RRC: reject PDU sessions if security is not active

OAI 5GC seems to have a bug, and occasionally might send a PDU session setup request without having sent a UE context setup request, resulting in no security context activated for a UE. This lead to an assertion in rrc_gNB_process_e1_bearer_context_setup_resp(). To prevent the gNB from stopping, check if security is active before triggering PDU sessions. If not, the gNB will reject PDU sessions.

RRC: reject PDU sessions if security is not active
OAI 5GC seems to have a bug, and occasionally might send a PDU session setup request without having sent a UE context setup request, resulting in no security context activated for a UE. This lead to an assertion in rrc_gNB_process_e1_bearer_context_setup_resp(). To prevent the gNB from stopping, check if security is active before triggering PDU sessions. If not, the gNB will reject PDU sessions.
032d4fc9 · Robert Schmidt · f0f0cf80 · 032d4fc9 · 032d4fc9
Commit 032d4fc9 authored Jul 17, 2024 by Robert Schmidt
Hide whitespace changes
Inline Side-by-side

Showing with 20 additions and 4 deletions

openair2/RRC/NR/rrc_gNB.c openair2/RRC/NR/rrc_gNB.c +0 -2

openair2/RRC/NR/rrc_gNB_NGAP.c openair2/RRC/NR/rrc_gNB_NGAP.c +20 -2

No files found.
--- a/openair2/RRC/NR/rrc_gNB.c
+++ b/openair2/RRC/NR/rrc_gNB.c
@@ -2200,8 +2200,6 @@ void rrc_gNB_process_e1_bearer_context_setup_resp(e1ap_bearer_setup_resp_t *resp
    }
  }

-  AssertFatal(UE->as_security_active, "logic bug: security should be active when activating DRBs\n");
-
  if (!UE->f1_ue_context_active)
    rrc_gNB_generate_UeContextSetupRequest(rrc, ue_context_p, nb_drb, drbs);
  else

--- a/openair2/RRC/NR/rrc_gNB_NGAP.c
+++ b/openair2/RRC/NR/rrc_gNB_NGAP.c
@@ -342,6 +342,7 @@ static int decodePDUSessionResourceSetup(pdusession_t *session)

 void trigger_bearer_setup(gNB_RRC_INST *rrc, gNB_RRC_UE_t *UE, int n, pdusession_t *sessions, uint64_t ueAggMaxBitRateDownlink)
 {
+  AssertFatal(UE->as_security_active, "logic bug: security should be active when activating DRBs\n");
  e1ap_bearer_setup_req_t bearer_req = {0};

  e1ap_nssai_t cuup_nssai = {0};
@@ -813,7 +814,6 @@ void rrc_gNB_process_NGAP_PDUSESSION_SETUP_REQ(MessageDef *msg_p, instance_t ins
  gNB_RRC_UE_t *UE = &ue_context_p->ue_context;
  PROTOCOL_CTXT_SET_BY_MODULE_ID(&ctxt, 0, GNB_FLAG_YES, UE->rnti, 0, 0, 0);
  gNB_RRC_INST *rrc = RC.nrrrc[ctxt.module_id];
-  LOG_I(NR_RRC, "[gNB %ld] gNB_ue_ngap_id %u \n", instance, msg->gNB_ue_ngap_id);

  if (ue_context_p == NULL) {
    MessageDef *msg_fail_p = NULL;
@@ -825,7 +825,25 @@ void rrc_gNB_process_NGAP_PDUSESSION_SETUP_REQ(MessageDef *msg_p, instance_t ins
    return ;
  }

-  AssertFatal(UE->rrc_ue_id == msg->gNB_ue_ngap_id, "logic bug\n");
+  DevAssert(UE->rrc_ue_id == msg->gNB_ue_ngap_id);
+  LOG_I(NR_RRC, "UE %d: received PDU session setup request\n", UE->rrc_ue_id);
+
+  if (!UE->as_security_active) {
+    LOG_E(NR_RRC, "UE %d: no security context active for UE, rejecting PDU session setup request\n", UE->rrc_ue_id);
+    MessageDef *msg_resp = itti_alloc_new_message(TASK_RRC_GNB, 0, NGAP_PDUSESSION_SETUP_RESP);
+    ngap_pdusession_setup_resp_t *resp = &NGAP_PDUSESSION_SETUP_RESP(msg_resp);
+    resp->gNB_ue_ngap_id = UE->rrc_ue_id;
+    resp->nb_of_pdusessions_failed = msg->nb_pdusessions_tosetup;
+    for (int i = 0; i < resp->nb_of_pdusessions_failed; ++i) {
+      pdusession_failed_t *f = &resp->pdusessions_failed[i];
+      f->pdusession_id = msg->pdusession_setup_params[i].pdusession_id;
+      f->cause = NGAP_CAUSE_PROTOCOL;
+      f->cause_value = 3; // NGAP_CauseProtocol_message_not_compatible_with_receiver_state
+    }
+    itti_send_msg_to_task(TASK_NGAP, instance, msg_resp);
+    return;
+  }
+
  UE->amf_ue_ngap_id = msg->amf_ue_ngap_id;
  trigger_bearer_setup(rrc, UE, msg->nb_pdusessions_tosetup, msg->pdusession_setup_params, msg->ueAggMaxBitRateDownlink);
  return;