Closed infinitydon closed 10 months ago
Hi @infinitydon!
Thanks for your interest in PacketRusher! PacketRusher should already be able to work with UE's hplmn being different from the gNodeB's plmn as-is. Please let me know if you encounter any issues, and if you do, please share a pcap and logs! :) If some more specific NGAP procedures need to be implemented, we can do it.
Thanks a lot, Valentin
@linouxis9 - Thanks for the response, I just tried it but am currently getting Authentication reject from the AMF
12/03 18:17:15.764: [amf] INFO: gNB-N2 accepted[192.168.200.2]:9487 in ng-path module (../src/amf/ngap-sctp.c:113)
12/03 18:17:15.764: [amf] INFO: gNB-N2 accepted[192.168.200.2] in master_sm module (../src/amf/amf-sm.c:741)
12/03 18:17:15.764: [amf] INFO: [Added] Number of gNBs is now 1 (../src/amf/context.c:1227)
12/03 18:17:15.765: [amf] INFO: gNB-N2[192.168.200.2] max_num_of_ostreams : 2 (../src/amf/amf-sm.c:780)
12/03 18:17:16.768: [amf] INFO: InitialUEMessage (../src/amf/ngap-handler.c:401)
12/03 18:17:16.768: [amf] INFO: [Added] Number of gNB-UEs is now 1 (../src/amf/context.c:2546)
12/03 18:17:16.768: [amf] INFO: RAN_UE_NGAP_ID[1] AMF_UE_NGAP_ID[4] TAC[1] CellID[0x1] (../src/amf/ngap-handler.c:562)
12/03 18:17:16.768: [amf] INFO: [suci-0-999-70-4567-0-0-0000000001] Unknown UE by SUCI (../src/amf/context.c:1831)
12/03 18:17:16.768: [amf] INFO: [Added] Number of AMF-UEs is now 1 (../src/amf/context.c:1612)
12/03 18:17:16.768: [gmm] INFO: Registration request (../src/amf/gmm-sm.c:1165)
12/03 18:17:16.768: [gmm] INFO: [suci-0-999-70-4567-0-0-0000000001] SUCI (../src/amf/gmm-handler.c:166)
12/03 18:17:16.769: [sbi] WARNING: [AUSF] (NRF-discover) NF has already been added [d26b26e4-91f3-41ee-903b-45ddc8dc585d:1] (../lib/sbi/nnrf-handler.c:1057)
12/03 18:17:16.769: [sbi] WARNING: NF EndPoint(fqdn) updated [ausf.5gc.mnc070.mcc999.3gppnetwork.org:0] (../lib/sbi/context.c:2174)
12/03 18:17:16.770: [sbi] WARNING: NF EndPoint(fqdn) updated [ausf.5gc.mnc070.mcc999.3gppnetwork.org:0] (../lib/sbi/context.c:1917)
12/03 18:17:16.770: [sbi] INFO: [AUSF] (NF-discover) NF Profile updated [d26b26e4-91f3-41ee-903b-45ddc8dc585d:1] (../lib/sbi/nnrf-handler.c:1095)
12/03 18:17:16.808: [sbi] WARNING: [AUSF] (SCP-discover) NF has already been added [d26b26e4-91f3-41ee-903b-45ddc8dc585d:1] (../lib/sbi/path.c:216)
12/03 18:17:16.811: [gmm] ERROR: [suci-0-999-70-4567-0-0-0000000001] MAC failure (../src/amf/gmm-handler.c:844)
0000: 15a19d13 e5a6ce1b 76313ae3 d64a59b9 ........v1:..JY.
0000: 07a1aed7 a58e2aeb 1901de6f 9cfcea69 ......*....o...i
0000: 8867f4c6 2a745d74 a7a46334 732146a8 .g..*t]t..c4s!F.
12/03 18:17:16.811: [amf] WARNING: [suci-0-999-70-4567-0-0-0000000001] Authentication reject (../src/amf/nas-path.c:538)
12/03 18:17:17.814: [amf] INFO: UE Context Release [Action:3] (../src/amf/ngap-handler.c:1696)
12/03 18:17:17.814: [amf] INFO: RAN_UE_NGAP_ID[1] AMF_UE_NGAP_ID[4] (../src/amf/ngap-handler.c:1697)
12/03 18:17:17.814: [amf] INFO: SUCI[suci-0-999-70-4567-0-0-0000000001] (../src/amf/ngap-handler.c:1700)
12/03 18:17:17.814: [amf] INFO: [Removed] Number of gNB-UEs is now 0 (../src/amf/context.c:2553)
12/03 18:17:17.814: [amf] INFO: [Removed] Number of AMF-UEs is now 0 (../src/amf/context.c:1705)
12/03 18:17:19.345: [amf] INFO: gNB-N2[192.168.200.2] connection refused!!! (../src/amf/amf-sm.c:793)
12/03 18:17:19.345: [amf] INFO: [Removed] Number of gNBs is now 0 (../src/amf/context.c:1254)
packet-rusher-logs:
INFO[0000] PacketRusher version 1.0.1
INFO[0000] ---------------------------------------
INFO[0000] [TESTER] Starting test function: Testing an ue attached with configuration
INFO[0000] [TESTER][UE] Number of UEs: 1
INFO[0000] [TESTER][UE] disableTunnel is false
INFO[0000] [TESTER][GNB] Control interface IP/Port: 192.168.200.2/9487
INFO[0000] [TESTER][GNB] Data interface IP/Port: 192.168.200.2/2152
INFO[0000] [TESTER][AMF] AMF IP/Port: 192.168.200.1/38412
INFO[0000] ---------------------------------------
INFO[0000] [GNB] SCTP/NGAP service is running
INFO[0000] [GNB] Initiating NG Setup Request
INFO[0000] [GNB][SCTP] Receive message in 0 stream
INFO[0000] [GNB][NGAP] Receive NG Setup Response
INFO[0000] [GNB][AMF] AMF Name: open5gs-amf0
INFO[0000] [GNB][AMF] State of AMF: Active
INFO[0000] [GNB][AMF] Capacity of AMF: 255
INFO[0000] [GNB][AMF] PLMNs Identities Supported by AMF -- mcc: 001 mnc:01
INFO[0000] [GNB][AMF] List of AMF slices Supported by AMF -- sst:01 sd:000001
INFO[0001] [TESTER] TESTING REGISTRATION USING IMSI 0000000001 UE
INFO[0001] [UE] Initiating Registration
INFO[0001] [UE] Switched from state 0 to state 1
INFO[0001] [GNB][SCTP] Receive message in 1 stream
INFO[0001] [GNB][NGAP] Receive Downlink NAS Transport
INFO[0001] [UE][NAS] Message without security header
INFO[0001] [UE][NAS] Receive Authentication Request
INFO[0001] [UE][NAS][MAC] Authenticity of the authentication request message: OK
INFO[0001] [UE][NAS][SQN] SQN of the authentication request message: VALID
INFO[0001] [UE][NAS] Send authentication response
INFO[0001] [UE] Switched from state 1 to state 2
INFO[0001] [GNB][SCTP] Receive message in 1 stream
INFO[0001] [GNB][SCTP] Receive message in 1 stream
INFO[0001] [GNB][NGAP] Receive Downlink NAS Transport
INFO[0001] [GNB][NGAP] Receive UE Context Release Command
INFO[0001] [UE][NAS] Message without security header
INFO[0001] [UE][NAS] Receive Authentication Reject
INFO[0001] [UE][NAS] Authentication of UE 1 failed
INFO[0001] [UE] Switched from state 2 to state 1
INFO[0002] [GNB] Initiating UE Context Complete
ERRO[0002] [UE][0000000001] Stopping UE as communication with gNB was closed
INFO[0002] [UE] UE Terminated
INFO[0002] [UE] Switched from state 1 to state 0
INFO[0002] [GNB][NGAP] Releasing UE Context, cause: nas: Normal release
AMF config:
logger:
file: /var/log/open5gs/v-amf.log
# level: info # fatal|error|warn|info(default)|debug|trace
global:
max:
ue: 1024 # The number of UE can be increased depending on memory size.
# peer: 64
amf:
sbi:
server:
- address: 127.0.0.5
port: 7777
client:
scp:
- uri: http://127.0.0.200:7777
ngap:
server:
- address: 192.168.200.1
metrics:
server:
- address: 127.0.0.5
port: 9090
access_control:
- plmn_id:
mcc: 001
mnc: 01
- plmn_id:
mcc: 999
mnc: 70
guami:
- plmn_id:
mcc: 001
mnc: 01
amf_id:
region: 2
set: 1
tai:
- plmn_id:
mcc: 001
mnc: 01
tac: 1
plmn_support:
- plmn_id:
mcc: 001
mnc: 01
s_nssai:
- sst: 1
sd: 000001
security:
integrity_order : [ NIA2, NIA1, NIA0 ]
ciphering_order : [ NEA0, NEA1, NEA2 ]
network_name:
full: Open5GS
short: Next
amf_name: open5gs-amf0
time:
# t3502:
# value: 720 # 12 minutes * 60 = 720 seconds
t3512:
value: 540 # 9 minutes * 60 = 540 seconds
packet-rusher config:
gnodeb:
controlif:
ip: "192.168.200.2"
port: 9487
dataif:
ip: "192.168.200.2"
port: 2152
plmnlist:
mcc: "001"
mnc: "01"
tac: "000001"
gnbid: "000008"
slicesupportlist:
sst: "01"
sd: "000001"
ue:
msin: "0000000001"
key: "465B5CE8B199B49FAA5F0A2EE238A6BC"
opc: "E8ED289DEBA952E4283B54E88E6183CA"
amf: "8000"
sqn: "00000000"
dnn: "internet"
routingindicator: "4567"
hplmn:
mcc: "999"
mnc: "70"
snssai:
sst: 01
sd: "000001"
integrity:
nia0: false
nia1: false
nia2: true
nia3: false
ciphering:
nea0: true
nea1: false
nea2: false
nea3: false
amfif:
ip: "192.168.200.1"
port: 38412
logs:
level: 4
I double checked the UE profile, both the security key and oPC codes looks ok.
Attached below is the PCAP
Hi @infinitydon, Thanks for sharing the detailed logs and PCAP. I'll try to reproduce the issue, and fix it. I'll keep you updated.
I was able to reproduce the bug, I'll keep investigating. Thanks a lot for the report!
Issue should be fixed and PacketRusher should now work with roaming, please try again with the latest commits from the main branch. Thanks a lot for the report! @infinitydon
@infinitydon @linouxis9 Hi, is there a writeup on how to configure packetrusher for roaming scenarios? TIA
Hi @priyanshs! There is this article https://futuredon.medium.com/5g-roaming-with-mutual-tls-1468d109129c from @infinitydon. But else, it's very easy, it's juste a matter of configuring Open5GS roaming following the Open5GS guide, and then configure in the config.yml an UE with a different MCC/MNC than the gNodeB. Cheers, Valentin
Thanks a bunch :)
Is your feature request related to a problem? Please describe. Currently Open5gs supports 5G roaming, it will great if this can be supported in PacketRusher
Describe the solution you'd like Support roaming scenario whereby the UE PLMN is different from the gNB
Describe alternatives you've considered None, I don't think this is supported by any opensource 5G RAN simulator
Additional context Reference to the Open5gs roaming feature: https://open5gs.org/open5gs/docs/tutorial/05-roaming/