Commit graph

486 commits

Author SHA1 Message Date
Arthur Chan
ec6b76dccf OSS-Fuzz: Create new fuzzers targets sbi processing
Some checks are pending
Meson Continuous Integration / Build and Test on Ubuntu Latest (push) Waiting to run
Signed-off-by: Arthur Chan <arthur.chan@adalogics.com>
2026-06-25 07:49:17 +09:00
Arthur Chan
ef50ce562a OSS-Fuzz: Add two new fuzzers target pfcp and nas-5gs message processing
Some checks failed
Meson Continuous Integration / Build and Test on Ubuntu Latest (push) Has been cancelled
Signed-off-by: Arthur Chan <arthur.chan@adalogics.com>
2026-06-24 07:21:48 +09:00
Arthur Chan
de50a1568f OSS-Fuzz: Add new fuzzer targets s1ap message processing
Some checks are pending
Meson Continuous Integration / Build and Test on Ubuntu Latest (push) Waiting to run
Signed-off-by: Arthur Chan <arthur.chan@adalogics.com>
2026-06-23 08:38:52 +09:00
Arthur Chan
60e43ece0b OSS-Fuzz: Add new fuzzer targets ngap message processing
Some checks failed
Meson Continuous Integration / Build and Test on Ubuntu Latest (push) Has been cancelled
Signed-off-by: Arthur Chan <arthur.chan@adalogics.com>
2026-06-20 22:21:43 +09:00
Sukchan Lee
157f611a53 packaging: finalize v2.8.0 release
Some checks are pending
Meson Continuous Integration / Build and Test on Ubuntu Latest (push) Waiting to run
- Update Debian package descriptions for Release 19
- Correct the libmongoc count API version guard
- Refresh Ubuntu package revisions
- Update release announcement metadata
2026-06-20 13:10:28 +09:00
Sukchan Lee
c9e1fbb391 Release v2.8.0
- Add Release 19 announcement
- Update Ubuntu package revisions
- Support MongoDB C Driver 1.x and 2.x
- Use version-appropriate collection count APIs in tests
2026-06-20 12:39:48 +09:00
Sukchan Lee
ed660b1b15 gtp: update TLV definitions to Rel-19
Regenerate GTPv1 and GTPv2 TLV message definitions from the latest
Release 19 3GPP specifications.

For GTPv1, update the generator and regenerate message definitions from
TS 29.060 V19.0.0. The generator now handles the unmodified Word document
without manual table-cell edits, including merged table cells and reference
values with suffixes such as 7.7.25A, 7.7.25B, and 7.7.45A.

For GTPv2, update the generator and regenerate message definitions from
TS 29.274 V19.6.0. This adds new Rel-19 IEs, updates changed message and
grouped IE definitions, and improves parsing of aliases such as APCO, LDN,
IP4CP, and PTI.

Also update the TLV regeneration documentation for GTPv1 and GTPv2.
2026-06-17 13:14:13 +09:00
Sukchan Lee
21ef6bd350 merge main branch 2026-06-10 09:07:45 +09:00
Sukchan Lee
82956da7b8 s1ap, ngap: migrate ASN.1 generated code to R19
Some checks failed
Meson Continuous Integration / Build and Test on Ubuntu Latest (push) Has been cancelled
Regenerate the S1AP and NGAP ASN.1 sources from the R19 specifications
using the updated asn1c generator.

The newer generator represents several constructed ASN.1 values as
pointers, including CHOICE alternatives, protocolIEs containers, and
SEQUENCE OF/SET OF list wrappers. Update MME, AMF, and related tests to
allocate these members explicitly, assign pointer-backed alternatives,
and access ASN.1 lists through OGS_ASN_LIST_COUNT() and
OGS_ASN_LIST_GET().

Add helper routines for descriptor-based allocation of constructed ASN.1
values and protocolIEs containers, so protocol code no longer depends on
the old embedded-structure layout.
2026-05-04 08:46:47 +09:00
Sukchan Lee
80c79a5819 sbi: update SBI implementation to 3GPP Release-19
- Update OpenAPI models to Release-19 specifications
- Refactor SBI handling to use OpenAPI_service_name_e
- Replace service type based logic with service name based handling
- Introduce service_name_array for per-service NF instance caching
- Add support for special/internal service names (e.g. namf-callback)
- Update NRF discovery handling across all NFs
- Validate SearchResult fields before processing
- Remove legacy service-type dependencies

This change aligns the SBI implementation with Release-19
specifications and simplifies service name based routing.
2026-04-06 17:55:54 +09:00
Sukchan Lee
231b0e4721 amf/ngap: use ogs_warn for missing RAN UE context
Also update tests to use unique SUCI values.
2026-03-15 20:09:43 +09:00
Sukchan Lee
93319c1a8e mme: remove old IMSI hash entry before overwriting UE IMSI
When mme_ue_set_imsi() updates an existing UE IMSI, the previous
code overwrote mme_ue->imsi before removing the old hash entry.

As a result, the old IMSI key could remain in imsi_ue_hash and keep
pointing to the same mme_ue object. After the UE context was removed,
a later lookup by the stale IMSI key could return an invalid context
and trigger a fatal path during re-attach handling.

Remove the old IMSI hash entry before updating mme_ue->imsi, then
register the new IMSI after the update.

Issues: #4357
2026-03-13 22:07:09 +09:00
Sukchan Lee
783b1dc26f sbi: avoid duplicate NF status subscriptions and clean up local entries on DELETE
This patch addresses a potential subscription_data pool exhaustion
issue observed during repeated NF re-registration with the NRF.

Two improvements are introduced:

1) Prevent duplicate NF status subscriptions
   Before sending a new NF status subscription request, the code now
   checks whether an equivalent subscription already exists in the
   local subscription_data list. If a matching subscription (based on
   req_nf_instance_id and subscr_cond) is found and it is not already
   marked with DELETE_SENT, the new subscription request is skipped.

   This prevents repeated subscription creation during re-registration
   loops.

2) Ensure local cleanup after DELETE response
   When handling HTTP DELETE responses for NF status subscriptions,
   the local subscription_data entry is now removed regardless of the
   response status. Previously, the entry was only removed on
   HTTP 204 (No Content), which could leave stale entries in the local
   list when the NRF returned other statuses (e.g., 404).

   Keeping stale entries could lead to unbounded growth of
   subscription_data and eventual pool exhaustion.

Additionally, successful DELETE operations are logged to improve
debugging visibility.

This change affects all NF state machines that handle subscription
DELETE responses (AMF, AUSF, BSF, NSSF, PCF, SCP, SEPP, SMF, UDM, UDR,
and AF test code).

Issues: #4207
2026-03-13 16:46:00 +09:00
akos011221
6cc627c485 upf: Implement UE-to-UE hairpin in the GTP-U path
When traffic from UE is destined to an other UE on the same UPF, the packet shouldn't be sent to the TUN interface, but should be re-encapsulated and forwarded via the destination UE's GTP-U tunnel.

Before, in the gtp-path.c, there was a TODO placeholder for this. Logic:
- Look up the destination UE session by inner packet dest IP
- Find a matching downlink PDR with FAR
- Fall back to lowest precedence PDR
- URR accounting
- Buffering and dowlink data reporting

Additionally, the multi-ue-test was extended with each UE pinging the next UE.

Signed-off-by: akos011221 <orbanakos2001@gmail.com>
2026-02-26 06:07:35 +09:00
Sukchan Lee
d1c5ece759 [mme] Use bitmap-based EBI management to avoid bearer allocation crash
When bearer contexts are migrated between MME-UE objects during UE
context relocation (OLD UE -> NEW UE), the existing ogs_pool-based
EBI tracking could become inconsistent.

In mme_ue_set_imsi(), bearer->ebi_node was freed from the old UE pool
without reserving the same EBI in the new UE context. This allowed
duplicate allocations and eventually exhausted the EBI pool (5..15),
triggering a fatal assertion in mme_bearer_add().

This patch replaces the pool-node based EBI handling with a bitmap
allocator, which is safe across UE context migration and supports
explicit EBI reservation.

Also update related test cases to match the new allocation order.

Fixes: #4294
2026-02-02 22:22:56 +09:00
Gaber Stare
7d0026e24e [SBI] Fix double-free
Bug:

A double-free scenario in the error handling path:

When ogs_sbi_send_request_with_sepp_discovery failed, it called
ogs_sbi_xact_remove(xact) internally.
The function then returned false to its caller. The caller
(smf_sbi_discover_and_send) also called ogs_sbi_xact_remove(xact)
on failure.
This caused the discovery_option structure to be freed twice,
leading to the valgrind error:
```
==90== Invalid read of size 8
==90==    at 0x49AFBB6: ogs_sbi_discovery_option_free (message.c:3633)
==90==    by 0x49CC100: ogs_sbi_xact_remove (context.c:2674)
==90==    by 0x407DDDC: smf_sbi_discover_and_send (sbi-path.c:392)
```

Fix:

Now the function follows proper resource ownership semantics:
the caller who creates the transaction is responsible for cleanup
when the function fails, making the error handling consistent and
preventing double-free issues.

Added missing cleanup to ogs_sbi_send_request_to_nf_instance and
af_sbi_discover_and_send.
2026-01-31 20:17:58 +09:00
Sukchan Lee
73676a73e6 amf: ignore late SDM_SUBSCRIPTIONS DELETE during re-registration
Fix an AMF crash when a UE sends a new Registration Request immediately
after UE-initiated Deregistration.

In this scenario, SM Context release and SDM subscription DELETE requests
are triggered during deregistration, but their SBI responses may arrive
later while the AMF is already handling a subsequent Registration Request
(Integrity Protected).

Previously, late SDM_SUBSCRIPTIONS DELETE responses were processed in
unexpected GMM states (registered, authentication, initial-context-setup),
leading to ogs_assert_if_reached() and AMF crashes.

This commit changes the behavior to explicitly ignore late
SDM_SUBSCRIPTIONS DELETE responses in such states, treating them as stale
and non-actionable. Fatal assertions in these paths are replaced with
warnings to prevent crashes caused by valid out-of-order SBI responses.

The fix is covered by a new regression test reproducing issue #4209,
including scenarios with and without active PDU sessions.
2026-01-23 11:24:06 +09:00
Sukchan Lee
8c8b51790d amf,mme: Reject authentication after repeated synch failures
Limit authentication retries on repeated synchronization failures.

When the UE reports consecutive authentication failures with
"synchronization failure" cause, AMF and MME now track the failure
count per authentication procedure and send AUTHENTICATION REJECT
after two attempts, instead of retrying indefinitely.

The counter is reset on authentication state entry.

This aligns the behavior with 3GPP authentication procedures and
prevents infinite authentication loops caused by persistent
synchronization failures.

Issues: #4238
2026-01-14 16:01:43 +09:00
Sukchan Lee
782a97efe9 Fix DNN Operator-Identifier format and refactor OI parsing for HR roaming interop
Align full-DNN construction with 3GPP TS 23.003 §9.1.2 by switching the
Operator Identifier format from "5gc.mncXXX.mccYYY.3gppnetwork.org" to
"mncXXX.mccYYY.gprs". Introduce new helper utilities to extract and build
OI (Operator Identifier) from both PLMN-ID and FQDN, and replace the
legacy `ogs_home_network_domain_from_fqdn()` usage in AMF/SMF/PCF paths.

This resolves DNN misalignment in vSMF–hSMF PDU Session Create that
caused interop issues with external 5G core vendors during HR roaming.

Includes updates across AMF/SMF/PCF, unit tests, and supporting helpers.

Issues: #4096
2025-12-06 22:23:34 +09:00
Sukchan Lee
964b5f0e73 amf: Preserve RAN-UE association across asynchronous SBI responses
This patch introduces assoc_id[] to ogs_sbi_xact_t and stores a snapshot
of the RAN-UE ID (AMF_ASSOC_RAN_UE_ID) when the AMF sends SBI requests
to SMF/PCF. Since the RAN-NG context may change (e.g., during NG
Context release or RRC re-establishment) before the asynchronous SBI
response arrives, relying on sess->ran_ue_id can lead to incorrect
context resolution. The transaction-level snapshot ensures that AMF
uses the correct RAN-UE when handling SBI responses.

Key changes:
- Added assoc_id[] array to ogs_sbi_xact_t.
- Stored RAN-UE snapshot for SBI Client operations.
- Updated AMF handlers (amf-sm, nsmf-handler, nnssf-handler,
  nnrf-handler, sbi-path) to use xact->assoc_id[] instead of
  sess->ran_ue_id for SBI Client responses.
- Updated NAMF handlers to continue using sess->ran_ue_id since they
  operate in SBI Server mode and have no transaction snapshot.
- Refactored function signatures to pass amf_ue and ran_ue explicitly.
- Added detailed comments to sess->ran_ue_id explaining the distinction
  between SBI Client and SBI Server behavior.
- Updated test cases and added the new issues4174 test.

This resolves the race where RAN-UE context changes between SBI request
and response, ensuring correct session processing and eliminating
RAN-UE lookup failures during asynchronous callbacks.

Issues #4174
2025-11-26 17:17:16 +09:00
Bostjan Meglic
a9a16ae982 [tests] fix compiler warnings when used with latest GCC
Compiled with GCC version 15.2.0 found in Ubuntu 25.10.

warning: initializer-string for array of 'unsigned char' truncates NUL
terminator but destination lacks 'nonstring' attribute (17 chars into 16
available) [-Wunterminated-string-initialization]
2025-11-13 06:40:18 +09:00
Sukchan Lee
4642ef5a18 mme: Delete session when default E-RAB setup fails
When the MME receives an E-RAB Setup Response with failure for the
default bearer, the PDN session remains in MME/SGWC context even
though it was never activated. As a result, when the UE retries
PDN Connectivity Request for the same APN, the MME prints
"APN duplicated [ims]" and rejects the request.

This patch fixes the issue by sending a Delete Session Request
toward SGWC when the default E-RAB setup fails. The failed PDN
session is then removed, allowing the UE to reattempt PDN
connectivity for the same APN.

Added a new regression test (test_issues4141_func) that reproduces
the scenario:
 - First PDN Connectivity Request for IMS fails (E-RAB setup failure)
 - MME sends Delete Session Request
 - Second PDN Connectivity Request for IMS succeeds normally

Issue: #4141
2025-11-06 21:36:56 +09:00
Sukchan Lee
fd897f35a3 MME: handle EPS Bearer Context Status mismatch when active_flag=0 (#4112)
When the UE sends a Tracking Area Update (TAU) Request with active_flag=0,
the MME previously sent TAU Accept without verifying the EPS Bearer Context
Status (EBCS). This caused stale bearer sessions to remain in the MME even
if the UE had already released them.

According to 3GPP TS 24.301 §5.5.3.2, the MME should release any bearer
not reported in the UE’s EBCS when active_flag=0. This patch introduces
mme_send_delete_session_or_tau_accept(), which compares the UE’s EBCS bitmask
with the MME session list and deletes any missing default bearer session
before sending TAU Accept.

If no mismatch is found, TAU Accept is sent immediately. The Delete Session
response triggers TAU Accept when deletions are required. This ensures that
the TAU Accept message reflects the UE’s current bearer context accurately.

Also includes:
 - Added OGS_GTP_DELETE_SEND_TAU_ACCEPT handling in mme-s11-handler.c
 - Simplified EBCS structure (uint16_t value) for bitmask comparison
 - Updated TAU-related tests with realistic EBI bitmasks (0x20, 0x60)

This change aligns TAU handling with 3GPP 24.301 and prevents bearer
mismatch issues between UE and EPC during TAU.
2025-10-16 21:46:38 +09:00
Sukchan Lee
3978db2fa6 [AMF] Fix crash on malformed NGSetupRequest PLMNIdentity
When the NGSetupRequest contains an invalid GlobalRANNodeID or
BroadcastPLMNItem with a malformed PLMNIdentity, the AMF previously
performed memcpy() without checking the buffer size. This could lead
to invalid memory access and crash.

Fix by validating PLMNIdentity size against sizeof(ogs_plmn_id_t) and
sending NGSetupFailure with CauseProtocol_semantic_error if invalid.

Also add regression tests:
- Build malformed NGSetupRequest with incorrect PLMNIdentity size
- Verify AMF does not crash and returns NGSetupFailure

This resolves the crash reported in issue #4087.
2025-09-23 23:08:42 +09:00
Sukchan Lee
7b75746fe8 [HR] Support Xn/N2 handover for Home-Routed Roaming (Direct Forwarding only) (#2194)
This commit adds Xn and N2 handover procedures to the Home-Routed Roaming code.
Direct forwarding is now fully operational.

Indirect forwarding for N2 handovers is not yet supported.

To preserve the GTP-U header and extension header (even without QER)
along the source gNB -> V-UPF -> target gNB path, future work will create
PDRs without Outer Header Removal IE and FARs without Outer Header Creation IE
and implement the necessary UPF logic.
2025-07-14 22:03:32 +09:00
Sukchan Lee
94cf8ee0e0 [HR] Implement handling of UE-initiated PDU Session Modification (#2194)
This commit consolidates the entire ue-mod feature branch
into a single update on top of the latest home-routed code.
2025-06-30 10:07:06 +09:00
Sukchan Lee
932101b919 Merge branch 'main' into home-routed 2025-06-30 10:02:57 +09:00
Sukchan Lee
db0196cba7 [AMF] Skip unprovisioned sessions to prevent premature error indication (#3951)
In the previous implementation, the AMF would send a Partial-handover error
indication whenever it encountered a session not found in the subscriber DB,
even if valid sessions remained. This resulted in unexpected error responses
during NG handover.

To resolve this, we record the initial SMF transaction count before iterating
through the UE session list. Sessions without a valid SMF context now produce
a warning and are skipped, while continuing to send Handover Notify messages
for provisioned sessions. After processing, we compare the SMF transaction
count to the initial value. If no valid sessions were handled, we send a
Partial-handover error indication.

With this change, unprovisioned sessions no longer trigger a premature error
indication, allowing valid PDU sessions to complete NG handover successfully.
2025-06-27 15:22:08 +09:00
Sukchan Lee
f0005164a2 Merge branch 'main' into home-routed 2025-06-01 16:54:26 +09:00
Sukchan Lee
2daa44adab [SMF] Include N2 ACK for unchanged tunnel on repeated PathSwitchRequest (#3909)
Fix missing N2 signaling when tunnel information is unchanged,
causing AMF crash on repeated PathSwitchRequest

When a second PathSwitchRequest arrives without any tunnel changes,
the handler previously returned HTTP 204 No Content and omitted N2 information.

This led to a fatal assertion in the AMF SM context, since it expected
to receive updated N2 data even when the tunnel remained the same.

This patch modifies ngap_handle_path_switch_request_transfer to build
and send the N2 SM buffer in the “else” branch.

It calls ngap_build_path_switch_request_ack_transfer to construct
the Path Switch Request Acknowledge N2 message and then delivers it
with smf_sbi_send_sm_context_updated_data_n2smbuf.

A new test case is also added to verify that N2 signaling is correctly
transmitted when tunnel parameters have not changed.
2025-06-01 15:46:53 +09:00
Matej Gradišar
799103257b
[AMF] Fix UE context transfer when only NRF is client (#3880)
* [AMF] Fix UE context transfer when only NRF is client

If UE context transfer is initiated and the new AMF does not get the
old AMF from NRF or no UE context is retrieved from the old AMF,
we do not want to reject UE registration. Send identity request instead.
Test "transfer-error-case" is added into the commit.

* [tests] Unite tests for UE context transfer

All tests for UE context transfer with different configs are placed
into test folder transfer.

* [tests] Make two binaries for UE context transfer tests

For each test config a different test binary is created.
2025-05-31 20:51:06 +09:00
Sukchan Lee
ae4d8433eb [HR] Implement Network-Initiated PDU Session Modification (Home-Routed Roaming) (#2194)
This commit adds support for processing network-initiated PDU Session
Modification in a home-routed roaming context, following section 4.3.3.3
of the specification.
2025-05-31 15:44:44 +09:00
Sukchan Lee
3e6b7e961d Merge branch 'main' into home-routed 2025-05-10 12:08:47 +09:00
Sukchan Lee
ca61a901d5 Implement PDU Session Release for Home-Routed Roaming and fix N4 step ordering in 4.3.4.2
- Add support for PDU Session Release in 3GPP TS 23.502 section 4.3.4.3
  Note: PCF-initiated release flow for Home-Routed Roaming is not implemented;
- Fix N4 release step ordering in 3GPP TS 23.502 section 4.3.4.2 UE or network requested PDU Session Release for Non-Roaming and Roaming with Local Breakout
2025-05-02 21:28:25 +09:00
Pallavi Das
cd80aa432e Typos Fix 2025-04-19 20:45:25 +09:00
Sukchan Lee
46f74c8019 Merge branch 'main' into home-routed 2025-04-06 18:36:57 +09:00
Bostjan Meglic
fa3edde329 [NAS] add support for 30-seconds unit for GPRS3 timer 2025-03-21 17:52:12 +09:00
Sukchan Lee
63d26667bc [AMF/MME] Fix UE context deletion vulnerability using memento restoration (#3754)
Renamed backup/restore security context functions to save/restore
memento and updated flag to "can_restore_context". Updated AMF and MME
state machines to restore context on failure, preventing malicious
deletion triggered by spoofed NAS messages.
2025-03-21 17:28:47 +09:00
Sukchan Lee
106a9accd4 [AMF/MME] Fix security context restoration and state transition cleanup (#3756)
- Backup sensitive security context fields (e.g. xres, kasme, rand, autn,
  keys, counters) when transitioning from REGISTERED state.
- Set the can_restore_security_context flag in common_register_state()
  based on whether the transition originates from a REGISTERED or
  de-registered state.
- In emm_state_authentication(), restore the security context and revert
  to the REGISTERED state on authentication failure only if restoration
  is allowed; otherwise, transition to an exception state.
- Remove the redundant unconditional state transition in the cleanup block
  to prevent overriding a valid restoration.
2025-03-16 11:57:14 +09:00
Sukchan Lee
70310979c5 [KSI] Update EPC KSI issuance to match 5G Core behavior
Previously, the EPC used the UE-provided KSI directly in the Authentication
Request (except for the special case where the UE sent
OGS_NAS_KSI_NO_KEY_IS_AVAILABLE, which was reset to 0).

This commit changes the EPC to follow the 5G Core approach
for issuing KSI in Attach-Request.

Now, when a Attach Request is received and a new Authentication Vector is
generated, the EPC performs the following steps:

- Extract the KSI value from the UE's request.
- Increment the extracted KSI by 1.
- Use the incremented KSI in the Authentication Request sent to the UE.

This detailed process ensures that the EPC issues the KSI consistently
with 5G Core standards, improving key management and interoperability.
2025-03-10 15:15:47 +09:00
Sukchan Lee
1abc3b6d5f [SMF] Separate EPC-only attach config to avoid NRF register timeout
Previously, sample.yaml was used for both 5GC and EPC attach tests.
Because SMF had SBI configured, it sent a register PUT to NRF even in
EPC-only tests (where nrf/scp was not run), leading to a missing HTTP
response and connection timer expiry.

Now, attach.yaml is used for EPC, preventing the unwanted NRF registration.
2025-03-10 09:53:00 +09:00
Sukchan Lee
8cae6112cc [SEC] Fix crash in eNBDirectInformationTransfer due to missing Inter_SystemInformationTransferType
This commit resolves an issue where the system would crash
when Inter_SystemInformationTransferType was not present.
2025-02-28 14:27:10 +09:00
Sukchan Lee
90afca821b Merge branch 'main' into home-routed 2025-02-09 11:15:55 +09:00
Sukchan Lee
07cb42110e [DBI] Improve YAML policy config by adding SUPI range filtering
Previously, policies were configured via YAML files without MongoDB.
This update enhances the YAML approach by adding the 'supi_range' key to
filter policies based on UE SUPI ranges. When both 'supi_range' and
'plmn_id' are provided, both conditions must be met.

Note that PLMN-ID filtering will be deprecated in a future release.
2025-02-05 21:56:15 +09:00
Sukchan Lee
3f38d66790 Merge branch 'main' into home-routed 2025-01-19 17:11:20 +09:00
Bostjan Meglic
90cd67fcca [AMF,SMF] Prevent mapped HPLMN SST to always be set
In case that mapped HPLMN SST was not set by the UE in the request to
Establish PDU Session, AMF/SMF would assume it is set to 0 (since the
recent change to allow SST value 0).
2025-01-11 20:22:46 +09:00
Bostjan Meglic
c331207233 [all] allow value of 0 for S-NSSAI SST
3GPP TS 23.003: 28.4.2 Format of the S-NSSAI

The SST field may have standardized and non-standardized values. Values
0 to 127 belong to the standardized SST range and they are defined in
3GPP TS 23.501 [119]. Values 128 to 255 belong to the Operator-specific
range.
2025-01-11 20:22:46 +09:00
Sukchan Lee
b0bfd35c63 [SCTP] Support setting local address (#3344)
Added support for binding to local IP addresses in ogs_sctp_client and
ogs_sctp_server, and correct SGsAP configuration

Implemented the ability to bind to one or multiple local IP addresses using
`sctp_bindx()` in both the `ogs_sctp_client()` and `ogs_sctp_server()` APIs.

Users can now specify local addresses in the configuration files under the new
`local_addresses` field, reducing unnecessary complexity and signaling caused
by binding to `ANY_ADDR`.

This update addresses issue https://osmocom.org/issues/6509 by ensuring
correct operation in multi-interface and complex networking setups.

Additionally, corrected the `sgsap` configuration by changing it
from `server` to `client`, and added support for specifying `local_addresses`
for local binding as follows:

```
sgsap:
  client:
    - address: msc.open5gs.org # SCTP server address configured on the MSC/VL
      local_address: 127.0.0.2 # SCTP local IP addresses to be bound in the M
```
2024-12-23 21:16:15 +09:00
Sukchan Lee
b47bad8b84 [HR] Implement GTP-U processing for HR Roaming in User Plane (#2194)
- Added support for the N9 For Roaming interface type:
  - Core interface act as V-UPF.
  - Access interface act as H-UPF.

- Modified V-UPF behavior:
  - V-UPF updates only the TEID and IP Address in the GTP-U header.
  - The content following the Extension Header is passed through directly
    between the UE and H-UPF.

This implementation ensures seamless data flow between the UE, V-UPF, and H-UPF
while maintaining integrity for Home Routed Roaming scenarios.
2024-11-23 17:51:42 +09:00
Sukchan Lee
1fa8e5468e [AMF/MME] Fix handover failing due to GNB/eNBID hash table handling (#3569)
Resolved an issue where Handover was failing when attempting to handover
from GNB-ID/eNB-ID 1 to GNB-ID/eNB-ID 0.

The problem occurred because the hash table managing GNB_ID values would
remove any entry with the default GNB-ID/eNB-ID of 0 before re-adding entries.

Consequently, any GNB/eNB configured with a GNB-ID/eNB-ID of 0
would be inadvertently deleted whenever another GNB was added.

This fix modifies the handling of the hash table to prevent the default
GNB-ID/eNB-ID (0) from being removed unintentionally, allowing handovers
between GNB-ID/eNB-ID 0 and other GNBs/eNBs to proceed without error.
2024-11-14 16:26:49 +09:00