The current load percentage of the NF Service Consumer is provided
in the payload body of the PATCH request when periodically
contacting the NRF (heart-beat).
AMF: ratio between currently connected ran_ue and maximum number of them
SMF: ratio between current PDU sessions and maximum available
PCF: ratio between current AM+SM policy associations and maximum available
or ratio between currently connected UEs and maximum number of them
(the load which is higher)
AUSF, UDM: ratio between currently connected UE and maximum number of them
BSF: ratio between current sessions and maximum available
NSSF: ratio between currently used NSIs and maximum number of them
NRF currently doesn't determine that the NF Profile has changed.
Expose metrics with labels according to ETSI TS 128 552 V16.13.0 in
PCF by using hash.
The metrics are named respecting the rule:
<generation>_<measurement_object_class>_<measurement_family_name>_<metric_name_as_in_TS_128_552>
Since slice itself is not unique, the plmnid label is exposed in
addition to snssai.
AM policy:
fivegs_pcffunction_pa_policyamassoreq and
fivegs_pcffunction_pa_policyamassosucc do not expose snssai label
since it is not available at the time of exposure.
plmnid is defined during AM policy processing, so not to lose the
difference to ...succ, the basic metric
fivegs_pcffunction_pa_policyamassoreq is preserved.
SM policy:
snssai is defined during SM policy processing, so not to lose the
difference to ...succ, the basic metric
fivegs_pcffunction_pa_policysmassoreq is preserved.
Those 2 basic metrics retain their position but are exposed with empty
labels.
Metrics with labels are called later, when the label values are known.
Exposed metrics example:
-standard counters:
fivegs_pcffunction_pa_policyamassoreq{plmnid=""} 3
fivegs_pcffunction_pa_policyamassoreq{plmnid="99970"} 3
fivegs_pcffunction_pa_policyamassosucc{plmnid="99970"} 3
fivegs_pcffunction_pa_policysmassoreq{plmnid="",snssai=""} 3
fivegs_pcffunction_pa_policysmassoreq{plmnid="99970",snssai="1000009"} 3
fivegs_pcffunction_pa_policysmassosucc{plmnid="99970",snssai="1000009"} 3
-nonstandard gauge (added for controlling purposes -
same metric as existing metric on AMF and SMF):
fivegs_pcffunction_pa_sessionnbr{plmnid="99970",snssai="1000009"} 0
OpenAPI dictates that certain arrays should have at least one item,
otherwise they should not be present.
This includes lists for IPv4/v6 addresses, TAI/TAC lists, ...
Add a check if there is at least 1 item, before creating an array.
Also move variable declarations to inner blocks, to prevent some
accidental usage out of wanted scope.
Support for change stream is only available in mongoc >=1.9.0
- Disabled related functions in dbi.
Support for bson to json used in debug statement only in libbson >=1.7.0
- Simple debug message in lower versions
AMF subscribes to UDM for each registered UE.
At the moment, UDM does not send callback to AMF when any of the UE's
properties in the database changes.
At the moment, AMF does properly parse the ModificationNotification, but
does not do anything useful.
* Cancel Location while Idle Fix
* Forgot about SGSAP on MME Change.
Added "action" to sgsap_send_detach..
* Make handle_clr uniform with other handlers
* Added Robustness for Any Detach Type
* Memory wasn't freed upon CLR for unknown IMSIs
* Moving MME Detach to new PR
TS29.500
Ch 6.11 Detection and handling of late arriving requests
In Open5GS, this part was hard-corded.
HTTP2 Client sends a request and waits for 10 seconds.
If no response is received from the HTTP2 Server,
HTTP2 Client performs the exception handling.
In this commit, HTTP2 client sends Header with setting Max-Rsp-Time to 10 seconds.
However, HTTP2 server has not yet been implemented to process this value.
The server is still processing using hard-corded values (10 seconds).
* [MME] Support for Insert Subscriber Data
* Supported AVPs in IDR will overwrite existing subscription information
* Provide error on partial APN updates
* IDR and ULA use same function to process AVPs
* Move subdatamask values into s6a, so both HSS and MME can use them
* Updates are not actioned at this time. A Re-attach is required for
most changes to take effect
* Memory issue on IDR exceptions
* Remove of handling MSIDSN change until DSR is used
Without this change, using metrics with core setup configurations
(configs/vonr.yaml for example) would not be possible. Having one
metrics section for whole config file causes every NF to start metrics
server on same port causing an abort.
* [HSS] Enable Change Streams
* Enable Events and Timers in HSS
* Integrate change streams in dbi
* mongodb should be configured with replica sets enabled to use feature
* Change streams are optional in HSS
* Timer will poll change stream for changes in the database
* As changes are detected, event is created to perform the correct
action
* Changes made as suggested
* Introduce Cancel Location and Insert Subscriber Data features to HSS.
* HSS database will keep track of last known MME and Update Time
* Purged UE flag is established in HSS for future PUR handling
* HSS Thread will connect to database and watch change stream
mongoDB must be configured with a Replica Set to use this
* HSS will send IDR if subscription data changes
* HSS will send CLR to old MME if MME host or realm changes
* Function created to allow ULA and IDR to generate Subscription-Data AVP
* MME Hostname and Realm shown in WebUI
* Resolve freeDiameter errors
During a ULR, if database does not contain a last known MME, a CLR is being sent to a Null destination. This will ensure that a destination is available in the database before sending the CLR.
* Removed change streams. Added PUR handling.
* newline needed at end of file.
* Removed temp variable.
* * Change WebUI to 2x2 display
* Including UE Purged indicator
* Using pointers in ogs_subscription_data_t
* better memory mangement with pointers
* Tweak to Destination used by hss_s6a_send_idr to use last known MME
* Check for null mme_host and mme_realms
Do this before trying to compare the strings.
OpenAPI specification for sending NF discovery query with
"service-names" parameter is defined as folowing:
- name: service-names
...
style: form
explode: false
According to OpenAPI specification, this means array items
should be delimited with a comma character (example: /users?id=3,4,5).
== Known limitation ==
Placing npcf-smpolicycontrol and pcf-policyauthorization
in different NFs is not supported. Both npcf-smpolicycontrol
and pcf-policyauthorization should be placed in the same NF.
The 3GPP-Charging-Characteristics is an operator specific AVP
(optional). The 3GPP-Charging-Characteristics can be filled by the HSS
and pass through to the Gx interface.
See ETSI 29.212 5.4.0.1 for further details.
* Add Diameter Dictionary Elements
* Initial IDR Framework
* Resolve Compile Issues
* Moving Closer
* Compile error
* Somewhat Working stuffing Code
* Add Timestamp Changes
* Cleanup some of this code. mme_s6a_handle_idr in s6a-handler.c removed for now, since it will only come in handy when IDR flag is set to request current location, which would involve breaking out into paging. I think there's a few other things we can do just within fd-path first.
* further removal of mme_s6a_handle_idr
* CLR while idle is broken after 7031856cd7
Cancel Location Request arriving while UE is idle will not proceed to paging due to this check for S1 connection. Using new flag "isAnswer" to bypass this check to allow paging to occur when we are not doing a AIA/ULA related procedure.
* No Context Setup is required when sending the detach request. If the paging was due to wanting to send a Detach Request to the UE, then we fast track to sending the detach request.
* emm-sm.c:
In the case of MME initiated detach while UE is idle, there is no initial conext setup. We go right from the service request after paging into sending the detach request. TS23.401
mme-path.c:
Using nas_eps.type in the case of MME Initiated Detach while UE is idle does not work. nas_eps.type would represent the service request.
mme-s11-handler.c:
After S11 action, no action should be taken. We want to wait for the detach accept from the UE before proceeding with the S1 release (detach).
* InitialContextSetup should occur for detach.
- Added diameter dictionary definitions for Cancel Location
- Cancel Location will completely remove UE from MME, allow for a fresh IMSI attach to occur on next attempt.
- T3422 is used for detach request.
- Added new handling for s6a events in mme-sm, as not all s6a messages are at attach now. Maybe there's something in a state machine I should've been using here instead of a new flag?
- Testing was completed with UE in idle and connected. With CLR flags indicating re-attach required and without. Also sending CLR after UE detach. And then sending again when mme_ue is empty.
Found no support for HSS provided charging characteristics. Following TS32.251 A.4:
- Use PDN level CC, if one wasn't provided then use subscription level CC
- Don't send CC in S11 if it wasn't included
When a UE that requests slices tries to connect and there are no slices configured, the reject message is:
5GMM cause = 0x7 (5GS Services not allowed)
however it should be:
5GMM cause = 0x3e (No network slices available)
All 5GMM cause value in reject message is reviewed in this commit
3GPP TS 29.244 7.2.2.4.2 documents that the peer will set SEID=0 in the
response when we request something for a session not existing at the peer.
If that's the case, we still want to locate the local session which
originated the request, so let's store the local SEID in the xact when
submitting the message, so that we can retrieve the related SEID and
find the session if we receive SEID=0.
Valgrind memcheck tool reports an error, of invalid read beyond the
allocated memory.
Function "write_cb()" already allocates (realloc) +1 byte and
null-terminates the data. But the length "conn->size" does not contain
this extra null-terminated byte.
When a copy of the received data is made in "check_multi_info()", it
does not include the null character, resulting in potentially a
non-null terminated string.
Later on when parsing the data, "strlen()" will read beyond the
allocated memory to search for the null character, resulting in an
invalid read.
==1994== Invalid read of size 1
==1994== at 0x484ED24: strlen (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==1994== by 0x4D3F401: cJSON_ParseWithOpts (cJSON.c:1109)
==1994== by 0x4D3F65C: cJSON_Parse (cJSON.c:1197)
==1994== by 0x4C927DE: parse_json (message.c:913)
==1994== by 0x4C972D8: parse_content (message.c:1790)
==1994== by 0x4C90096: ogs_sbi_parse_response (message.c:589)
==1994== by 0x136431: amf_state_operational (amf-sm.c:248)
...
==1994== Address 0x668371d is 0 bytes after a block of size 253 alloc'd
==1994== at 0x4848899: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==1994== by 0x5107D7F: ??? (in /usr/lib/x86_64-linux-gnu/libtalloc.so.2.3.3)
==1994== by 0x510814B: _talloc_memdup (in /usr/lib/x86_64-linux-gnu/libtalloc.so.2.3.3)
==1994== by 0x4871568: ogs_talloc_memdup (ogs-strings.c:184)
==1994== by 0x4CA7755: check_multi_info (client.c:475)
...
* [SBI] Fix converting PatchItem to JSON
* [UDR] Add support for endpoint for patching subscription data
Add support for PATCH HTTP method for the following endpoint:
/subscription-data/{ueId}/context-data/amf-3gpp-access
Currently does not change any data in the database.
* [UDM] Add support for endpoint for patching subscription data
Add support for the following endpoint, HTTP PATCH method:
/nudm-uecm/v1/{ueId}/registrations/amf-3gpp-access
The endpoint is used when UE deregisters from the core, and AMF
sends a subscription modification request with "purgeFlag" set.
* [UDM] Add check for same GUAMI when patching subscription data
* [AMF] Send deregistration event to UDM
When UE sends deregistration request, AMF needs to send a
Nudm_UECM_Deregistration request to UDM.
The order of requests is now the following:
- send PDU session release to SMF
- send deregistration event to UDM
- send AM policy control release to PCF
Recent commit re-enabling SBI HTTP/1.1 support
(10bdf39505cf525b95886c140b3c2e82e7427d29) started using libmicrohttpd's
API MHD_create_response_from_buffer_with_free_callback(), which is only
available starting from v0.9.61.
As a result, compilation in xUbuntu 18.04 started failing with errors
about the function not being found, since it ships with libmicrohttpd
v0.9.59.
Depending on 0.9.61 is fine since it's quite old (november 2018) and all
major current distros should for sure have an >= one. Let's simply bump
the version check so that it fails in an informative manner.
For null protection scheme the SUCI needs to be BCD encoded. Whereas for
protection scheme profiles A and B the SUCI needs to be converted from
hexadecimal to ASCII.
This still needs the support for protection schemes A and B in UDM to
work.
* Initial metrics support based on Prometheus
This commit introduces initial support for metrics in open5gs.
The metrics code is added as libogsmetrics (lib/metrics/), with a well
defined opaque API to manage different types of metrics, allowing for
different implementations for different technologies to scrap the
metrics (placed as lib/metrics/<impl>/. The implementation is right now
selected at build time, in order to be able to opt-out the related dependencies
for users not interested in the features. 2 implementations are already
provided in this commit to start with:
* void: Default implementation. Empty stubs, acts as a NOOP.
* prometheus: open5gs processes become Prometheus servers, offering
states through an http server to the Prometheus scrappers. Relies on
libprom (prometheus-client-ci [1] project) to track the metrics and format
them during export, and libmicrohttpd to make the export possible through
HTTP.
[1] https://github.com/digitalocean/prometheus-client-c
The prometheus-client-c is not well maintained nowadays in upstream, and
furthermore it uses a quite peculiar mixture of build systems (autolib
on the main dir, cmake for libprom in a subdir). This makes it difficult
to have it widely available in distros, and difficult to find it if it
is installed in the system. Hence, the best is to include it as a
meson subproject like we already do for freeDiameter. An open5gs fork is
requried in order to have an extra patch adding a top-level
CMakeList.txt in order to be able to includ eit from open5gs's meson
build. Furthermore, this allows adding bugfixes to the subproject if any
are found in the future.
* [SMF] Initial metrics support
* [SMF] Add metrics at gtp_node level
* docs: Add tutorial documenting metrics with Prometheus
According to the following standards the response to the endpoint
/nudm-sdm/${supi}/sm-data should be an array of
SessionManagementSubscriptionData objects, instead of only one object.
TS 29.503 version 16.6.0
TS 29.505 version 16.4.0
UDR now responds to the request with only item in the array.
UDM copies all items as is.
SMF uses only the first item in the array, even if there are more
present.
* [SMF] rename function s/gtp/gtp2/
* [SMF] Store GTPC version in session
So far we always depended on an xact being present in the code path in
order to know which kind of session it is (GTPv1C vs GTPv2C). Let's
instead store that information in smf_sess_t so that we have it always
available in an easy way.
* [SMF] Move smf_sess_t GTPv1C specifics into gtp substruct
* [SMF] Gy CCR: append 3GPP-NSAPI AVP
* [SMF] Append PDP-Address AVP to Gy CCR msg
* [SMF] Gy CCR: Move some AVPs under Service-Information/PS-Information
They belong there. Nokia infocenter documentation seems to be document
the possibility to configure its software to have it in top level, but
that's not what 3GPP TS 32.299 states, so let's stick to it.
* [SMF] Gy CCR: append 3GPP-PDP-Type AVP
* [SMF] Gy CCR: append 3GPP-Charging-Id AVP
* [SMF] Gy CCR: append SGSN-Address AVP
* [SMF] Gy CCR: append GGSN-Address AVP
In the past only GTPv2C was supported, and had the "gtp" generic prefix.
Later on, GTPv1C support was added, and "gtp1" prefix was used.
Let's move GTPv2C specific bits to have "gtp2" prefix too, and leave
"gtp" prefix for generic stuff among different GTP versions.
The use of the Gy interface (SMF acting as CTF towards an OCS node) is
mandated through configuration file. Default value "enable: auto" will
only make use of it in case a Diameter peer announcing support for the
Credit-Control Application is found.
Upon subscriber session creation, and after auth check over Gx, the SMF
will create a Gy session with the OCS and only after that step the SMF
will accept the session back to the subscriber.
The OCS may then grant some traffic volumes/time and ask to be notified
back with updated measurements.
In order to get the measurements, the SMF relies on PFCP URR configured
to the UPF through Session Repoort Request messages.
When closing the subscriber session, the SMF will also terminate the Gy
session at the OCS.
So far only some specifics parts of the Gy interface as well as the PFCP
side are implemented. Those should be enough to at least have
volume/time thresholds granted by the OCS, which then will be able to
track subsriber resource use.
This patch doesn't implement the OCS side of the Gy interface, that's
left as a future exercise. The interface was tested using an OCS
emulator implemented in TTCN-3 [1]
[1] https://cgit.osmocom.org/osmo-ttcn3-hacks/
TODO:
* Use an event for the report, like SMF_EVT_N4_TIMER?
* Properly set Service identifier in Gy CCR
* SMF: Properly set pkt/octet volumes in Gy CCR
** Update when receiving PFCP Modify Response.
* Figure out best way to require Gy through config file in open5gs-smfd.
* Create a new sess-sm.c which handles smf_sess_t state through
Gx+Gy+PFCP creation, modification and tear down. This way we can do
stuff in parallel, for instance Gx+Gy. It will alsoavoid duplicating
some code paths due to Gy being optional.
This commit adds required blocks in lib/diameter to be able to handle Gy
messages later in open5gs apps.
The Gy interface is mainly decribed in 3GPP TS 32.299 and 3GPP TS
32.251, which in turn refers to Diameter protcols defined in RFC4006.
This interface allows charging managment through an external OCS node.
The "Report Triggers" is sent SMF->UPF to tell in which situations a
report should be sent.
The "Usage Report Trigger" is sent UPF->SMF to indicate which situation
triggered the report.
* [PFCP] Fix trailing whitespace in message generation files
* [PFCP] message gen: Support multiple URR ID IEs in Create PDR group
* [PFCP] Support associating multiple URRs to a PDR
According to 3GPP TS 29.244:
"""
A PDR shall contain:
- zero, one or more URRs, which contains instructions related to traffic measurement and reporting.
"""
These will be further needed in PFCP in the future, as well as in other
Diameter based interfaces (such as Gy).
Let's put all implementation details in APIs so that devs don't need to
care about those details every time.
* [PFCP] Fix trailing whitespace
* [PFCP] Fix wrong endianess enc of some URR values
u32 tlvs are already converted to big endian automatically. Manually
doing so ends up in double conversion and hence in wrong endianness
being sent over the wire.
Similar issue was also fixed recently in the PFCP decoding path.
Related: https://github.com/open5gs/open5gs/issues/1349
mouse07410/asn1c#89
Found when tried to encode NGAP_CauseRadioNetwork_release_due_to_pre_emption
mouse07410/asn1c#90
Found when tried to decode messages encoded with newer schema
* Fix conversion from IPFilterRule to packet filter
As per 3GPP TS 24.008, following Packet filter component type identifier
are not supported on the LTE pre release-11 UEs:
IPv4 local address type
IPv6 remote address/prefix length type
IPv6 local address/prefix length type
And,
IPv6 remote address/prefix length type and
IPv6 local address/prefix length type shall be used when both MS and
Network support Local Address in TFTs.
This commit add logic to omit adding local address in packet filters
for compatibility with pre-release LTE 11 devices. The following parameter
could be used to toggle omit/no to omit behavior.
parameter:
no_ipv4v6_local_addr_in_packet_filter: <true/false>
* Remove logic of supporting pre-release LTE 11 devices in PCRF
According to TS 29.060 they should be added.
section 7.6:
"if it is a request for which a response has been defined, shall be sent
with a Sequence Number"
section 8.2:
"""
Sequence number flag (S) shall be set to "1"
...
For GTP-C messages not having a defined response message for a request
message, i.e. for messages Version Not Supported, RAN Information Relay
and Supported Extension Headers Notification, the Sequence Number shall
be ignored by the receiver.
"
It seems to be actually mandatory in GGSN->SGN directon, though it is
ignored in Release99 upwards. Let's hardcode it to 0 for now, should be
fine in the majority of cases.
* [CORE] tlv: Store mode in ogs_tlv_t
This allows specifying the format of the IE for each individual IE,
hence allowing messages containing IEs formatted in different ways.
This is needed in order to support parsing GTPv1-C, since messages
contain IEs with different structure (TLV vs TV). Hence, this is a
preparation patch to add support for parsing TVs in ogs-tlv.c/.h.
* [CORE] tlv: Support parsing msg with both TLV and TV in it
IEs of type TV are sometimes used in GTPv1-C. Current tlv parser/builder
doesn't provide with ways to parse messages which contain TV formatted
IEs. This patch adds the relevant types and ways to encode/decode them.
Furthermore, the current parser/builder allows parsing/building messages
containing the exact same format in all its IEs. A new parser function
is added which allows parsing messages of different types (TV, TLV)
mixed in the same message. In order to be able to do so, it uses the
general msg_mode passed to it in order to know the general TLV format
(in essence, the length of the Tag field, and also the length of the
Length field if applicable each IE).
Looking up the instance in the TLV description is left undone and
hadcoded to 0, since the only user so far requiring this API is GTPv1-C,
which has no instances.
* [CORE] tlv: Support repeated tag+instance parsing TLV message
In GTPv2C, repeated IEs (same tag) are easily differentiated by the
Instance byte, which provides info to match different decoded
structures. In GTPv1C though, there's no Instance byte, and we still
encounter repeated IEs (like GSN Address in Create PDP Context Request).
Hence, the TLV decoder needs to be updated to track count of IEs found
(identified by tag+instance, where instance is always 0 in GTPv1C) and
get the proper description index + offset into the decoded structure.
* [GTP]: Move GTPv2-C specifics to its own libgtp subdir
This will allow adding GTPv1-C code by the side. Most GTPv2 code is left
in this patch as "gtp" instead of renaming it to "gtp2" in order to
avoid massive changes. It can be done at a later stage if wanted.
* [GTP] Support generating GTPv1-C messages
* [SMF] Add Gn interface support
This patch introduces GTPv1C support to open5gs-smfd. With it,
open5gs-becomes a GGSN too, where SGSN can connect to, hence supporting
GERAN and UTRAN networks.
* [GTP] xact: Fix trailing whitespace
* [GTP] xact: Avoid exporting internally used functions
This simplifies the API header hiding unneeded APIs from external
components, and lets the compiler further optimize by
marking the functions as static.
* [GTP] xact: Drop unused API ogs_gtp_xact_find
After making it static, it became clear to the compiler that this
function is not used anywhere, warning about it. Let's drop it.
* [SMF] Fix potential null pointer dereference
Pointer "sess" was first dereferenced and later on checked for nullness.
This is clearly wrong. Rearrange the code path to make sure the check is
done first, then dereferenced.
* gitignore: Add subprojects/libtins
* cosmetic: Fix whitespace
The network access mode of HSS has been changed to 0 (Packet and Circuit).
Versions of MME prior to v2.4.2 did not use this value. Open5GS set
the attach result of Attach Complete message as it is by looking
at the attach type of the Attach Request message.
Now, if the network access mode of HSS is set to 2 (Only Packet),
this value is affected by MME from v2.4.3. Regardless of the attach type
of the Attach Request, the MME will set EPS Only to the attach result
of Attach Complete.
3GPP TS 24.501 version 16.6.0 Release 16
4.4 NAS security
4.4.6 Protection of initial NAS signalling messages
1) the UE needs to send non-cleartext IEs in a REGISTRATION REQUEST
or SERVICE REQUEST message, the UE includes the entire REGISTRATION
REQUEST or SERVICE REQUEST message (i.e. containing both cleartext IEs
and non-cleartext IEs) in the NAS message container IE and shall cipher
the value part of the NAS message container IE. The UE shall then send
a REGISTRATION REQUEST or SERVICE REQUEST message containing
the cleartext IEs and the NAS message container IE;
As per RFC 4861 Router advertisement message
format, Source Address MUST be the link-local address
assigned to the interface from which this message is sent.
Since SMF was not sending it as per RFC, certain
phones were not completing the procedure of stateless
IPv6 address autoconfiguration mentioned in
3GPP TS 23.401 version 15.12.0 Release 15, section 5.3.1.2.2
mitmitmitm
Gaber Stare
Lester
Sukchan Lee
Flander Bojan
Bostjan Meglic
jmasterfunk84
safaorhann
Spencer Sevilla
Alexander Couzens
Bostjan Meglic
Pau Espin
mitmitmitm
EugeneBogush
Supreeth Herle
Julian Lemmerich
Mehmet Hakan Doğan
Balint Cristian