* [SMF] Gn: Drop unreachable return line
* [SMF] Avoid crash if Create{Session,PdpContext}Resp fails to be sent
Crash spotted in a running open5gs-smfd process, triggered by:
ERROR: ogs_gtp_sendto() failed (1:Operation not permitted) (../lib/gtp/path.c:119)
ERROR: ogs_gtp_xact_commit: Expectation `rv == OGS_OK' failed. (../lib/gtp/xact.c:730)
ERROR: smf_gtp2_send_create_session_response: Expectation `rv == OGS_OK' failed. (../src/smf/gtp-path.c:451)
FATAL: smf_gsm_state_wait_pfcp_establishment: Assertion `OGS_OK == smf_gtp2_send_create_session_response( sess, gtp_xact)' failed. (../src/smf/gsm-sm.c:676)
* [SMF] Avoid crash if Delete{Sesson,PdpContext}Resp fails to be sent
Let's simply continuing with release of the session, there's not much we
can do about it. Peer will eventually realize the conn is no longer
there.
According to the following standards the response to the endpoint
/nudm-sdm/${supi}/sm-data should be an array of
SessionManagementSubscriptionData objects, instead of only one object.
TS 29.503 version 16.6.0
TS 29.505 version 16.4.0
UDR now responds to the request with only item in the array.
UDM copies all items as is.
SMF uses only the first item in the array, even if there are more
present.
AN-Trusted AVP is only relevant for non-3GPP access networks e.g. WLAN.
This commit adds a check for non-3GPP access network in order to include
AN-Trusted AVP in CCR or not.
Also, clears the M bit for AN-trusted AVP as per TS 29.212 version 16.4.0, Table 5.4.0.1
A problem occurred when there was one SGWU/UPF and multiple SGWC/SMF.
When SGWU and UPF create a session, if the SEID is the same,
the existing session information is used without creating an additional session.
These problems were solved by using the F-SEID including IP information
in the process of checking the existing session.
For video in VoNR, multiple QosFlow is required in one session.
In the past, since only one Session Modification Message was supported,
QoS-Flow was put into several Session Messages one by one and processed.
Now that multiple QoS-Flows can be supported,
it is optimized to process one session modification message.
* [SMF] rename function s/gtp/gtp2/
* [SMF] Store GTPC version in session
So far we always depended on an xact being present in the code path in
order to know which kind of session it is (GTPv1C vs GTPv2C). Let's
instead store that information in smf_sess_t so that we have it always
available in an easy way.
* [SMF] Move smf_sess_t GTPv1C specifics into gtp substruct
* [SMF] Gy CCR: append 3GPP-NSAPI AVP
* [SMF] Append PDP-Address AVP to Gy CCR msg
* [SMF] Gy CCR: Move some AVPs under Service-Information/PS-Information
They belong there. Nokia infocenter documentation seems to be document
the possibility to configure its software to have it in top level, but
that's not what 3GPP TS 32.299 states, so let's stick to it.
* [SMF] Gy CCR: append 3GPP-PDP-Type AVP
* [SMF] Gy CCR: append 3GPP-Charging-Id AVP
* [SMF] Gy CCR: append SGSN-Address AVP
* [SMF] Gy CCR: append GGSN-Address AVP
Issue:
When the ULA - Subscription Data does not contain MSISDN, the Create Session Request
from MME to SGW does not contain MSISDN IE resulting in SMF throwing following log
smf | 05/09 15:20:53.683: [smf] ERROR: No MSISDN (../src/smf/s5c-handler.c:82)
sgwc | 05/09 15:20:53.683: [sgwc] ERROR: No Context in TEID (../src/sgwc/s5c-handler.c:104)
mme | 05/09 15:20:53.683: [mme] ERROR: No Context in TEID (../src/mme/mme-s11-handler.c:122)
As per 3GPP TS 29.274 version 16.5.0, table 7.2.1-1: MSISDN IE shall only be included
in Create Session Request if its provided in subscription data from the HSS. This commit
fixes this by removing the mandatory MSISDN IE check in SMF.
It allows for much better control on the lifecycle of the session, and
already shows some missing tear down paths in case of errors.
It also clarifies the existence of "sess" pointer in several paths.
The code also becomes clearer overall, since all the transitions and
logic to send next messages are put together.
Tear down of the session will be integrated into gsm-sm in a follow-up
patch.
The 5gc session setup is only partially moved to gsm-sm, and left as an
exercise for users wishin to improve 5gc support.
In the past only GTPv2C was supported, and had the "gtp" generic prefix.
Later on, GTPv1C support was added, and "gtp1" prefix was used.
Let's move GTPv2C specific bits to have "gtp2" prefix too, and leave
"gtp" prefix for generic stuff among different GTP versions.
This commit adds EMM Cause to Attach accept message when
Attach Request has COMBINED EPS IMSI ATTACH but the HSS
Network-Access-Mode is configure for EPS ONLY.
The use of the Gy interface (SMF acting as CTF towards an OCS node) is
mandated through configuration file. Default value "enable: auto" will
only make use of it in case a Diameter peer announcing support for the
Credit-Control Application is found.
Upon subscriber session creation, and after auth check over Gx, the SMF
will create a Gy session with the OCS and only after that step the SMF
will accept the session back to the subscriber.
The OCS may then grant some traffic volumes/time and ask to be notified
back with updated measurements.
In order to get the measurements, the SMF relies on PFCP URR configured
to the UPF through Session Repoort Request messages.
When closing the subscriber session, the SMF will also terminate the Gy
session at the OCS.
So far only some specifics parts of the Gy interface as well as the PFCP
side are implemented. Those should be enough to at least have
volume/time thresholds granted by the OCS, which then will be able to
track subsriber resource use.
This patch doesn't implement the OCS side of the Gy interface, that's
left as a future exercise. The interface was tested using an OCS
emulator implemented in TTCN-3 [1]
[1] https://cgit.osmocom.org/osmo-ttcn3-hacks/
TODO:
* Use an event for the report, like SMF_EVT_N4_TIMER?
* Properly set Service identifier in Gy CCR
* SMF: Properly set pkt/octet volumes in Gy CCR
** Update when receiving PFCP Modify Response.
* Figure out best way to require Gy through config file in open5gs-smfd.
* Create a new sess-sm.c which handles smf_sess_t state through
Gx+Gy+PFCP creation, modification and tear down. This way we can do
stuff in parallel, for instance Gx+Gy. It will alsoavoid duplicating
some code paths due to Gy being optional.
Catch Origin-Host during CCA and set it as Destination-Host during
subsequent CCRs. This way we ensure UPDATE/TERMINATION Requests are sent
back explicitly to the same Diameter peer. Moreover, it seems
freediameter relies on this AVP to properly send the message over the
correct SCTP association when several diameter peers are available.
1. UE registered and PDU established.
2. PCF does not receive Heartbeat.
- PCF De-registered state.
- Since PDU is established, SMF should not remove NF instance
3. PCF re-registered.
- HERE, WE NEED TO INCREASE NF REFERENCE COUNT.
Otherwise, NF instance will be removed if PCF is de-registered state
4. UE sends PDU release request.
5. Because SMF knows PCF NF instance, SMF can send PCF delete
As per 3GPP TS 23.401 version 15.12.0, section 5.3.1.2.2
The PDN GW allocates a globally unique /64
IPv6 prefix via Router Advertisement to a given UE.
After the UE has received the Router Advertisement message, it
constructs a full IPv6 address via IPv6 Stateless Address
autoconfiguration in accordance with RFC 4862 using the interface
identifier assigned by PDN GW.
For stateless address autoconfiguration however, the UE can
choose any interface identifier to generate IPv6 addresses, other
than link-local, without involving the network.
And, from section 5.3.1.1, Both EPS network elements and UE shall
support the following mechanisms:
/64 IPv6 prefix allocation via IPv6 Stateless Address
autoconfiguration according to RFC 4862, if IPv6 is
supported.
* [SMF] Gn: Avoid assert crash if no PDP resources available
* [SMF] Gn: Rearrange IE handling order in CreatePDPContextRequest
Let's handle the GTPC remote addr + TEID first, since those should be
used in the CreatePDPContextResponse ideally if available.
Let's then handle parsing of all IEs not related to bearers/UserPlane,
then those missing, and finally do all the IP resource allocation.
* Fix conversion from IPFilterRule to packet filter
As per 3GPP TS 24.008, following Packet filter component type identifier
are not supported on the LTE pre release-11 UEs:
IPv4 local address type
IPv6 remote address/prefix length type
IPv6 local address/prefix length type
And,
IPv6 remote address/prefix length type and
IPv6 local address/prefix length type shall be used when both MS and
Network support Local Address in TFTs.
This commit add logic to omit adding local address in packet filters
for compatibility with pre-release LTE 11 devices. The following parameter
could be used to toggle omit/no to omit behavior.
parameter:
no_ipv4v6_local_addr_in_packet_filter: <true/false>
* Remove logic of supporting pre-release LTE 11 devices in PCRF
* [SMF] typo fixes in commented code
* [SMF] Fix early err return handling UpdatePDPContextRequest
* [SMF] UpdatePDPContext: forward update of remote TEID+IPaddr to UPF
Updating the remote GTP-U IP address and/or TEID on the GGSN is a common
practice, used for instance by an SGSN in a UTRAN network to connect an
HNB(GW) to exchange GTP-U directly with the GGSN. It is also used in
general when doing handovers.
When receiving a UpdatePDPContext with the new address, we need to
forward the update to the UPF so that it takes it into account when
forwarding packets.
This patch only implements updating the information towards the UPF when
GTPv1C is used. Similar approach for GTPv2C (upon receival of Modify
Bearer Request) is still unimplemented.
Related: https://github.com/open5gs/open5gs/issues/1367
In the event we have 2 local IP addresses available for use, put the one
having same IP version in "GGSN Address *" IE, and the one with the
other IP version in "Alternative GGSN Address *" IE.
Same fix was applied recently to CreatePDPContextResponse.
TS 29.060 sections 7.3.4 and 7.3.6 specify the possible cause values for
UpdatePdpContextResponse and DeletePdpContextResponse.
Together with section 8.2, it becomes clear that 'Non-existent' cause
should be sent instead of 'Context not found' one in those cases.
It seems to be actually mandatory in GGSN->SGN directon, though it is
ignored in Release99 upwards. Let's hardcode it to 0 for now, should be
fine in the majority of cases.
In the event we have 2 local IP addresses available for use, put the one
having same IP version in "GGSN Address *" IE, and the one with the
other IP version in "Alternative GGSN Address *" IE.
* [CORE] tlv: Store mode in ogs_tlv_t
This allows specifying the format of the IE for each individual IE,
hence allowing messages containing IEs formatted in different ways.
This is needed in order to support parsing GTPv1-C, since messages
contain IEs with different structure (TLV vs TV). Hence, this is a
preparation patch to add support for parsing TVs in ogs-tlv.c/.h.
* [CORE] tlv: Support parsing msg with both TLV and TV in it
IEs of type TV are sometimes used in GTPv1-C. Current tlv parser/builder
doesn't provide with ways to parse messages which contain TV formatted
IEs. This patch adds the relevant types and ways to encode/decode them.
Furthermore, the current parser/builder allows parsing/building messages
containing the exact same format in all its IEs. A new parser function
is added which allows parsing messages of different types (TV, TLV)
mixed in the same message. In order to be able to do so, it uses the
general msg_mode passed to it in order to know the general TLV format
(in essence, the length of the Tag field, and also the length of the
Length field if applicable each IE).
Looking up the instance in the TLV description is left undone and
hadcoded to 0, since the only user so far requiring this API is GTPv1-C,
which has no instances.
* [CORE] tlv: Support repeated tag+instance parsing TLV message
In GTPv2C, repeated IEs (same tag) are easily differentiated by the
Instance byte, which provides info to match different decoded
structures. In GTPv1C though, there's no Instance byte, and we still
encounter repeated IEs (like GSN Address in Create PDP Context Request).
Hence, the TLV decoder needs to be updated to track count of IEs found
(identified by tag+instance, where instance is always 0 in GTPv1C) and
get the proper description index + offset into the decoded structure.
* [GTP]: Move GTPv2-C specifics to its own libgtp subdir
This will allow adding GTPv1-C code by the side. Most GTPv2 code is left
in this patch as "gtp" instead of renaming it to "gtp2" in order to
avoid massive changes. It can be done at a later stage if wanted.
* [GTP] Support generating GTPv1-C messages
* [SMF] Add Gn interface support
This patch introduces GTPv1C support to open5gs-smfd. With it,
open5gs-becomes a GGSN too, where SGSN can connect to, hence supporting
GERAN and UTRAN networks.
* [SMF] Fix potential null pointer dereference
Pointer "sess" was first dereferenced and later on checked for nullness.
This is clearly wrong. Rearrange the code path to make sure the check is
done first, then dereferenced.
* gitignore: Add subprojects/libtins
* cosmetic: Fix whitespace
The network access mode of HSS has been changed to 0 (Packet and Circuit).
Versions of MME prior to v2.4.2 did not use this value. Open5GS set
the attach result of Attach Complete message as it is by looking
at the attach type of the Attach Request message.
Now, if the network access mode of HSS is set to 2 (Only Packet),
this value is affected by MME from v2.4.3. Regardless of the attach type
of the Attach Request, the MME will set EPS Only to the attach result
of Attach Complete.
3GPP TS 24.501 version 16.6.0 Release 16
4.4 NAS security
4.4.6 Protection of initial NAS signalling messages
1) the UE needs to send non-cleartext IEs in a REGISTRATION REQUEST
or SERVICE REQUEST message, the UE includes the entire REGISTRATION
REQUEST or SERVICE REQUEST message (i.e. containing both cleartext IEs
and non-cleartext IEs) in the NAS message container IE and shall cipher
the value part of the NAS message container IE. The UE shall then send
a REGISTRATION REQUEST or SERVICE REQUEST message containing
the cleartext IEs and the NAS message container IE;
As per RFC 4861 Router advertisement message
format, Source Address MUST be the link-local address
assigned to the interface from which this message is sent.
Since SMF was not sending it as per RFC, certain
phones were not completing the procedure of stateless
IPv6 address autoconfiguration mentioned in
3GPP TS 23.401 version 15.12.0 Release 15, section 5.3.1.2.2
During PDU Session Establishment,
if gNB sends PDUSessionResourceReleaseResponse,
AMF was crashed.
In this case, AMF/SMF remove Session Context and sends ErrorIndication.
An assert occurs when a NAS message retransmission occurs.
Because there is no `enb_ue` context.
Therefore, before removing enb_ue, all Timers must be stopped
to prevent retransmission of NAS messages.
1. rollback ogs_error() to ogs_warn()
To remove the print-out in the test code,
8/13 open5gs:epc / attach OK 10.60 s
bearer-test : SUCCESS
session-test : /11/30 15:59:34.556: [esm] ERROR: Invalid APN[ims2] (../src/mme/esm-handler.c:71)
SUCCESS
2. if( to if (
Coding standard in open5gs
mitmitmitm
Pau Espin
Sukchan Lee
endika
Bostjan Meglic
Supreeth Herle
Spencer Sevilla
EugeneBogush
Kenny Barlee
Daniele