File: | src/usr.sbin/tcpdump/print-gtp.c |
Warning: | line 925, column 13 Access to field 'nexthdr' results in a dereference of a null pointer (loaded from variable 'ghe') |
Press '?' to see keyboard shortcuts
Keyboard shortcuts:
1 | /* $OpenBSD: print-gtp.c,v 1.13 2020/10/26 23:19:18 jca Exp $ */ | |||
2 | /* | |||
3 | * Copyright (c) 2009, 2010 Joel Sing <jsing@openbsd.org> | |||
4 | * | |||
5 | * Permission to use, copy, modify, and distribute this software for any | |||
6 | * purpose with or without fee is hereby granted, provided that the above | |||
7 | * copyright notice and this permission notice appear in all copies. | |||
8 | * | |||
9 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES | |||
10 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF | |||
11 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR | |||
12 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES | |||
13 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN | |||
14 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF | |||
15 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | |||
16 | */ | |||
17 | ||||
18 | /* | |||
19 | * Decoder for the GPRS Trunking Protocol (GTP). | |||
20 | * | |||
21 | * This work has been kindly sponsored by SystemNet (www.systemnet.no). | |||
22 | * | |||
23 | * GTPv0 standards are available from the ETSI website: | |||
24 | * | |||
25 | * http://pda.etsi.org/pda/ | |||
26 | * | |||
27 | * GTPv1 standards are available from the 3GPP website: | |||
28 | * | |||
29 | * http://www.3gpp.org/specifications | |||
30 | * | |||
31 | * The following standards have been referenced to create this decoder: | |||
32 | * | |||
33 | * ETSI GSM 09.60 - GPRS Tunnelling Protocol (GTPv0) | |||
34 | * ETSI GSM 12.15 - GPRS Charging (GTPv0') | |||
35 | * | |||
36 | * 3GPP TS 23.003 - Numbering, addressing and identification | |||
37 | * 3GPP TS 24.008 - Core network protocols | |||
38 | * 3GPP TS 29.002 - Mobile Application Part (MAP) specification | |||
39 | * 3GPP TS 29.060 - GPRS Tunnelling Protocol (GTPv1-C/GTPv1-U) | |||
40 | * 3GPP TS 32.295 - Charging Data Record (CDR) transfer (GTPv1') | |||
41 | */ | |||
42 | ||||
43 | #include <sys/time.h> | |||
44 | #include <sys/socket.h> | |||
45 | #include <sys/types.h> | |||
46 | ||||
47 | #include <netinet/in.h> | |||
48 | #include <netinet/ip.h> | |||
49 | #include <netinet/ip_var.h> | |||
50 | ||||
51 | #include <ctype.h> | |||
52 | #include <stdio.h> | |||
53 | #include <stdlib.h> | |||
54 | #include <string.h> | |||
55 | ||||
56 | #include "addrtoname.h" | |||
57 | #include "interface.h" | |||
58 | #include "gtp.h" | |||
59 | ||||
60 | #ifndef nitems | |||
61 | #define nitems(_a)(sizeof((_a)) / sizeof((_a)[0])) (sizeof((_a)) / sizeof((_a)[0])) | |||
62 | #endif | |||
63 | ||||
64 | void gtp_print(const u_char *, u_int, u_short, u_short); | |||
65 | void gtp_decode_ie(const u_char *, u_short, int); | |||
66 | void gtp_print_tbcd(const u_char *, u_int); | |||
67 | void gtp_print_user_address(const u_char *, u_int); | |||
68 | void gtp_print_apn(const u_char *, u_int); | |||
69 | void gtp_print_str(const char **, u_int, u_int); | |||
70 | ||||
71 | void gtp_v0_print(const u_char *, u_int, u_short, u_short); | |||
72 | void gtp_v0_print_prime(const u_char *); | |||
73 | int gtp_v0_print_tv(const u_char *, u_int); | |||
74 | int gtp_v0_print_tlv(const u_char *, u_int); | |||
75 | ||||
76 | void gtp_v1_print(const u_char *, u_int, u_short, u_short); | |||
77 | void gtp_v1_print_ctrl(const u_char *, u_int, struct gtp_v1_hdr *); | |||
78 | void gtp_v1_print_user(const u_char *, u_int, struct gtp_v1_hdr *); | |||
79 | void gtp_v1_print_prime(const u_char *, struct gtp_v1_prime_hdr *); | |||
80 | int gtp_v1_print_tv(const u_char *, u_int); | |||
81 | int gtp_v1_print_tlv(const u_char *, u_int); | |||
82 | ||||
83 | /* GTPv0 message types. */ | |||
84 | static struct tok gtp_v0_msgtype[] = { | |||
85 | ||||
86 | { 1, "Echo Request" }, | |||
87 | { 2, "Echo Response" }, | |||
88 | { 3, "Version Not Supported" }, | |||
89 | { 4, "Node Alive Request" }, | |||
90 | { 5, "Node Alive Response" }, | |||
91 | { 6, "Redirection Request" }, | |||
92 | { 7, "Redirection Response" }, | |||
93 | { 16, "Create PDP Context Request" }, | |||
94 | { 17, "Create PDP Context Response" }, | |||
95 | { 18, "Update PDP Context Request" }, | |||
96 | { 19, "Update PDP Context Response" }, | |||
97 | { 20, "Delete PDP Context Request" }, | |||
98 | { 21, "Delete PDP Context Response" }, | |||
99 | { 22, "Create AA PDP Context Request" }, | |||
100 | { 23, "Create AA PDP Context Response" }, | |||
101 | { 24, "Delete AA PDP Context Request" }, | |||
102 | { 25, "Delete AA PDP Context Response" }, | |||
103 | { 26, "Error Indication" }, | |||
104 | { 27, "PDU Notification Request" }, | |||
105 | { 28, "PDU Notification Response" }, | |||
106 | { 29, "PDU Notification Reject Request" }, | |||
107 | { 30, "PDU Notification Reject Response" }, | |||
108 | { 32, "Send Routeing Information Request" }, | |||
109 | { 33, "Send Routeing Information Response" }, | |||
110 | { 34, "Failure Report Request" }, | |||
111 | { 35, "Failure Report Response" }, | |||
112 | { 36, "MS GPRS Present Request" }, | |||
113 | { 37, "MS GPRS Present Response" }, | |||
114 | { 48, "Identification Request" }, | |||
115 | { 49, "Identification Response" }, | |||
116 | { 50, "SGSN Context Request" }, | |||
117 | { 51, "SGSN Context Response" }, | |||
118 | { 52, "SGSN Context Acknowledge" }, | |||
119 | { 240, "Data Record Transfer Request" }, | |||
120 | { 241, "Data Record Transfer Response" }, | |||
121 | { 255, "T-PDU" }, | |||
122 | ||||
123 | { 0, NULL((void *)0) } | |||
124 | }; | |||
125 | ||||
126 | /* GTPv0 causes. */ | |||
127 | static struct tok gtp_v0_cause[] = { | |||
128 | ||||
129 | { 0, "Request IMSI" }, | |||
130 | { 1, "Request IMEI" }, | |||
131 | { 2, "Request IMSI and IMEI" }, | |||
132 | { 3, "No identity needed" }, | |||
133 | { 4, "MS refuses" }, | |||
134 | { 5, "MS is not GPRS responding" }, | |||
135 | { 128, "Request accepted" }, | |||
136 | { 192, "Non-existent" }, | |||
137 | { 193, "Invalid message format" }, | |||
138 | { 194, "IMSI not known" }, | |||
139 | { 195, "MS is GPRS detached" }, | |||
140 | { 196, "MS is not GPRS responding" }, | |||
141 | { 197, "MS refuses" }, | |||
142 | { 198, "Version not supported" }, | |||
143 | { 199, "No resources available" }, | |||
144 | { 200, "Service not supported" }, | |||
145 | { 201, "Mandatory IE incorrect" }, | |||
146 | { 202, "Mandatory IE missing" }, | |||
147 | { 203, "Optional IE incorrect" }, | |||
148 | { 204, "System failure" }, | |||
149 | { 205, "Roaming restriction" }, | |||
150 | { 206, "P-TMSI signature mismatch" }, | |||
151 | { 207, "GPRS connection suspended" }, | |||
152 | { 208, "Authentication failure" }, | |||
153 | { 209, "User authentication failed" }, | |||
154 | ||||
155 | { 0, NULL((void *)0) } | |||
156 | }; | |||
157 | ||||
158 | /* GTPv1 message types. */ | |||
159 | static struct tok gtp_v1_msgtype[] = { | |||
160 | ||||
161 | { 1, "Echo Request" }, | |||
162 | { 2, "Echo Response" }, | |||
163 | { 3, "Version Not Supported" }, | |||
164 | { 4, "Node Alive Request" }, | |||
165 | { 5, "Node Alive Response" }, | |||
166 | { 6, "Redirection Request" }, | |||
167 | { 7, "Redirection Response" }, | |||
168 | { 16, "Create PDP Context Request" }, | |||
169 | { 17, "Create PDP Context Response" }, | |||
170 | { 18, "Update PDP Context Request" }, | |||
171 | { 19, "Update PDP Context Response" }, | |||
172 | { 20, "Delete PDP Context Request" }, | |||
173 | { 21, "Delete PDP Context Response" }, | |||
174 | { 22, "Initiate PDP Context Activiation Request" }, | |||
175 | { 23, "Initiate PDP Context Activiation Response" }, | |||
176 | { 26, "Error Indication" }, | |||
177 | { 27, "PDU Notification Request" }, | |||
178 | { 28, "PDU Notification Response" }, | |||
179 | { 29, "PDU Notification Reject Request" }, | |||
180 | { 30, "PDU Notification Reject Response" }, | |||
181 | { 31, "Supported Extension Headers Notification" }, | |||
182 | { 32, "Send Routeing Information for GPRS Request" }, | |||
183 | { 33, "Send Routeing Information for GPRS Response" }, | |||
184 | { 34, "Failure Report Request" }, | |||
185 | { 35, "Failure Report Response" }, | |||
186 | { 36, "Note MS GPRS Present Request" }, | |||
187 | { 37, "Note MS GPRS Present Response" }, | |||
188 | { 48, "Identification Request" }, | |||
189 | { 49, "Identification Response" }, | |||
190 | { 50, "SGSN Context Request" }, | |||
191 | { 51, "SGSN Context Response" }, | |||
192 | { 52, "SGSN Context Acknowledge" }, | |||
193 | { 53, "Forward Relocation Request" }, | |||
194 | { 54, "Forward Relocation Response" }, | |||
195 | { 55, "Forward Relocation Complete" }, | |||
196 | { 56, "Relocation Cancel Request" }, | |||
197 | { 57, "Relocation Cancel Response" }, | |||
198 | { 58, "Forward SRNS Context" }, | |||
199 | { 59, "Forward Relocation Complete Acknowledge" }, | |||
200 | { 60, "Forward SRNS Context Acknowledge" }, | |||
201 | { 70, "RAN Information Relay" }, | |||
202 | { 96, "MBMS Notification Request" }, | |||
203 | { 97, "MBMS Notification Response" }, | |||
204 | { 98, "MBMS Notification Reject Request" }, | |||
205 | { 99, "MBMS Notification Reject Response" }, | |||
206 | { 100, "Create MBMS Context Request" }, | |||
207 | { 101, "Create MBMS Context Response" }, | |||
208 | { 102, "Update MBMS Context Request" }, | |||
209 | { 103, "Update MBMS Context Response" }, | |||
210 | { 104, "Delete MBMS Context Request" }, | |||
211 | { 105, "Delete MBMS Context Response" }, | |||
212 | { 112, "MBMS Registration Request" }, | |||
213 | { 113, "MBMS Registration Response" }, | |||
214 | { 114, "MBMS De-Registration Request" }, | |||
215 | { 115, "MBMS De-Registration Response" }, | |||
216 | { 116, "MBMS Session Start Request" }, | |||
217 | { 117, "MBMS Session Start Response" }, | |||
218 | { 118, "MBMS Session Stop Request" }, | |||
219 | { 119, "MBMS Session Stop Response" }, | |||
220 | { 120, "MBMS Session Update Request" }, | |||
221 | { 121, "MBMS Session Update Response" }, | |||
222 | { 128, "MBMS Info Change Notification Request" }, | |||
223 | { 129, "MBMS Info Change Notification Response" }, | |||
224 | { 240, "Data Record Transfer Request" }, | |||
225 | { 241, "Data Record Transfer Response" }, | |||
226 | { 255, "G-PDU" }, | |||
227 | ||||
228 | { 0, NULL((void *)0) } | |||
229 | }; | |||
230 | ||||
231 | /* GTPv1 Causes. */ | |||
232 | static struct tok gtp_v1_cause[] = { | |||
233 | ||||
234 | /* GTPv1-C. */ | |||
235 | { 0, "Request IMSI" }, | |||
236 | { 1, "Request IMEI" }, | |||
237 | { 2, "Request IMSI and IMEI" }, | |||
238 | { 3, "No identity needed" }, | |||
239 | { 4, "MS refuses" }, | |||
240 | { 5, "MS is not GPRS responding" }, | |||
241 | { 128, "Request accepted" }, | |||
242 | { 192, "Non-existent" }, | |||
243 | { 193, "Invalid message format" }, | |||
244 | { 194, "IMSI not known" }, | |||
245 | { 195, "MS is GPRS detached" }, | |||
246 | { 196, "MS is not GPRS responding" }, | |||
247 | { 197, "MS refuses" }, | |||
248 | { 198, "Version not supported" }, | |||
249 | { 199, "No resources available" }, | |||
250 | { 200, "Service not supported" }, | |||
251 | { 201, "Mandatory IE incorrect" }, | |||
252 | { 202, "Mandatory IE missing" }, | |||
253 | { 203, "Optional IE incorrect" }, | |||
254 | { 204, "System failure" }, | |||
255 | { 205, "Roaming restriction" }, | |||
256 | { 206, "P-TMSI signature mismatch" }, | |||
257 | { 207, "GPRS connection suspended" }, | |||
258 | { 208, "Authentication failure" }, | |||
259 | { 209, "User authentication failed" }, | |||
260 | { 210, "Context not found" }, | |||
261 | { 211, "All dynamic PDP addresses are occupied" }, | |||
262 | { 212, "No memory is available" }, | |||
263 | { 213, "Relocation failure" }, | |||
264 | { 214, "Unknown mandatory extension header" }, | |||
265 | { 215, "Semantic error in the TFT operation" }, | |||
266 | { 216, "Syntactic error in the TFT operation" }, | |||
267 | { 217, "Semantic errors in packet filter(s)" }, | |||
268 | { 218, "Syntactic errors in packet filter(s)" }, | |||
269 | { 219, "Missing or unknown APN" }, | |||
270 | { 220, "Unknown PDP address or PDP type" }, | |||
271 | { 221, "PDP context without TFT already activated" }, | |||
272 | { 222, "APN access denied - no subscription" }, | |||
273 | { 223, "APN restriction type incompatibility with currently " | |||
274 | "active PDP contexts" }, | |||
275 | { 224, "MS MBMS capabilities insufficient" }, | |||
276 | { 225, "Invalid correlation-ID" }, | |||
277 | { 226, "MBMS bearer context superseded" }, | |||
278 | ||||
279 | /* GTP'v1. */ | |||
280 | { 59, "System failure" }, | |||
281 | { 60, "The transmit buffers are becoming full" }, | |||
282 | { 61, "The receive buffers are becoming full" }, | |||
283 | { 62, "Another node is about to go down" }, | |||
284 | { 63, "This node is about to go down" }, | |||
285 | { 177, "CDR decoding error" }, | |||
286 | { 252, "Request related to possibly duplicated packets already " | |||
287 | "fulfilled" }, | |||
288 | { 253, "Request already fulfilled" }, | |||
289 | { 254, "Sequence numbers of released/cancelled packets IE incorrect" }, | |||
290 | { 255, "Request not fulfilled" }, | |||
291 | ||||
292 | { 0, NULL((void *)0) } | |||
293 | }; | |||
294 | ||||
295 | static int gtp_proto = -1; | |||
296 | ||||
297 | void | |||
298 | gtp_print(const u_char *cp, u_int length, u_short sport, u_short dport) | |||
299 | { | |||
300 | int version; | |||
301 | ||||
302 | /* Decode GTP version. */ | |||
303 | TCHECK(cp[0])if (!(snapend - (sizeof(cp[0])) <= snapend && (const u_char *)&(cp[0]) <= snapend - (sizeof(cp[0])))) goto trunc; | |||
| ||||
304 | version = cp[0] >> GTP_VERSION_SHIFT5; | |||
305 | ||||
306 | if (version == GTP_VERSION_00) | |||
307 | gtp_v0_print(cp, length, sport, dport); | |||
308 | else if (version == GTP_VERSION_11) | |||
309 | gtp_v1_print(cp, length, sport, dport); | |||
310 | else | |||
311 | printf("GTP (version %i)", version); | |||
312 | ||||
313 | return; | |||
314 | ||||
315 | trunc: | |||
316 | printf("[|GTP]"); | |||
317 | } | |||
318 | ||||
319 | /* | |||
320 | * Decode and print information elements from message. The actual work is | |||
321 | * handled in the appropriate Tag/Value (TV) or Tag/Length/Value (TLV) | |||
322 | * decoding routine. | |||
323 | */ | |||
324 | void | |||
325 | gtp_decode_ie(const u_char *cp, u_short version, int len) | |||
326 | { | |||
327 | int val, ielen, iecount = 0; | |||
328 | ||||
329 | if (len <= 0) | |||
330 | return; | |||
331 | ||||
332 | printf(" {"); | |||
333 | ||||
334 | while (len > 0) { | |||
335 | ||||
336 | iecount++; | |||
337 | if (iecount > 1) | |||
338 | printf(" "); | |||
339 | ||||
340 | TCHECK(cp[0])if (!(snapend - (sizeof(cp[0])) <= snapend && (const u_char *)&(cp[0]) <= snapend - (sizeof(cp[0])))) goto trunc; | |||
341 | val = (u_int)cp[0]; | |||
342 | cp++; | |||
343 | ||||
344 | printf("["); | |||
345 | ||||
346 | switch (version) { | |||
347 | case GTP_VERSION_00: | |||
348 | if ((val & GTPV0_IE_TYPE_MASK1 << 7) == 0) | |||
349 | ielen = gtp_v0_print_tv(cp, val); | |||
350 | else | |||
351 | ielen = gtp_v0_print_tlv(cp, val); | |||
352 | break; | |||
353 | ||||
354 | case GTP_VERSION_11: | |||
355 | if ((val & GTPV1_IE_TYPE_MASK1 << 7) == 0) | |||
356 | ielen = gtp_v1_print_tv(cp, val); | |||
357 | else | |||
358 | ielen = gtp_v1_print_tlv(cp, val); | |||
359 | break; | |||
360 | ||||
361 | default: | |||
362 | /* Version not supported... */ | |||
363 | ielen = -1; | |||
364 | break; | |||
365 | } | |||
366 | ||||
367 | printf("]"); | |||
368 | ||||
369 | if (ielen < 0) | |||
370 | goto trunc; | |||
371 | ||||
372 | len -= ielen; | |||
373 | cp += ielen - 1; | |||
374 | } | |||
375 | ||||
376 | if (iecount > 0) | |||
377 | printf("}"); | |||
378 | ||||
379 | return; | |||
380 | ||||
381 | trunc: | |||
382 | printf(" [|%s]", tok2str(gtp_type, "GTP", gtp_proto)); | |||
383 | } | |||
384 | ||||
385 | /* | |||
386 | * Decode and print telephony binary coded decimal. | |||
387 | */ | |||
388 | void | |||
389 | gtp_print_tbcd(const u_char *cp, u_int len) | |||
390 | { | |||
391 | u_int8_t *data, bcd; | |||
392 | int i; | |||
393 | ||||
394 | data = (u_int8_t *)cp; | |||
395 | for (i = 0; i < len; i++) { | |||
396 | bcd = *data & 0xf; | |||
397 | if (bcd != 0xf) | |||
398 | printf("%u", bcd); | |||
399 | bcd = *data >> 4; | |||
400 | if (bcd != 0xf) | |||
401 | printf("%u", bcd); | |||
402 | data++; | |||
403 | } | |||
404 | } | |||
405 | ||||
406 | /* | |||
407 | * Decode and print an end user address. Format is detailed in | |||
408 | * GSM 09.60 section 7.9.18 and 3GPP 29.060 section 7.7.27. | |||
409 | */ | |||
410 | void | |||
411 | gtp_print_user_address(const u_char *cp, u_int len) | |||
412 | { | |||
413 | u_int8_t org, type; | |||
414 | ||||
415 | if (len < 2) | |||
416 | return; | |||
417 | ||||
418 | org = (u_int8_t)cp[0] & 0xf; | |||
419 | type = (u_int8_t)cp[1]; | |||
420 | ||||
421 | cp += 2; | |||
422 | ||||
423 | if (org == 0x0 && type == 0x1) | |||
424 | printf(": PPP"); | |||
425 | else if (org == 0x1 && type == 0x21) { | |||
426 | if (len == 6) | |||
427 | printf(": %s", ipaddr_string(cp)getname((const u_char *)(cp))); | |||
428 | else | |||
429 | printf(": IPv4"); | |||
430 | } else if (org == 0x1 && type == 0x57) { | |||
431 | if (len == 18) | |||
432 | printf(": %s", ip6addr_string(cp)getname6((const u_char *)(cp))); | |||
433 | else | |||
434 | printf(": IPv6"); | |||
435 | } else | |||
436 | printf(" (org 0x%x, type 0x%x)", org, type); | |||
437 | } | |||
438 | ||||
439 | /* | |||
440 | * Decode and print an Access Point Name. Format is detailed in | |||
441 | * 3GPP 24.008 section 10.5.6.1 and 3GPP 23.003 section 9.1. | |||
442 | */ | |||
443 | void | |||
444 | gtp_print_apn(const u_char *cp, u_int len) | |||
445 | { | |||
446 | u_char label[100]; | |||
447 | u_int8_t llen; | |||
448 | ||||
449 | if (len < 1 || len > 100) | |||
450 | return; | |||
451 | ||||
452 | while (len > 0) { | |||
453 | ||||
454 | llen = (u_int8_t)cp[0]; | |||
455 | if (llen > 99) | |||
456 | return; | |||
457 | ||||
458 | bcopy(cp + 1, label, llen); | |||
459 | label[llen] = '\0'; | |||
460 | printf("%s", label); | |||
461 | ||||
462 | cp += llen + 1; | |||
463 | len -= llen + 1; | |||
464 | ||||
465 | if (len > 0) | |||
466 | printf("."); | |||
467 | ||||
468 | } | |||
469 | } | |||
470 | ||||
471 | /* Print string from array. */ | |||
472 | void | |||
473 | gtp_print_str(const char **strs, u_int bound, u_int index) | |||
474 | { | |||
475 | if (index >= bound) | |||
476 | printf(": %u", index); | |||
477 | else if (strs[index] != NULL((void *)0)) | |||
478 | printf(": %s", strs[index]); | |||
479 | } | |||
480 | ||||
481 | /* | |||
482 | * Decoding routines for GTP version 0. | |||
483 | */ | |||
484 | void | |||
485 | gtp_v0_print(const u_char *cp, u_int length, u_short sport, u_short dport) | |||
486 | { | |||
487 | struct gtp_v0_hdr *gh = (struct gtp_v0_hdr *)cp; | |||
488 | int len, version; | |||
489 | u_int64_t tid; | |||
490 | ||||
491 | gtp_proto = GTP_V0_PROTO0; | |||
492 | ||||
493 | /* Check if this is GTP prime. */ | |||
494 | TCHECK(gh->flags)if (!(snapend - (sizeof(gh->flags)) <= snapend && (const u_char *)&(gh->flags) <= snapend - (sizeof( gh->flags)))) goto trunc; | |||
495 | if ((gh->flags & GTPV0_HDR_PROTO_TYPE1 << 4) == 0) { | |||
496 | gtp_proto = GTP_V0_PRIME_PROTO1; | |||
497 | gtp_v0_print_prime(cp); | |||
498 | return; | |||
499 | } | |||
500 | ||||
501 | /* Print GTP header. */ | |||
502 | TCHECK(*gh)if (!(snapend - (sizeof(*gh)) <= snapend && (const u_char *)&(*gh) <= snapend - (sizeof(*gh)))) goto trunc; | |||
503 | cp += sizeof(struct gtp_v0_hdr); | |||
504 | len = ntohs(gh->length)(__uint16_t)(__builtin_constant_p(gh->length) ? (__uint16_t )(((__uint16_t)(gh->length) & 0xffU) << 8 | ((__uint16_t )(gh->length) & 0xff00U) >> 8) : __swap16md(gh-> length)); | |||
505 | bcopy(&gh->tid, &tid, sizeof(tid)); | |||
506 | printf("GTPv0 (len %u, seqno %u, flow %u, N-PDU %u, tid 0x%llx) ", | |||
507 | ntohs(gh->length)(__uint16_t)(__builtin_constant_p(gh->length) ? (__uint16_t )(((__uint16_t)(gh->length) & 0xffU) << 8 | ((__uint16_t )(gh->length) & 0xff00U) >> 8) : __swap16md(gh-> length)), ntohs(gh->seqno)(__uint16_t)(__builtin_constant_p(gh->seqno) ? (__uint16_t )(((__uint16_t)(gh->seqno) & 0xffU) << 8 | ((__uint16_t )(gh->seqno) & 0xff00U) >> 8) : __swap16md(gh-> seqno)), ntohs(gh->flow)(__uint16_t)(__builtin_constant_p(gh->flow) ? (__uint16_t) (((__uint16_t)(gh->flow) & 0xffU) << 8 | ((__uint16_t )(gh->flow) & 0xff00U) >> 8) : __swap16md(gh-> flow)), | |||
508 | ntohs(gh->npduno)(__uint16_t)(__builtin_constant_p(gh->npduno) ? (__uint16_t )(((__uint16_t)(gh->npduno) & 0xffU) << 8 | ((__uint16_t )(gh->npduno) & 0xff00U) >> 8) : __swap16md(gh-> npduno)), betoh64(tid)(__uint64_t)(__builtin_constant_p(tid) ? (__uint64_t)((((__uint64_t )(tid) & 0xff) << 56) | ((__uint64_t)(tid) & 0xff00ULL ) << 40 | ((__uint64_t)(tid) & 0xff0000ULL) << 24 | ((__uint64_t)(tid) & 0xff000000ULL) << 8 | (( __uint64_t)(tid) & 0xff00000000ULL) >> 8 | ((__uint64_t )(tid) & 0xff0000000000ULL) >> 24 | ((__uint64_t)(tid ) & 0xff000000000000ULL) >> 40 | ((__uint64_t)(tid) & 0xff00000000000000ULL) >> 56) : __swap64md(tid))); | |||
509 | ||||
510 | /* Decode GTP message. */ | |||
511 | printf("%s", tok2str(gtp_v0_msgtype, "Message Type %u", gh->msgtype)); | |||
512 | ||||
513 | if (!vflag) | |||
514 | return; | |||
515 | ||||
516 | if (gh->msgtype == GTPV0_T_PDU255) { | |||
517 | ||||
518 | TCHECK(cp[0])if (!(snapend - (sizeof(cp[0])) <= snapend && (const u_char *)&(cp[0]) <= snapend - (sizeof(cp[0])))) goto trunc; | |||
519 | version = cp[0] >> 4; | |||
520 | ||||
521 | printf(" { "); | |||
522 | ||||
523 | if (version == 4) | |||
524 | ip_print(cp, len); | |||
525 | else if (version == 6) | |||
526 | ip6_print(cp, len); | |||
527 | else | |||
528 | printf("Unknown IP version %u", version); | |||
529 | ||||
530 | printf(" }"); | |||
531 | } else | |||
532 | gtp_decode_ie(cp, GTP_VERSION_00, len); | |||
533 | ||||
534 | return; | |||
535 | ||||
536 | trunc: | |||
537 | printf(" [|%s]", tok2str(gtp_type, "GTP", gtp_proto)); | |||
538 | } | |||
539 | ||||
540 | void | |||
541 | gtp_v0_print_prime(const u_char *cp) | |||
542 | { | |||
543 | struct gtp_v0_prime_hdr *gph = (struct gtp_v0_prime_hdr *)cp; | |||
544 | int len; | |||
545 | ||||
546 | /* Decode GTP prime header. */ | |||
547 | TCHECK(*gph)if (!(snapend - (sizeof(*gph)) <= snapend && (const u_char *)&(*gph) <= snapend - (sizeof(*gph)))) goto trunc; | |||
548 | cp += sizeof(*gph); | |||
549 | ||||
550 | len = ntohs(gph->length)(__uint16_t)(__builtin_constant_p(gph->length) ? (__uint16_t )(((__uint16_t)(gph->length) & 0xffU) << 8 | ((__uint16_t )(gph->length) & 0xff00U) >> 8) : __swap16md(gph ->length)); | |||
551 | printf("GTPv0' (len %u, seq %u) ", len, ntohs(gph->seqno)(__uint16_t)(__builtin_constant_p(gph->seqno) ? (__uint16_t )(((__uint16_t)(gph->seqno) & 0xffU) << 8 | ((__uint16_t )(gph->seqno) & 0xff00U) >> 8) : __swap16md(gph-> seqno))); | |||
552 | ||||
553 | /* Decode GTP message. */ | |||
554 | printf("%s", tok2str(gtp_v0_msgtype, "Message Type %u", gph->msgtype)); | |||
555 | ||||
556 | if (vflag) | |||
557 | gtp_decode_ie(cp, GTP_VERSION_00, len); | |||
558 | ||||
559 | return; | |||
560 | ||||
561 | trunc: | |||
562 | printf(" [|%s]", tok2str(gtp_type, "GTP", gtp_proto)); | |||
563 | } | |||
564 | ||||
565 | int | |||
566 | gtp_v0_print_tv(const u_char *cp, u_int value) | |||
567 | { | |||
568 | u_int32_t *dpl; | |||
569 | u_int16_t *dps; | |||
570 | u_int8_t data; | |||
571 | int ielen = -1; | |||
572 | ||||
573 | switch (value) { | |||
574 | case GTPV0_TV_CAUSE1: | |||
575 | ||||
576 | /* 09.60 7.9.1 - Cause. */ | |||
577 | TCHECK(cp[0])if (!(snapend - (sizeof(cp[0])) <= snapend && (const u_char *)&(cp[0]) <= snapend - (sizeof(cp[0])))) goto trunc; | |||
578 | data = (u_int8_t)cp[0]; | |||
579 | ielen = GTPV0_TV_CAUSE_LENGTH2; | |||
580 | printf("Cause: %s", tok2str(gtp_v0_cause, "#%u", data)); | |||
581 | break; | |||
582 | ||||
583 | case GTPV0_TV_IMSI2: | |||
584 | ||||
585 | /* 09.60 7.9.2 - International Mobile Subscriber Identity. */ | |||
586 | TCHECK2(cp[0], GTPV0_TV_IMSI_LENGTH - 1)if (!(snapend - (9 - 1) <= snapend && (const u_char *)&(cp[0]) <= snapend - (9 - 1))) goto trunc; | |||
587 | printf("IMSI "); | |||
588 | gtp_print_tbcd(cp, GTPV0_TV_IMSI_LENGTH9 - 1); | |||
589 | ielen = GTPV0_TV_IMSI_LENGTH9; | |||
590 | break; | |||
591 | ||||
592 | case GTPV0_TV_RAI3: | |||
593 | ||||
594 | /* 09.60 7.9.3 - Routing Area Identity (RAI). */ | |||
595 | TCHECK2(cp[0], GTPV0_TV_RAI_LENGTH - 1)if (!(snapend - (7 - 1) <= snapend && (const u_char *)&(cp[0]) <= snapend - (7 - 1))) goto trunc; | |||
596 | printf("RAI: MCC "); | |||
597 | data = cp[1] | 0xf0; | |||
598 | gtp_print_tbcd(cp, 1); | |||
599 | gtp_print_tbcd(&data, 1); | |||
600 | printf(", MNC "); | |||
601 | data = (cp[1] >> 4) | 0xf0; | |||
602 | gtp_print_tbcd(cp + 2, 1); | |||
603 | gtp_print_tbcd(&data, 1); | |||
604 | printf(", LAC 0x%x%x", cp[3], cp[4]); | |||
605 | printf(", RAC 0x%x", cp[5]); | |||
606 | ielen = GTPV0_TV_RAI_LENGTH7; | |||
607 | break; | |||
608 | ||||
609 | case GTPV0_TV_TLLI4: | |||
610 | ||||
611 | /* 09.60 7.9.4 - Temporary Logical Link Identity (TLLI). */ | |||
612 | TCHECK2(cp[0], GTPV0_TV_TLLI_LENGTH - 1)if (!(snapend - (5 - 1) <= snapend && (const u_char *)&(cp[0]) <= snapend - (5 - 1))) goto trunc; | |||
613 | dpl = (u_int32_t *)cp; | |||
614 | printf("TLLI 0x%x", ntohl(*dpl)(__uint32_t)(__builtin_constant_p(*dpl) ? (__uint32_t)(((__uint32_t )(*dpl) & 0xff) << 24 | ((__uint32_t)(*dpl) & 0xff00 ) << 8 | ((__uint32_t)(*dpl) & 0xff0000) >> 8 | ((__uint32_t)(*dpl) & 0xff000000) >> 24) : __swap32md (*dpl))); | |||
615 | ielen = GTPV0_TV_TLLI_LENGTH5; | |||
616 | break; | |||
617 | ||||
618 | case GTPV0_TV_PTMSI5: | |||
619 | ||||
620 | /* 09.60 7.9.5 - Packet TMSI (P-TMSI). */ | |||
621 | TCHECK2(cp[0], GTPV0_TV_PTMSI_LENGTH - 1)if (!(snapend - (5 - 1) <= snapend && (const u_char *)&(cp[0]) <= snapend - (5 - 1))) goto trunc; | |||
622 | dpl = (u_int32_t *)cp; | |||
623 | printf("P-TMSI 0x%x", ntohl(*dpl)(__uint32_t)(__builtin_constant_p(*dpl) ? (__uint32_t)(((__uint32_t )(*dpl) & 0xff) << 24 | ((__uint32_t)(*dpl) & 0xff00 ) << 8 | ((__uint32_t)(*dpl) & 0xff0000) >> 8 | ((__uint32_t)(*dpl) & 0xff000000) >> 24) : __swap32md (*dpl))); | |||
624 | ielen = GTPV0_TV_PTMSI_LENGTH5; | |||
625 | break; | |||
626 | ||||
627 | case GTPV0_TV_QOS6: | |||
628 | ||||
629 | /* 09.60 7.9.6 - Quality of Service (QoS) Profile. */ | |||
630 | TCHECK2(cp[0], GTPV0_TV_QOS_LENGTH - 1)if (!(snapend - (4 - 1) <= snapend && (const u_char *)&(cp[0]) <= snapend - (4 - 1))) goto trunc; | |||
631 | printf("QoS Profile"); /* XXX */ | |||
632 | ielen = GTPV0_TV_QOS_LENGTH4; | |||
633 | break; | |||
634 | ||||
635 | case GTPV0_TV_REORDER8: | |||
636 | ||||
637 | /* 09.60 7.9.7 - Reordering Required. */ | |||
638 | TCHECK2(cp[0], GTPV0_TV_REORDER_LENGTH - 1)if (!(snapend - (2 - 1) <= snapend && (const u_char *)&(cp[0]) <= snapend - (2 - 1))) goto trunc; | |||
639 | printf("Reordering Required: "); | |||
640 | if (cp[0] & 0x1) | |||
641 | printf("yes"); | |||
642 | else | |||
643 | printf("no"); | |||
644 | ielen = GTPV0_TV_REORDER_LENGTH2; | |||
645 | break; | |||
646 | ||||
647 | case GTPV0_TV_AUTH_TRIPLET9: | |||
648 | ||||
649 | /* 09.60 7.9.8 - Authentication Triplet. */ | |||
650 | TCHECK2(cp[0], GTPV0_TV_AUTH_TRIPLET_LENGTH - 1)if (!(snapend - (29 - 1) <= snapend && (const u_char *)&(cp[0]) <= snapend - (29 - 1))) goto trunc; | |||
651 | printf("Authentication"); /* XXX */ | |||
652 | ielen = GTPV0_TV_AUTH_TRIPLET_LENGTH29; | |||
653 | break; | |||
654 | ||||
655 | case GTPV0_TV_MAP_CAUSE11: | |||
656 | ||||
657 | /* 09.60 7.9.9 - MAP Cause. */ | |||
658 | TCHECK2(cp[0], GTPV0_TV_MAP_CAUSE_LENGTH - 1)if (!(snapend - (2 - 1) <= snapend && (const u_char *)&(cp[0]) <= snapend - (2 - 1))) goto trunc; | |||
659 | printf("MAP Cause: %u", cp[0]); | |||
660 | ielen = GTPV0_TV_MAP_CAUSE_LENGTH2; | |||
661 | break; | |||
662 | ||||
663 | case GTPV0_TV_PTMSI_SIGNATURE12: | |||
664 | ||||
665 | /* 09.60 7.9.10 - P-TMSI Signature. */ | |||
666 | /* Signature defined in GSM 04.08. */ | |||
667 | TCHECK2(cp[0], GTPV0_TV_PTMSI_SIGNATURE_LENGTH - 1)if (!(snapend - (4 - 1) <= snapend && (const u_char *)&(cp[0]) <= snapend - (4 - 1))) goto trunc; | |||
668 | printf("PTMSI Signature: 0x%x%x%x", cp[0], cp[1], cp[2]); | |||
669 | ielen = GTPV0_TV_PTMSI_SIGNATURE_LENGTH4; | |||
670 | break; | |||
671 | ||||
672 | case GTPV0_TV_MS_VALIDATED13: | |||
673 | ||||
674 | /* 09.60 7.9.11 - MS Validated. */ | |||
675 | TCHECK2(cp[0], GTPV0_TV_MS_VALIDATED_LENGTH - 1)if (!(snapend - (2 - 1) <= snapend && (const u_char *)&(cp[0]) <= snapend - (2 - 1))) goto trunc; | |||
676 | printf("MS Validated"); | |||
677 | if (cp[0] & 0x1) | |||
678 | printf("yes"); | |||
679 | else | |||
680 | printf("no"); | |||
681 | ielen = GTPV0_TV_MS_VALIDATED_LENGTH2; | |||
682 | break; | |||
683 | ||||
684 | case GTPV0_TV_RECOVERY14: | |||
685 | ||||
686 | /* 09.60 7.9.12 - Recovery. */ | |||
687 | TCHECK2(cp[0], GTPV0_TV_RECOVERY_LENGTH - 1)if (!(snapend - (2 - 1) <= snapend && (const u_char *)&(cp[0]) <= snapend - (2 - 1))) goto trunc; | |||
688 | printf("Recovery: Restart counter %u", cp[0]); | |||
689 | ielen = GTPV0_TV_RECOVERY_LENGTH2; | |||
690 | break; | |||
691 | ||||
692 | case GTPV0_TV_SELECTION_MODE15: | |||
693 | ||||
694 | /* 09.60 7.9.13 - Selection Mode. */ | |||
695 | TCHECK2(cp[0], GTPV0_TV_SELECTION_MODE_LENGTH - 1)if (!(snapend - (2 - 1) <= snapend && (const u_char *)&(cp[0]) <= snapend - (2 - 1))) goto trunc; | |||
696 | printf("Selection Mode"); /* XXX */ | |||
697 | ielen = GTPV0_TV_SELECTION_MODE_LENGTH2; | |||
698 | break; | |||
699 | ||||
700 | case GTPV0_TV_FLOW_LABEL_DATA_I16: | |||
701 | ||||
702 | /* 09.60 7.9.14 - Flow Label Data I. */ | |||
703 | TCHECK2(cp[0], GTPV0_TV_FLOW_LABEL_DATA_I_LENGTH - 1)if (!(snapend - (3 - 1) <= snapend && (const u_char *)&(cp[0]) <= snapend - (3 - 1))) goto trunc; | |||
704 | dps = (u_int16_t *)cp; | |||
705 | printf("Flow Label Data I: %u", ntohs(*dps)(__uint16_t)(__builtin_constant_p(*dps) ? (__uint16_t)(((__uint16_t )(*dps) & 0xffU) << 8 | ((__uint16_t)(*dps) & 0xff00U ) >> 8) : __swap16md(*dps))); | |||
706 | ielen = GTPV0_TV_FLOW_LABEL_DATA_I_LENGTH3; | |||
707 | break; | |||
708 | ||||
709 | case GTPV0_TV_FLOW_LABEL_SIGNALLING17: | |||
710 | ||||
711 | /* 09.60 7.9.15 - Flow Label Signalling. */ | |||
712 | TCHECK2(cp[0], GTPV0_TV_FLOW_LABEL_SIGNALLING_LENGTH - 1)if (!(snapend - (3 - 1) <= snapend && (const u_char *)&(cp[0]) <= snapend - (3 - 1))) goto trunc; | |||
713 | dps = (u_int16_t *)cp; | |||
714 | printf("Flow Label Signalling: %u", ntohs(*dps)(__uint16_t)(__builtin_constant_p(*dps) ? (__uint16_t)(((__uint16_t )(*dps) & 0xffU) << 8 | ((__uint16_t)(*dps) & 0xff00U ) >> 8) : __swap16md(*dps))); | |||
715 | ielen = GTPV0_TV_FLOW_LABEL_SIGNALLING_LENGTH3; | |||
716 | break; | |||
717 | ||||
718 | case GTPV0_TV_FLOW_LABEL_DATA_II18: | |||
719 | ||||
720 | /* 09.60 7.9.16 - Flow Label Data II. */ | |||
721 | TCHECK2(cp[0], GTPV0_TV_FLOW_LABEL_DATA_II_LENGTH - 1)if (!(snapend - (4 - 1) <= snapend && (const u_char *)&(cp[0]) <= snapend - (4 - 1))) goto trunc; | |||
722 | data = cp[0] & 0xf; | |||
723 | dps = (u_int16_t *)(cp + 1); | |||
724 | printf("Flow Label Data II: %u, NSAPI %u", ntohs(*dps)(__uint16_t)(__builtin_constant_p(*dps) ? (__uint16_t)(((__uint16_t )(*dps) & 0xffU) << 8 | ((__uint16_t)(*dps) & 0xff00U ) >> 8) : __swap16md(*dps)), data); | |||
725 | ielen = GTPV0_TV_FLOW_LABEL_DATA_II_LENGTH4; | |||
726 | break; | |||
727 | ||||
728 | case GTPV0_TV_PACKET_XFER_CMD126: | |||
729 | ||||
730 | /* 12.15 7.3.4.5.3 - Packet Transfer Command. */ | |||
731 | TCHECK2(cp[0], GTPV0_TV_PACKET_XFER_CMD_LENGTH - 1)if (!(snapend - (2 - 1) <= snapend && (const u_char *)&(cp[0]) <= snapend - (2 - 1))) goto trunc; | |||
732 | printf("Packet Transfer Command"); | |||
733 | gtp_print_str(gtp_packet_xfer_cmd, nitems(gtp_packet_xfer_cmd)(sizeof((gtp_packet_xfer_cmd)) / sizeof((gtp_packet_xfer_cmd) [0])), | |||
734 | cp[0]); | |||
735 | ielen = GTPV0_TV_PACKET_XFER_CMD_LENGTH2; | |||
736 | break; | |||
737 | ||||
738 | case GTPV0_TV_CHARGING_ID127: | |||
739 | ||||
740 | /* 09.60 7.9.17 - Charging ID. */ | |||
741 | TCHECK2(cp[0], GTPV0_TV_CHARGING_ID_LENGTH - 1)if (!(snapend - (5 - 1) <= snapend && (const u_char *)&(cp[0]) <= snapend - (5 - 1))) goto trunc; | |||
742 | dps = (u_int16_t *)cp; | |||
743 | printf("Charging ID: %u", ntohs(*dps)(__uint16_t)(__builtin_constant_p(*dps) ? (__uint16_t)(((__uint16_t )(*dps) & 0xffU) << 8 | ((__uint16_t)(*dps) & 0xff00U ) >> 8) : __swap16md(*dps))); | |||
744 | ielen = GTPV0_TV_CHARGING_ID_LENGTH5; | |||
745 | break; | |||
746 | ||||
747 | default: | |||
748 | printf("TV %u", value); | |||
749 | } | |||
750 | ||||
751 | trunc: | |||
752 | return ielen; | |||
753 | } | |||
754 | ||||
755 | int | |||
756 | gtp_v0_print_tlv(const u_char *cp, u_int value) | |||
757 | { | |||
758 | u_int8_t data; | |||
759 | u_int16_t *lenp, *seqno, len; | |||
760 | int ielen = -1; | |||
761 | ||||
762 | /* Get length of IE. */ | |||
763 | TCHECK2(cp[0], 2)if (!(snapend - (2) <= snapend && (const u_char *) &(cp[0]) <= snapend - (2))) goto trunc; | |||
764 | lenp = (u_int16_t *)cp; | |||
765 | cp += 2; | |||
766 | len = ntohs(*lenp)(__uint16_t)(__builtin_constant_p(*lenp) ? (__uint16_t)(((__uint16_t )(*lenp) & 0xffU) << 8 | ((__uint16_t)(*lenp) & 0xff00U) >> 8) : __swap16md(*lenp)); | |||
767 | TCHECK2(cp[0], len)if (!(snapend - (len) <= snapend && (const u_char * )&(cp[0]) <= snapend - (len))) goto trunc; | |||
768 | ielen = sizeof(data) + sizeof(len) + len; | |||
769 | ||||
770 | switch (value) { | |||
771 | ||||
772 | case GTPV0_TLV_END_USER_ADDRESS128: | |||
773 | ||||
774 | /* 09.60 7.9.18 - End User Address. */ | |||
775 | printf("End User Address"); | |||
776 | gtp_print_user_address(cp, len); | |||
777 | break; | |||
778 | ||||
779 | case GTPV0_TLV_MM_CONTEXT129: | |||
780 | ||||
781 | /* 09.60 7.9.19 - MM Context. */ | |||
782 | printf("MM Context"); /* XXX */ | |||
783 | break; | |||
784 | ||||
785 | case GTPV0_TLV_PDP_CONTEXT130: | |||
786 | ||||
787 | /* 09.60 7.9.20 - PDP Context. */ | |||
788 | printf("PDP Context"); /* XXX */ | |||
789 | break; | |||
790 | ||||
791 | case GTPV0_TLV_ACCESS_POINT_NAME131: | |||
792 | ||||
793 | /* 09.60 7.9.21 - Access Point Name. */ | |||
794 | printf("AP Name: "); | |||
795 | gtp_print_apn(cp, len); | |||
796 | break; | |||
797 | ||||
798 | case GTPV0_TLV_PROTOCOL_CONFIG_OPTIONS132: | |||
799 | ||||
800 | /* 09.60 7.9.22 - Protocol Configuration Options. */ | |||
801 | printf("Protocol Configuration Options"); /* XXX */ | |||
802 | break; | |||
803 | ||||
804 | case GTPV0_TLV_GSN_ADDRESS133: | |||
805 | ||||
806 | /* 09.60 7.9.23 - GSN Address. */ | |||
807 | printf("GSN Address"); | |||
808 | if (len == 4) | |||
809 | printf(": %s", ipaddr_string(cp)getname((const u_char *)(cp))); | |||
810 | else if (len == 16) | |||
811 | printf(": %s", ip6addr_string(cp)getname6((const u_char *)(cp))); | |||
812 | break; | |||
813 | ||||
814 | case GTPV0_TLV_MS_ISDN134: | |||
815 | ||||
816 | /* 09.60 7.9.24 - MS International PSTN/ISDN Number. */ | |||
817 | printf("MSISDN "); | |||
818 | data = (u_int8_t)cp[0]; /* XXX - Number type. */ | |||
819 | gtp_print_tbcd(cp + 1, len - 1); | |||
820 | break; | |||
821 | ||||
822 | case GTPV0_TLV_CHARGING_GATEWAY_ADDRESS251: | |||
823 | ||||
824 | /* 09.60 7.9.25 - Charging Gateway Address. */ | |||
825 | printf("Charging Gateway"); | |||
826 | if (len == 4) | |||
827 | printf(": %s", ipaddr_string(cp)getname((const u_char *)(cp))); | |||
828 | break; | |||
829 | ||||
830 | case GTPV0_TLV_DATA_RECORD_PACKET252: | |||
831 | ||||
832 | /* 12.15 7.3.4.5.4 - Data Record Packet. */ | |||
833 | printf("Data Record: Records %u, Format %u, Format Version %u", | |||
834 | cp[0], cp[1], ntohs(*(u_int16_t *)(cp + 2))(__uint16_t)(__builtin_constant_p(*(u_int16_t *)(cp + 2)) ? ( __uint16_t)(((__uint16_t)(*(u_int16_t *)(cp + 2)) & 0xffU ) << 8 | ((__uint16_t)(*(u_int16_t *)(cp + 2)) & 0xff00U ) >> 8) : __swap16md(*(u_int16_t *)(cp + 2)))); | |||
835 | break; | |||
836 | ||||
837 | case GTPV0_TLV_REQUESTS_RESPONDED253: | |||
838 | ||||
839 | /* 12.15 7.3.4.6 - Requests Responded. */ | |||
840 | printf("Requests Responded:"); | |||
841 | seqno = (u_int16_t *)cp; | |||
842 | while (len > 0) { | |||
843 | printf(" %u", ntohs(*seqno)(__uint16_t)(__builtin_constant_p(*seqno) ? (__uint16_t)(((__uint16_t )(*seqno) & 0xffU) << 8 | ((__uint16_t)(*seqno) & 0xff00U) >> 8) : __swap16md(*seqno))); | |||
844 | seqno++; | |||
845 | len -= sizeof(*seqno); | |||
846 | } | |||
847 | break; | |||
848 | ||||
849 | case GTPV0_TLV_RECOMMENDED_NODE254: | |||
850 | ||||
851 | /* 12.15 7.3.4.3 - Address of Recommended Node. */ | |||
852 | printf("Recommended Node"); | |||
853 | if (len == 4) | |||
854 | printf(": %s", ipaddr_string(cp)getname((const u_char *)(cp))); | |||
855 | else if (len == 16) | |||
856 | printf(": %s", ip6addr_string(cp)getname6((const u_char *)(cp))); | |||
857 | break; | |||
858 | ||||
859 | case GTPV0_TLV_PRIVATE_EXTENSION255: | |||
860 | ||||
861 | printf("Private Extension"); | |||
862 | break; | |||
863 | ||||
864 | default: | |||
865 | printf("TLV %u (len %u)", value, len); | |||
866 | } | |||
867 | ||||
868 | return ielen; | |||
869 | ||||
870 | trunc: | |||
871 | return -1; | |||
872 | } | |||
873 | ||||
874 | /* | |||
875 | * Decoding for GTP version 1, which consists of GTPv1-C, GTPv1-U and GTPv1'. | |||
876 | */ | |||
877 | void | |||
878 | gtp_v1_print(const u_char *cp, u_int length, u_short sport, u_short dport) | |||
879 | { | |||
880 | struct gtp_v1_hdr *gh = (struct gtp_v1_hdr *)cp; | |||
881 | struct gtp_v1_hdr_ext *ghe = NULL((void *)0); | |||
882 | int nexthdr, hlen; | |||
883 | u_char *p = (u_char *)cp; | |||
884 | ||||
885 | TCHECK(gh->flags)if (!(snapend - (sizeof(gh->flags)) <= snapend && (const u_char *)&(gh->flags) <= snapend - (sizeof( gh->flags)))) goto trunc; | |||
886 | if ((gh->flags & GTPV1_HDR_PROTO_TYPE1 << 4) == 0) { | |||
887 | gtp_proto = GTP_V1_PRIME_PROTO4; | |||
888 | printf(" GTPv1'"); | |||
889 | gtp_v1_print_prime(p, (struct gtp_v1_prime_hdr *)gh); | |||
890 | return; | |||
891 | } | |||
892 | ||||
893 | if (dport == GTPV1_C_PORT2123 || sport == GTPV1_C_PORT2123) { | |||
894 | gtp_proto = GTP_V1_CTRL_PROTO2; | |||
895 | printf(" GTPv1-C"); | |||
896 | } else if (dport == GTPV1_U_PORT2152 || sport == GTPV1_U_PORT2152) { | |||
897 | gtp_proto = GTP_V1_USER_PROTO3; | |||
898 | printf(" GTPv1-U"); | |||
899 | } else if (dport == GTPV1_PRIME_PORT3386 || sport == GTPV1_PRIME_PORT3386) { | |||
900 | gtp_proto = GTP_V1_PRIME_PROTO4; | |||
901 | printf(" GTPv1'"); | |||
902 | } | |||
903 | ||||
904 | /* Decode GTP header. */ | |||
905 | TCHECK(*gh)if (!(snapend - (sizeof(*gh)) <= snapend && (const u_char *)&(*gh) <= snapend - (sizeof(*gh)))) goto trunc; | |||
906 | p += sizeof(struct gtp_v1_hdr); | |||
907 | ||||
908 | printf(" (teid %u, len %u)", ntohl(gh->teid)(__uint32_t)(__builtin_constant_p(gh->teid) ? (__uint32_t) (((__uint32_t)(gh->teid) & 0xff) << 24 | ((__uint32_t )(gh->teid) & 0xff00) << 8 | ((__uint32_t)(gh-> teid) & 0xff0000) >> 8 | ((__uint32_t)(gh->teid) & 0xff000000) >> 24) : __swap32md(gh->teid)), ntohs(gh->length)(__uint16_t)(__builtin_constant_p(gh->length) ? (__uint16_t )(((__uint16_t)(gh->length) & 0xffU) << 8 | ((__uint16_t )(gh->length) & 0xff00U) >> 8) : __swap16md(gh-> length))); | |||
909 | ||||
910 | if (gh->flags & GTPV1_HDR_EXT(1 << 2 | 1 << 1 | 1 << 0)) { | |||
911 | ghe = (struct gtp_v1_hdr_ext *)cp; | |||
912 | TCHECK(*ghe)if (!(snapend - (sizeof(*ghe)) <= snapend && (const u_char *)&(*ghe) <= snapend - (sizeof(*ghe)))) goto trunc; | |||
913 | p += sizeof(struct gtp_v1_hdr_ext) - sizeof(struct gtp_v1_hdr); | |||
914 | } | |||
915 | ||||
916 | if (gh->flags & GTPV1_HDR_SN_FLAG1 << 1) | |||
917 | printf(" [seq %u]", ntohs(ghe->seqno)(__uint16_t)(__builtin_constant_p(ghe->seqno) ? (__uint16_t )(((__uint16_t)(ghe->seqno) & 0xffU) << 8 | ((__uint16_t )(ghe->seqno) & 0xff00U) >> 8) : __swap16md(ghe-> seqno))); | |||
918 | ||||
919 | if (gh->flags & GTPV1_HDR_NPDU_FLAG1 << 0) | |||
920 | printf(" [N-PDU %u]", ghe->npduno); | |||
921 | ||||
922 | if (gh->flags & GTPV1_HDR_EH_FLAG1 << 2) { | |||
923 | ||||
924 | /* Process next header... */ | |||
925 | nexthdr = ghe->nexthdr; | |||
| ||||
926 | while (nexthdr != GTPV1_EH_NONE0x00) { | |||
927 | ||||
928 | /* Header length is a 4 octet multiplier. */ | |||
929 | hlen = (int)p[0] * 4; | |||
930 | if (hlen == 0) { | |||
931 | printf(" [Invalid zero-length header %u]", | |||
932 | nexthdr); | |||
933 | goto trunc; | |||
934 | } | |||
935 | TCHECK2(p[0], hlen)if (!(snapend - (hlen) <= snapend && (const u_char *)&(p[0]) <= snapend - (hlen))) goto trunc; | |||
936 | ||||
937 | switch (nexthdr) { | |||
938 | case GTPV1_EH_MBMS_SUPPORT0x01: | |||
939 | printf(" [MBMS Support]"); | |||
940 | break; | |||
941 | ||||
942 | case GTPV1_EH_MSI_CHANGE_RPT0x02: | |||
943 | printf(" [MS Info Change Reporting]"); | |||
944 | break; | |||
945 | ||||
946 | case GTPV1_EH_PDCP_PDU_NO0xc0: | |||
947 | printf(" [PDCP PDU %u]", | |||
948 | ntohs(*(u_int16_t *)(p + 1))(__uint16_t)(__builtin_constant_p(*(u_int16_t *)(p + 1)) ? (__uint16_t )(((__uint16_t)(*(u_int16_t *)(p + 1)) & 0xffU) << 8 | ((__uint16_t)(*(u_int16_t *)(p + 1)) & 0xff00U) >> 8) : __swap16md(*(u_int16_t *)(p + 1)))); | |||
949 | break; | |||
950 | ||||
951 | case GTPV1_EH_SUSPEND_REQUEST0xc1: | |||
952 | printf(" [Suspend Request]"); | |||
953 | break; | |||
954 | ||||
955 | case GTPV1_EH_SUSPEND_RESPONSE0xc2: | |||
956 | printf(" [Suspend Response]"); | |||
957 | break; | |||
958 | ||||
959 | default: | |||
960 | printf(" [Unknown Header %u]", nexthdr); | |||
961 | } | |||
962 | ||||
963 | p += hlen - 1; | |||
964 | nexthdr = (int)p[0]; | |||
965 | p++; | |||
966 | } | |||
967 | ||||
968 | } | |||
969 | ||||
970 | hlen = p - cp; | |||
971 | ||||
972 | if (dport == GTPV1_C_PORT2123 || sport == GTPV1_C_PORT2123) | |||
973 | gtp_v1_print_ctrl(p, hlen, gh); | |||
974 | else if (dport == GTPV1_U_PORT2152 || sport == GTPV1_U_PORT2152) | |||
975 | gtp_v1_print_user(p, hlen, gh); | |||
976 | ||||
977 | return; | |||
978 | ||||
979 | trunc: | |||
980 | printf(" [|%s]", tok2str(gtp_type, "GTP", gtp_proto)); | |||
981 | } | |||
982 | ||||
983 | void | |||
984 | gtp_v1_print_ctrl(const u_char *cp, u_int hlen, struct gtp_v1_hdr *gh) | |||
985 | { | |||
986 | int len; | |||
987 | ||||
988 | /* Decode GTP control message. */ | |||
989 | printf(" %s", tok2str(gtp_v1_msgtype, "Message Type %u", gh->msgtype)); | |||
990 | ||||
991 | len = ntohs(gh->length)(__uint16_t)(__builtin_constant_p(gh->length) ? (__uint16_t )(((__uint16_t)(gh->length) & 0xffU) << 8 | ((__uint16_t )(gh->length) & 0xff00U) >> 8) : __swap16md(gh-> length)) - hlen + sizeof(*gh); | |||
992 | if (vflag) | |||
993 | gtp_decode_ie(cp, GTP_VERSION_11, len); | |||
994 | } | |||
995 | ||||
996 | void | |||
997 | gtp_v1_print_user(const u_char *cp, u_int hlen, struct gtp_v1_hdr *gh) | |||
998 | { | |||
999 | int len, version; | |||
1000 | ||||
1001 | /* Decode GTP user message. */ | |||
1002 | printf(" %s", tok2str(gtp_v1_msgtype, "Message Type %u", gh->msgtype)); | |||
1003 | ||||
1004 | if (!vflag) | |||
1005 | return; | |||
1006 | ||||
1007 | len = ntohs(gh->length)(__uint16_t)(__builtin_constant_p(gh->length) ? (__uint16_t )(((__uint16_t)(gh->length) & 0xffU) << 8 | ((__uint16_t )(gh->length) & 0xff00U) >> 8) : __swap16md(gh-> length)) - hlen + sizeof(*gh); | |||
1008 | ||||
1009 | if (gh->msgtype == GTPV1_G_PDU255) { | |||
1010 | ||||
1011 | TCHECK(cp[0])if (!(snapend - (sizeof(cp[0])) <= snapend && (const u_char *)&(cp[0]) <= snapend - (sizeof(cp[0])))) goto trunc; | |||
1012 | version = cp[0] >> 4; | |||
1013 | ||||
1014 | printf(" { "); | |||
1015 | ||||
1016 | if (version == 4) | |||
1017 | ip_print(cp, len); | |||
1018 | else if (version == 6) | |||
1019 | ip6_print(cp, len); | |||
1020 | else | |||
1021 | printf("Unknown IP version %u", version); | |||
1022 | ||||
1023 | printf(" }"); | |||
1024 | ||||
1025 | } else | |||
1026 | gtp_decode_ie(cp, GTP_VERSION_11, len); | |||
1027 | ||||
1028 | return; | |||
1029 | ||||
1030 | trunc: | |||
1031 | printf(" [|%s]", tok2str(gtp_type, "GTP", gtp_proto)); | |||
1032 | } | |||
1033 | ||||
1034 | void | |||
1035 | gtp_v1_print_prime(const u_char *cp, struct gtp_v1_prime_hdr *gph) | |||
1036 | { | |||
1037 | int len; | |||
1038 | ||||
1039 | /* Decode GTP prime header. */ | |||
1040 | TCHECK(*gph)if (!(snapend - (sizeof(*gph)) <= snapend && (const u_char *)&(*gph) <= snapend - (sizeof(*gph)))) goto trunc; | |||
1041 | cp += sizeof(struct gtp_v1_prime_hdr); | |||
1042 | ||||
1043 | len = ntohs(gph->length)(__uint16_t)(__builtin_constant_p(gph->length) ? (__uint16_t )(((__uint16_t)(gph->length) & 0xffU) << 8 | ((__uint16_t )(gph->length) & 0xff00U) >> 8) : __swap16md(gph ->length)); | |||
1044 | printf(" (len %u, seq %u) ", len, ntohs(gph->seqno)(__uint16_t)(__builtin_constant_p(gph->seqno) ? (__uint16_t )(((__uint16_t)(gph->seqno) & 0xffU) << 8 | ((__uint16_t )(gph->seqno) & 0xff00U) >> 8) : __swap16md(gph-> seqno))); | |||
1045 | ||||
1046 | /* Decode GTP message. */ | |||
1047 | printf("%s", tok2str(gtp_v1_msgtype, "Message Type %u", gph->msgtype)); | |||
1048 | ||||
1049 | if (vflag) | |||
1050 | gtp_decode_ie(cp, GTP_VERSION_11, len); | |||
1051 | ||||
1052 | return; | |||
1053 | ||||
1054 | trunc: | |||
1055 | printf(" [|%s]", tok2str(gtp_type, "GTP", gtp_proto)); | |||
1056 | } | |||
1057 | ||||
1058 | int | |||
1059 | gtp_v1_print_tv(const u_char *cp, u_int value) | |||
1060 | { | |||
1061 | u_int32_t *dpl; | |||
1062 | u_int16_t *dps; | |||
1063 | u_int8_t data; | |||
1064 | int ielen = -1; | |||
1065 | ||||
1066 | switch (value) { | |||
1067 | case GTPV1_TV_CAUSE1: | |||
1068 | ||||
1069 | /* 29.060 - 7.7.1 Cause. */ | |||
1070 | TCHECK(cp[0])if (!(snapend - (sizeof(cp[0])) <= snapend && (const u_char *)&(cp[0]) <= snapend - (sizeof(cp[0])))) goto trunc; | |||
1071 | data = (u_int8_t)cp[0]; | |||
1072 | ielen = GTPV1_TV_CAUSE_LENGTH2; | |||
1073 | printf("Cause: %s", tok2str(gtp_v1_cause, "#%u", data)); | |||
1074 | break; | |||
1075 | ||||
1076 | case GTPV1_TV_IMSI2: | |||
1077 | ||||
1078 | /* 29.060 7.7.2 - International Mobile Subscriber Identity. */ | |||
1079 | TCHECK2(cp[0], GTPV1_TV_IMSI_LENGTH - 1)if (!(snapend - (9 - 1) <= snapend && (const u_char *)&(cp[0]) <= snapend - (9 - 1))) goto trunc; | |||
1080 | printf("IMSI "); | |||
1081 | gtp_print_tbcd(cp, GTPV1_TV_IMSI_LENGTH9 - 1); | |||
1082 | ielen = GTPV1_TV_IMSI_LENGTH9; | |||
1083 | break; | |||
1084 | ||||
1085 | case GTPV1_TV_RAI3: | |||
1086 | ||||
1087 | /* 29.060 7.7.3 - Routing Area Identity (RAI). */ | |||
1088 | TCHECK2(cp[0], GTPV1_TV_RAI_LENGTH - 1)if (!(snapend - (7 - 1) <= snapend && (const u_char *)&(cp[0]) <= snapend - (7 - 1))) goto trunc; | |||
1089 | printf("RAI: MCC "); | |||
1090 | data = cp[1] | 0xf0; | |||
1091 | gtp_print_tbcd(cp, 1); | |||
1092 | gtp_print_tbcd(&data, 1); | |||
1093 | printf(", MNC "); | |||
1094 | data = (cp[1] >> 4) | 0xf0; | |||
1095 | gtp_print_tbcd(cp + 2, 1); | |||
1096 | gtp_print_tbcd(&data, 1); | |||
1097 | printf(", LAC 0x%x%x", cp[3], cp[4]); | |||
1098 | printf(", RAC 0x%x", cp[5]); | |||
1099 | ielen = GTPV1_TV_RAI_LENGTH7; | |||
1100 | break; | |||
1101 | ||||
1102 | case GTPV1_TV_TLLI4: | |||
1103 | ||||
1104 | /* 29.060 7.7.4 - Temporary Logical Link Identity (TLLI). */ | |||
1105 | TCHECK2(cp[0], GTPV1_TV_TLLI_LENGTH - 1)if (!(snapend - (5 - 1) <= snapend && (const u_char *)&(cp[0]) <= snapend - (5 - 1))) goto trunc; | |||
1106 | dpl = (u_int32_t *)cp; | |||
1107 | printf("TLLI 0x%x", ntohl(*dpl)(__uint32_t)(__builtin_constant_p(*dpl) ? (__uint32_t)(((__uint32_t )(*dpl) & 0xff) << 24 | ((__uint32_t)(*dpl) & 0xff00 ) << 8 | ((__uint32_t)(*dpl) & 0xff0000) >> 8 | ((__uint32_t)(*dpl) & 0xff000000) >> 24) : __swap32md (*dpl))); | |||
1108 | ielen = GTPV1_TV_TLLI_LENGTH5; | |||
1109 | break; | |||
1110 | ||||
1111 | case GTPV1_TV_PTMSI5: | |||
1112 | ||||
1113 | /* 29.060 7.7.5 - Packet TMSI (P-TMSI). */ | |||
1114 | TCHECK2(cp[0], GTPV1_TV_PTMSI_LENGTH - 1)if (!(snapend - (6 - 1) <= snapend && (const u_char *)&(cp[0]) <= snapend - (6 - 1))) goto trunc; | |||
1115 | dpl = (u_int32_t *)cp; | |||
1116 | printf("P-TMSI 0x%x", ntohl(*dpl)(__uint32_t)(__builtin_constant_p(*dpl) ? (__uint32_t)(((__uint32_t )(*dpl) & 0xff) << 24 | ((__uint32_t)(*dpl) & 0xff00 ) << 8 | ((__uint32_t)(*dpl) & 0xff0000) >> 8 | ((__uint32_t)(*dpl) & 0xff000000) >> 24) : __swap32md (*dpl))); | |||
1117 | ielen = GTPV1_TV_PTMSI_LENGTH6; | |||
1118 | break; | |||
1119 | ||||
1120 | case GTPV1_TV_REORDER8: | |||
1121 | ||||
1122 | /* 29.060 7.7.6 - Reordering Required. */ | |||
1123 | TCHECK2(cp[0], GTPV1_TV_REORDER_LENGTH - 1)if (!(snapend - (2 - 1) <= snapend && (const u_char *)&(cp[0]) <= snapend - (2 - 1))) goto trunc; | |||
1124 | printf("Reordering Required: "); | |||
1125 | if (cp[0] & 0x1) | |||
1126 | printf("yes"); | |||
1127 | else | |||
1128 | printf("no"); | |||
1129 | ielen = GTPV1_TV_REORDER_LENGTH2; | |||
1130 | break; | |||
1131 | ||||
1132 | case GTPV1_TV_AUTH9: | |||
1133 | ||||
1134 | /* 29.060 7.7.7 - Authentication Triplet. */ | |||
1135 | TCHECK2(cp[0], GTPV1_TV_AUTH_LENGTH - 1)if (!(snapend - (29 - 1) <= snapend && (const u_char *)&(cp[0]) <= snapend - (29 - 1))) goto trunc; | |||
1136 | dpl = (u_int32_t *)cp; | |||
1137 | printf("Auth: RAND 0x%x%x%x%x, SRES 0x%x, Kc 0x%x%x", | |||
1138 | ntohl(dpl[0])(__uint32_t)(__builtin_constant_p(dpl[0]) ? (__uint32_t)(((__uint32_t )(dpl[0]) & 0xff) << 24 | ((__uint32_t)(dpl[0]) & 0xff00) << 8 | ((__uint32_t)(dpl[0]) & 0xff0000) >> 8 | ((__uint32_t)(dpl[0]) & 0xff000000) >> 24) : __swap32md (dpl[0])), ntohl(dpl[1])(__uint32_t)(__builtin_constant_p(dpl[1]) ? (__uint32_t)(((__uint32_t )(dpl[1]) & 0xff) << 24 | ((__uint32_t)(dpl[1]) & 0xff00) << 8 | ((__uint32_t)(dpl[1]) & 0xff0000) >> 8 | ((__uint32_t)(dpl[1]) & 0xff000000) >> 24) : __swap32md (dpl[1])), ntohl(dpl[2])(__uint32_t)(__builtin_constant_p(dpl[2]) ? (__uint32_t)(((__uint32_t )(dpl[2]) & 0xff) << 24 | ((__uint32_t)(dpl[2]) & 0xff00) << 8 | ((__uint32_t)(dpl[2]) & 0xff0000) >> 8 | ((__uint32_t)(dpl[2]) & 0xff000000) >> 24) : __swap32md (dpl[2])), ntohl(dpl[3])(__uint32_t)(__builtin_constant_p(dpl[3]) ? (__uint32_t)(((__uint32_t )(dpl[3]) & 0xff) << 24 | ((__uint32_t)(dpl[3]) & 0xff00) << 8 | ((__uint32_t)(dpl[3]) & 0xff0000) >> 8 | ((__uint32_t)(dpl[3]) & 0xff000000) >> 24) : __swap32md (dpl[3])), | |||
1139 | ntohl(dpl[4])(__uint32_t)(__builtin_constant_p(dpl[4]) ? (__uint32_t)(((__uint32_t )(dpl[4]) & 0xff) << 24 | ((__uint32_t)(dpl[4]) & 0xff00) << 8 | ((__uint32_t)(dpl[4]) & 0xff0000) >> 8 | ((__uint32_t)(dpl[4]) & 0xff000000) >> 24) : __swap32md (dpl[4])), ntohl(dpl[5])(__uint32_t)(__builtin_constant_p(dpl[5]) ? (__uint32_t)(((__uint32_t )(dpl[5]) & 0xff) << 24 | ((__uint32_t)(dpl[5]) & 0xff00) << 8 | ((__uint32_t)(dpl[5]) & 0xff0000) >> 8 | ((__uint32_t)(dpl[5]) & 0xff000000) >> 24) : __swap32md (dpl[5])), ntohl(dpl[6])(__uint32_t)(__builtin_constant_p(dpl[6]) ? (__uint32_t)(((__uint32_t )(dpl[6]) & 0xff) << 24 | ((__uint32_t)(dpl[6]) & 0xff00) << 8 | ((__uint32_t)(dpl[6]) & 0xff0000) >> 8 | ((__uint32_t)(dpl[6]) & 0xff000000) >> 24) : __swap32md (dpl[6]))); | |||
1140 | ielen = GTPV1_TV_AUTH_LENGTH29; | |||
1141 | break; | |||
1142 | ||||
1143 | case GTPV1_TV_MAP_CAUSE11: | |||
1144 | ||||
1145 | /* 29.060 7.7.8 - MAP Cause. */ | |||
1146 | /* Cause defined in 3GPP TS 29.002. */ | |||
1147 | TCHECK2(cp[0], GTPV1_TV_MAP_CAUSE_LENGTH - 1)if (!(snapend - (2 - 1) <= snapend && (const u_char *)&(cp[0]) <= snapend - (2 - 1))) goto trunc; | |||
1148 | printf("Map Cause: %u", cp[0]); | |||
1149 | ielen = GTPV1_TV_MAP_CAUSE_LENGTH2; | |||
1150 | break; | |||
1151 | ||||
1152 | case GTPV1_TV_PTMSI_SIGNATURE12: | |||
1153 | ||||
1154 | /* 29.060 7.7.9 - P-TMSI Signature. */ | |||
1155 | /* Signature defined in 3GPP TS 24.008. */ | |||
1156 | TCHECK2(cp[0], GTPV1_TV_PTMSI_SIGNATURE_LENGTH - 1)if (!(snapend - (4 - 1) <= snapend && (const u_char *)&(cp[0]) <= snapend - (4 - 1))) goto trunc; | |||
1157 | printf("PTMSI Signature: 0x%x%x%x", cp[0], cp[1], cp[2]); | |||
1158 | ielen = GTPV1_TV_PTMSI_SIGNATURE_LENGTH4; | |||
1159 | break; | |||
1160 | ||||
1161 | case GTPV1_TV_MS_VALIDATED13: | |||
1162 | ||||
1163 | /* 29.060 7.7.10 - MS Validated. */ | |||
1164 | TCHECK2(cp[0], GTPV1_TV_MS_VALIDATED_LENGTH - 1)if (!(snapend - (2 - 1) <= snapend && (const u_char *)&(cp[0]) <= snapend - (2 - 1))) goto trunc; | |||
1165 | printf("MS Validated: "); | |||
1166 | if (cp[0] & 0x1) | |||
1167 | printf("yes"); | |||
1168 | else | |||
1169 | printf("no"); | |||
1170 | ielen = GTPV1_TV_MS_VALIDATED_LENGTH2; | |||
1171 | break; | |||
1172 | ||||
1173 | case GTPV1_TV_RECOVERY14: | |||
1174 | ||||
1175 | /* 29.060 7.7.11 - Recovery. */ | |||
1176 | TCHECK2(cp[0], GTPV1_TV_RECOVERY_LENGTH - 1)if (!(snapend - (2 - 1) <= snapend && (const u_char *)&(cp[0]) <= snapend - (2 - 1))) goto trunc; | |||
1177 | printf("Recovery: Restart counter %u", cp[0]); | |||
1178 | ielen = GTPV1_TV_RECOVERY_LENGTH2; | |||
1179 | break; | |||
1180 | ||||
1181 | case GTPV1_TV_SELECTION_MODE15: | |||
1182 | ||||
1183 | /* 29.060 7.7.12 - Selection Mode. */ | |||
1184 | TCHECK2(cp[0], GTPV1_TV_SELECTION_MODE_LENGTH - 1)if (!(snapend - (2 - 1) <= snapend && (const u_char *)&(cp[0]) <= snapend - (2 - 1))) goto trunc; | |||
1185 | data = (u_int8_t)cp[0]; | |||
1186 | printf("Selection Mode: %u", data & 0x2); | |||
1187 | ielen = GTPV1_TV_SELECTION_MODE_LENGTH2; | |||
1188 | break; | |||
1189 | ||||
1190 | case GTPV1_TV_TEID_DATA_I16: | |||
1191 | ||||
1192 | /* 29.060 7.7.13 - Tunnel Endpoint Identifier Data I. */ | |||
1193 | TCHECK2(cp[0], GTPV1_TV_TEID_DATA_I_LENGTH - 1)if (!(snapend - (5 - 1) <= snapend && (const u_char *)&(cp[0]) <= snapend - (5 - 1))) goto trunc; | |||
1194 | dpl = (u_int32_t *)cp; | |||
1195 | printf("TEI Data I: %u", ntohl(*dpl)(__uint32_t)(__builtin_constant_p(*dpl) ? (__uint32_t)(((__uint32_t )(*dpl) & 0xff) << 24 | ((__uint32_t)(*dpl) & 0xff00 ) << 8 | ((__uint32_t)(*dpl) & 0xff0000) >> 8 | ((__uint32_t)(*dpl) & 0xff000000) >> 24) : __swap32md (*dpl))); | |||
1196 | ielen = GTPV1_TV_TEID_DATA_I_LENGTH5; | |||
1197 | break; | |||
1198 | ||||
1199 | case GTPV1_TV_TEID_CTRL17: | |||
1200 | ||||
1201 | /* 29.060 7.7.14 - Tunnel Endpoint Identifier Control Plane. */ | |||
1202 | TCHECK2(cp[0], GTPV1_TV_TEID_CTRL_LENGTH - 1)if (!(snapend - (5 - 1) <= snapend && (const u_char *)&(cp[0]) <= snapend - (5 - 1))) goto trunc; | |||
1203 | dpl = (u_int32_t *)cp; | |||
1204 | printf("TEI Control Plane: %u", ntohl(*dpl)(__uint32_t)(__builtin_constant_p(*dpl) ? (__uint32_t)(((__uint32_t )(*dpl) & 0xff) << 24 | ((__uint32_t)(*dpl) & 0xff00 ) << 8 | ((__uint32_t)(*dpl) & 0xff0000) >> 8 | ((__uint32_t)(*dpl) & 0xff000000) >> 24) : __swap32md (*dpl))); | |||
1205 | ielen = GTPV1_TV_TEID_CTRL_LENGTH5; | |||
1206 | break; | |||
1207 | ||||
1208 | case GTPV1_TV_TEID_DATA_II18: | |||
1209 | ||||
1210 | /* 29.060 7.7.15 - Tunnel Endpoint Identifier Data II. */ | |||
1211 | TCHECK2(cp[0], GTPV1_TV_TEID_DATA_II_LENGTH - 1)if (!(snapend - (6 - 1) <= snapend && (const u_char *)&(cp[0]) <= snapend - (6 - 1))) goto trunc; | |||
1212 | data = cp[0] & 0xf; | |||
1213 | dpl = (u_int32_t *)(cp + 1); | |||
1214 | printf("TEI Data II: %u, NSAPI %u", ntohl(*dpl)(__uint32_t)(__builtin_constant_p(*dpl) ? (__uint32_t)(((__uint32_t )(*dpl) & 0xff) << 24 | ((__uint32_t)(*dpl) & 0xff00 ) << 8 | ((__uint32_t)(*dpl) & 0xff0000) >> 8 | ((__uint32_t)(*dpl) & 0xff000000) >> 24) : __swap32md (*dpl)), data); | |||
1215 | ielen = GTPV1_TV_TEID_DATA_II_LENGTH6; | |||
1216 | break; | |||
1217 | ||||
1218 | case GTPV1_TV_TEARDOWN19: | |||
1219 | ||||
1220 | /* 29.060 7.7.16 - Teardown Indicator. */ | |||
1221 | TCHECK2(cp[0], GTPV1_TV_TEARDOWN_LENGTH - 1)if (!(snapend - (2 - 1) <= snapend && (const u_char *)&(cp[0]) <= snapend - (2 - 1))) goto trunc; | |||
1222 | printf("Teardown: "); | |||
1223 | if (cp[0] & 0x1) | |||
1224 | printf("yes"); | |||
1225 | else | |||
1226 | printf("no"); | |||
1227 | ielen = GTPV1_TV_TEARDOWN_LENGTH2; | |||
1228 | break; | |||
1229 | ||||
1230 | case GTPV1_TV_NSAPI20: | |||
1231 | ||||
1232 | /* 29.060 7.7.17 - NSAPI. */ | |||
1233 | TCHECK2(cp[0], GTPV1_TV_NSAPI_LENGTH - 1)if (!(snapend - (2 - 1) <= snapend && (const u_char *)&(cp[0]) <= snapend - (2 - 1))) goto trunc; | |||
1234 | data = (u_int8_t)cp[0]; | |||
1235 | printf("NSAPI %u", data & 0xf); | |||
1236 | ielen = GTPV1_TV_NSAPI_LENGTH2; | |||
1237 | break; | |||
1238 | ||||
1239 | case GTPV1_TV_RANAP21: | |||
1240 | ||||
1241 | /* 29.060 7.7.18 - RANAP Cause. */ | |||
1242 | TCHECK2(cp[0], GTPV1_TV_RANAP_LENGTH - 1)if (!(snapend - (2 - 1) <= snapend && (const u_char *)&(cp[0]) <= snapend - (2 - 1))) goto trunc; | |||
1243 | printf("RANAP Cause: %u", cp[0]); | |||
1244 | ielen = GTPV1_TV_RANAP_LENGTH2; | |||
1245 | break; | |||
1246 | ||||
1247 | case GTPV1_TV_RAB_CONTEXT22: | |||
1248 | ||||
1249 | /* 29.060 7.7.19 - RAB Context. */ | |||
1250 | TCHECK2(cp[0], GTPV1_TV_RAB_CONTEXT_LENGTH - 1)if (!(snapend - (10 - 1) <= snapend && (const u_char *)&(cp[0]) <= snapend - (10 - 1))) goto trunc; | |||
1251 | data = cp[0] & 0xf; | |||
1252 | dps = (u_int16_t *)(cp + 1); | |||
1253 | printf("RAB Context: NSAPI %u, DL GTP-U Seq No %u," | |||
1254 | "UL GTP-U Seq No %u, DL PDCP Seq No %u, UL PDCP Seq No %u", | |||
1255 | data, ntohs(dps[0])(__uint16_t)(__builtin_constant_p(dps[0]) ? (__uint16_t)(((__uint16_t )(dps[0]) & 0xffU) << 8 | ((__uint16_t)(dps[0]) & 0xff00U) >> 8) : __swap16md(dps[0])), ntohs(dps[1])(__uint16_t)(__builtin_constant_p(dps[1]) ? (__uint16_t)(((__uint16_t )(dps[1]) & 0xffU) << 8 | ((__uint16_t)(dps[1]) & 0xff00U) >> 8) : __swap16md(dps[1])), ntohs(dps[2])(__uint16_t)(__builtin_constant_p(dps[2]) ? (__uint16_t)(((__uint16_t )(dps[2]) & 0xffU) << 8 | ((__uint16_t)(dps[2]) & 0xff00U) >> 8) : __swap16md(dps[2])), | |||
1256 | ntohs(dps[3])(__uint16_t)(__builtin_constant_p(dps[3]) ? (__uint16_t)(((__uint16_t )(dps[3]) & 0xffU) << 8 | ((__uint16_t)(dps[3]) & 0xff00U) >> 8) : __swap16md(dps[3]))); | |||
1257 | ielen = GTPV1_TV_RAB_CONTEXT_LENGTH10; | |||
1258 | break; | |||
1259 | ||||
1260 | case GTPV1_TV_RADIO_PRIORITY_SMS23: | |||
1261 | ||||
1262 | /* 29.060 7.7.20 - Radio Priority SMS. */ | |||
1263 | TCHECK2(cp[0], GTPV1_TV_RADIO_PRI_SMS_LENGTH - 1)if (!(snapend - (2 - 1) <= snapend && (const u_char *)&(cp[0]) <= snapend - (2 - 1))) goto trunc; | |||
1264 | printf("Radio Priority SMS: %u", cp[0] & 0x7); | |||
1265 | ielen = GTPV1_TV_RADIO_PRI_SMS_LENGTH2; | |||
1266 | break; | |||
1267 | ||||
1268 | case GTPV1_TV_RADIO_PRIORITY24: | |||
1269 | ||||
1270 | /* 29.060 7.7.21 - Radio Priority. */ | |||
1271 | TCHECK2(cp[0], GTPV1_TV_RADIO_PRI_LENGTH - 1)if (!(snapend - (2 - 1) <= snapend && (const u_char *)&(cp[0]) <= snapend - (2 - 1))) goto trunc; | |||
1272 | data = cp[0] >> 4; | |||
1273 | printf("Radio Priority: %u, NSAPI %u", cp[0] & 0x7, data); | |||
1274 | ielen = GTPV1_TV_RADIO_PRI_LENGTH2; | |||
1275 | break; | |||
1276 | ||||
1277 | case GTPV1_TV_PACKET_FLOW_ID25: | |||
1278 | ||||
1279 | /* 29.060 7.7.22 - Packet Flow ID. */ | |||
1280 | TCHECK2(cp[0], GTPV1_TV_PACKET_FLOW_ID_LENGTH - 1)if (!(snapend - (3 - 1) <= snapend && (const u_char *)&(cp[0]) <= snapend - (3 - 1))) goto trunc; | |||
1281 | printf("Packet Flow ID: %u, NSAPI %u", cp[1], cp[0] & 0xf); | |||
1282 | ielen = GTPV1_TV_PACKET_FLOW_ID_LENGTH3; | |||
1283 | break; | |||
1284 | ||||
1285 | case GTPV1_TV_CHARGING26: | |||
1286 | ||||
1287 | /* 29.060 7.7.23 - Charging Characteristics. */ | |||
1288 | /* Charging defined in 3GPP TS 32.298. */ | |||
1289 | TCHECK2(cp[0], GTPV1_TV_CHARGING_LENGTH - 1)if (!(snapend - (3 - 1) <= snapend && (const u_char *)&(cp[0]) <= snapend - (3 - 1))) goto trunc; | |||
1290 | printf("Charging Characteristics"); /* XXX */ | |||
1291 | ielen = GTPV1_TV_CHARGING_LENGTH3; | |||
1292 | break; | |||
1293 | ||||
1294 | case GTPV1_TV_TRACE_REFERENCE27: | |||
1295 | ||||
1296 | /* 29.060 7.7.24 - Trace Reference. */ | |||
1297 | TCHECK2(cp[0], GTPV1_TV_TRACE_REFERENCE_LENGTH - 1)if (!(snapend - (3 - 1) <= snapend && (const u_char *)&(cp[0]) <= snapend - (3 - 1))) goto trunc; | |||
1298 | dps = (u_int16_t *)cp; | |||
1299 | printf("Trace Reference: %u", ntohs(*dps)(__uint16_t)(__builtin_constant_p(*dps) ? (__uint16_t)(((__uint16_t )(*dps) & 0xffU) << 8 | ((__uint16_t)(*dps) & 0xff00U ) >> 8) : __swap16md(*dps))); | |||
1300 | ielen = GTPV1_TV_TRACE_REFERENCE_LENGTH3; | |||
1301 | break; | |||
1302 | ||||
1303 | case GTPV1_TV_TRACE_TYPE28: | |||
1304 | ||||
1305 | /* 29.060 7.7.25 - Trace Type. */ | |||
1306 | /* Trace type defined in GSM 12.08. */ | |||
1307 | TCHECK2(cp[0], GTPV1_TV_TRACE_TYPE_LENGTH - 1)if (!(snapend - (3 - 1) <= snapend && (const u_char *)&(cp[0]) <= snapend - (3 - 1))) goto trunc; | |||
1308 | dps = (u_int16_t *)cp; | |||
1309 | printf("Trace Type: %u", ntohs(*dps)(__uint16_t)(__builtin_constant_p(*dps) ? (__uint16_t)(((__uint16_t )(*dps) & 0xffU) << 8 | ((__uint16_t)(*dps) & 0xff00U ) >> 8) : __swap16md(*dps))); | |||
1310 | ielen = GTPV1_TV_TRACE_TYPE_LENGTH3; | |||
1311 | break; | |||
1312 | ||||
1313 | case GTPV1_TV_MSNRR29: | |||
1314 | ||||
1315 | /* 29.060 7.7.26 - MS Not Reachable Reason. */ | |||
1316 | /* Reason defined in 3GPP TS 23.040. */ | |||
1317 | TCHECK2(cp[0], GTPV1_TV_MSNRR_LENGTH - 1)if (!(snapend - (2 - 1) <= snapend && (const u_char *)&(cp[0]) <= snapend - (2 - 1))) goto trunc; | |||
1318 | printf("MS NRR: %u", cp[0]); | |||
1319 | ielen = GTPV1_TV_MSNRR_LENGTH2; | |||
1320 | break; | |||
1321 | ||||
1322 | case GTPV1_TV_PACKET_XFER_CMD126: | |||
1323 | ||||
1324 | /* 32.295 6.2.4.5.2 - Packet Transfer Command. */ | |||
1325 | TCHECK2(cp[0], GTPV1_TV_PACKET_XFER_CMD_LENGTH - 1)if (!(snapend - (2 - 1) <= snapend && (const u_char *)&(cp[0]) <= snapend - (2 - 1))) goto trunc; | |||
1326 | printf("Packet Transfer Command"); | |||
1327 | gtp_print_str(gtp_packet_xfer_cmd, nitems(gtp_packet_xfer_cmd)(sizeof((gtp_packet_xfer_cmd)) / sizeof((gtp_packet_xfer_cmd) [0])), | |||
1328 | cp[0]); | |||
1329 | ielen = GTPV1_TV_PACKET_XFER_CMD_LENGTH2; | |||
1330 | break; | |||
1331 | ||||
1332 | case GTPV1_TV_CHARGING_ID127: | |||
1333 | ||||
1334 | /* 29.060 7.7.26 - Charging ID. */ | |||
1335 | TCHECK2(cp[0], GTPV1_TV_CHARGING_ID_LENGTH - 1)if (!(snapend - (5 - 1) <= snapend && (const u_char *)&(cp[0]) <= snapend - (5 - 1))) goto trunc; | |||
1336 | dpl = (u_int32_t *)cp; | |||
1337 | printf("Charging ID: %u", ntohl(*dpl)(__uint32_t)(__builtin_constant_p(*dpl) ? (__uint32_t)(((__uint32_t )(*dpl) & 0xff) << 24 | ((__uint32_t)(*dpl) & 0xff00 ) << 8 | ((__uint32_t)(*dpl) & 0xff0000) >> 8 | ((__uint32_t)(*dpl) & 0xff000000) >> 24) : __swap32md (*dpl))); | |||
1338 | ielen = GTPV1_TV_CHARGING_ID_LENGTH5; | |||
1339 | break; | |||
1340 | ||||
1341 | default: | |||
1342 | printf("TV %u", value); | |||
1343 | } | |||
1344 | ||||
1345 | trunc: | |||
1346 | return ielen; | |||
1347 | } | |||
1348 | ||||
1349 | int | |||
1350 | gtp_v1_print_tlv(const u_char *cp, u_int value) | |||
1351 | { | |||
1352 | u_int8_t data; | |||
1353 | u_int16_t *lenp, *seqno, len; | |||
1354 | int ielen = -1; | |||
1355 | ||||
1356 | /* Get length of IE. */ | |||
1357 | TCHECK2(cp[0], 2)if (!(snapend - (2) <= snapend && (const u_char *) &(cp[0]) <= snapend - (2))) goto trunc; | |||
1358 | lenp = (u_int16_t *)cp; | |||
1359 | cp += 2; | |||
1360 | len = ntohs(*lenp)(__uint16_t)(__builtin_constant_p(*lenp) ? (__uint16_t)(((__uint16_t )(*lenp) & 0xffU) << 8 | ((__uint16_t)(*lenp) & 0xff00U) >> 8) : __swap16md(*lenp)); | |||
1361 | TCHECK2(cp[0], len)if (!(snapend - (len) <= snapend && (const u_char * )&(cp[0]) <= snapend - (len))) goto trunc; | |||
1362 | ielen = sizeof(data) + sizeof(len) + len; | |||
1363 | ||||
1364 | switch (value) { | |||
1365 | case GTPV1_TLV_END_USER_ADDRESS128: | |||
1366 | ||||
1367 | /* 3GPP 29.060 - 7.7.27 End User Address. */ | |||
1368 | printf("End User Address"); | |||
1369 | gtp_print_user_address(cp, len); | |||
1370 | break; | |||
1371 | ||||
1372 | case GTPV1_TLV_MM_CONTEXT129: | |||
1373 | ||||
1374 | /* 29.060 7.7.28 - MM Context. */ | |||
1375 | printf("MM Context"); /* XXX */ | |||
1376 | break; | |||
1377 | ||||
1378 | case GTPV1_TLV_PDP_CONTEXT130: | |||
1379 | ||||
1380 | /* 29.260 7.7.29 - PDP Context. */ | |||
1381 | printf("PDP Context"); /* XXX */ | |||
1382 | break; | |||
1383 | ||||
1384 | case GTPV1_TLV_ACCESS_POINT_NAME131: | |||
1385 | ||||
1386 | /* 29.060 7.7.30 - Access Point Name. */ | |||
1387 | printf("AP Name: "); | |||
1388 | gtp_print_apn(cp, len); | |||
1389 | break; | |||
1390 | ||||
1391 | case GTPV1_TLV_PROTOCOL_CONFIG_OPTIONS132: | |||
1392 | ||||
1393 | /* 29.060 7.7.31 - Protocol Configuration Options. */ | |||
1394 | /* Defined in 3GPP TS 24.008. */ | |||
1395 | printf("Config Options"); /* XXX */ | |||
1396 | break; | |||
1397 | ||||
1398 | case GTPV1_TLV_GSN_ADDRESS133: | |||
1399 | ||||
1400 | /* 29.060 7.7.32 - GSN Address. */ | |||
1401 | /* Defined in 3GPP TS 23.003. */ | |||
1402 | printf("GSN Address"); | |||
1403 | if (len == 4) | |||
1404 | printf(": %s", ipaddr_string(cp)getname((const u_char *)(cp))); | |||
1405 | else if (len == 16) | |||
1406 | printf(": %s", ip6addr_string(cp)getname6((const u_char *)(cp))); | |||
1407 | break; | |||
1408 | ||||
1409 | case GTPV1_TLV_MSISDN134: | |||
1410 | ||||
1411 | /* 29.060 7.7.33 - MS International PSTN/ISDN Number. */ | |||
1412 | printf("MSISDN "); | |||
1413 | data = (u_int8_t)cp[0]; /* XXX - Number type. */ | |||
1414 | gtp_print_tbcd(cp + 1, len - 1); | |||
1415 | break; | |||
1416 | ||||
1417 | case GTPV1_TLV_QOS_PROFILE135: | |||
1418 | ||||
1419 | /* 29.060 7.7.34 - QoS Profile. */ | |||
1420 | /* QoS profile defined in 3GPP TS 24.008 10.5.6.5. */ | |||
1421 | printf("QoS Profile: "); | |||
1422 | data = (u_int8_t)cp[0]; | |||
1423 | printf("Delay Class %u, ", (data >> 3) & 0x7); | |||
1424 | printf("Reliability Class %u", data & 0x7); | |||
1425 | if (vflag > 1) { | |||
1426 | printf(", "); | |||
1427 | data = (u_int8_t)cp[1]; | |||
1428 | printf("Precedence Class %u", data & 0x7); | |||
1429 | /* XXX - Decode more QoS fields. */ | |||
1430 | } | |||
1431 | break; | |||
1432 | ||||
1433 | case GTPV1_TLV_AUTHENTICATION136: | |||
1434 | ||||
1435 | /* 29.060 7.7.35 - Authentication. */ | |||
1436 | printf("Authentication"); /* XXX */ | |||
1437 | break; | |||
1438 | ||||
1439 | case GTPV1_TLV_TRAFFIC_FLOW137: | |||
1440 | ||||
1441 | /* 29.060 7.7.36 - Traffic Flow Template. */ | |||
1442 | printf("Traffic Flow Template"); /* XXX */ | |||
1443 | break; | |||
1444 | ||||
1445 | case GTPV1_TLV_TARGET_IDENTIFICATION138: | |||
1446 | ||||
1447 | /* 29.060 7.7.37 - Target Identification. */ | |||
1448 | printf("Target ID"); /* XXX */ | |||
1449 | break; | |||
1450 | ||||
1451 | case GTPV1_TLV_UTRAN_CONTAINER139: | |||
1452 | ||||
1453 | /* 29.060 7.7.38 - UTRAN Transparent Container. */ | |||
1454 | printf("UTRAN Container"); /* XXX */ | |||
1455 | break; | |||
1456 | ||||
1457 | case GTPV1_TLV_RAB_SETUP_INFORMATION140: | |||
1458 | ||||
1459 | /* 29.060 7.7.39 - RAB Setup Information. */ | |||
1460 | printf("RAB Setup"); /* XXX */ | |||
1461 | break; | |||
1462 | ||||
1463 | case GTPV1_TLV_EXT_HEADER_TYPE_LIST141: | |||
1464 | ||||
1465 | /* 29.060 7.7.40 - Extension Header Type List. */ | |||
1466 | printf("Extension Header List"); /* XXX */ | |||
1467 | break; | |||
1468 | ||||
1469 | case GTPV1_TLV_TRIGGER_ID142: | |||
1470 | ||||
1471 | /* 29.060 7.7.41 - Trigger ID. */ | |||
1472 | printf("Trigger ID"); /* XXX */ | |||
1473 | break; | |||
1474 | ||||
1475 | case GTPV1_TLV_OMC_IDENTITY143: | |||
1476 | ||||
1477 | /* 29.060 7.7.42 - OMC Identity. */ | |||
1478 | printf("OMC Identity"); /* XXX */ | |||
1479 | break; | |||
1480 | ||||
1481 | case GTPV1_TLV_RAN_CONTAINER144: | |||
1482 | ||||
1483 | /* 29.060 7.7.43 - RAN Transparent Container. */ | |||
1484 | printf("RAN Container"); /* XXX */ | |||
1485 | break; | |||
1486 | ||||
1487 | case GTPV1_TLV_PDP_CONTEXT_PRIORITIZATION145: | |||
1488 | ||||
1489 | /* 29.060 7.7.45 - PDP Context Prioritization. */ | |||
1490 | printf("PDP Context Prioritization"); /* XXX */ | |||
1491 | break; | |||
1492 | ||||
1493 | case GTPV1_TLV_ADDITIONAL_RAB_SETUP_INFO146: | |||
1494 | ||||
1495 | /* 29.060 7.7.45A - Additional RAB Setup Information. */ | |||
1496 | printf("Additional RAB Setup"); /* XXX */ | |||
1497 | break; | |||
1498 | ||||
1499 | case GTPV1_TLV_SGSN_NUMBER147: | |||
1500 | ||||
1501 | /* 29.060 7.7.47 - SGSN Number. */ | |||
1502 | printf("SGSN Number"); /* XXX */ | |||
1503 | break; | |||
1504 | ||||
1505 | case GTPV1_TLV_COMMON_FLAGS148: | |||
1506 | ||||
1507 | /* 29.060 7.7.48 - Common Flags. */ | |||
1508 | printf("Common Flags"); /* XXX */ | |||
1509 | break; | |||
1510 | ||||
1511 | case GTPV1_TLV_APN_RESTRICTION149: | |||
1512 | ||||
1513 | /* 29.060 7.7.49 - APN Restriction. */ | |||
1514 | data = (u_int8_t)cp[0]; | |||
1515 | printf("APN Restriction: %u", data); | |||
1516 | break; | |||
1517 | ||||
1518 | case GTPV1_TLV_RADIO_PRIORITY_LCS150: | |||
1519 | ||||
1520 | /* 29.060 7.7.25B - Radio Priority LCS. */ | |||
1521 | printf("Radio Priority LCS: %u", cp[0] & 0x7); | |||
1522 | break; | |||
1523 | ||||
1524 | case GTPV1_TLV_RAT_TYPE151: | |||
1525 | ||||
1526 | /* 29.060 7.7.50 - RAT Type. */ | |||
1527 | printf("RAT"); | |||
1528 | gtp_print_str(gtp_rat_type, nitems(gtp_rat_type)(sizeof((gtp_rat_type)) / sizeof((gtp_rat_type)[0])), cp[0]); | |||
1529 | break; | |||
1530 | ||||
1531 | case GTPV1_TLV_USER_LOCATION_INFO152: | |||
1532 | ||||
1533 | /* 29.060 7.7.51 - User Location Information. */ | |||
1534 | printf("ULI"); /* XXX */ | |||
1535 | break; | |||
1536 | ||||
1537 | case GTPV1_TLV_MS_TIME_ZONE153: | |||
1538 | ||||
1539 | /* 29.060 7.7.52 - MS Time Zone. */ | |||
1540 | printf("MSTZ"); /* XXX */ | |||
1541 | break; | |||
1542 | ||||
1543 | case GTPV1_TLV_IMEI_SV154: | |||
1544 | ||||
1545 | /* 29.060 7.7.53 - IMEI(SV). */ | |||
1546 | printf("IMEI(SV) "); | |||
1547 | gtp_print_tbcd(cp, len); | |||
1548 | break; | |||
1549 | ||||
1550 | case GTPV1_TLV_CAMEL_CHARGING_CONTAINER155: | |||
1551 | ||||
1552 | /* 29.060 7.7.54 - CAMEL Charging Information Container. */ | |||
1553 | printf("CAMEL Charging"); /* XXX */ | |||
1554 | break; | |||
1555 | ||||
1556 | case GTPV1_TLV_MBMS_UE_CONTEXT156: | |||
1557 | ||||
1558 | /* 29.060 7.7.55 - MBMS UE Context. */ | |||
1559 | printf("MBMS UE Context"); /* XXX */ | |||
1560 | break; | |||
1561 | ||||
1562 | case GTPV1_TLV_TMGI157: | |||
1563 | ||||
1564 | /* 29.060 7.7.56 - Temporary Mobile Group Identity. */ | |||
1565 | printf("TMGI"); /* XXX */ | |||
1566 | break; | |||
1567 | ||||
1568 | case GTPV1_TLV_RIM_ROUTING_ADDRESS158: | |||
1569 | ||||
1570 | /* 29.060 7.7.57 - RIM Routing Address. */ | |||
1571 | printf("RIM Routing Address"); /* XXX */ | |||
1572 | break; | |||
1573 | ||||
1574 | case GTPV1_TLV_MBMS_PROTOCOL_CONFIG_OPTIONS159: | |||
1575 | ||||
1576 | /* 29.060 7.7.58 - MBMS Protocol Configuration Options. */ | |||
1577 | printf("MBMS Protocol Config Options"); /* XXX */ | |||
1578 | break; | |||
1579 | ||||
1580 | case GTPV1_TLV_MBMS_SERVICE_AREA160: | |||
1581 | ||||
1582 | /* 29.060 7.7.60 - MBMS Service Area. */ | |||
1583 | printf("MBMS Service Area"); /* XXX */ | |||
1584 | break; | |||
1585 | ||||
1586 | case GTPV1_TLV_SOURCE_RNC_PDCP_CONTEXT_INFO161: | |||
1587 | ||||
1588 | /* 29.060 7.7.61 - Source RNC PDCP Context Information. */ | |||
1589 | printf("Source RNC PDCP Context"); /* XXX */ | |||
1590 | break; | |||
1591 | ||||
1592 | case GTPV1_TLV_ADDITIONAL_TRACE_INFO162: | |||
1593 | ||||
1594 | /* 29.060 7.7.62 - Additional Trace Information. */ | |||
1595 | printf("Additional Trace Info"); /* XXX */ | |||
1596 | break; | |||
1597 | ||||
1598 | case GTPV1_TLV_HOP_COUNTER163: | |||
1599 | ||||
1600 | /* 29.060 7.7.63 - Hop Counter. */ | |||
1601 | printf("Hop Counter: %u", cp[0]); | |||
1602 | break; | |||
1603 | ||||
1604 | case GTPV1_TLV_SELECTED_PLMN_ID164: | |||
1605 | ||||
1606 | /* 29.060 7.7.64 - Selected PLMN ID. */ | |||
1607 | printf("Selected PLMN ID"); /* XXX */ | |||
1608 | break; | |||
1609 | ||||
1610 | case GTPV1_TLV_MBMS_SESSION_IDENTIFIER165: | |||
1611 | ||||
1612 | /* 29.060 7.7.65 - MBMS Session Identifier. */ | |||
1613 | printf("MBMS Session ID: %u", cp[0]); | |||
1614 | break; | |||
1615 | ||||
1616 | case GTPV1_TLV_MBMS_2G_3G_INDICATOR166: | |||
1617 | ||||
1618 | /* 29.060 7.7.66 - MBMS 2G/3G Indicator. */ | |||
1619 | printf("MBMS 2G/3G Indicator"); | |||
1620 | gtp_print_str(mbms_2g3g_indicator, nitems(mbms_2g3g_indicator)(sizeof((mbms_2g3g_indicator)) / sizeof((mbms_2g3g_indicator) [0])), | |||
1621 | cp[0]); | |||
1622 | break; | |||
1623 | ||||
1624 | case GTPV1_TLV_ENHANCED_NSAPI167: | |||
1625 | ||||
1626 | /* 29.060 7.7.67 - Enhanced NSAPI. */ | |||
1627 | printf("Enhanced NSAPI"); /* XXX */ | |||
1628 | break; | |||
1629 | ||||
1630 | case GTPV1_TLV_MBMS_SESSION_DURATION168: | |||
1631 | ||||
1632 | /* 29.060 7.7.59 - MBMS Session Duration. */ | |||
1633 | printf("MBMS Session Duration"); /* XXX */ | |||
1634 | break; | |||
1635 | ||||
1636 | case GTPV1_TLV_ADDITIONAL_MBMS_TRACE_INFO169: | |||
1637 | ||||
1638 | /* 29.060 7.7.68 - Additional MBMS Trace Info. */ | |||
1639 | printf("Additional MBMS Trace Info"); /* XXX */ | |||
1640 | break; | |||
1641 | ||||
1642 | case GTPV1_TLV_MBMS_SESSION_REPITITION_NO170: | |||
1643 | ||||
1644 | /* 29.060 7.7.69 - MBMS Session Repetition Number. */ | |||
1645 | printf("MBMS Session Repetition No: %u", cp[0]); | |||
1646 | break; | |||
1647 | ||||
1648 | case GTPV1_TLV_MBMS_TIME_TO_DATA_TRANSFER171: | |||
1649 | ||||
1650 | /* 29.060 7.7.70 - MBMS Time to Data Transfer. */ | |||
1651 | printf("MBMS Time to Data Transfer: %u", cp[0]); | |||
1652 | break; | |||
1653 | ||||
1654 | case GTPV1_TLV_PS_HANDOVER_REQUEST_CONTEXT172: | |||
1655 | ||||
1656 | /* 29.060 7.7.71 - PS Handover Request Context (Void). */ | |||
1657 | break; | |||
1658 | ||||
1659 | case GTPV1_TLV_BSS_CONTAINER173: | |||
1660 | ||||
1661 | /* 29.060 7.7.72 - BSS Container. */ | |||
1662 | printf("BSS Container"); /* XXX */ | |||
1663 | break; | |||
1664 | ||||
1665 | case GTPV1_TLV_CELL_IDENTIFICATION174: | |||
1666 | ||||
1667 | /* 29.060 7.7.73 - Cell Identification. */ | |||
1668 | printf("Cell Identification"); /* XXX */ | |||
1669 | break; | |||
1670 | ||||
1671 | case GTPV1_TLV_PDU_NUMBERS175: | |||
1672 | ||||
1673 | /* 29.060 7.7.74 - PDU Numbers. */ | |||
1674 | printf("PDU Numbers"); /* XXX */ | |||
1675 | break; | |||
1676 | ||||
1677 | case GTPV1_TLV_BSSGP_CAUSE176: | |||
1678 | ||||
1679 | /* 29.060 7.7.75 - BSSGP Cause. */ | |||
1680 | printf("BSSGP Cause: %u", cp[0]); | |||
1681 | break; | |||
1682 | ||||
1683 | case GTPV1_TLV_REQUIRED_MBMS_BEARER_CAP177: | |||
1684 | ||||
1685 | /* 29.060 7.7.76 - Required MBMS Bearer Cap. */ | |||
1686 | printf("Required MBMS Bearer Cap"); /* XXX */ | |||
1687 | break; | |||
1688 | ||||
1689 | case GTPV1_TLV_RIM_ROUTING_ADDRESS_DISC178: | |||
1690 | ||||
1691 | /* 29.060 7.7.77 - RIM Routing Address Discriminator. */ | |||
1692 | printf("RIM Routing Address Discriminator: %u", cp[0] & 0xf); | |||
1693 | break; | |||
1694 | ||||
1695 | case GTPV1_TLV_LIST_OF_SETUP_PFCS179: | |||
1696 | ||||
1697 | /* 29.060 7.7.78 - List of Setup PFCs. */ | |||
1698 | printf("List of Setup PFCs"); /* XXX */ | |||
1699 | break; | |||
1700 | ||||
1701 | case GTPV1_TLV_PS_HANDOVER_XID_PARAMETERS180: | |||
1702 | ||||
1703 | /* 29.060 7.7.79 - PS Handover XID Parameters. */ | |||
1704 | printf("PS Handover XID Parameters"); /* XXX */ | |||
1705 | break; | |||
1706 | ||||
1707 | case GTPV1_TLV_MS_INFO_CHANGE_REPORTING181: | |||
1708 | ||||
1709 | /* 29.060 7.7.80 - MS Info Change Reporting. */ | |||
1710 | printf("MS Info Change Reporting"); | |||
1711 | gtp_print_str(ms_info_change_rpt, nitems(ms_info_change_rpt)(sizeof((ms_info_change_rpt)) / sizeof((ms_info_change_rpt)[0 ])), | |||
1712 | cp[0]); | |||
1713 | break; | |||
1714 | ||||
1715 | case GTPV1_TLV_DIRECT_TUNNEL_FLAGS182: | |||
1716 | ||||
1717 | /* 29.060 7.7.81 - Direct Tunnel Flags. */ | |||
1718 | printf("Direct Tunnel Flags"); /* XXX */ | |||
1719 | break; | |||
1720 | ||||
1721 | case GTPV1_TLV_CORRELATION_ID183: | |||
1722 | ||||
1723 | /* 29.060 7.7.82 - Correlation ID. */ | |||
1724 | printf("Correlation ID"); /* XXX */ | |||
1725 | break; | |||
1726 | ||||
1727 | case GTPV1_TLV_BEARER_CONTROL_MODE184: | |||
1728 | ||||
1729 | /* 29.060 7.7.83 - Bearer Control Mode. */ | |||
1730 | printf("Bearer Control Mode"); /* XXX */ | |||
1731 | break; | |||
1732 | ||||
1733 | case GTPV1_TLV_MBMS_FLOW_IDENTIFIER185: | |||
1734 | ||||
1735 | /* 29.060 7.7.84 - MBMS Flow Identifier. */ | |||
1736 | printf("MBMS Flow Identifier"); /* XXX */ | |||
1737 | break; | |||
1738 | ||||
1739 | case GTPV1_TLV_RELEASED_PACKETS249: | |||
1740 | ||||
1741 | /* 32.295 6.2.4.5.4 - Sequence Numbers of Released Packets. */ | |||
1742 | printf("Released Packets:"); | |||
1743 | seqno = (u_int16_t *)cp; | |||
1744 | while (len > 0) { | |||
1745 | printf(" %u", ntohs(*seqno)(__uint16_t)(__builtin_constant_p(*seqno) ? (__uint16_t)(((__uint16_t )(*seqno) & 0xffU) << 8 | ((__uint16_t)(*seqno) & 0xff00U) >> 8) : __swap16md(*seqno))); | |||
1746 | seqno++; | |||
1747 | len -= sizeof(*seqno); | |||
1748 | } | |||
1749 | break; | |||
1750 | ||||
1751 | case GTPV1_TLV_CANCELLED_PACKETS250: | |||
1752 | ||||
1753 | /* 32.295 6.2.4.5.5 - Sequence Numbers of Cancelled Packets. */ | |||
1754 | printf("Cancelled Packets:"); | |||
1755 | seqno = (u_int16_t *)cp; | |||
1756 | while (len > 0) { | |||
1757 | printf(" %u", ntohs(*seqno)(__uint16_t)(__builtin_constant_p(*seqno) ? (__uint16_t)(((__uint16_t )(*seqno) & 0xffU) << 8 | ((__uint16_t)(*seqno) & 0xff00U) >> 8) : __swap16md(*seqno))); | |||
1758 | seqno++; | |||
1759 | len -= sizeof(*seqno); | |||
1760 | } | |||
1761 | break; | |||
1762 | ||||
1763 | case GTPV1_TLV_CHARGING_GATEWAY_ADDRESS251: | |||
1764 | ||||
1765 | /* 29.060 7.7.44 - Charging Gateway Address. */ | |||
1766 | printf("Charging Gateway"); | |||
1767 | if (len == 4) | |||
1768 | printf(": %s", ipaddr_string(cp)getname((const u_char *)(cp))); | |||
1769 | else if (len == 16) | |||
1770 | printf(": %s", ip6addr_string(cp)getname6((const u_char *)(cp))); | |||
1771 | break; | |||
1772 | ||||
1773 | case GTPV1_TLV_DATA_RECORD_PACKET252: | |||
1774 | ||||
1775 | /* 32.295 6.2.4.5.3 - Data Record Packet. */ | |||
1776 | printf("Data Record: Records %u, Format %u, Format Version %u", | |||
1777 | cp[0], cp[1], ntohs(*(u_int16_t *)(cp + 2))(__uint16_t)(__builtin_constant_p(*(u_int16_t *)(cp + 2)) ? ( __uint16_t)(((__uint16_t)(*(u_int16_t *)(cp + 2)) & 0xffU ) << 8 | ((__uint16_t)(*(u_int16_t *)(cp + 2)) & 0xff00U ) >> 8) : __swap16md(*(u_int16_t *)(cp + 2)))); | |||
1778 | break; | |||
1779 | ||||
1780 | case GTPV1_TLV_REQUESTS_RESPONDED253: | |||
1781 | ||||
1782 | /* 32.295 6.2.4.6 - Requests Responded. */ | |||
1783 | printf("Requests Responded:"); | |||
1784 | seqno = (u_int16_t *)cp; | |||
1785 | while (len > 0) { | |||
1786 | printf(" %u", ntohs(*seqno)(__uint16_t)(__builtin_constant_p(*seqno) ? (__uint16_t)(((__uint16_t )(*seqno) & 0xffU) << 8 | ((__uint16_t)(*seqno) & 0xff00U) >> 8) : __swap16md(*seqno))); | |||
1787 | seqno++; | |||
1788 | len -= sizeof(*seqno); | |||
1789 | } | |||
1790 | break; | |||
1791 | ||||
1792 | case GTPV1_TLV_ADDRESS_OF_RECOMMENDED_NODE254: | |||
1793 | ||||
1794 | /* 32.295 6.2.4.3 - Address of Recommended Node. */ | |||
1795 | printf("Address of Recommended Node"); | |||
1796 | if (len == 4) | |||
1797 | printf(": %s", ipaddr_string(cp)getname((const u_char *)(cp))); | |||
1798 | else if (len == 16) | |||
1799 | printf(": %s", ip6addr_string(cp)getname6((const u_char *)(cp))); | |||
1800 | break; | |||
1801 | ||||
1802 | case GTPV1_TLV_PRIVATE_EXTENSION255: | |||
1803 | ||||
1804 | /* 29.060 7.7.46 - Private Extension. */ | |||
1805 | printf("Private Extension"); | |||
1806 | break; | |||
1807 | ||||
1808 | default: | |||
1809 | printf("TLV %u (len %u)", value, len); | |||
1810 | } | |||
1811 | ||||
1812 | return ielen; | |||
1813 | ||||
1814 | trunc: | |||
1815 | return -1; | |||
1816 | } |