1. HandoverRequired
2. HandoverRequest
3. HandoverFailure
4. UEContextReleaseCommand
5. HandoverPreparationFailure
If UEContextReleaseComplete is not received,
the Source-UE will have the Target-UE.
6. HandoverRequired
There may be cases where the Source UE has a Target UE
from a previous HandoverRequired process. In this case,
it is recommended to force the deletion of the Target UE information
when receiving a new HandoverRequired.
7. HandoverRequest
8. HandoverFailure
9. UEContextReleaseCommand
10. UEContextReleaseComplete
11. HandoverPreparationFailure
... Crashed ...
APER encoding fails when using the asn_uint642INTEGER function on a 32-bit machine as shown below.
```C
asn_uint642INTEGER(AMF_UE_NGAP_ID, 0xffffffff);
...
aper_encode_to_buffer(...)
```
INTEGER APER encode/decode functions seem to be operating internally with long variables instead of intmax_t.
That is probably the reason of the failure.
@v0-e fixed this issues in the mouse07410/asn1c pull request.
https://github.com/mouse07410/asn1c/pull/176https://github.com/mouse07410/asn1c/pull/177
There is an issue with SESSION RELEASE not working properly
depending on the PDU session release complete order
in the PDUSessionResourceReleaseResponse.
If the AMF receives PDUSessionResourceReleaseResponse
followed by PDU session release complete, it works correctly.
However, if it receives PDU session release complete
followed by PDUSessionResourceReleaseResponse, it does not work correctly
and sends an Error Indication to the UE/gNB.
To fix this issue, we added pdu_session_release_complete_received and
pdu_session_resource_release_response_received to the content
so that CLEAR_SM_CONTEXT_REF() is executed when both are received.
While they were continuing their fuzzy testing and developing PacketRusher, an unusual issue with the AMF was observed. The problem arises when a single Ethernet frame containing three bundled SCTP chunks is sent. This behavior is reproduced with PacketRusher when attempting to concurrently register two UEs with the same MSIN.
The expected behavior is that the PDU Session Establishment Accept is sent inside a DownlinkNASTransport to RAN UE NGAP ID 1. However, it is actually sent inside an InitialContextSetupRequest to RAN UE NGAP ID 2. The MAC of this NAS message is invalid for the Security Context of RAN UE NGAP ID 2 (probably valid for RAN UE NGAP ID 1)
* [AMF/MME] UEContextReleaseCommand in Integrity (#2786)
Modified not to send UEContextReleaseCommand in Integrity Unprotected
NAS message such like Registration or Service request.
* [AMF/MME] UEContextReleaseCommand after Interity Protected (#2786)
Modified not to send UEContextReleaseCommand in Integrity Unprotected
NAS message such like Registration or Service request.
When AMF release the NAS signalling connection,
ran_ue context is removed by ran_ue_remove() and
amf_ue/ran_ue is de-associated by amf_ue_deassociate().
In this case, implicit deregistration is attempted
by the mobile reachable timer according to the standard document,
and amf_ue will be removed by amf_ue_remove().
TS 24.501
5.3.7 Handling of the periodic registration update timer and
Start AMF_TIMER_MOBILE_REACHABLE
mobile reachable timer
The network supervises the periodic registration update procedure
of the UE by means of the mobile reachable timer.
If the UE is not registered for emergency services,
the mobile reachable timer shall be longer than the value of timer
T3512. In this case, by default, the mobile reachable timer is
4 minutes greater than the value of timer T3512.
The mobile reachable timer shall be reset and started with the
value as indicated above, when the AMF releases the NAS signalling
connection for the UE.
After N2 Handover (1 AMF, multiple gNB's) was successfully executed, the
PDU session was not properly released afterwards on PDU Session Release
Request from UE.
The reason was that after N2 Handover the new 'ran_ue' context did not
have any information about the active PDU sessions.
Copy the information about PDU sessions from old ran_ue context to the
new one.
[AMF] Implicit Network-initiated Deregistration
Two timers are introduced (both with duration of T3512 + 4 min):
-MOBILE_REACHABLE
-IMPLICIT_DEREGISTRATION
MOBILE_REACHABLE is set when NAS connection for the UE is released.
IMPLICIT_DEREGISTRATION is set when MOBILE_REACHABLE expires.
On MOBILE_REACHABLE expiry Paging is ignored.
On IMPLICIT_DEREGISTRATION expiry:
-UE's RM_State is set to DEREGISTERED
-UE is Nudm_SDM_Unsubscribed
-UE is Nudm_UECM_Deregistered
-PDU sessions are released
-AM policies are deleted
Existing flag amf_ue->network_initiated_de_reg is used.
AMF does not crash anymore when a new UE registration request arrives,
and there is no available space left in UE context pool. Now it just
rejects the request with an error.
An assert occurs when a NAS message retransmission occurs.
Because there is no `enb_ue` context.
Therefore, before removing enb_ue, all Timers must be stopped
to prevent retransmission of NAS messages.
All process will be forcely exited if it failed to encode the S1AP/NGAP/GTP/PFCP message. It is to make sure there was no problem with the encoding of open5gs.
The AMF shall assign a new 5G-GUTI for a particular UE:
a) during a successful initial registration procedure;
b) during a successful registration procedure
for mobility registration update; and
c) after a successful service request procedure invoked as a response
to a paging request from the network and before the release
of the N1 NAS signalling connection as specified in subclause 5.4.4.1.
The AMF should assign a new 5G-GUTI for a particular UE
during a successful registration procedure
for periodic registration update. The AMF may assign a new 5G-GUTI
at any time for a particular UE by performing
the generic UE configuration update procedure.