Changes of Revision 868

open5gs_2.7.2.4536.c888.202411042026.dsc -> open5gs_2.7.2.4538.4211.202411052026.dsc Changed
x
 
1
@@ -2,7 +2,7 @@
2
 Source: open5gs
3
 Binary: open5gs-common, open5gs-mme, open5gs-sgwc, open5gs-smf, open5gs-amf, open5gs-sgwu, open5gs-upf, open5gs-hss, open5gs-pcrf, open5gs-nrf, open5gs-scp, open5gs-sepp, open5gs-ausf, open5gs-udm, open5gs-pcf, open5gs-nssf, open5gs-bsf, open5gs-udr, open5gs, open5gs-dbg
4
 Architecture: any
5
-Version: 2.7.2.4536.c888.202411042026
6
+Version: 2.7.2.4538.4211.202411052026
7
 Maintainer: Harald Welte <laforge@gnumonks.org>
8
 Uploaders: Sukchan Lee <acetcom@gmail.com>
9
 Homepage: https://open5gs.org
10
@@ -32,8 +32,8 @@
11
  open5gs-udr deb net optional arch=any
12
  open5gs-upf deb net optional arch=any
13
 Checksums-Sha1:
14
- 1ec9bc6a95f2fe4da094390455921c86c7cf0100 14510900 open5gs_2.7.2.4536.c888.202411042026.tar.xz
15
+ b44d94f31d41e84a67e35b8ae78bbba8284656d2 14512008 open5gs_2.7.2.4538.4211.202411052026.tar.xz
16
 Checksums-Sha256:
17
- a18f3e9dfb5b5108f6b93bbadf893b292a7663c3b47b4f63c61d9dc990dea493 14510900 open5gs_2.7.2.4536.c888.202411042026.tar.xz
18
+ 5046214c77d12ca2289eba470278bf2cc86e6baffd6b54d30c0c341e251740e8 14512008 open5gs_2.7.2.4538.4211.202411052026.tar.xz
19
 Files:
20
- 209e3d71ff442175ba8d2496aacda390 14510900 open5gs_2.7.2.4536.c888.202411042026.tar.xz
21
+ f7418a2b3b2a9893a3850272f1ea1bb7 14512008 open5gs_2.7.2.4538.4211.202411052026.tar.xz
22
open5gs_2.7.2.4536.c888.202411042026.tar.xz/.tarball-version -> open5gs_2.7.2.4538.4211.202411052026.tar.xz/.tarball-version Changed
4
 
1
@@ -1 +1 @@
2
-2.7.2.4536-c888.202411042026
3
+2.7.2.4538-4211.202411052026
4
open5gs_2.7.2.4536.c888.202411042026.tar.xz/debian/changelog -> open5gs_2.7.2.4538.4211.202411052026.tar.xz/debian/changelog Changed
12
 
1
@@ -1,8 +1,8 @@
2
-open5gs (2.7.2.4536.c888.202411042026) unstable; urgency=medium
3
+open5gs (2.7.2.4538.4211.202411052026) unstable; urgency=medium
4
 
5
   * Automatically generated changelog entry for building the Osmocom nightly feed
6
 
7
- -- Osmocom OBS scripts <info@osmocom.org>  Mon, 04 Nov 2024 20:28:00 +0000
8
+ -- Osmocom OBS scripts <info@osmocom.org>  Tue, 05 Nov 2024 20:27:58 +0000
9
 
10
 open5gs (2.7.2) unstable; urgency=medium
11
 
12
open5gs_2.7.2.4536.c888.202411042026.tar.xz/lib/asn1c/util/conv.c -> open5gs_2.7.2.4538.4211.202411052026.tar.xz/lib/asn1c/util/conv.c Changed
14
 
1
@@ -205,8 +205,10 @@
2
         bit_string->buf = CALLOC(bit_string->size, sizeof(uint8_t));
3
         memcpy(bit_string->buf, &ip->addr6, OGS_IPV6_LEN);
4
         ogs_debug("    IPv6%s", OGS_INET_NTOP(&ip->addr6, buf));
5
-    } else
6
-        ogs_assert_if_reached();
7
+    } else {
8
+        ogs_error("No IPv4 or IPv6");
9
+        return OGS_ERROR;
10
+    }
11
 
12
     return OGS_OK;
13
 }
14
open5gs_2.7.2.4536.c888.202411042026.tar.xz/lib/proto/types.h -> open5gs_2.7.2.4538.4211.202411052026.tar.xz/lib/proto/types.h Changed
10
 
1
@@ -699,7 +699,7 @@
2
     void *data;
3
 } ogs_pco_id_t;
4
 
5
-#define OGS_MAX_NUM_OF_PROTOCOL_OR_CONTAINER_ID    16
6
+#define OGS_MAX_NUM_OF_PROTOCOL_OR_CONTAINER_ID    32
7
 typedef struct ogs_pco_s {
8
 ED3(uint8_t ext:1;,
9
     uint8_t spare:4;,
10
open5gs_2.7.2.4536.c888.202411042026.tar.xz/src/mme/emm-build.c -> open5gs_2.7.2.4538.4211.202411052026.tar.xz/src/mme/emm-build.c Changed
86
 
1
@@ -1,5 +1,5 @@
2
 /*
3
- * Copyright (C) 2019-2023 by Sukchan Lee <acetcom@gmail.com>
4
+ * Copyright (C) 2019-2024 by Sukchan Lee <acetcom@gmail.com>
5
  *
6
  * This file is part of Open5GS.
7
  *
8
@@ -163,7 +163,7 @@
9
     attach_accept->esm_message_container.buffer = esmbuf->data;
10
     attach_accept->esm_message_container.length = esmbuf->len;
11
 
12
-    if (mme_ue->next.m_tmsi) {
13
+    if (MME_NEXT_GUTI_IS_AVAILABLE(mme_ue)) {
14
         attach_accept->presencemask |= OGS_NAS_EPS_ATTACH_ACCEPT_GUTI_PRESENT;
15
 
16
         ogs_debug("    %s    GUTIG:%d,C:%d,M_TMSI:0x%x",
17
@@ -207,9 +207,9 @@
18
     eps_network_feature_support->ims_voice_over_ps_session_in_s1_mode = 1;
19
     eps_network_feature_support->extended_protocol_configuration_options = 1;
20
 
21
-    if (MME_P_TMSI_IS_AVAILABLE(mme_ue)) {
22
+    if (MME_NEXT_P_TMSI_IS_AVAILABLE(mme_ue)) {
23
         ogs_assert(mme_ue->csmap);
24
-        ogs_assert(mme_ue->p_tmsi);
25
+        ogs_assert(mme_ue->next.p_tmsi);
26
 
27
         attach_accept->presencemask |=
28
             OGS_NAS_EPS_ATTACH_ACCEPT_LOCATION_AREA_IDENTIFICATION_PRESENT;
29
@@ -224,7 +224,7 @@
30
         tmsi->spare = 0xf;
31
         tmsi->odd_even = 0;
32
         tmsi->type = OGS_NAS_MOBILE_IDENTITY_TMSI;
33
-        tmsi->tmsi = mme_ue->p_tmsi;
34
+        tmsi->tmsi = mme_ue->next.p_tmsi;
35
         ogs_debug("    P-TMSI: 0x%08x", tmsi->tmsi);
36
     }
37
 
38
@@ -494,6 +494,10 @@
39
     ogs_nas_eps_tracking_area_update_accept_t *tau_accept =
40
         &message.emm.tracking_area_update_accept;
41
     ogs_nas_eps_mobile_identity_t *nas_guti = &tau_accept->guti;
42
+    ogs_nas_location_area_identification_t *lai =
43
+        &tau_accept->location_area_identification;
44
+    ogs_nas_mobile_identity_t *ms_identity = &tau_accept->ms_identity;
45
+    ogs_nas_mobile_identity_tmsi_t *tmsi = &ms_identity->tmsi;;
46
     ogs_nas_gprs_timer_t *t3412_value = &tau_accept->t3412_value;
47
     ogs_nas_gprs_timer_t *t3402_value = &tau_accept->t3402_value;
48
     ogs_nas_gprs_timer_t *t3423_value = &tau_accept->t3423_value;
49
@@ -530,7 +534,7 @@
50
             OGS_NAS_EPS_TRACKING_AREA_UPDATE_ACCEPT_T3412_VALUE_PRESENT ;
51
     }
52
 
53
-    if (mme_ue->next.m_tmsi) {
54
+    if (MME_NEXT_GUTI_IS_AVAILABLE(mme_ue)) {
55
         tau_accept->presencemask |=
56
             OGS_NAS_EPS_TRACKING_AREA_UPDATE_ACCEPT_GUTI_PRESENT;
57
 
58
@@ -595,6 +599,27 @@
59
         sess = mme_sess_next(sess);
60
     }
61
 
62
+    /* Location Area Identification & MS Identity */
63
+    if (MME_NEXT_P_TMSI_IS_AVAILABLE(mme_ue)) {
64
+        ogs_assert(mme_ue->csmap);
65
+        ogs_assert(mme_ue->next.p_tmsi);
66
+
67
+        tau_accept->presencemask |= OGS_NAS_EPS_TRACKING_AREA_UPDATE_ACCEPT_LOCATION_AREA_IDENTIFICATION_PRESENT;
68
+        lai->nas_plmn_id = mme_ue->csmap->lai.nas_plmn_id;
69
+        lai->lac = mme_ue->csmap->lai.lac;
70
+        ogs_debug("    LAIPLMN_ID:%06x,LAC:%d",
71
+                ogs_plmn_id_hexdump(&lai->nas_plmn_id), lai->lac);
72
+
73
+        tau_accept->presencemask |=
74
+            OGS_NAS_EPS_TRACKING_AREA_UPDATE_ACCEPT_MS_IDENTITY_PRESENT;
75
+        ms_identity->length = 5;
76
+        tmsi->spare = 0xf;
77
+        tmsi->odd_even = 0;
78
+        tmsi->type = OGS_NAS_MOBILE_IDENTITY_TMSI;
79
+        tmsi->tmsi = mme_ue->next.p_tmsi;
80
+        ogs_debug("    P-TMSI: 0x%08x", tmsi->tmsi);
81
+    }
82
+
83
     /* Set T3402 */
84
     if (mme_self()->time.t3402.value) {
85
         rv = ogs_nas_gprs_timer_from_sec(
86
open5gs_2.7.2.4536.c888.202411042026.tar.xz/src/mme/emm-sm.c -> open5gs_2.7.2.4538.4211.202411052026.tar.xz/src/mme/emm-sm.c Changed
315
 
1
@@ -260,7 +260,7 @@
2
              * the network, the network shall implicitly detach the UE.
3
              */
4
             mme_ue->detach_type = MME_DETACH_TYPE_MME_IMPLICIT;
5
-            if (MME_P_TMSI_IS_AVAILABLE(mme_ue)) {
6
+            if (MME_CURRENT_P_TMSI_IS_AVAILABLE(mme_ue)) {
7
                 ogs_assert(OGS_OK == sgsap_send_detach_indication(mme_ue));
8
             } else {
9
                 enb_ue_t *enb_ue = enb_ue_find_by_id(mme_ue->enb_ue_id);
10
@@ -519,6 +519,8 @@
11
                              rai.lai.lac, rai.rac);
12
                     r = nas_eps_send_tau_reject(enb_ue, mme_ue,
13
                     OGS_NAS_EMM_CAUSE_UE_IDENTITY_CANNOT_BE_DERIVED_BY_THE_NETWORK);
14
+                    ogs_expect(r == OGS_OK);
15
+                    ogs_assert(r != OGS_ERROR);
16
                     OGS_FSM_TRAN(s, &emm_state_exception);
17
                     break;
18
                 }
19
@@ -637,9 +639,36 @@
20
              * 10. UplinkNASTransport + Tracking area update complete (Target)
21
              */
22
 
23
-            if (e->s1ap_code == S1AP_ProcedureCode_id_initialUEMessage) {
24
-                ogs_debug("    Iniital UE Message");
25
-                if (mme_ue->nas_eps.update.active_flag) {
26
+            /* Update CSMAP from Tracking area update request */
27
+            mme_ue->csmap = mme_csmap_find_by_tai(&mme_ue->tai);
28
+            if (mme_ue->csmap &&
29
+                mme_ue->network_access_mode ==
30
+                    OGS_NETWORK_ACCESS_MODE_PACKET_AND_CIRCUIT &&
31
+                (mme_ue->nas_eps.update.value ==
32
+                 OGS_NAS_EPS_UPDATE_TYPE_COMBINED_TA_LA_UPDATING ||
33
+                 mme_ue->nas_eps.update.value ==
34
+                 OGS_NAS_EPS_UPDATE_TYPE_COMBINED_TA_LA_UPDATING_WITH_IMSI_ATTACH)) {
35
+
36
+                if (e->s1ap_code == S1AP_ProcedureCode_id_initialUEMessage)
37
+                    mme_ue->tracking_area_update_request_type =
38
+                        MME_TAU_TYPE_INITIAL_UE_MESSAGE;
39
+                else if (e->s1ap_code ==
40
+                        S1AP_ProcedureCode_id_uplinkNASTransport)
41
+                    mme_ue->tracking_area_update_request_type =
42
+                        MME_TAU_TYPE_UPLINK_NAS_TRANPORT;
43
+                else {
44
+                    ogs_error("Invalid Procedure Code%d", (int)e->s1ap_code);
45
+                    break;
46
+                }
47
+
48
+                ogs_assert(OGS_OK ==
49
+                    sgsap_send_location_update_request(mme_ue));
50
+
51
+            } else {
52
+
53
+                if (e->s1ap_code == S1AP_ProcedureCode_id_initialUEMessage) {
54
+                    ogs_debug("    Iniital UE Message");
55
+                    if (mme_ue->nas_eps.update.active_flag) {
56
 
57
     /*
58
      * TS33.401
59
@@ -652,39 +681,52 @@
60
      * UP data or pending downlink signalling, radio bearers will be established
61
      * as part of the TAU procedure and a KeNB derivation is necessary.
62
      */
63
-                    ogs_kdf_kenb(mme_ue->kasme, mme_ue->ul_count.i32,
64
-                            mme_ue->kenb);
65
-                    ogs_kdf_nh_enb(mme_ue->kasme, mme_ue->kenb, mme_ue->nh);
66
-                    mme_ue->nhcc = 1;
67
+                        ogs_kdf_kenb(mme_ue->kasme, mme_ue->ul_count.i32,
68
+                                mme_ue->kenb);
69
+                        ogs_kdf_nh_enb(mme_ue->kasme, mme_ue->kenb, mme_ue->nh);
70
+                        mme_ue->nhcc = 1;
71
 
72
-                    r = nas_eps_send_tau_accept(mme_ue,
73
-                            S1AP_ProcedureCode_id_InitialContextSetup);
74
-                    ogs_expect(r == OGS_OK);
75
-                    ogs_assert(r != OGS_ERROR);
76
-                } else {
77
+                        r = nas_eps_send_tau_accept(mme_ue,
78
+                                S1AP_ProcedureCode_id_InitialContextSetup);
79
+                        ogs_expect(r == OGS_OK);
80
+                        ogs_assert(r != OGS_ERROR);
81
+                    } else {
82
+                        r = nas_eps_send_tau_accept(mme_ue,
83
+                                S1AP_ProcedureCode_id_downlinkNASTransport);
84
+                        ogs_expect(r == OGS_OK);
85
+                        ogs_assert(r != OGS_ERROR);
86
+                    }
87
+                } else if (e->s1ap_code ==
88
+                        S1AP_ProcedureCode_id_uplinkNASTransport) {
89
+                    ogs_debug("    Uplink NAS Transport");
90
                     r = nas_eps_send_tau_accept(mme_ue,
91
                             S1AP_ProcedureCode_id_downlinkNASTransport);
92
                     ogs_expect(r == OGS_OK);
93
                     ogs_assert(r != OGS_ERROR);
94
+                } else {
95
+                    ogs_error("Invalid Procedure Code%d", (int)e->s1ap_code);
96
+                    break;
97
                 }
98
-            } else if (e->s1ap_code ==
99
-                    S1AP_ProcedureCode_id_uplinkNASTransport) {
100
-                ogs_debug("    Uplink NAS Transport");
101
-                r = nas_eps_send_tau_accept(mme_ue,
102
-                        S1AP_ProcedureCode_id_downlinkNASTransport);
103
-                ogs_expect(r == OGS_OK);
104
-                ogs_assert(r != OGS_ERROR);
105
-            } else {
106
-                ogs_fatal("Invalid Procedure Code%d", (int)e->s1ap_code);
107
-            }
108
 
109
-            if (!mme_ue->nas_eps.update.active_flag) {
110
-                enb_ue->relcause.group = S1AP_Cause_PR_nas;
111
-                enb_ue->relcause.cause = S1AP_CauseNas_normal_release;
112
-                mme_send_release_access_bearer_or_ue_context_release(enb_ue);
113
+        /*
114
+         * When active_flag is 0, check if the P-TMSI has been updated.
115
+         * If the P-TMSI has changed, wait to receive the TAU Complete message
116
+         * from the UE before sending the UEContextReleaseCommand.
117
+         *
118
+         * This ensures that the UE has acknowledged the new P-TMSI,
119
+         * allowing the TAU procedure to complete successfully
120
+         * and maintaining synchronization between the UE and the network.
121
+         */
122
+                if (!mme_ue->nas_eps.update.active_flag &&
123
+                    !MME_NEXT_P_TMSI_IS_AVAILABLE(mme_ue)) {
124
+                    enb_ue->relcause.group = S1AP_Cause_PR_nas;
125
+                    enb_ue->relcause.cause = S1AP_CauseNas_normal_release;
126
+                    mme_send_release_access_bearer_or_ue_context_release(
127
+                            enb_ue);
128
+                }
129
             }
130
 
131
-            if (mme_ue->next.m_tmsi) {
132
+            if (MME_NEXT_GUTI_IS_AVAILABLE(mme_ue)) {
133
                 ogs_fatal("MME does not create new GUTI");
134
                 ogs_assert_if_reached();
135
                 OGS_FSM_TRAN(s, &emm_state_initial_context_setup);
136
@@ -744,7 +786,7 @@
137
             if (e->s1ap_code == S1AP_ProcedureCode_id_initialUEMessage) {
138
                 ogs_debug("    Initial UE Message");
139
 
140
-                if (!MME_P_TMSI_IS_AVAILABLE(mme_ue)) {
141
+                if (!MME_CURRENT_P_TMSI_IS_AVAILABLE(mme_ue)) {
142
                     ogs_warn("No P-TMSI : UE%s", mme_ue->imsi_bcd);
143
                     r = nas_eps_send_service_reject(enb_ue, mme_ue,
144
                         OGS_NAS_EMM_CAUSE_UE_IDENTITY_CANNOT_BE_DERIVED_BY_THE_NETWORK);
145
@@ -791,7 +833,7 @@
146
                     S1AP_ProcedureCode_id_uplinkNASTransport) {
147
                 ogs_debug("    Uplink NAS Transport");
148
 
149
-                if (!MME_P_TMSI_IS_AVAILABLE(mme_ue)) {
150
+                if (!MME_CURRENT_P_TMSI_IS_AVAILABLE(mme_ue)) {
151
                     ogs_warn("No P-TMSI : UE%s", mme_ue->imsi_bcd);
152
                     r = nas_eps_send_service_reject(enb_ue, mme_ue,
153
                         OGS_NAS_EMM_CAUSE_UE_IDENTITY_CANNOT_BE_DERIVED_BY_THE_NETWORK);
154
@@ -874,7 +916,7 @@
155
              */
156
             CLEAR_S1_CONTEXT(mme_ue);
157
 
158
-            if (MME_P_TMSI_IS_AVAILABLE(mme_ue)) {
159
+            if (MME_CURRENT_P_TMSI_IS_AVAILABLE(mme_ue)) {
160
                 ogs_assert(OGS_OK == sgsap_send_detach_indication(mme_ue));
161
             } else {
162
                 mme_send_delete_session_or_detach(enb_ue, mme_ue);
163
@@ -932,8 +974,62 @@
164
             break;
165
 
166
         case OGS_NAS_EPS_TRACKING_AREA_UPDATE_COMPLETE:
167
-            ogs_error("%s Tracking area update complete in INVALID-STATE",
168
-                        mme_ue->imsi_bcd);
169
+            ogs_info("%s Tracking area update complete", mme_ue->imsi_bcd);
170
+
171
+        /*
172
+         * TS24.301
173
+         * Section 4.4.4.3
174
+         * Integrity checking of NAS signalling messages in the MME:
175
+         *
176
+         * Once the secure exchange of NAS messages has been established
177
+         * for the NAS signalling connection, the receiving EMM or ESM entity
178
+         * in the MME shall not process any NAS signalling messages
179
+         * unless they have been successfully integrity checked by the NAS.
180
+         * If any NAS signalling message, having not successfully passed
181
+         * the integrity check, is received, then the NAS in the MME shall
182
+         * discard that message. If any NAS signalling message is received,
183
+         * as not integrity protected even though the secure exchange
184
+         * of NAS messages has been established, then the NAS shall discard
185
+         * this message.
186
+         */
187
+            h.type = e->nas_type;
188
+            if (h.integrity_protected == 0) {
189
+                ogs_error("%s No Integrity Protected", mme_ue->imsi_bcd);
190
+                break;
191
+            }
192
+
193
+            if (!SECURITY_CONTEXT_IS_VALID(mme_ue)) {
194
+                ogs_error("%s No Security Context", mme_ue->imsi_bcd);
195
+                break;
196
+            }
197
+
198
+            /*
199
+             * If the OLD ENB_UE is being maintained in MME-UE Context,
200
+             * it deletes the S1 Context after exchanging
201
+             * the UEContextReleaseCommand/Complete with the eNB
202
+             */
203
+            CLEAR_S1_CONTEXT(mme_ue);
204
+
205
+            CLEAR_MME_UE_TIMER(mme_ue->t3450);
206
+
207
+            /* Confirm GUTI */
208
+            if (MME_NEXT_GUTI_IS_AVAILABLE(mme_ue))
209
+                mme_ue_confirm_guti(mme_ue);
210
+
211
+            /* Confirm P-TMSI */
212
+            if (MME_NEXT_P_TMSI_IS_AVAILABLE(mme_ue)) {
213
+                mme_ue_confirm_p_tmsi(mme_ue);
214
+
215
+                ogs_assert(OGS_OK ==
216
+                    sgsap_send_tmsi_reallocation_complete(mme_ue));
217
+
218
+                if (!mme_ue->nas_eps.update.active_flag) {
219
+                    enb_ue->relcause.group = S1AP_Cause_PR_nas;
220
+                    enb_ue->relcause.cause = S1AP_CauseNas_normal_release;
221
+                    mme_send_release_access_bearer_or_ue_context_release(
222
+                            enb_ue);
223
+                }
224
+            }
225
             break;
226
 
227
         default:
228
@@ -1117,7 +1213,7 @@
229
              */
230
             CLEAR_S1_CONTEXT(mme_ue);
231
 
232
-            if (MME_P_TMSI_IS_AVAILABLE(mme_ue)) {
233
+            if (MME_CURRENT_P_TMSI_IS_AVAILABLE(mme_ue)) {
234
                 ogs_assert(OGS_OK == sgsap_send_detach_indication(mme_ue));
235
             } else {
236
                 mme_send_delete_session_or_detach(enb_ue, mme_ue);
237
@@ -1283,7 +1379,7 @@
238
 
239
             mme_s6a_send_ulr(enb_ue, mme_ue);
240
 
241
-            if (mme_ue->next.m_tmsi) {
242
+            if (MME_NEXT_GUTI_IS_AVAILABLE(mme_ue)) {
243
                 OGS_FSM_TRAN(s, &emm_state_initial_context_setup);
244
             } else {
245
                 ogs_fatal("MME always creates new GUTI");
246
@@ -1358,7 +1454,7 @@
247
              */
248
             CLEAR_S1_CONTEXT(mme_ue);
249
 
250
-            if (MME_P_TMSI_IS_AVAILABLE(mme_ue)) {
251
+            if (MME_CURRENT_P_TMSI_IS_AVAILABLE(mme_ue)) {
252
                 ogs_assert(OGS_OK == sgsap_send_detach_indication(mme_ue));
253
             } else {
254
                 mme_send_delete_session_or_detach(enb_ue, mme_ue);
255
@@ -1496,18 +1592,21 @@
256
             }
257
 
258
             /* Confirm GUTI */
259
-            if (mme_ue->next.m_tmsi)
260
+            if (MME_NEXT_GUTI_IS_AVAILABLE(mme_ue))
261
                 mme_ue_confirm_guti(mme_ue);
262
 
263
-            if (MME_P_TMSI_IS_AVAILABLE(mme_ue))
264
+            /* Confirm P-TMSI */
265
+            if (MME_NEXT_P_TMSI_IS_AVAILABLE(mme_ue)) {
266
+                mme_ue_confirm_p_tmsi(mme_ue);
267
                 ogs_assert(OGS_OK ==
268
                     sgsap_send_tmsi_reallocation_complete(mme_ue));
269
+            }
270
 
271
             OGS_FSM_TRAN(s, &emm_state_registered);
272
             break;
273
 
274
         case OGS_NAS_EPS_TRACKING_AREA_UPDATE_COMPLETE:
275
-            ogs_debug("%s Tracking area update complete", mme_ue->imsi_bcd);
276
+            ogs_info("%s Tracking area update complete", mme_ue->imsi_bcd);
277
 
278
         /*
279
          * TS24.301
280
@@ -1546,9 +1645,24 @@
281
             CLEAR_MME_UE_TIMER(mme_ue->t3450);
282
 
283
             /* Confirm GUTI */
284
-            if (mme_ue->next.m_tmsi)
285
+            if (MME_NEXT_GUTI_IS_AVAILABLE(mme_ue))
286
                 mme_ue_confirm_guti(mme_ue);
287
 
288
+            /* Confirm P-TMSI */
289
+            if (MME_NEXT_P_TMSI_IS_AVAILABLE(mme_ue)) {
290
+                mme_ue_confirm_p_tmsi(mme_ue);
291
+
292
+                ogs_assert(OGS_OK ==
293
+                    sgsap_send_tmsi_reallocation_complete(mme_ue));
294
+
295
+                if (!mme_ue->nas_eps.update.active_flag) {
296
+                    enb_ue->relcause.group = S1AP_Cause_PR_nas;
297
+                    enb_ue->relcause.cause = S1AP_CauseNas_normal_release;
298
+                    mme_send_release_access_bearer_or_ue_context_release(
299
+                            enb_ue);
300
+                }
301
+            }
302
+
303
             OGS_FSM_TRAN(s, &emm_state_registered);
304
             break;
305
 
306
@@ -1613,7 +1727,7 @@
307
              */
308
             CLEAR_S1_CONTEXT(mme_ue);
309
 
310
-            if (MME_P_TMSI_IS_AVAILABLE(mme_ue)) {
311
+            if (MME_CURRENT_P_TMSI_IS_AVAILABLE(mme_ue)) {
312
                 ogs_assert(OGS_OK == sgsap_send_detach_indication(mme_ue));
313
             } else {
314
                 mme_send_delete_session_or_detach(enb_ue, mme_ue);
315
open5gs_2.7.2.4536.c888.202411042026.tar.xz/src/mme/mme-context.c -> open5gs_2.7.2.4538.4211.202411052026.tar.xz/src/mme/mme-context.c Changed
78
 
1
@@ -3300,7 +3300,7 @@
2
     ogs_assert(served_gummei->num_of_mme_gid > 0);
3
     ogs_assert(served_gummei->num_of_mme_code > 0);
4
 
5
-    if (mme_ue->next.m_tmsi) {
6
+    if (MME_NEXT_GUTI_IS_AVAILABLE(mme_ue)) {
7
         ogs_warn("GUTI has already been allocated");
8
         return;
9
     }
10
@@ -3320,9 +3320,9 @@
11
 
12
 void mme_ue_confirm_guti(mme_ue_t *mme_ue)
13
 {
14
-    ogs_assert(mme_ue->next.m_tmsi);
15
+    ogs_assert(MME_NEXT_GUTI_IS_AVAILABLE(mme_ue));
16
 
17
-    if (mme_ue->current.m_tmsi) {
18
+    if (MME_CURRENT_GUTI_IS_AVAILABLE(mme_ue)) {
19
         /* MME has a VALID GUTI
20
          * As such, we need to remove previous GUTI in hash table */
21
         ogs_hash_set(self.guti_ue_hash,
22
@@ -3348,6 +3348,37 @@
23
               mme_ue->current.guti.m_tmsi);
24
 }
25
 
26
+void mme_ue_set_p_tmsi(
27
+        mme_ue_t *mme_ue,
28
+        ogs_nas_mobile_identity_tmsi_t *nas_mobile_identity_tmsi)
29
+{
30
+    ogs_assert(mme_ue);
31
+    ogs_assert(nas_mobile_identity_tmsi);
32
+
33
+    /*
34
+     * If the P-TMSI received from MSC/VLR is different from the current P-TMSI
35
+     * known by the MME, store this new P-TMSI as 'Next P-TMSI'. This value will
36
+     * be sent to the UE through the Attach Accept or TAU Accept message.
37
+     *
38
+     * When the UE sends an Attach Complete or TAU Complete message,
39
+     * the MME updates the 'Current P-TMSI' with the value in 'Next P-TMSI',
40
+     * thereby confirming and saving the new P-TMSI.
41
+     */
42
+    mme_ue->next.p_tmsi = be32toh(nas_mobile_identity_tmsi->tmsi);
43
+    if (mme_ue->next.p_tmsi != INVALID_P_TMSI) {
44
+        if (mme_ue->current.p_tmsi == mme_ue->next.p_tmsi)
45
+            mme_ue->next.p_tmsi = INVALID_P_TMSI;
46
+    }
47
+}
48
+void mme_ue_confirm_p_tmsi(mme_ue_t *mme_ue)
49
+{
50
+    ogs_assert(mme_ue);
51
+    ogs_assert(mme_ue->next.p_tmsi);
52
+
53
+    mme_ue->current.p_tmsi = mme_ue->next.p_tmsi;
54
+    mme_ue->next.p_tmsi = INVALID_P_TMSI;
55
+}
56
+
57
 static bool compare_ue_info(mme_sgw_t *node, enb_ue_t *enb_ue)
58
 {
59
     int i;
60
@@ -3567,14 +3598,15 @@
61
         ogs_hash_set(mme_self()->imsi_ue_hash,
62
                 mme_ue->imsi, mme_ue->imsi_len, NULL);
63
 
64
-    if (mme_ue->current.m_tmsi) {
65
+    if (MME_CURRENT_GUTI_IS_AVAILABLE(mme_ue)) {
66
         ogs_hash_set(self.guti_ue_hash,
67
                 &mme_ue->current.guti, sizeof(ogs_nas_eps_guti_t), NULL);
68
         ogs_assert(mme_m_tmsi_free(mme_ue->current.m_tmsi) == OGS_OK);
69
     }
70
 
71
-    if (mme_ue->next.m_tmsi)
72
+    if (MME_NEXT_GUTI_IS_AVAILABLE(mme_ue)) {
73
         ogs_assert(mme_m_tmsi_free(mme_ue->next.m_tmsi) == OGS_OK);
74
+    }
75
 
76
     /* Clear the saved PDN Connectivity Request */
77
     OGS_NAS_CLEAR_DATA(&mme_ue->pdn_connectivity_request);
78
open5gs_2.7.2.4536.c888.202411042026.tar.xz/src/mme/mme-context.h -> open5gs_2.7.2.4538.4211.202411052026.tar.xz/src/mme/mme-context.h Changed
72
 
1
@@ -204,8 +204,6 @@
2
 #define MME_SGSAP_IS_CONNECTED(__mME) \
3
     ((__mME) && ((__mME)->csmap) && ((__mME)->csmap->vlr) && \
4
      (OGS_FSM_CHECK(&(__mME)->csmap->vlr->sm, sgsap_state_connected)))
5
-#define MME_P_TMSI_IS_AVAILABLE(__mME) \
6
-    (MME_SGSAP_IS_CONNECTED(__mME) && (__mME)->p_tmsi)
7
 
8
 typedef struct mme_vlr_s {
9
     ogs_lnode_t     lnode;
10
@@ -363,6 +361,11 @@
11
         ogs_nas_detach_type_t detach;
12
     } nas_eps;
13
 
14
+#define MME_TAU_TYPE_INITIAL_UE_MESSAGE    1
15
+#define MME_TAU_TYPE_UPLINK_NAS_TRANPORT   2
16
+#define MME_TAU_TYPE_UNPROTECTED_INGERITY  3
17
+    uint8_t tracking_area_update_request_type;
18
+
19
     /* 1. MME initiated detach request to the UE.
20
      *    (nas_eps.type = MME_EPS_TYPE_DETACH_REQUEST_TO_UE)
21
      * 2. If UE is IDLE, Paging sent to the UE
22
@@ -403,7 +406,6 @@
23
     int             a_msisdn_len;
24
     char            a_msisdn_bcdOGS_MAX_MSISDN_BCD_LEN+1;
25
 
26
-    mme_p_tmsi_t    p_tmsi;
27
     struct {
28
         ogs_pool_id_t   *mme_gn_teid_node; /* A node of MME-Gn-TEID */
29
         uint32_t        mme_gn_teid;   /* MME-Gn-TEID is derived from NODE */
30
@@ -416,8 +418,15 @@
31
     } gn;
32
 
33
     struct {
34
+#define MME_NEXT_GUTI_IS_AVAILABLE(__mME) ((__mME)->next.m_tmsi)
35
+#define MME_CURRENT_GUTI_IS_AVAILABLE(__mME) ((__mME)->current.m_tmsi)
36
         mme_m_tmsi_t *m_tmsi;
37
         ogs_nas_eps_guti_t guti;
38
+#define MME_NEXT_P_TMSI_IS_AVAILABLE(__mME) \
39
+    (MME_SGSAP_IS_CONNECTED(__mME) && (__mME)->next.p_tmsi)
40
+#define MME_CURRENT_P_TMSI_IS_AVAILABLE(__mME) \
41
+    (MME_SGSAP_IS_CONNECTED(__mME) && (__mME)->current.p_tmsi)
42
+        mme_p_tmsi_t    p_tmsi;
43
     } current, next;
44
 
45
     ogs_pool_id_t   *mme_s11_teid_node; /* A node of MME-S11-TEID */
46
@@ -659,10 +668,10 @@
47
     } while(0);
48
 
49
 #define CS_CALL_SERVICE_INDICATOR(__mME) \
50
-    (MME_P_TMSI_IS_AVAILABLE(__mME) && \
51
+    (MME_CURRENT_P_TMSI_IS_AVAILABLE(__mME) && \
52
      ((__mME)->service_indicator) == SGSAP_CS_CALL_SERVICE_INDICATOR)
53
 #define SMS_SERVICE_INDICATOR(__mME) \
54
-    (MME_P_TMSI_IS_AVAILABLE(__mME) && \
55
+    (MME_CURRENT_P_TMSI_IS_AVAILABLE(__mME) && \
56
      ((__mME)->service_indicator) == SGSAP_SMS_SERVICE_INDICATOR)
57
     uint8_t         service_indicator;
58
 
59
@@ -981,6 +990,12 @@
60
 void mme_ue_new_guti(mme_ue_t *mme_ue);
61
 void mme_ue_confirm_guti(mme_ue_t *mme_ue);
62
 
63
+#define INVALID_P_TMSI 0
64
+void mme_ue_set_p_tmsi(
65
+        mme_ue_t *mme_ue,
66
+        ogs_nas_mobile_identity_tmsi_t *nas_mobile_identity_tmsi);
67
+void mme_ue_confirm_p_tmsi(mme_ue_t *mme_ue);
68
+
69
 mme_ue_t *mme_ue_add(enb_ue_t *enb_ue);
70
 void mme_ue_remove(mme_ue_t *mme_ue);
71
 void mme_ue_remove_all(void);
72
open5gs_2.7.2.4536.c888.202411042026.tar.xz/src/mme/mme-path.c -> open5gs_2.7.2.4538.4211.202411052026.tar.xz/src/mme/mme-path.c Changed
10
 
1
@@ -302,7 +302,7 @@
2
             r = nas_eps_send_detach_request(mme_ue);
3
             ogs_expect(r == OGS_OK);
4
             ogs_assert(r != OGS_ERROR);
5
-            if (MME_P_TMSI_IS_AVAILABLE(mme_ue)) {
6
+            if (MME_CURRENT_P_TMSI_IS_AVAILABLE(mme_ue)) {
7
                 ogs_assert(OGS_OK == sgsap_send_detach_indication(mme_ue));
8
             } else {
9
                 enb_ue_t *enb_ue = enb_ue_find_by_id(mme_ue->enb_ue_id);
10
open5gs_2.7.2.4536.c888.202411042026.tar.xz/src/mme/mme-s6a-handler.c -> open5gs_2.7.2.4538.4211.202411052026.tar.xz/src/mme/mme-s6a-handler.c Changed
50
 
1
@@ -123,10 +123,26 @@
2
             return OGS_NAS_EMM_CAUSE_NO_EPS_BEARER_CONTEXT_ACTIVATED;
3
         }
4
 
5
-        r = nas_eps_send_tau_accept(mme_ue,
6
-                S1AP_ProcedureCode_id_InitialContextSetup);
7
-        ogs_expect(r == OGS_OK);
8
-        ogs_assert(r != OGS_ERROR);
9
+        /* Update CSMAP from Tracking area update request */
10
+        mme_ue->csmap = mme_csmap_find_by_tai(&mme_ue->tai);
11
+        if (mme_ue->csmap &&
12
+            mme_ue->network_access_mode ==
13
+                OGS_NETWORK_ACCESS_MODE_PACKET_AND_CIRCUIT &&
14
+            (mme_ue->nas_eps.update.value ==
15
+             OGS_NAS_EPS_UPDATE_TYPE_COMBINED_TA_LA_UPDATING ||
16
+             mme_ue->nas_eps.update.value ==
17
+             OGS_NAS_EPS_UPDATE_TYPE_COMBINED_TA_LA_UPDATING_WITH_IMSI_ATTACH)) {
18
+
19
+            mme_ue->tracking_area_update_request_type =
20
+                MME_TAU_TYPE_UNPROTECTED_INGERITY;
21
+            ogs_assert(OGS_OK == sgsap_send_location_update_request(mme_ue));
22
+
23
+        } else {
24
+            r = nas_eps_send_tau_accept(mme_ue,
25
+                    S1AP_ProcedureCode_id_InitialContextSetup);
26
+            ogs_expect(r == OGS_OK);
27
+            ogs_assert(r != OGS_ERROR);
28
+        }
29
     } else {
30
         ogs_error("Invalid Type%d", mme_ue->nas_eps.type);
31
         return OGS_NAS_EMM_CAUSE_PROTOCOL_ERROR_UNSPECIFIED;
32
@@ -275,7 +291,7 @@
33
             r = nas_eps_send_detach_request(mme_ue);
34
             ogs_expect(r == OGS_OK);
35
             ogs_assert(r != OGS_ERROR);
36
-            if (MME_P_TMSI_IS_AVAILABLE(mme_ue)) {
37
+            if (MME_CURRENT_P_TMSI_IS_AVAILABLE(mme_ue)) {
38
                 ogs_assert(OGS_OK == sgsap_send_detach_indication(mme_ue));
39
             } else {
40
                 enb_ue_t *enb_ue = enb_ue_find_by_id(mme_ue->enb_ue_id);
41
@@ -304,7 +320,7 @@
42
          * There is no need to send NAS or S1AP message to the UE.
43
          * So, we don't have to check whether UE is IDLE or not.
44
          */
45
-        if (MME_P_TMSI_IS_AVAILABLE(mme_ue)) {
46
+        if (MME_CURRENT_P_TMSI_IS_AVAILABLE(mme_ue)) {
47
             ogs_assert(OGS_OK == sgsap_send_detach_indication(mme_ue));
48
         } else {
49
             enb_ue_t *enb_ue = enb_ue_find_by_id(mme_ue->enb_ue_id);
50
open5gs_2.7.2.4536.c888.202411042026.tar.xz/src/mme/nas-path.c -> open5gs_2.7.2.4538.4211.202411052026.tar.xz/src/mme/nas-path.c Changed
27
 
1
@@ -857,17 +857,15 @@
2
         return OGS_ERROR;
3
     }
4
 
5
-    if (mme_ue->next.m_tmsi) {
6
-        CLEAR_MME_UE_TIMER(mme_ue->t3450);
7
-        mme_ue->t3450.pkbuf = ogs_pkbuf_copy(emmbuf);
8
-        if (!mme_ue->t3450.pkbuf) {
9
-            ogs_error("ogs_pkbuf_copy(mme_ue->t3450.pkbuf) failed");
10
-            ogs_pkbuf_free(emmbuf);
11
-            return OGS_ERROR;
12
-        }
13
-        ogs_timer_start(mme_ue->t3450.timer,
14
-                mme_timer_cfg(MME_TIMER_T3450)->duration);
15
+    CLEAR_MME_UE_TIMER(mme_ue->t3450);
16
+    mme_ue->t3450.pkbuf = ogs_pkbuf_copy(emmbuf);
17
+    if (!mme_ue->t3450.pkbuf) {
18
+        ogs_error("ogs_pkbuf_copy(mme_ue->t3450.pkbuf) failed");
19
+        ogs_pkbuf_free(emmbuf);
20
+        return OGS_ERROR;
21
     }
22
+    ogs_timer_start(mme_ue->t3450.timer,
23
+            mme_timer_cfg(MME_TIMER_T3450)->duration);
24
 
25
     if (procedureCode == S1AP_ProcedureCode_id_InitialContextSetup) {
26
         ogs_pkbuf_t *s1apbuf = NULL;
27
open5gs_2.7.2.4536.c888.202411042026.tar.xz/src/mme/s1ap-build.c -> open5gs_2.7.2.4538.4211.202411052026.tar.xz/src/mme/s1ap-build.c Changed
37
 
1
@@ -692,7 +692,7 @@
2
     ogs_log_hexdump(OGS_LOG_DEBUG, SecurityKey->buf, SecurityKey->size);
3
 
4
     if (mme_ue->nas_eps.type == MME_EPS_TYPE_EXTENDED_SERVICE_REQUEST &&
5
-        MME_P_TMSI_IS_AVAILABLE(mme_ue)) {
6
+        MME_CURRENT_P_TMSI_IS_AVAILABLE(mme_ue)) {
7
 
8
         /* Set CS-Fallback */
9
         S1AP_CSFallbackIndicator_t *CSFallbackIndicator = NULL;
10
@@ -727,7 +727,7 @@
11
         ogs_s1ap_buffer_to_OCTET_STRING(
12
             &mme_ue->tai.plmn_id, sizeof(ogs_plmn_id_t), &LAI->pLMNidentity);
13
         ogs_assert(mme_ue->csmap);
14
-        ogs_assert(mme_ue->p_tmsi);
15
+        ogs_assert(mme_ue->current.p_tmsi);
16
         ogs_asn_uint16_to_OCTET_STRING(mme_ue->csmap->lai.lac, &LAI->lAC);
17
 
18
     }
19
@@ -891,7 +891,7 @@
20
             enb_ue->enb_ue_s1ap_id, enb_ue->mme_ue_s1ap_id);
21
 
22
     if (mme_ue->nas_eps.type == MME_EPS_TYPE_EXTENDED_SERVICE_REQUEST &&
23
-        MME_P_TMSI_IS_AVAILABLE(mme_ue)) {
24
+        MME_CURRENT_P_TMSI_IS_AVAILABLE(mme_ue)) {
25
         ie = CALLOC(1, sizeof(S1AP_UEContextModificationRequestIEs_t));
26
         ASN_SEQUENCE_ADD(&UEContextModificationRequest->protocolIEs, ie);
27
 
28
@@ -919,7 +919,7 @@
29
         ogs_s1ap_buffer_to_OCTET_STRING(
30
             &mme_ue->tai.plmn_id, sizeof(ogs_plmn_id_t), &LAI->pLMNidentity);
31
         ogs_assert(mme_ue->csmap);
32
-        ogs_assert(mme_ue->p_tmsi);
33
+        ogs_assert(mme_ue->current.p_tmsi);
34
         ogs_asn_uint16_to_OCTET_STRING(mme_ue->csmap->lai.lac, &LAI->lAC);
35
 
36
     } else {
37
open5gs_2.7.2.4536.c888.202411042026.tar.xz/src/mme/sgsap-handler.c -> open5gs_2.7.2.4538.4211.202411052026.tar.xz/src/mme/sgsap-handler.c Changed
257
 
1
@@ -101,6 +101,12 @@
2
         goto error;
3
     }
4
 
5
+    enb_ue = enb_ue_find_by_id(mme_ue->enb_ue_id);
6
+    if (!enb_ue) {
7
+        ogs_error("!enb_ue");
8
+        goto error;
9
+    }
10
+
11
     ogs_debug("    IMSI%s", mme_ue->imsi_bcd);
12
     if (lai) {
13
         ogs_debug("    LAIPLMN_ID:%06x,LAC:%d",
14
@@ -109,38 +115,125 @@
15
 
16
     if (nas_mobile_identity_tmsi) {
17
         if (nas_mobile_identity_tmsi->type == OGS_NAS_MOBILE_IDENTITY_TMSI) {
18
-            mme_ue->p_tmsi = be32toh(nas_mobile_identity_tmsi->tmsi);
19
+            mme_ue_set_p_tmsi(mme_ue, nas_mobile_identity_tmsi);
20
         } else {
21
             ogs_error("Not supported Identity type%d",
22
                     nas_mobile_identity_tmsi->type);
23
             goto error;
24
         }
25
-        ogs_debug("    P-TMSI0x%08x", mme_ue->p_tmsi);
26
+        ogs_debug("    P-TMSI0x%08x", mme_ue->next.p_tmsi);
27
     }
28
 
29
-    r = nas_eps_send_attach_accept(mme_ue);
30
-    ogs_expect(r == OGS_OK);
31
-    ogs_assert(r != OGS_ERROR);
32
+    if (mme_ue->nas_eps.type == MME_EPS_TYPE_ATTACH_REQUEST) {
33
+        r = nas_eps_send_attach_accept(mme_ue);
34
+        ogs_expect(r == OGS_OK);
35
+        ogs_assert(r != OGS_ERROR);
36
+    } else if (mme_ue->nas_eps.type == MME_EPS_TYPE_TAU_REQUEST) {
37
+        if (mme_ue->tracking_area_update_request_type ==
38
+                MME_TAU_TYPE_INITIAL_UE_MESSAGE) {
39
+            ogs_debug("    Iniital UE Message");
40
+            if (mme_ue->nas_eps.update.active_flag) {
41
+
42
+/*
43
+* TS33.401
44
+* 7 Security procedures between UE and EPS access network elements
45
+* 7.2 Handling of user-related keys in E-UTRAN
46
+* 7.2.7 Key handling for the TAU procedure when registered in E-UTRAN
47
+*
48
+* If the "active flag" is set in the TAU request message or
49
+* the MME chooses to establish radio bearers when there is pending downlink
50
+* UP data or pending downlink signalling, radio bearers will be established
51
+* as part of the TAU procedure and a KeNB derivation is necessary.
52
+*/
53
+                ogs_kdf_kenb(mme_ue->kasme, mme_ue->ul_count.i32,
54
+                        mme_ue->kenb);
55
+                ogs_kdf_nh_enb(mme_ue->kasme, mme_ue->kenb, mme_ue->nh);
56
+                mme_ue->nhcc = 1;
57
+
58
+                r = nas_eps_send_tau_accept(mme_ue,
59
+                        S1AP_ProcedureCode_id_InitialContextSetup);
60
+                ogs_expect(r == OGS_OK);
61
+                ogs_assert(r != OGS_ERROR);
62
+            } else {
63
+                r = nas_eps_send_tau_accept(mme_ue,
64
+                        S1AP_ProcedureCode_id_downlinkNASTransport);
65
+                ogs_expect(r == OGS_OK);
66
+                ogs_assert(r != OGS_ERROR);
67
+            }
68
+        } else if (mme_ue->tracking_area_update_request_type ==
69
+                MME_TAU_TYPE_UPLINK_NAS_TRANPORT) {
70
+            ogs_debug("    Uplink NAS Transport");
71
+            r = nas_eps_send_tau_accept(mme_ue,
72
+                    S1AP_ProcedureCode_id_downlinkNASTransport);
73
+            ogs_expect(r == OGS_OK);
74
+            ogs_assert(r != OGS_ERROR);
75
+        } else if (mme_ue->tracking_area_update_request_type ==
76
+                MME_TAU_TYPE_UNPROTECTED_INGERITY) {
77
+            ogs_debug("    Unprotected Integrity");
78
+            r = nas_eps_send_tau_accept(mme_ue,
79
+                    S1AP_ProcedureCode_id_InitialContextSetup);
80
+            ogs_expect(r == OGS_OK);
81
+        } else {
82
+            ogs_error("Invalid TAU Type%d",
83
+                    mme_ue->tracking_area_update_request_type);
84
+            return;
85
+        }
86
+
87
+        /*
88
+         * When active_flag is 0, check if the P-TMSI has been updated.
89
+         * If the P-TMSI has changed, wait to receive the TAU Complete message
90
+         * from the UE before sending the UEContextReleaseCommand.
91
+         *
92
+         * This ensures that the UE has acknowledged the new P-TMSI,
93
+         * allowing the TAU procedure to complete successfully
94
+         * and maintaining synchronization between the UE and the network.
95
+         */
96
+        if (!mme_ue->nas_eps.update.active_flag &&
97
+            !MME_NEXT_P_TMSI_IS_AVAILABLE(mme_ue)) {
98
+            enb_ue->relcause.group = S1AP_Cause_PR_nas;
99
+            enb_ue->relcause.cause = S1AP_CauseNas_normal_release;
100
+            mme_send_release_access_bearer_or_ue_context_release(enb_ue);
101
+        }
102
+    } else {
103
+        ogs_fatal("%s Invalid EPS-Type%d",
104
+                mme_ue->imsi_bcd, mme_ue->nas_eps.type);
105
+        ogs_assert_if_reached();
106
+    }
107
 
108
     return;
109
 
110
 error:
111
-    /* Clang scan-build SA: NULL pointer dereference: mme_ue=NULL if root=NULL. */
112
+    /* Clang scan-build SA:
113
+     * NULL pointer dereference: mme_ue=NULL if root=NULL. */
114
     if (!mme_ue) {
115
         ogs_error("!mme_ue");
116
         return;
117
-    }  
118
+    }
119
     enb_ue = enb_ue_find_by_id(mme_ue->enb_ue_id);
120
-    if (enb_ue) {
121
+    if (!enb_ue) {
122
+        ogs_error("ENB-S1 Context has already been removed");
123
+        return;
124
+    }
125
+
126
+    if (mme_ue->nas_eps.type == MME_EPS_TYPE_ATTACH_REQUEST) {
127
         r = nas_eps_send_attach_reject(
128
                 enb_ue, mme_ue,
129
                 OGS_NAS_EMM_CAUSE_PROTOCOL_ERROR_UNSPECIFIED,
130
                 OGS_NAS_ESM_CAUSE_PROTOCOL_ERROR_UNSPECIFIED);
131
         ogs_expect(r == OGS_OK);
132
         ogs_assert(r != OGS_ERROR);
133
-        mme_send_delete_session_or_mme_ue_context_release(enb_ue, mme_ue);
134
-    } else
135
-        ogs_error("ENB-S1 Context has already been removed");
136
+    } else if (mme_ue->nas_eps.type == MME_EPS_TYPE_TAU_REQUEST) {
137
+        r = nas_eps_send_tau_reject(
138
+                enb_ue, mme_ue,
139
+                OGS_NAS_EMM_CAUSE_UE_IDENTITY_CANNOT_BE_DERIVED_BY_THE_NETWORK);
140
+        ogs_expect(r == OGS_OK);
141
+        ogs_assert(r != OGS_ERROR);
142
+    } else {
143
+        ogs_fatal("%s Invalid EPS-Type%d",
144
+                mme_ue->imsi_bcd, mme_ue->nas_eps.type);
145
+        ogs_assert_if_reached();
146
+    }
147
+    mme_send_delete_session_or_mme_ue_context_release(enb_ue, mme_ue);
148
 }
149
 
150
 void sgsap_handle_location_update_reject(mme_vlr_t *vlr, ogs_pkbuf_t *pkbuf)
151
@@ -148,6 +241,7 @@
152
     int r;
153
     ogs_tlv_t *root = NULL, *iter = NULL;
154
     mme_ue_t *mme_ue = NULL;
155
+    enb_ue_t *enb_ue = NULL;
156
 
157
     char imsi_bcdOGS_MAX_IMSI_BCD_LEN+1;
158
 
159
@@ -215,15 +309,94 @@
160
         return;
161
     }
162
 
163
+    enb_ue = enb_ue_find_by_id(mme_ue->enb_ue_id);
164
+    if (!enb_ue) {
165
+        ogs_error("!enb_ue");
166
+        goto error;
167
+    }
168
+
169
     ogs_debug("    IMSI%s CAUSE%d", mme_ue->imsi_bcd, emm_cause);
170
     if (lai) {
171
         ogs_debug("    LAIPLMN_ID:%06x,LAC:%d",
172
                     ogs_plmn_id_hexdump(&lai->nas_plmn_id), lai->lac);
173
     }
174
 
175
-    r = nas_eps_send_attach_accept(mme_ue);
176
-    ogs_expect(r == OGS_OK);
177
-    ogs_assert(r != OGS_ERROR);
178
+    if (mme_ue->nas_eps.type == MME_EPS_TYPE_ATTACH_REQUEST) {
179
+        r = nas_eps_send_attach_accept(mme_ue);
180
+        ogs_expect(r == OGS_OK);
181
+        ogs_assert(r != OGS_ERROR);
182
+    } else if (mme_ue->nas_eps.type == MME_EPS_TYPE_TAU_REQUEST) {
183
+        if (mme_ue->tracking_area_update_request_type ==
184
+                MME_TAU_TYPE_INITIAL_UE_MESSAGE) {
185
+            ogs_debug("    Iniital UE Message");
186
+            if (mme_ue->nas_eps.update.active_flag) {
187
+
188
+/*
189
+* TS33.401
190
+* 7 Security procedures between UE and EPS access network elements
191
+* 7.2 Handling of user-related keys in E-UTRAN
192
+* 7.2.7 Key handling for the TAU procedure when registered in E-UTRAN
193
+*
194
+* If the "active flag" is set in the TAU request message or
195
+* the MME chooses to establish radio bearers when there is pending downlink
196
+* UP data or pending downlink signalling, radio bearers will be established
197
+* as part of the TAU procedure and a KeNB derivation is necessary.
198
+*/
199
+                ogs_kdf_kenb(mme_ue->kasme, mme_ue->ul_count.i32,
200
+                        mme_ue->kenb);
201
+                ogs_kdf_nh_enb(mme_ue->kasme, mme_ue->kenb, mme_ue->nh);
202
+                mme_ue->nhcc = 1;
203
+
204
+                r = nas_eps_send_tau_accept(mme_ue,
205
+                        S1AP_ProcedureCode_id_InitialContextSetup);
206
+                ogs_expect(r == OGS_OK);
207
+                ogs_assert(r != OGS_ERROR);
208
+            } else {
209
+                r = nas_eps_send_tau_accept(mme_ue,
210
+                        S1AP_ProcedureCode_id_downlinkNASTransport);
211
+                ogs_expect(r == OGS_OK);
212
+                ogs_assert(r != OGS_ERROR);
213
+            }
214
+        } else if (mme_ue->tracking_area_update_request_type ==
215
+                MME_TAU_TYPE_UPLINK_NAS_TRANPORT) {
216
+            ogs_debug("    Uplink NAS Transport");
217
+            r = nas_eps_send_tau_accept(mme_ue,
218
+                    S1AP_ProcedureCode_id_downlinkNASTransport);
219
+            ogs_expect(r == OGS_OK);
220
+            ogs_assert(r != OGS_ERROR);
221
+        } else if (mme_ue->tracking_area_update_request_type ==
222
+                MME_TAU_TYPE_UNPROTECTED_INGERITY) {
223
+            ogs_debug("    Unprotected Integrity");
224
+            r = nas_eps_send_tau_accept(mme_ue,
225
+                    S1AP_ProcedureCode_id_InitialContextSetup);
226
+            ogs_expect(r == OGS_OK);
227
+        } else {
228
+            ogs_error("Invalid TAU Type%d",
229
+                    mme_ue->tracking_area_update_request_type);
230
+            return;
231
+        }
232
+
233
+        /*
234
+         * When active_flag is 0, check if the P-TMSI has been updated.
235
+         * If the P-TMSI has changed, wait to receive the TAU Complete message
236
+         * from the UE before sending the UEContextReleaseCommand.
237
+         *
238
+         * This ensures that the UE has acknowledged the new P-TMSI,
239
+         * allowing the TAU procedure to complete successfully
240
+         * and maintaining synchronization between the UE and the network.
241
+         */
242
+        if (!mme_ue->nas_eps.update.active_flag &&
243
+            !MME_NEXT_P_TMSI_IS_AVAILABLE(mme_ue)) {
244
+            ogs_fatal("NEXT = %d", MME_NEXT_P_TMSI_IS_AVAILABLE(mme_ue));
245
+            enb_ue->relcause.group = S1AP_Cause_PR_nas;
246
+            enb_ue->relcause.cause = S1AP_CauseNas_normal_release;
247
+            mme_send_release_access_bearer_or_ue_context_release(enb_ue);
248
+        }
249
+    } else {
250
+        ogs_fatal("%s Invalid EPS-Type%d",
251
+                mme_ue->imsi_bcd, mme_ue->nas_eps.type);
252
+        ogs_assert_if_reached();
253
+    }
254
 
255
     return;
256
 
257
open5gs_2.7.2.4536.c888.202411042026.tar.xz/src/smf/ngap-build.c -> open5gs_2.7.2.4538.4211.202411052026.tar.xz/src/smf/ngap-build.c Changed
31
 
1
@@ -85,7 +85,8 @@
2
 
3
     ogs_assert(OGS_OK == ogs_sockaddr_to_ip(
4
                 sess->upf_n3_addr, sess->upf_n3_addr6, &upf_n3_ip));
5
-    ogs_asn_ip_to_BIT_STRING(&upf_n3_ip, &gTPTunnel->transportLayerAddress);
6
+    ogs_assert(OGS_OK == ogs_asn_ip_to_BIT_STRING(
7
+                &upf_n3_ip, &gTPTunnel->transportLayerAddress));
8
     ogs_asn_uint32_to_OCTET_STRING(sess->upf_n3_teid, &gTPTunnel->gTP_TEID);
9
 
10
     if (sess->handover.data_forwarding_not_possible == true) {
11
@@ -477,7 +478,8 @@
12
 
13
     ogs_assert(OGS_OK == ogs_sockaddr_to_ip(
14
                 sess->upf_n3_addr, sess->upf_n3_addr6, &upf_n3_ip));
15
-    ogs_asn_ip_to_BIT_STRING(&upf_n3_ip, &gTPTunnel->transportLayerAddress);
16
+    ogs_assert(OGS_OK == ogs_asn_ip_to_BIT_STRING(
17
+                &upf_n3_ip, &gTPTunnel->transportLayerAddress));
18
     ogs_asn_uint32_to_OCTET_STRING(sess->upf_n3_teid, &gTPTunnel->gTP_TEID);
19
 
20
 #endif
21
@@ -518,7 +520,8 @@
22
         ogs_assert(OGS_OK == ogs_sockaddr_to_ip(
23
                 sess->handover.upf_dl_addr, sess->handover.upf_dl_addr6,
24
                 &upf_dl_ip));
25
-        ogs_asn_ip_to_BIT_STRING(&upf_dl_ip, &gTPTunnel->transportLayerAddress);
26
+        ogs_assert(OGS_OK == ogs_asn_ip_to_BIT_STRING(
27
+                    &upf_dl_ip, &gTPTunnel->transportLayerAddress));
28
         ogs_asn_uint32_to_OCTET_STRING(
29
                 sess->handover.upf_dl_teid, &gTPTunnel->gTP_TEID);
30
 
31
open5gs_2.7.2.4536.c888.202411042026.tar.xz/tests/app/5gc-init.c -> open5gs_2.7.2.4538.4211.202411052026.tar.xz/tests/app/5gc-init.c Changed
10
 
1
@@ -129,7 +129,7 @@
2
      * 
3
      * If freeDiameter is not used, it uses a delay of less than 4 seconds.
4
      */
5
-    ogs_msleep(2000);
6
+    ogs_msleep(3000);
7
 
8
     return OGS_OK;
9
 }
10
open5gs_2.7.2.4536.c888.202411042026.tar.xz/tests/common/sgsap-build.c -> open5gs_2.7.2.4538.4211.202411052026.tar.xz/tests/common/sgsap-build.c Changed
23
 
1
@@ -26,13 +26,21 @@
2
     ogs_pkbuf_t *pkbuf = NULL;
3
     const char *payloadTEST_SGSAP_MAX_MESSAGE = {
4
         "0a01089999073746 000006040509f107 09260e05f49ee88e 64",
5
+        "0a01089999073746 000006040509f107 09260e05f49ee88e 65",
6
+        "0a01089999073746 000006040509f107 09260e05f49ee88e 66",
7
+
8
         "0a01087942120000 000030040527f412 c9580e05f437ab9c c5",
9
         "",
10
+        "",
11
 
12
     };
13
     uint16_t lenTEST_SGSAP_MAX_MESSAGE = {
14
         25,
15
         25,
16
+        25,
17
+
18
+        25,
19
+        0,
20
         0,
21
     };
22
     char hexbufOGS_HUGE_LEN;
23
open5gs_2.7.2.4536.c888.202411042026.tar.xz/tests/csfb/abts-main.c -> open5gs_2.7.2.4538.4211.202411052026.tar.xz/tests/csfb/abts-main.c Changed
17
 
1
@@ -25,6 +25,7 @@
2
 abts_suite *test_mt_active(abts_suite *suite);
3
 abts_suite *test_mo_sms(abts_suite *suite);
4
 abts_suite *test_mt_sms(abts_suite *suite);
5
+abts_suite *test_tau(abts_suite *suite);
6
 abts_suite *test_crash(abts_suite *suite);
7
 
8
 const struct testlist {
9
@@ -36,6 +37,7 @@
10
     {test_mt_active},
11
     {test_mo_sms},
12
     {test_mt_sms},
13
+    {test_tau},
14
     {test_crash},
15
     {NULL},
16
 };
17
open5gs_2.7.2.4536.c888.202411042026.tar.xz/tests/csfb/meson.build -> open5gs_2.7.2.4538.4211.202411052026.tar.xz/tests/csfb/meson.build Changed
9
 
1
@@ -23,6 +23,7 @@
2
     mt-active-test.c
3
     mo-sms-test.c
4
     mt-sms-test.c
5
+    tau-test.c
6
     crash-test.c
7
 '''.split())
8
 
9
open5gs_2.7.2.4538.4211.202411052026.tar.xz/tests/csfb/tau-test.c Added
1540
 
1
@@ -0,0 +1,1538 @@
2
+/*
3
+ * Copyright (C) 2024 by Sukchan Lee <acetcom@gmail.com>
4
+ *
5
+ * This file is part of Open5GS.
6
+ *
7
+ * This program is free software: you can redistribute it and/or modify
8
+ * it under the terms of the GNU Affero General Public License as published by
9
+ * the Free Software Foundation, either version 3 of the License, or
10
+ * (at your option) any later version.
11
+ *
12
+ * This program is distributed in the hope that it will be useful,
13
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
14
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
15
+ * GNU General Public License for more details.
16
+ *
17
+ * You should have received a copy of the GNU General Public License
18
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
19
+ */
20
+
21
+#include "test-common.h"
22
+
23
+extern ogs_socknode_t *sgsap;
24
+
25
+static void test_simple_func(abts_case *tc, void *data)
26
+{
27
+    int rv;
28
+    ogs_socknode_t *s1ap;
29
+    ogs_socknode_t *gtpu;
30
+    ogs_pkbuf_t *emmbuf;
31
+    ogs_pkbuf_t *esmbuf;
32
+    ogs_pkbuf_t *sendbuf;
33
+    ogs_pkbuf_t *recvbuf;
34
+    ogs_s1ap_message_t message;
35
+
36
+    ogs_nas_5gs_mobile_identity_suci_t mobile_identity_suci;
37
+    test_ue_t *test_ue = NULL;
38
+    test_sess_t *sess = NULL;
39
+    test_bearer_t *bearer = NULL;
40
+
41
+    uint32_t enb_ue_s1ap_id;
42
+    uint64_t mme_ue_s1ap_id;
43
+
44
+    bson_t *doc = NULL;
45
+
46
+    /* Setup Test UE & Session Context */
47
+    memset(&mobile_identity_suci, 0, sizeof(mobile_identity_suci));
48
+
49
+    mobile_identity_suci.h.supi_format = OGS_NAS_5GS_SUPI_FORMAT_IMSI;
50
+    mobile_identity_suci.h.type = OGS_NAS_5GS_MOBILE_IDENTITY_SUCI;
51
+    mobile_identity_suci.routing_indicator1 = 0;
52
+    mobile_identity_suci.routing_indicator2 = 0xf;
53
+    mobile_identity_suci.routing_indicator3 = 0xf;
54
+    mobile_identity_suci.routing_indicator4 = 0xf;
55
+    mobile_identity_suci.protection_scheme_id = OGS_PROTECTION_SCHEME_NULL;
56
+    mobile_identity_suci.home_network_pki_value = 0;
57
+
58
+    test_ue = test_ue_add_by_suci(&mobile_identity_suci, "3746000006");
59
+    ogs_assert(test_ue);
60
+
61
+    test_ue->e_cgi.cell_id = 0x54f6401;
62
+    test_ue->nas.ksi = OGS_NAS_KSI_NO_KEY_IS_AVAILABLE;
63
+    test_ue->nas.value = OGS_NAS_ATTACH_TYPE_COMBINED_EPS_IMSI_ATTACH;
64
+
65
+    test_ue->k_string = "465b5ce8b199b49faa5f0a2ee238a6bc";
66
+    test_ue->opc_string = "e8ed289deba952e4283b54e88e6183ca";
67
+
68
+    sess = test_sess_add_by_apn(test_ue, "internet", OGS_GTP2_RAT_TYPE_EUTRAN);
69
+    ogs_assert(sess);
70
+
71
+    /* eNB connects to MME */
72
+    s1ap = tests1ap_client(AF_INET);
73
+    ABTS_PTR_NOTNULL(tc, s1ap);
74
+
75
+    /* eNB connects to SGW */
76
+    gtpu = test_gtpu_server(1, AF_INET);
77
+    ABTS_PTR_NOTNULL(tc, gtpu);
78
+
79
+    /* Send S1-Setup Reqeust */
80
+    sendbuf = test_s1ap_build_s1_setup_request(
81
+            S1AP_ENB_ID_PR_macroENB_ID, 0x54f64);
82
+    ABTS_PTR_NOTNULL(tc, sendbuf);
83
+    rv = testenb_s1ap_send(s1ap, sendbuf);
84
+    ABTS_INT_EQUAL(tc, OGS_OK, rv);
85
+
86
+    /* Receive S1-Setup Response */
87
+    recvbuf = testenb_s1ap_read(s1ap);
88
+    ABTS_PTR_NOTNULL(tc, recvbuf);
89
+    tests1ap_recv(NULL, recvbuf);
90
+
91
+    /********** Insert Subscriber in Database */
92
+    doc = test_db_new_simple(test_ue);
93
+    ABTS_PTR_NOTNULL(tc, doc);
94
+    ABTS_INT_EQUAL(tc, OGS_OK, test_db_insert_ue(test_ue, doc));
95
+
96
+    /* Send Attach Request */
97
+    memset(&sess->pdn_connectivity_param,
98
+            0, sizeof(sess->pdn_connectivity_param));
99
+    sess->pdn_connectivity_param.eit = 1;
100
+    sess->pdn_connectivity_param.pco = 1;
101
+    sess->pdn_connectivity_param.request_type =
102
+        OGS_NAS_EPS_REQUEST_TYPE_INITIAL;
103
+    esmbuf = testesm_build_pdn_connectivity_request(
104
+            sess, false, OGS_NAS_EPS_PDN_TYPE_IPV4V6);
105
+    ABTS_PTR_NOTNULL(tc, esmbuf);
106
+
107
+    memset(&test_ue->attach_request_param,
108
+            0, sizeof(test_ue->attach_request_param));
109
+    test_ue->attach_request_param.ms_network_feature_support = 1;
110
+    emmbuf = testemm_build_attach_request(test_ue, esmbuf, false, false);
111
+    ABTS_PTR_NOTNULL(tc, emmbuf);
112
+
113
+    memset(&test_ue->initial_ue_param, 0, sizeof(test_ue->initial_ue_param));
114
+    sendbuf = test_s1ap_build_initial_ue_message(
115
+            test_ue, emmbuf, S1AP_RRC_Establishment_Cause_mo_Signalling, false);
116
+    ABTS_INT_EQUAL(tc, OGS_OK, rv);
117
+    rv = testenb_s1ap_send(s1ap, sendbuf);
118
+    ABTS_INT_EQUAL(tc, OGS_OK, rv);
119
+
120
+    /* Receive Authentication Request */
121
+    recvbuf = testenb_s1ap_read(s1ap);
122
+    ABTS_PTR_NOTNULL(tc, recvbuf);
123
+    tests1ap_recv(test_ue, recvbuf);
124
+
125
+    /* Send Authentication response */
126
+    emmbuf = testemm_build_authentication_response(test_ue);
127
+    ABTS_PTR_NOTNULL(tc, emmbuf);
128
+    sendbuf = test_s1ap_build_uplink_nas_transport(test_ue, emmbuf);
129
+    ABTS_PTR_NOTNULL(tc, sendbuf);
130
+    rv = testenb_s1ap_send(s1ap, sendbuf);
131
+    ABTS_INT_EQUAL(tc, OGS_OK, rv);
132
+
133
+    /* Receive Security mode Command */
134
+    recvbuf = testenb_s1ap_read(s1ap);
135
+    ABTS_PTR_NOTNULL(tc, recvbuf);
136
+    tests1ap_recv(test_ue, recvbuf);
137
+
138
+    /* Send Security mode complete */
139
+    test_ue->mobile_identity_imeisv_presence = true;
140
+    emmbuf = testemm_build_security_mode_complete(test_ue);
141
+    ABTS_PTR_NOTNULL(tc, emmbuf);
142
+    sendbuf = test_s1ap_build_uplink_nas_transport(test_ue, emmbuf);
143
+    ABTS_PTR_NOTNULL(tc, sendbuf);
144
+    rv = testenb_s1ap_send(s1ap, sendbuf);
145
+    ABTS_INT_EQUAL(tc, OGS_OK, rv);
146
+
147
+    /* Receive ESM Information Request */
148
+    recvbuf = testenb_s1ap_read(s1ap);
149
+    ABTS_PTR_NOTNULL(tc, recvbuf);
150
+    tests1ap_recv(test_ue, recvbuf);
151
+
152
+    /* Send ESM Information Response */
153
+    esmbuf = testesm_build_esm_information_response(sess);
154
+    ABTS_PTR_NOTNULL(tc, esmbuf);
155
+    sendbuf = test_s1ap_build_uplink_nas_transport(test_ue, esmbuf);
156
+    ABTS_PTR_NOTNULL(tc, sendbuf);
157
+    rv = testenb_s1ap_send(s1ap, sendbuf);
158
+    ABTS_INT_EQUAL(tc, OGS_OK, rv);
159
+
160
+    /* Receive SGsAP-Location-Update-Request */
161
+    recvbuf = testvlr_sgsap_read(sgsap);
162
+    ABTS_PTR_NOTNULL(tc, recvbuf);
163
+    ogs_pkbuf_free(recvbuf);
164
+
165
+    /* Send SGsAP-Location-Update-Accept */
166
+    sendbuf = test_sgsap_location_update_accept(1);
167
+    ABTS_PTR_NOTNULL(tc, sendbuf);
168
+    rv = testvlr_sgsap_send(sgsap, sendbuf);
169
+    ABTS_INT_EQUAL(tc, OGS_OK, rv);
170
+
171
+    /* Receive Initial Context Setup Request +
172
+     * Attach Accept +
173
+     * Activate Default Bearer Context Request */
174
+    recvbuf = testenb_s1ap_read(s1ap);
175
+    ABTS_PTR_NOTNULL(tc, recvbuf);
176
+    tests1ap_recv(test_ue, recvbuf);
177
+
178
+    /* Send UE Capability Info Indication */
179
+    sendbuf = tests1ap_build_ue_radio_capability_info_indication(test_ue);
180
+    ABTS_PTR_NOTNULL(tc, sendbuf);
181
+    rv = testenb_s1ap_send(s1ap, sendbuf);
182
+    ABTS_INT_EQUAL(tc, OGS_OK, rv);
183
+
184
+    /* Send Initial Context Setup Response */
185
+    sendbuf = test_s1ap_build_initial_context_setup_response(test_ue);
186
+    ABTS_PTR_NOTNULL(tc, sendbuf);
187
+    rv = testenb_s1ap_send(s1ap, sendbuf);
188
+    ABTS_INT_EQUAL(tc, OGS_OK, rv);
189
+
190
+    /* Send Attach Complete + Activate default EPS bearer cotext accept */
191
+    test_ue->nr_cgi.cell_id = 0x1234502;
192
+    bearer = test_bearer_find_by_ue_ebi(test_ue, 5);
193
+    ogs_assert(bearer);
194
+    esmbuf = testesm_build_activate_default_eps_bearer_context_accept(
195
+            bearer, false);
196
+    ABTS_PTR_NOTNULL(tc, esmbuf);
197
+    emmbuf = testemm_build_attach_complete(test_ue, esmbuf);
198
+    ABTS_PTR_NOTNULL(tc, emmbuf);
199
+    sendbuf = test_s1ap_build_uplink_nas_transport(test_ue, emmbuf);
200
+    ABTS_PTR_NOTNULL(tc, sendbuf);
201
+    rv = testenb_s1ap_send(s1ap, sendbuf);
202
+    ABTS_INT_EQUAL(tc, OGS_OK, rv);
203
+
204
+    /* Receive EMM information */
205
+    recvbuf = testenb_s1ap_read(s1ap);
206
+    ABTS_PTR_NOTNULL(tc, recvbuf);
207
+    tests1ap_recv(test_ue, recvbuf);
208
+
209
+    /* Receive SGsAP-TMSI-REALLOCATION-COMPLETE */
210
+    recvbuf = testvlr_sgsap_read(sgsap);
211
+    ABTS_PTR_NOTNULL(tc, recvbuf);
212
+    ogs_pkbuf_free(recvbuf);
213
+
214
+    /* Send TAU Request */
215
+    memset(&test_ue->tau_request_param, 0, sizeof(test_ue->tau_request_param));
216
+    test_ue->tau_request_param.ue_network_capability = 1;
217
+    test_ue->tau_request_param.last_visited_registered_tai = 1;
218
+    test_ue->tau_request_param.drx_parameter = 1;
219
+    test_ue->tau_request_param.eps_bearer_context_status = 1;
220
+    test_ue->tau_request_param.ms_network_capability = 1;
221
+    test_ue->tau_request_param.tmsi_status = 1;
222
+    test_ue->tau_request_param.mobile_station_classmark_2 = 1;
223
+    test_ue->tau_request_param.ue_usage_setting = 1;
224
+    test_ue->tau_request_param.device_properties = 1;
225
+    emmbuf = testemm_build_tau_request(
226
+            test_ue, true, OGS_NAS_EPS_UPDATE_TYPE_COMBINED_TA_LA_UPDATING, true, true);
227
+    ABTS_PTR_NOTNULL(tc, emmbuf);
228
+    sendbuf = test_s1ap_build_initial_ue_message(
229
+            test_ue, emmbuf, S1AP_RRC_Establishment_Cause_mo_Signalling, true);
230
+    ABTS_PTR_NOTNULL(tc, sendbuf);
231
+    rv = testenb_s1ap_send(s1ap, sendbuf);
232
+    ABTS_INT_EQUAL(tc, OGS_OK, rv);
233
+
234
+    /* Receive OLD UE Context Release Command */
235
+    enb_ue_s1ap_id = test_ue->enb_ue_s1ap_id;
236
+
237
+    recvbuf = testenb_s1ap_read(s1ap);
238
+    ABTS_PTR_NOTNULL(tc, recvbuf);
239
+    tests1ap_recv(test_ue, recvbuf);
240
+
241
+    /* Send OLD UE Context Release Complete */
242
+    sendbuf = test_s1ap_build_ue_context_release_complete(test_ue);
243
+    ABTS_PTR_NOTNULL(tc, sendbuf);
244
+    rv = testenb_s1ap_send(s1ap, sendbuf);
245
+    ABTS_INT_EQUAL(tc, OGS_OK, rv);
246
+
247
+    test_ue->enb_ue_s1ap_id = enb_ue_s1ap_id;
248
+
249
+    /* Receive SGsAP-Location-Update-Request */
250
+    recvbuf = testvlr_sgsap_read(sgsap);
251
+    ABTS_PTR_NOTNULL(tc, recvbuf);
252
+    ogs_pkbuf_free(recvbuf);
253
+
254
+    /* Send SGsAP-Location-Update-Accept */
255
+    sendbuf = test_sgsap_location_update_accept(1);
256
+    ABTS_PTR_NOTNULL(tc, sendbuf);
257
+    rv = testvlr_sgsap_send(sgsap, sendbuf);
258
+    ABTS_INT_EQUAL(tc, OGS_OK, rv);
259
+
260
+    /* Receive InitialContextSetupResponse + TAU Accept */
261
+    recvbuf = testenb_s1ap_read(s1ap);
262
+    ABTS_PTR_NOTNULL(tc, recvbuf);
263
+    tests1ap_recv(test_ue, recvbuf);
264
+
265
+    /* Send InitialContextSetupResponse */
266
+    sendbuf = test_s1ap_build_initial_context_setup_response(test_ue);
267
+    ABTS_PTR_NOTNULL(tc, sendbuf);
268
+    rv = testenb_s1ap_send(s1ap, sendbuf);
269
+    ABTS_INT_EQUAL(tc, OGS_OK, rv);
270
+
271
+    /* Send UE Context Release Request */
272
+    sendbuf = test_s1ap_build_ue_context_release_request(test_ue,
273
+            S1AP_Cause_PR_radioNetwork, S1AP_CauseRadioNetwork_user_inactivity);
274
+    ABTS_PTR_NOTNULL(tc, sendbuf);
275
+    rv = testenb_s1ap_send(s1ap, sendbuf);
276
+    ABTS_INT_EQUAL(tc, OGS_OK, rv);
277
+
278
+    /* Receive UE Context Release Command */
279
+    recvbuf = testenb_s1ap_read(s1ap);
280
+    ABTS_PTR_NOTNULL(tc, recvbuf);
281
+    tests1ap_recv(test_ue, recvbuf);
282
+
283
+    /* Send UE Context Release Complete */
284
+    sendbuf = test_s1ap_build_ue_context_release_complete(test_ue);
285
+    ABTS_PTR_NOTNULL(tc, sendbuf);
286
+    rv = testenb_s1ap_send(s1ap, sendbuf);
287
+    ABTS_INT_EQUAL(tc, OGS_OK, rv);
288
+
289
+    ogs_msleep(300);
290
+
291
+    /********** Remove Subscriber in Database */
292
+    ABTS_INT_EQUAL(tc, OGS_OK, test_db_remove_ue(test_ue));
293
+
294
+    /* eNB disonncect from MME */
295
+    testenb_s1ap_close(s1ap);
296
+
297
+    /* eNB disonncect from SGW */
298
+    test_gtpu_close(gtpu);
299
+
300
+    test_ue_remove(test_ue);
301
+}
302
+
303
+static void test_no_active_flag_func(abts_case *tc, void *data)
304
+{
305
+    int rv;
306
+    ogs_socknode_t *s1ap;
307
+    ogs_socknode_t *gtpu;
308
+    ogs_pkbuf_t *emmbuf;
309
+    ogs_pkbuf_t *esmbuf;
310
+    ogs_pkbuf_t *sendbuf;
311
+    ogs_pkbuf_t *recvbuf;
312
+    ogs_s1ap_message_t message;
313
+
314
+    ogs_nas_5gs_mobile_identity_suci_t mobile_identity_suci;
315
+    test_ue_t *test_ue = NULL;
316
+    test_sess_t *sess = NULL;
317
+    test_bearer_t *bearer = NULL;
318
+
319
+    uint32_t enb_ue_s1ap_id;
320
+    uint64_t mme_ue_s1ap_id;
321
+
322
+    bson_t *doc = NULL;
323
+
324
+    /* Setup Test UE & Session Context */
325
+    memset(&mobile_identity_suci, 0, sizeof(mobile_identity_suci));
326
+
327
+    mobile_identity_suci.h.supi_format = OGS_NAS_5GS_SUPI_FORMAT_IMSI;
328
+    mobile_identity_suci.h.type = OGS_NAS_5GS_MOBILE_IDENTITY_SUCI;
329
+    mobile_identity_suci.routing_indicator1 = 0;
330
+    mobile_identity_suci.routing_indicator2 = 0xf;
331
+    mobile_identity_suci.routing_indicator3 = 0xf;
332
+    mobile_identity_suci.routing_indicator4 = 0xf;
333
+    mobile_identity_suci.protection_scheme_id = OGS_PROTECTION_SCHEME_NULL;
334
+    mobile_identity_suci.home_network_pki_value = 0;
335
+
336
+    test_ue = test_ue_add_by_suci(&mobile_identity_suci, "3746000006");
337
+    ogs_assert(test_ue);
338
+
339
+    test_ue->e_cgi.cell_id = 0x54f6401;
340
+    test_ue->nas.ksi = OGS_NAS_KSI_NO_KEY_IS_AVAILABLE;
341
+    test_ue->nas.value = OGS_NAS_ATTACH_TYPE_COMBINED_EPS_IMSI_ATTACH;
342
+
343
+    test_ue->k_string = "465b5ce8b199b49faa5f0a2ee238a6bc";
344
+    test_ue->opc_string = "e8ed289deba952e4283b54e88e6183ca";
345
+
346
+    sess = test_sess_add_by_apn(test_ue, "internet", OGS_GTP2_RAT_TYPE_EUTRAN);
347
+    ogs_assert(sess);
348
+
349
+    /* eNB connects to MME */
350
+    s1ap = tests1ap_client(AF_INET);
351
+    ABTS_PTR_NOTNULL(tc, s1ap);
352
+
353
+    /* eNB connects to SGW */
354
+    gtpu = test_gtpu_server(1, AF_INET);
355
+    ABTS_PTR_NOTNULL(tc, gtpu);
356
+
357
+    /* Send S1-Setup Reqeust */
358
+    sendbuf = test_s1ap_build_s1_setup_request(
359
+            S1AP_ENB_ID_PR_macroENB_ID, 0x54f64);
360
+    ABTS_PTR_NOTNULL(tc, sendbuf);
361
+    rv = testenb_s1ap_send(s1ap, sendbuf);
362
+    ABTS_INT_EQUAL(tc, OGS_OK, rv);
363
+
364
+    /* Receive S1-Setup Response */
365
+    recvbuf = testenb_s1ap_read(s1ap);
366
+    ABTS_PTR_NOTNULL(tc, recvbuf);
367
+    tests1ap_recv(NULL, recvbuf);
368
+
369
+    /********** Insert Subscriber in Database */
370
+    doc = test_db_new_simple(test_ue);
371
+    ABTS_PTR_NOTNULL(tc, doc);
372
+    ABTS_INT_EQUAL(tc, OGS_OK, test_db_insert_ue(test_ue, doc));
373
+
374
+    /* Send Attach Request */
375
+    memset(&sess->pdn_connectivity_param,
376
+            0, sizeof(sess->pdn_connectivity_param));
377
+    sess->pdn_connectivity_param.eit = 1;
378
+    sess->pdn_connectivity_param.pco = 1;
379
+    sess->pdn_connectivity_param.request_type =
380
+        OGS_NAS_EPS_REQUEST_TYPE_INITIAL;
381
+    esmbuf = testesm_build_pdn_connectivity_request(
382
+            sess, false, OGS_NAS_EPS_PDN_TYPE_IPV4V6);
383
+    ABTS_PTR_NOTNULL(tc, esmbuf);
384
+
385
+    memset(&test_ue->attach_request_param,
386
+            0, sizeof(test_ue->attach_request_param));
387
+    test_ue->attach_request_param.ms_network_feature_support = 1;
388
+    emmbuf = testemm_build_attach_request(test_ue, esmbuf, false, false);
389
+    ABTS_PTR_NOTNULL(tc, emmbuf);
390
+
391
+    memset(&test_ue->initial_ue_param, 0, sizeof(test_ue->initial_ue_param));
392
+    sendbuf = test_s1ap_build_initial_ue_message(
393
+            test_ue, emmbuf, S1AP_RRC_Establishment_Cause_mo_Signalling, false);
394
+    ABTS_INT_EQUAL(tc, OGS_OK, rv);
395
+    rv = testenb_s1ap_send(s1ap, sendbuf);
396
+    ABTS_INT_EQUAL(tc, OGS_OK, rv);
397
+
398
+    /* Receive Authentication Request */
399
+    recvbuf = testenb_s1ap_read(s1ap);
400
+    ABTS_PTR_NOTNULL(tc, recvbuf);
401
+    tests1ap_recv(test_ue, recvbuf);
402
+
403
+    /* Send Authentication response */
404
+    emmbuf = testemm_build_authentication_response(test_ue);
405
+    ABTS_PTR_NOTNULL(tc, emmbuf);
406
+    sendbuf = test_s1ap_build_uplink_nas_transport(test_ue, emmbuf);
407
+    ABTS_PTR_NOTNULL(tc, sendbuf);
408
+    rv = testenb_s1ap_send(s1ap, sendbuf);
409
+    ABTS_INT_EQUAL(tc, OGS_OK, rv);
410
+
411
+    /* Receive Security mode Command */
412
+    recvbuf = testenb_s1ap_read(s1ap);
413
+    ABTS_PTR_NOTNULL(tc, recvbuf);
414
+    tests1ap_recv(test_ue, recvbuf);
415
+
416
+    /* Send Security mode complete */
417
+    test_ue->mobile_identity_imeisv_presence = true;
418
+    emmbuf = testemm_build_security_mode_complete(test_ue);
419
+    ABTS_PTR_NOTNULL(tc, emmbuf);
420
+    sendbuf = test_s1ap_build_uplink_nas_transport(test_ue, emmbuf);
421
+    ABTS_PTR_NOTNULL(tc, sendbuf);
422
+    rv = testenb_s1ap_send(s1ap, sendbuf);
423
+    ABTS_INT_EQUAL(tc, OGS_OK, rv);
424
+
425
+    /* Receive ESM Information Request */
426
+    recvbuf = testenb_s1ap_read(s1ap);
427
+    ABTS_PTR_NOTNULL(tc, recvbuf);
428
+    tests1ap_recv(test_ue, recvbuf);
429
+
430
+    /* Send ESM Information Response */
431
+    esmbuf = testesm_build_esm_information_response(sess);
432
+    ABTS_PTR_NOTNULL(tc, esmbuf);
433
+    sendbuf = test_s1ap_build_uplink_nas_transport(test_ue, esmbuf);
434
+    ABTS_PTR_NOTNULL(tc, sendbuf);
435
+    rv = testenb_s1ap_send(s1ap, sendbuf);
436
+    ABTS_INT_EQUAL(tc, OGS_OK, rv);
437
+
438
+    /* Receive SGsAP-Location-Update-Request */
439
+    recvbuf = testvlr_sgsap_read(sgsap);
440
+    ABTS_PTR_NOTNULL(tc, recvbuf);
441
+    ogs_pkbuf_free(recvbuf);
442
+
443
+    /* Send SGsAP-Location-Update-Accept */
444
+    sendbuf = test_sgsap_location_update_accept(2);
445
+    ABTS_PTR_NOTNULL(tc, sendbuf);
446
+    rv = testvlr_sgsap_send(sgsap, sendbuf);
447
+    ABTS_INT_EQUAL(tc, OGS_OK, rv);
448
+
449
+    /* Receive InitialContextSetupRequest +
450
+     * Attach Accept +
451
+     * Activate Default Bearer Context Request */
452
+    recvbuf = testenb_s1ap_read(s1ap);
453
+    ABTS_PTR_NOTNULL(tc, recvbuf);
454
+    tests1ap_recv(test_ue, recvbuf);
455
+
456
+    /* Send UE Capability Info Indication */
457
+    sendbuf = tests1ap_build_ue_radio_capability_info_indication(test_ue);
458
+    ABTS_PTR_NOTNULL(tc, sendbuf);
459
+    rv = testenb_s1ap_send(s1ap, sendbuf);
460
+    ABTS_INT_EQUAL(tc, OGS_OK, rv);
461
+
462
+    /* Send InitialContextSetupResponse */
463
+    sendbuf = test_s1ap_build_initial_context_setup_response(test_ue);
464
+    ABTS_PTR_NOTNULL(tc, sendbuf);
465
+    rv = testenb_s1ap_send(s1ap, sendbuf);
466
+    ABTS_INT_EQUAL(tc, OGS_OK, rv);
467
+
468
+    /* Send Attach Complete + Activate default EPS bearer cotext accept */
469
+    test_ue->nr_cgi.cell_id = 0x1234502;
470
+    bearer = test_bearer_find_by_ue_ebi(test_ue, 5);
471
+    ogs_assert(bearer);
472
+    esmbuf = testesm_build_activate_default_eps_bearer_context_accept(
473
+            bearer, false);
474
+    ABTS_PTR_NOTNULL(tc, esmbuf);
475
+    emmbuf = testemm_build_attach_complete(test_ue, esmbuf);
476
+    ABTS_PTR_NOTNULL(tc, emmbuf);
477
+    sendbuf = test_s1ap_build_uplink_nas_transport(test_ue, emmbuf);
478
+    ABTS_PTR_NOTNULL(tc, sendbuf);
479
+    rv = testenb_s1ap_send(s1ap, sendbuf);
480
+    ABTS_INT_EQUAL(tc, OGS_OK, rv);
481
+
482
+    /* Receive EMM information */
483
+    recvbuf = testenb_s1ap_read(s1ap);
484
+    ABTS_PTR_NOTNULL(tc, recvbuf);
485
+    tests1ap_recv(test_ue, recvbuf);
486
+
487
+    /* Receive SGsAP-TMSI-REALLOCATION-COMPLETE */
488
+    recvbuf = testvlr_sgsap_read(sgsap);
489
+    ABTS_PTR_NOTNULL(tc, recvbuf);
490
+    ogs_pkbuf_free(recvbuf);
491
+
492
+    /* Send TAU Request */
493
+    memset(&test_ue->tau_request_param, 0, sizeof(test_ue->tau_request_param));
494
+    test_ue->tau_request_param.ue_network_capability = 1;
495
+    test_ue->tau_request_param.last_visited_registered_tai = 1;
496
+    test_ue->tau_request_param.drx_parameter = 1;
497
+    test_ue->tau_request_param.eps_bearer_context_status = 1;
498
+    test_ue->tau_request_param.ms_network_capability = 1;
499
+    test_ue->tau_request_param.tmsi_status = 1;
500
+    test_ue->tau_request_param.mobile_station_classmark_2 = 1;
501
+    test_ue->tau_request_param.ue_usage_setting = 1;
502
+    test_ue->tau_request_param.device_properties = 1;
503
+    emmbuf = testemm_build_tau_request(
504
+            test_ue, false,
505
+            OGS_NAS_EPS_UPDATE_TYPE_COMBINED_TA_LA_UPDATING_WITH_IMSI_ATTACH,
506
+            true, true);
507
+    ABTS_PTR_NOTNULL(tc, emmbuf);
508
+    sendbuf = test_s1ap_build_initial_ue_message(
509
+            test_ue, emmbuf, S1AP_RRC_Establishment_Cause_mo_Signalling, true);
510
+    ABTS_PTR_NOTNULL(tc, sendbuf);
511
+    rv = testenb_s1ap_send(s1ap, sendbuf);
512
+    ABTS_INT_EQUAL(tc, OGS_OK, rv);
513
+
514
+    /* Receive OLD UEContextReleaseCommand */
515
+    enb_ue_s1ap_id = test_ue->enb_ue_s1ap_id;
516
+
517
+    recvbuf = testenb_s1ap_read(s1ap);
518
+    ABTS_PTR_NOTNULL(tc, recvbuf);
519
+    tests1ap_recv(test_ue, recvbuf);
520
+
521
+    /* Send OLD UEContextReleaseComplete */
522
+    sendbuf = test_s1ap_build_ue_context_release_complete(test_ue);
523
+    ABTS_PTR_NOTNULL(tc, sendbuf);
524
+    rv = testenb_s1ap_send(s1ap, sendbuf);
525
+    ABTS_INT_EQUAL(tc, OGS_OK, rv);
526
+
527
+    test_ue->enb_ue_s1ap_id = enb_ue_s1ap_id;
528
+
529
+    /* Receive SGsAP-Location-Update-Request */
530
+    recvbuf = testvlr_sgsap_read(sgsap);
531
+    ABTS_PTR_NOTNULL(tc, recvbuf);
532
+    ogs_pkbuf_free(recvbuf);
533
+
534
+    /* Send SGsAP-Location-Update-Accept */
535
+    sendbuf = test_sgsap_location_update_accept(0);
536
+    ABTS_PTR_NOTNULL(tc, sendbuf);
537
+    rv = testvlr_sgsap_send(sgsap, sendbuf);
538
+    ABTS_INT_EQUAL(tc, OGS_OK, rv);
539
+
540
+    /* Receive TAU Accept */
541
+    recvbuf = testenb_s1ap_read(s1ap);
542
+    ABTS_PTR_NOTNULL(tc, recvbuf);
543
+    tests1ap_recv(test_ue, recvbuf);
544
+
545
+    /* Send TAU Complete */
546
+    emmbuf = testemm_build_tau_complete(test_ue);
547
+    ABTS_PTR_NOTNULL(tc, emmbuf);
548
+    sendbuf = test_s1ap_build_uplink_nas_transport(test_ue, emmbuf);
549
+    ABTS_PTR_NOTNULL(tc, sendbuf);
550
+    rv = testenb_s1ap_send(s1ap, sendbuf);
551
+    ABTS_INT_EQUAL(tc, OGS_OK, rv);
552
+
553
+    /* Receive SGsAP-TMSI-REALLOCATION-COMPLETE */
554
+    recvbuf = testvlr_sgsap_read(sgsap);
555
+    ABTS_PTR_NOTNULL(tc, recvbuf);
556
+    ogs_pkbuf_free(recvbuf);
557
+
558
+    /* Receive UEContextReleaseCommand */
559
+    recvbuf = testenb_s1ap_read(s1ap);
560
+    ABTS_PTR_NOTNULL(tc, recvbuf);
561
+    tests1ap_recv(test_ue, recvbuf);
562
+
563
+    /* Send UEContextReleaseComplete */
564
+    sendbuf = test_s1ap_build_ue_context_release_complete(test_ue);
565
+    ABTS_PTR_NOTNULL(tc, sendbuf);
566
+    rv = testenb_s1ap_send(s1ap, sendbuf);
567
+    ABTS_INT_EQUAL(tc, OGS_OK, rv);
568
+
569
+    ogs_msleep(300);
570
+
571
+    /********** Remove Subscriber in Database */
572
+    ABTS_INT_EQUAL(tc, OGS_OK, test_db_remove_ue(test_ue));
573
+
574
+    /* eNB disonncect from MME */
575
+    testenb_s1ap_close(s1ap);
576
+
577
+    /* eNB disonncect from SGW */
578
+    test_gtpu_close(gtpu);
579
+
580
+    test_ue_remove(test_ue);
581
+}
582
+
583
+static void test_integrity_unprotected_func(abts_case *tc, void *data)
584
+{
585
+    int rv;
586
+    ogs_socknode_t *s1ap;
587
+    ogs_socknode_t *gtpu;
588
+    ogs_pkbuf_t *emmbuf;
589
+    ogs_pkbuf_t *esmbuf;
590
+    ogs_pkbuf_t *sendbuf;
591
+    ogs_pkbuf_t *recvbuf;
592
+    ogs_s1ap_message_t message;
593
+
594
+    ogs_nas_5gs_mobile_identity_suci_t mobile_identity_suci;
595
+    test_ue_t *test_ue = NULL;
596
+    test_sess_t *sess = NULL;
597
+    test_bearer_t *bearer = NULL;
598
+
599
+    uint32_t enb_ue_s1ap_id;
600
+    uint64_t mme_ue_s1ap_id;
601
+
602
+    bson_t *doc = NULL;
603
+
604
+    /* Setup Test UE & Session Context */
605
+    memset(&mobile_identity_suci, 0, sizeof(mobile_identity_suci));
606
+
607
+    mobile_identity_suci.h.supi_format = OGS_NAS_5GS_SUPI_FORMAT_IMSI;
608
+    mobile_identity_suci.h.type = OGS_NAS_5GS_MOBILE_IDENTITY_SUCI;
609
+    mobile_identity_suci.routing_indicator1 = 0;
610
+    mobile_identity_suci.routing_indicator2 = 0xf;
611
+    mobile_identity_suci.routing_indicator3 = 0xf;
612
+    mobile_identity_suci.routing_indicator4 = 0xf;
613
+    mobile_identity_suci.protection_scheme_id = OGS_PROTECTION_SCHEME_NULL;
614
+    mobile_identity_suci.home_network_pki_value = 0;
615
+
616
+    test_ue = test_ue_add_by_suci(&mobile_identity_suci, "3746000006");
617
+    ogs_assert(test_ue);
618
+
619
+    test_ue->e_cgi.cell_id = 0x54f6401;
620
+    test_ue->nas.ksi = OGS_NAS_KSI_NO_KEY_IS_AVAILABLE;
621
+    test_ue->nas.value = OGS_NAS_ATTACH_TYPE_COMBINED_EPS_IMSI_ATTACH;
622
+
623
+    test_ue->k_string = "465b5ce8b199b49faa5f0a2ee238a6bc";
624
+    test_ue->opc_string = "e8ed289deba952e4283b54e88e6183ca";
625
+
626
+    sess = test_sess_add_by_apn(test_ue, "internet", OGS_GTP2_RAT_TYPE_EUTRAN);
627
+    ogs_assert(sess);
628
+
629
+    /* eNB connects to MME */
630
+    s1ap = tests1ap_client(AF_INET);
631
+    ABTS_PTR_NOTNULL(tc, s1ap);
632
+
633
+    /* eNB connects to SGW */
634
+    gtpu = test_gtpu_server(1, AF_INET);
635
+    ABTS_PTR_NOTNULL(tc, gtpu);
636
+
637
+    /* Send S1-Setup Reqeust */
638
+    sendbuf = test_s1ap_build_s1_setup_request(
639
+            S1AP_ENB_ID_PR_macroENB_ID, 0x54f64);
640
+    ABTS_PTR_NOTNULL(tc, sendbuf);
641
+    rv = testenb_s1ap_send(s1ap, sendbuf);
642
+    ABTS_INT_EQUAL(tc, OGS_OK, rv);
643
+
644
+    /* Receive S1-Setup Response */
645
+    recvbuf = testenb_s1ap_read(s1ap);
646
+    ABTS_PTR_NOTNULL(tc, recvbuf);
647
+    tests1ap_recv(NULL, recvbuf);
648
+
649
+    /********** Insert Subscriber in Database */
650
+    doc = test_db_new_simple(test_ue);
651
+    ABTS_PTR_NOTNULL(tc, doc);
652
+    ABTS_INT_EQUAL(tc, OGS_OK, test_db_insert_ue(test_ue, doc));
653
+
654
+    /* Send Attach Request */
655
+    memset(&sess->pdn_connectivity_param,
656
+            0, sizeof(sess->pdn_connectivity_param));
657
+    sess->pdn_connectivity_param.eit = 1;
658
+    sess->pdn_connectivity_param.pco = 1;
659
+    sess->pdn_connectivity_param.request_type =
660
+        OGS_NAS_EPS_REQUEST_TYPE_INITIAL;
661
+    esmbuf = testesm_build_pdn_connectivity_request(
662
+            sess, false, OGS_NAS_EPS_PDN_TYPE_IPV4V6);
663
+    ABTS_PTR_NOTNULL(tc, esmbuf);
664
+
665
+    memset(&test_ue->attach_request_param,
666
+            0, sizeof(test_ue->attach_request_param));
667
+    test_ue->attach_request_param.ms_network_feature_support = 1;
668
+    emmbuf = testemm_build_attach_request(test_ue, esmbuf, false, false);
669
+    ABTS_PTR_NOTNULL(tc, emmbuf);
670
+
671
+    memset(&test_ue->initial_ue_param, 0, sizeof(test_ue->initial_ue_param));
672
+    sendbuf = test_s1ap_build_initial_ue_message(
673
+            test_ue, emmbuf, S1AP_RRC_Establishment_Cause_mo_Signalling, false);
674
+    ABTS_INT_EQUAL(tc, OGS_OK, rv);
675
+    rv = testenb_s1ap_send(s1ap, sendbuf);
676
+    ABTS_INT_EQUAL(tc, OGS_OK, rv);
677
+
678
+    /* Receive Authentication Request */
679
+    recvbuf = testenb_s1ap_read(s1ap);
680
+    ABTS_PTR_NOTNULL(tc, recvbuf);
681
+    tests1ap_recv(test_ue, recvbuf);
682
+
683
+    /* Send Authentication response */
684
+    emmbuf = testemm_build_authentication_response(test_ue);
685
+    ABTS_PTR_NOTNULL(tc, emmbuf);
686
+    sendbuf = test_s1ap_build_uplink_nas_transport(test_ue, emmbuf);
687
+    ABTS_PTR_NOTNULL(tc, sendbuf);
688
+    rv = testenb_s1ap_send(s1ap, sendbuf);
689
+    ABTS_INT_EQUAL(tc, OGS_OK, rv);
690
+
691
+    /* Receive Security mode Command */
692
+    recvbuf = testenb_s1ap_read(s1ap);
693
+    ABTS_PTR_NOTNULL(tc, recvbuf);
694
+    tests1ap_recv(test_ue, recvbuf);
695
+
696
+    /* Send Security mode complete */
697
+    test_ue->mobile_identity_imeisv_presence = true;
698
+    emmbuf = testemm_build_security_mode_complete(test_ue);
699
+    ABTS_PTR_NOTNULL(tc, emmbuf);
700
+    sendbuf = test_s1ap_build_uplink_nas_transport(test_ue, emmbuf);
701
+    ABTS_PTR_NOTNULL(tc, sendbuf);
702
+    rv = testenb_s1ap_send(s1ap, sendbuf);
703
+    ABTS_INT_EQUAL(tc, OGS_OK, rv);
704
+
705
+    /* Receive ESM Information Request */
706
+    recvbuf = testenb_s1ap_read(s1ap);
707
+    ABTS_PTR_NOTNULL(tc, recvbuf);
708
+    tests1ap_recv(test_ue, recvbuf);
709
+
710
+    /* Send ESM Information Response */
711
+    esmbuf = testesm_build_esm_information_response(sess);
712
+    ABTS_PTR_NOTNULL(tc, esmbuf);
713
+    sendbuf = test_s1ap_build_uplink_nas_transport(test_ue, esmbuf);
714
+    ABTS_PTR_NOTNULL(tc, sendbuf);
715
+    rv = testenb_s1ap_send(s1ap, sendbuf);
716
+    ABTS_INT_EQUAL(tc, OGS_OK, rv);
717
+
718
+    /* Receive SGsAP-Location-Update-Request */
719
+    recvbuf = testvlr_sgsap_read(sgsap);
720
+    ABTS_PTR_NOTNULL(tc, recvbuf);
721
+    ogs_pkbuf_free(recvbuf);
722
+
723
+    /* Send SGsAP-Location-Update-Accept */
724
+    sendbuf = test_sgsap_location_update_accept(1);
725
+    ABTS_PTR_NOTNULL(tc, sendbuf);
726
+    rv = testvlr_sgsap_send(sgsap, sendbuf);
727
+    ABTS_INT_EQUAL(tc, OGS_OK, rv);
728
+
729
+    /* Receive Initial Context Setup Request +
730
+     * Attach Accept +
731
+     * Activate Default Bearer Context Request */
732
+    recvbuf = testenb_s1ap_read(s1ap);
733
+    ABTS_PTR_NOTNULL(tc, recvbuf);
734
+    tests1ap_recv(test_ue, recvbuf);
735
+
736
+    /* Send UE Capability Info Indication */
737
+    sendbuf = tests1ap_build_ue_radio_capability_info_indication(test_ue);
738
+    ABTS_PTR_NOTNULL(tc, sendbuf);
739
+    rv = testenb_s1ap_send(s1ap, sendbuf);
740
+    ABTS_INT_EQUAL(tc, OGS_OK, rv);
741
+
742
+    /* Send Initial Context Setup Response */
743
+    sendbuf = test_s1ap_build_initial_context_setup_response(test_ue);
744
+    ABTS_PTR_NOTNULL(tc, sendbuf);
745
+    rv = testenb_s1ap_send(s1ap, sendbuf);
746
+    ABTS_INT_EQUAL(tc, OGS_OK, rv);
747
+
748
+    /* Send Attach Complete + Activate default EPS bearer cotext accept */
749
+    test_ue->nr_cgi.cell_id = 0x1234502;
750
+    bearer = test_bearer_find_by_ue_ebi(test_ue, 5);
751
+    ogs_assert(bearer);
752
+    esmbuf = testesm_build_activate_default_eps_bearer_context_accept(
753
+            bearer, false);
754
+    ABTS_PTR_NOTNULL(tc, esmbuf);
755
+    emmbuf = testemm_build_attach_complete(test_ue, esmbuf);
756
+    ABTS_PTR_NOTNULL(tc, emmbuf);
757
+    sendbuf = test_s1ap_build_uplink_nas_transport(test_ue, emmbuf);
758
+    ABTS_PTR_NOTNULL(tc, sendbuf);
759
+    rv = testenb_s1ap_send(s1ap, sendbuf);
760
+    ABTS_INT_EQUAL(tc, OGS_OK, rv);
761
+
762
+    /* Receive EMM information */
763
+    recvbuf = testenb_s1ap_read(s1ap);
764
+    ABTS_PTR_NOTNULL(tc, recvbuf);
765
+    tests1ap_recv(test_ue, recvbuf);
766
+
767
+    /* Receive SGsAP-TMSI-REALLOCATION-COMPLETE */
768
+    recvbuf = testvlr_sgsap_read(sgsap);
769
+    ABTS_PTR_NOTNULL(tc, recvbuf);
770
+    ogs_pkbuf_free(recvbuf);
771
+
772
+    /* Send TAU Request */
773
+    memset(&test_ue->tau_request_param, 0, sizeof(test_ue->tau_request_param));
774
+    test_ue->tau_request_param.ue_network_capability = 1;
775
+    test_ue->tau_request_param.last_visited_registered_tai = 1;
776
+    test_ue->tau_request_param.drx_parameter = 1;
777
+    test_ue->tau_request_param.eps_bearer_context_status = 1;
778
+    test_ue->tau_request_param.ms_network_capability = 1;
779
+    test_ue->tau_request_param.tmsi_status = 1;
780
+    test_ue->tau_request_param.mobile_station_classmark_2 = 1;
781
+    test_ue->tau_request_param.ue_usage_setting = 1;
782
+    test_ue->tau_request_param.device_properties = 1;
783
+    emmbuf = testemm_build_tau_request(
784
+            test_ue, true,
785
+            OGS_NAS_EPS_UPDATE_TYPE_COMBINED_TA_LA_UPDATING_WITH_IMSI_ATTACH,
786
+            false, false);
787
+    ABTS_PTR_NOTNULL(tc, emmbuf);
788
+    sendbuf = test_s1ap_build_initial_ue_message(
789
+            test_ue, emmbuf, S1AP_RRC_Establishment_Cause_mo_Signalling, true);
790
+    ABTS_PTR_NOTNULL(tc, sendbuf);
791
+    rv = testenb_s1ap_send(s1ap, sendbuf);
792
+    ABTS_INT_EQUAL(tc, OGS_OK, rv);
793
+
794
+    /* Receive Authentication Request */
795
+    recvbuf = testenb_s1ap_read(s1ap);
796
+    ABTS_PTR_NOTNULL(tc, recvbuf);
797
+    tests1ap_recv(test_ue, recvbuf);
798
+
799
+    /* Send Authentication response */
800
+    emmbuf = testemm_build_authentication_response(test_ue);
801
+    ABTS_PTR_NOTNULL(tc, emmbuf);
802
+    sendbuf = test_s1ap_build_uplink_nas_transport(test_ue, emmbuf);
803
+    ABTS_PTR_NOTNULL(tc, sendbuf);
804
+    rv = testenb_s1ap_send(s1ap, sendbuf);
805
+    ABTS_INT_EQUAL(tc, OGS_OK, rv);
806
+
807
+    /* Receive Security mode Command */
808
+    recvbuf = testenb_s1ap_read(s1ap);
809
+    ABTS_PTR_NOTNULL(tc, recvbuf);
810
+    tests1ap_recv(test_ue, recvbuf);
811
+
812
+    /* Send Security mode complete */
813
+    test_ue->mobile_identity_imeisv_presence = true;
814
+    emmbuf = testemm_build_security_mode_complete(test_ue);
815
+    ABTS_PTR_NOTNULL(tc, emmbuf);
816
+    sendbuf = test_s1ap_build_uplink_nas_transport(test_ue, emmbuf);
817
+    ABTS_PTR_NOTNULL(tc, sendbuf);
818
+    rv = testenb_s1ap_send(s1ap, sendbuf);
819
+    ABTS_INT_EQUAL(tc, OGS_OK, rv);
820
+
821
+    /* Receive OLD UE Context Release Command */
822
+    enb_ue_s1ap_id = test_ue->enb_ue_s1ap_id;
823
+
824
+    recvbuf = testenb_s1ap_read(s1ap);
825
+    ABTS_PTR_NOTNULL(tc, recvbuf);
826
+    tests1ap_recv(test_ue, recvbuf);
827
+
828
+    /* Send OLD UE Context Release Complete */
829
+    sendbuf = test_s1ap_build_ue_context_release_complete(test_ue);
830
+    ABTS_PTR_NOTNULL(tc, sendbuf);
831
+    rv = testenb_s1ap_send(s1ap, sendbuf);
832
+    ABTS_INT_EQUAL(tc, OGS_OK, rv);
833
+
834
+    test_ue->enb_ue_s1ap_id = enb_ue_s1ap_id;
835
+
836
+    /* Receive SGsAP-Location-Update-Request */
837
+    recvbuf = testvlr_sgsap_read(sgsap);
838
+    ABTS_PTR_NOTNULL(tc, recvbuf);
839
+    ogs_pkbuf_free(recvbuf);
840
+
841
+    /* Send SGsAP-Location-Update-Accept */
842
+    sendbuf = test_sgsap_location_update_accept(0);
843
+    ABTS_PTR_NOTNULL(tc, sendbuf);
844
+    rv = testvlr_sgsap_send(sgsap, sendbuf);
845
+    ABTS_INT_EQUAL(tc, OGS_OK, rv);
846
+
847
+    /* Receive InitialContextSetupResponse + TAU Accept */
848
+    recvbuf = testenb_s1ap_read(s1ap);
849
+    ABTS_PTR_NOTNULL(tc, recvbuf);
850
+    tests1ap_recv(test_ue, recvbuf);
851
+
852
+    /* Send TAU Complete */
853
+    emmbuf = testemm_build_tau_complete(test_ue);
854
+    ABTS_PTR_NOTNULL(tc, emmbuf);
855
+    sendbuf = test_s1ap_build_uplink_nas_transport(test_ue, emmbuf);
856
+    ABTS_PTR_NOTNULL(tc, sendbuf);
857
+    rv = testenb_s1ap_send(s1ap, sendbuf);
858
+    ABTS_INT_EQUAL(tc, OGS_OK, rv);
859
+
860
+    /* Receive SGsAP-TMSI-REALLOCATION-COMPLETE */
861
+    recvbuf = testvlr_sgsap_read(sgsap);
862
+    ABTS_PTR_NOTNULL(tc, recvbuf);
863
+    ogs_pkbuf_free(recvbuf);
864
+
865
+    /* Send InitialContextSetupResponse */
866
+    sendbuf = test_s1ap_build_initial_context_setup_response(test_ue);
867
+    ABTS_PTR_NOTNULL(tc, sendbuf);
868
+    rv = testenb_s1ap_send(s1ap, sendbuf);
869
+    ABTS_INT_EQUAL(tc, OGS_OK, rv);
870
+
871
+    /* Send UE Context Release Request */
872
+    sendbuf = test_s1ap_build_ue_context_release_request(test_ue,
873
+            S1AP_Cause_PR_radioNetwork, S1AP_CauseRadioNetwork_user_inactivity);
874
+    ABTS_PTR_NOTNULL(tc, sendbuf);
875
+    rv = testenb_s1ap_send(s1ap, sendbuf);
876
+    ABTS_INT_EQUAL(tc, OGS_OK, rv);
877
+
878
+    /* Receive UE Context Release Command */
879
+    recvbuf = testenb_s1ap_read(s1ap);
880
+    ABTS_PTR_NOTNULL(tc, recvbuf);
881
+    tests1ap_recv(test_ue, recvbuf);
882
+
883
+    /* Send UE Context Release Complete */
884
+    sendbuf = test_s1ap_build_ue_context_release_complete(test_ue);
885
+    ABTS_PTR_NOTNULL(tc, sendbuf);
886
+    rv = testenb_s1ap_send(s1ap, sendbuf);
887
+    ABTS_INT_EQUAL(tc, OGS_OK, rv);
888
+
889
+    ogs_msleep(300);
890
+
891
+    /********** Remove Subscriber in Database */
892
+    ABTS_INT_EQUAL(tc, OGS_OK, test_db_remove_ue(test_ue));
893
+
894
+    /* eNB disonncect from MME */
895
+    testenb_s1ap_close(s1ap);
896
+
897
+    /* eNB disonncect from SGW */
898
+    test_gtpu_close(gtpu);
899
+
900
+    test_ue_remove(test_ue);
901
+}
902
+
903
+static void test_uplink_transport_func(abts_case *tc, void *data)
904
+{
905
+    int rv;
906
+    ogs_socknode_t *s1ap1, *s1ap2;
907
+    ogs_socknode_t *gtpu1, *gtpu2;
908
+    ogs_pkbuf_t *emmbuf;
909
+    ogs_pkbuf_t *esmbuf;
910
+    ogs_pkbuf_t *sendbuf;
911
+    ogs_pkbuf_t *recvbuf;
912
+    ogs_pkbuf_t *pkbuf;
913
+    ogs_s1ap_message_t message;
914
+
915
+    ogs_nas_5gs_mobile_identity_suci_t mobile_identity_suci;
916
+    test_ue_t *test_ue = NULL;
917
+    test_sess_t *sess = NULL;
918
+    test_bearer_t *bearer = NULL;
919
+
920
+    uint32_t enb_ue_s1ap_id;
921
+    uint64_t mme_ue_s1ap_id;
922
+
923
+    bson_t *doc = NULL;
924
+
925
+    /* Setup Test UE & Session Context */
926
+    memset(&mobile_identity_suci, 0, sizeof(mobile_identity_suci));
927
+
928
+    mobile_identity_suci.h.supi_format = OGS_NAS_5GS_SUPI_FORMAT_IMSI;
929
+    mobile_identity_suci.h.type = OGS_NAS_5GS_MOBILE_IDENTITY_SUCI;
930
+    mobile_identity_suci.routing_indicator1 = 0;
931
+    mobile_identity_suci.routing_indicator2 = 0xf;
932
+    mobile_identity_suci.routing_indicator3 = 0xf;
933
+    mobile_identity_suci.routing_indicator4 = 0xf;
934
+    mobile_identity_suci.protection_scheme_id = OGS_PROTECTION_SCHEME_NULL;
935
+    mobile_identity_suci.home_network_pki_value = 0;
936
+
937
+    test_ue = test_ue_add_by_suci(&mobile_identity_suci, "3746000006");
938
+    ogs_assert(test_ue);
939
+
940
+    test_ue->e_cgi.cell_id = 0x1234560;
941
+    test_ue->nas.ksi = OGS_NAS_KSI_NO_KEY_IS_AVAILABLE;
942
+    test_ue->nas.value = OGS_NAS_ATTACH_TYPE_COMBINED_EPS_IMSI_ATTACH;
943
+
944
+    test_ue->k_string = "465b5ce8b199b49faa5f0a2ee238a6bc";
945
+    test_ue->opc_string = "e8ed289deba952e4283b54e88e6183ca";
946
+
947
+    sess = test_sess_add_by_apn(test_ue, "internet", OGS_GTP2_RAT_TYPE_EUTRAN);
948
+    ogs_assert(sess);
949
+
950
+    /* Two eNB connects to MME */
951
+    s1ap1 = tests1ap_client(AF_INET);
952
+    ABTS_PTR_NOTNULL(tc, s1ap1);
953
+
954
+    s1ap2 = tests1ap_client(AF_INET);
955
+    ABTS_PTR_NOTNULL(tc, s1ap2);
956
+
957
+    /* eNB connects to SGW */
958
+    gtpu1 = test_gtpu_server(1, AF_INET);
959
+    ABTS_PTR_NOTNULL(tc, gtpu1);
960
+
961
+    gtpu2 = test_gtpu_server(2, AF_INET);
962
+    ABTS_PTR_NOTNULL(tc, gtpu2);
963
+
964
+    /* S1-Setup Reqeust/Response for Source eNB */
965
+    sendbuf = test_s1ap_build_s1_setup_request(
966
+            S1AP_ENB_ID_PR_macroENB_ID, 0x1f2);
967
+    ABTS_PTR_NOTNULL(tc, sendbuf);
968
+    rv = testenb_s1ap_send(s1ap1, sendbuf);
969
+    ABTS_INT_EQUAL(tc, OGS_OK, rv);
970
+
971
+    recvbuf = testenb_s1ap_read(s1ap1);
972
+    ABTS_PTR_NOTNULL(tc, recvbuf);
973
+    tests1ap_recv(NULL, recvbuf);
974
+
975
+    /* S1-Setup Reqeust/Response for Target eNB */
976
+    sendbuf = test_s1ap_build_s1_setup_request(
977
+            S1AP_ENB_ID_PR_macroENB_ID, 0x43);
978
+    ABTS_PTR_NOTNULL(tc, sendbuf);
979
+    rv = testenb_s1ap_send(s1ap2, sendbuf);
980
+    ABTS_INT_EQUAL(tc, OGS_OK, rv);
981
+
982
+    recvbuf = testenb_s1ap_read(s1ap2);
983
+    ABTS_PTR_NOTNULL(tc, recvbuf);
984
+    tests1ap_recv(NULL, recvbuf);
985
+
986
+    /********** Insert Subscriber in Database */
987
+    doc = test_db_new_qos_flow(test_ue);
988
+    ABTS_PTR_NOTNULL(tc, doc);
989
+    ABTS_INT_EQUAL(tc, OGS_OK, test_db_insert_ue(test_ue, doc));
990
+
991
+    /* Send Attach Request */
992
+    memset(&sess->pdn_connectivity_param,
993
+            0, sizeof(sess->pdn_connectivity_param));
994
+    sess->pdn_connectivity_param.eit = 1;
995
+    sess->pdn_connectivity_param.pco = 1;
996
+    sess->pdn_connectivity_param.request_type =
997
+        OGS_NAS_EPS_REQUEST_TYPE_INITIAL;
998
+    esmbuf = testesm_build_pdn_connectivity_request(
999
+            sess, false, OGS_NAS_EPS_PDN_TYPE_IPV4V6);
1000
+    ABTS_PTR_NOTNULL(tc, esmbuf);
1001
+
1002
+    memset(&test_ue->attach_request_param,
1003
+            0, sizeof(test_ue->attach_request_param));
1004
+    test_ue->attach_request_param.guti = 1;
1005
+    test_ue->attach_request_param.last_visited_registered_tai = 1;
1006
+    test_ue->attach_request_param.drx_parameter = 1;
1007
+    test_ue->attach_request_param.tmsi_status = 1;
1008
+    test_ue->attach_request_param.mobile_station_classmark_2 = 1;
1009
+    test_ue->attach_request_param.additional_update_type = 1;
1010
+    test_ue->attach_request_param.ue_usage_setting = 1;
1011
+    test_ue->attach_request_param.old_guti_type = 1;
1012
+    emmbuf = testemm_build_attach_request(test_ue, esmbuf, true, false);
1013
+    ABTS_PTR_NOTNULL(tc, emmbuf);
1014
+
1015
+    memset(&test_ue->initial_ue_param, 0, sizeof(test_ue->initial_ue_param));
1016
+    test_ue->initial_ue_param.gummei_id = 1;
1017
+    test_ue->initial_ue_param.gummei.mme_gid = 2;
1018
+    test_ue->initial_ue_param.gummei.mme_code = 1;
1019
+    sendbuf = test_s1ap_build_initial_ue_message(
1020
+            test_ue, emmbuf, S1AP_RRC_Establishment_Cause_mo_Signalling, false);
1021
+    ABTS_INT_EQUAL(tc, OGS_OK, rv);
1022
+    rv = testenb_s1ap_send(s1ap1, sendbuf);
1023
+    ABTS_INT_EQUAL(tc, OGS_OK, rv);
1024
+
1025
+    /* Receive Identity Request */
1026
+    recvbuf = testenb_s1ap_read(s1ap1);
1027
+    ABTS_PTR_NOTNULL(tc, recvbuf);
1028
+    tests1ap_recv(test_ue, recvbuf);
1029
+
1030
+    /* Send Identity response */
1031
+    emmbuf = testemm_build_identity_response(test_ue);
1032
+    ABTS_PTR_NOTNULL(tc, emmbuf);
1033
+    sendbuf = test_s1ap_build_uplink_nas_transport(test_ue, emmbuf);
1034
+    ABTS_PTR_NOTNULL(tc, sendbuf);
1035
+    rv = testenb_s1ap_send(s1ap1, sendbuf);
1036
+    ABTS_INT_EQUAL(tc, OGS_OK, rv);
1037
+
1038
+    /* Receive Authentication Request */
1039
+    recvbuf = testenb_s1ap_read(s1ap1);
1040
+    ABTS_PTR_NOTNULL(tc, recvbuf);
1041
+    tests1ap_recv(test_ue, recvbuf);
1042
+
1043
+    /* Send Authentication response */
1044
+    emmbuf = testemm_build_authentication_response(test_ue);
1045
+    ABTS_PTR_NOTNULL(tc, emmbuf);
1046
+    sendbuf = test_s1ap_build_uplink_nas_transport(test_ue, emmbuf);
1047
+    ABTS_PTR_NOTNULL(tc, sendbuf);
1048
+    rv = testenb_s1ap_send(s1ap1, sendbuf);
1049
+    ABTS_INT_EQUAL(tc, OGS_OK, rv);
1050
+
1051
+    /* Receive Security mode Command */
1052
+    recvbuf = testenb_s1ap_read(s1ap1);
1053
+    ABTS_PTR_NOTNULL(tc, recvbuf);
1054
+    tests1ap_recv(test_ue, recvbuf);
1055
+
1056
+    /* Send Security mode complete */
1057
+    test_ue->mobile_identity_imeisv_presence = true;
1058
+    emmbuf = testemm_build_security_mode_complete(test_ue);
1059
+    ABTS_PTR_NOTNULL(tc, emmbuf);
1060
+    sendbuf = test_s1ap_build_uplink_nas_transport(test_ue, emmbuf);
1061
+    ABTS_PTR_NOTNULL(tc, sendbuf);
1062
+    rv = testenb_s1ap_send(s1ap1, sendbuf);
1063
+    ABTS_INT_EQUAL(tc, OGS_OK, rv);
1064
+
1065
+    /* Receive ESM Information Request */
1066
+    recvbuf = testenb_s1ap_read(s1ap1);
1067
+    ABTS_PTR_NOTNULL(tc, recvbuf);
1068
+    tests1ap_recv(test_ue, recvbuf);
1069
+
1070
+    /* Send ESM Information Response */
1071
+    esmbuf = testesm_build_esm_information_response(sess);
1072
+    ABTS_PTR_NOTNULL(tc, esmbuf);
1073
+    sendbuf = test_s1ap_build_uplink_nas_transport(test_ue, esmbuf);
1074
+    ABTS_PTR_NOTNULL(tc, sendbuf);
1075
+    rv = testenb_s1ap_send(s1ap1, sendbuf);
1076
+    ABTS_INT_EQUAL(tc, OGS_OK, rv);
1077
+
1078
+    /* Receive SGsAP-Location-Update-Request */
1079
+    recvbuf = testvlr_sgsap_read(sgsap);
1080
+    ABTS_PTR_NOTNULL(tc, recvbuf);
1081
+    ogs_pkbuf_free(recvbuf);
1082
+
1083
+    /* Send SGsAP-Location-Update-Accept */
1084
+    sendbuf = test_sgsap_location_update_accept(0);
1085
+    ABTS_PTR_NOTNULL(tc, sendbuf);
1086
+    rv = testvlr_sgsap_send(sgsap, sendbuf);
1087
+    ABTS_INT_EQUAL(tc, OGS_OK, rv);
1088
+
1089
+    /* Receive Initial Context Setup Request +
1090
+     * Attach Accept +
1091
+     * Activate Default Bearer Context Request */
1092
+    recvbuf = testenb_s1ap_read(s1ap1);
1093
+    ABTS_PTR_NOTNULL(tc, recvbuf);
1094
+    tests1ap_recv(test_ue, recvbuf);
1095
+
1096
+    /* Send UE Capability Info Indication */
1097
+    sendbuf = tests1ap_build_ue_radio_capability_info_indication(test_ue);
1098
+    ABTS_PTR_NOTNULL(tc, sendbuf);
1099
+    rv = testenb_s1ap_send(s1ap1, sendbuf);
1100
+    ABTS_INT_EQUAL(tc, OGS_OK, rv);
1101
+
1102
+    /* Send Initial Context Setup Response */
1103
+    sendbuf = test_s1ap_build_initial_context_setup_response(test_ue);
1104
+    ABTS_PTR_NOTNULL(tc, sendbuf);
1105
+    rv = testenb_s1ap_send(s1ap1, sendbuf);
1106
+    ABTS_INT_EQUAL(tc, OGS_OK, rv);
1107
+
1108
+    /* Send Attach Complete + Activate default EPS bearer cotext accept */
1109
+    test_ue->nr_cgi.cell_id = 0x1234502;
1110
+    bearer = test_bearer_find_by_ue_ebi(test_ue, 5);
1111
+    ogs_assert(bearer);
1112
+    esmbuf = testesm_build_activate_default_eps_bearer_context_accept(
1113
+            bearer, false);
1114
+    ABTS_PTR_NOTNULL(tc, esmbuf);
1115
+    emmbuf = testemm_build_attach_complete(test_ue, esmbuf);
1116
+    ABTS_PTR_NOTNULL(tc, emmbuf);
1117
+    sendbuf = test_s1ap_build_uplink_nas_transport(test_ue, emmbuf);
1118
+    ABTS_PTR_NOTNULL(tc, sendbuf);
1119
+    rv = testenb_s1ap_send(s1ap1, sendbuf);
1120
+    ABTS_INT_EQUAL(tc, OGS_OK, rv);
1121
+
1122
+    /* Receive EMM information */
1123
+    recvbuf = testenb_s1ap_read(s1ap1);
1124
+    ABTS_PTR_NOTNULL(tc, recvbuf);
1125
+    tests1ap_recv(test_ue, recvbuf);
1126
+
1127
+    /* Receive SGsAP-TMSI-REALLOCATION-COMPLETE */
1128
+    recvbuf = testvlr_sgsap_read(sgsap);
1129
+    ABTS_PTR_NOTNULL(tc, recvbuf);
1130
+    ogs_pkbuf_free(recvbuf);
1131
+
1132
+    /* Receive E-RAB Setup Request +
1133
+     * Activate dedicated EPS bearer context request */
1134
+    recvbuf = testenb_s1ap_read(s1ap1);
1135
+    ABTS_PTR_NOTNULL(tc, recvbuf);
1136
+    tests1ap_recv(test_ue, recvbuf);
1137
+
1138
+    /* Send E-RAB Setup Response */
1139
+    bearer = test_bearer_find_by_ue_ebi(test_ue, 6);
1140
+    ogs_assert(bearer);
1141
+    sendbuf = test_s1ap_build_e_rab_setup_response(bearer);
1142
+    ABTS_PTR_NOTNULL(tc, sendbuf);
1143
+    rv = testenb_s1ap_send(s1ap1, sendbuf);
1144
+    ABTS_INT_EQUAL(tc, OGS_OK, rv);
1145
+
1146
+    /* Send Activate dedicated EPS bearer context accept */
1147
+    esmbuf = testesm_build_activate_dedicated_eps_bearer_context_accept(bearer);
1148
+    ABTS_PTR_NOTNULL(tc, esmbuf);
1149
+    sendbuf = test_s1ap_build_uplink_nas_transport(test_ue, esmbuf);
1150
+    ABTS_PTR_NOTNULL(tc, sendbuf);
1151
+    rv = testenb_s1ap_send(s1ap1, sendbuf);
1152
+    ABTS_INT_EQUAL(tc, OGS_OK, rv);
1153
+
1154
+    /* Send ENB configuration transfer */
1155
+    sendbuf = test_s1ap_build_enb_configuration_transfer(0);
1156
+    ABTS_PTR_NOTNULL(tc, sendbuf);
1157
+    rv = testenb_s1ap_send(s1ap1, sendbuf);
1158
+    ABTS_INT_EQUAL(tc, OGS_OK, rv);
1159
+
1160
+    /* Receive MME configuration transfer */
1161
+    recvbuf = testenb_s1ap_read(s1ap2);
1162
+    ABTS_PTR_NOTNULL(tc, recvbuf);
1163
+    tests1ap_recv(test_ue, recvbuf);
1164
+
1165
+    /* Send ENB configuration transfer */
1166
+    sendbuf = test_s1ap_build_enb_configuration_transfer(1);
1167
+    ABTS_PTR_NOTNULL(tc, sendbuf);
1168
+    rv = testenb_s1ap_send(s1ap2, sendbuf);
1169
+    ABTS_INT_EQUAL(tc, OGS_OK, rv);
1170
+
1171
+    /* Receive MME configuration transfer */
1172
+    recvbuf = testenb_s1ap_read(s1ap1);
1173
+    ABTS_PTR_NOTNULL(tc, recvbuf);
1174
+    tests1ap_recv(test_ue, recvbuf);
1175
+
1176
+    /* DELAY is needed in dedicated EPS bearer */
1177
+    ogs_msleep(100);
1178
+
1179
+    /* Send GTP-U ICMP Packet */
1180
+    bearer = test_bearer_find_by_ue_ebi(test_ue, 5);
1181
+    ogs_assert(bearer);
1182
+    rv = test_gtpu_send_ping(gtpu1, bearer, TEST_PING_IPV4);
1183
+    ABTS_INT_EQUAL(tc, OGS_OK, rv);
1184
+
1185
+    /* Receive GTP-U ICMP Packet */
1186
+    recvbuf = test_gtpu_read(gtpu1);
1187
+    ABTS_PTR_NOTNULL(tc, recvbuf);
1188
+    ogs_pkbuf_free(recvbuf);
1189
+
1190
+    /* Send GTP-U ICMP Packet */
1191
+    bearer = test_bearer_find_by_ue_ebi(test_ue, 6);
1192
+    ogs_assert(bearer);
1193
+    rv = test_gtpu_send_ping(gtpu1, bearer, TEST_PING_IPV4);
1194
+    ABTS_INT_EQUAL(tc, OGS_OK, rv);
1195
+
1196
+    /* Receive GTP-U ICMP Packet */
1197
+    recvbuf = test_gtpu_read(gtpu1);
1198
+    ABTS_PTR_NOTNULL(tc, recvbuf);
1199
+    ogs_pkbuf_free(recvbuf);
1200
+
1201
+    /* Send Handover Required */
1202
+    sendbuf = test_s1ap_build_handover_required(
1203
+            test_ue, S1AP_HandoverType_intralte,
1204
+            S1AP_ENB_ID_PR_macroENB_ID, 0x43,
1205
+            S1AP_Cause_PR_radioNetwork,
1206
+            S1AP_CauseRadioNetwork_time_critical_handover);
1207
+    ABTS_PTR_NOTNULL(tc, sendbuf);
1208
+    rv = testenb_s1ap_send(s1ap1, sendbuf);
1209
+    ABTS_INT_EQUAL(tc, OGS_OK, rv);
1210
+
1211
+    /* Receive Handover Request */
1212
+    recvbuf = testenb_s1ap_read(s1ap2);
1213
+    ABTS_PTR_NOTNULL(tc, recvbuf);
1214
+    tests1ap_recv(test_ue, recvbuf);
1215
+
1216
+    /* Send Handover Request Ack */
1217
+    ogs_list_for_each(&sess->bearer_list, bearer) {
1218
+        bearer->enb_s1u_addr = test_self()->gnb2_addr;
1219
+        bearer->enb_s1u_addr6 = test_self()->gnb2_addr6;
1220
+    }
1221
+    sendbuf = test_s1ap_build_handover_request_ack(test_ue);
1222
+    ABTS_PTR_NOTNULL(tc, sendbuf);
1223
+    rv = testenb_s1ap_send(s1ap2, sendbuf);
1224
+    ABTS_INT_EQUAL(tc, OGS_OK, rv);
1225
+
1226
+    /* Receive Handover Command */
1227
+    recvbuf = testenb_s1ap_read(s1ap1);
1228
+    ABTS_PTR_NOTNULL(tc, recvbuf);
1229
+    tests1ap_recv(test_ue, recvbuf);
1230
+
1231
+    /* Send GTP-U ICMP Packet */
1232
+    bearer = test_bearer_find_by_ue_ebi(test_ue, 5);
1233
+    ogs_assert(bearer);
1234
+    rv = test_gtpu_send_ping(gtpu1, bearer, TEST_PING_IPV4);
1235
+    ABTS_INT_EQUAL(tc, OGS_OK, rv);
1236
+
1237
+    /* Receive GTP-U ICMP Packet */
1238
+    recvbuf = test_gtpu_read(gtpu1);
1239
+    ABTS_PTR_NOTNULL(tc, recvbuf);
1240
+
1241
+    /* Copy ICMP Packet */
1242
+    pkbuf = ogs_pkbuf_alloc(NULL, 200);
1243
+    ogs_assert(pkbuf);
1244
+    ogs_pkbuf_reserve(pkbuf, OGS_GTPV1U_5GC_HEADER_LEN);
1245
+    ogs_pkbuf_put(pkbuf, 200-OGS_GTPV1U_5GC_HEADER_LEN);
1246
+    memset(pkbuf->data, 0, pkbuf->len);
1247
+    memcpy(pkbuf->data, recvbuf->data + 8, recvbuf->len - 8);
1248
+
1249
+    ogs_pkbuf_free(recvbuf);
1250
+
1251
+    /* Send GTP-U Packet with Indirect Data Forwarding */
1252
+    rv = test_gtpu_send_indirect_data_forwarding(gtpu1, bearer, pkbuf);
1253
+    ABTS_INT_EQUAL(tc, OGS_OK, rv);
1254
+
1255
+    /* Receive GTP-U ICMP Packet */
1256
+    recvbuf = testgnb_gtpu_read(gtpu2);
1257
+    ABTS_PTR_NOTNULL(tc, recvbuf);
1258
+    ogs_pkbuf_free(recvbuf);
1259
+
1260
+    /* Send eNB Status Transfer */
1261
+    sendbuf = test_s1ap_build_enb_status_transfer(test_ue);
1262
+    ABTS_PTR_NOTNULL(tc, sendbuf);
1263
+    rv = testenb_s1ap_send(s1ap1, sendbuf);
1264
+    ABTS_INT_EQUAL(tc, OGS_OK, rv);
1265
+
1266
+    /* Receive MME Status Transfer */
1267
+    recvbuf = testenb_s1ap_read(s1ap2);
1268
+    ABTS_PTR_NOTNULL(tc, recvbuf);
1269
+    tests1ap_recv(test_ue, recvbuf);
1270
+
1271
+    /* Send Handover Notify */
1272
+    test_ue->e_cgi.cell_id = 0xabcdef0;
1273
+    sendbuf = test_s1ap_build_handover_notify(test_ue);
1274
+    ABTS_PTR_NOTNULL(tc, sendbuf);
1275
+    rv = testenb_s1ap_send(s1ap2, sendbuf);
1276
+    ABTS_INT_EQUAL(tc, OGS_OK, rv);
1277
+
1278
+    /* Receive End Mark */
1279
+    recvbuf = test_gtpu_read(gtpu1);
1280
+    ABTS_PTR_NOTNULL(tc, recvbuf);
1281
+    ogs_pkbuf_free(recvbuf);
1282
+
1283
+    /* Receive End Mark */
1284
+    recvbuf = test_gtpu_read(gtpu1);
1285
+    ABTS_PTR_NOTNULL(tc, recvbuf);
1286
+    ogs_pkbuf_free(recvbuf);
1287
+
1288
+    /* Send TAU Request */
1289
+    memset(&test_ue->tau_request_param, 0, sizeof(test_ue->tau_request_param));
1290
+    test_ue->tau_request_param.ue_network_capability = 1;
1291
+    test_ue->tau_request_param.last_visited_registered_tai = 1;
1292
+    test_ue->tau_request_param.drx_parameter = 1;
1293
+    test_ue->tau_request_param.eps_bearer_context_status = 1;
1294
+    test_ue->tau_request_param.ms_network_capability = 1;
1295
+    test_ue->tau_request_param.tmsi_status = 1;
1296
+    test_ue->tau_request_param.mobile_station_classmark_2 = 1;
1297
+    test_ue->tau_request_param.ue_usage_setting = 1;
1298
+    emmbuf = testemm_build_tau_request(
1299
+            test_ue, true, OGS_NAS_EPS_UPDATE_TYPE_COMBINED_TA_LA_UPDATING,
1300
+            true, true);
1301
+    ABTS_PTR_NOTNULL(tc, emmbuf);
1302
+    sendbuf = test_s1ap_build_uplink_nas_transport(test_ue, emmbuf);
1303
+    ABTS_PTR_NOTNULL(tc, sendbuf);
1304
+    rv = testenb_s1ap_send(s1ap2, sendbuf);
1305
+    ABTS_INT_EQUAL(tc, OGS_OK, rv);
1306
+
1307
+    /* Receive SGsAP-Location-Update-Request */
1308
+    recvbuf = testvlr_sgsap_read(sgsap);
1309
+    ABTS_PTR_NOTNULL(tc, recvbuf);
1310
+    ogs_pkbuf_free(recvbuf);
1311
+
1312
+    /* Send SGsAP-Location-Update-Accept */
1313
+    sendbuf = test_sgsap_location_update_accept(0);
1314
+    ABTS_PTR_NOTNULL(tc, sendbuf);
1315
+    rv = testvlr_sgsap_send(sgsap, sendbuf);
1316
+    ABTS_INT_EQUAL(tc, OGS_OK, rv);
1317
+
1318
+    /* Receive TAU Accept */
1319
+    recvbuf = testenb_s1ap_read(s1ap2);
1320
+    ABTS_PTR_NOTNULL(tc, recvbuf);
1321
+    tests1ap_recv(test_ue, recvbuf);
1322
+
1323
+    /* Receive UE Context Release Command */
1324
+    mme_ue_s1ap_id = test_ue->mme_ue_s1ap_id;
1325
+    enb_ue_s1ap_id = test_ue->enb_ue_s1ap_id;
1326
+
1327
+    recvbuf = testenb_s1ap_read(s1ap1);
1328
+    ABTS_PTR_NOTNULL(tc, recvbuf);
1329
+    tests1ap_recv(test_ue, recvbuf);
1330
+
1331
+    /* Send UE Context Release Complete */
1332
+    sendbuf = test_s1ap_build_ue_context_release_complete(test_ue);
1333
+    ABTS_PTR_NOTNULL(tc, sendbuf);
1334
+    rv = testenb_s1ap_send(s1ap1, sendbuf);
1335
+    ABTS_INT_EQUAL(tc, OGS_OK, rv);
1336
+
1337
+    test_ue->mme_ue_s1ap_id = mme_ue_s1ap_id;
1338
+    test_ue->enb_ue_s1ap_id = enb_ue_s1ap_id;
1339
+
1340
+    /* Send GTP-U ICMP Packet */
1341
+    bearer = test_bearer_find_by_ue_ebi(test_ue, 5);
1342
+    ogs_assert(bearer);
1343
+    rv = test_gtpu_send_ping(gtpu2, bearer, TEST_PING_IPV4);
1344
+    ABTS_INT_EQUAL(tc, OGS_OK, rv);
1345
+
1346
+    /* Receive GTP-U ICMP Packet */
1347
+    recvbuf = test_gtpu_read(gtpu2);
1348
+    ABTS_PTR_NOTNULL(tc, recvbuf);
1349
+    ogs_pkbuf_free(recvbuf);
1350
+
1351
+    /* Send GTP-U ICMP Packet */
1352
+    bearer = test_bearer_find_by_ue_ebi(test_ue, 6);
1353
+    ogs_assert(bearer);
1354
+    rv = test_gtpu_send_ping(gtpu2, bearer, TEST_PING_IPV4);
1355
+    ABTS_INT_EQUAL(tc, OGS_OK, rv);
1356
+
1357
+    /* Receive GTP-U ICMP Packet */
1358
+    recvbuf = test_gtpu_read(gtpu2);
1359
+    ABTS_PTR_NOTNULL(tc, recvbuf);
1360
+    ogs_pkbuf_free(recvbuf);
1361
+
1362
+    /* Send Handover Required */
1363
+    sendbuf = test_s1ap_build_handover_required(
1364
+            test_ue, S1AP_HandoverType_intralte,
1365
+            S1AP_ENB_ID_PR_macroENB_ID, 0x1f2,
1366
+            S1AP_Cause_PR_radioNetwork,
1367
+            S1AP_CauseRadioNetwork_time_critical_handover);
1368
+    ABTS_PTR_NOTNULL(tc, sendbuf);
1369
+    rv = testenb_s1ap_send(s1ap2, sendbuf);
1370
+    ABTS_INT_EQUAL(tc, OGS_OK, rv);
1371
+
1372
+    /* Receive Handover Request */
1373
+    recvbuf = testenb_s1ap_read(s1ap1);
1374
+    ABTS_PTR_NOTNULL(tc, recvbuf);
1375
+    tests1ap_recv(test_ue, recvbuf);
1376
+
1377
+    /* Send Handover Request Ack */
1378
+    ogs_list_for_each(&sess->bearer_list, bearer) {
1379
+        bearer->enb_s1u_addr = test_self()->gnb1_addr;
1380
+        bearer->enb_s1u_addr6 = test_self()->gnb1_addr6;
1381
+    }
1382
+    sendbuf = test_s1ap_build_handover_request_ack(test_ue);
1383
+    ABTS_PTR_NOTNULL(tc, sendbuf);
1384
+    rv = testenb_s1ap_send(s1ap1, sendbuf);
1385
+    ABTS_INT_EQUAL(tc, OGS_OK, rv);
1386
+
1387
+    /* Receive Handover Command */
1388
+    recvbuf = testenb_s1ap_read(s1ap2);
1389
+    ABTS_PTR_NOTNULL(tc, recvbuf);
1390
+    tests1ap_recv(test_ue, recvbuf);
1391
+
1392
+    /* Send eNB Status Transfer */
1393
+    sendbuf = test_s1ap_build_enb_status_transfer(test_ue);
1394
+    ABTS_PTR_NOTNULL(tc, sendbuf);
1395
+    rv = testenb_s1ap_send(s1ap2, sendbuf);
1396
+    ABTS_INT_EQUAL(tc, OGS_OK, rv);
1397
+
1398
+    /* Receive MME Status Transfer */
1399
+    recvbuf = testenb_s1ap_read(s1ap1);
1400
+    ABTS_PTR_NOTNULL(tc, recvbuf);
1401
+    tests1ap_recv(test_ue, recvbuf);
1402
+
1403
+    /* Send Handover Notify */
1404
+    test_ue->e_cgi.cell_id = 0x1234560;
1405
+    sendbuf = test_s1ap_build_handover_notify(test_ue);
1406
+    ABTS_PTR_NOTNULL(tc, sendbuf);
1407
+    rv = testenb_s1ap_send(s1ap1, sendbuf);
1408
+    ABTS_INT_EQUAL(tc, OGS_OK, rv);
1409
+
1410
+    /* Receive End Mark */
1411
+    recvbuf = test_gtpu_read(gtpu2);
1412
+    ABTS_PTR_NOTNULL(tc, recvbuf);
1413
+    ogs_pkbuf_free(recvbuf);
1414
+
1415
+    /* Receive End Mark */
1416
+    recvbuf = test_gtpu_read(gtpu2);
1417
+    ABTS_PTR_NOTNULL(tc, recvbuf);
1418
+    ogs_pkbuf_free(recvbuf);
1419
+
1420
+    /* Receive UE Context Release Command */
1421
+    mme_ue_s1ap_id = test_ue->mme_ue_s1ap_id;
1422
+    enb_ue_s1ap_id = test_ue->enb_ue_s1ap_id;
1423
+
1424
+    recvbuf = testenb_s1ap_read(s1ap2);
1425
+    ABTS_PTR_NOTNULL(tc, recvbuf);
1426
+    tests1ap_recv(test_ue, recvbuf);
1427
+
1428
+    /* Send UE Context Release Complete */
1429
+    sendbuf = test_s1ap_build_ue_context_release_complete(test_ue);
1430
+    ABTS_PTR_NOTNULL(tc, sendbuf);
1431
+    rv = testenb_s1ap_send(s1ap2, sendbuf);
1432
+    ABTS_INT_EQUAL(tc, OGS_OK, rv);
1433
+
1434
+    test_ue->mme_ue_s1ap_id = mme_ue_s1ap_id;
1435
+    test_ue->enb_ue_s1ap_id = enb_ue_s1ap_id;
1436
+
1437
+    /* Send GTP-U ICMP Packet */
1438
+    bearer = test_bearer_find_by_ue_ebi(test_ue, 5);
1439
+    ogs_assert(bearer);
1440
+    rv = test_gtpu_send_ping(gtpu1, bearer, TEST_PING_IPV4);
1441
+    ABTS_INT_EQUAL(tc, OGS_OK, rv);
1442
+
1443
+    /* Receive GTP-U ICMP Packet */
1444
+    recvbuf = test_gtpu_read(gtpu1);
1445
+    ABTS_PTR_NOTNULL(tc, recvbuf);
1446
+    ogs_pkbuf_free(recvbuf);
1447
+
1448
+    /* Send GTP-U ICMP Packet */
1449
+    bearer = test_bearer_find_by_ue_ebi(test_ue, 6);
1450
+    ogs_assert(bearer);
1451
+    rv = test_gtpu_send_ping(gtpu1, bearer, TEST_PING_IPV4);
1452
+    ABTS_INT_EQUAL(tc, OGS_OK, rv);
1453
+
1454
+    /* Receive GTP-U ICMP Packet */
1455
+    recvbuf = test_gtpu_read(gtpu1);
1456
+    ABTS_PTR_NOTNULL(tc, recvbuf);
1457
+    ogs_pkbuf_free(recvbuf);
1458
+
1459
+    /* Send Handover Required */
1460
+    sendbuf = test_s1ap_build_handover_required(
1461
+            test_ue, S1AP_HandoverType_intralte,
1462
+            S1AP_ENB_ID_PR_macroENB_ID, 0x43,
1463
+            S1AP_Cause_PR_radioNetwork,
1464
+            S1AP_CauseRadioNetwork_time_critical_handover);
1465
+    ABTS_PTR_NOTNULL(tc, sendbuf);
1466
+    rv = testenb_s1ap_send(s1ap1, sendbuf);
1467
+    ABTS_INT_EQUAL(tc, OGS_OK, rv);
1468
+
1469
+    /* Receive Handover Request */
1470
+    recvbuf = testenb_s1ap_read(s1ap2);
1471
+    ABTS_PTR_NOTNULL(tc, recvbuf);
1472
+    tests1ap_recv(test_ue, recvbuf);
1473
+
1474
+    /* Send Handover Request Ack */
1475
+    ogs_list_for_each(&sess->bearer_list, bearer) {
1476
+        bearer->enb_s1u_addr = test_self()->gnb1_addr;
1477
+        bearer->enb_s1u_addr6 = test_self()->gnb1_addr6;
1478
+    }
1479
+    sendbuf = test_s1ap_build_handover_request_ack(test_ue);
1480
+    ABTS_PTR_NOTNULL(tc, sendbuf);
1481
+    rv = testenb_s1ap_send(s1ap2, sendbuf);
1482
+    ABTS_INT_EQUAL(tc, OGS_OK, rv);
1483
+
1484
+    /* Receive Handover Command */
1485
+    recvbuf = testenb_s1ap_read(s1ap1);
1486
+    ABTS_PTR_NOTNULL(tc, recvbuf);
1487
+    tests1ap_recv(test_ue, recvbuf);
1488
+
1489
+    /* Send Handover Cancel */
1490
+    sendbuf = test_s1ap_build_handover_cancel(test_ue,
1491
+            S1AP_Cause_PR_radioNetwork,
1492
+            S1AP_CauseRadioNetwork_tS1relocprep_expiry);
1493
+    ABTS_PTR_NOTNULL(tc, sendbuf);
1494
+    rv = testenb_s1ap_send(s1ap1, sendbuf);
1495
+    ABTS_INT_EQUAL(tc, OGS_OK, rv);
1496
+
1497
+    /* Receive UE Context Release Command */
1498
+    recvbuf = testenb_s1ap_read(s1ap2);
1499
+    ABTS_PTR_NOTNULL(tc, recvbuf);
1500
+    tests1ap_recv(test_ue, recvbuf);
1501
+
1502
+    /* Send UE Context Release Complete */
1503
+    sendbuf = test_s1ap_build_ue_context_release_complete(test_ue);
1504
+    ABTS_PTR_NOTNULL(tc, sendbuf);
1505
+    rv = testenb_s1ap_send(s1ap2, sendbuf);
1506
+    ABTS_INT_EQUAL(tc, OGS_OK, rv);
1507
+
1508
+    /* Recv HandoverCancelAcknowledge */
1509
+    recvbuf = testenb_s1ap_read(s1ap1);
1510
+    ABTS_PTR_NOTNULL(tc, recvbuf);
1511
+    tests1ap_recv(test_ue, recvbuf);
1512
+
1513
+    ogs_msleep(300);
1514
+
1515
+    /********** Remove Subscriber in Database */
1516
+    ABTS_INT_EQUAL(tc, OGS_OK, test_db_remove_ue(test_ue));
1517
+
1518
+    /* eNB disonncect from SGW */
1519
+    testgnb_gtpu_close(gtpu2);
1520
+    testgnb_gtpu_close(gtpu1);
1521
+
1522
+    /* Two eNB disonncect from MME */
1523
+    testenb_s1ap_close(s1ap1);
1524
+    testenb_s1ap_close(s1ap2);
1525
+
1526
+    test_ue_remove(test_ue);
1527
+}
1528
+
1529
+abts_suite *test_tau(abts_suite *suite)
1530
+{
1531
+    suite = ADD_SUITE(suite)
1532
+
1533
+    abts_run_test(suite, test_simple_func, NULL);
1534
+    abts_run_test(suite, test_no_active_flag_func, NULL);
1535
+    abts_run_test(suite, test_integrity_unprotected_func, NULL);
1536
+    abts_run_test(suite, test_uplink_transport_func, NULL);
1537
+
1538
+    return suite;
1539
+}
1540