My 102 232-3 notes: Difference between revisions
Jump to navigation
Jump to search
initial page creation |
|||
| (3 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
My notes on ETSI TS 102 232-3 | |||
Version 3.13.1 (2024-01) was used as basis. | |||
== Internet Access Service (IAS) § 4.1 == | |||
Figure 1 Internet access diagram | Figure 1 Internet access diagram | ||
[[File:102-232-3 V3.8.1 Figure1.png|alt=102-232-3 V3.8.1 Figure 1 Internet access diagram|102-232-3 V3.8.1 Figure 1 Internet access diagram]] | [[File:102-232-3 V3.8.1 Figure1.png|alt=102-232-3 V3.8.1 Figure 1 Internet access diagram|102-232-3 V3.8.1 Figure 1 Internet access diagram]] | ||
== Lawful Interception Requirements § 4.3 == | |||
=== Result of interceptions § 4.3.2 === | |||
The network operator, access provider or service provider shall provide Intercept Related Information (IRI), in relation to each target service: | |||
<ol type="a"> | |||
<li>When an attempt is made to access the access network.</li> | |||
<li>When an access to the access network is permitted.</li> | |||
<li>When an access to the access network is not permitted.</li> | |||
<li>On change of status (e.g. in the access network).</li> | |||
<li>On change of location (this can be related or unrelated to the communication or at all times when the apparatus is switched on).</li> | |||
</ol> | |||
The IRI shall contain: | |||
<ol type="a"> | |||
<li>Identities used by or associated with the target identity (e.g. dial-in calling line number and called line number, access server identity, Ethernet addresses, access device identifier).</li> | |||
<li>Details of services used and their associated parameters.</li> | |||
<li>Information relating to status.</li> | |||
<li>Timestamps.</li> | |||
</ol> | |||
Content of Communication (CC) shall be provided for every IP datagram sent through the IAP's network that: | |||
<ol type="a"> | |||
<li>Has the target's IP address as the IP source address.</li> | |||
<li>Has the target's IP address as the IP destination address.</li> | |||
</ol> | |||
The CC Content of communication shall contain: | |||
<ol type="a"> | |||
<li>A stream of octets for every captured datagram, containing a copy of the datagram from layer 3 upwards.</li> | |||
</ol> | |||
:NOTE: Due to the possibility of IP source address spoofing, the fact that an intercepted packet has the target's IP address as the IP source address does not guarantee that the packet was transmitted by the target; i.e. an intercept in place at the interface connected to the target may not include packets originating from other users spoofing the target's IP address and will not include packets from the actual target that contain a spoofed IP address. | |||
=== Intercept related information § 4.3.3 === | |||
Intercept Related Information (IRI) shall be conveyed to the LEMF in messages, or IRI data records, respectively. Four types of IRI records are defined: | |||
# IRI-BEGIN record at the first event of a communication attempt, opening the IRI transaction. | |||
# IRI-END record at the end of a communication attempt, closing the IRI transaction. | |||
# IRI-CONTINUE record at any time during a communication attempt within the IRI transaction. | |||
# IRI-REPORT record used in general for non-communication related events. | |||
For a description of the use and purpose of the various IRI records refer to ETSI TS 102 232-1. | |||
== IRI events § 6.1 == | |||
TODO: Insert Figure 6 state diagram for an Internet session and events depicted. | |||
== ASN.1 == | |||
<pre>IPAccessPDU | |||
{itu-t(0) identified-organization(4) etsi(0) securityDomain(2) lawfulIntercept(2) li-ps(5) iPAccess(3) version17(17)} | |||
DEFINITIONS IMPLICIT TAGS ::= | |||
BEGIN | |||
IMPORTS | |||
-- from ETSI TS 102 232-1 [2] | |||
IPAddress, | |||
Location | |||
FROM LI-PS-PDU | |||
{itu-t(0) identified-organization(4) etsi(0) securityDomain(2) lawfulIntercept(2) li-ps(5) genHeader(1) version37(37)}; | |||
-- ============================ | |||
-- Object Identifier Definition | |||
-- ============================ | |||
iPAccessPDUObjId RELATIVE-OID ::= {li-ps(5) iPAccess(3) version17(17)} | |||
iPIRIObjId RELATIVE-OID ::= {iPAccessPDUObjId iRI(1)} | |||
iPCCObjId RELATIVE-OID ::= {iPAccessPDUObjId cC(2)} | |||
iPIRIOnlyObjId RELATIVE-OID ::= {iPAccessPDUObjId iRIOnly(3)} | |||
-- definitions are relative to | |||
-- {itu-t(0) identified-organization(4) etsi(0) securityDomain(2) lawfulintercept(2)} | |||
-- ========================== | |||
-- IP Communications Contents | |||
-- ========================== | |||
IPCC ::= SEQUENCE | |||
{ | |||
iPCCObjId [0] RELATIVE-OID, | |||
iPCCContents [1] IPCCContents | |||
} | |||
IPCCContents ::= CHOICE | |||
{ | |||
iPPackets [0] OCTET STRING, | |||
..., | |||
iPTruncatedPacket [1] IPTruncatedPacket | |||
} | |||
IPTruncatedPacket ::= SEQUENCE | |||
{ | |||
truncatedPacket [0] OCTET STRING, | |||
originalLength [1] INTEGER OPTIONAL, | |||
... | |||
} | |||
-- =================================================== | |||
-- Intercept-related information for general IP-Access | |||
-- =================================================== | |||
IPIRI ::= SEQUENCE | |||
{ | |||
iPIRIObjId [0] RELATIVE-OID, | |||
iPIRIContents [1] IPIRIContents, | |||
... | |||
} | |||
IPIRIContents ::= SEQUENCE | |||
{ | |||
accessEventType [0] AccessEventType, | |||
targetUsername [1] OCTET STRING, | |||
-- in ASCII-characters | |||
internetAccessType [2] InternetAccessType, | |||
iPVersion [3] IPVersion, | |||
targetIPAddress [4] LI-PS-PDU.IPAddress OPTIONAL, | |||
-- IP address may not be available in case of failed logon attempts. | |||
-- If it is available, it must be sent. | |||
-- This field will carry the first IPv4 or IPv6 target IP address with or without | |||
-- subnet. Use of this field is fully described in section 6.2.1. | |||
targetNetworkID [5] UTF8String (SIZE (1..20)) OPTIONAL, | |||
-- Target network ID (e.g. MAC address, PSTN number) | |||
targetCPEID [6] UTF8String (SIZE (1..128)) OPTIONAL, | |||
-- CPEID (e.g. Relay Agent info, computer name) | |||
targetLocation [7] UTF8String (SIZE (1..64)) OPTIONAL, | |||
-- When internetAccessType is Wireless LAN, this field should contain a string which | |||
-- uniquely identifies the wireless accesspoint within the SvP domain | |||
-- New implementations are encouraged to use the location [24] parameter where possible. | |||
pOPPortNumber [8] INTEGER (0..4294967295) OPTIONAL, | |||
-- The POP port number used by the target | |||
callBackNumber [9] UTF8String (SIZE (1..20)) OPTIONAL, | |||
-- The number used to call-back the target | |||
startTime [10] GeneralizedTime OPTIONAL, | |||
-- The start date-time of the session or lease | |||
endTime [11] GeneralizedTime OPTIONAL, | |||
-- The actual end date-time of the session or lease | |||
endReason [12] EndReason OPTIONAL, | |||
-- The reason for the session to end | |||
octetsReceived [13] INTEGER (0..18446744073709551615) OPTIONAL, | |||
-- The number of octets the target received | |||
octetsTransmitted [14] INTEGER (0..18446744073709551615) OPTIONAL, | |||
-- The number of octets the target transmitted | |||
rawAAAData [15] OCTET STRING OPTIONAL, | |||
-- Content of the raw AAA record | |||
..., | |||
expectedEndTime [16] GeneralizedTime OPTIONAL, | |||
-- The expected end date-time of the session or lease | |||
pOPPhoneNumber [17] UTF8String (SIZE (1..20)) OPTIONAL, | |||
-- The phone number dialed by the target for dial-up | |||
pOPIdentifier [18] IPIRIIDType OPTIONAL, | |||
-- The identifier or name of the POP | |||
pOPIPAddress [19] LI-PS-PDU.IPAddress OPTIONAL, | |||
-- The IP address of the POP | |||
nationalIPIRIParameters [20] NationalIPIRIParameters OPTIONAL, | |||
-- National IP IRI Parameters | |||
additionalIPAddress [21] LI-PS-PDU.IPAddress OPTIONAL, | |||
-- This field will carry the first IPv6 target IP address with or without prefix when the | |||
-- iPVersion parameter is set to iPV4andV6. | |||
-- Use of this field is fully described in section 6.2.1 | |||
authenticationType [22] AuthenticationType OPTIONAL, | |||
-- Field used to identify the authentication type to assist with LEMF data validation | |||
otherTargetIdentifiers [23] SEQUENCE OF OtherTargetIdentifiers OPTIONAL, | |||
-- This parameter will carry the second and subsequent IPv4 or IPv6 target IP addresses | |||
-- It is used when multiple subnet/prefix ranges are assigned to a target service. | |||
-- Use of this field is fully described in section 6.2.1 | |||
location [24] LI-PS-PDU.Location OPTIONAL, | |||
-- The location associated with the target | |||
pOPPortID [25] OCTET STRING OPTIONAL, | |||
-- This field will carry the NAS-Port-ID as defined in RFC 2869 [17]: | |||
-- This parameter shall be populated with the RADIUS value. | |||
framedRoutes [26] SEQUENCE OF FramedRoute OPTIONAL | |||
-- It is used to list all the available Framed Route and Framed IPv6 Route information | |||
} | |||
AccessEventType ::= ENUMERATED | |||
{ | |||
accessAttempt(0), | |||
-- A target requests access to the IAS | |||
accessAccept(1), | |||
-- IAS access is granted to the target, the session begins | |||
accessReject(2), | |||
-- IAS access is refused to the target | |||
accessFailed(3), | |||
-- The accessAttempt timed-out or failed otherwise | |||
sessionStart(4), | |||
-- A target starts using the IAS; not in use anymore from version 4(4) | |||
sessionEnd(5), | |||
-- A target stops using the IAS; not in use anymore from version 4(4) | |||
interimUpdate(6), | |||
-- Intermediate status report on service status or usage | |||
..., | |||
startOfInterceptionWithSessionActive(7), | |||
-- LI is started on a target who already has an active session | |||
accessEnd(8), | |||
-- A target stops using the IAS, the session ends | |||
endOfInterceptionWithSessionActive(9), | |||
-- LI is ended on a target who still has an active session | |||
unknown(10) | |||
} | |||
InternetAccessType ::= ENUMERATED | |||
{ | |||
undefined(0), | |||
dialUp(1), | |||
-- IAS via DialUp access | |||
xDSL(2), | |||
-- IAS via DSL access | |||
cableModem(3), | |||
-- IAS via Cable access | |||
lAN(4), | |||
-- IAS via LAN access | |||
..., | |||
wirelessLAN(5), | |||
-- IAS via Wireless LAN access | |||
fTTx(6), | |||
-- IAS via Fiber access | |||
wIMAX-HIPERMAN(7), | |||
-- IAS via WIMAX/HIPERMAN (fixed access) | |||
satellite(8), | |||
-- IAS via Satellite access | |||
-- (when it is not covered by any 3GPP or ETSI mobile Lawful Interception specifications) | |||
wireless-other(9) | |||
-- IAS via other type of Wireless access | |||
-- (when it is not covered by any 3GPP or ETSI mobile Lawful Interception specifications) | |||
} | |||
IPVersion ::= ENUMERATED | |||
{ | |||
iPV4(1), | |||
-- The IPv4 protocol is used | |||
iPV6(2), | |||
-- The IPv6 protocol is used | |||
iPV4andV6(3), | |||
-- The IPv4 and IPv6 protocols are used | |||
... | |||
} | |||
EndReason ::= ENUMERATED | |||
{ | |||
undefined(0), | |||
regularLogoff(1), | |||
-- The target logged off | |||
connectionLoss(2), | |||
-- The connection was lost | |||
connectionTimeout(3), | |||
-- The connection timed-out | |||
leaseExpired(4), | |||
-- The DHCP lease expired | |||
... | |||
} | |||
IPIRIIDType ::= CHOICE | |||
{ | |||
printableIDType [0] UTF8String (SIZE (1..128)), | |||
-- For printable userIDs, such as the Radius username, phonenumbers | |||
macAddressType [1] OCTET STRING (SIZE (6)), | |||
-- For MAC address types, raw binary format as in RFC 2132 [15] | |||
ipAddressType [2] LI-PS-PDU.IPAddress, | |||
-- For IP address types | |||
... | |||
} | |||
NationalIPIRIParameters ::= SEQUENCE | |||
{ | |||
countryCode [1] PrintableString (SIZE (2)), | |||
-- Country Code according to ISO 3166-1 [16], | |||
-- the country to which the parameters inserted after the extension marker apply. | |||
... | |||
-- In case a given country wants to use additional national parameters according to its law, | |||
-- these national parameters should be defined using the ASN.1 syntax and added after the | |||
-- extension marker (...). | |||
-- It is recommended that "version parameter" and "vendor identification parameter" are | |||
-- included in the national parameters definition. Vendor identifications can be | |||
-- retrieved from the IANA web site (see Annex E Bibliography). Besides, it is recommended | |||
-- to avoid using tags from 240 to 255 in a formal type definition. | |||
} | |||
AuthenticationType ::= ENUMERATED | |||
{ | |||
unknown(0), | |||
-- AAA function for the target service is unknown | |||
static(1), | |||
-- The target service is assigned a static IP address & no AAA expected | |||
radiusAAA(2), | |||
-- AAA function for the target service is provided by RADIUS | |||
dhcpAAA(3), | |||
-- AAA function for the target service is provided by DHCP | |||
diameterAAA(4), | |||
-- AAA function for the target service is provided by DIAMETER | |||
... | |||
} | |||
OtherTargetIdentifiers ::= CHOICE | |||
{ | |||
-- Additional target identifiers associated with the target service | |||
-- This list is extensible to accommodate other target identifiers which | |||
-- may be required in future. | |||
iPAddress [0] LI-PS-PDU.IPAddress, | |||
-- IPAddress imported from TS 102 232 [2]. | |||
-- This can be an IPv4 address (with or without a subnet range defined) or | |||
-- an IPv6 address (with or without a prefix range defined). | |||
... | |||
} | |||
FramedRoute ::= CHOICE | |||
{ | |||
-- Additional Framed Route prefix information associated with the target service | |||
framedRoute [0] OCTET STRING, | |||
-- This could contain an IPv4 as well as IPv6 FramedRoute information | |||
-- including additional information such Gateway address and | |||
-- one or more metrics in texual format. | |||
-- This parameter shall be populated with the RADIUS value. | |||
... | |||
} | |||
-- ===================================================== | |||
-- Intercept-related information for IRI-Only intercepts | |||
-- ===================================================== | |||
IPIRIOnly ::= SEQUENCE | |||
{ | |||
iPIRIOnlyObjId [0] RELATIVE-OID, | |||
iPInformation [1] IPInformation, | |||
protocolInformation [2] ProtocolInformation, | |||
iPAggregatedNbrOfPackets [3] INTEGER OPTIONAL, | |||
iPAggregatedNbrOfBytes [4] INTEGER OPTIONAL, | |||
..., | |||
pDSRInformation [5] PDSRInformation OPTIONAL | |||
} | |||
IPInformation ::= CHOICE | |||
{ | |||
iPv4Information [0] IPv4Information, | |||
iPv6Information [1] IPv6Information | |||
} | |||
ProtocolInformation ::= CHOICE | |||
{ | |||
none [0] NULL, | |||
-- No layer 4 protocol information is provided | |||
tCPInformation [1] TCPInformation, | |||
uDPInformation [2] UDPInformation, | |||
... | |||
} | |||
IPv4Information ::= SEQUENCE | |||
{ | |||
headerLength [0] OCTET STRING OPTIONAL, | |||
typeOfService [1] OCTET STRING OPTIONAL, | |||
totalLength [2] OCTET STRING (SIZE (2))OPTIONAL, | |||
identification [3] OCTET STRING (SIZE (2))OPTIONAL, | |||
fragment [4] OCTET STRING (SIZE (2))OPTIONAL, | |||
ttl [5] OCTET STRING OPTIONAL, | |||
protocol [6] OCTET STRING OPTIONAL, | |||
headerChecksum [7] OCTET STRING (SIZE (2))OPTIONAL, | |||
source [8] OCTET STRING (SIZE (4)), | |||
destination [9] OCTET STRING (SIZE (4)), | |||
options [10] OCTET STRING (SIZE (0..40))OPTIONAL | |||
} | |||
IPv6Information ::= SEQUENCE | |||
{ | |||
trafficClass [0] OCTET STRING OPTIONAL, | |||
flowLabel [1] OCTET STRING (SIZE (20))OPTIONAL, | |||
payloadLength [2] OCTET STRING (SIZE (4))OPTIONAL, | |||
nextHeader [3] OCTET STRING OPTIONAL, | |||
hopLimit [4] OCTET STRING OPTIONAL, | |||
source [5] OCTET STRING (SIZE (16)), | |||
destination [6] OCTET STRING (SIZE (16)) | |||
} | |||
TCPInformation ::= SEQUENCE | |||
{ | |||
sourcePort [0] OCTET STRING (SIZE (2))OPTIONAL, | |||
destinationPort [1] OCTET STRING (SIZE (2))OPTIONAL, | |||
sequenceNumber [2] OCTET STRING (SIZE (4))OPTIONAL, | |||
ackNumber [3] OCTET STRING (SIZE (4))OPTIONAL, | |||
dataOffset [4] BIT STRING (SIZE (4))OPTIONAL, | |||
-- First 4 bits | |||
controlBits [5] BIT STRING (SIZE (6))OPTIONAL, | |||
-- Last 6 bits | |||
windowSize [6] OCTET STRING (SIZE (2))OPTIONAL, | |||
checkSum [7] OCTET STRING (SIZE (2))OPTIONAL, | |||
urgentPointer [8] OCTET STRING (SIZE (2))OPTIONAL, | |||
options [9] OCTET STRING (SIZE (0..40))OPTIONAL | |||
} | |||
UDPInformation ::= SEQUENCE | |||
{ | |||
sourcePort [0] OCTET STRING (SIZE (2))OPTIONAL, | |||
destinationPort [1] OCTET STRING (SIZE (2))OPTIONAL, | |||
length [2] OCTET STRING (SIZE (2))OPTIONAL, | |||
checkSum [3] OCTET STRING (SIZE (2))OPTIONAL | |||
} | |||
PDSRInformation::= SEQUENCE | |||
{ | |||
summaryTrigger [0] PDSRSummaryTrigger, | |||
firstPacketTimestamp [1] GeneralizedTime, | |||
lastPacketTimestamp [2] GeneralizedTime, | |||
packetCount [3] INTEGER, | |||
byteCount [4] INTEGER, | |||
... | |||
} | |||
PDSRSummaryTrigger ::= ENUMERATED | |||
{ | |||
startOfFlow(0), | |||
timerExpiry(1), | |||
packetCount(2), | |||
byteCount(3), | |||
endOfFlow(4), | |||
... | |||
} | |||
END -- end of IPAccessPDU</pre> | |||
<center>[[Telecommunications info | To Telecommunications info]]</center> | <center>[[Telecommunications info | To Telecommunications info]]</center> | ||
Latest revision as of 17:02, 24 June 2025
My notes on ETSI TS 102 232-3
Version 3.13.1 (2024-01) was used as basis.
Internet Access Service (IAS) § 4.1
Figure 1 Internet access diagram
Lawful Interception Requirements § 4.3
Result of interceptions § 4.3.2
The network operator, access provider or service provider shall provide Intercept Related Information (IRI), in relation to each target service:
- When an attempt is made to access the access network.
- When an access to the access network is permitted.
- When an access to the access network is not permitted.
- On change of status (e.g. in the access network).
- On change of location (this can be related or unrelated to the communication or at all times when the apparatus is switched on).
The IRI shall contain:
- Identities used by or associated with the target identity (e.g. dial-in calling line number and called line number, access server identity, Ethernet addresses, access device identifier).
- Details of services used and their associated parameters.
- Information relating to status.
- Timestamps.
Content of Communication (CC) shall be provided for every IP datagram sent through the IAP's network that:
- Has the target's IP address as the IP source address.
- Has the target's IP address as the IP destination address.
The CC Content of communication shall contain:
- A stream of octets for every captured datagram, containing a copy of the datagram from layer 3 upwards.
- NOTE: Due to the possibility of IP source address spoofing, the fact that an intercepted packet has the target's IP address as the IP source address does not guarantee that the packet was transmitted by the target; i.e. an intercept in place at the interface connected to the target may not include packets originating from other users spoofing the target's IP address and will not include packets from the actual target that contain a spoofed IP address.
Intercept Related Information (IRI) shall be conveyed to the LEMF in messages, or IRI data records, respectively. Four types of IRI records are defined:
- IRI-BEGIN record at the first event of a communication attempt, opening the IRI transaction.
- IRI-END record at the end of a communication attempt, closing the IRI transaction.
- IRI-CONTINUE record at any time during a communication attempt within the IRI transaction.
- IRI-REPORT record used in general for non-communication related events.
For a description of the use and purpose of the various IRI records refer to ETSI TS 102 232-1.
IRI events § 6.1
TODO: Insert Figure 6 state diagram for an Internet session and events depicted.
ASN.1
IPAccessPDU
{itu-t(0) identified-organization(4) etsi(0) securityDomain(2) lawfulIntercept(2) li-ps(5) iPAccess(3) version17(17)}
DEFINITIONS IMPLICIT TAGS ::=
BEGIN
IMPORTS
-- from ETSI TS 102 232-1 [2]
IPAddress,
Location
FROM LI-PS-PDU
{itu-t(0) identified-organization(4) etsi(0) securityDomain(2) lawfulIntercept(2) li-ps(5) genHeader(1) version37(37)};
-- ============================
-- Object Identifier Definition
-- ============================
iPAccessPDUObjId RELATIVE-OID ::= {li-ps(5) iPAccess(3) version17(17)}
iPIRIObjId RELATIVE-OID ::= {iPAccessPDUObjId iRI(1)}
iPCCObjId RELATIVE-OID ::= {iPAccessPDUObjId cC(2)}
iPIRIOnlyObjId RELATIVE-OID ::= {iPAccessPDUObjId iRIOnly(3)}
-- definitions are relative to
-- {itu-t(0) identified-organization(4) etsi(0) securityDomain(2) lawfulintercept(2)}
-- ==========================
-- IP Communications Contents
-- ==========================
IPCC ::= SEQUENCE
{
iPCCObjId [0] RELATIVE-OID,
iPCCContents [1] IPCCContents
}
IPCCContents ::= CHOICE
{
iPPackets [0] OCTET STRING,
...,
iPTruncatedPacket [1] IPTruncatedPacket
}
IPTruncatedPacket ::= SEQUENCE
{
truncatedPacket [0] OCTET STRING,
originalLength [1] INTEGER OPTIONAL,
...
}
-- ===================================================
-- Intercept-related information for general IP-Access
-- ===================================================
IPIRI ::= SEQUENCE
{
iPIRIObjId [0] RELATIVE-OID,
iPIRIContents [1] IPIRIContents,
...
}
IPIRIContents ::= SEQUENCE
{
accessEventType [0] AccessEventType,
targetUsername [1] OCTET STRING,
-- in ASCII-characters
internetAccessType [2] InternetAccessType,
iPVersion [3] IPVersion,
targetIPAddress [4] LI-PS-PDU.IPAddress OPTIONAL,
-- IP address may not be available in case of failed logon attempts.
-- If it is available, it must be sent.
-- This field will carry the first IPv4 or IPv6 target IP address with or without
-- subnet. Use of this field is fully described in section 6.2.1.
targetNetworkID [5] UTF8String (SIZE (1..20)) OPTIONAL,
-- Target network ID (e.g. MAC address, PSTN number)
targetCPEID [6] UTF8String (SIZE (1..128)) OPTIONAL,
-- CPEID (e.g. Relay Agent info, computer name)
targetLocation [7] UTF8String (SIZE (1..64)) OPTIONAL,
-- When internetAccessType is Wireless LAN, this field should contain a string which
-- uniquely identifies the wireless accesspoint within the SvP domain
-- New implementations are encouraged to use the location [24] parameter where possible.
pOPPortNumber [8] INTEGER (0..4294967295) OPTIONAL,
-- The POP port number used by the target
callBackNumber [9] UTF8String (SIZE (1..20)) OPTIONAL,
-- The number used to call-back the target
startTime [10] GeneralizedTime OPTIONAL,
-- The start date-time of the session or lease
endTime [11] GeneralizedTime OPTIONAL,
-- The actual end date-time of the session or lease
endReason [12] EndReason OPTIONAL,
-- The reason for the session to end
octetsReceived [13] INTEGER (0..18446744073709551615) OPTIONAL,
-- The number of octets the target received
octetsTransmitted [14] INTEGER (0..18446744073709551615) OPTIONAL,
-- The number of octets the target transmitted
rawAAAData [15] OCTET STRING OPTIONAL,
-- Content of the raw AAA record
...,
expectedEndTime [16] GeneralizedTime OPTIONAL,
-- The expected end date-time of the session or lease
pOPPhoneNumber [17] UTF8String (SIZE (1..20)) OPTIONAL,
-- The phone number dialed by the target for dial-up
pOPIdentifier [18] IPIRIIDType OPTIONAL,
-- The identifier or name of the POP
pOPIPAddress [19] LI-PS-PDU.IPAddress OPTIONAL,
-- The IP address of the POP
nationalIPIRIParameters [20] NationalIPIRIParameters OPTIONAL,
-- National IP IRI Parameters
additionalIPAddress [21] LI-PS-PDU.IPAddress OPTIONAL,
-- This field will carry the first IPv6 target IP address with or without prefix when the
-- iPVersion parameter is set to iPV4andV6.
-- Use of this field is fully described in section 6.2.1
authenticationType [22] AuthenticationType OPTIONAL,
-- Field used to identify the authentication type to assist with LEMF data validation
otherTargetIdentifiers [23] SEQUENCE OF OtherTargetIdentifiers OPTIONAL,
-- This parameter will carry the second and subsequent IPv4 or IPv6 target IP addresses
-- It is used when multiple subnet/prefix ranges are assigned to a target service.
-- Use of this field is fully described in section 6.2.1
location [24] LI-PS-PDU.Location OPTIONAL,
-- The location associated with the target
pOPPortID [25] OCTET STRING OPTIONAL,
-- This field will carry the NAS-Port-ID as defined in RFC 2869 [17]:
-- This parameter shall be populated with the RADIUS value.
framedRoutes [26] SEQUENCE OF FramedRoute OPTIONAL
-- It is used to list all the available Framed Route and Framed IPv6 Route information
}
AccessEventType ::= ENUMERATED
{
accessAttempt(0),
-- A target requests access to the IAS
accessAccept(1),
-- IAS access is granted to the target, the session begins
accessReject(2),
-- IAS access is refused to the target
accessFailed(3),
-- The accessAttempt timed-out or failed otherwise
sessionStart(4),
-- A target starts using the IAS; not in use anymore from version 4(4)
sessionEnd(5),
-- A target stops using the IAS; not in use anymore from version 4(4)
interimUpdate(6),
-- Intermediate status report on service status or usage
...,
startOfInterceptionWithSessionActive(7),
-- LI is started on a target who already has an active session
accessEnd(8),
-- A target stops using the IAS, the session ends
endOfInterceptionWithSessionActive(9),
-- LI is ended on a target who still has an active session
unknown(10)
}
InternetAccessType ::= ENUMERATED
{
undefined(0),
dialUp(1),
-- IAS via DialUp access
xDSL(2),
-- IAS via DSL access
cableModem(3),
-- IAS via Cable access
lAN(4),
-- IAS via LAN access
...,
wirelessLAN(5),
-- IAS via Wireless LAN access
fTTx(6),
-- IAS via Fiber access
wIMAX-HIPERMAN(7),
-- IAS via WIMAX/HIPERMAN (fixed access)
satellite(8),
-- IAS via Satellite access
-- (when it is not covered by any 3GPP or ETSI mobile Lawful Interception specifications)
wireless-other(9)
-- IAS via other type of Wireless access
-- (when it is not covered by any 3GPP or ETSI mobile Lawful Interception specifications)
}
IPVersion ::= ENUMERATED
{
iPV4(1),
-- The IPv4 protocol is used
iPV6(2),
-- The IPv6 protocol is used
iPV4andV6(3),
-- The IPv4 and IPv6 protocols are used
...
}
EndReason ::= ENUMERATED
{
undefined(0),
regularLogoff(1),
-- The target logged off
connectionLoss(2),
-- The connection was lost
connectionTimeout(3),
-- The connection timed-out
leaseExpired(4),
-- The DHCP lease expired
...
}
IPIRIIDType ::= CHOICE
{
printableIDType [0] UTF8String (SIZE (1..128)),
-- For printable userIDs, such as the Radius username, phonenumbers
macAddressType [1] OCTET STRING (SIZE (6)),
-- For MAC address types, raw binary format as in RFC 2132 [15]
ipAddressType [2] LI-PS-PDU.IPAddress,
-- For IP address types
...
}
NationalIPIRIParameters ::= SEQUENCE
{
countryCode [1] PrintableString (SIZE (2)),
-- Country Code according to ISO 3166-1 [16],
-- the country to which the parameters inserted after the extension marker apply.
...
-- In case a given country wants to use additional national parameters according to its law,
-- these national parameters should be defined using the ASN.1 syntax and added after the
-- extension marker (...).
-- It is recommended that "version parameter" and "vendor identification parameter" are
-- included in the national parameters definition. Vendor identifications can be
-- retrieved from the IANA web site (see Annex E Bibliography). Besides, it is recommended
-- to avoid using tags from 240 to 255 in a formal type definition.
}
AuthenticationType ::= ENUMERATED
{
unknown(0),
-- AAA function for the target service is unknown
static(1),
-- The target service is assigned a static IP address & no AAA expected
radiusAAA(2),
-- AAA function for the target service is provided by RADIUS
dhcpAAA(3),
-- AAA function for the target service is provided by DHCP
diameterAAA(4),
-- AAA function for the target service is provided by DIAMETER
...
}
OtherTargetIdentifiers ::= CHOICE
{
-- Additional target identifiers associated with the target service
-- This list is extensible to accommodate other target identifiers which
-- may be required in future.
iPAddress [0] LI-PS-PDU.IPAddress,
-- IPAddress imported from TS 102 232 [2].
-- This can be an IPv4 address (with or without a subnet range defined) or
-- an IPv6 address (with or without a prefix range defined).
...
}
FramedRoute ::= CHOICE
{
-- Additional Framed Route prefix information associated with the target service
framedRoute [0] OCTET STRING,
-- This could contain an IPv4 as well as IPv6 FramedRoute information
-- including additional information such Gateway address and
-- one or more metrics in texual format.
-- This parameter shall be populated with the RADIUS value.
...
}
-- =====================================================
-- Intercept-related information for IRI-Only intercepts
-- =====================================================
IPIRIOnly ::= SEQUENCE
{
iPIRIOnlyObjId [0] RELATIVE-OID,
iPInformation [1] IPInformation,
protocolInformation [2] ProtocolInformation,
iPAggregatedNbrOfPackets [3] INTEGER OPTIONAL,
iPAggregatedNbrOfBytes [4] INTEGER OPTIONAL,
...,
pDSRInformation [5] PDSRInformation OPTIONAL
}
IPInformation ::= CHOICE
{
iPv4Information [0] IPv4Information,
iPv6Information [1] IPv6Information
}
ProtocolInformation ::= CHOICE
{
none [0] NULL,
-- No layer 4 protocol information is provided
tCPInformation [1] TCPInformation,
uDPInformation [2] UDPInformation,
...
}
IPv4Information ::= SEQUENCE
{
headerLength [0] OCTET STRING OPTIONAL,
typeOfService [1] OCTET STRING OPTIONAL,
totalLength [2] OCTET STRING (SIZE (2))OPTIONAL,
identification [3] OCTET STRING (SIZE (2))OPTIONAL,
fragment [4] OCTET STRING (SIZE (2))OPTIONAL,
ttl [5] OCTET STRING OPTIONAL,
protocol [6] OCTET STRING OPTIONAL,
headerChecksum [7] OCTET STRING (SIZE (2))OPTIONAL,
source [8] OCTET STRING (SIZE (4)),
destination [9] OCTET STRING (SIZE (4)),
options [10] OCTET STRING (SIZE (0..40))OPTIONAL
}
IPv6Information ::= SEQUENCE
{
trafficClass [0] OCTET STRING OPTIONAL,
flowLabel [1] OCTET STRING (SIZE (20))OPTIONAL,
payloadLength [2] OCTET STRING (SIZE (4))OPTIONAL,
nextHeader [3] OCTET STRING OPTIONAL,
hopLimit [4] OCTET STRING OPTIONAL,
source [5] OCTET STRING (SIZE (16)),
destination [6] OCTET STRING (SIZE (16))
}
TCPInformation ::= SEQUENCE
{
sourcePort [0] OCTET STRING (SIZE (2))OPTIONAL,
destinationPort [1] OCTET STRING (SIZE (2))OPTIONAL,
sequenceNumber [2] OCTET STRING (SIZE (4))OPTIONAL,
ackNumber [3] OCTET STRING (SIZE (4))OPTIONAL,
dataOffset [4] BIT STRING (SIZE (4))OPTIONAL,
-- First 4 bits
controlBits [5] BIT STRING (SIZE (6))OPTIONAL,
-- Last 6 bits
windowSize [6] OCTET STRING (SIZE (2))OPTIONAL,
checkSum [7] OCTET STRING (SIZE (2))OPTIONAL,
urgentPointer [8] OCTET STRING (SIZE (2))OPTIONAL,
options [9] OCTET STRING (SIZE (0..40))OPTIONAL
}
UDPInformation ::= SEQUENCE
{
sourcePort [0] OCTET STRING (SIZE (2))OPTIONAL,
destinationPort [1] OCTET STRING (SIZE (2))OPTIONAL,
length [2] OCTET STRING (SIZE (2))OPTIONAL,
checkSum [3] OCTET STRING (SIZE (2))OPTIONAL
}
PDSRInformation::= SEQUENCE
{
summaryTrigger [0] PDSRSummaryTrigger,
firstPacketTimestamp [1] GeneralizedTime,
lastPacketTimestamp [2] GeneralizedTime,
packetCount [3] INTEGER,
byteCount [4] INTEGER,
...
}
PDSRSummaryTrigger ::= ENUMERATED
{
startOfFlow(0),
timerExpiry(1),
packetCount(2),
byteCount(3),
endOfFlow(4),
...
}
END -- end of IPAccessPDU