Missing 5GMM Capability in Registration Request
User reported tests of OAI UE simulator with free5GC core network:
OAI UE is encoding the Registration Request incorrectly.
In the attached packet trace file, frame 69 contains the offending packet:
UplinkNASTransport
protocolIEs: 4 items
Item 0: id-AMF-UE-NGAP-ID
Item 1: id-RAN-UE-NGAP-ID
Item 2: id-NAS-PDU
ProtocolIE-Field
id: id-NAS-PDU (38)
criticality: reject (0)
value
NAS-PDU: 7e04f370e7b3007e005e7700096557547698103214f371001d7e004119000d0100f1100000000007505501002e08e060000000000000
Non-Access-Stratum 5GS (NAS)PDU
Security protected NAS 5GS message
Plain NAS 5GS Message
Extended protocol discriminator: 5G mobility management messages (126)
0000 .... = Spare Half Octet: 0
.... 0000 = Security header type: Plain NAS message, not security protected (0)
Message type: Security mode complete (0x5e)
5GS mobile identity
NAS message container
Element ID: 0x71
Length: 29
Non-Access-Stratum 5GS (NAS)PDU
Plain NAS 5GS Message
Extended protocol discriminator: 5G mobility management messages (126)
0000 .... = Spare Half Octet: 0
.... 0000 = Security header type: Plain NAS message, not security protected (0)
Message type: Registration request (0x41)
5GS registration type
NAS key set identifier
5GS mobile identity
UE security capability
Item 3: id-UserLocationInformationThe Registration Request was created by the UE and relayed by the OAI gNB simulator to the free5GC AMF. According to TS 124 501 https://www.etsi.org/deliver/etsi_ts/124500_124599/124501/15.02.01_60/ts_124501v150201p.pdf :
Section 8.2.6.1: In a Registration Request, the 5GMM capability field is "optional". Section 8.2.6.3 5GMM capability: The UE shall include this IE, unless the UE performs a periodic registration updating procedure.
My interpretation of the word "shall" is, this IE must be included in the initial Registration Request, but may be omitted during registration updating. However, OAI UE is not including this IE in the initial Registration Request. This subsequently caused free5GC AMF to reject the registration:
2024-12-12T20:22:31.213235728Z [36m [INFO][AMF][Gmm][amf_ue_ngap_id:RU:1,AU:1(3GPP)][supi:SUPI:imsi-001017005551000] [0mHandle InitialRegistration
2024-12-12T20:22:31.218202767Z [36m [INFO][AMF][Gmm][amf_ue_ngap_id:RU:1,AU:1(3GPP)][supi:SUPI:imsi-001017005551000] [0mSend Registration Reject
2024-12-12T20:22:31.218278008Z [36m [INFO][AMF][Ngap][amf_ue_ngap_id:RU:1,AU:1(3GPP)][ran_addr:172.25.199.19:60528] [0mSend Downlink Nas Transport
2024-12-12T20:22:31.218903925Z [31m [ERRO][AMF][Gmm] [0mCapability5GMM is nil
2024-12-12T20:22:31.218930484Z [36m [INFO][AMF][Gmm] [0mHandle event[ContextSetup Fail], transition from [ContextSetup] to [Deregistered]
2024-12-12T20:23:34.836264722Z [36m [INFO][AMF][Ngap][ran_addr:172.25.199.19:60528] [0mHandle UEContextReleaseRequestAfter that the OAI UE crashes:
[0m[NAS] [UE 0] Received NAS_DOWNLINK_DATA_IND: length 25 , buffer 0x7f466c0028e0 [0m[NAS] [UE 0] Received NAS_DOWNLINK_DATA_IND: length 11 , buffer 0x7f466c002df0 [0m [1;31m[NAS] Received Registration reject cause: Illegal_UE [0mUE threads created by 7 TYPE <CTRL-C> TO TERMINATE kgnb : b8 a2 3b ef 03 4c 9a f4 7f 02 c3 f9 c4 bb 31 0e 43 6c 7d f1 d1 1c 0b c3 5a 0d f6 c0 7c 20 fa 2d kausf:4b 5e 6d 8b 1c 5 ff 6 9a ab 0 ed cf b6 20 50 3c a4 5c 11 3c 4d 9 2f 36 12 41 a6 64 34 bb b1 kseaf:f0 6c bc 0 b6 b6 63 d6 99 40 11 6e b ef d1 5 25 d1 f0 d0 48 de b 42 ee fb 51 94 60 30 a 44 kamf:3 79 b3 3e 24 f3 14 89 72 32 49 77 ed 8d 2f c7 4c 6 17 fe 79 27 47 20 74 94 a5 15 d9 f5 16 9f knas_int: 6 60 8b 64 e1 ce 59 5f 67 7c d5 3 1a 66 27 18 knas_enc: 85 dd ae 95 21 b0 28 b7 2 4d e6 94 2a 63 97 9c mac f3 70 e7 b3
Related discussion in free5GC: https://github.com/free5gc/free5gc/issues/114#issuecomment-708991082 https://github.com/free5gc/amf/pull/131#issuecomment-2149088507