@@ -1,93 +0,0 @@

----

-title: "v2.5.0 - SCP for Indirect Communication"

-date: 2022-10-25 22:54:00 +0900

-categories:

-  - Release

-tags:

-  - News

-  - Release

-head_inline: "<style> ul { padding-bottom: 1em; } .blue { color: blue; }</style>"

----

-

-#### New Feature

-

-SCP(Service Communication Proxy) is added to support Indirect Communication based on TS29.500. The default Open5GS configuration is provided as an indirect communication using SCP.

-

-- amf.yaml If NFs are configured to use Delegated Discovery through the SCP, you do not need to set up NRF.

-

-```

-amf:

-    sbi:

-      - addr: 127.0.0.5

-        port: 7777

-

-scp:

-    sbi:

-      - addr: 127.0.1.10

-        port: 7777

-

-#nrf:

-#    sbi:

-#      - addr:

-#          - 127.0.0.10

-#          - ::1

-#        port: 7777

-```

-

-- scp.yaml NRF is needed for Delegated Discovery in SCP configuration.

-

-```

-scp:

-    sbi:

-      - addr: 127.0.1.10

-        port: 7777

-

-#

-# next_scp:

-#    sbi:

-#      addr: 127.0.1.11

-#      port: 7777

-#

-

-nrf:

-    sbi:

-      - addr:

-          - 127.0.0.10

-          - ::1

-        port: 7777

-```

-

-- nrf.yaml If there is an SCP in the NRF configuration, a notification(nnrf-nfm/nf-status-notify) is sent through an indirect communication.

-

-```

-nrf:

-    sbi:

-      addr:

-        - 127.0.0.10

-        - ::1

-      port: 7777

-

-scp:

-    sbi:

-      - addr: 127.0.1.10

-        port: 7777

-```

-

-

-#### Enhancements

-- WebUI/DB Fixed the WebUI to Support MongoDB 6.0( (#1824(https://github.com/open5gs/open5gs/issues/1824)) -- bmeglicit(https://github.com/bmeglicit)

-- DBI Disable Changes Streams with mongo Version (#1833(https://github.com/open5gs/open5gs/pull/1833)) -- jmasterfunk84(https://github.com/jmasterfunk84)

-- SBI Added 3gpp-Sbi-Sender-Timestamp and 3gpp-Sbi-Max-Rsp-Time -- 7c8722d(https://github.com/open5gs/open5gs/commit/7c8722d9d4d2db13d889be1e5e37bc062f069396)

-- MME Cancel Location while Idle (#1797(https://github.com/open5gs/open5gs/pull/1797)) -- jmasterfunk84(https://github.com/jmasterfunk84)

-- MME Support for Insert Subscriber Data (#1794(https://github.com/open5gs/open5gs/pull/1794)) -- jmasterfunk84(https://github.com/jmasterfunk84)

-

-#### Bug Fixes

-- SGW-C Fixed the bug of SGW-C session deletion (#1825(https://github.com/open5gs/open5gs/pull/1825)) -- dai9000(https://github.com/dai9000), cmmacneill53(https://github.com/cmmacneill53)

-- AMF Reject registration requests when pool for UE context is empty (#1828(https://github.com/open5gs/open5gs/pull/1828)) -- bmeglicit(https://github.com/bmeglicit)

-- AMF Increase size of TMSI pool (#1827(https://github.com/open5gs/open5gs/pull/1827)) -- bmeglicit(https://github.com/bmeglicit)

-- AMF/UDM Added support to subscribe to SDM changes (#1820(https://github.com/open5gs/open5gs/pull/1820)) -- bmeglicit(https://github.com/bmeglicit)

-- PFCP Do not check qos_flow in PFCP Report message (#1819(https://github.com/open5gs/open5gs/pull/1819)) -- ssafaorhan(https://github.com/ssafaorhan)

-- PFCP Fixed invalid message of Dropped DL Traffic threshold (#1817(https://github.com/open5gs/open5gs/pull/1817)) -- ssafaorhan(https://github.com/ssafaorhan)

-

-Download -- v2.5.0.tar.gz(https://github.com/open5gs/open5gs/archive/v2.5.0.tar.gz)

-{: .notice--info}

​

@@ -2,7 +2,7 @@

 Source: open5gs

 Binary: open5gs-common, open5gs-mme, open5gs-sgwc, open5gs-smf, open5gs-amf, open5gs-sgwu, open5gs-upf, open5gs-hss, open5gs-pcrf, open5gs-nrf, open5gs-scp, open5gs-ausf, open5gs-udm, open5gs-pcf, open5gs-nssf, open5gs-bsf, open5gs-udr, open5gs, open5gs-dbg

 Architecture: any

-Version: 2.5.0.3.f1c0

+Version: 2.5.1.1.78359

 Maintainer: Harald Welte <laforge@gnumonks.org>

 Uploaders: Sukchan Lee <acetcom@gmail.com>

 Homepage: https://open5gs.org

@@ -31,8 +31,8 @@

  open5gs-udr deb net optional arch=any

  open5gs-upf deb net optional arch=any

 Checksums-Sha1:

- 651383eaf0e96093cfea4d3fd10eeb922327493a 11487876 open5gs_2.5.0.3.f1c0.tar.xz

+ 3333a0a840ff40bb7f529627e91b584010b886ea 11488768 open5gs_2.5.1.1.78359.tar.xz

 Checksums-Sha256:

- d6c69c14b4a60371ce1af4cc554b11ced99fbb967a6d0f5ae8dc4f166ccc5365 11487876 open5gs_2.5.0.3.f1c0.tar.xz

+ 232e840a66bb5a6aa5feeffa9557817b3ace05b04c9263776a9c293b6f788a48 11488768 open5gs_2.5.1.1.78359.tar.xz

 Files:

- 0c8c58b76bf5e1a0b4c5c00ccb505d8c 11487876 open5gs_2.5.0.3.f1c0.tar.xz

+ 6672b5a81d956147eba953f15b697518 11488768 open5gs_2.5.1.1.78359.tar.xz

​

@@ -1 +1 @@

-2.5.0.3-f1c0

+2.5.1.1-78359

​

@@ -440,7 +440,20 @@

 #              mnc: 70

 #            tac: 99

 #

-

+#  <Security Indication - 5G Core only>

+#

+#   According to 3GPP TS38.413 Section 9.3.1.27,

+#   Security Indication IE may be instructed to 5G gNB.

+#

+#   If you set the security_indication in smf.yaml,

+#   this information is delivered using PDU Session Resource Request Transfer IE

+#

+#    security_indication:

+#      integrity_protection_indication: required|preferred|not-needed

+#      confidentiality_protection_indication: required|preferred|not-needed

+#      maximum_integrity_protected_data_rate_uplink: bitrate64kbs|maximum-UE-rate

+#      maximum_integrity_protected_data_rate_downlink: bitrate64kbs|maximum-UE-rate

+#

 smf:

     sbi:

       - addr: 127.0.0.4

​

@@ -1,8 +1,38 @@

-open5gs (2.5.0.3.f1c0) unstable; urgency=medium

+open5gs (2.5.1.1.78359) unstable; urgency=medium

   * Automatically generated changelog entry for building the Osmocom master feed

- -- Osmocom OBS scripts <info@osmocom.org>  Fri, 28 Oct 2022 06:12:56 +0000

+ -- Osmocom OBS scripts <info@osmocom.org>  Sat, 29 Oct 2022 04:10:29 +0000

+

+open5gs (2.5.1) unstable; urgency=medium

+

+  * New NF - SCP(Service Communication Proxy)

+

+ -- Sukchan Lee <acetcom@gmail.com>  Sat, 29 Oct 2022 12:37:52 +0900

+

+open5gs (2.5.1~kinetic) kinetic; urgency=medium

+

+  * New NF - SCP(Service Communication Proxy)

+

+ -- Sukchan Lee <acetcom@gmail.com>  Sat, 29 Oct 2022 12:36:17 +0900

+

+open5gs (2.5.1~jammy) jammy; urgency=medium

+

+  * New NF - SCP(Service Communication Proxy)

+

+ -- Sukchan Lee <acetcom@gmail.com>  Sat, 29 Oct 2022 12:34:51 +0900

+

+open5gs (2.5.1~focal) focal; urgency=medium

+

+  * New NF - SCP(Service Communication Proxy)

+

+ -- Sukchan Lee <acetcom@gmail.com>  Sat, 29 Oct 2022 12:32:53 +0900

+

+open5gs (2.5.1~bionic) bionic; urgency=medium

+

+  * New NF - SCP(Service Communication Proxy)

+

+ -- Sukchan Lee <acetcom@gmail.com>  Sat, 29 Oct 2022 12:31:01 +0900

 open5gs (2.5.0) unstable; urgency=medium

​

@@ -0,0 +1,95 @@

+---

+title: "v2.5.1 - SCP for Indirect Communication"

+date: 2022-10-29 12:42:00 +0900

+categories:

+  - Release

+tags:

+  - News

+  - Release

+head_inline: "<style> ul { padding-bottom: 1em; } .blue { color: blue; }</style>"

+---

+

+#### New Feature

+

+SCP(Service Communication Proxy) is added to support Indirect Communication based on TS29.500. The default Open5GS configuration is provided as an indirect communication using SCP.

+

+- amf.yaml If NFs are configured to use Delegated Discovery through the SCP, you do not need to set up NRF.

+

+```

+amf:

+    sbi:

+      - addr: 127.0.0.5

+        port: 7777

+

+scp:

+    sbi:

+      - addr: 127.0.1.10

+        port: 7777

+

+#nrf:

+#    sbi:

+#      - addr:

+#          - 127.0.0.10

+#          - ::1

+#        port: 7777

+```

+

+- scp.yaml NRF is needed for Delegated Discovery in SCP configuration.

+

+```

+scp:

+    sbi:

+      - addr: 127.0.1.10

+        port: 7777

+

+#

+# next_scp:

+#    sbi:

+#      addr: 127.0.1.11

+#      port: 7777

+#

+

+nrf:

+    sbi:

+      - addr:

+          - 127.0.0.10

+          - ::1

+        port: 7777

+```

+

+- nrf.yaml If there is an SCP in the NRF configuration, a notification(nnrf-nfm/nf-status-notify) is sent through an indirect communication.

+

+```

+nrf:

+    sbi:

+      addr:

+        - 127.0.0.10

+        - ::1

+      port: 7777

+

+scp:

+    sbi:

+      - addr: 127.0.1.10

+        port: 7777

+```

+

+

+#### Enhancements

+- WebUI/DB Fixed the WebUI to Support MongoDB 6.0 (#1824(https://github.com/open5gs/open5gs/issues/1824)) -- bmeglicit(https://github.com/bmeglicit)

+- AMF Support REREGISTRATION_REQUIRED in dereg notify (#1858(https://github.com/open5gs/open5gs/pull/1858)) -- mitmitmitm(https://github.com/mitmitmitm)

+- SMF Support Security Indication IE for 5G-SA UP integrity and confidentiality(#1851(https://github.com/open5gs/open5gs/discussions/1851)) -- irazairspan(https://github.com/irazairspan)

+- DBI Disable Changes Streams with mongo Version (#1833(https://github.com/open5gs/open5gs/pull/1833)) -- jmasterfunk84(https://github.com/jmasterfunk84)

+- SBI Added 3gpp-Sbi-Sender-Timestamp and 3gpp-Sbi-Max-Rsp-Time -- 7c8722d(https://github.com/open5gs/open5gs/commit/7c8722d9d4d2db13d889be1e5e37bc062f069396)

+- MME Cancel Location while Idle (#1797(https://github.com/open5gs/open5gs/pull/1797)) -- jmasterfunk84(https://github.com/jmasterfunk84)

+- MME Support for Insert Subscriber Data (#1794(https://github.com/open5gs/open5gs/pull/1794)) -- jmasterfunk84(https://github.com/jmasterfunk84)

+

+#### Bug Fixes

+- SGW-C Fixed the bug of SGW-C session deletion (#1825(https://github.com/open5gs/open5gs/pull/1825)) -- dai9000(https://github.com/dai9000), cmmacneill53(https://github.com/cmmacneill53)

+- AMF Reject registration requests when pool for UE context is empty (#1828(https://github.com/open5gs/open5gs/pull/1828)) -- bmeglicit(https://github.com/bmeglicit)

+- AMF Increase size of TMSI pool (#1827(https://github.com/open5gs/open5gs/pull/1827)) -- bmeglicit(https://github.com/bmeglicit)

+- AMF/UDM Added support to subscribe to SDM changes (#1820(https://github.com/open5gs/open5gs/pull/1820)) -- bmeglicit(https://github.com/bmeglicit)

+- PFCP Do not check qos_flow in PFCP Report message (#1819(https://github.com/open5gs/open5gs/pull/1819)) -- ssafaorhan(https://github.com/ssafaorhan)

+- PFCP Fixed invalid message of Dropped DL Traffic threshold (#1817(https://github.com/open5gs/open5gs/pull/1817)) -- ssafaorhan(https://github.com/ssafaorhan)

+

+Download -- v2.5.1.tar.gz(https://github.com/open5gs/open5gs/archive/v2.5.1.tar.gz)

+{: .notice--info}

​

@@ -16,7 +16,7 @@

 # along with this program.  If not, see <https://www.gnu.org/licenses/>.

 project('open5gs', 'c', 'cpp',

-    version : '2.5.0',

+    version : '2.5.1',

     license : 'AGPL-3.0-or-later',

     meson_version : '>= 0.43.0',

     default_options : 

@@ -24,7 +24,7 @@

     ,

 )

-libogslib_version = '2.5.0'

+libogslib_version = '2.5.1'

 prefix = get_option('prefix')

 bindir = join_paths(prefix, get_option('bindir'))

​

@@ -202,6 +202,83 @@

         }

     }

+    if (self.security_indication.integrity_protection_indication ||

+        self.security_indication.confidentiality_protection_indication) {

+        if (!self.security_indication.integrity_protection_indication ||

+            !self.security_indication.confidentiality_protection_indication) {

+            ogs_error("Invalid security_indication %s,%s",

+                self.security_indication.integrity_protection_indication ?

+                self.security_indication.integrity_protection_indication :

+                "No integrity_protection_indication",

+                self.security_indication.confidentiality_protection_indication ?

+                self.security_indication.confidentiality_protection_indication :

+                "No confidentiality_protection_indication");

+            return OGS_ERROR;

+        }

+        if (smf_integrity_protection_indication_value2enum(

+            self.security_indication.integrity_protection_indication) < 0) {

+            ogs_error("Invalid integrity_protection_indication %s",

+                self.security_indication.integrity_protection_indication);

+            return OGS_ERROR;

+        }

+        if (smf_confidentiality_protection_indication_value2enum(

+            self.security_indication.

+            confidentiality_protection_indication) < 0) {

+            ogs_error("Invalid confidentiality_protection_indication %s",

+                self.security_indication.confidentiality_protection_indication);

+            return OGS_ERROR;

+        }

+    }

+

+    if (self.security_indication.maximum_integrity_protected_data_rate_uplink) {

+        NGAP_IntegrityProtectionIndication_t integrityProtectionIndication;

+        if (smf_maximum_integrity_protected_data_rate_uplink_value2enum(

+                self.security_indication.

+                    maximum_integrity_protected_data_rate_uplink) < 0) {

+            ogs_error("Invalid "

+                "maximum_integrity_protected_data_rate_uplink %s",

+                self.security_indication.

+                    maximum_integrity_protected_data_rate_uplink);

+            return OGS_ERROR;

+        }

+        integrityProtectionIndication =

+            smf_integrity_protection_indication_value2enum(

+                self.security_indication.integrity_protection_indication);

+        if (integrityProtectionIndication ==

+                NGAP_IntegrityProtectionIndication_required ||

+            integrityProtectionIndication ==

+                NGAP_IntegrityProtectionIndication_preferred) {

+        } else {

+            ogs_error("Invalid security_indication %s:UL-%s",

+                self.security_indication.integrity_protection_indication ?

+                self.security_indication.integrity_protection_indication :

+                "No integrity_protection_indication",

+                self.security_indication.

+                    maximum_integrity_protected_data_rate_uplink ?

+                self.security_indication.

+                    maximum_integrity_protected_data_rate_uplink :

+                "No integrity_protection_indication");

+            return OGS_ERROR;

+        }

+    }

+

+    if (self.security_indication.maximum_integrity_protected_data_rate_downlink) {

+        if (smf_maximum_integrity_protected_data_rate_downlink_value2enum(

+                self.security_indication.

+                    maximum_integrity_protected_data_rate_downlink) < 0) {

+            ogs_error("Invalid "

+                "maximum_integrity_protected_data_rate_downlink %s",

+                self.security_indication.

+                    maximum_integrity_protected_data_rate_downlink);

+            return OGS_ERROR;

+        }

+        if (!self.security_indication.

+                maximum_integrity_protected_data_rate_uplink) {

+            ogs_error("No maximum_integrity_protected_data_rate_uplink");

+            return OGS_ERROR;

+        }

+    }

+

     return OGS_OK;

 }

@@ -825,6 +902,40 @@

                     } while (ogs_yaml_iter_type(&info_array) ==

                             YAML_SEQUENCE_NODE);

+                } else if (!strcmp(smf_key, "security_indication")) {

+                    ogs_yaml_iter_t security_indication_iter;

+                    ogs_yaml_iter_recurse(

+                            &smf_iter, &security_indication_iter);

+                    while (ogs_yaml_iter_next(&security_indication_iter)) {

+                        const char *security_indication_key =

+                            ogs_yaml_iter_key(&security_indication_iter);

+                        ogs_assert(security_indication_key);

+                        if (!strcmp(security_indication_key,

+                            "integrity_protection_indication")) {

+                            self.security_indication.

+                                integrity_protection_indication =

+                                    ogs_yaml_iter_value(

+                                        &security_indication_iter);

+                        } else if (!strcmp(security_indication_key,

+                            "confidentiality_protection_indication")) {

+                            self.security_indication.

+                                confidentiality_protection_indication =

+                                    ogs_yaml_iter_value(

+                                            &security_indication_iter);

+                        } else if (!strcmp(security_indication_key,

+                            "maximum_integrity_protected_data_rate_uplink")) {

+                            self.security_indication.

+                                maximum_integrity_protected_data_rate_uplink =

+                                    ogs_yaml_iter_value(

+                                            &security_indication_iter);

+                        } else if (!strcmp(security_indication_key,

+                            "maximum_integrity_protected_data_rate_downlink")) {

+                            self.security_indication.

+                                maximum_integrity_protected_data_rate_downlink =

+                                    ogs_yaml_iter_value(

+                                            &security_indication_iter);

+                        }

+                    }

                 } else if (!strcmp(smf_key, "pfcp")) {

                     /* handle config in pfcp library */

                 } else if (!strcmp(smf_key, "subnet")) {

@@ -2981,3 +3092,42 @@

     num_of_smf_sess = num_of_smf_sess - 1;

     ogs_info("Removed Number of SMF-Sessions is now %d", num_of_smf_sess);

 }

+

+int smf_integrity_protection_indication_value2enum(const char *value)

+{

+    ogs_assert(value);

+    if (!strcmp(value, "required"))

+        return NGAP_IntegrityProtectionIndication_required;

+    else if (!strcmp(value, "preferred"))

+        return NGAP_IntegrityProtectionIndication_preferred;

+    else if (!strcmp(value, "not-needed"))

+        return NGAP_IntegrityProtectionIndication_not_needed;

+    else {

+        ogs_error("Invalid value%s", value);

+        return -1;

+    }

+}

+int smf_confidentiality_protection_indication_value2enum(const char *value)

+{

+    ogs_assert(value);

+    return smf_integrity_protection_indication_value2enum(value);

+}

+int smf_maximum_integrity_protected_data_rate_uplink_value2enum(

+        const char *value)

+{

+    ogs_assert(value);

+    if (!strcmp(value, "bitrate64kbs"))

+        return NGAP_MaximumIntegrityProtectedDataRate_bitrate64kbs;

+    else if (!strcmp(value, "maximum-UE-rate"))

+        return NGAP_MaximumIntegrityProtectedDataRate_maximum_UE_rate;

+    else {

+        ogs_error("Invalid value%s", value);

+        return -1;

+    }

+}

+int smf_maximum_integrity_protected_data_rate_downlink_value2enum(

+        const char *value)

+{

+    ogs_assert(value);

+    return smf_maximum_integrity_protected_data_rate_uplink_value2enum(value);

+}

​

@@ -92,6 +92,13 @@

     uint16_t        mtu;            /* MTU to advertise in PCO */

+    struct  {

+        const char *integrity_protection_indication;

+        const char *confidentiality_protection_indication;

+        const char *maximum_integrity_protected_data_rate_uplink;

+        const char *maximum_integrity_protected_data_rate_downlink;

+    } security_indication;

+

 #define SMF_UE_IS_LAST_SESSION(__sMF) \

      ((__sMF) && (ogs_list_count(&(__sMF)->sess_list)) == 1)

     ogs_list_t      smf_ue_list;

@@ -512,6 +519,13 @@

 void smf_pf_precedence_pool_init(smf_sess_t *sess);

 void smf_pf_precedence_pool_final(smf_sess_t *sess);

+int smf_integrity_protection_indication_value2enum(const char *value);

+int smf_confidentiality_protection_indication_value2enum(const char *value);

+int smf_maximum_integrity_protected_data_rate_uplink_value2enum(

+        const char *value);

+int smf_maximum_integrity_protected_data_rate_downlink_value2enum(

+        const char *value);

+

 #ifdef __cplusplus

 }

 #endif

​

@@ -33,6 +33,7 @@

     NGAP_GTPTunnel_t *gTPTunnel = NULL;

     NGAP_DataForwardingNotPossible_t *DataForwardingNotPossible = NULL;

     NGAP_PDUSessionType_t *PDUSessionType = NULL;

+    NGAP_SecurityIndication_t *SecurityIndication = NULL;

     NGAP_QosFlowSetupRequestList_t *QosFlowSetupRequestList = NULL;

     NGAP_QosFlowSetupRequestItem_t *QosFlowSetupRequestItem = NULL;

     NGAP_QosFlowIdentifier_t *qosFlowIdentifier = NULL;

@@ -129,6 +130,89 @@

         ogs_assert_if_reached();

     }

+    if (smf_self()->security_indication.integrity_protection_indication &&

+        smf_self()->security_indication.confidentiality_protection_indication) {

+

+        ie = CALLOC(1,

+                sizeof(NGAP_PDUSessionResourceSetupRequestTransferIEs_t));

+        ogs_assert(ie);

+        ASN_SEQUENCE_ADD(&message.protocolIEs, ie);

+

+        ie->id = NGAP_ProtocolIE_ID_id_SecurityIndication;

+        ie->criticality = NGAP_Criticality_reject;

+        ie->value.present = NGAP_PDUSessionResourceSetupRequestTransferIEs__value_PR_SecurityIndication;

+

+        SecurityIndication = &ie->value.choice.SecurityIndication;

+

+        SecurityIndication->integrityProtectionIndication =

+                smf_integrity_protection_indication_value2enum(

+                    smf_self()->security_indication.

+                        integrity_protection_indication);

+        ogs_assert(SecurityIndication->integrityProtectionIndication >= 0);

+

+        SecurityIndication->confidentialityProtectionIndication =

+                smf_confidentiality_protection_indication_value2enum(

+                    smf_self()->security_indication.

+                        confidentiality_protection_indication);

+        ogs_assert(SecurityIndication->

+                confidentialityProtectionIndication >= 0);

+

+        if (smf_self()->security_indication.

+                maximum_integrity_protected_data_rate_uplink) {

+

+            ogs_assert(

+                SecurityIndication->integrityProtectionIndication ==

+                    NGAP_IntegrityProtectionIndication_required ||

+                SecurityIndication->integrityProtectionIndication ==

+                    NGAP_IntegrityProtectionIndication_preferred);

+

+            SecurityIndication->maximumIntegrityProtectedDataRate_UL =

+                CALLOC(1, sizeof(NGAP_MaximumIntegrityProtectedDataRate_t));

+            ogs_assert(SecurityIndication->

+                    maximumIntegrityProtectedDataRate_UL);

+            *(SecurityIndication->maximumIntegrityProtectedDataRate_UL) =

+                smf_maximum_integrity_protected_data_rate_uplink_value2enum(

+                    smf_self()->security_indication.

+                        maximum_integrity_protected_data_rate_uplink);

+            ogs_assert(

+                *(SecurityIndication->

+                    maximumIntegrityProtectedDataRate_UL) >= 0);

+

+            if (smf_self()->security_indication.

+                    maximum_integrity_protected_data_rate_downlink) {

+                NGAP_ProtocolExtensionContainer_9625P229_t *extContainer = NULL;

+                NGAP_SecurityIndication_ExtIEs_t *extIe = NULL;

+                NGAP_MaximumIntegrityProtectedDataRate_t

+                    *MaximumIntegrityProtectedDataRate = NULL;

+

+                extContainer = CALLOC(1,

+                        sizeof(NGAP_ProtocolExtensionContainer_9625P229_t));

+                ogs_assert(extContainer);

+                SecurityIndication->iE_Extensions =

+                    (struct NGAP_ProtocolExtensionContainer *)extContainer;

+

+                extIe = CALLOC(1, sizeof(NGAP_SecurityIndication_ExtIEs_t));

+                ogs_assert(extIe);

+                ASN_SEQUENCE_ADD(&extContainer->list, extIe);

+

+                extIe->id =

+                    NGAP_ProtocolIE_ID_id_MaximumIntegrityProtectedDataRate_DL;

+                extIe->criticality = NGAP_Criticality_ignore;

+                extIe->extensionValue.present = NGAP_SecurityIndication_ExtIEs__extensionValue_PR_MaximumIntegrityProtectedDataRate;

+

+                MaximumIntegrityProtectedDataRate =

+                    &extIe->extensionValue.choice.

+                        MaximumIntegrityProtectedDataRate;

+

+                *MaximumIntegrityProtectedDataRate =

+                smf_maximum_integrity_protected_data_rate_downlink_value2enum(

+                        smf_self()->security_indication.

+                            maximum_integrity_protected_data_rate_downlink);

+                ogs_assert(*MaximumIntegrityProtectedDataRate >= 0);

+            }

+        }

+    }

+

     ie = CALLOC(1, sizeof(NGAP_PDUSessionResourceSetupRequestTransferIEs_t));

     ogs_assert(ie);

     ASN_SEQUENCE_ADD(&message.protocolIEs, ie);

​