Projects
osmocom:latest
open5gs
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
Expand all
Collapse all
Changes of Revision 7
View file
open5gs_2.5.1.tar.xz/docs/_posts/2022-10-25-release-v2.5.0.md
Deleted
@@ -1,93 +0,0 @@ ---- -title: "v2.5.0 - SCP for Indirect Communication" -date: 2022-10-25 22:54:00 +0900 -categories: - - Release -tags: - - News - - Release -head_inline: "<style> ul { padding-bottom: 1em; } .blue { color: blue; }</style>" ---- - -#### New Feature - -SCP(Service Communication Proxy) is added to support Indirect Communication based on TS29.500. The default Open5GS configuration is provided as an indirect communication using SCP. - -- amf.yaml If NFs are configured to use Delegated Discovery through the SCP, you do not need to set up NRF. - -``` -amf: - sbi: - - addr: 127.0.0.5 - port: 7777 - -scp: - sbi: - - addr: 127.0.1.10 - port: 7777 - -#nrf: -# sbi: -# - addr: -# - 127.0.0.10 -# - ::1 -# port: 7777 -``` - -- scp.yaml NRF is needed for Delegated Discovery in SCP configuration. - -``` -scp: - sbi: - - addr: 127.0.1.10 - port: 7777 - -# -# next_scp: -# sbi: -# addr: 127.0.1.11 -# port: 7777 -# - -nrf: - sbi: - - addr: - - 127.0.0.10 - - ::1 - port: 7777 -``` - -- nrf.yaml If there is an SCP in the NRF configuration, a notification(nnrf-nfm/nf-status-notify) is sent through an indirect communication. - -``` -nrf: - sbi: - addr: - - 127.0.0.10 - - ::1 - port: 7777 - -scp: - sbi: - - addr: 127.0.1.10 - port: 7777 -``` - - -#### Enhancements -- WebUI/DB Fixed the WebUI to Support MongoDB 6.0( (#1824(https://github.com/open5gs/open5gs/issues/1824)) -- bmeglicit(https://github.com/bmeglicit) -- DBI Disable Changes Streams with mongo Version (#1833(https://github.com/open5gs/open5gs/pull/1833)) -- jmasterfunk84(https://github.com/jmasterfunk84) -- SBI Added 3gpp-Sbi-Sender-Timestamp and 3gpp-Sbi-Max-Rsp-Time -- 7c8722d(https://github.com/open5gs/open5gs/commit/7c8722d9d4d2db13d889be1e5e37bc062f069396) -- MME Cancel Location while Idle (#1797(https://github.com/open5gs/open5gs/pull/1797)) -- jmasterfunk84(https://github.com/jmasterfunk84) -- MME Support for Insert Subscriber Data (#1794(https://github.com/open5gs/open5gs/pull/1794)) -- jmasterfunk84(https://github.com/jmasterfunk84) - -#### Bug Fixes -- SGW-C Fixed the bug of SGW-C session deletion (#1825(https://github.com/open5gs/open5gs/pull/1825)) -- dai9000(https://github.com/dai9000), cmmacneill53(https://github.com/cmmacneill53) -- AMF Reject registration requests when pool for UE context is empty (#1828(https://github.com/open5gs/open5gs/pull/1828)) -- bmeglicit(https://github.com/bmeglicit) -- AMF Increase size of TMSI pool (#1827(https://github.com/open5gs/open5gs/pull/1827)) -- bmeglicit(https://github.com/bmeglicit) -- AMF/UDM Added support to subscribe to SDM changes (#1820(https://github.com/open5gs/open5gs/pull/1820)) -- bmeglicit(https://github.com/bmeglicit) -- PFCP Do not check qos_flow in PFCP Report message (#1819(https://github.com/open5gs/open5gs/pull/1819)) -- ssafaorhan(https://github.com/ssafaorhan) -- PFCP Fixed invalid message of Dropped DL Traffic threshold (#1817(https://github.com/open5gs/open5gs/pull/1817)) -- ssafaorhan(https://github.com/ssafaorhan) - -Download -- v2.5.0.tar.gz(https://github.com/open5gs/open5gs/archive/v2.5.0.tar.gz) -{: .notice--info}
View file
open5gs_2.5.1.dsc -> open5gs_2.5.3.dsc
Changed
@@ -2,7 +2,7 @@ Source: open5gs Binary: open5gs-common, open5gs-mme, open5gs-sgwc, open5gs-smf, open5gs-amf, open5gs-sgwu, open5gs-upf, open5gs-hss, open5gs-pcrf, open5gs-nrf, open5gs-scp, open5gs-ausf, open5gs-udm, open5gs-pcf, open5gs-nssf, open5gs-bsf, open5gs-udr, open5gs, open5gs-dbg Architecture: any -Version: 2.5.1 +Version: 2.5.3 Maintainer: Harald Welte <laforge@gnumonks.org> Uploaders: Sukchan Lee <acetcom@gmail.com> Homepage: https://open5gs.org @@ -31,8 +31,8 @@ open5gs-udr deb net optional arch=any open5gs-upf deb net optional arch=any Checksums-Sha1: - ce7282c6d728e0e24c12487198e02d80ff7db19d 11488092 open5gs_2.5.1.tar.xz + fe7094b8aa8cffcb542434f24e6e5b0512f73743 11489140 open5gs_2.5.3.tar.xz Checksums-Sha256: - b0ce7529d667390338917126ad7075601b686138086dde6e4f6beb83797e05a5 11488092 open5gs_2.5.1.tar.xz + 9708b442e700b18e633a886fd350f80eab024c7726fcae56d0d56ca192dc7443 11489140 open5gs_2.5.3.tar.xz Files: - 754d8509044142ce18f5c925f7885a64 11488092 open5gs_2.5.1.tar.xz + 454edc0994b134140320fd3dc41f0639 11489140 open5gs_2.5.3.tar.xz
View file
open5gs_2.5.1.tar.xz/.tarball-version -> open5gs_2.5.3.tar.xz/.tarball-version
Changed
@@ -1 +1 @@ -2.5.1 +2.5.3
View file
open5gs_2.5.1.tar.xz/configs/logrotate/open5gs.in -> open5gs_2.5.3.tar.xz/configs/logrotate/open5gs.in
Changed
@@ -7,7 +7,7 @@ create 640 open5gs open5gs postrotate - for i in nrfd pcrfd hssd ausfd udmd udrd upfd sgwcd sgwud smfd mmed amfd; do + for i in nrfd scpd pcrfd hssd ausfd udmd udrd upfd sgwcd sgwud smfd mmed amfd; do systemctl reload open5gs-$i done endscript
View file
open5gs_2.5.1.tar.xz/configs/newsyslog/open5gs.conf.in -> open5gs_2.5.3.tar.xz/configs/newsyslog/open5gs.conf.in
Changed
@@ -2,6 +2,7 @@ # # logfilename owner:group mode count size when flags /pid_file sig_num @localstatedir@/log/open5gs/nrf.log 644 14 * $D0 GZ @localstatedir@/run/open5gs-nrfd/pid` +@localstatedir@/log/open5gs/scp.log 644 14 * $D0 GZ @localstatedir@/run/open5gs-scpd/pid` @localstatedir@/log/open5gs/pcrf.log 644 14 * $D0 GZ @localstatedir@/run/open5gs-pcrfd/pid` @localstatedir@/log/open5gs/hss.log 644 14 * $D0 GZ @localstatedir@/run/open5gs-hssd/pid` @localstatedir@/log/open5gs/ausf.log 644 14 * $D0 GZ @localstatedir@/run/open5gs-ausfd/pid`
View file
open5gs_2.5.1.tar.xz/configs/open5gs/smf.yaml.in -> open5gs_2.5.3.tar.xz/configs/open5gs/smf.yaml.in
Changed
@@ -440,7 +440,20 @@ # mnc: 70 # tac: 99 # - +# <Security Indication - 5G Core only> +# +# According to 3GPP TS38.413 Section 9.3.1.27, +# Security Indication IE may be instructed to 5G gNB. +# +# If you set the security_indication in smf.yaml, +# this information is delivered using PDU Session Resource Request Transfer IE +# +# security_indication: +# integrity_protection_indication: required|preferred|not-needed +# confidentiality_protection_indication: required|preferred|not-needed +# maximum_integrity_protected_data_rate_uplink: bitrate64kbs|maximum-UE-rate +# maximum_integrity_protected_data_rate_downlink: bitrate64kbs|maximum-UE-rate +# smf: sbi: - addr: 127.0.0.4
View file
open5gs_2.5.1.tar.xz/configs/systemd/open5gs-scpd.service.in -> open5gs_2.5.3.tar.xz/configs/systemd/open5gs-scpd.service.in
Changed
@@ -9,7 +9,7 @@ Group=open5gs Restart=always -ExecStart=@bindir@/open5gs-nrfd -c @sysconfdir@/open5gs/nrf.yaml +ExecStart=@bindir@/open5gs-scpd -c @sysconfdir@/open5gs/scp.yaml RestartSec=2 RestartPreventExitStatus=1 ExecReload=/bin/kill -HUP $MAINPID
View file
open5gs_2.5.1.tar.xz/debian/changelog -> open5gs_2.5.3.tar.xz/debian/changelog
Changed
@@ -1,8 +1,92 @@ +open5gs (2.5.3) unstable; urgency=medium + + * New NF - SCP(Service Communication Proxy) + + -- Sukchan Lee <acetcom@gmail.com> Mon, 31 Oct 2022 07:25:06 +0900 + +open5gs (2.5.3~kinetic) kinetic; urgency=medium + + * New NF - SCP(Service Communication Proxy) + + -- Sukchan Lee <acetcom@gmail.com> Mon, 31 Oct 2022 07:23:45 +0900 + +open5gs (2.5.3~jammy) jammy; urgency=medium + + * New NF - SCP(Service Communication Proxy) + + -- Sukchan Lee <acetcom@gmail.com> Mon, 31 Oct 2022 07:22:25 +0900 + +open5gs (2.5.3~focal) focal; urgency=medium + + * New NF - SCP(Service Communication Proxy) + + -- Sukchan Lee <acetcom@gmail.com> Mon, 31 Oct 2022 07:20:57 +0900 + +open5gs (2.5.3~bionic) bionic; urgency=medium + + * New NF - SCP(Service Communication Proxy) + + -- Sukchan Lee <acetcom@gmail.com> Mon, 31 Oct 2022 07:19:26 +0900 + +open5gs (2.5.2) unstable; urgency=medium + + * New NF - SCP(Service Communication Proxy) + + -- Sukchan Lee <acetcom@gmail.com> Sun, 30 Oct 2022 14:18:50 +0900 + +open5gs (2.5.2~kinetic) kinetic; urgency=medium + + * New NF - SCP(Service Communication Proxy) + + -- Sukchan Lee <acetcom@gmail.com> Sun, 30 Oct 2022 14:15:19 +0900 + +open5gs (2.5.2~jammy) jammy; urgency=medium + + * New NF - SCP(Service Communication Proxy) + + -- Sukchan Lee <acetcom@gmail.com> Sun, 30 Oct 2022 14:13:53 +0900 + +open5gs (2.5.2~focal) focal; urgency=medium + + * New NF - SCP(Service Communication Proxy) + + -- Sukchan Lee <acetcom@gmail.com> Sun, 30 Oct 2022 14:12:34 +0900 + +open5gs (2.5.2~bionic) bionic; urgency=medium + + * New NF - SCP(Service Communication Proxy) + + -- Sukchan Lee <acetcom@gmail.com> Sun, 30 Oct 2022 14:11:04 +0900 + open5gs (2.5.1) unstable; urgency=medium - * Automatically generated changelog entry for building the Osmocom latest feed + * New NF - SCP(Service Communication Proxy) + + -- Sukchan Lee <acetcom@gmail.com> Sat, 29 Oct 2022 12:37:52 +0900 + +open5gs (2.5.1~kinetic) kinetic; urgency=medium + + * New NF - SCP(Service Communication Proxy) + + -- Sukchan Lee <acetcom@gmail.com> Sat, 29 Oct 2022 12:36:17 +0900 + +open5gs (2.5.1~jammy) jammy; urgency=medium + + * New NF - SCP(Service Communication Proxy) + + -- Sukchan Lee <acetcom@gmail.com> Sat, 29 Oct 2022 12:34:51 +0900 + +open5gs (2.5.1~focal) focal; urgency=medium + + * New NF - SCP(Service Communication Proxy) + + -- Sukchan Lee <acetcom@gmail.com> Sat, 29 Oct 2022 12:32:53 +0900 + +open5gs (2.5.1~bionic) bionic; urgency=medium + + * New NF - SCP(Service Communication Proxy) - -- Osmocom OBS scripts <info@osmocom.org> Fri, 28 Oct 2022 00:28:30 +0000 + -- Sukchan Lee <acetcom@gmail.com> Sat, 29 Oct 2022 12:31:01 +0900 open5gs (2.5.0) unstable; urgency=medium
View file
open5gs_2.5.1.tar.xz/docker/webui/Dockerfile -> open5gs_2.5.3.tar.xz/docker/webui/Dockerfile
Changed
@@ -3,7 +3,7 @@ MAINTAINER Sukchan Lee <acetcom@gmail.com> ARG PACKAGE=open5gs -ARG VERSION=2.5.1 +ARG VERSION=2.5.3 RUN set -e; \ cd /usr/src; \
View file
open5gs_2.5.1.tar.xz/docs/_docs/guide/01-quickstart.md -> open5gs_2.5.3.tar.xz/docs/_docs/guide/01-quickstart.md
Changed
@@ -185,7 +185,7 @@ ```bash $ sudo apt update $ sudo apt install curl - $ curl -fsSL https://deb.nodesource.com/setup_16.x | sudo -E bash - + $ curl -fsSL https://deb.nodesource.com/setup_18.x | sudo -E bash - $ sudo apt install nodejs ```
View file
open5gs_2.5.1.tar.xz/docs/_docs/guide/02-building-open5gs-from-sources.md -> open5gs_2.5.3.tar.xz/docs/_docs/guide/02-building-open5gs-from-sources.md
Changed
@@ -418,7 +418,7 @@ ```bash $ sudo apt install curl -$ curl -fsSL https://deb.nodesource.com/setup_16.x | sudo -E bash - +$ curl -fsSL https://deb.nodesource.com/setup_18.x | sudo -E bash - $ sudo apt install nodejs ```
View file
open5gs_2.5.1.tar.xz/docs/_docs/tutorial/01-your-first-lte.md -> open5gs_2.5.3.tar.xz/docs/_docs/tutorial/01-your-first-lte.md
Changed
@@ -184,7 +184,7 @@ The following shows how to install the Web UI of Open5GS. ```bash -$ curl -fsSL https://deb.nodesource.com/setup_16.x | sudo -E bash - +$ curl -fsSL https://deb.nodesource.com/setup_18.x | sudo -E bash - $ sudo apt install nodejs $ curl -fsSL https://open5gs.org/open5gs/assets/webui/install | sudo -E bash - ```
View file
open5gs_2.5.3.tar.xz/docs/_posts/2022-10-31-release-v2.5.3.md
Added
@@ -0,0 +1,96 @@ +--- +title: "v2.5.3 - SCP for Indirect Communication" +date: 2022-10-31 07:17:00 +0900 +categories: + - Release +tags: + - News + - Release +head_inline: "<style> ul { padding-bottom: 1em; } .blue { color: blue; }</style>" +--- + +#### New Feature + +SCP(Service Communication Proxy) is added to support Indirect Communication based on TS29.500. The default Open5GS configuration is provided as an indirect communication using SCP. + +- amf.yaml If NFs are configured to use Delegated Discovery through the SCP, you do not need to set up NRF. + +``` +amf: + sbi: + - addr: 127.0.0.5 + port: 7777 + +scp: + sbi: + - addr: 127.0.1.10 + port: 7777 + +#nrf: +# sbi: +# - addr: +# - 127.0.0.10 +# - ::1 +# port: 7777 +``` + +- scp.yaml NRF is needed for Delegated Discovery in SCP configuration. + +``` +scp: + sbi: + - addr: 127.0.1.10 + port: 7777 + +# +# next_scp: +# sbi: +# addr: 127.0.1.11 +# port: 7777 +# + +nrf: + sbi: + - addr: + - 127.0.0.10 + - ::1 + port: 7777 +``` + +- nrf.yaml If there is an SCP in the NRF configuration, a notification(nnrf-nfm/nf-status-notify) is sent through an indirect communication. + +``` +nrf: + sbi: + addr: + - 127.0.0.10 + - ::1 + port: 7777 + +scp: + sbi: + - addr: 127.0.1.10 + port: 7777 +``` + + +#### Enhancements +- WebUI/DB Fixed the WebUI to Support MongoDB 6.0 (#1824(https://github.com/open5gs/open5gs/issues/1824)) -- bmeglicit(https://github.com/bmeglicit) +- NAS Discard NAS message if integrity is failed (#1848(https://github.com/open5gs/open5gs/pull/1848)) -- jmasterfunk84(https://github.com/jmasterfunk84) +- AMF Support REREGISTRATION_REQUIRED in dereg notify (#1858(https://github.com/open5gs/open5gs/pull/1858)) -- mitmitmitm(https://github.com/mitmitmitm) +- SMF Support Security Indication IE for 5G-SA UP integrity and confidentiality(#1851(https://github.com/open5gs/open5gs/discussions/1851)) -- irazairspan(https://github.com/irazairspan) +- DBI Disable Changes Streams with mongo Version (#1833(https://github.com/open5gs/open5gs/pull/1833)) -- jmasterfunk84(https://github.com/jmasterfunk84) +- SBI Added 3gpp-Sbi-Sender-Timestamp and 3gpp-Sbi-Max-Rsp-Time -- 7c8722d(https://github.com/open5gs/open5gs/commit/7c8722d9d4d2db13d889be1e5e37bc062f069396) +- MME Cancel Location while Idle (#1797(https://github.com/open5gs/open5gs/pull/1797)) -- jmasterfunk84(https://github.com/jmasterfunk84) +- MME Support for Insert Subscriber Data (#1794(https://github.com/open5gs/open5gs/pull/1794)) -- jmasterfunk84(https://github.com/jmasterfunk84) + +#### Bug Fixes +- SGW-C Fixed the bug of SGW-C session deletion (#1825(https://github.com/open5gs/open5gs/pull/1825)) -- dai9000(https://github.com/dai9000), cmmacneill53(https://github.com/cmmacneill53) +- AMF Reject registration requests when pool for UE context is empty (#1828(https://github.com/open5gs/open5gs/pull/1828)) -- bmeglicit(https://github.com/bmeglicit) +- AMF Increase size of TMSI pool (#1827(https://github.com/open5gs/open5gs/pull/1827)) -- bmeglicit(https://github.com/bmeglicit) +- AMF/UDM Added support to subscribe to SDM changes (#1820(https://github.com/open5gs/open5gs/pull/1820)) -- bmeglicit(https://github.com/bmeglicit) +- PFCP Do not check qos_flow in PFCP Report message (#1819(https://github.com/open5gs/open5gs/pull/1819)) -- ssafaorhan(https://github.com/ssafaorhan) +- PFCP Fixed invalid message of Dropped DL Traffic threshold (#1817(https://github.com/open5gs/open5gs/pull/1817)) -- ssafaorhan(https://github.com/ssafaorhan) + +Download -- v2.5.2.tar.gz(https://github.com/open5gs/open5gs/archive/v2.5.2.tar.gz) +{: .notice--info}
View file
open5gs_2.5.1.tar.xz/docs/assets/webui/install -> open5gs_2.5.3.tar.xz/docs/assets/webui/install
Changed
@@ -10,7 +10,7 @@ # PACKAGE="open5gs" -VERSION="2.5.1" +VERSION="2.5.3" print_status() { echo
View file
open5gs_2.5.1.tar.xz/lib/sbi/nf-sm.c -> open5gs_2.5.3.tar.xz/lib/sbi/nf-sm.c
Changed
@@ -301,8 +301,10 @@ break; case OGS_TIMER_NF_INSTANCE_NO_HEARTBEAT: - ogs_error("%s No heartbeat", - NF_INSTANCE_ID(ogs_sbi_self()->nf_instance)); + ogs_error("%s:%s No heartbeat", + NF_INSTANCE_ID(ogs_sbi_self()->nf_instance), + OpenAPI_nf_type_ToString( + NF_INSTANCE_TYPE(ogs_sbi_self()->nf_instance))); OGS_FSM_TRAN(s, &ogs_sbi_nf_state_will_register); break;
View file
open5gs_2.5.1.tar.xz/meson.build -> open5gs_2.5.3.tar.xz/meson.build
Changed
@@ -16,7 +16,7 @@ # along with this program. If not, see <https://www.gnu.org/licenses/>. project('open5gs', 'c', 'cpp', - version : '2.5.0', + version : '2.5.3', license : 'AGPL-3.0-or-later', meson_version : '>= 0.43.0', default_options : @@ -24,7 +24,7 @@ , ) -libogslib_version = '2.5.0' +libogslib_version = '2.5.3' prefix = get_option('prefix') bindir = join_paths(prefix, get_option('bindir'))
View file
open5gs_2.5.1.tar.xz/src/amf/gmm-sm.c -> open5gs_2.5.3.tar.xz/src/amf/gmm-sm.c
Changed
@@ -797,29 +797,35 @@ case OGS_NAS_5GS_SECURITY_MODE_COMPLETE: ogs_debug("%s Security mode complete", amf_ue->supi); - CLEAR_AMF_UE_TIMER(amf_ue->t3560); - - /* Now, We will check the MAC in the NAS message*/ + /* + * TS24.501 + * Section 4.4.4.3 + * Integrity checking of NAS signalling messages in the AMF + * + * Once the secure exchange of NAS messages has been established + * for the NAS signalling connection, the receiving 5GMM entity + * in the AMF shall not process any NAS signalling messages + * unless they have been successfully integrity checked by the NAS. + * If any NAS signalling message, having not successfully passed + * the integrity check, is received, then the NAS in the AMF shall + * discard that message. If any NAS signalling message is received, + * as not integrity protected even though the secure exchange + * of NAS messages has been established, then the NAS shall discard + * this message. + */ if (h.integrity_protected == 0) { ogs_error("%s Security-mode : No Integrity Protected", amf_ue->supi); - - ogs_assert(OGS_OK == - nas_5gs_send_gmm_reject(amf_ue, - OGS_5GMM_CAUSE_SECURITY_MODE_REJECTED_UNSPECIFIED)); - OGS_FSM_TRAN(s, &gmm_state_exception); break; } if (!SECURITY_CONTEXT_IS_VALID(amf_ue)) { ogs_warn("%s No Security Context", amf_ue->supi); - ogs_assert(OGS_OK == - nas_5gs_send_gmm_reject(amf_ue, - OGS_5GMM_CAUSE_SECURITY_MODE_REJECTED_UNSPECIFIED)); - OGS_FSM_TRAN(s, &gmm_state_exception); break; } + CLEAR_AMF_UE_TIMER(amf_ue->t3560); + gmm_cause = gmm_handle_security_mode_complete( amf_ue, &nas_message->gmm.security_mode_complete); if (gmm_cause != OGS_5GMM_CAUSE_REQUEST_ACCEPTED) {
View file
open5gs_2.5.1.tar.xz/src/mme/emm-sm.c -> open5gs_2.5.3.tar.xz/src/mme/emm-sm.c
Changed
@@ -870,26 +870,30 @@ CLEAR_MME_UE_TIMER(mme_ue->t3460); - /* Now, We will check the MAC in the NAS message*/ + /* + * TS24.301 + * Section 4.4.4.3 + * Integrity checking of NAS signalling messages in the MME: + * + * Once the secure exchange of NAS messages has been established + * for the NAS signalling connection, the receiving EMM or ESM entity + * in the MME shall not process any NAS signalling messages + * unless they have been successfully integrity checked by the NAS. + * If any NAS signalling message, having not successfully passed + * the integrity check, is received, then the NAS in the MME shall + * discard that message. If any NAS signalling message is received, + * as not integrity protected even though the secure exchange + * of NAS messages has been established, then the NAS shall discard + * this message. + */ h.type = e->nas_type; if (h.integrity_protected == 0) { ogs_error("%s No Integrity Protected", mme_ue->imsi_bcd); - - ogs_assert(OGS_OK == - nas_eps_send_attach_reject(mme_ue, - OGS_NAS_EMM_CAUSE_SECURITY_MODE_REJECTED_UNSPECIFIED, - OGS_NAS_ESM_CAUSE_PROTOCOL_ERROR_UNSPECIFIED)); - OGS_FSM_TRAN(s, &emm_state_exception); break; } if (!SECURITY_CONTEXT_IS_VALID(mme_ue)) { ogs_warn("%s No Security Context", mme_ue->imsi_bcd); - ogs_assert(OGS_OK == - nas_eps_send_attach_reject(mme_ue, - OGS_NAS_EMM_CAUSE_SECURITY_MODE_REJECTED_UNSPECIFIED, - OGS_NAS_ESM_CAUSE_PROTOCOL_ERROR_UNSPECIFIED)); - OGS_FSM_TRAN(s, &emm_state_exception); break; } @@ -1038,30 +1042,35 @@ case OGS_NAS_EPS_ATTACH_COMPLETE: ogs_info("%s Attach complete", mme_ue->imsi_bcd); - CLEAR_MME_UE_TIMER(mme_ue->t3450); - + /* + * TS24.301 + * Section 4.4.4.3 + * Integrity checking of NAS signalling messages in the MME: + * + * Once the secure exchange of NAS messages has been established + * for the NAS signalling connection, the receiving EMM or ESM entity + * in the MME shall not process any NAS signalling messages + * unless they have been successfully integrity checked by the NAS. + * If any NAS signalling message, having not successfully passed + * the integrity check, is received, then the NAS in the MME shall + * discard that message. If any NAS signalling message is received, + * as not integrity protected even though the secure exchange + * of NAS messages has been established, then the NAS shall discard + * this message. + */ h.type = e->nas_type; if (h.integrity_protected == 0) { ogs_error("%s No Integrity Protected", mme_ue->imsi_bcd); - - ogs_assert(OGS_OK == - nas_eps_send_attach_reject(mme_ue, - OGS_NAS_EMM_CAUSE_SECURITY_MODE_REJECTED_UNSPECIFIED, - OGS_NAS_ESM_CAUSE_PROTOCOL_ERROR_UNSPECIFIED)); - OGS_FSM_TRAN(s, &emm_state_exception); break; } if (!SECURITY_CONTEXT_IS_VALID(mme_ue)) { ogs_warn("%s No Security Context", mme_ue->imsi_bcd); - ogs_assert(OGS_OK == - nas_eps_send_attach_reject(mme_ue, - OGS_NAS_EMM_CAUSE_SECURITY_MODE_REJECTED_UNSPECIFIED, - OGS_NAS_ESM_CAUSE_PROTOCOL_ERROR_UNSPECIFIED)); - OGS_FSM_TRAN(s, &emm_state_exception); break; } + CLEAR_MME_UE_TIMER(mme_ue->t3450); + rv = emm_handle_attach_complete( mme_ue, &message->emm.attach_complete); if (rv != OGS_OK) { @@ -1085,30 +1094,35 @@ case OGS_NAS_EPS_TRACKING_AREA_UPDATE_COMPLETE: ogs_debug("%s Tracking area update complete", mme_ue->imsi_bcd); - CLEAR_MME_UE_TIMER(mme_ue->t3450); - + /* + * TS24.301 + * Section 4.4.4.3 + * Integrity checking of NAS signalling messages in the MME: + * + * Once the secure exchange of NAS messages has been established + * for the NAS signalling connection, the receiving EMM or ESM entity + * in the MME shall not process any NAS signalling messages + * unless they have been successfully integrity checked by the NAS. + * If any NAS signalling message, having not successfully passed + * the integrity check, is received, then the NAS in the MME shall + * discard that message. If any NAS signalling message is received, + * as not integrity protected even though the secure exchange + * of NAS messages has been established, then the NAS shall discard + * this message. + */ h.type = e->nas_type; if (h.integrity_protected == 0) { ogs_error("%s No Integrity Protected", mme_ue->imsi_bcd); - - ogs_assert(OGS_OK == - nas_eps_send_attach_reject(mme_ue, - OGS_NAS_EMM_CAUSE_SECURITY_MODE_REJECTED_UNSPECIFIED, - OGS_NAS_ESM_CAUSE_PROTOCOL_ERROR_UNSPECIFIED)); - OGS_FSM_TRAN(s, &emm_state_exception); break; } if (!SECURITY_CONTEXT_IS_VALID(mme_ue)) { ogs_warn("%s No Security Context", mme_ue->imsi_bcd); - ogs_assert(OGS_OK == - nas_eps_send_attach_reject(mme_ue, - OGS_NAS_EMM_CAUSE_SECURITY_MODE_REJECTED_UNSPECIFIED, - OGS_NAS_ESM_CAUSE_PROTOCOL_ERROR_UNSPECIFIED)); - OGS_FSM_TRAN(s, &emm_state_exception); break; } + CLEAR_MME_UE_TIMER(mme_ue->t3450); + /* Confirm GUTI */ if (mme_ue->next.m_tmsi) mme_ue_confirm_guti(mme_ue);
View file
open5gs_2.5.1.tar.xz/src/scp/sbi-path.c -> open5gs_2.5.3.tar.xz/src/scp/sbi-path.c
Changed
@@ -379,7 +379,7 @@ v_start = v_end = NULL; - while (*p++) { + while (*p) { if (*p == ';') { if ((v_start && v_end) || !v_start) { p++; @@ -389,6 +389,7 @@ if (!v_start) v_start = p+1; else if (!v_end) v_end = p; } + p++; } if (v_start && v_end) {
View file
open5gs_2.5.1.tar.xz/src/smf/context.c -> open5gs_2.5.3.tar.xz/src/smf/context.c
Changed
@@ -202,6 +202,83 @@ } } + if (self.security_indication.integrity_protection_indication || + self.security_indication.confidentiality_protection_indication) { + if (!self.security_indication.integrity_protection_indication || + !self.security_indication.confidentiality_protection_indication) { + ogs_error("Invalid security_indication %s,%s", + self.security_indication.integrity_protection_indication ? + self.security_indication.integrity_protection_indication : + "No integrity_protection_indication", + self.security_indication.confidentiality_protection_indication ? + self.security_indication.confidentiality_protection_indication : + "No confidentiality_protection_indication"); + return OGS_ERROR; + } + if (smf_integrity_protection_indication_value2enum( + self.security_indication.integrity_protection_indication) < 0) { + ogs_error("Invalid integrity_protection_indication %s", + self.security_indication.integrity_protection_indication); + return OGS_ERROR; + } + if (smf_confidentiality_protection_indication_value2enum( + self.security_indication. + confidentiality_protection_indication) < 0) { + ogs_error("Invalid confidentiality_protection_indication %s", + self.security_indication.confidentiality_protection_indication); + return OGS_ERROR; + } + } + + if (self.security_indication.maximum_integrity_protected_data_rate_uplink) { + NGAP_IntegrityProtectionIndication_t integrityProtectionIndication; + if (smf_maximum_integrity_protected_data_rate_uplink_value2enum( + self.security_indication. + maximum_integrity_protected_data_rate_uplink) < 0) { + ogs_error("Invalid " + "maximum_integrity_protected_data_rate_uplink %s", + self.security_indication. + maximum_integrity_protected_data_rate_uplink); + return OGS_ERROR; + } + integrityProtectionIndication = + smf_integrity_protection_indication_value2enum( + self.security_indication.integrity_protection_indication); + if (integrityProtectionIndication == + NGAP_IntegrityProtectionIndication_required || + integrityProtectionIndication == + NGAP_IntegrityProtectionIndication_preferred) { + } else { + ogs_error("Invalid security_indication %s:UL-%s", + self.security_indication.integrity_protection_indication ? + self.security_indication.integrity_protection_indication : + "No integrity_protection_indication", + self.security_indication. + maximum_integrity_protected_data_rate_uplink ? + self.security_indication. + maximum_integrity_protected_data_rate_uplink : + "No integrity_protection_indication"); + return OGS_ERROR; + } + } + + if (self.security_indication.maximum_integrity_protected_data_rate_downlink) { + if (smf_maximum_integrity_protected_data_rate_downlink_value2enum( + self.security_indication. + maximum_integrity_protected_data_rate_downlink) < 0) { + ogs_error("Invalid " + "maximum_integrity_protected_data_rate_downlink %s", + self.security_indication. + maximum_integrity_protected_data_rate_downlink); + return OGS_ERROR; + } + if (!self.security_indication. + maximum_integrity_protected_data_rate_uplink) { + ogs_error("No maximum_integrity_protected_data_rate_uplink"); + return OGS_ERROR; + } + } + return OGS_OK; } @@ -825,6 +902,40 @@ } while (ogs_yaml_iter_type(&info_array) == YAML_SEQUENCE_NODE); + } else if (!strcmp(smf_key, "security_indication")) { + ogs_yaml_iter_t security_indication_iter; + ogs_yaml_iter_recurse( + &smf_iter, &security_indication_iter); + while (ogs_yaml_iter_next(&security_indication_iter)) { + const char *security_indication_key = + ogs_yaml_iter_key(&security_indication_iter); + ogs_assert(security_indication_key); + if (!strcmp(security_indication_key, + "integrity_protection_indication")) { + self.security_indication. + integrity_protection_indication = + ogs_yaml_iter_value( + &security_indication_iter); + } else if (!strcmp(security_indication_key, + "confidentiality_protection_indication")) { + self.security_indication. + confidentiality_protection_indication = + ogs_yaml_iter_value( + &security_indication_iter); + } else if (!strcmp(security_indication_key, + "maximum_integrity_protected_data_rate_uplink")) { + self.security_indication. + maximum_integrity_protected_data_rate_uplink = + ogs_yaml_iter_value( + &security_indication_iter); + } else if (!strcmp(security_indication_key, + "maximum_integrity_protected_data_rate_downlink")) { + self.security_indication. + maximum_integrity_protected_data_rate_downlink = + ogs_yaml_iter_value( + &security_indication_iter); + } + } } else if (!strcmp(smf_key, "pfcp")) { /* handle config in pfcp library */ } else if (!strcmp(smf_key, "subnet")) { @@ -2981,3 +3092,42 @@ num_of_smf_sess = num_of_smf_sess - 1; ogs_info("Removed Number of SMF-Sessions is now %d", num_of_smf_sess); } + +int smf_integrity_protection_indication_value2enum(const char *value) +{ + ogs_assert(value); + if (!strcmp(value, "required")) + return NGAP_IntegrityProtectionIndication_required; + else if (!strcmp(value, "preferred")) + return NGAP_IntegrityProtectionIndication_preferred; + else if (!strcmp(value, "not-needed")) + return NGAP_IntegrityProtectionIndication_not_needed; + else { + ogs_error("Invalid value%s", value); + return -1; + } +} +int smf_confidentiality_protection_indication_value2enum(const char *value) +{ + ogs_assert(value); + return smf_integrity_protection_indication_value2enum(value); +} +int smf_maximum_integrity_protected_data_rate_uplink_value2enum( + const char *value) +{ + ogs_assert(value); + if (!strcmp(value, "bitrate64kbs")) + return NGAP_MaximumIntegrityProtectedDataRate_bitrate64kbs; + else if (!strcmp(value, "maximum-UE-rate")) + return NGAP_MaximumIntegrityProtectedDataRate_maximum_UE_rate; + else { + ogs_error("Invalid value%s", value); + return -1; + } +} +int smf_maximum_integrity_protected_data_rate_downlink_value2enum( + const char *value) +{ + ogs_assert(value); + return smf_maximum_integrity_protected_data_rate_uplink_value2enum(value); +}
View file
open5gs_2.5.1.tar.xz/src/smf/context.h -> open5gs_2.5.3.tar.xz/src/smf/context.h
Changed
@@ -92,6 +92,13 @@ uint16_t mtu; /* MTU to advertise in PCO */ + struct { + const char *integrity_protection_indication; + const char *confidentiality_protection_indication; + const char *maximum_integrity_protected_data_rate_uplink; + const char *maximum_integrity_protected_data_rate_downlink; + } security_indication; + #define SMF_UE_IS_LAST_SESSION(__sMF) \ ((__sMF) && (ogs_list_count(&(__sMF)->sess_list)) == 1) ogs_list_t smf_ue_list; @@ -512,6 +519,13 @@ void smf_pf_precedence_pool_init(smf_sess_t *sess); void smf_pf_precedence_pool_final(smf_sess_t *sess); +int smf_integrity_protection_indication_value2enum(const char *value); +int smf_confidentiality_protection_indication_value2enum(const char *value); +int smf_maximum_integrity_protected_data_rate_uplink_value2enum( + const char *value); +int smf_maximum_integrity_protected_data_rate_downlink_value2enum( + const char *value); + #ifdef __cplusplus } #endif
View file
open5gs_2.5.1.tar.xz/src/smf/ngap-build.c -> open5gs_2.5.3.tar.xz/src/smf/ngap-build.c
Changed
@@ -33,6 +33,7 @@ NGAP_GTPTunnel_t *gTPTunnel = NULL; NGAP_DataForwardingNotPossible_t *DataForwardingNotPossible = NULL; NGAP_PDUSessionType_t *PDUSessionType = NULL; + NGAP_SecurityIndication_t *SecurityIndication = NULL; NGAP_QosFlowSetupRequestList_t *QosFlowSetupRequestList = NULL; NGAP_QosFlowSetupRequestItem_t *QosFlowSetupRequestItem = NULL; NGAP_QosFlowIdentifier_t *qosFlowIdentifier = NULL; @@ -129,6 +130,89 @@ ogs_assert_if_reached(); } + if (smf_self()->security_indication.integrity_protection_indication && + smf_self()->security_indication.confidentiality_protection_indication) { + + ie = CALLOC(1, + sizeof(NGAP_PDUSessionResourceSetupRequestTransferIEs_t)); + ogs_assert(ie); + ASN_SEQUENCE_ADD(&message.protocolIEs, ie); + + ie->id = NGAP_ProtocolIE_ID_id_SecurityIndication; + ie->criticality = NGAP_Criticality_reject; + ie->value.present = NGAP_PDUSessionResourceSetupRequestTransferIEs__value_PR_SecurityIndication; + + SecurityIndication = &ie->value.choice.SecurityIndication; + + SecurityIndication->integrityProtectionIndication = + smf_integrity_protection_indication_value2enum( + smf_self()->security_indication. + integrity_protection_indication); + ogs_assert(SecurityIndication->integrityProtectionIndication >= 0); + + SecurityIndication->confidentialityProtectionIndication = + smf_confidentiality_protection_indication_value2enum( + smf_self()->security_indication. + confidentiality_protection_indication); + ogs_assert(SecurityIndication-> + confidentialityProtectionIndication >= 0); + + if (smf_self()->security_indication. + maximum_integrity_protected_data_rate_uplink) { + + ogs_assert( + SecurityIndication->integrityProtectionIndication == + NGAP_IntegrityProtectionIndication_required || + SecurityIndication->integrityProtectionIndication == + NGAP_IntegrityProtectionIndication_preferred); + + SecurityIndication->maximumIntegrityProtectedDataRate_UL = + CALLOC(1, sizeof(NGAP_MaximumIntegrityProtectedDataRate_t)); + ogs_assert(SecurityIndication-> + maximumIntegrityProtectedDataRate_UL); + *(SecurityIndication->maximumIntegrityProtectedDataRate_UL) = + smf_maximum_integrity_protected_data_rate_uplink_value2enum( + smf_self()->security_indication. + maximum_integrity_protected_data_rate_uplink); + ogs_assert( + *(SecurityIndication-> + maximumIntegrityProtectedDataRate_UL) >= 0); + + if (smf_self()->security_indication. + maximum_integrity_protected_data_rate_downlink) { + NGAP_ProtocolExtensionContainer_9625P229_t *extContainer = NULL; + NGAP_SecurityIndication_ExtIEs_t *extIe = NULL; + NGAP_MaximumIntegrityProtectedDataRate_t + *MaximumIntegrityProtectedDataRate = NULL; + + extContainer = CALLOC(1, + sizeof(NGAP_ProtocolExtensionContainer_9625P229_t)); + ogs_assert(extContainer); + SecurityIndication->iE_Extensions = + (struct NGAP_ProtocolExtensionContainer *)extContainer; + + extIe = CALLOC(1, sizeof(NGAP_SecurityIndication_ExtIEs_t)); + ogs_assert(extIe); + ASN_SEQUENCE_ADD(&extContainer->list, extIe); + + extIe->id = + NGAP_ProtocolIE_ID_id_MaximumIntegrityProtectedDataRate_DL; + extIe->criticality = NGAP_Criticality_ignore; + extIe->extensionValue.present = NGAP_SecurityIndication_ExtIEs__extensionValue_PR_MaximumIntegrityProtectedDataRate; + + MaximumIntegrityProtectedDataRate = + &extIe->extensionValue.choice. + MaximumIntegrityProtectedDataRate; + + *MaximumIntegrityProtectedDataRate = + smf_maximum_integrity_protected_data_rate_downlink_value2enum( + smf_self()->security_indication. + maximum_integrity_protected_data_rate_downlink); + ogs_assert(*MaximumIntegrityProtectedDataRate >= 0); + } + } + } + ie = CALLOC(1, sizeof(NGAP_PDUSessionResourceSetupRequestTransferIEs_t)); ogs_assert(ie); ASN_SEQUENCE_ADD(&message.protocolIEs, ie);
View file
open5gs_2.5.1.tar.xz/tests/core/poll-test.c -> open5gs_2.5.3.tar.xz/tests/core/poll-test.c
Changed
@@ -22,7 +22,7 @@ #define DATASTR "This is a test" #define STRLEN 8092 -#define PORT 7777 +#define PORT 47777 #define NUM 100 #ifndef AI_PASSIVE
View file
open5gs_2.5.1.tar.xz/tests/core/socket-test.c -> open5gs_2.5.3.tar.xz/tests/core/socket-test.c
Changed
@@ -22,8 +22,8 @@ #define DATASTR "This is a test" #define STRLEN 8092 -#define PORT 7777 -#define PORT2 7778 +#define PORT 47777 +#define PORT2 47778 #ifndef AI_PASSIVE #define AI_PASSIVE 1
View file
open5gs_2.5.1.tar.xz/webui/package-lock.json -> open5gs_2.5.3.tar.xz/webui/package-lock.json
Changed
@@ -1,12 +1,12 @@ { "name": "open5gs", - "version": "2.5.1", + "version": "2.5.3", "lockfileVersion": 2, "requires": true, "packages": { "": { "name": "open5gs", - "version": "2.5.1", + "version": "2.5.3", "license": "AGPL-3.0", "dependencies": { "axios": "^0.27.2",
View file
open5gs_2.5.1.tar.xz/webui/package.json -> open5gs_2.5.3.tar.xz/webui/package.json
Changed
@@ -1,6 +1,6 @@ { "name": "open5gs", - "version": "2.5.1", + "version": "2.5.3", "description": "Open5gs", "main": "index.js", "repository": "https://github.com/open5gs/open5gs/webui",
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.