IPAccessPDU {itu-t(0) dentified-organization(4) etsi(0) securityDomain(2) lawfulIntercept(2) li-ps(5) iPAccess(3) version7(7)} DEFINITIONS IMPLICIT TAGS ::= BEGIN IMPORTS -- from ETSI TS 101 671 [1] IPAddress FROM HI2Operations {itu-t(0) identified-organization(4) etsi(0) securityDomain(2) lawfulIntercept(2) hi2(1) version14(14)}; -- ============================ -- Object Identifier Definition -- ============================ iPIRIObjId RELATIVE-OID ::= {li-ps(5) iPAccess(3) version7(7) iRI(1)} iPCCObjId RELATIVE-OID ::= {li-ps(5) iPAccess(3) version7(7) cC(2)} iPIRIOnlyObjId RELATIVE-OID ::= {li-ps(5) iPAccess(3) version7(7) iRIOnly(3)} -- all three definitions relative to {itu-t(0) identified-organization(4) -- etsi(0) securityDomain(2) lawfulintercept(2)} -- ========================== -- IP Communications Contents -- ========================== IPCC ::= SEQUENCE { iPCCObjId [0] RELATIVE-OID, iPCCContents [1] IPCCContents } IPCCContents ::= CHOICE { iPPackets [0] OCTET STRING, ... } -- =================================================== -- Intercept-related information for general IP-Access -- =================================================== IPIRI ::= SEQUENCE { iPIRIObjId [0] RELATIVE-OID, iPIRIContents [1] IPIRIContents, ... } IPIRIContents ::= SEQUENCE { accessEventType [0] AccessEventType, targetUsername [1] OCTET STRING, -- in ASCIIcharacters internetAccessType [2] InternetAccessType, iPVersion [3] IPVersion, targetIPAddress [4] IPAddress OPTIONAL, -- IP address may not be available in case of failed logon attempts. -- If it is available, it must be sent. -- When iPVersion is iPV4 or iPV6, the IP address is carried by this parameter -- when iPVersion is iPV4andV6 (Ex : in case of Dual Stack IPv4-IPv6 architecture), -- the additional IP address is carried by parameter additionalIPaddress. targetNetworkID [5] UTF8String (SIZE (1..20)) OPTIONAL, -- Target network ID (e.g. MAC address, PSTN number) targetCPEID [6] UTF8String (SIZE (1..128)) OPTIONAL, -- CPEID (e.g. Relay Agent info, computer name) targetLocation [7] UTF8String (SIZE (1..64)) OPTIONAL, -- When internetAccessType is Wireless LAN, this field should contain a string which -- uniquely identifies the wireless accesspoint within the SvP domain pOPPortNumber [8] INTEGER (0..4294967295) OPTIONAL, -- The POP port number used by the target callBackNumber [9] UTF8String (SIZE (1..20)) OPTIONAL, -- The number used to call-back the target startTime [10] GeneralizedTime OPTIONAL, -- The start date-time of the session or lease endTime [11] GeneralizedTime OPTIONAL, -- The actual end date-time of the session or lease endReason [12] EndReason OPTIONAL, -- The reason for the session to end octetsReceived [13] INTEGER (0..18446744073709551615) OPTIONAL, -- The number of octets the target received octetsTransmitted [14] INTEGER (0..18446744073709551615) OPTIONAL, -- The number of octets the target transmitted rawAAAData [15] OCTET STRING OPTIONAL, -- Content of the raw AAA record ..., expectedEndTime [16] GeneralizedTime OPTIONAL, -- The expected end date-time of the session or lease pOPPhoneNumber [17] UTF8String (SIZE (1..20)) OPTIONAL, -- The phone number dialed by the target for dial-up pOPIdentifier [18] IPIRIIDType OPTIONAL, -- The identifier or name of the POP pOPIPAddress [19] IPAddress OPTIONAL, -- The IP address of the POP nationalIPIRIParameters [20] NationalIPIRIParameters OPTIONAL, additionalIPAddress [21] IPAddress OPTIONAL } AccessEventType ::= ENUMERATED { accessAttempt(0), -- A target requests access to the IAS accessAccept(1), -- IAS access is granted to the target, the session begins accessReject(2), -- IAS access is refused to the target accessFailed(3), -- The Access_attempt timed-out or failed otherwise sessionStart(4), -- A target starts using the IAS; not in use anymore from version 4(4) sessionEnd(5), -- A target stops using the IAS; not in use anymore from version 4(4) interimUpdate(6), -- Intermediate status report on service status or usage ..., startOfInterceptionWithSessionActive(7), -- LI is started on a target who already has an active session accessEnd(8) -- A target stops using the IAS, the session ends } InternetAccessType ::= ENUMERATED { undefined(0), dialUp(1), -- IAS via DialUp access xDSL(2), -- IAS via DSL access cableModem(3), -- IAS via Cable access lAN(4), -- IAS via LAN access ..., wirelessLAN(5), -- IAS via Wireless LAN access fTTx(6), -- IAS via Fiber access wIMAX-HIPERMAN(7), -- IAS via WIMAX/HIPERMAN (fixed access) satellite(8) -- IAS via Satellite access -- (when it is not covered by any 3GPP or ETSI mobile Lawful Interception specifications) } IPVersion ::= ENUMERATED { iPV4(1), -- The IPv4 protocol is used iPV6(2), -- The IPv6 protocol is used iPV4andV6(3), -- The IPv4 and IPv6 protocols are used ... } EndReason ::= ENUMERATED { undefined(0), regularLogoff(1), -- The target logged off connectionLoss(2), -- The connection was lost connectionTimeout(3), -- The connection timed-out leaseExpired(4), -- The DHCP lease expired ... } IPIRIIDType ::= CHOICE { printableIDType [0] UTF8String (SIZE (1..128)), -- For printable userIDs, such as the Radius username, phonenumbers macAddressType [1] OCTET STRING (SIZE (6)), -- For MAC address types, raw binary format as in RFC 2132 [15] ipAddressType [2] IPAddress, -- For IP address types ... } NationalIPIRIParameters ::= SEQUENCE { countryCode [1] PrintableString (SIZE (2)), -- Country Code according to ISO 3166-1 [16], -- the country to which the parameters inserted after the extension marker apply. ... -- In case a given country wants to use additional national parameters according to its law, -- these national parameters should be defined using the ASN.1 syntax and added after the -- extension marker (...). -- It is recommended that "version parameter" and "vendor identification parameter" are -- included in the national parameters definition. Vendor identifications can be -- retrieved from the IANA web site (see Annex E Bibliography). Besides, it is recommended -- to avoid using tags from 240 to 255 in a formal type definition. } -- ===================================================== -- Intercept-related information for IRI-Only intercepts -- ===================================================== IPIRIOnly ::= SEQUENCE { iPIRIOnlyObjId [0] RELATIVE-OID, iPInformation [1] IPInformation, protocolInformation [2] ProtocolInformation, iPAggregatedNbrOfPackets [3] INTEGER OPTIONAL, iPAggregatedNbrOfBytes [4] INTEGER OPTIONAL, ... } IPInformation ::= CHOICE { iPv4Information [0] IPv4Information, iPv6Information [1] IPv6Information } ProtocolInformation ::= CHOICE { none [0] NULL, -- No layer 4 protocol information is provided tCPInformation [1] TCPInformation, uDPInformation [2] UDPInformation, ... } IPv4Information ::= SEQUENCE { headerLength [0] OCTET STRING OPTIONAL, typeOfService [1] OCTET STRING OPTIONAL, totalLength [2] OCTET STRING (SIZE (2))OPTIONAL, identification [3] OCTET STRING (SIZE (2))OPTIONAL, fragment [4] OCTET STRING (SIZE (2))OPTIONAL, ttl [5] OCTET STRING OPTIONAL, protocol [6] OCTET STRING OPTIONAL, headerChecksum [7] OCTET STRING (SIZE (2))OPTIONAL, source [8] OCTET STRING (SIZE (4)), destination [9] OCTET STRING (SIZE (4)), options [10] OCTET STRING (SIZE (0..40))OPTIONAL } IPv6Information ::= SEQUENCE { trafficClass [0] OCTET STRING OPTIONAL, flowLabel [1] OCTET STRING (SIZE (20))OPTIONAL, payloadLength [2] OCTET STRING (SIZE (4))OPTIONAL, nextHeader [3] OCTET STRING OPTIONAL, hopLimit [4] OCTET STRING OPTIONAL, source [5] OCTET STRING (SIZE (16)), destination [6] OCTET STRING (SIZE (16)) } TCPInformation ::= SEQUENCE { sourcePort [0] OCTET STRING (SIZE (2))OPTIONAL, destinationPort [1] OCTET STRING (SIZE (2))OPTIONAL, sequenceNumber [2] OCTET STRING (SIZE (4))OPTIONAL, ackNumber [3] OCTET STRING (SIZE (4))OPTIONAL, dataOffset [4] BIT STRING (SIZE (4))OPTIONAL, -- First 4 bits controlBits [5] BIT STRING (SIZE (6))OPTIONAL, -- Last 6 bits windowSize [6] OCTET STRING (SIZE (2))OPTIONAL, checkSum [7] OCTET STRING (SIZE (2))OPTIONAL, urgentPointer [8] OCTET STRING (SIZE (2))OPTIONAL, options [9] OCTET STRING (SIZE (0..40))OPTIONAL } UDPInformation ::= SEQUENCE { sourcePort [0] OCTET STRING (SIZE (2))OPTIONAL, destinationPort [1] OCTET STRING (SIZE (2))OPTIONAL, length [2] OCTET STRING (SIZE (2))OPTIONAL, checkSum [3] OCTET STRING (SIZE (2))OPTIONAL } END -- end of IPAccessPDU