IPAccessPDU.asn 8.62 KB
Newer Older
1
IPAccessPDU
2
{itu-t(0) dentified-organization(4) etsi(0) securityDomain(2) lawfulIntercept(2) li-ps(5) iPAccess(3) version7(7)}
3
4
5
6
7
8
9
10

DEFINITIONS IMPLICIT TAGS ::=
BEGIN

IMPORTS
	-- from ETSI TS 101 671 [1]
	IPAddress
		FROM HI2Operations
11
		{itu-t(0) identified-organization(4) etsi(0) securityDomain(2) lawfulIntercept(2) hi2(1) version14(14)};
12
13
14
15
16

-- ============================
-- Object Identifier Definition
-- ============================

17
18
19
iPIRIObjId RELATIVE-OID				::= {li-ps(5) iPAccess(3) version7(7) iRI(1)}
iPCCObjId RELATIVE-OID				::= {li-ps(5) iPAccess(3) version7(7) cC(2)}
iPIRIOnlyObjId RELATIVE-OID			::= {li-ps(5) iPAccess(3) version7(7) iRIOnly(3)}
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
	-- all three definitions relative to {itu-t(0) identified-organization(4)
	-- etsi(0) securityDomain(2) lawfulintercept(2)}

-- ==========================
-- IP Communications Contents
-- ==========================

IPCC ::= SEQUENCE
{
	iPCCObjId 			[0] RELATIVE-OID,
	iPCCContents		[1] IPCCContents
}

IPCCContents ::= CHOICE
{
	iPPackets 			[0] OCTET STRING,
	...
}

-- ===================================================
-- Intercept-related information for general IP-Access
-- ===================================================

IPIRI ::= SEQUENCE
{
	iPIRIObjId 			[0] RELATIVE-OID,
	iPIRIContents		[1] IPIRIContents,
	...
}

IPIRIContents ::= SEQUENCE
{
	accessEventType			[0] AccessEventType,
	targetUsername			[1] OCTET STRING,
		-- in ASCIIcharacters
	internetAccessType		[2] InternetAccessType,
	iPVersion				[3] IPVersion,
	targetIPAddress			[4] IPAddress OPTIONAL,
		-- IP address may not be available in case of failed logon attempts.
		-- If it is available, it must be sent.
60
61
62
		-- When iPVersion is iPV4 or iPV6, the IP address is carried by this parameter
		-- when iPVersion is iPV4andV6 (Ex : in case of Dual Stack IPv4-IPv6 architecture),
		-- the additional IP address is carried by parameter additionalIPaddress.
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
	targetNetworkID			[5] UTF8String (SIZE (1..20)) OPTIONAL,
		-- Target network ID (e.g. MAC address, PSTN number)
	targetCPEID				[6] UTF8String (SIZE (1..128)) OPTIONAL,
		-- CPEID (e.g. Relay Agent info, computer name)
	targetLocation			[7] UTF8String (SIZE (1..64)) OPTIONAL,
		-- When internetAccessType is Wireless LAN, this field should contain a string which
		-- uniquely identifies the wireless accesspoint within the SvP domain
	pOPPortNumber			[8] INTEGER (0..4294967295) OPTIONAL,
		-- The POP port number used by the target
	callBackNumber			[9] UTF8String (SIZE (1..20)) OPTIONAL,
		-- The number used to call-back the target
	startTime				[10] GeneralizedTime OPTIONAL,
		-- The start date-time of the session or lease
	endTime					[11] GeneralizedTime OPTIONAL,
		-- The actual end date-time of the session or lease
	endReason				[12] EndReason OPTIONAL,
		-- The reason for the session to end
	octetsReceived			[13] INTEGER (0..18446744073709551615) OPTIONAL,
		-- The number of octets the target received
	octetsTransmitted		[14] INTEGER (0..18446744073709551615) OPTIONAL,
		-- The number of octets the target transmitted
	rawAAAData				[15] OCTET STRING OPTIONAL,
		-- Content of the raw AAA record
	...,
	expectedEndTime			[16] GeneralizedTime OPTIONAL,
		-- The expected end date-time of the session or lease
	pOPPhoneNumber			[17] UTF8String (SIZE (1..20)) OPTIONAL,
		-- The phone number dialed by the target for dial-up
	pOPIdentifier			[18] IPIRIIDType OPTIONAL,
		-- The identifier or name of the POP
	pOPIPAddress			[19] IPAddress OPTIONAL,
		-- The IP address of the POP
95
96
	nationalIPIRIParameters	[20] NationalIPIRIParameters OPTIONAL,
	additionalIPAddress		[21] IPAddress OPTIONAL
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
}

AccessEventType ::= ENUMERATED
{
	accessAttempt(0),
		-- A target requests access to the IAS
	accessAccept(1),
		-- IAS access is granted to the target, the session begins
	accessReject(2),
		-- IAS access is refused to the target
	accessFailed(3),
		-- The Access_attempt timed-out or failed otherwise
	sessionStart(4),
		-- A target starts using the IAS; not in use anymore from version 4(4)
	sessionEnd(5),
		-- A target stops using the IAS; not in use anymore from version 4(4)
	interimUpdate(6),
		-- Intermediate status report on service status or usage
	...,
	startOfInterceptionWithSessionActive(7),
		-- LI is started on a target who already has an active session
	accessEnd(8)
		-- A target stops using the IAS, the session ends
}

InternetAccessType ::= ENUMERATED
{
	undefined(0),
	dialUp(1),
		-- IAS via DialUp access
	xDSL(2),
		-- IAS via DSL access
	cableModem(3),
		-- IAS via Cable access
	lAN(4),
		-- IAS via LAN access
	...,
	wirelessLAN(5),
		-- IAS via Wireless LAN access
	fTTx(6),
		-- IAS via Fiber access
	wIMAX-HIPERMAN(7),
		-- IAS via WIMAX/HIPERMAN (fixed access)
	satellite(8)
		-- IAS via Satellite access
		-- (when it is not covered by any 3GPP or ETSI mobile Lawful Interception specifications)
}

IPVersion ::= ENUMERATED
{
	iPV4(1),
		-- The IPv4 protocol is used
149
	iPV6(2),
150
		-- The IPv6 protocol is used
151
152
153
	iPV4andV6(3),
		-- The IPv4 and IPv6 protocols are used
	...
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
}

EndReason ::= ENUMERATED
{
	undefined(0),
	regularLogoff(1),
		-- The target logged off
	connectionLoss(2),
		-- The connection was lost
	connectionTimeout(3),
		-- The connection timed-out
	leaseExpired(4),
		-- The DHCP lease expired
	...
}

IPIRIIDType ::= CHOICE
{
	printableIDType			[0] UTF8String (SIZE (1..128)),
		-- For printable userIDs, such as the Radius username, phonenumbers
	macAddressType			[1] OCTET STRING (SIZE (6)),
		-- For MAC address types, raw binary format as in RFC 2132 [15]
	ipAddressType			[2] IPAddress,
		-- For IP address types
	...
}

NationalIPIRIParameters ::= SEQUENCE
{
	countryCode 	[1] PrintableString (SIZE (2)),
		-- Country Code according to ISO 3166-1 [16],
		-- the country to which the parameters inserted after the extension marker apply.
	...
	-- In case a given country wants to use additional national parameters according to its law,
	-- these national parameters should be defined using the ASN.1 syntax and added after the
	-- extension marker (...).
	-- It is recommended that "version parameter" and "vendor identification parameter" are
	-- included in the national parameters definition. Vendor identifications can be
	-- retrieved from the IANA web site (see Annex E Bibliography). Besides, it is recommended 
	-- to avoid using tags from 240 to 255 in a formal type definition.
}

-- =====================================================
-- Intercept-related information for IRI-Only intercepts
-- =====================================================

IPIRIOnly ::= SEQUENCE
{
	iPIRIOnlyObjId				[0] RELATIVE-OID,
	iPInformation				[1] IPInformation,
	protocolInformation			[2] ProtocolInformation,
	iPAggregatedNbrOfPackets	[3] INTEGER OPTIONAL,
	iPAggregatedNbrOfBytes		[4] INTEGER OPTIONAL,
	...
}

IPInformation ::= CHOICE
{
	iPv4Information		[0] IPv4Information,
	iPv6Information		[1] IPv6Information
}

ProtocolInformation ::= CHOICE
{
	none					[0] NULL,
		-- No layer 4 protocol information is provided
	tCPInformation			[1] TCPInformation,
	uDPInformation			[2] UDPInformation,
	...
}

IPv4Information ::= SEQUENCE
{
	headerLength			[0] OCTET STRING OPTIONAL,
	typeOfService			[1] OCTET STRING OPTIONAL,
	totalLength				[2] OCTET STRING (SIZE (2))OPTIONAL,
	identification			[3] OCTET STRING (SIZE (2))OPTIONAL,
	fragment				[4] OCTET STRING (SIZE (2))OPTIONAL,
	ttl						[5] OCTET STRING OPTIONAL,
	protocol				[6] OCTET STRING OPTIONAL,
	headerChecksum			[7] OCTET STRING (SIZE (2))OPTIONAL,
	source					[8] OCTET STRING (SIZE (4)),
	destination				[9] OCTET STRING (SIZE (4)),
	options					[10] OCTET STRING (SIZE (0..40))OPTIONAL
}

IPv6Information ::= SEQUENCE
{
	trafficClass			[0] OCTET STRING OPTIONAL,
	flowLabel				[1] OCTET STRING (SIZE (20))OPTIONAL,
	payloadLength			[2] OCTET STRING (SIZE (4))OPTIONAL,
	nextHeader				[3] OCTET STRING OPTIONAL,
	hopLimit				[4] OCTET STRING OPTIONAL,
	source					[5] OCTET STRING (SIZE (16)),
	destination				[6] OCTET STRING (SIZE (16))
}

TCPInformation ::= SEQUENCE
{
	sourcePort			[0] OCTET STRING (SIZE (2))OPTIONAL,
	destinationPort		[1] OCTET STRING (SIZE (2))OPTIONAL,
	sequenceNumber		[2] OCTET STRING (SIZE (4))OPTIONAL,
	ackNumber			[3] OCTET STRING (SIZE (4))OPTIONAL,
	dataOffset			[4] BIT STRING (SIZE (4))OPTIONAL,
		-- First 4 bits
	controlBits			[5] BIT STRING (SIZE (6))OPTIONAL,
		-- Last 6 bits
	windowSize			[6] OCTET STRING (SIZE (2))OPTIONAL,
	checkSum			[7] OCTET STRING (SIZE (2))OPTIONAL,
	urgentPointer		[8] OCTET STRING (SIZE (2))OPTIONAL,
	options				[9] OCTET STRING (SIZE (0..40))OPTIONAL
}

UDPInformation ::= SEQUENCE
{
	sourcePort			[0] OCTET STRING (SIZE (2))OPTIONAL,
	destinationPort		[1] OCTET STRING (SIZE (2))OPTIONAL,
	length				[2] OCTET STRING (SIZE (2))OPTIONAL,
	checkSum			[3] OCTET STRING (SIZE (2))OPTIONAL
}

END -- end of IPAccessPDU