When another NF restarts, curl reuses the existing connection, which in
curl 8.9.1 causes the nghttp2 server to send an RST. This commit sends a
GOAWAY frame to every active session on shutdown, ensuring a graceful
termination and avoiding RST errors.
Previous versions such as curl 7.81.0 did not exhibit this behavior.
Previously, nf_instance pointers were stored in nf_type_array and
service_type_array. This led to dangling pointers when an NF instance
was removed via ogs_sbi_nf_instance_remove(), causing incomplete cleanup
and improper recovery on UDR or other NF restarts. The issue resulted in
the system falling back to nf_instance->client with the default port 80,
leading to connection failures.
To resolve the problem, nf_instance_id is now stored instead of the
pointer. The validity of an NF instance is verified using
ogs_sbi_nf_instance_find(nf_instance_id), which ensures proper cleanup
and correct recovery.
In case that NF do not send ProblemDetails in the response.
Do not assume that ProblemDetails is always present, to prevent null
pointer dereferencing.
When receiving a PFCP Session Establishment Request with an invalid PDN type(0),
the UPF would crash due to a failed assertion.
This commit improves error handling by:
- Removing the session_type assertion check that caused the crash
- Changing warning log to error log for better visibility
- Returning CAUSE_SERVICE_NOT_SUPPORTED instead of proceeding
with invalid type
This prevents potential DoS attacks through malformed PFCP messages.
Before this, there were 2 different ways to search for neighbouring
NF's:
a) in the case AMF was started _before_ UDM, AMF would create
subscription to NRF to notify it when a UDM would (un)register. In this
case, NF instance would remain in AMF's context indefinitely.
b) in the case AMF was started _after_ UDM, AMF would have to use NF
discovery mechanism to search for NF's. In this case, NF instance would
remain in AMF's context for the duration of Search's validity (defaults
to 30 seconds). After validity expires, NF would expire. This means that
for heavy traffic situations, AMF would constantly issue discovery
requests.
[SBI] save only wanted NF instances on NF List Retrieval
When retrieving a list of NF Instances from NRF, save only the NF's that
we want. Check the NF instance against our subscription list for either
the NF type or NF Service.
This can still cause a DoS on NRF when NF starts in case there are 100's
of NF's in the network, but prevents using too much memory on NF.
* [UDM][UDR] Add support for nssai resource in nudm-sdm
* Resolve Memory Issue
* Protect from multiple field entries, remove macros
* remove request_from_server, make use of xact state
* typo....
* definition cleanup
When a duplicate PDU session establishment is received, the AMF logs a
warning and proceeds to update the SM context via the SBI interface. This
process eventually calls amf_nsmf_pdusession_build_create_sm_context(), which
uses the SUPI to build the SBI URI header. If the SUPI is NULL, then the header's
resource component becomes NULL. This leads to a call to ogs_uridup() that
asserts on the NULL value, causing a crash.
This commit adds a check before invoking the SBI update. If the SUPI is NULL,
the update is skipped and a warning is logged. This prevents the invalid URI
build process and avoids the subsequent crash in ogs_uridup().
During handover between two gNBs, the AMF enters an invalid state when it
receives an unexpected SBI response from the UDM in the process of sending
a smf-select-data request. This bug could lead to an AMF crash as the state
machine in gmm_state_registration encountered an unknown state.
The fix adds explicit handling for SBI messages with resource names such as
AM_DATA, SMF_SELECT_DATA, UE_CONTEXT_IN_SMF_DATA, and SDM_SUBSCRIPTIONS.
If the HTTP response status is not OK, CREATED, or NO_CONTENT, a warning
is logged and the message is ignored. This prevents the AMF from transitioning
into an abnormal state and improves overall stability during frequent handovers.
Previously, policies were configured via YAML files without MongoDB.
This update enhances the YAML approach by adding the 'supi_range' key to
filter policies based on UE SUPI ranges. When both 'supi_range' and
'plmn_id' are provided, both conditions must be met.
Note that PLMN-ID filtering will be deprecated in a future release.
Replace enb_ue with source_ue to correctly reference the target eNodeB
context during handover. Added null checks and assertions to ensure proper
session cleanup in both mme-s11-handler.c and s1ap-handler.c.
This commit modifies the message length check in ogs_pfcp_recvfrom.
Previously, the condition only verified that the received size was less than
the expected length, which could allow messages that are too long to be
processed.
The condition now requires an exact match between the received
size and the expected total PFCP message length, ensuring proper message
validation.
This commit adds additional checks in the PFCP receive callback to ensure
that a complete PFCP message is received before parsing. A minimum header
length check and a total message length validation are now performed. This
prevents incomplete, fragmented messages from being processed and avoids
potential parsing errors and DoS conditions.
Previously, the function `udm_nudm_sdm_handle_subscription_create()` would
trigger a fatal assertion failure if the maximum number of SDM subscriptions
was reached.
This commit adds error handling to check if the subscription pool allocation
fails.
If `udm_sdm_subscription_add()` returns NULL, an appropriate error message is
logged, and a 400 Bad Request response is sent back to the client instead of
causing a crash.
Wrap SSL_CTX_set_keylog_callback calls with an OpenSSL version check
to ensure compatibility with versions older than 1.1.1.
This prevents compilation issues on earlier OpenSSL releases,
such as those found on Ubuntu 18.04(bionic).
Each received PFCP message triggered ogs_pfcp_node_find(), causing a DNS
resolution if node_id was FQDN. Under heavy traffic, this could lead to
excessive DNS queries.
- Implement a 300-second refresh interval to avoid repeated DNS lookups.
- Store last_dns_refresh in each node to defer new queries until needed.
- Treat config-based nodes with no Node ID as UNKNOWN, matching them by IP
alone until ogs_pfcp_node_merge() updates their ID.
- Validate IPv4, IPv6, or FQDN types in ogs_pfcp_node_merge() and reject
invalid IDs.
- Provide inline code comments for clarity and maintainability.
This commit addresses an Open5GS bug where the AMF process crashes
when receiving npcf-am-policy-control service responses during UE handovers.
The crash was occurring in the gmm_state_authentication() function
when the AMF encountered an unexpected SBI (Service Based Interface) message
from the PCF related to AM Policy Control requests.
Added a new case block in gmm_state_authentication() to explicitly handle
messages with the service name OGS_SBI_SERVICE_NAME_NPCF_AM_POLICY_CONTROL.
- Replace direct usage of OGS_ADDR/OGS_PORT macros with
ogs_sockaddr_to_string_static() for consistent IPv4/IPv6 logging.
- Remove redundant stack buffer allocations for address printing.
- Update PFCP node address handling to use addr_list and related
merges, avoiding obsolete sa_list references.
- Use ogs_pfcp_extract_node_id() and related APIs to safely extract
PFCP Node ID, improving error handling and reducing stack usage.
- Changed ogs_sockaddr_strdup to ogs_sockaddr_to_string_static
- Replaced dynamic allocation with a static buffer
- Updated source and header files accordingly
Created util.h and util.c to implement the ogs_pfcp_get_node_id function,
which retrieves the node_id from a PFCP message. Utilized the
ogs_pfcp_status_e enum for enhanced error handling, distinguishing
between success, absence, and error states.
Modified the `ogs_gtp/pfcp_context_parse_config` function to iterate through
all configured GTP/PFCP server addresses. When a Fully Qualified Domain
Name (FQDN) resolves to multiple IP addresses, the server now binds and
listens on each IP address individually.
These modifications enhance the flexibility and reliability of the GTP/PFCP
server within Open5GS, allowing it to handle multiple network
interfaces and redundant IP configurations as required.
In case that mapped HPLMN SST was not set by the UE in the request to
Establish PDU Session, AMF/SMF would assume it is set to 0 (since the
recent change to allow SST value 0).
3GPP TS 23.003: 28.4.2 Format of the S-NSSAI
The SST field may have standardized and non-standardized values. Values
0 to 127 belong to the standardized SST range and they are defined in
3GPP TS 23.501 [119]. Values 128 to 255 belong to the Operator-specific
range.
Introduce client_delegated_config to manage delegation settings for NRF and SCP
separately. This ensures that in Model C, all NRF-related procedures
(registration, heartbeat, deregistration, etc.) communicate directly with the
NRF without routing through the SCP. This change aligns Open5GS behavior with
3GPP standards, providing consistent direct communication for both discovery
and management in Model C, and maintaining indirect communication in Model D.
- Direct Communication with NRF
```
sbi:
client:
nrf:
- uri: http://127.0.0.10:7777
```
- Indirect Communication by Delegating to SCP
```
sbi:
client:
scp:
- uri: http://127.0.0.200:7777
```
- Indirect Communication without Delegation
```
sbi:
client:
nrf:
- uri: http://127.0.0.10:7777
scp:
- uri: http://127.0.0.200:7777
delegated:
nrf:
nfm: no # Directly communicate NRF management functions
disc: no # Directly communicate NRF discovery
scp:
next: no # Do not delegate to SCP for next-hop
```
- Indirect Communication with Delegated Discovery
```
sbi:
client:
nrf:
- uri: http://127.0.0.10:7777
scp:
- uri: http://127.0.0.200:7777
delegated:
nrf:
nfm: no # Directly communicate NRF management functions
disc: yes # Delegate discovery to SCP
scp:
next: yes # Delegate to SCP for next-hop communications
```
- Default delegation: all communications are delegated to the SCP
```
sbi:
client:
nrf:
- uri: http://127.0.0.10:7777
scp:
- uri: http://127.0.0.200:7777
# No 'delegated' section; defaults to AUTO delegation
```
This update allows the parsing and handling of user-defined port numbers
in the `advertise` field or explicitly in the `server` configuration for
SBI. Users can now specify non-default ports for both binding and
advertising while maintaining compatibility with existing configurations.
The feature includes logic to handle FQDNs with embedded port numbers
(e.g., `example.com:8080`) and ensures proper memory management during
parsing. Updated the client association logic to utilize custom ports
when specified.
Examples:
- Bind to the address on the eth0 and advertise as open5gs-amf.svc.local
```
sbi:
server:
- dev:eth0
advertise: open5gs-amf.svc.local
```
- Specify a custom port number 7777 while binding to the given address
```
sbi:
server:
- address: amf.localdomain
port: 7777
```
- Bind to 127.0.0.5 and advertise as open5gs-amf.svc.local
```
sbi:
server:
- address: 127.0.0.5
port: 7777
advertise: open5gs-amf.svc.local
```
- Bind to port 7777 but advertise with a different port number 8888
```
sbi:
server:
- address: 127.0.0.5
port: 7777
advertise: open5gs-amf.svc.local:8888
```
- Add `sslkeylogfile` configuration options to `*.yaml.in` in NFs.
- Update `open5gs-common.dirs` to include `var/log/open5gs/tls` directory
- Extend `ogs_sbi_context_s` structure in `context.h` to include `sslkeylog`
- Modify `context.c` to parse and handle `sslkeylogfile` settings
- Update `server.c` and `server.h` to manage the `sslkeylog` field
in server structures
- Update `ogs_sbi_client_add` and `ogs_sbi_client_remove` functions to handle
`sslkeylog` field.
- Adjust `meson.build` to create the TLS log directory during installation
This commit introduces SSL key logging functionality to Open5GS,
enabling the capture of SSL/TLS keys. This feature is essential
for debugging encrypted traffic and allows integration with tools
like Wireshark for decrypting TLS sessions.
