[PCF N5] (ng-voice GmbH request) Segfault on SBI session creation for VoNR call (npcf-policyauthorization) #2000
Labels
Housekeeping:ToClose
Issues reviewed and closed. Old requests, issues which are not bug, feature or documentation request
Sponsors
Sponsor inquiries are guaranteed to be answered.
Comments
|
A crash occurred because there was no unit in the BitRate like marBwUl, marBwDL and rrBw. The standard document is explained as follows. If there is no unit such as bps, Kbps, Mbps,.., it is treated as a bad request and a response is sent. Please let me know if you have any different idea. Thanks a lot! |
acetcom
added
type:bug
|
@acetcom Thanks for your quick response and good catch! That indeed solved issue number 2 and I can see that there are further messages sent towards the UE. However, still issue number 1 remains and I think this might be a problem, since I still not see a successful call setup. Cheers, |
|
I've modified to work even if there is no Media-Type in branch issues2000. You can use it as below. In this branch, if there is no Media-Type, it is assumed to CONTROL. However, I don't know if it can be implemented like this or if Open5GS should send an error message with a BAD Request to the AF. Let me investigate the standard further. Before that, please test it on this branch. Thanks a lot! |
acetcom
added a commit
that referenced
this issue
Jan 24, 2023
acetcom
added a commit
that referenced
this issue
Jan 24, 2023
acetcom
added a commit
that referenced
this issue
Jan 24, 2023
|
The issues2000 branch has been merged into main. If there is no media-type, Open5GS responds with HTTP BAD Request (400 Error). Please let me know if you have any other requests. Thanks a lot! |
pobk
added
the
Housekeeping:ToClose
NLag
added a commit
to securitylab-repository/open5gs_ciot
that referenced
this issue
Mar 14, 2023
* Fix UL and DL URR Usage Report * Follow-on up open5gs#1793 * [AMF] Fix for switching state when sending Deregistration Request fails Provide pointer to state machine, instead of pointer to timer structure. Bug was noticed when switching compiler optimization to -O2. * [5GC] Fixed session deletion in a BSF (open5gs#1725) * [UPF] test code for unspecified address (open5gs#1776) * [Security] Fixed a crash for port scanning (open5gs#1767) * Release v2.4.11 * Added Release Notes for v2.4.11 * [MME] Support for Insert Subscriber Data (open5gs#1794) * [MME] Support for Insert Subscriber Data * Supported AVPs in IDR will overwrite existing subscription information * Provide error on partial APN updates * IDR and ULA use same function to process AVPs * Move subdatamask values into s6a, so both HSS and MME can use them * Updates are not actioned at this time. A Re-attach is required for most changes to take effect * Memory issue on IDR exceptions * Remove of handling MSIDSN change until DSR is used * Follow-on up open5gs#1794 * [SBI] Client Request timeout TS29.500 Ch 6.11 Detection and handling of late arriving requests In Open5GS, this part was hard-corded. HTTP2 Client sends a request and waits for 10 seconds. If no response is received from the HTTP2 Server, HTTP2 Client performs the exception handling. In this commit, HTTP2 client sends Header with setting Max-Rsp-Time to 10 seconds. However, HTTP2 server has not yet been implemented to process this value. The server is still processing using hard-corded values (10 seconds). * [MME] Cancel Location while Idle (open5gs#1797) * Cancel Location while Idle Fix * Forgot about SGSAP on MME Change. Added "action" to sgsap_send_detach.. * Make handle_clr uniform with other handlers * Added Robustness for Any Detach Type * Memory wasn't freed upon CLR for unknown IMSIs * Moving MME Detach to new PR * Follow-up on open5gs#1797 * ogs_info swaps CP and UP SEIDs * Follow-up on open5gs#1797 * fix dropped_dl_traffic_threshold ie. * [AMF,UDM] Add support to subscribe to SDM changes AMF subscribes to UDM for each registered UE. At the moment, UDM does not send callback to AMF when any of the UE's properties in the database changes. At the moment, AMF does properly parse the ModificationNotification, but does not do anything useful. * [SMF] Update PFCP report error situation (open5gs#1819) * Revert the previous commit on open5gs#1797 * Updated SBI module - Introduced NF_INSTANCE_ID/NF_INSTANCE_TYPE - Skip SCP in configuration validation * [AMF] Increase size of TMSI pool Each UE context has 'current' and 'next' TMSI values. AMF first allocates the 'next' value, before confirming it and releasing the 'previous'. This means that we potentially need pool size of 2x the amount of maximum configured UE. Without this change, AMF would crash in case that there are 'x' configured maximum amount of UE, and there are already 'x' registered UE. [gmm] INFO: Registration request (../src/amf/gmm-sm.c:135) [gmm] INFO: [suci-0-001-01-1234-0-1-1000000000] SUCI (../src/amf/gmm-handler.c:149) [gmm] DEBUG: OLD TSC[UE:0,AMF:0] KSI[UE:7,AMF:0] (../src/amf/gmm-handler.c:179) [gmm] DEBUG: NEW TSC[UE:0,AMF:0] KSI[UE:7,AMF:0] (../src/amf/gmm-handler.c:186) [amf] FATAL: amf_m_tmsi_alloc: Assertion `m_tmsi' failed. (../src/amf/context.c:2160) [core] FATAL: backtrace() returned 13 addresses (../lib/core/ogs-abort.c:37) * [AMF] Reject registration requests when pool for UE contexts is empty AMF does not crash anymore when a new UE registration request arrives, and there is no available space left in UE context pool. Now it just rejects the request with an error. * Follow-up on open5gs#1828 * Follow-up on open5gs#1827 * [DBI] Disable Change Streams with mongo Version Support for change stream is only available in mongoc >=1.9.0 - Disabled related functions in dbi. Support for bson to json used in debug statement only in libbson >=1.7.0 - Simple debug message in lower versions * Follow-up on open5gs#1827 * Update README.md * SCP(Model D) is now the default setting. * remove warning in MacOSX (open5gs#1797) * Fixed the WebUI to Support MongoDB 6.0(open5gs#1824) * SCP is added in Debian package * Fixed the bug of SGW-C session deletion (open5gs#1825) * Release v2.5.0 * Added missing files(SCP for systemd) * Release v2.5.0 * Update document for v2.5.0 * [AMF] Support REREGISTRATION_REQUIRED in dereg notify * Fixed a bug WebUI for production build (open5gs#1824) * Support SMF Security Indication IE (open5gs#1851) * Release v2.5.1 * Document update for v2.5.1 * [NAS] Discard message if Integrity failed (open5gs#1848) * SCP had a serioud memory problem and fixed it * Fix to avoid port (7777) conflicts on Mac OS X * Release v2.5.2 * fix for scp daemon (open5gs#1872) * fix * fix2 * fix * Release v2.5.3 * added open5gs-scp * Release v2.5.4 * [SBI] Do not send empty arrays when registering to NRF OpenAPI dictates that certain arrays should have at least one item, otherwise they should not be present. This includes lists for IPv4/v6 addresses, TAI/TAC lists, ... Add a check if there is at least 1 item, before creating an array. Also move variable declarations to inner blocks, to prevent some accidental usage out of wanted scope. * Follow-up on open5gs#1876 * Squashed commit of the following: commit 5070c19 Author: Sukchan Lee <acetcom@gmail.com> Date: Fri Nov 4 15:46:35 2022 +0900 updte it commit e49107f Author: Sukchan Lee <acetcom@gmail.com> Date: Fri Nov 4 11:03:37 2022 +0900 update it commit a55b977 Author: Sukchan Lee <acetcom@gmail.com> Date: Fri Nov 4 10:50:41 2022 +0900 update it commit 0ff0930 Author: Sukchan Lee <acetcom@gmail.com> Date: Fri Nov 4 10:09:35 2022 +0900 update it commit 8cb5038 Author: Sukchan Lee <acetcom@gmail.com> Date: Fri Nov 4 09:39:08 2022 +0900 update it commit 0a6829d Author: Sukchan Lee <acetcom@gmail.com> Date: Fri Nov 4 09:06:22 2022 +0900 update it commit ea85035 Author: Sukchan Lee <acetcom@gmail.com> Date: Thu Nov 3 21:36:17 2022 +0900 update it commit e86ba62 Author: Sukchan Lee <acetcom@gmail.com> Date: Thu Nov 3 17:39:27 2022 +0900 update it commit 2c05df8 Author: Sukchan Lee <acetcom@gmail.com> Date: Thu Nov 3 16:20:47 2022 +0900 update it commit 43c88ae Author: Sukchan Lee <acetcom@gmail.com> Date: Wed Nov 2 22:17:37 2022 +0900 update it commit b374db4 Author: Sukchan Lee <acetcom@gmail.com> Date: Wed Nov 2 22:05:53 2022 +0900 update it * Fix the WebUI installation bug * Fixed the WebUI installation * Release v2.5.5 * [WebUI] Change installation script (open5gs#1824) * [SMF] Fixed PTI when PDU Session Reject * Build webui from local source Use local copy of source code to build webui, instead of downloading the code from Github. * Rollback WebUI (open5gs#1882) * [AMF] Add implicit_unsubscribe field to SDMSubscription * Build WebUI from local source Use local copy of source code to build WebUI, instead of downloading the code from Github. * Update 01-quickstart.md Change S1AP bind address for external eNB. * Follow-up on open5gs#1886 * Add TLS support * Fix TLS error handling * Follow-up on open5gs#1865 * [SBI] Introduced HTTP2-TLS based on open5gs#1865 Verfication is not implemented. * Changed the location of Osmocom nightly build * Added OSS Notice * Update document * Update document * Update document * [metrics] Fix log output for metrics Even if the configured log level for the application was set to "error", the first "info" message of the metrics library was output to the log. Reorder the initialization of the metrics library. * Fixed crash after 48 hours of running (open5gs#1893) * Prometheus metrics set to default * Fixed prometheus-client-c branch next to open5gs * Fixed test code for MacOSX Ventura * update document * Fixed MacOSX Test code * Removed MongoDB from WebUI install-script (open5gs#1824) * Oops! errata * OpenAPI: Move any_type.[ch] from custom/ into sbi/openapi/model/ This makes it possible to have object values of type "any_type" in OpenAPI specifications. * OpenAPI: Generate patch_item.[ch] from OpenAPI specifications * OpenAPI: AnyType for ChangeItem's newValue and origValue properties * get amf_ue from sess amf_ue will be null and cause a coredump when type is OGS_SBI_OBJ_SESS_TYPE. * [AMF/MME] Refactor SM to prevent crash (open5gs#1912) * Fixed alpine stack overflow (open5gs#1911) * Continue to fix alpine stack overflow (open5gs#1911) * [AMF/MME] forget UE Radio Capability (open5gs#1917) forgetting the UE Radio Capabilities when UE is sending NAS "De-Registration Request" with "type = Switch-off * [WebUI] Install on MongoDB below v6.0 (open5gs#1910) * OpenAPI: Add functions OpenAPI_list_clear and OpenAPI_list_insert_prev * [UDM] Handle SDM unsubscribe * [UDM/UDR] Handle UEAuthentication authRemovalInd * [AUSF] Handle UEAuthentication DELETE * [AMF] Allow unspecified (infinity) ue_ambr up/downlink limits * [AMF] Add support for SDM subscription and authentication deletion * [AMF] Handle am-data/ratRestrictions change notification When such a notification arrives from UDM, delete the corresponding SDM subscription from the UDM and deregister the UE if it becomes RAT restricted. * [AMF] Handle am-data/subscribedUeAmbr change notification When such a notification arrives from UDM, notify the GNB of the new values AMBR uplink/downlink values. * [AMF/MME] Added Timer Configuration (open5gs#1905) * [AMF/MME] Added missing T3423 in conf (open5gs#1905) * Fixed manual of sgwu.yaml conf * [UPF] Fixed an infinte loop when ext_len is 0 * [SBI] Remove redundant code (open5gs#1923) * Added more log in GTP Error (open5gs#1920) * [AMF] Wrongly sending PDU Session Release (open5gs#1925) * [AMF] Fixed a crash while NGReset (open5gs#1928) * amf: fix regression for smf selection * free replybuf after sent replay message * [SBI] Case-Insensitive inside MIME message (open5gs#1939) * [UPF] Add metrics support Expose metrics with labels according to ETSI TS 128 552 V16.13.0 in UPF by using hash. The metrics are named respecting the rule: <generation>_<measurement_object_class>_<measurement_family_name>_<metric_name_as_in_TS_128_552> 5qi is not available in UPF. To present 5qi to the user, MN will have to maintain a table qfi->5qi for each QoS flow (will have to get information from SMF). So UPF has to expose qfi. qfi itself is not useful. When used, UPF will have to expose additional label to define the session (e.g. source interface). Label dnn is set to value of APN/DNN received in Establishment. Since SMF does not add APN/DNN to Establishment, the label is empty. When APN/DNN will be set by SMF, it should be added to sess in UPF and used in metrics on Modification and Deletion. Both datavolumeqosleveln3upf are exposed in bytes. MN is providing the transformation to kbits. fivegs_upffunction_upf_qosflows should expose the number of QFIs used in sessions, but exposes number of QER rules, which is currently equal to QFIs. The label snsssai is not provided since the slice is not available on UPF. Exposed metrics example: Standard counters: fivegs_ep_n3_gtp_indatapktn3upf 28637 fivegs_ep_n3_gtp_outdatapktn3upf 14729 fivegs_upffunction_sm_n4sessionestabreq 4 fivegs_upffunction_sm_n4sessionestabfail{cause="66"} 1 fivegs_upffunction_sm_n4sessionestabfail{cause="71"} 68 fivegs_upffunction_sm_n4sessionestabfail{cause="68"} 4 fivegs_upffunction_sm_n4sessionestabfail{cause="72"} 15 fivegs_upffunction_sm_n4sessionestabfail{cause="75"} 3 fivegs_upffunction_sm_n4sessionestabfail{cause="65"} 4 fivegs_upffunction_sm_n4sessionreport 0 fivegs_upffunction_sm_n4sessionreportsucc 0 fivegs_ep_n3_gtp_indatavolumeqosleveln3upf{qfi="1"} 39792997 fivegs_ep_n3_gtp_outdatavolumeqosleveln3upf{qfi="1"} 737548 Nonstandard gauge (added for controlling purposes - same metric as existing metric on AMF and SMF): fivegs_upffunction_upf_sessionnbr 1 Standard gauge: fivegs_upffunction_upf_qosflows{dnn=""} 1 * [PCF] Add metrics support Expose metrics with labels according to ETSI TS 128 552 V16.13.0 in PCF by using hash. The metrics are named respecting the rule: <generation>_<measurement_object_class>_<measurement_family_name>_<metric_name_as_in_TS_128_552> Since slice itself is not unique, the plmnid label is exposed in addition to snssai. AM policy: fivegs_pcffunction_pa_policyamassoreq and fivegs_pcffunction_pa_policyamassosucc do not expose snssai label since it is not available at the time of exposure. plmnid is defined during AM policy processing, so not to lose the difference to ...succ, the basic metric fivegs_pcffunction_pa_policyamassoreq is preserved. SM policy: snssai is defined during SM policy processing, so not to lose the difference to ...succ, the basic metric fivegs_pcffunction_pa_policysmassoreq is preserved. Those 2 basic metrics retain their position but are exposed with empty labels. Metrics with labels are called later, when the label values are known. Exposed metrics example: -standard counters: fivegs_pcffunction_pa_policyamassoreq{plmnid=""} 3 fivegs_pcffunction_pa_policyamassoreq{plmnid="99970"} 3 fivegs_pcffunction_pa_policyamassosucc{plmnid="99970"} 3 fivegs_pcffunction_pa_policysmassoreq{plmnid="",snssai=""} 3 fivegs_pcffunction_pa_policysmassoreq{plmnid="99970",snssai="1000009"} 3 fivegs_pcffunction_pa_policysmassosucc{plmnid="99970",snssai="1000009"} 3 -nonstandard gauge (added for controlling purposes - same metric as existing metric on AMF and SMF): fivegs_pcffunction_pa_sessionnbr{plmnid="99970",snssai="1000009"} 0 * Follow-up on open5gs#1940 * Follow-up on open5gs#1940 - Fixed compile error * [SMF] fix crash due free-ing invalid pointer In case that database is (manually) corrupted for a specific UE, SSC mode and ARP preemption vulnerability fields are not set correctly, SMF will crash when trying to build a request to create PCF association. Function smf_npcf_smpolicycontrol_build_create() will end prematurely, and when cleaning up resources it will try to free() up invalid pointer, which was not set to 0 at beginning of the function. [smf] ERROR: SSCMode is not allowed (../src/smf/nudm-handler.c:165) [sbi] DEBUG: STATUS [201] (../lib/sbi/nghttp2-server.c:443) [sbi] DEBUG: SENDING...: 3 (../lib/sbi/nghttp2-server.c:451) [sbi] DEBUG: { } (../lib/sbi/nghttp2-server.c:452) [sbi] DEBUG: STREAM closed [1] (../lib/sbi/nghttp2-server.c:962) [smf] ERROR: No Arp.preempt_cap (../src/smf/npcf-build.c:132) <crash> 0 __GI_abort () at ./stdlib/abort.c:107 1 0x00007f9348fe43b1 in ?? () from /lib/x86_64-linux-gnu/libtalloc.so.2 2 0x00007f9349aef745 in ogs_talloc_free (ptr=0x7f9348e38dab <_int_free+1675>, location=0x5591b8675d27 "../src/smf/npcf-build.c:181") at ../lib/core/ogs-memory.c:107 3 0x00005591b8653c45 in smf_npcf_smpolicycontrol_build_create (sess=0x7f9343070010, data=0x0) at ../src/smf/npcf-build.c:181 4 0x00007f9349abc2b4 in ogs_sbi_xact_add (sbi_object=0x7f9343070010, service_type=OGS_SBI_SERVICE_TYPE_NPCF_SMPOLICYCONTROL, discovery_option=0x7f9338006d90, build=0x5591b86531d0 <smf_npcf_smpolicycontrol_build_create>, context=0x7f9343070010, data=0x0) at ../lib/sbi/context.c:1699 5 0x00005591b86580be in smf_sbi_discover_and_send (service_type=OGS_SBI_SERVICE_TYPE_NPCF_SMPOLICYCONTROL, discovery_option=0x0, build=0x5591b86531d0 <smf_npcf_smpolicycontrol_build_create>, sess=0x7f9343070010, stream=0x7f9344fce0a0, state=0, data=0x0) at ../src/smf/sbi-path.c:110 6 0x00005591b864e9da in smf_nudm_sdm_handle_get (sess=0x7f9343070010, stream=0x7f9344fce0a0, recvmsg=0x7f933f52d5a0) at ../src/smf/nudm-handler.c:290 7 0x00005591b8600c96 in smf_gsm_state_wait_5gc_sm_policy_association (s=0x7f9343070610, e=0x7f9338076730) at ../src/smf/gsm-sm.c:523 ... * [AMF] Add RM metrics support Expose RM metrics with labels according to ETSI TS 128 552 V16.13.0 in AMF by using hash. The metrics are named respecting the rule: <generation>_<measurement_object_class>_<measurement_family_name>_<metric_name_as_in_TS_128_552> Since slice itself is not unique, the plmnid label is exposed in addition to snssai. RegInitFail is exposed as an alternative to RegInitReq and RegInitSucc counters so cause label can be provided. It counts rejected registrations and rejected authentications. Rejected authentications are counted under label cause="0". Exposed metrics example: -standard gauge: fivegs_amffunction_rm_registeredsubnbr{plmnid="00101",snssai="1000009"} 1 -nonstandard counter: fivegs_amffunction_rm_reginitfail{cause="3"} 4 * [SMF] Add SM metrics support Expose SM metrics with labels according to ETSI TS 128 552 V16.13.0 in SMF by using hash. The metrics are named respecting the rule: <generation>_<measurement_object_class>_<measurement_family_name>_<metric_name_as_in_TS_128_552> Existing gauge sessions_active is renamed! Since slice itself is not unique, the plmnid label is exposed in addition to snssai. Exposed metrics example: -standard gauges: fivegs_smffunction_sm_sessionnbr{plmnid="00101",snssai="1000009"} 0 fivegs_smffunction_sm_qos_flow_nbr{plmnid="00101",snssai="1000009",fiveqi="9"} 0 -nonstandard counters: fivegs_smffunction_sm_n4sessionestabfail{cause="71"} 68 fivegs_smffunction_sm_n4sessionreport 1 fivegs_smffunction_sm_n4sessionreportsucc 1 fivegs_smffunction_sm_n4sessionestabreq 1 * [AMF] Fix deletion of auth data from AUSF * free socket fd call ogs_sock_destroy to free sock when fail to get socket fd * Update document * Update document * Add NF load to NRF Heartbeat The current load percentage of the NF Service Consumer is provided in the payload body of the PATCH request when periodically contacting the NRF (heart-beat). AMF: ratio between currently connected ran_ue and maximum number of them SMF: ratio between current PDU sessions and maximum available PCF: ratio between current AM+SM policy associations and maximum available or ratio between currently connected UEs and maximum number of them (the load which is higher) AUSF, UDM: ratio between currently connected UE and maximum number of them BSF: ratio between current sessions and maximum available NSSF: ratio between currently used NSIs and maximum number of them NRF currently doesn't determine that the NF Profile has changed. * [SMF] Fix metric bearers_active Metric 'bearers_active' was incremented in only one code path (smf_bearer_add() for 4G only), while it was decremented from two paths (smf_bearer_remove() for both 4G and 5G). Increment metric also for 5G path (smf_qos_flow_add()), so it won't get decremented into negative values. * [mongo] Use "ping" command instead of "serverStatus" "serverStatus" on the "admin" database may fail due to insufficient privileges. * Introduced Subscription identifier de-concealing o Generate the private key as below. $ openssl genpkey -algorithm X25519 -out /etc/open5gs/hnet/curve25519-1.key $ openssl ecparam -name prime256v1 -genkey -conv_form compressed -out /etc/open5gs/hnet/secp256r1-2.key o The private and public keys can be viewed with the command. The public key is used when creating the SIM. $ openssl pkey -in /etc/open5gs/hnet/curve25519-1.key -text $ openssl ec -in /etc/open5gs/hnet/secp256r1-2.key -conv_form compressed -text In ausf/udm.yaml hnet: o Home network public key identifier(PKI) value : 1 Protection scheme identifier : ECIES scheme profile A - id: 1 scheme: 1 key: /etc/open5gs/hnet/curve25519-1.key o Home network public key identifier(PKI) value : 2 Protection scheme identifier : ECIES scheme profile B - id: 2 scheme: 2 key: /etc/open5gs/hnet/secp256r1-2.key o Home network public key identifier(PKI) value : 3 Protection scheme identifier : ECIES scheme profile A - id: 3 scheme: 1 key: /etc/open5gs/hnet/curve25519-1.key o Home network public key identifier(PKI) value : 4 Protection scheme identifier : ECIES scheme profile B - id: 4 scheme: 2 key: /etc/open5gs/hnet/secp256r1-2.key Related to open5gs#1779 * New AMF ID in SMF session context for 'inter-AMF change or mobility' * Fixed SMF-METRICS bug in EPC * SIDF only required in UDM, not AUSF (open5gs#1779) * [MME] Clear UE Context for Attach Reject (open5gs#1848) Attach Reject + PDN Connectivity Reject need to clear UE Context * [PCRF] Fixed a crash (open5gs#1981) An assertion was fired when switching between video and audio. * [METRICS] Fixed a core dump in SMF/UPF/PCF (open5gs#1985) * [AMF] Implicit Network-initiated Deregistration Two timers are introduced (both with duration of T3512 + 4 min): -MOBILE_REACHABLE -IMPLICIT_DEREGISTRATION MOBILE_REACHABLE is set when NAS connection for the UE is released. IMPLICIT_DEREGISTRATION is set when MOBILE_REACHABLE expires. On MOBILE_REACHABLE expiry Paging is ignored. On IMPLICIT_DEREGISTRATION expiry: -UE's RM_State is set to DEREGISTERED -UE is Nudm_SDM_Unsubscribed -UE is Nudm_UECM_Deregistered -PDU sessions are released -AM policies are deleted Existing flag amf_ue->network_initiated_de_reg is used. * [AMF] Follow-up on open5gs#1987 [AMF] Implicit Network-initiated Deregistration Two timers are introduced (both with duration of T3512 + 4 min): -MOBILE_REACHABLE -IMPLICIT_DEREGISTRATION MOBILE_REACHABLE is set when NAS connection for the UE is released. IMPLICIT_DEREGISTRATION is set when MOBILE_REACHABLE expires. On MOBILE_REACHABLE expiry Paging is ignored. On IMPLICIT_DEREGISTRATION expiry: -UE's RM_State is set to DEREGISTERED -UE is Nudm_SDM_Unsubscribed -UE is Nudm_UECM_Deregistered -PDU sessions are released -AM policies are deleted Existing flag amf_ue->network_initiated_de_reg is used. * [AMF] More Follow-up on open5gs#1987 * [pfcp] Fix code style * [PCRF] More fixes for crashes (open5gs#1981) * changed error tagged log to info tagged log for handling 5g guti information during Configuration Update procedure * [SMF] Added User-ID, APP_DNN, S-NSSAI (open5gs#1986) Added User-ID, APP_DNN, S-NSSAI in N4 PFCP Session Establishment Request * [MME] Add Purge-UE Capability (open5gs#1991) * [MME] Add Purge-UE Capability * Add OGS_GTP_..._PURGE_AND_REMOVE to split CLR case * Follow-up on open5gs#1991 * More follow-up on open5gs#1911 * Update document for v2.4.13 * Update document for 2.5.7 * Version update * Update document for v2.4.13 and v2.5.7 * [AMF] Fixed RM metric RegisteredSubNbr (open5gs#2001) * [UPF] Fixed bug when 2 PDRs with same TEID (open5gs#2003) * [MME] Introduce aging timers * Creating three new timers * mirroring work done by gstaa on the AMF * Implicit detach procedures added * Fix for detach from unknown UE * [METRICS] Re-order init/final (open5gs#1985, open5gs#2001) * [AMF] Fixed MEMORY LEAK (open5gs#1925) * [PROTO] Increase SDU buffer 8k->16k (open5gs#2008) * [PFCP] Allow up to 8 framed routes for each IP type * [BSF] Handle Ipv4FrameRouteList, save it into context * [PCF] Handle framed routes, forward them to BSF * [UPF] Handle framed routes * [SMF] Handle framed routes, forward them to UPF and PCF * Follow-up on open5gs#2009 * [AMF/MME] Fixed crash when no NG/S1 context(open5gs#2012) * Update document for v2.5.8 * remove old document * [UPF] URR time threshold log to info (open5gs#1997) * [MME] Fixed a crash when no UE context (open5gs#2016) * [LOG] remove ogs_expect_or_return()/return_val() * [CORE] Rollback ogs_pkbuf_copy() from (open5gs#2012) In the previous open5gs#2012 working, I've added ogs_pkbuf_free() for original buffer. But, this rasied double free. So, I've rollback it, * [PFCP] buffer overflow in ALPINE (open5gs#1911, open5gs#2009) A buffer overflow occurred in ALPINE because the size of the pfcp message structure increased by ogs_pfcp_tlv_framed_route_t framed_route[8]; ogs_pfcp_tlv_framed_ipv6_route_t framed_ipv6_route[8]; * Fixed warning * [CORE] Increase SDU buffer to 32k (open5gs#2008) * [SBI] Fixed crash if no BW Unit(Xbps) (open5gs#2000) * no Purge Timer, no config, expanded code * [CORE] OGS_MAX_SDU_LEN->OGS_HUGE_LEN Stack (open5gs#2008) Changed all OGS_MAX_SDU_LEN in the stack to OGS_HUGE_LEN. * [AMF/AMF] Not assert for ogs_asn_copy_ie() (open5gs#2018) Does not raise an assertion even if open5gs cannot handle the ASN in ogs_asn_copy_ie() * [AMF] Fixed crashes from malformed 5GS-ID (open5gs#2020) * [MME] Implicit Network-initiated Deregistration (open5gs#2013) * [MME] Introduce aging timers * Creating three new timers * mirroring work done by gstaa on the AMF * Implicit detach procedures added * Fix for detach from unknown UE * no Purge Timer, no config, expanded code * update it * ogs_session_s.framed_routes type change to (char **) OpenAPI_list_t wasn't optimal as it created a dependency on ogs-sbi.h. * [UDR] Read framed routes from DB send them in sm-data The framed routes are stored in mongo as { "imsi" : "$IMSI", ..., "slice" : [{ ..., "session" : ..., "ipv4_framed_routes" : ["10.45.33.0/24", "10.45.35.0/24"], }], }], }, * [MME] Fixed crash due to Paging routine (open5gs#2017) * Added Service-MAP to Requester-Features (open5gs#2027) ALWAYS Added Service-MAP to Requester-Features in Discovery Option * [AMX] Fixed a crash due to deregistration (open5gs#2021) Fixed an issue where AMF would crash if an implicit deregistration occurred twice. * [NRF] Fixed a crash during NRF discovery (open5gs#2034) Other NF instances are obtained through NRF or created directly through configuration files. Other NFs created by the config file should not be passed through NRF discovery or anything like that. Since self-created NF Instances do not have an ID, they are implemented to exclude them from NRF Discovery. * [CORE] Add defense code to ogs_pkbuf_copy (open5gs#2032) Added a defense code to prevent NF crash when ogs_pkbuf_copy() size is 0. * [AMF] Network Initiated De-Register (open5gs#2014, open5gs#2021) Resolved Network Initiated Implicit/Explicit De-Registration * Update Document for Frame Routing (open5gs#2035) * Remove not valid UTF-8 characters These UTF-8 characters are causing issues with static code analysis tools. Error: encoding error in ./lib/crypt/zuc.c 'utf-8' codec can't decode byte 0x97 in position 3948: invalid start byte Python3 requires input character data to be perfectly encoded; it also requires perfectly correct system encoding settings. Unfortunately, your data and/or system settings are not. * [AMF] Network-Initiated Deregister (open5gs#2014, open5gs#2021) Fixed a bug network-initiated implicit/explict deregistration * [Gx/Gy] MAX_CC_REQUESTER_NUMBER(32->64) (open5gs#2038) Incrased MAX_CC_REQUESTER_NUMBER from 32 to 64 * [NF] Fix double-free crash when NF is under heavy load <nf>/init.c:<nf>_main() : ogs_pollset_poll() receives the time of the expiration of next timer as an argument. If this timeout is in very near future (1 millisecond), and if there are multiple events that need to be processed by ogs_pollset_poll(), these could take more than 1 millisecond for processing, resulting in the timer already passed the expiration. In case that another NF is under heavy load and responds to an SBI request with some delay of a few seconds, it can happen that ogs_pollset_poll() adds SBI responses to the event list for further processing, then ogs_timer_mgr_expire() is called which will add an additional event for timer expiration. When all events are processed one-by-one, the SBI xact would get deleted twice in a row, resulting in a crash. 0 __GI_abort () at ./stdlib/abort.c:107 1 0x00007f9de91693b1 in ?? () from /lib/x86_64-linux-gnu/libtalloc.so.2 2 0x00007f9de9a21745 in ogs_talloc_free (ptr=0x7f9d906c2c70, location=0x7f9de960bf41 "../lib/sbi/message.c:2423") at ../lib/core/ogs-memory.c:107 3 0x00007f9de95dbf31 in ogs_sbi_discovery_option_free (discovery_option=0x7f9d9090e670) at ../lib/sbi/message.c:2423 4 0x00007f9de95f7c47 in ogs_sbi_xact_remove (xact=0x7f9db630b630) at ../lib/sbi/context.c:1702 5 0x000055a482784846 in amf_state_operational (s=0x7f9d9488bbb0, e=0x7f9d90aecf20) at ../src/amf/amf-sm.c:604 6 0x00007f9de9a33cf0 in ogs_fsm_dispatch (fsm=0x7f9d9488bbb0, event=0x7f9d90aecf20) at ../lib/core/ogs-fsm.c:127 7 0x000055a48275b32e in amf_main (data=0x0) at ../src/amf/init.c:149 8 0x00007f9de9a249eb in thread_worker (arg=0x55a483d41d90) at ../lib/core/ogs-thread.c:67 9 0x00007f9de8fd2b43 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:442 10 0x00007f9de9063bb4 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:100 * [SBI/NF] Follow-up on open5gs#2045 * Support for UPF HA - release/establish new PDU session * Follow-up on open5gs#2048 * [SBI] HTTP/2 user-agent header (open5gs#2048) Open5GS now checks User-AGENT only in SCP. * [AMF/MME] Delete UERadioCapability (open5gs#2040, open5gs#1917) o TS24.301(4G/LTE) 5.5.1 Attach procedure 5.5.1.2 Attach procedure for EPS services 5.5.1.2.4 Attach accepted by the network If the attach request is accepted by the network, the MME shall delete the stored UE radio capability information or the UE radio capability ID, if any. o TS24.501(5G) 5.5.2 De-registration procedure 5.5.2.1 General When the AMF enters the state 5GMM-DEREGISTERED for 3GPP access, the AMF shall delete the stored UE radio capability information or the UE radio capability ID, if any. * [TEST] Reduce paging wait time * [AMF] Network-Initiated Deregister (open5gs#2014, open5gs#2021) I accidentally missed one so I added it again. * [AMF] Delete UERadioCapability (open5gs#2040, open5gs#1917) 23.501 (5G NAS stage 2) 5.4.4.1: "When the AMF receives Registration Request with the Registration type set to Initial Registration or when it receives the first Registration Request after E-UTRA/EPC Attach with Registration type set to Mobility Registration Update, the AMF deletes the UE radio capability." * [SBI,NF] Don't treat SBI connection errors as asserts * [AMF] Network Deregister (open5gs#2056, open5gs#2014, open5gs#2021) Fixed a crash on explicit network-initiated deregister with SUBSCRIPTION_WITHDRAWN * [MME] KeNB derive from TAU(active flag=1) (open5gs#2063) TS33.401 7 Security procedures between UE and EPS access network elements 7.2 Handling of user-related keys in E-UTRAN 7.2.7 Key handling for the TAU procedure when registered in E-UTRAN If the "active flag" is set in the TAU request message or the MME chooses to establish radio bearers when there is pending downlink UP data or pending downlink signalling, radio bearers will be established as part of the TAU procedure and a KeNB derivation is necessary. * [SBI] Do not treat removed streams as errors when sending responses This is in line with the implementation with microhttpd server (mhd-server.c). * [SBI] Fix possible crash when handling PatchItems in NFProfile PATCH req * Follow-up on open5gs#2069 * [DOCS] Removed missing link * Further Follow-up on open5gs#2063 * [pfcp] response_timeout should not call ogs_pfcp_xact_delete (open5gs#2072) * [pfcp] response_timeout should never call ogs_pfcp_xact_delete (open5gs#50) * also remove ogs_pfcp_xact_delete since never called * also had to catch one more ogs_pfcp_sendto() --------- Co-authored-by: Spencer Sevilla <spencer@MacBook-Air.local> * [GTP/PFCP] Follow-up on open5gs#2073 * [gtpc] silently handle OGS_GTP2_CAUSE_UE_ALREADY_RE_ATTACHED (open5gs#17) no need to log "GTP Failed"; just handle silently or move on. * Issue housekeeping (open5gs#2078) * Added GitHub issue templates and config.yaml for issue templating * Fixed capitalisation of labels. * updated bugreport.yaml template * Fixed typos in GitHub templates and bug schemas (open5gs#2080) * [SBI] HTTP2-TLS verification - ConfFile Changed You should add the following configuration if you would not use TLS. sbi: server: no_tls: true client: no_tls: true * [SBI] Move HNET PKI conf inside UDM * Updated bugreport.yaml Fixed a typo/hangover from sense-checking * Removed 'bug' from auto-labels on new issue template * [AMF/SMF] Fixed a crash (open5gs#2030, open5gs#2074, open5gs#2085) * Don't left-shift by negative amount, which is UB according to C17 * Remove MACOSX in github CI * Update 01-quickstart.md * [Release-17] Upgrade S1AP/NGAP to v17.3.9 * [PFCP] Support pfcp advertise address * [SBI] Fixed openapitools MAP generation (open5gs#2103) MAP was generated incorrectly because {{#items}}..{{#items}} was missing. Because of this, If scpInfo has scpPort, NRF crashes. * [SBI] Crash occurs when ENUM in the MAP (open5gs#2103) * [Release-17] Upgrade SBI to v17.x.0 * [AMF] Disallow handling service requests unless UE is already registered * Follow-up on open5gs#2100 * [Release-17] Upgrade NAS to v17.8.0 * [PFCP/GTP] Fixed security bug (open5gs#2127,open5gs#2128,open5gs#2129) * [Release-17] Upgrade GTPv1/v2 to v17.4.0/v17.7.0 * [Release-17] Upgrade PFCP to v17.7.1 * Added N32 Interface to implement SEPP * [AMF] Expose more metrics [ETSI TS 128 552 V16.9.0](https://www.etsi.org/deliver/etsi_ts/128500_128599/128552/16.09.00_60/ts_128552v160900p.pdf) 5.2.2 Registration procedure related measurements SNSSAI labels are not provided. - Number of registration requests received by the AMF is exposed for each registration type. ``` fivegs_amffunction_rm_reginitreq 1 fivegs_amffunction_rm_regmobreq 0 fivegs_amffunction_rm_regperiodreq 0 fivegs_amffunction_rm_regemergreq 0 ``` - Number of successful initial registrations at the AMF is exposed for each registration type. ``` fivegs_amffunction_rm_reginitsucc 1 fivegs_amffunction_rm_regmobsucc 0 fivegs_amffunction_rm_regperiodsucc 0 fivegs_amffunction_rm_regemergsucc 0 ``` - The existing counter of failed registrations at the AMF is exposed separately for each registration type. ``` fivegs_amffunction_rm_reginitfail fivegs_amffunction_rm_regmobfail fivegs_amffunction_rm_regperiodfail fivegs_amffunction_rm_regemergfail ``` 5.2.5.2 Measurements for 5G paging Number of 5G paging procedures initiated at the AMF: ``` fivegs_amffunction_mm_paging5greq 1 ``` Number of successful 5G paging procedures initiated at the AMF: ``` fivegs_amffunction_mm_paging5gsucc 1 ``` 5.2.11 Authentication procedure related measurements Number of authentication requests: ``` fivegs_amffunction_amf_authreq 2 ``` Number of authentication rejections: ``` fivegs_amffunction_amf_authreject 1 ``` Number of failed authentications due to parameter error: ``` fivegs_amffunction_amf_authfail{cause="21"} 1 ``` 5.2.8 UE Configuration Update procedure related measurements Number of UE Configuration Update commands requested by the AMF: ``` fivegs_amffunction_mm_confupdate 2 ``` Number of UE Configuration Update complete messages received by the AMF: ``` fivegs_amffunction_mm_confupdatesucc 1 ``` * [SMF] Fixed crash during UPF-HA process (open5gs#2115) * Added log message for troubleshooting open5gs#2117 * Release v2.6.0 * Update document for v2.6.0 * Upgrade to Release-17 * Release v2.6.1 * Release v2.6.1 * Update document for v2.6.1 * [NAS/GTP/PFCP] Upgrade IE to Release-17 As raised in open5gs#2147, AMF fails to decode S1 UE Network Capability. So I reviewed all IE in NAS, GTP and PFCP and fixed it for Release-17. * [AMF] Fix handling Service Request In case that handling Service Request results in an error, AMF sends a Service Reject and sets UE's context to exception state. Without the 'break', the code would set UE's context to registered state. * [BSF] Removed MongoDB in BSF configuration file * [SBI] Added Handler for Subscription PATCH (open5gs#2152) * [SBI] Conforms standard in Subscription API(open5gs#2152) POST requests to {apiRoot}/nnrf-nfm/v1/subscriptions return a HTTP Location header in 201 respose in the form {apiRoot}/nnrf-nfm/v1/subscriptions/{subscriptionID} * [SBI] Check POST format in Subscription (open5gs#2152) POST requests to {apiRoot}/nnrf-nfm/v1/subscriptions/{subscriptionID} return an error * add git ignore --------- Co-authored-by: Dibas Das <dibasdas02@gmail.com> Co-authored-by: Sukchan Lee <acetcom@gmail.com> Co-authored-by: Bostjan Meglic <b.meglic@iskratel.si> Co-authored-by: jmasterfunk84 <48972964+jmasterfunk84@users.noreply.github.com> Co-authored-by: Spencer Sevilla <spencer.builds.networks@gmail.com> Co-authored-by: safaorhann <safa.orhan@b-ulltech.com> Co-authored-by: mitmitmitm <ois@oasd8i.at> Co-authored-by: EugeneBogush <eugeneb2008@gmail.com> Co-authored-by: Yarin Sergey <yarin@iskrauraltel.ru> Co-authored-by: lost_res <wilcodex8@gmail.com> Co-authored-by: Flander Bojan <flander@iskratel.si> Co-authored-by: Lester <55822214+lester-001@users.noreply.github.com> Co-authored-by: Miguel Borges de Freitas <miguel-r-freitas@alticelabs.com> Co-authored-by: Gaber Stare <g.stare@iskratel.si> Co-authored-by: Matej Gradisar <gradisar@iskratel.si> Co-authored-by: ridzafauzi <ridza.fauzi@yahoo.com> Co-authored-by: Spencer Sevilla <spencer@MacBook-Air.local> Co-authored-by: Richard <pobk@users.noreply.github.com> Co-authored-by: Ali Shirvani <alishirv@pm.me>
|
This issue has been closed automatically due to lack of activity. This has been done to try and reduce the amount of noise. Please do not comment any further. The Open5GS Team may choose to re-open this issue if necessary. |
|
Hey! @oktavlachs |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hey @acetcom ,
Lukas from ng-voice here. Finally got the chance to try out VoNR with our IMS core in a 5G SA network. 馃憤
Network attach and IMS Registration is fine, so is the SIP INVITE sent out by the UE.
Unfortunately when using N5 interface towards the PCF (npcf-policyauthorization, POST /app-sessions) I face two issues, from which the second one is of higher priority.
When sending an AF_SIGNALLING request, we get a 500 internal error, I believe (but not know for sure) because of the missing Media-Type, which is not required as per spec in this case, see TS 29.214, section 4.4.5. That is at least what the logs show as an error.
A segfault after the PCF fails to process the proper app-session establishment request.
Please find attached a trace and the PCF debug logs showing what I send to the PCF from the PCSCF.
Not sure if the core dump is of any help, since I am deploying in docker containers and was not able to run with gdb up til now, but hopefully it does. Otherwise, let me know and I can see what I can do.
Could you also give an estimation on when you would be able to check this?
Thanks a lot in advance :)
Cheers,
Lukas
The core dump shows the following:
npcf_policyauthorization_crash.zip
The text was updated successfully, but these errors were encountered: