sysmocom
/
open5gs
forked from acouzens/open5gs
11
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
open5gs/src/mme/mme-gn-handler.c

564 lines
23 KiB
C
Raw Blame History

/*
* Copyright (C) 2023 by sysmocom - s.f.m.c. GmbH <info@sysmocom.de>
*
* This file is part of Open5GS.
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
#include "mme-event.h"
#include "mme-sm.h"
#include "mme-context.h"
#include "mme-timer.h"
#include "mme-gtp-path.h"
#include "mme-fd-path.h"
#include "mme-path.h"
#include "mme-gn-build.h"
#include "mme-gn-handler.h"
#include "s1ap-path.h"
#include "nas-path.h"
void mme_gn_handle_echo_request(
ogs_gtp_xact_t *xact, ogs_gtp1_echo_request_t *req)
{
ogs_assert(xact);
ogs_assert(req);
ogs_debug("[Gn] Receiving Echo Request");
/* FIXME : Implementing recovery counter correctly */
ogs_gtp1_send_echo_response(xact, 0);
}
void mme_gn_handle_echo_response(
ogs_gtp_xact_t *xact, ogs_gtp1_echo_response_t *req)
{
/* Not Implemented */
}
static int decode_global_enb_id(S1AP_Global_ENB_ID_t *glob_enb_id, const uint8_t *buf, size_t buf_len)
{
asn_dec_rval_t dec_ret = {0};
memset(glob_enb_id, 0, sizeof(S1AP_Global_ENB_ID_t));
dec_ret = aper_decode(NULL, &asn_DEF_S1AP_Global_ENB_ID, (void **)&glob_enb_id,
buf, buf_len, 0, 0);
if (dec_ret.code != RC_OK) {
ogs_warn("Failed to decode ASN-PDU [code:%d,consumed:%d]",
dec_ret.code, (int)dec_ret.consumed);
return OGS_ERROR;
}
if (ogs_log_get_domain_level(OGS_LOG_DOMAIN) >= OGS_LOG_TRACE)
asn_fprint(stdout, &asn_DEF_S1AP_Global_ENB_ID, glob_enb_id);
return OGS_OK;
}
/* 3GPP TS 23.003 2.8.2.1 Mapping from GUTI to RAI, P-TMSI and P-TMSI signature */
void guti_to_rai_ptmsi(const ogs_nas_eps_guti_t *nas_guti, ogs_nas_rai_t *rai, mme_p_tmsi_t *ptmsi, uint32_t *ptmsi_sig)
{
rai->lai.nas_plmn_id = nas_guti->nas_plmn_id;
rai->lai.lac = nas_guti->mme_gid;
rai->rac = nas_guti->mme_code;
if (ptmsi)
*ptmsi = 0xC0000000 |
(nas_guti->m_tmsi & 0x3f000000) |
(nas_guti->mme_code & 0x0ff) << 16 |
(nas_guti->m_tmsi & 0x0000ffff);
if (ptmsi_sig)
*ptmsi_sig = (nas_guti->m_tmsi & 0x00ff0000);
}
/* 3GPP TS 23.003 2.8.2.2 Mapping from RAI and P-TMSI to GUTI */
static void rai_ptmsi_to_guti(const ogs_nas_rai_t *rai, mme_p_tmsi_t ptmsi, uint32_t ptmsi_sig, ogs_nas_eps_guti_t *nas_guti)
{
nas_guti->nas_plmn_id = rai->lai.nas_plmn_id;
nas_guti->mme_gid = rai->lai.lac;
nas_guti->mme_code = rai->rac;
nas_guti->m_tmsi = 0xC0000000 | (ptmsi & 0x3f000000) | (ptmsi_sig & 0x00ff0000) | (ptmsi & 0x0000ffff);
}
/* TS 29.060 7.5.3 SGSN Context Request */
void mme_gn_handle_sgsn_context_request(
ogs_gtp_xact_t *xact, ogs_gtp1_sgsn_context_request_t *req)
{
ogs_nas_eps_guti_t nas_guti;
ogs_plmn_id_t plmn_id;
ogs_nas_rai_t rai;
mme_ue_t *mme_ue = NULL;
int rv;
ogs_debug("[Gn] Rx SGSN Context Request");
if (!req->routeing_area_identity.presence) {
ogs_warn("[Gn] Rx SGSN Context Request with no RAI!");
mme_gtp1_send_sgsn_context_response(NULL, OGS_GTP1_CAUSE_MANDATORY_IE_MISSING, xact);
return;
}
if (req->routeing_area_identity.len != sizeof(rai)) {
ogs_warn("[Gn] Rx SGSN Context Request RAI wrong size %u vs exp %zu!",
req->routeing_area_identity.len, sizeof(rai));
mme_gtp1_send_sgsn_context_response(NULL, OGS_GTP1_CAUSE_MANDATORY_IE_INCORRECT, xact);
return;
}
if (!req->tunnel_endpoint_identifier_control_plane.presence) {
ogs_warn("[Gn] Rx SGSN Context Request with no Tunnel Endpoint Identifier Control Plane!");
mme_gtp1_send_sgsn_context_response(NULL, OGS_GTP1_CAUSE_MANDATORY_IE_MISSING, xact);
return;
}
if (!req->sgsn_address_for_control_plane.presence) {
ogs_warn("[Gn] Rx SGSN Context Request with no SGSN Address for Control Plane!");
mme_gtp1_send_sgsn_context_response(NULL, OGS_GTP1_CAUSE_MANDATORY_IE_MISSING, xact);
return;
}
if (!req->imsi.presence &&
!req->temporary_logical_link_identifier.presence &&
!req->packet_tmsi.presence) {
ogs_warn("[Gn] Rx SGSN Context Request with no IMSI/TLLI/P-TMSI!");
mme_gtp1_send_sgsn_context_response(NULL, OGS_GTP1_CAUSE_MANDATORY_IE_MISSING, xact);
return;
}
if (req->ms_validated.presence &&
(req->ms_validated.u8 & 0x01) /* 1=> "Yes" */
&& !req->imsi.presence) {
ogs_warn("[Gn] Rx SGSN Context Request with 'MS Validated' but no IMSI!");
mme_gtp1_send_sgsn_context_response(NULL, OGS_GTP1_CAUSE_MANDATORY_IE_MISSING, xact);
return;
}
memcpy(&rai, req->routeing_area_identity.data, sizeof(rai));
rai.lai.lac = be16toh(rai.lai.lac);
ogs_nas_to_plmn_id(&plmn_id, &rai.lai.nas_plmn_id);
ogs_debug(" RAI[MCC:%u MNC:%u LAC:%u RAC:%u]",
ogs_plmn_id_mcc(&plmn_id), ogs_plmn_id_mnc(&plmn_id),
rai.lai.lac, rai.rac);
if (req->imsi.presence) {
char imsi_bcd[OGS_MAX_IMSI_BCD_LEN+1];
ogs_buffer_to_bcd(req->imsi.data, req->imsi.len, imsi_bcd);
ogs_debug(" IMSI[%s]", imsi_bcd);
mme_ue = mme_ue_find_by_imsi(req->imsi.data, req->imsi.len);
if (!mme_ue)
ogs_warn("[Gn] Rx SGSN Context Request: Unknown UE with IMSI[%s]", imsi_bcd);
} else if (req->packet_tmsi.presence) { /* P-TMSI */
if (!req->p_tmsi_signature.presence) {
ogs_warn("[Gn] Rx SGSN Context Request with 'P-TMSI' but no P-TMSI Signature! Assuming value 0.");
req->p_tmsi_signature.u24 = 0;
}
rai_ptmsi_to_guti(&rai, req->packet_tmsi.u32, req->p_tmsi_signature.u24, &nas_guti);
ogs_debug(" PTMSI[0x%08x] PTMSI_SIG[0x%06x] -> GUTI[G:%d,C:%d,M_TMSI:0x%x]",
req->packet_tmsi.u32, req->p_tmsi_signature.u24,
nas_guti.mme_gid, nas_guti.mme_code, nas_guti.m_tmsi);
mme_ue = mme_ue_find_by_guti(&nas_guti);
if (!mme_ue)
ogs_warn("[Gn] Rx SGSN Context Request: Unknown UE with RAI[MCC:%u MNC:%u LAC:%u RAC:%u] PTMSI[0x%08x] PTMSI_SIG[0x%06x] -> GUTI[G:%d,C:%d,M_TMSI:0x%x]",
ogs_plmn_id_mcc(&plmn_id), ogs_plmn_id_mnc(&plmn_id), rai.lai.lac, rai.rac,
req->packet_tmsi.u32, req->p_tmsi_signature.u24,
nas_guti.mme_gid, nas_guti.mme_code, nas_guti.m_tmsi);
} else if (req->temporary_logical_link_identifier.presence) {
if (!req->p_tmsi_signature.presence) {
ogs_warn("[Gn] Rx SGSN Context Request with 'TLLI' but no P-TMSI Signature! Assuming value 0.");
req->p_tmsi_signature.u24 = 0;
}
/* TS 29.060 7.5.3 "The TLLI/P-TMSI and RAI is a foreign TLLI/P-TMSI and an RAI in the old SGSN."
* A foregin TLLI is "tlli = (p_tmsi & 0x3fffffff) | 0x80000000", and since we only use 0x3fffffff
* bits of P-TMSI to derive the GUTI, it's totally fine passing the TLLI as P-TMSI. */
rai_ptmsi_to_guti(&rai, req->temporary_logical_link_identifier.u32, req->p_tmsi_signature.u24, &nas_guti);
ogs_debug(" TLLI[0x%08x] PTMSI_SIG[0x%06x] -> GUTI[G:%d,C:%d,M_TMSI:0x%x]",
req->temporary_logical_link_identifier.u32, req->p_tmsi_signature.u24,
nas_guti.mme_gid, nas_guti.mme_code, nas_guti.m_tmsi);
mme_ue = mme_ue_find_by_guti(&nas_guti);
if (!mme_ue)
ogs_warn("[Gn] Rx SGSN Context Request: Unknown UE with RAI[MCC:%u MNC:%u LAC:%u RAC:%u] TLLI[0x%08x] PTMSI_SIG[0x%06x] -> GUTI[G:%d,C:%d,M_TMSI:0x%x]",
ogs_plmn_id_mcc(&plmn_id), ogs_plmn_id_mnc(&plmn_id), rai.lai.lac, rai.rac,
req->temporary_logical_link_identifier.u32, req->p_tmsi_signature.u24,
nas_guti.mme_gid, nas_guti.mme_code, nas_guti.m_tmsi);
}
if (!mme_ue) {
mme_gtp1_send_sgsn_context_response(NULL, OGS_GTP1_CAUSE_IMSI_IMEI_NOT_KNOWN, xact);
return;
}
mme_ue->gn.sgsn_gn_teid = req->tunnel_endpoint_identifier_control_plane.u32;
rv = ogs_gtp1_gsn_addr_to_ip(req->sgsn_address_for_control_plane.data,
req->sgsn_address_for_control_plane.len,
&mme_ue->gn.sgsn_gn_ip);
ogs_assert(rv == OGS_OK);
if (req->alternative_sgsn_address_for_control_plane.presence) {
rv = ogs_gtp1_gsn_addr_to_ip(req->alternative_sgsn_address_for_control_plane.data,
req->alternative_sgsn_address_for_control_plane.len,
&mme_ue->gn.sgsn_gn_ip_alt);
ogs_assert(rv == OGS_OK);
}
/* 3GPP TS 23.401 Annex D.3.5 "Routing Area Update":
* Step 2. "If the old P-TMSI Signature was valid or if the new SGSN indicates that it has authenticated the MS,
* the old SGSN starts a timer."
*/
ogs_timer_start(mme_ue->gn.t_gn_holding, mme_timer_cfg(MME_TIMER_GN_HOLDING)->duration);
mme_gtp1_send_sgsn_context_response(mme_ue, OGS_GTP1_CAUSE_REQUEST_ACCEPTED, xact);
}
static mme_sess_t *mme_ue_session_from_gtp1_pdp_ctx(mme_ue_t *mme_ue, const ogs_gtp1_pdp_context_decoded_t *gtp1_pdp_ctx)
{
mme_sess_t *sess = NULL;
mme_bearer_t *bearer = NULL;
const ogs_gtp1_qos_profile_decoded_t *qos_pdec = &gtp1_pdp_ctx->qos_sub;
uint8_t pti = 1; /* Default PTI : 1 */
uint8_t qci = 0;
ogs_session_t *ogs_sess;
ogs_sess = mme_session_find_by_apn(mme_ue, gtp1_pdp_ctx->apn);
if (!ogs_sess) {
ogs_assert(mme_ue->num_of_session < OGS_MAX_NUM_OF_SESS);
ogs_sess = &mme_ue->session[mme_ue->num_of_session];
mme_ue->num_of_session++;
ogs_sess->name = ogs_strdup(gtp1_pdp_ctx->apn);
}
ogs_sess->smf_ip = gtp1_pdp_ctx->ggsn_address_c;
ogs_sess->context_identifier = gtp1_pdp_ctx->pdp_ctx_id;
ogs_sess->session_type = gtp1_pdp_ctx->pdp_type_num[0];
ogs_sess->ue_ip = gtp1_pdp_ctx->pdp_address[0];
/* TODO: sess->paa with gtp1_pdp_ctx->pdp_address[0],
using/implementing ogs_gtp2_ip_to_paa ? */
ogs_ip_to_paa(&ogs_sess->ue_ip, &ogs_sess->paa);
/* 3GPP TS 23.060 section 9.2.1A: "The QoS profiles of the PDP context and EPS bearer are mapped as specified in TS 23.401"
* 3GPP TS 23.401 Annex E: "Mapping between EPS and Release 99 QoS parameters"
*/
ogs_gtp1_qos_profile_to_qci(qos_pdec, &qci);
ogs_sess->qos.index = qci;
ogs_sess->qos.arp.priority_level = qos_pdec->qos_profile.arp; /* 3GPP TS 23.401 Annex E Table E.2 */
ogs_sess->qos.arp.pre_emption_capability = 0; /* ignored as per 3GPP TS 23.401 Annex E */
ogs_sess->qos.arp.pre_emption_vulnerability = 0; /* ignored as per 3GPP TS 23.401 Annex E */
if (qos_pdec->data_octet6_to_13_present) {
ogs_sess->ambr.downlink = qos_pdec->dec_mbr_kbps_dl * 1000;
ogs_sess->ambr.uplink = qos_pdec->dec_mbr_kbps_ul * 1000;
}
sess = mme_sess_find_by_pti(mme_ue, pti);
if (!sess) {
sess = mme_sess_add(mme_ue, pti);
ogs_assert(sess);
}
sess->session = ogs_sess;
sess->pgw_s5c_teid = gtp1_pdp_ctx->ul_teic;
sess->pgw_s5c_ip = gtp1_pdp_ctx->ggsn_address_c;
switch (ogs_sess->session_type) {
case OGS_PDU_SESSION_TYPE_IPV4:
sess->request_type.type = OGS_NAS_EPS_PDN_TYPE_IPV4;
break;
case OGS_PDU_SESSION_TYPE_IPV6:
sess->request_type.type = OGS_NAS_EPS_PDN_TYPE_IPV6;
break;
case OGS_PDU_SESSION_TYPE_IPV4V6:
sess->request_type.type = OGS_NAS_EPS_PDN_TYPE_IPV4V6;
break;
}
sess->request_type.value = OGS_NAS_EPS_REQUEST_TYPE_INITIAL;
/* NSAPI = EBI: 3GPP TS 23.401 5.2.1, TS 23.060 14.4A */
bearer = mme_bearer_find_by_sess_ebi(sess, gtp1_pdp_ctx->nsapi);
if (!bearer) {
bearer = mme_default_bearer_in_sess(sess);
if (!bearer) {
bearer = mme_bearer_add(sess);
ogs_assert(bearer);
}
}
bearer->pgw_s5u_teid = gtp1_pdp_ctx->ul_teid;
bearer->pgw_s5u_ip = gtp1_pdp_ctx->ggsn_address_u;
/* Send invalid Remote Address and TEID since it makes no sense that SGW
* forwards GTPUv2 traffic to SGSN: */
bearer->enb_s1u_ip.ipv4 = 1;
bearer->enb_s1u_ip.addr = 0;
bearer->enb_s1u_teid = 0xffffffff;
return sess;
}
/* TS 29.060 7.5.4 SGSN Context Response */
int mme_gn_handle_sgsn_context_response(
ogs_gtp_xact_t *xact, mme_ue_t *mme_ue, ogs_gtp1_sgsn_context_response_t *resp)
{
int rv;
int gtp1_cause, emm_cause = OGS_NAS_EMM_CAUSE_NETWORK_FAILURE;
char imsi_bcd[OGS_MAX_IMSI_BCD_LEN+1];
ogs_gtp1_mm_context_decoded_t gtp1_mm_ctx;
ogs_gtp1_pdp_context_decoded_t gtp1_pdp_ctx;
mme_sess_t *sess = NULL;
uint8_t ret_cause = OGS_GTP1_CAUSE_REQUEST_ACCEPTED;
ogs_debug("[Gn] Rx SGSN Context Response");
rv = ogs_gtp_xact_commit(xact);
if (rv != OGS_OK) {
ogs_error("ogs_gtp_xact_commit() failed");
return OGS_GTP1_CAUSE_SYSTEM_FAILURE;
}
if (!mme_ue) {
ogs_error("MME-UE Context has already been removed");
return OGS_GTP1_CAUSE_IMSI_IMEI_NOT_KNOWN;
}
switch (resp->cause.u8) {
case OGS_GTP1_CAUSE_REQUEST_ACCEPTED:
break; /* Handle below */
case OGS_GTP1_CAUSE_TGT_ACC_RESTRICTED_SUBSCRIBER:
emm_cause = OGS_NAS_EMM_CAUSE_REQUESTED_SERVICE_OPTION_NOT_AUTHORIZED_IN_THIS_PLMN;
break;
case OGS_GTP1_CAUSE_IMSI_IMEI_NOT_KNOWN:
case OGS_GTP1_CAUSE_SYSTEM_FAILURE:
case OGS_GTP1_CAUSE_MANDATORY_IE_INCORRECT:
case OGS_GTP1_CAUSE_MANDATORY_IE_MISSING:
case OGS_GTP1_CAUSE_OPTIONAL_IE_INCORRECT:
case OGS_GTP1_CAUSE_INVALID_MESSAGE_FORMAT:
case OGS_GTP1_CAUSE_P_TMSI_SIGNATURE_MISMATCH:
default:
emm_cause = OGS_NAS_EMM_CAUSE_NETWORK_FAILURE;
break;
}
if (resp->cause.u8 != OGS_GTP1_CAUSE_REQUEST_ACCEPTED) {
ogs_error("[Gn] Rx SGSN Context Response cause:%u", resp->cause.u8);
rv = nas_eps_send_tau_reject(mme_ue->enb_ue, mme_ue, emm_cause);
return OGS_GTP1_CAUSE_SYSTEM_FAILURE;
}
if (!resp->imsi.presence) {
ogs_error("[Gn] Rx SGSN Context Response with no IMSI!");
gtp1_cause = OGS_GTP1_CAUSE_MANDATORY_IE_MISSING;
goto nack_and_reject;
}
ogs_buffer_to_bcd(resp->imsi.data, resp->imsi.len, imsi_bcd);
ogs_info(" IMSI[%s]", imsi_bcd);
mme_ue_set_imsi(mme_ue, imsi_bcd);
if (!resp->tunnel_endpoint_identifier_control_plane.presence) {
ogs_error("[Gn] Rx SGSN Context Response with no Tunnel Endpoint Identifier Control Plane!");
gtp1_cause = OGS_GTP1_CAUSE_MANDATORY_IE_MISSING;
goto nack_and_reject;
}
mme_ue->gn.sgsn_gn_teid = resp->tunnel_endpoint_identifier_control_plane.u32;
if (!resp->mm_context.presence) {
ogs_error("[Gn] Rx SGSN Context Response with no MM Context!");
gtp1_cause = OGS_GTP1_CAUSE_MANDATORY_IE_MISSING;
goto nack_and_reject;
}
if (!resp->pdp_context.presence) {
ogs_error("[Gn] Rx SGSN Context Response with no PDP Context!");
gtp1_cause = OGS_GTP1_CAUSE_MANDATORY_IE_MISSING;
goto nack_and_reject;
}
rv = ogs_gtp1_parse_mm_context(&gtp1_mm_ctx, &resp->mm_context);
if (rv != OGS_OK) {
ogs_error("[Gn] Rx SGSN Context Response: Failed parsing MM Context");
gtp1_cause = OGS_GTP1_CAUSE_MANDATORY_IE_INCORRECT;
goto nack_and_reject;
}
rv = ogs_gtp1_parse_pdp_context(&gtp1_pdp_ctx, &resp->pdp_context);
if (rv != OGS_OK) {
ogs_error("[Gn] Rx SGSN Context Response: Failed parsing PDP Context");
gtp1_cause = OGS_GTP1_CAUSE_MANDATORY_IE_INCORRECT;
goto nack_and_reject;
}
if (gtp1_mm_ctx.imeisv_len > 0) {
memcpy(&mme_ue->nas_mobile_identity_imeisv, &gtp1_mm_ctx.imeisv[0],
ogs_min(gtp1_mm_ctx.imeisv_len, sizeof(mme_ue->nas_mobile_identity_imeisv)));
} else {
/* 3GPP TS 23.401 D3.6: we need to request IMEI to the UE over EUTRAN */
ret_cause = OGS_GTP1_CAUSE_REQUEST_IMEI;
}
mme_ue->ms_network_capability.length = gtp1_mm_ctx.ms_network_capability_len;
if (gtp1_mm_ctx.ms_network_capability_len > 0)
memcpy(((uint8_t*)&mme_ue->ms_network_capability)+1, &gtp1_mm_ctx.ms_network_capability[0],
ogs_min(gtp1_mm_ctx.ms_network_capability_len, sizeof(mme_ue->ms_network_capability) - 1));
/* TODO: how to fill first byte of mme_ue->ms_network_capability ? */
mme_ue->nas_eps.ksi = gtp1_mm_ctx.ksi;
/* 3GPP TS 33.401 A.10, A.11: */
mme_ue->noncemme = ogs_random32();
/* 3GPP TS 33.401 7.2.6.2 Establishment of keys for cryptographically protected radio bearers: */
/* See also 3GPP TS 33.401 9.1.2 */
ogs_kdf_kasme_idle_mobility(gtp1_mm_ctx.ck, gtp1_mm_ctx.ik, mme_ue->nonceue, mme_ue->noncemme, mme_ue->kasme);
ogs_kdf_kenb(mme_ue->kasme, mme_ue->ul_count.i32, mme_ue->kenb);
ogs_kdf_nh_enb(mme_ue->kasme, mme_ue->kenb, mme_ue->nh);
mme_ue->nhcc = 1;
if (gtp1_mm_ctx.num_vectors > 0) {
mme_ue->xres_len = gtp1_mm_ctx.auth_quintuplets[0].xres_len;
memcpy(mme_ue->xres, gtp1_mm_ctx.auth_quintuplets[0].xres, mme_ue->xres_len);
memcpy(mme_ue->rand, gtp1_mm_ctx.auth_quintuplets[0].rand, OGS_RAND_LEN);
memcpy(mme_ue->autn, gtp1_mm_ctx.auth_quintuplets[0].autn, OGS_AUTN_LEN);
}
sess = mme_ue_session_from_gtp1_pdp_ctx(mme_ue, &gtp1_pdp_ctx);
rv = mme_gtp1_send_sgsn_context_ack(mme_ue, OGS_GTP1_CAUSE_REQUEST_ACCEPTED, xact);
mme_gtp_send_create_session_request(sess, OGS_GTP_CREATE_IN_TRACKING_AREA_UPDATE);
return ret_cause;
nack_and_reject:
rv = mme_gtp1_send_sgsn_context_ack(mme_ue, gtp1_cause, xact);
ogs_info("[%s] TAU Reject [OGS_NAS_EMM_CAUSE:%d]", mme_ue->imsi_bcd, emm_cause);
rv = nas_eps_send_tau_reject(mme_ue->enb_ue, mme_ue, emm_cause);
return OGS_GTP1_CAUSE_SYSTEM_FAILURE;
}
/* TS 29.060 7.5.5 SGSN Context Acknowledge */
void mme_gn_handle_sgsn_context_acknowledge(
ogs_gtp_xact_t *xact, mme_ue_t *mme_ue, ogs_gtp1_sgsn_context_acknowledge_t *req)
{
int rv;
ogs_debug("[Gn] Rx SGSN Context Acknowledge");
rv = ogs_gtp_xact_commit(xact);
if (rv != OGS_OK) {
ogs_error("ogs_gtp_xact_commit() failed");
return;
}
if (!mme_ue) {
ogs_error("MME-UE Context has already been removed");
return;
}
/* 3GPP TS 23.060 6.9.1.2.2 Step 4), 3GPP TS 23.401 D.3.5 Step 4)
* The new SGSN sends an SGSN Context Acknowledge message to the old SGSN. The old MME (which is the old
* SGSN from the new SGSN's point of view) marks in its context that the information in the GWs and the HSS are
* invalid. This triggers the GWs, and the HSS to be updated if the UE initiates a Tracking Area Update procedure
* back to the old MME before completing the ongoing Routing Area Update procedure. If the security functions do
* not authenticate the MS correctly, then the routing area update shall be rejected, and the new SGSN shall send a
* reject indication to the old SGSN. The old MME shall continue as if the SGSN Context Request was never
* received.
* "NOTE 6: The new SGSN's operation is unmodified compared to pre-Rel-8. The old MME/S-GW (old SGSN from
* the new SGSN's point of view) does not forward any data towards the new SGSN." "*/
if (req->cause.u8 != OGS_GTP1_CAUSE_REQUEST_ACCEPTED) {
ogs_timer_stop(mme_ue->gn.t_gn_holding);
return;
}
/* 3GPP TS 23.060 6.9.1.2.2 Step 13)
* "If the old MME has an S1-MME association for the UE, the source MME sends a S1-U Release Command to the
* source eNodeB when receiving the SGSN Context Acknowledge message from the new SGSN. The RRC
* connection is released by the source eNodeB. The source eNodeB confirms the release of the RRC connection
* and of the S1-U connection by sending a S1-U Release Complete message to the source MME."
*/
if (mme_ue->enb_ue) {
rv = s1ap_send_ue_context_release_command(mme_ue->enb_ue,
S1AP_Cause_PR_nas, S1AP_CauseNas_normal_release,
S1AP_UE_CTX_REL_S1_REMOVE_AND_UNLINK, 0);
ogs_expect(rv == OGS_OK);
}
}
/* TS 29.060 7.5.14.1 */
void mme_gn_handle_ran_information_relay(
ogs_gtp_xact_t *xact, ogs_gtp1_ran_information_relay_t *req)
{
uint8_t discr;
ogs_eps_tai_t *target_tai;
S1AP_Global_ENB_ID_t global_ENB_ID;
uint32_t target_enb_id;
mme_enb_t *target_enb = NULL;
int rv;
ogs_debug("[Gn] Receiving RAN Information Relay");
if (req->ran_transparent_container.len == 0 ||
req->ran_transparent_container.data == NULL) {
ogs_warn("[Gn] Receiving RAN Information Relay with empty container!");
return;
}
/* "If RIM Routing Address Discriminator IE is not included, the RIM Routing
* Address shall be processed as an RNC identifier". Hence, not for us! */
if (req->rim_routing_address_discriminator.presence == false) {
ogs_warn("[Gn] Rx RAN Information Relay: no RIM Routing Address Discriminator!");
return;
}
if (req->rim_routing_address_discriminator.len != 1) {
ogs_warn("[Gn] Rx RAN Information Relay: RIM Routing Address Discriminator len != 1");
return;
}
/* 3GPP TS 48.018 RIM Routing Information IE */
discr = *((uint8_t*)req->rim_routing_address_discriminator.data) & 0x0f;
if (discr != 2) {/* 2: An eNB identifier is used to identify an E-UTRAN eNodeB or HeNB */
ogs_warn("[Gn] Rx RAN Information Relay: RIM Routing Address Discriminator %u unexpected", discr);
return;
}
if (req->rim_routing_address.presence == false) {
ogs_warn("[Gn] Rx RAN Information Relay: no RIM Routing Address!");
return;
}
if (req->rim_routing_address.len < sizeof(ogs_eps_tai_t)) {
ogs_warn("[Gn] Rx RAN Information Relay: RIM Routing Address len < %zu", sizeof(ogs_eps_tai_t));
return;
}
target_tai = req->rim_routing_address.data;
rv = decode_global_enb_id(&global_ENB_ID,
((uint8_t *)req->rim_routing_address.data) + sizeof(ogs_eps_tai_t),
req->rim_routing_address.len - sizeof(ogs_eps_tai_t));
if (rv != OGS_OK)
return;
ogs_s1ap_ENB_ID_to_uint32(&global_ENB_ID.eNB_ID, &target_enb_id);
ogs_debug(" Target : ENB_ID[%s:%d], TAC[%d]",
global_ENB_ID.eNB_ID.present ==
S1AP_ENB_ID_PR_homeENB_ID ? "Home" :
global_ENB_ID.eNB_ID.present ==
S1AP_ENB_ID_PR_macroENB_ID ? "Macro" : "Others",
target_enb_id, target_tai->tac);
target_enb = mme_enb_find_by_enb_id(target_enb_id);
if (target_enb == NULL) {
ogs_warn("[Gn] Rx RAN Information Relay: cannot find target eNB-id[0x%x]", target_enb_id);
return;
}
s1ap_send_mme_direct_information_transfer(
target_enb,
req->ran_transparent_container.data,
req->ran_transparent_container.len);
}
Reference in New Issue View Git Blame Copy Permalink