[AMF] Implicit Network-initiated Deregistration
Two timers are introduced (both with duration of T3512 + 4 min):
-MOBILE_REACHABLE
-IMPLICIT_DEREGISTRATION
MOBILE_REACHABLE is set when NAS connection for the UE is released.
IMPLICIT_DEREGISTRATION is set when MOBILE_REACHABLE expires.
On MOBILE_REACHABLE expiry Paging is ignored.
On IMPLICIT_DEREGISTRATION expiry:
-UE's RM_State is set to DEREGISTERED
-UE is Nudm_SDM_Unsubscribed
-UE is Nudm_UECM_Deregistered
-PDU sessions are released
-AM policies are deleted
Existing flag amf_ue->network_initiated_de_reg is used.
Two timers are introduced (both with duration of T3512 + 4 min):
-MOBILE_REACHABLE
-IMPLICIT_DEREGISTRATION
MOBILE_REACHABLE is set when NAS connection for the UE is released.
IMPLICIT_DEREGISTRATION is set when MOBILE_REACHABLE expires.
On MOBILE_REACHABLE expiry Paging is ignored.
On IMPLICIT_DEREGISTRATION expiry:
-UE's RM_State is set to DEREGISTERED
-UE is Nudm_SDM_Unsubscribed
-UE is Nudm_UECM_Deregistered
-PDU sessions are released
-AM policies are deleted
Existing flag amf_ue->network_initiated_de_reg is used.
o Generate the private key as below.
$ openssl genpkey -algorithm X25519 -out /etc/open5gs/hnet/curve25519-1.key
$ openssl ecparam -name prime256v1 -genkey -conv_form compressed -out /etc/open5gs/hnet/secp256r1-2.key
o The private and public keys can be viewed with the command.
The public key is used when creating the SIM.
$ openssl pkey -in /etc/open5gs/hnet/curve25519-1.key -text
$ openssl ec -in /etc/open5gs/hnet/secp256r1-2.key -conv_form compressed -text
In ausf/udm.yaml
hnet:
o Home network public key identifier(PKI) value : 1
Protection scheme identifier : ECIES scheme profile A
- id: 1
scheme: 1
key: /etc/open5gs/hnet/curve25519-1.key
o Home network public key identifier(PKI) value : 2
Protection scheme identifier : ECIES scheme profile B
- id: 2
scheme: 2
key: /etc/open5gs/hnet/secp256r1-2.key
o Home network public key identifier(PKI) value : 3
Protection scheme identifier : ECIES scheme profile A
- id: 3
scheme: 1
key: /etc/open5gs/hnet/curve25519-1.key
o Home network public key identifier(PKI) value : 4
Protection scheme identifier : ECIES scheme profile B
- id: 4
scheme: 2
key: /etc/open5gs/hnet/secp256r1-2.key
Related to #1779
Metric 'bearers_active' was incremented in only one code path
(smf_bearer_add() for 4G only), while it was decremented from two paths
(smf_bearer_remove() for both 4G and 5G).
Increment metric also for 5G path (smf_qos_flow_add()), so it won't get
decremented into negative values.
The current load percentage of the NF Service Consumer is provided
in the payload body of the PATCH request when periodically
contacting the NRF (heart-beat).
AMF: ratio between currently connected ran_ue and maximum number of them
SMF: ratio between current PDU sessions and maximum available
PCF: ratio between current AM+SM policy associations and maximum available
or ratio between currently connected UEs and maximum number of them
(the load which is higher)
AUSF, UDM: ratio between currently connected UE and maximum number of them
BSF: ratio between current sessions and maximum available
NSSF: ratio between currently used NSIs and maximum number of them
NRF currently doesn't determine that the NF Profile has changed.
Expose SM metrics with labels according to ETSI TS 128 552 V16.13.0 in
SMF by using hash.
The metrics are named respecting the rule:
<generation>_<measurement_object_class>_<measurement_family_name>_<metric_name_as_in_TS_128_552>
Existing gauge sessions_active is renamed!
Since slice itself is not unique, the plmnid label is exposed in
addition to snssai.
Exposed metrics example:
-standard gauges:
fivegs_smffunction_sm_sessionnbr{plmnid="00101",snssai="1000009"} 0
fivegs_smffunction_sm_qos_flow_nbr{plmnid="00101",snssai="1000009",fiveqi="9"} 0
-nonstandard counters:
fivegs_smffunction_sm_n4sessionestabfail{cause="71"} 68
fivegs_smffunction_sm_n4sessionreport 1
fivegs_smffunction_sm_n4sessionreportsucc 1
fivegs_smffunction_sm_n4sessionestabreq 1
Expose RM metrics with labels according to ETSI TS 128 552 V16.13.0 in
AMF by using hash.
The metrics are named respecting the rule:
<generation>_<measurement_object_class>_<measurement_family_name>_<metric_name_as_in_TS_128_552>
Since slice itself is not unique, the plmnid label is exposed in
addition to snssai.
RegInitFail is exposed as an alternative to RegInitReq and RegInitSucc
counters so cause label can be provided. It counts rejected registrations
and rejected authentications.
Rejected authentications are counted under label cause="0".
Exposed metrics example:
-standard gauge:
fivegs_amffunction_rm_registeredsubnbr{plmnid="00101",snssai="1000009"} 1
-nonstandard counter:
fivegs_amffunction_rm_reginitfail{cause="3"} 4
In case that database is (manually) corrupted for a specific UE, SSC
mode and ARP preemption vulnerability fields are not set correctly,
SMF will crash when trying to build a request to create PCF association.
Function smf_npcf_smpolicycontrol_build_create() will end prematurely,
and when cleaning up resources it will try to free() up invalid pointer,
which was not set to 0 at beginning of the function.
[smf] ERROR: SSCMode is not allowed (../src/smf/nudm-handler.c:165)
[sbi] DEBUG: STATUS [201] (../lib/sbi/nghttp2-server.c:443)
[sbi] DEBUG: SENDING...: 3 (../lib/sbi/nghttp2-server.c:451)
[sbi] DEBUG: {
} (../lib/sbi/nghttp2-server.c:452)
[sbi] DEBUG: STREAM closed [1] (../lib/sbi/nghttp2-server.c:962)
[smf] ERROR: No Arp.preempt_cap (../src/smf/npcf-build.c:132)
<crash>
0 __GI_abort () at ./stdlib/abort.c:107
1 0x00007f9348fe43b1 in ?? () from /lib/x86_64-linux-gnu/libtalloc.so.2
2 0x00007f9349aef745 in ogs_talloc_free (ptr=0x7f9348e38dab <_int_free+1675>,
location=0x5591b8675d27 "../src/smf/npcf-build.c:181") at ../lib/core/ogs-memory.c:107
3 0x00005591b8653c45 in smf_npcf_smpolicycontrol_build_create (sess=0x7f9343070010, data=0x0)
at ../src/smf/npcf-build.c:181
4 0x00007f9349abc2b4 in ogs_sbi_xact_add (sbi_object=0x7f9343070010,
service_type=OGS_SBI_SERVICE_TYPE_NPCF_SMPOLICYCONTROL, discovery_option=0x7f9338006d90,
build=0x5591b86531d0 <smf_npcf_smpolicycontrol_build_create>, context=0x7f9343070010, data=0x0)
at ../lib/sbi/context.c:1699
5 0x00005591b86580be in smf_sbi_discover_and_send (service_type=OGS_SBI_SERVICE_TYPE_NPCF_SMPOLICYCONTROL,
discovery_option=0x0, build=0x5591b86531d0 <smf_npcf_smpolicycontrol_build_create>, sess=0x7f9343070010,
stream=0x7f9344fce0a0, state=0, data=0x0) at ../src/smf/sbi-path.c:110
6 0x00005591b864e9da in smf_nudm_sdm_handle_get (sess=0x7f9343070010, stream=0x7f9344fce0a0,
recvmsg=0x7f933f52d5a0) at ../src/smf/nudm-handler.c:290
7 0x00005591b8600c96 in smf_gsm_state_wait_5gc_sm_policy_association (s=0x7f9343070610, e=0x7f9338076730)
at ../src/smf/gsm-sm.c:523
...
Expose metrics with labels according to ETSI TS 128 552 V16.13.0 in
PCF by using hash.
The metrics are named respecting the rule:
<generation>_<measurement_object_class>_<measurement_family_name>_<metric_name_as_in_TS_128_552>
Since slice itself is not unique, the plmnid label is exposed in
addition to snssai.
AM policy:
fivegs_pcffunction_pa_policyamassoreq and
fivegs_pcffunction_pa_policyamassosucc do not expose snssai label
since it is not available at the time of exposure.
plmnid is defined during AM policy processing, so not to lose the
difference to ...succ, the basic metric
fivegs_pcffunction_pa_policyamassoreq is preserved.
SM policy:
snssai is defined during SM policy processing, so not to lose the
difference to ...succ, the basic metric
fivegs_pcffunction_pa_policysmassoreq is preserved.
Those 2 basic metrics retain their position but are exposed with empty
labels.
Metrics with labels are called later, when the label values are known.
Exposed metrics example:
-standard counters:
fivegs_pcffunction_pa_policyamassoreq{plmnid=""} 3
fivegs_pcffunction_pa_policyamassoreq{plmnid="99970"} 3
fivegs_pcffunction_pa_policyamassosucc{plmnid="99970"} 3
fivegs_pcffunction_pa_policysmassoreq{plmnid="",snssai=""} 3
fivegs_pcffunction_pa_policysmassoreq{plmnid="99970",snssai="1000009"} 3
fivegs_pcffunction_pa_policysmassosucc{plmnid="99970",snssai="1000009"} 3
-nonstandard gauge (added for controlling purposes -
same metric as existing metric on AMF and SMF):
fivegs_pcffunction_pa_sessionnbr{plmnid="99970",snssai="1000009"} 0
Expose metrics with labels according to ETSI TS 128 552 V16.13.0 in
UPF by using hash.
The metrics are named respecting the rule:
<generation>_<measurement_object_class>_<measurement_family_name>_<metric_name_as_in_TS_128_552>
5qi is not available in UPF.
To present 5qi to the user, MN will have to maintain a table qfi->5qi
for each QoS flow (will have to get information from SMF).
So UPF has to expose qfi. qfi itself is not useful. When used, UPF will
have to expose additional label to define the session (e.g. source
interface).
Label dnn is set to value of APN/DNN received in Establishment.
Since SMF does not add APN/DNN to Establishment, the label is empty.
When APN/DNN will be set by SMF, it should be added to sess in UPF
and used in metrics on Modification and Deletion.
Both datavolumeqosleveln3upf are exposed in bytes.
MN is providing the transformation to kbits.
fivegs_upffunction_upf_qosflows should expose the number of QFIs used in
sessions, but exposes number of QER rules, which is currently equal to
QFIs.
The label snsssai is not provided since the slice is not available on UPF.
Exposed metrics example:
Standard counters:
fivegs_ep_n3_gtp_indatapktn3upf 28637
fivegs_ep_n3_gtp_outdatapktn3upf 14729
fivegs_upffunction_sm_n4sessionestabreq 4
fivegs_upffunction_sm_n4sessionestabfail{cause="66"} 1
fivegs_upffunction_sm_n4sessionestabfail{cause="71"} 68
fivegs_upffunction_sm_n4sessionestabfail{cause="68"} 4
fivegs_upffunction_sm_n4sessionestabfail{cause="72"} 15
fivegs_upffunction_sm_n4sessionestabfail{cause="75"} 3
fivegs_upffunction_sm_n4sessionestabfail{cause="65"} 4
fivegs_upffunction_sm_n4sessionreport 0
fivegs_upffunction_sm_n4sessionreportsucc 0
fivegs_ep_n3_gtp_indatavolumeqosleveln3upf{qfi="1"} 39792997
fivegs_ep_n3_gtp_outdatavolumeqosleveln3upf{qfi="1"} 737548
Nonstandard gauge (added for controlling purposes -
same metric as existing metric on AMF and SMF):
fivegs_upffunction_upf_sessionnbr 1
Standard gauge:
fivegs_upffunction_upf_qosflows{dnn=""} 1
Even if the configured log level for the application was set to "error",
the first "info" message of the metrics library was output to the log.
Reorder the initialization of the metrics library.
Support for change stream is only available in mongoc >=1.9.0
- Disabled related functions in dbi.
Support for bson to json used in debug statement only in libbson >=1.7.0
- Simple debug message in lower versions
AMF does not crash anymore when a new UE registration request arrives,
and there is no available space left in UE context pool. Now it just
rejects the request with an error.
Each UE context has 'current' and 'next' TMSI values. AMF first
allocates the 'next' value, before confirming it and releasing the
'previous'. This means that we potentially need pool size of 2x the
amount of maximum configured UE.
Without this change, AMF would crash in case that there are 'x'
configured maximum amount of UE, and there are already 'x' registered
UE.
[gmm] INFO: Registration request (../src/amf/gmm-sm.c:135)
[gmm] INFO: [suci-0-001-01-1234-0-1-1000000000] SUCI (../src/amf/gmm-handler.c:149)
[gmm] DEBUG: OLD TSC[UE:0,AMF:0] KSI[UE:7,AMF:0] (../src/amf/gmm-handler.c:179)
[gmm] DEBUG: NEW TSC[UE:0,AMF:0] KSI[UE:7,AMF:0] (../src/amf/gmm-handler.c:186)
[amf] FATAL: amf_m_tmsi_alloc: Assertion `m_tmsi' failed. (../src/amf/context.c:2160)
[core] FATAL: backtrace() returned 13 addresses (../lib/core/ogs-abort.c:37)
AMF subscribes to UDM for each registered UE.
At the moment, UDM does not send callback to AMF when any of the UE's
properties in the database changes.
At the moment, AMF does properly parse the ModificationNotification, but
does not do anything useful.
* Cancel Location while Idle Fix
* Forgot about SGSAP on MME Change.
Added "action" to sgsap_send_detach..
* Make handle_clr uniform with other handlers
* Added Robustness for Any Detach Type
* Memory wasn't freed upon CLR for unknown IMSIs
* Moving MME Detach to new PR
* [MME] Support for Insert Subscriber Data
* Supported AVPs in IDR will overwrite existing subscription information
* Provide error on partial APN updates
* IDR and ULA use same function to process AVPs
* Move subdatamask values into s6a, so both HSS and MME can use them
* Updates are not actioned at this time. A Re-attach is required for
most changes to take effect
* Memory issue on IDR exceptions
* Remove of handling MSIDSN change until DSR is used
Without this change, using metrics with core setup configurations
(configs/vonr.yaml for example) would not be possible. Having one
metrics section for whole config file causes every NF to start metrics
server on same port causing an abort.
* [HSS] Enable Change Streams
* Enable Events and Timers in HSS
* Integrate change streams in dbi
* mongodb should be configured with replica sets enabled to use feature
* Change streams are optional in HSS
* Timer will poll change stream for changes in the database
* As changes are detected, event is created to perform the correct
action
* Changes made as suggested
When UE would send a request to release PDU session, AMF would
eventually send "PDU Session Resource Release Command" downlink to both
UE (N1) and gNB (N2). Each UE and gNB would then reply with "PDU Session
Resource Release Response" indicating they released their own resources.
Usually the first one to respond would be gNB. SMF made an assumption
that this would always be the case. And it would wait for signal that UE
resources were freed, before releasing session resources. But
occasionally the situation is that UE responds first, and SMF releases
resources prematurely.
This situation does not normally occur. But under high stress (100's of
UE PDU releases at the same time) this happens occasionally.
According to the standard, this situation is perfectly normal.
3GPP TS 23.502 Rel. 16
4.3.4.2 UE or network requested PDU Session Release for Non-Roaming and
Roaming with Local Breakout
...
Steps 8-10 may happen before steps 6-7.
...
* Introduce Cancel Location and Insert Subscriber Data features to HSS.
* HSS database will keep track of last known MME and Update Time
* Purged UE flag is established in HSS for future PUR handling
* HSS Thread will connect to database and watch change stream
mongoDB must be configured with a Replica Set to use this
* HSS will send IDR if subscription data changes
* HSS will send CLR to old MME if MME host or realm changes
* Function created to allow ULA and IDR to generate Subscription-Data AVP
* MME Hostname and Realm shown in WebUI
* Resolve freeDiameter errors
During a ULR, if database does not contain a last known MME, a CLR is being sent to a Null destination. This will ensure that a destination is available in the database before sending the CLR.
* Removed change streams. Added PUR handling.
* newline needed at end of file.
* Removed temp variable.
* * Change WebUI to 2x2 display
* Including UE Purged indicator
* Using pointers in ogs_subscription_data_t
* better memory mangement with pointers
* Tweak to Destination used by hss_s6a_send_idr to use last known MME
* Check for null mme_host and mme_realms
Do this before trying to compare the strings.
In case that APN name sent from UE does not case-match with the one
configured in the database, AMF would reject the registration with the
message:
[gmm] WARNING: [imsi-xxx] DNN Not Supported OR Not Subscribed in the
Slice (../src/amf/gmm-handler.c:1051)
Add additional check when receiving Deregistration Notification from
UDM. UE should already be in registered state before accepting the
request and deregistering the UE.
Also add additional check that PCF association policy exists before
sending a delete request to PCF.
* npcf-smpolicycontrol - enabled or disabled
* npcf-policyauthorization - enabled or disabled
Only one of npcf-smpolicycontrol and npcf-policyauthorization cannot be enabled. (../src/pcf/sbi-path.c:151)
They can be enabled or disabled together.
== Known limitation ==
Placing npcf-smpolicycontrol and pcf-policyauthorization
in different NFs is not supported. Both npcf-smpolicycontrol
and pcf-policyauthorization should be placed in the same NF.
- Gy instead of Gx AVP was used.
- Use correct avp position and avp variables.
Fixes: 657eef9169 ("[SMF] send 3GPP-Charging-Characteristics on Gx if received on S5/8c")
The 3GPP-Charging-Characteristics is an operator specific AVP
(optional). The 3GPP-Charging-Characteristics can be filled by the HSS
and forwarded by the MME towards the SMF.
* Add Diameter Dictionary Elements
* Initial IDR Framework
* Resolve Compile Issues
* Moving Closer
* Compile error
* Somewhat Working stuffing Code
* Add Timestamp Changes
* Cleanup some of this code. mme_s6a_handle_idr in s6a-handler.c removed for now, since it will only come in handy when IDR flag is set to request current location, which would involve breaking out into paging. I think there's a few other things we can do just within fd-path first.
* further removal of mme_s6a_handle_idr
In case that SMF was configured to run without Diameter, it would crash
on application exit due to uninitialized variables/pointers.
ERROR pid:unnamed in fd_sess_handler_destroy@sessions.c:324: ERROR: Invalid parameter '(handler && ( ((*handler) != ((void *)0)) && ( ((struct session_handler *)(*handler))->eyec == 0x53554AD1) ))', 22
[smf] FATAL: smf_gx_final: Assertion `ret == 0' failed. (../src/smf/gx-path.c:1353)
The problem occurred in the following scenario:
1. VLR sent PAGING-REQUEST to the MME
2. MME sent S1-Paging to the UE
3. Paging failed
4. MME responded SERVICE-REQUEST to the VLR
5. VLR sent DOWNLINK-UNITDATA to the MME
6. Even though there is no S1 Context,
MME try to sent DownlinkNASTransport message to the UE.
7. So, the problem occurred.
I've changed the number 4 PAGING-REJECT instead of SERVICE-REQUEST.
* CLR while idle is broken after 7031856cd7
Cancel Location Request arriving while UE is idle will not proceed to paging due to this check for S1 connection. Using new flag "isAnswer" to bypass this check to allow paging to occur when we are not doing a AIA/ULA related procedure.
* No Context Setup is required when sending the detach request. If the paging was due to wanting to send a Detach Request to the UE, then we fast track to sending the detach request.
* emm-sm.c:
In the case of MME initiated detach while UE is idle, there is no initial conext setup. We go right from the service request after paging into sending the detach request. TS23.401
mme-path.c:
Using nas_eps.type in the case of MME Initiated Detach while UE is idle does not work. nas_eps.type would represent the service request.
mme-s11-handler.c:
After S11 action, no action should be taken. We want to wait for the detach accept from the UE before proceeding with the S1 release (detach).
* InitialContextSetup should occur for detach.
As per 3GPP TS 29.060 version 15.3.0, section 7.3.3, 7.3.4, 7.3.5 and 7.3.6
Only if PCO IE is included in Update/Delete PDP Context Request then it
must be present in Update/Delete PDP Context Response.
In order to reflect on whether the request contained PCO IE or not
the SMF context containing the GTP request needs to be updated
i.e. update if present else clear the contents
As per 3GPP TS 29.274 version 10.5.0, section 7.2.9 and 7.2.10,
Only if PCO IE is included in Delete Session Request then it
must be present in Delete Session Response.
In order to reflect on whether the request contained PCO IE or not
the SMF context containing the GTP request needs to be updated
i.e. update if present else clear the contents
Do not Set Origin-Hosts with fd_msg_rescode_set before potential use of ogs_diam_message_experimental_rescode_set. This results in multiple Origin-Host/Realm AVPs.
- Added diameter dictionary definitions for Cancel Location
- Cancel Location will completely remove UE from MME, allow for a fresh IMSI attach to occur on next attempt.
- T3422 is used for detach request.
- Added new handling for s6a events in mme-sm, as not all s6a messages are at attach now. Maybe there's something in a state machine I should've been using here instead of a new flag?
- Testing was completed with UE in idle and connected. With CLR flags indicating re-attach required and without. Also sending CLR after UE detach. And then sending again when mme_ue is empty.
Found no support for HSS provided charging characteristics. Following TS32.251 A.4:
- Use PDN level CC, if one wasn't provided then use subscription level CC
- Don't send CC in S11 if it wasn't included
For HSS's which do not include the NAM, the MME should not treat this as a fatal error. MME should just assume PACKET_AND_CIRCUIT (0), as was decided in a previous PR.
In case there are multiple AMF registered to NRF, SMF would pick only
the first AMF from the list.
In the case of sending PDU Session Establishment Accept from SMF to
AMF, this would mean a high chance of failure since the AMF might
be different than the original requester, and would not know about a
particular UE.
Modify SMF to use ServingNfId field from original request
SmContextCreateData from AMF to determine to which AMF should it send
PDU Session Establishment Accept message.
When a UE that requests slices tries to connect and there are no slices configured, the reject message is:
5GMM cause = 0x7 (5GS Services not allowed)
however it should be:
5GMM cause = 0x3e (No network slices available)
All 5GMM cause value in reject message is reviewed in this commit
UDM may send a Deregistration Notification to AMF, to deregister
specific UE from the network - Network-Initiated Deregistration.
Deregistration procedure includes sending Deregistration Request to UE,
starting a timer T3522, releasing PDU sessions from SMF, releasing PCF
policies from PCF, and waiting for Deregistration Accept from UE.
Not yet implemented is:
- to prevent deregistration of UE in case it has any emergency sessions,
- page UE when UE is in IDLE mode.
According to TS 23.502, 4.2.2.2.2, AMF sends Registration event to UDM
in the following cases:
- If the AMF has changed since the last Registration procedure, or
- if the UE provides a SUPI which doesn't refer to a valid context in
the AMF,
- or if the UE registers to the same AMF it has already registered
to a non- 3GPP access (i.e. the UE is registered over a non-3GPP access
and initiates this Registration procedure to add a 3GPP access).
In case that UE re-registers to the network with a GUTI, it bypasses
authentication check to the AUSF. In this case, AMF does not send
Registration event to UDM.
Consequently, when UE deregisters again, AMF would send a Deregistration
Event to a UDM, which does not have a context for it.
3GPP standard does not say when AMF sends Deregistration Event to UDM,
only that it is optional.
These (De-)Registration events are for (de-)registering AMF to the UDM
for serving the UE. And not for (de-)registering UE itself for purpose
of tracking when UE is registered on the network.
This partially reverts commit 7be7029ac4
3GPP TS 29.244 7.2.2.4.2 documents that the peer will set SEID=0 in the
response when we request something for a session not existing at the peer.
If that's the case, we still want to locate the local session which
originated the request, so let's store the local SEID in the xact when
submitting the message, so that we can retrieve the related SEID and
find the session if we receive SEID=0.
It was spotted that if DeleteSessionReq sent by SMF is answered by UPF
with cause="Session context not found", then it contains SEID=0 (this is
correct as per specs). Hence, since SEID=0 session is not looked up, so
sess=NULL.
A follow up commit improves the situation by looking up the SEID in the
originating request message in that case.
In that case, ogs_pfcp_ue_ip_alloc() will fail with the error message
"CHECK CONFIGURATION: Cannot find subnet [...]" and the assert will make
upf crash.
That's not desirable, let's keep it running and simply reject the
request. The error log is big enoguh to find out.
* [SMF] Avoid abort() if gtp_node mempool becomes full
Related: https://github.com/open5gs/open5gs/issues/1621
* [SMF] metrics: Add new ctr tracking gtp_node allocation failures
This metrics is useful to track whether at some point the mempool went
full, so that config needs to be updated to increase the mempool size.
Gy (3GPP TS 32.299 ) refers to AVP in DCCA (RFC4006).
RFC4006 5.1.2:
"[...] by including the Multiple-Services-Indicator AVP in the first
interrogation."
Nokia's infocenter documentation also states it's sent during Initial CCR
only: "(CCR-I only)".
* [SBI] Fix converting PatchItem to JSON
* [UDR] Add support for endpoint for patching subscription data
Add support for PATCH HTTP method for the following endpoint:
/subscription-data/{ueId}/context-data/amf-3gpp-access
Currently does not change any data in the database.
* [UDM] Add support for endpoint for patching subscription data
Add support for the following endpoint, HTTP PATCH method:
/nudm-uecm/v1/{ueId}/registrations/amf-3gpp-access
The endpoint is used when UE deregisters from the core, and AMF
sends a subscription modification request with "purgeFlag" set.
* [UDM] Add check for same GUAMI when patching subscription data
* [AMF] Send deregistration event to UDM
When UE sends deregistration request, AMF needs to send a
Nudm_UECM_Deregistration request to UDM.
The order of requests is now the following:
- send PDU session release to SMF
- send deregistration event to UDM
- send AM policy control release to PCF
smf_gtp_node_pool were properly freed.
However, the seqence was wrong, so we got a warning message.
To solve this problem, I've moved smf_gtp_node_alloc/free
from gtp_path.[ch] to context.[ch]
For null protection scheme the SUCI needs to be BCD encoded. Whereas for
protection scheme profiles A and B the SUCI needs to be converted from
hexadecimal to ASCII.
This still needs the support for protection schemes A and B in UDM to
work.
* Initial metrics support based on Prometheus
This commit introduces initial support for metrics in open5gs.
The metrics code is added as libogsmetrics (lib/metrics/), with a well
defined opaque API to manage different types of metrics, allowing for
different implementations for different technologies to scrap the
metrics (placed as lib/metrics/<impl>/. The implementation is right now
selected at build time, in order to be able to opt-out the related dependencies
for users not interested in the features. 2 implementations are already
provided in this commit to start with:
* void: Default implementation. Empty stubs, acts as a NOOP.
* prometheus: open5gs processes become Prometheus servers, offering
states through an http server to the Prometheus scrappers. Relies on
libprom (prometheus-client-ci [1] project) to track the metrics and format
them during export, and libmicrohttpd to make the export possible through
HTTP.
[1] https://github.com/digitalocean/prometheus-client-c
The prometheus-client-c is not well maintained nowadays in upstream, and
furthermore it uses a quite peculiar mixture of build systems (autolib
on the main dir, cmake for libprom in a subdir). This makes it difficult
to have it widely available in distros, and difficult to find it if it
is installed in the system. Hence, the best is to include it as a
meson subproject like we already do for freeDiameter. An open5gs fork is
requried in order to have an extra patch adding a top-level
CMakeList.txt in order to be able to includ eit from open5gs's meson
build. Furthermore, this allows adding bugfixes to the subproject if any
are found in the future.
* [SMF] Initial metrics support
* [SMF] Add metrics at gtp_node level
* docs: Add tutorial documenting metrics with Prometheus
* [SMF] Gn: Drop unreachable return line
* [SMF] Avoid crash if Create{Session,PdpContext}Resp fails to be sent
Crash spotted in a running open5gs-smfd process, triggered by:
ERROR: ogs_gtp_sendto() failed (1:Operation not permitted) (../lib/gtp/path.c:119)
ERROR: ogs_gtp_xact_commit: Expectation `rv == OGS_OK' failed. (../lib/gtp/xact.c:730)
ERROR: smf_gtp2_send_create_session_response: Expectation `rv == OGS_OK' failed. (../src/smf/gtp-path.c:451)
FATAL: smf_gsm_state_wait_pfcp_establishment: Assertion `OGS_OK == smf_gtp2_send_create_session_response( sess, gtp_xact)' failed. (../src/smf/gsm-sm.c:676)
* [SMF] Avoid crash if Delete{Sesson,PdpContext}Resp fails to be sent
Let's simply continuing with release of the session, there's not much we
can do about it. Peer will eventually realize the conn is no longer
there.
According to the following standards the response to the endpoint
/nudm-sdm/${supi}/sm-data should be an array of
SessionManagementSubscriptionData objects, instead of only one object.
TS 29.503 version 16.6.0
TS 29.505 version 16.4.0
UDR now responds to the request with only item in the array.
UDM copies all items as is.
SMF uses only the first item in the array, even if there are more
present.
AN-Trusted AVP is only relevant for non-3GPP access networks e.g. WLAN.
This commit adds a check for non-3GPP access network in order to include
AN-Trusted AVP in CCR or not.
Also, clears the M bit for AN-trusted AVP as per TS 29.212 version 16.4.0, Table 5.4.0.1
A problem occurred when there was one SGWU/UPF and multiple SGWC/SMF.
When SGWU and UPF create a session, if the SEID is the same,
the existing session information is used without creating an additional session.
These problems were solved by using the F-SEID including IP information
in the process of checking the existing session.
For video in VoNR, multiple QosFlow is required in one session.
In the past, since only one Session Modification Message was supported,
QoS-Flow was put into several Session Messages one by one and processed.
Now that multiple QoS-Flows can be supported,
it is optimized to process one session modification message.
* [SMF] rename function s/gtp/gtp2/
* [SMF] Store GTPC version in session
So far we always depended on an xact being present in the code path in
order to know which kind of session it is (GTPv1C vs GTPv2C). Let's
instead store that information in smf_sess_t so that we have it always
available in an easy way.
* [SMF] Move smf_sess_t GTPv1C specifics into gtp substruct
* [SMF] Gy CCR: append 3GPP-NSAPI AVP
* [SMF] Append PDP-Address AVP to Gy CCR msg
* [SMF] Gy CCR: Move some AVPs under Service-Information/PS-Information
They belong there. Nokia infocenter documentation seems to be document
the possibility to configure its software to have it in top level, but
that's not what 3GPP TS 32.299 states, so let's stick to it.
* [SMF] Gy CCR: append 3GPP-PDP-Type AVP
* [SMF] Gy CCR: append 3GPP-Charging-Id AVP
* [SMF] Gy CCR: append SGSN-Address AVP
* [SMF] Gy CCR: append GGSN-Address AVP
Issue:
When the ULA - Subscription Data does not contain MSISDN, the Create Session Request
from MME to SGW does not contain MSISDN IE resulting in SMF throwing following log
smf | 05/09 15:20:53.683: [smf] ERROR: No MSISDN (../src/smf/s5c-handler.c:82)
sgwc | 05/09 15:20:53.683: [sgwc] ERROR: No Context in TEID (../src/sgwc/s5c-handler.c:104)
mme | 05/09 15:20:53.683: [mme] ERROR: No Context in TEID (../src/mme/mme-s11-handler.c:122)
As per 3GPP TS 29.274 version 16.5.0, table 7.2.1-1: MSISDN IE shall only be included
in Create Session Request if its provided in subscription data from the HSS. This commit
fixes this by removing the mandatory MSISDN IE check in SMF.
It allows for much better control on the lifecycle of the session, and
already shows some missing tear down paths in case of errors.
It also clarifies the existence of "sess" pointer in several paths.
The code also becomes clearer overall, since all the transitions and
logic to send next messages are put together.
Tear down of the session will be integrated into gsm-sm in a follow-up
patch.
The 5gc session setup is only partially moved to gsm-sm, and left as an
exercise for users wishin to improve 5gc support.
In the past only GTPv2C was supported, and had the "gtp" generic prefix.
Later on, GTPv1C support was added, and "gtp1" prefix was used.
Let's move GTPv2C specific bits to have "gtp2" prefix too, and leave
"gtp" prefix for generic stuff among different GTP versions.
This commit adds EMM Cause to Attach accept message when
Attach Request has COMBINED EPS IMSI ATTACH but the HSS
Network-Access-Mode is configure for EPS ONLY.
The use of the Gy interface (SMF acting as CTF towards an OCS node) is
mandated through configuration file. Default value "enable: auto" will
only make use of it in case a Diameter peer announcing support for the
Credit-Control Application is found.
Upon subscriber session creation, and after auth check over Gx, the SMF
will create a Gy session with the OCS and only after that step the SMF
will accept the session back to the subscriber.
The OCS may then grant some traffic volumes/time and ask to be notified
back with updated measurements.
In order to get the measurements, the SMF relies on PFCP URR configured
to the UPF through Session Repoort Request messages.
When closing the subscriber session, the SMF will also terminate the Gy
session at the OCS.
So far only some specifics parts of the Gy interface as well as the PFCP
side are implemented. Those should be enough to at least have
volume/time thresholds granted by the OCS, which then will be able to
track subsriber resource use.
This patch doesn't implement the OCS side of the Gy interface, that's
left as a future exercise. The interface was tested using an OCS
emulator implemented in TTCN-3 [1]
[1] https://cgit.osmocom.org/osmo-ttcn3-hacks/
TODO:
* Use an event for the report, like SMF_EVT_N4_TIMER?
* Properly set Service identifier in Gy CCR
* SMF: Properly set pkt/octet volumes in Gy CCR
** Update when receiving PFCP Modify Response.
* Figure out best way to require Gy through config file in open5gs-smfd.
* Create a new sess-sm.c which handles smf_sess_t state through
Gx+Gy+PFCP creation, modification and tear down. This way we can do
stuff in parallel, for instance Gx+Gy. It will alsoavoid duplicating
some code paths due to Gy being optional.
Catch Origin-Host during CCA and set it as Destination-Host during
subsequent CCRs. This way we ensure UPDATE/TERMINATION Requests are sent
back explicitly to the same Diameter peer. Moreover, it seems
freediameter relies on this AVP to properly send the message over the
correct SCTP association when several diameter peers are available.
1. UE registered and PDU established.
2. PCF does not receive Heartbeat.
- PCF De-registered state.
- Since PDU is established, SMF should not remove NF instance
3. PCF re-registered.
- HERE, WE NEED TO INCREASE NF REFERENCE COUNT.
Otherwise, NF instance will be removed if PCF is de-registered state
4. UE sends PDU release request.
5. Because SMF knows PCF NF instance, SMF can send PCF delete
As per 3GPP TS 23.401 version 15.12.0, section 5.3.1.2.2
The PDN GW allocates a globally unique /64
IPv6 prefix via Router Advertisement to a given UE.
After the UE has received the Router Advertisement message, it
constructs a full IPv6 address via IPv6 Stateless Address
autoconfiguration in accordance with RFC 4862 using the interface
identifier assigned by PDN GW.
For stateless address autoconfiguration however, the UE can
choose any interface identifier to generate IPv6 addresses, other
than link-local, without involving the network.
And, from section 5.3.1.1, Both EPS network elements and UE shall
support the following mechanisms:
/64 IPv6 prefix allocation via IPv6 Stateless Address
autoconfiguration according to RFC 4862, if IPv6 is
supported.
* [SMF] Gn: Avoid assert crash if no PDP resources available
* [SMF] Gn: Rearrange IE handling order in CreatePDPContextRequest
Let's handle the GTPC remote addr + TEID first, since those should be
used in the CreatePDPContextResponse ideally if available.
Let's then handle parsing of all IEs not related to bearers/UserPlane,
then those missing, and finally do all the IP resource allocation.
* Fix conversion from IPFilterRule to packet filter
As per 3GPP TS 24.008, following Packet filter component type identifier
are not supported on the LTE pre release-11 UEs:
IPv4 local address type
IPv6 remote address/prefix length type
IPv6 local address/prefix length type
And,
IPv6 remote address/prefix length type and
IPv6 local address/prefix length type shall be used when both MS and
Network support Local Address in TFTs.
This commit add logic to omit adding local address in packet filters
for compatibility with pre-release LTE 11 devices. The following parameter
could be used to toggle omit/no to omit behavior.
parameter:
no_ipv4v6_local_addr_in_packet_filter: <true/false>
* Remove logic of supporting pre-release LTE 11 devices in PCRF
* [SMF] typo fixes in commented code
* [SMF] Fix early err return handling UpdatePDPContextRequest
* [SMF] UpdatePDPContext: forward update of remote TEID+IPaddr to UPF
Updating the remote GTP-U IP address and/or TEID on the GGSN is a common
practice, used for instance by an SGSN in a UTRAN network to connect an
HNB(GW) to exchange GTP-U directly with the GGSN. It is also used in
general when doing handovers.
When receiving a UpdatePDPContext with the new address, we need to
forward the update to the UPF so that it takes it into account when
forwarding packets.
This patch only implements updating the information towards the UPF when
GTPv1C is used. Similar approach for GTPv2C (upon receival of Modify
Bearer Request) is still unimplemented.
Related: https://github.com/open5gs/open5gs/issues/1367
In the event we have 2 local IP addresses available for use, put the one
having same IP version in "GGSN Address *" IE, and the one with the
other IP version in "Alternative GGSN Address *" IE.
Same fix was applied recently to CreatePDPContextResponse.
TS 29.060 sections 7.3.4 and 7.3.6 specify the possible cause values for
UpdatePdpContextResponse and DeletePdpContextResponse.
Together with section 8.2, it becomes clear that 'Non-existent' cause
should be sent instead of 'Context not found' one in those cases.
It seems to be actually mandatory in GGSN->SGN directon, though it is
ignored in Release99 upwards. Let's hardcode it to 0 for now, should be
fine in the majority of cases.
In the event we have 2 local IP addresses available for use, put the one
having same IP version in "GGSN Address *" IE, and the one with the
other IP version in "Alternative GGSN Address *" IE.
* [CORE] tlv: Store mode in ogs_tlv_t
This allows specifying the format of the IE for each individual IE,
hence allowing messages containing IEs formatted in different ways.
This is needed in order to support parsing GTPv1-C, since messages
contain IEs with different structure (TLV vs TV). Hence, this is a
preparation patch to add support for parsing TVs in ogs-tlv.c/.h.
* [CORE] tlv: Support parsing msg with both TLV and TV in it
IEs of type TV are sometimes used in GTPv1-C. Current tlv parser/builder
doesn't provide with ways to parse messages which contain TV formatted
IEs. This patch adds the relevant types and ways to encode/decode them.
Furthermore, the current parser/builder allows parsing/building messages
containing the exact same format in all its IEs. A new parser function
is added which allows parsing messages of different types (TV, TLV)
mixed in the same message. In order to be able to do so, it uses the
general msg_mode passed to it in order to know the general TLV format
(in essence, the length of the Tag field, and also the length of the
Length field if applicable each IE).
Looking up the instance in the TLV description is left undone and
hadcoded to 0, since the only user so far requiring this API is GTPv1-C,
which has no instances.
* [CORE] tlv: Support repeated tag+instance parsing TLV message
In GTPv2C, repeated IEs (same tag) are easily differentiated by the
Instance byte, which provides info to match different decoded
structures. In GTPv1C though, there's no Instance byte, and we still
encounter repeated IEs (like GSN Address in Create PDP Context Request).
Hence, the TLV decoder needs to be updated to track count of IEs found
(identified by tag+instance, where instance is always 0 in GTPv1C) and
get the proper description index + offset into the decoded structure.
* [GTP]: Move GTPv2-C specifics to its own libgtp subdir
This will allow adding GTPv1-C code by the side. Most GTPv2 code is left
in this patch as "gtp" instead of renaming it to "gtp2" in order to
avoid massive changes. It can be done at a later stage if wanted.
* [GTP] Support generating GTPv1-C messages
* [SMF] Add Gn interface support
This patch introduces GTPv1C support to open5gs-smfd. With it,
open5gs-becomes a GGSN too, where SGSN can connect to, hence supporting
GERAN and UTRAN networks.
* [SMF] Fix potential null pointer dereference
Pointer "sess" was first dereferenced and later on checked for nullness.
This is clearly wrong. Rearrange the code path to make sure the check is
done first, then dereferenced.
* gitignore: Add subprojects/libtins
* cosmetic: Fix whitespace
The network access mode of HSS has been changed to 0 (Packet and Circuit).
Versions of MME prior to v2.4.2 did not use this value. Open5GS set
the attach result of Attach Complete message as it is by looking
at the attach type of the Attach Request message.
Now, if the network access mode of HSS is set to 2 (Only Packet),
this value is affected by MME from v2.4.3. Regardless of the attach type
of the Attach Request, the MME will set EPS Only to the attach result
of Attach Complete.
3GPP TS 24.501 version 16.6.0 Release 16
4.4 NAS security
4.4.6 Protection of initial NAS signalling messages
1) the UE needs to send non-cleartext IEs in a REGISTRATION REQUEST
or SERVICE REQUEST message, the UE includes the entire REGISTRATION
REQUEST or SERVICE REQUEST message (i.e. containing both cleartext IEs
and non-cleartext IEs) in the NAS message container IE and shall cipher
the value part of the NAS message container IE. The UE shall then send
a REGISTRATION REQUEST or SERVICE REQUEST message containing
the cleartext IEs and the NAS message container IE;
As per RFC 4861 Router advertisement message
format, Source Address MUST be the link-local address
assigned to the interface from which this message is sent.
Since SMF was not sending it as per RFC, certain
phones were not completing the procedure of stateless
IPv6 address autoconfiguration mentioned in
3GPP TS 23.401 version 15.12.0 Release 15, section 5.3.1.2.2
During PDU Session Establishment,
if gNB sends PDUSessionResourceReleaseResponse,
AMF was crashed.
In this case, AMF/SMF remove Session Context and sends ErrorIndication.
An assert occurs when a NAS message retransmission occurs.
Because there is no `enb_ue` context.
Therefore, before removing enb_ue, all Timers must be stopped
to prevent retransmission of NAS messages.
1. rollback ogs_error() to ogs_warn()
To remove the print-out in the test code,
8/13 open5gs:epc / attach OK 10.60 s
bearer-test : SUCCESS
session-test : /11/30 15:59:34.556: [esm] ERROR: Invalid APN[ims2] (../src/mme/esm-handler.c:71)
SUCCESS
2. if( to if (
Coding standard in open5gs