX */ 1725 break; 1726 1727 case GTPV1_TLV_RELEASED_PACKETS: 1728 1729 /* 32.295 6.2.4.5.4 - Sequence Numbers of Released Packets. */ 1730 printf("Released Packets:"); 1731 seqno = (u_int16_t *)cp; 1732 while (len > 0) { 1733 printf(" %u", ntohs(*seqno)); 1734 seqno++; 1735 len -= sizeof(*seqno); 1736 } 1737 break; 1738 1739 case GTPV1_TLV_CANCELLED_PACKETS: 1740 1741 /* 32.295 6.2.4.5.5 - Sequence Numbers of Cancelled Packets. */ 1742 printf("Cancelled Packets:"); 1743 seqno = (u_int16_t *)cp; 1744 while (len > 0) { 1745 printf(" %u", ntohs(*seqno)); 1746 seqno++; 1747 len -= sizeof(*seqno); 1748 } 1749 break; 1750 1751 case GTPV1_TLV_CHARGING_GATEWAY_ADDRESS: 1752 1753 /* 29.060 7.7.44 - Charging Gateway Address. */ 1754 printf("Charging Gateway"); 1755 if (len == 4) 1756 printf(": %s", ipaddr_string(cp)); 1757 else if (len == 16) 1758 printf(": %s", ip6addr_string(cp)); 1759 break; 1760 1761 case GTPV1_TLV_DATA_RECORD_PACKET: 1762 1763 /* 32.295 6.2.4.5.3 - Data Record Packet. */ 1764 printf("Data Record: Records %u, Format %u, Format Version %u", 1765 cp[0], cp[1], ntohs(*(u_int16_t *)(cp + 2))); 1766 break; 1767 1768 case GTPV1_TLV_REQUESTS_RESPONDED: 1769 1770 /* 32.295 6.2.4.6 - Requests Responded. */ 1771 printf("Requests Responded:"); 1772 seqno = (u_int16_t *)cp; 1773 while (len > 0) { 1774 printf(" %u", ntohs(*seqno)); 1775 seqno++; 1776 len -= sizeof(*seqno); 1777 } 1778 break; 1779 1780 case GTPV1_TLV_ADDRESS_OF_RECOMMENDED_NODE: 1781 1782 /* 32.295 6.2.4.3 - Address of Recommended Node. */ 1783 printf("Address of Recommended Node"); 1784 if (len == 4) 1785 printf(": %s", ipaddr_string(cp)); 1786 else if (len == 16) 1787 printf(": %s", ip6addr_string(cp)); 1788 break; 1789 1790 case GTPV1_TLV_PRIVATE_EXTENSION: 1791 1792 /* 29.060 7.7.46 - Private Extension. */ 1793 printf("Private Extension"); 1794 break; 1795 1796 default: 1797 printf("TLV %u (len %u)", value, len); 1798 } 1799 1800 return ielen; 1801 1802 trunc: 1803 return -1; 1804 } 1805