MME: handle EPS Bearer Context Status mismatch when active_flag=0 (#4112)

When the UE sends a Tracking Area Update (TAU) Request with active_flag=0, the MME previously sent TAU Accept without verifying the EPS Bearer Context Status (EBCS). This caused stale bearer sessions to remain in the MME even if the UE had already released them. According to 3GPP TS 24.301 §5.5.3.2, the MME should release any bearer not reported in the UE’s EBCS when active_flag=0. This patch introduces mme_send_delete_session_or_tau_accept(), which compares the UE’s EBCS bitmask with the MME session list and deletes any missing default bearer session before sending TAU Accept. If no mismatch is found, TAU Accept is sent immediately. The Delete Session response triggers TAU Accept when deletions are required. This ensures that the TAU Accept message reflects the UE’s current bearer context accurately. Also includes: - Added OGS_GTP_DELETE_SEND_TAU_ACCEPT handling in mme-s11-handler.c - Simplified EBCS structure (uint16_t value) for bitmask comparison - Updated TAU-related tests with realistic EBI bitmasks (0x20, 0x60) This change aligns TAU handling with 3GPP 24.301 and prevents bearer mismatch issues between UE and EPC during TAU.
2025-11-02 04:53:37 +00:00 · 2025-10-16 21:45:09 +09:00
parent 51b967f4f9
commit fd897f35a3
17 changed files with 508 additions and 48 deletions
--- a/lib/gtp/xact.h
+++ b/lib/gtp/xact.h
@@ -133,6 +133,7 @@ typedef struct ogs_gtp_xact_s {
 #define OGS_GTP_DELETE_SEND_RELEASE_WITH_S1_REMOVE_AND_UNLINK   6
 #define OGS_GTP_DELETE_HANDLE_PDN_CONNECTIVITY_REQUEST          7
 #define OGS_GTP_DELETE_IN_PATH_SWITCH_REQUEST                   8
+#define OGS_GTP_DELETE_SEND_TAU_ACCEPT                          9

    int             delete_action;

--- a/lib/nas/common/types.h
+++ b/lib/nas/common/types.h
@@ -90,22 +90,27 @@ typedef struct ogs_nas_additional_information_s {
 * O TLV 4 */
 typedef struct ogs_nas_eps_bearer_context_status_s {
    uint8_t length;
-ED8(uint8_t ebi7:1;,
-    uint8_t ebi6:1;,
-    uint8_t ebi5:1;,
-    uint8_t ebi4:1;,
-    uint8_t ebi3:1;,
-    uint8_t ebi2:1;,
-    uint8_t ebi1:1;,
-    uint8_t ebi0:1;)
-ED8(uint8_t ebi15:1;,
-    uint8_t ebi14:1;,
-    uint8_t ebi13:1;,
-    uint8_t ebi12:1;,
-    uint8_t ebi11:1;,
-    uint8_t ebi10:1;,
-    uint8_t ebi9:1;,
-    uint8_t ebi8:1;)
+    union {
+        struct {
+        ED8(uint8_t ebi7:1;,
+            uint8_t ebi6:1;,
+            uint8_t ebi5:1;,
+            uint8_t ebi4:1;,
+            uint8_t ebi3:1;,
+            uint8_t ebi2:1;,
+            uint8_t ebi1:1;,
+            uint8_t ebi0:1;)
+        ED8(uint8_t ebi15:1;,
+            uint8_t ebi14:1;,
+            uint8_t ebi13:1;,
+            uint8_t ebi12:1;,
+            uint8_t ebi11:1;,
+            uint8_t ebi10:1;,
+            uint8_t ebi9:1;,
+            uint8_t ebi8:1;)
+        };
+        uint16_t value;
+    };
 } __attribute__ ((packed)) ogs_nas_eps_bearer_context_status_t;

 typedef struct ogs_nas_mobile_identity_imeisv_s {