IPAccessPDU.asn 11.8 KB
Newer Older
1
IPAccessPDU
2
{itu-t(0) identified-organization(4) etsi(0) securityDomain(2) lawfulIntercept(2) li-ps(5) iPAccess(3) version14(14)}
3
4
5
6
7

DEFINITIONS IMPLICIT TAGS ::=
BEGIN

IMPORTS
8

9
	-- from ETSI TS 102 232-1 [2]
10
	IPAddress,
11
12
	Location
		FROM LI-PS-PDU
13
		{itu-t(0) identified-organization(4) etsi(0) securityDomain(2) lawfulIntercept(2) li-ps(5) genHeader(1) version26(26)};
14

15
16
17
18
19

-- ============================
-- Object Identifier Definition
-- ============================

20
21
22
23
24
25
iPAccessPDUObjId RELATIVE-OID                   ::= {li-ps(5) iPAccess(3) version14(14)}
iPIRIObjId RELATIVE-OID                         ::= {iPAccessPDUObjId iRI(1)}
iPCCObjId RELATIVE-OID                          ::= {iPAccessPDUObjId cC(2)}
iPIRIOnlyObjId RELATIVE-OID                     ::= {iPAccessPDUObjId iRIOnly(3)}
        -- all four definitions relative to {itu-t(0) identified-organization(4)
        -- etsi(0) securityDomain(2) lawfulintercept(2)}
26
27
28
29
30
31
32

-- ==========================
-- IP Communications Contents
-- ==========================

IPCC ::= SEQUENCE
{
33
	iPCCObjId			[0] RELATIVE-OID,
34
35
36
37
38
	iPCCContents		[1] IPCCContents
}

IPCCContents ::= CHOICE
{
39
	iPPackets			[0] OCTET STRING,
40
41
42
43
44
45
46
47
48
	...
}

-- ===================================================
-- Intercept-related information for general IP-Access
-- ===================================================

IPIRI ::= SEQUENCE
{
49
	iPIRIObjId			[0] RELATIVE-OID,
50
51
52
53
54
55
56
57
	iPIRIContents		[1] IPIRIContents,
	...
}

IPIRIContents ::= SEQUENCE
{
	accessEventType			[0] AccessEventType,
	targetUsername			[1] OCTET STRING,
58
		-- in ASCII characters
59
60
61
62
	internetAccessType		[2] InternetAccessType,
	iPVersion				[3] IPVersion,
	targetIPAddress			[4] IPAddress OPTIONAL,
		-- IP address may not be available in case of failed logon attempts.
63
		-- If it is available, it shall be sent.
64
65
		-- This field will carry the first IPv4 or IPv6 target IP address with or without 
		-- subnet. Use of this field is fully described in section 6.2.1.
66
67
68
69
70
71
72
	targetNetworkID			[5] UTF8String (SIZE (1..20)) OPTIONAL,
		-- Target network ID (e.g. MAC address, PSTN number)
	targetCPEID				[6] UTF8String (SIZE (1..128)) OPTIONAL,
		-- CPEID (e.g. Relay Agent info, computer name)
	targetLocation			[7] UTF8String (SIZE (1..64)) OPTIONAL,
		-- When internetAccessType is Wireless LAN, this field should contain a string which
		-- uniquely identifies the wireless accesspoint within the SvP domain
73
		-- New implementations are encouraged to use the location [24] parameter where possible.
74
75
76
77
78
79
80
81
82
83
84
85
86
87
	pOPPortNumber			[8] INTEGER (0..4294967295) OPTIONAL,
		-- The POP port number used by the target
	callBackNumber			[9] UTF8String (SIZE (1..20)) OPTIONAL,
		-- The number used to call-back the target
	startTime				[10] GeneralizedTime OPTIONAL,
		-- The start date-time of the session or lease
	endTime					[11] GeneralizedTime OPTIONAL,
		-- The actual end date-time of the session or lease
	endReason				[12] EndReason OPTIONAL,
		-- The reason for the session to end
	octetsReceived			[13] INTEGER (0..18446744073709551615) OPTIONAL,
		-- The number of octets the target received
	octetsTransmitted		[14] INTEGER (0..18446744073709551615) OPTIONAL,
		-- The number of octets the target transmitted
88
	rawAAAData			 [15] OCTET STRING OPTIONAL,
89
90
91
92
93
94
95
96
97
98
		-- Content of the raw AAA record
	...,
	expectedEndTime			[16] GeneralizedTime OPTIONAL,
		-- The expected end date-time of the session or lease
	pOPPhoneNumber			[17] UTF8String (SIZE (1..20)) OPTIONAL,
		-- The phone number dialed by the target for dial-up
	pOPIdentifier			[18] IPIRIIDType OPTIONAL,
		-- The identifier or name of the POP
	pOPIPAddress			[19] IPAddress OPTIONAL,
		-- The IP address of the POP
99
	nationalIPIRIParameters	[20] NationalIPIRIParameters OPTIONAL,
100
101
		-- National IP IRI Parameters
	additionalIPAddress		[21] IPAddress OPTIONAL,
102
103
104
105
		-- This field will carry the first IPv6 target IP address with or without prefix when the 
		-- iPVersion parameter is set to iPV4andV6.
		-- Use of this field is fully described in section 6.2.1
	authenticationType		[22] AuthenticationType OPTIONAL,
106
		-- Field used to identify the authentication type to assist with LEMF data validation
107
	otherTargetIdentifiers	[23] SEQUENCE OF OtherTargetIdentifiers OPTIONAL,
108
109
110
		-- This parameter will carry the second and subsequent IPv4 or IPv6 target IP addresses
		-- It is used when multiple subnet/prefix ranges are assigned to a target service.
		-- Use of this field is fully described in section 6.2.1
111
	location				[24] Location OPTIONAL,
112
		-- The location associated with the target
113
114
115
116
	pOPPortID				[25] OCTET STRING OPTIONAL,
		-- This field will carry the NAS-Port-ID as defined in RFC 2869 [17]:
		-- This parameter shall be populated with the RADIUS value.
	framedRoutes			[26] SEQUENCE OF FramedRoute OPTIONAL
117
		-- It is used to list all the available Framed Route and Framed IPv6 Route informationX
118
119
120
121
122
123
124
125
126
127
128
}

AccessEventType ::= ENUMERATED
{
	accessAttempt(0),
		-- A target requests access to the IAS
	accessAccept(1),
		-- IAS access is granted to the target, the session begins
	accessReject(2),
		-- IAS access is refused to the target
	accessFailed(3),
129
		-- The accessAttempt timed-out or failed otherwise
130
131
132
133
134
135
136
137
138
	sessionStart(4),
		-- A target starts using the IAS; not in use anymore from version 4(4)
	sessionEnd(5),
		-- A target stops using the IAS; not in use anymore from version 4(4)
	interimUpdate(6),
		-- Intermediate status report on service status or usage
	...,
	startOfInterceptionWithSessionActive(7),
		-- LI is started on a target who already has an active session
139
	accessEnd(8),
140
		-- A target stops using the IAS, the session ends
141
142
143
	endOfInterceptionWithSessionActive(9),
	 	-- LI is ended on a target who still has an active session
	unknown(10)
144

145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
}

InternetAccessType ::= ENUMERATED
{
	undefined(0),
	dialUp(1),
		-- IAS via DialUp access
	xDSL(2),
		-- IAS via DSL access
	cableModem(3),
		-- IAS via Cable access
	lAN(4),
		-- IAS via LAN access
	...,
	wirelessLAN(5),
		-- IAS via Wireless LAN access
	fTTx(6),
		-- IAS via Fiber access
	wIMAX-HIPERMAN(7),
		-- IAS via WIMAX/HIPERMAN (fixed access)
165
	satellite(8),
166
167
		-- IAS via Satellite access
		-- (when it is not covered by any 3GPP or ETSI mobile Lawful Interception specifications)
168
169
170
	wireless-other(9)
		-- IAS via other type of Wireless access
		-- (when it is not covered by any 3GPP or ETSI mobile Lawful Interception specifications)
171
172
173
174
175
176
}

IPVersion ::= ENUMERATED
{
	iPV4(1),
		-- The IPv4 protocol is used
177
	iPV6(2),
178
		-- The IPv6 protocol is used
179
180
181
	iPV4andV6(3),
		-- The IPv4 and IPv6 protocols are used
	...
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
}

EndReason ::= ENUMERATED
{
	undefined(0),
	regularLogoff(1),
		-- The target logged off
	connectionLoss(2),
		-- The connection was lost
	connectionTimeout(3),
		-- The connection timed-out
	leaseExpired(4),
		-- The DHCP lease expired
	...
}

IPIRIIDType ::= CHOICE
{
	printableIDType			[0] UTF8String (SIZE (1..128)),
		-- For printable userIDs, such as the Radius username, phonenumbers
	macAddressType			[1] OCTET STRING (SIZE (6)),
203
		-- For MAC address types, raw binary format as in IETF RFC 2132 [15]
204
205
206
207
208
209
210
	ipAddressType			[2] IPAddress,
		-- For IP address types
	...
}

NationalIPIRIParameters ::= SEQUENCE
{
211
	countryCode		[1] PrintableString (SIZE (2)),
212
213
214
215
216
217
218
219
220
221
222
223
		-- Country Code according to ISO 3166-1 [16],
		-- the country to which the parameters inserted after the extension marker apply.
	...
	-- In case a given country wants to use additional national parameters according to its law,
	-- these national parameters should be defined using the ASN.1 syntax and added after the
	-- extension marker (...).
	-- It is recommended that "version parameter" and "vendor identification parameter" are
	-- included in the national parameters definition. Vendor identifications can be
	-- retrieved from the IANA web site (see Annex E Bibliography). Besides, it is recommended 
	-- to avoid using tags from 240 to 255 in a formal type definition.
}

224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
AuthenticationType ::= ENUMERATED
{
	unknown(0),
		-- AAA function for the target service is unknown
	static(1),
		-- The target service is assigned a static IP address & no AAA expected
	radiusAAA(2),
		-- AAA function for the target service is provided by RADIUS
	dhcpAAA(3),
		-- AAA function for the target service is provided by DHCP
	diameterAAA(4),
		-- AAA function for the target service is provided by DIAMETER
	...
}

239
240
241
242
243
244
OtherTargetIdentifiers ::= CHOICE
{
		-- Additional target identifiers associated with the target service
		-- This list is extensible to accommodate other target identifiers which 
		-- may be required in future.
	iPAddress		[0] IPAddress,
245
		-- IPAddress imported from ETSI TS 102 232 [2].
246
247
248
249
250
		-- This can be an IPv4 address (with or without a subnet range defined) or 
		-- an IPv6 address (with or without a prefix range defined).
	...
}

251

252
253
254
255
256
257
258
259
260
261
262
263
264
FramedRoute ::= CHOICE
{
		-- Additional Framed Route prefix information associated with the target service

	framedRoute		[0] OCTET STRING,
		-- This could contain an IPv4 as well as IPv6 FramedRoute information 
		-- including additional information such Gateway address and 
		-- one or more metrics in texual format.
		-- This parameter shall be populated with the RADIUS value.
	...
}


265
266
267
268
269
270
271
272
-- =====================================================
-- Intercept-related information for IRI-Only intercepts
-- =====================================================

IPIRIOnly ::= SEQUENCE
{
	iPIRIOnlyObjId				[0] RELATIVE-OID,
	iPInformation				[1] IPInformation,
273
	protocolInformation         [2] ProtocolInformation,
274
275
	iPAggregatedNbrOfPackets	[3] INTEGER OPTIONAL,
	iPAggregatedNbrOfBytes		[4] INTEGER OPTIONAL,
276
    pDSRInformation             [5] PDSRInformation OPTIONAL,
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
	...
}

IPInformation ::= CHOICE
{
	iPv4Information		[0] IPv4Information,
	iPv6Information		[1] IPv6Information
}

ProtocolInformation ::= CHOICE
{
	none					[0] NULL,
		-- No layer 4 protocol information is provided
	tCPInformation			[1] TCPInformation,
	uDPInformation			[2] UDPInformation,
	...
}

IPv4Information ::= SEQUENCE
{
	headerLength			[0] OCTET STRING OPTIONAL,
	typeOfService			[1] OCTET STRING OPTIONAL,
	totalLength				[2] OCTET STRING (SIZE (2))OPTIONAL,
	identification			[3] OCTET STRING (SIZE (2))OPTIONAL,
	fragment				[4] OCTET STRING (SIZE (2))OPTIONAL,
	ttl						[5] OCTET STRING OPTIONAL,
	protocol				[6] OCTET STRING OPTIONAL,
	headerChecksum			[7] OCTET STRING (SIZE (2))OPTIONAL,
	source					[8] OCTET STRING (SIZE (4)),
	destination				[9] OCTET STRING (SIZE (4)),
	options					[10] OCTET STRING (SIZE (0..40))OPTIONAL
}

IPv6Information ::= SEQUENCE
{
	trafficClass			[0] OCTET STRING OPTIONAL,
	flowLabel				[1] OCTET STRING (SIZE (20))OPTIONAL,
	payloadLength			[2] OCTET STRING (SIZE (4))OPTIONAL,
	nextHeader				[3] OCTET STRING OPTIONAL,
	hopLimit				[4] OCTET STRING OPTIONAL,
	source					[5] OCTET STRING (SIZE (16)),
	destination				[6] OCTET STRING (SIZE (16))
}

TCPInformation ::= SEQUENCE
{
	sourcePort			[0] OCTET STRING (SIZE (2))OPTIONAL,
	destinationPort		[1] OCTET STRING (SIZE (2))OPTIONAL,
	sequenceNumber		[2] OCTET STRING (SIZE (4))OPTIONAL,
	ackNumber			[3] OCTET STRING (SIZE (4))OPTIONAL,
	dataOffset			[4] BIT STRING (SIZE (4))OPTIONAL,
		-- First 4 bits
	controlBits			[5] BIT STRING (SIZE (6))OPTIONAL,
		-- Last 6 bits
	windowSize			[6] OCTET STRING (SIZE (2))OPTIONAL,
	checkSum			[7] OCTET STRING (SIZE (2))OPTIONAL,
	urgentPointer		[8] OCTET STRING (SIZE (2))OPTIONAL,
	options				[9] OCTET STRING (SIZE (0..40))OPTIONAL
}

UDPInformation ::= SEQUENCE
{
	sourcePort			[0] OCTET STRING (SIZE (2))OPTIONAL,
	destinationPort		[1] OCTET STRING (SIZE (2))OPTIONAL,
	length				[2] OCTET STRING (SIZE (2))OPTIONAL,
	checkSum			[3] OCTET STRING (SIZE (2))OPTIONAL
}

345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
PDSRInformation::= SEQUENCE
{
    summaryTrigger              [0] PDSRSummaryTrigger,
    firstPacketTimestamp        [1] GeneralizedTime,
    lastPacketTimestamp         [2] GeneralizedTime,
    packetCount                 [3] INTEGER,
    byteCount                   [4] INTEGER,
    ...
}

PDSRSummaryTrigger ::= ENUMERATED
{
    startOfFlow(0),
    timerExpiry(1),
    packetCount(2),
    byteCount(3),
    endOfFlow(4),
    ...
}
364

365
366
367


END -- end of IPAccessPDU