Implement support for Node-Identifier IE in GTPv2 S2b Create-Session-Request
to SMF for Diameter S6b integration
This patch adds support for processing the Node-Identifier IE within GTPv2
Create-Session-Request messages sent via the S2b interface to the SMF.
When the ePDG includes the Node-Identifier IE containing both host and realm
of the AAA-Server, the SMF now uses this information to populate
the Destination-Realm and Destination-Host AVPs in the Diameter S6b AAR message.
This enables seamless integration and allows the SMF to route requests directly
to the appropriate AAA-Server, enhancing interoperability in setups
where the host and realm data are required by the Diameter network.
This field was previously omitted, which could lead to
improper handling of interface-specific logic in certain scenarios.
The addition of the 3GPP Interface Type ensures correct behavior
in compliance with the 3GPP standards for PFCP message handling.
1. Fix SGW-U/UPF bug by comparing QFI only when PDI's QFI is present
Resolved an issue where the QoS Flow Identifier in the GTP-U Extension Header
was incorrectly compared regardless of the presence of PDI's QFI.
Updated the implementation to perform the comparison
only when PDI's QFI is present.
2. Add Outer Header Removal settings to SGW's PDR where necessary
Addressed the absence of Outer Header Removal in the SGW's PDR
by adding it to all required locations, ensuring proper header handling.
3. Remove unnecessary GTP-U Extension Header Removals
Eliminated all instances of GTP-U Extension Header Removal
since they should only be used during handover from 5GS to EPS.
This cleanup prevents improper header removals in other scenarios.
4. Delete unnecessary usage of Network Interface and UE IP Address
Removed all redundant references to Network Interface and UE IP Address,
streamlining the codebase and reducing potential confusion.
5. Change precedence so that Control has higher priority than Data
Adjusted the precedence settings to ensure that Control messages
are given higher priority over Data, enhancing the system's efficiency
and responsiveness.
1. Set packet filter identifier values to 0 when the UE requests to:
- Create new QoS rule
- Modify existing QoS rule and replace all packet filters
- Modify existing QoS rule and add packet filters - As specified in TS24.501, section 9.11.4.13, Table 9.11.4.13.1.
2. Revise QoS rule modification logic:
- Instead of replacing packet filters based on their identifiers (EPC approach), update the implementation to delete all existing packet filters within the QoS rule and add new ones.
- This ensures that when modifying an existing QoS rule to replace all packet filters, the packet filters are correctly reset and updated per 5G Core requirements.
- **Correct Packet Filter Identifier Handling:**
Remove the addition of +1 when searching for the packet filter context using `smf_pf_find_by_identifier()` in the 5G Core SMF. According to 3GPP TS24.008 Section 10.5.6.12 and TS24.501 Section 9.11.4.13, the Packet Filter Identifier should range from 1 to 15 (or 0 to 15) depending on the operation and should be used directly as received from the UE.
- **Adjust Maximum Number of Packet Filter Identifiers:**
Change the maximum number of Packet Filter Identifiers from **16** to **15** in the SMF to comply with the 3GPP specifications. The standards specify that the number of packet filters shall be greater than 0 and less than or equal to 15 for certain operations.
**Background:**
In the current 5GC implementation, the SMF incorrectly adds +1 to the identifier received from the UE and allows up to 16 identifiers, leading to mismatches and potential communication issues. These discrepancies cause the SMF to fail in correctly locating the packet filter context, resulting in improper QoS rule enforcement.
**Changes Made:**
- **For Packet Filter Identifier Handling:**
- Updated the SMF code to use the identifier received from the UE directly without modification:
```c
// Corrected code for 5GC:
pf = smf_pf_find_by_identifier(
qos_flow, qos_rule[i].pf[j].identifier);
```
- **For Maximum Number of Packet Filter Identifiers:**
- Adjusted the code to enforce a maximum of 15 packet filters as per the specifications.
**Impact:**
- **Compliance:**
- Ensures that the 5GC implementation of Open5GS adheres to the 3GPP TS24.008 and TS24.501 specifications regarding Packet Filter Identifier handling and limits.
- **Functionality:**
- Corrects the mapping and management of packet filters between the UE and SMF in 5GC, preventing potential communication issues and misconfigurations.
- **EPC Implementation:**
- The EPC implementation remains unaffected by these changes. EPC correctly handles the Packet Filter Identifier by decrementing it by 1 before sending it to the UE and adding +1 when searching for the packet filter context.
**Conclusion:**
By making these adjustments, we ensure proper synchronization between the UE and SMF in the 5G Core and maintain compliance with the 3GPP specifications. This fix resolves the mismatches caused by incorrect identifier handling and enforces the correct limit on the number of packet filters, enhancing the reliability and standards compliance of the 5GC implementation without impacting the existing correct behavior in EPC.
Decrement the Packet Filter Identifier by 1 before sending it to the UE
during GSM message construction. This correction ensures proper synchronization
between the UE and SMF, allowing `smf_pf_find_by_identifier()` to accurately
locate the corresponding `pf` context without adjusting the identifier
during the search.
This fix aligns the 5GC implementation with the EPC behavior,
where the identifier was correctly decremented before transmission to the UE,
preventing mismatches and synchronization issues.
I have modified the PAA's IPv6 prefix length from 8 to 64.
This adjustment ensures that the prefix length now correctly reflects
the standard /64 notation, in accordance with the specifications.
I wanted to let you know that I have modified the SMF configuration
to send S2b PGW GTP-U instead of S5/S8 PGW GTP-U in WLAN.
This adjustment should ensure that the correct interface type is used,
as per the specifications.
The issue was that the PLMN-ID of the TAI was incorrectly being
retrieved from the PLMN-ID of the EUTRAN_CGI.
As a result, when the PLMN-IDs of the TAI and EUTRAN_CGI were improperly set,
the MME would crash.
All issues have now been resolved.
This commit doesn't add any PCRF specific metrics, only all the
boilerplate code to instantiate libmetrics and hence have the generic
prometheus metrics available.
There's no real need for a separate thread, it all can run with a timer.
Furthermore, this will ease submitting events towards app so that they
can update diameter metrics.
This commit is a follow-up from previous one, split to ease review.
In this commit, the SGSN Context Ack towards SGSN plus session creation
towards SGW is further delayed until authorizing + SecurityModeCommand
against UE has succeeded, hence meaning we have a fully operating
context to communicate with it.
As per 3GPP TS 23.401 Annex D.3.6 step 6, "Security functions may be
executed" during TAU (UE cell reselection 2g->4g).
The idea is that the 4G network should check the integrity of the TAU,
and only if iexisting and valid then accept it right away. Otherwise,
an authorization procedure is started.
Until now, during 2g->4g TAU we were retrieving and acking the PDP Context
received from the SGSN and creating the session against the SGW right away.
Tests done so far with real phones ended up in unsuccesful results when
tring to reuse the 4g context derived from 2g, due to yet unknown
reasons.
Hence, with this patch we simply force for now the re-auth and
recreation of security context before completing the TAU. This showed
good results during testing with real phones.
The security context is recreated through:
* S6a 3gpp-Authentication-Info towards HSS
* S1AP/NAS Authentication Request+Response towards UE
* SecurityModeCommand towards UE.
This patch is the first step towards delaying SGSN Context Ack after the whole
authentication is done against the UE. Patches are splitted for ease of
review.
This patch is only delaying session setup after the S6a procedure.
Follow-up patch will delay it further.
In case that UE requests a PDU session with specific SSC Mode
for which it is not authorized, reject the request
instead of trying to continue processing it.
