forked from acouzens/open5gs
3f0979dab2
Because a race condition can occur between S6A Diameter and S1AP message, the following error handling code has been added. 1. InitialUEMessage + Attach Request + PDN Connectivity request 2. Authentication-Information-Request/Authentication-Information-Answer 3. Authentication Request/Response 4. Security-mode command/complete 5. Update-Location-Request/Update-Location-Answer 6. Detach request/accept In the ULR/ULA process in step 6, the PDN Connectivity request is pushed to the queue as an ESM_MESSAGE because the NAS-Type is still an Attach Request. See the code below in 'mme-s6a-handler.c' for where the queue is pushed. if (mme_ue->nas_eps.type == MME_EPS_TYPE_ATTACH_REQUEST) { rv = nas_eps_send_emm_to_esm(mme_ue, &mme_ue->pdn_connectivity_request); if (rv != OGS_OK) { ogs_error("nas_eps_send_emm_to_esm() failed"); return OGS_NAS_EMM_CAUSE_PROTOCOL_ERROR_UNSPECIFIED; } } else if (mme_ue->nas_eps.type == MME_EPS_TYPE_TAU_REQUEST) { r = nas_eps_send_tau_accept(mme_ue, S1AP_ProcedureCode_id_InitialContextSetup); ogs_expect(r == OGS_OK); ogs_assert(r != OGS_ERROR); } else { ogs_error("Invalid Type[%d]", mme_ue->nas_eps.type); return OGS_NAS_EMM_CAUSE_PROTOCOL_ERROR_UNSPECIFIED; } If you perform step 7 Detach request/accept here, the NAS-Type becomes Detach Request and the EMM state changes to emm_state_de_registered(). Since the PDN, which is an ESM message that was previously queued, should not be processed in de_registered, the message is ignored through error handling below. Otherwise, MME will crash because there is no active bearer in the initial_context_setup_request build process. See the code below in 's1ap-build.c' for where the crash occurs. ogs_list_for_each(&mme_ue->sess_list, sess) { ogs_list_for_each(&sess->bearer_list, bearer) { ... if (mme_ue->nas_eps.type == MME_EPS_TYPE_ATTACH_REQUEST) { } else if (OGS_FSM_CHECK(&bearer->sm, esm_state_inactive)) { ogs_warn("No active EPS bearer [%d]", bearer->ebi); ogs_warn(" IMSI[%s] NAS-EPS Type[%d] " "ENB_UE_S1AP_ID[%d] MME_UE_S1AP_ID[%d]", mme_ue->imsi_bcd, mme_ue->nas_eps.type, enb_ue->enb_ue_s1ap_id, enb_ue->mme_ue_s1ap_id); continue; } ... } } |
||
---|---|---|
.. | ||
app | ||
asn1c | ||
core | ||
crypt | ||
dbi | ||
diameter | ||
gtp | ||
ipfw | ||
metrics | ||
nas | ||
ngap | ||
pfcp | ||
proto | ||
s1ap | ||
sbi | ||
sctp | ||
tun | ||
meson.build |