Newer
Older
IPAccessPDU
{itu-t(0) identified-organization(4) etsi(0) securityDomain(2) lawfulIntercept(2) li-ps(5) iPAccess(3) version11(11)}
DEFINITIONS IMPLICIT TAGS ::=
BEGIN
IMPORTS
-- from ETSI TS 101 671 [1]
IPAddress
FROM HI2Operations
{itu-t(0) identified-organization(4) etsi(0) securityDomain(2) lawfulIntercept(2) hi2(1) version18(18)}
-- from ETSI TS 102 232-1 [2]
Location
FROM LI-PS-PDU
{itu-t(0) identified-organization(4) etsi(0) securityDomain(2) lawfulIntercept(2) li-ps(5) genHeader(1) version24(24)};
-- ============================
-- Object Identifier Definition
-- ============================
iPIRIObjId RELATIVE-OID ::= {li-ps(5) iPAccess(3) version11(11) iRI(1)}
iPCCObjId RELATIVE-OID ::= {li-ps(5) iPAccess(3) version11(11) cC(2)}
iPIRIOnlyObjId RELATIVE-OID ::= {li-ps(5) iPAccess(3) version11(11) iRIOnly(3)}
-- all three definitions relative to {itu-t(0) identified-organization(4)
-- etsi(0) securityDomain(2) lawfulintercept(2)}
-- ==========================
-- IP Communications Contents
-- ==========================
IPCC ::= SEQUENCE
{
iPCCObjId [0] RELATIVE-OID,
iPCCContents [1] IPCCContents
}
IPCCContents ::= CHOICE
{
iPPackets [0] OCTET STRING,
...
}
-- ===================================================
-- Intercept-related information for general IP-Access
-- ===================================================
IPIRI ::= SEQUENCE
{
iPIRIObjId [0] RELATIVE-OID,
iPIRIContents [1] IPIRIContents,
...
}
IPIRIContents ::= SEQUENCE
{
accessEventType [0] AccessEventType,
targetUsername [1] OCTET STRING,
-- in ASCIIcharacters
internetAccessType [2] InternetAccessType,
iPVersion [3] IPVersion,
targetIPAddress [4] IPAddress OPTIONAL,
-- IP address may not be available in case of failed logon attempts.
-- If it is available, it must be sent.
-- This field will carry the first IPv4 or IPv6 target IP address with or without
-- subnet. Use of this field is fully described in section 6.2.1.
targetNetworkID [5] UTF8String (SIZE (1..20)) OPTIONAL,
-- Target network ID (e.g. MAC address, PSTN number)
targetCPEID [6] UTF8String (SIZE (1..128)) OPTIONAL,
-- CPEID (e.g. Relay Agent info, computer name)
targetLocation [7] UTF8String (SIZE (1..64)) OPTIONAL,
-- When internetAccessType is Wireless LAN, this field should contain a string which
-- uniquely identifies the wireless accesspoint within the SvP domain
-- New implementations are encouraged to use the location [24] parameter where possible.
pOPPortNumber [8] INTEGER (0..4294967295) OPTIONAL,
-- The POP port number used by the target
callBackNumber [9] UTF8String (SIZE (1..20)) OPTIONAL,
-- The number used to call-back the target
startTime [10] GeneralizedTime OPTIONAL,
-- The start date-time of the session or lease
endTime [11] GeneralizedTime OPTIONAL,
-- The actual end date-time of the session or lease
endReason [12] EndReason OPTIONAL,
-- The reason for the session to end
octetsReceived [13] INTEGER (0..18446744073709551615) OPTIONAL,
-- The number of octets the target received
octetsTransmitted [14] INTEGER (0..18446744073709551615) OPTIONAL,
-- The number of octets the target transmitted
rawAAAData [15] OCTET STRING OPTIONAL,
-- Content of the raw AAA record
...,
expectedEndTime [16] GeneralizedTime OPTIONAL,
-- The expected end date-time of the session or lease
pOPPhoneNumber [17] UTF8String (SIZE (1..20)) OPTIONAL,
-- The phone number dialed by the target for dial-up
pOPIdentifier [18] IPIRIIDType OPTIONAL,
-- The identifier or name of the POP
pOPIPAddress [19] IPAddress OPTIONAL,
-- The IP address of the POP
nationalIPIRIParameters [20] NationalIPIRIParameters OPTIONAL,
-- National IP IRI Parameters
additionalIPAddress [21] IPAddress OPTIONAL,
-- This field will carry the first IPv6 target IP address with or without prefix when the
-- iPVersion parameter is set to iPV4andV6.
-- Use of this field is fully described in section 6.2.1
authenticationType [22] AuthenticationType OPTIONAL,
-- Field used to identify the authentication type to assist with LEMF data validation
otherTargetIdentifiers [23] SEQUENCE OF OtherTargetIdentifiers OPTIONAL,
-- This parameter will carry the second and subsequent IPv4 or IPv6 target IP addresses
-- It is used when multiple subnet/prefix ranges are assigned to a target service.
-- Use of this field is fully described in section 6.2.1
location [24] Location OPTIONAL
-- The location associated with the target
}
AccessEventType ::= ENUMERATED
{
accessAttempt(0),
-- A target requests access to the IAS
accessAccept(1),
-- IAS access is granted to the target, the session begins
accessReject(2),
-- IAS access is refused to the target
accessFailed(3),
-- The Access_attempt timed-out or failed otherwise
sessionStart(4),
-- A target starts using the IAS; not in use anymore from version 4(4)
sessionEnd(5),
-- A target stops using the IAS; not in use anymore from version 4(4)
interimUpdate(6),
-- Intermediate status report on service status or usage
...,
startOfInterceptionWithSessionActive(7),
-- LI is started on a target who already has an active session
accessEnd(8),
-- A target stops using the IAS, the session ends
endOfInterceptionWithSessionActive(9),
-- LI is ended on a target who still has an active session
unknown(10)
}
InternetAccessType ::= ENUMERATED
{
undefined(0),
dialUp(1),
-- IAS via DialUp access
xDSL(2),
-- IAS via DSL access
cableModem(3),
-- IAS via Cable access
lAN(4),
-- IAS via LAN access
...,
wirelessLAN(5),
-- IAS via Wireless LAN access
fTTx(6),
-- IAS via Fiber access
wIMAX-HIPERMAN(7),
-- IAS via WIMAX/HIPERMAN (fixed access)
satellite(8),
-- IAS via Satellite access
-- (when it is not covered by any 3GPP or ETSI mobile Lawful Interception specifications)
wireless-other(9)
-- IAS via other type of Wireless access
-- (when it is not covered by any 3GPP or ETSI mobile Lawful Interception specifications)
}
IPVersion ::= ENUMERATED
{
iPV4(1),
-- The IPv4 protocol is used
iPV6(2),
-- The IPv6 protocol is used
iPV4andV6(3),
-- The IPv4 and IPv6 protocols are used
...
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
}
EndReason ::= ENUMERATED
{
undefined(0),
regularLogoff(1),
-- The target logged off
connectionLoss(2),
-- The connection was lost
connectionTimeout(3),
-- The connection timed-out
leaseExpired(4),
-- The DHCP lease expired
...
}
IPIRIIDType ::= CHOICE
{
printableIDType [0] UTF8String (SIZE (1..128)),
-- For printable userIDs, such as the Radius username, phonenumbers
macAddressType [1] OCTET STRING (SIZE (6)),
-- For MAC address types, raw binary format as in RFC 2132 [15]
ipAddressType [2] IPAddress,
-- For IP address types
...
}
NationalIPIRIParameters ::= SEQUENCE
{
countryCode [1] PrintableString (SIZE (2)),
-- Country Code according to ISO 3166-1 [16],
-- the country to which the parameters inserted after the extension marker apply.
...
-- In case a given country wants to use additional national parameters according to its law,
-- these national parameters should be defined using the ASN.1 syntax and added after the
-- extension marker (...).
-- It is recommended that "version parameter" and "vendor identification parameter" are
-- included in the national parameters definition. Vendor identifications can be
-- retrieved from the IANA web site (see Annex E Bibliography). Besides, it is recommended
-- to avoid using tags from 240 to 255 in a formal type definition.
}
AuthenticationType ::= ENUMERATED
{
unknown(0),
-- AAA function for the target service is unknown
static(1),
-- The target service is assigned a static IP address & no AAA expected
radiusAAA(2),
-- AAA function for the target service is provided by RADIUS
dhcpAAA(3),
-- AAA function for the target service is provided by DHCP
diameterAAA(4),
-- AAA function for the target service is provided by DIAMETER
...
}
OtherTargetIdentifiers ::= CHOICE
{
-- Additional target identifiers associated with the target service
-- This list is extensible to accommodate other target identifiers which
-- may be required in future.
iPAddress [0] IPAddress,
-- IPAddress imported from TS 101 671 [1].
-- This can be an IPv4 address (with or without a subnet range defined) or
-- an IPv6 address (with or without a prefix range defined).
...
}
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
-- =====================================================
-- Intercept-related information for IRI-Only intercepts
-- =====================================================
IPIRIOnly ::= SEQUENCE
{
iPIRIOnlyObjId [0] RELATIVE-OID,
iPInformation [1] IPInformation,
protocolInformation [2] ProtocolInformation,
iPAggregatedNbrOfPackets [3] INTEGER OPTIONAL,
iPAggregatedNbrOfBytes [4] INTEGER OPTIONAL,
...
}
IPInformation ::= CHOICE
{
iPv4Information [0] IPv4Information,
iPv6Information [1] IPv6Information
}
ProtocolInformation ::= CHOICE
{
none [0] NULL,
-- No layer 4 protocol information is provided
tCPInformation [1] TCPInformation,
uDPInformation [2] UDPInformation,
...
}
IPv4Information ::= SEQUENCE
{
headerLength [0] OCTET STRING OPTIONAL,
typeOfService [1] OCTET STRING OPTIONAL,
totalLength [2] OCTET STRING (SIZE (2))OPTIONAL,
identification [3] OCTET STRING (SIZE (2))OPTIONAL,
fragment [4] OCTET STRING (SIZE (2))OPTIONAL,
ttl [5] OCTET STRING OPTIONAL,
protocol [6] OCTET STRING OPTIONAL,
headerChecksum [7] OCTET STRING (SIZE (2))OPTIONAL,
source [8] OCTET STRING (SIZE (4)),
destination [9] OCTET STRING (SIZE (4)),
options [10] OCTET STRING (SIZE (0..40))OPTIONAL
}
IPv6Information ::= SEQUENCE
{
trafficClass [0] OCTET STRING OPTIONAL,
flowLabel [1] OCTET STRING (SIZE (20))OPTIONAL,
payloadLength [2] OCTET STRING (SIZE (4))OPTIONAL,
nextHeader [3] OCTET STRING OPTIONAL,
hopLimit [4] OCTET STRING OPTIONAL,
source [5] OCTET STRING (SIZE (16)),
destination [6] OCTET STRING (SIZE (16))
}
TCPInformation ::= SEQUENCE
{
sourcePort [0] OCTET STRING (SIZE (2))OPTIONAL,
destinationPort [1] OCTET STRING (SIZE (2))OPTIONAL,
sequenceNumber [2] OCTET STRING (SIZE (4))OPTIONAL,
ackNumber [3] OCTET STRING (SIZE (4))OPTIONAL,
dataOffset [4] BIT STRING (SIZE (4))OPTIONAL,
-- First 4 bits
controlBits [5] BIT STRING (SIZE (6))OPTIONAL,
-- Last 6 bits
windowSize [6] OCTET STRING (SIZE (2))OPTIONAL,
checkSum [7] OCTET STRING (SIZE (2))OPTIONAL,
urgentPointer [8] OCTET STRING (SIZE (2))OPTIONAL,
options [9] OCTET STRING (SIZE (0..40))OPTIONAL
}
UDPInformation ::= SEQUENCE
{
sourcePort [0] OCTET STRING (SIZE (2))OPTIONAL,
destinationPort [1] OCTET STRING (SIZE (2))OPTIONAL,
length [2] OCTET STRING (SIZE (2))OPTIONAL,
checkSum [3] OCTET STRING (SIZE (2))OPTIONAL
}
END -- end of IPAccessPDU