AUSF improvement 2

Add the reminder in the modified code place.

AUSF improvement 2

Before
After

Reason

1st req & resp

Method

Use the function call in AMF, instead of call AUSF's API.
- In ue_authentication.go(AMF)
- Call by func SendUEAuthenticationAuthenticateRequest
- Need to check whether creating another new file for function calling is needed or not.
  - No, all modification is done in ue_authentication.go

Reserve parts :
- RAND, AUTN pass in AUSF
  - In ue_authentication.go(AUSF)
  - Call by func UeAuthPostRequestProcedure
- RAND, AUTN gen in UDM
  - In generate_auth_data.go(UDM)
  - func GenerateAuthDataProcedure
  - func strictHex
  - func aucSQN
- MongoDB API in UDR
  - In data_repository.go(UDR)
  - func QueryAuthSubsDataProcedure
  - func getDataFromDB
  - func ModifyAuthenticationProcedure
  - func patchDataToDBAndNotify
Reduction
- API -> function calling (Some functions, URI creating, parameters passing, http interaction)
- AUSF selection
- AUSF context create.
- EAP-AKA'
- Service network authorization
- Simplfy resyncronization, SUCI checking
- SUCI to SUPI

Modification

Prerequisite

Move the file from the VM in server room to computer in lab because of storage problem.
OS changed from ubuntu 20.04 to 18.04, and kernel version is still on 5.4.0, so it is OK for gtp module.
Move the reserved parts to AMF, and put them above func SendUEAuthenticationAuthenticateRequest.

Implementation

The parts need to check after modification :
(They are in the folded area below, here just for final confirmation and not for check list)

func SendUEAuthenticationAuthenticateRequest
func UeAuthPostRequestProcedure
func GenerateAuthDataProcedure

func SendUEAuthenticationAuthenticateRequest

Why I dont call func UeAuthPostRequestProcedure of AUSF directly from func AuthenticationProcedure of AMF.
- In modification before, it has a transformation of the format authInfo.
- The parameters passed from AuthenticationProcedure are
- The received side is
- And it use them to make the parameters will be passed to AUSF.
- So I reserved them first and to see if I need to move them to AuthenticationProcedure or remove them.
Change the receive parameters to ignore the API part and match the return.
- The locationURI in UeAuthPostRequestProcedure also needs to modify.
- The return parameters remain three to match AuthenticationProcedure's calling, or modify to another err reporting format.
- Not sure if the format of ueAuthenticationCtx is matched or not.
Remove part

func UeAuthPostRequestProcedure

Comment out the service network authorization.
Reduce EAP-AKA'
Reduce the return parameters to two(rep & err).
- Need to check the pointer format when test.
Comment out the locationURI processing.
- Because it is used in one of the return parameter(responseBody), so reserve it first, and see if I can remove it latter.(Code explanation)
Resynchronization
- Originally it will not be used at UE's first attach in func AuthenticationProcedure, it passes a nil to func SendUEAuthenticationAuthenticateRequest.
- In func HandleAuthenticationFailure, it will call again and give it resynchronizationInfo.
- Comment out here and need to prepare how to deal with resyncronization.
Call UDM -> Call function
- Original API server parameters passing to UDM is like this.
- Ignore the original API calling, and modify the parameters to call function.
  - The UDM function side.
- The return parameters in UDM function are matched with original API.
  - Format in UDM function
  - So remove the API parameter rsp, and Im not sure if the format of err is matched with problemDetails, because it's originally passed to API function.
Reduce the ausf context process part, and reserve ueid access, print it to add a pause and see the result.
- I dont know which one can print on terminal so I use two of them.
- The other part below.
Kseaf & Kausf
- I reserved the Kseaf derive part first, although, because Kseaf will be used in 2nd req & rep to generate Kamf, I dont know if that will be reduced or not.
- Kausf will be gen in UDM function, and it is included in AV , so it will beb reserved.

Modules need to be added
- "encoding/hex"
- "crypto/sha256"
- "net/http"
  - Upper part also has the same place need it.
- "github.com/free5gc/util/ueauth"
logger function
- Original in AMF
- The logger file may not has the function of AUSF print function, need to add or change to AMF print function.

func GenerateAuthDataProcedure

Reduce EAP-AKA'
Call ToSupi -> Call function
- Need to check whether to pass supi directly.
1. Original source in UDM
  - ToSupi function is in suci.go, and it calls other key transform functions above it, so if I move all of them, I need to modify a lot, then I take a see of Terry's method.
2. Terry's solution
  - Example test link
  - Im not sure if it can transform or not, so I print the SUCI in AMF and SUPI in UDM.
  - This solu assumes that the UE use IMSI SUPI type, and mcc/mnc parts are fixed, so if the mcc/mnc are changed, it turns out error.
3. So here I'm concerning to move suci.go.
  - Move to here and change the packge name.
    - The logger imported print function should be modified.
  - Here I found a problem is that it has a passing parameter called suciProfiles, which is used in home nework key & SUCI to SUPI transfrom, like the below description.
    - And the several functions above ToSupi are all for the profileA & profileB.
4. So here I decide to combine the mcc/mnc extract method in ToSupi and Terry's method.
  - Create the const
  - Original other guys' method
    - Terry
    - ToSupi
  - My final method
  - Remove the supi.go which I wanted to move to here, and this part.
Call UDR -> Call function
- The API part from UDM side to UDR side, maybe I have to put the selected part into the UDM's calling side(it's moved now).
- In the main part, UDR side passes two parameters to get UE data from mongoDB, and in the getDataFromDB, it imports something.
  - About how it imports, go here for more info.
  - When I was checking Terry's approach of here(connect and get data from mongoDB), I have more problem about the difference with my past import methods, go here for more info about what I has discovered.
- Pint the ueId which will be use in the API process of UDM-UDR, so it is SUPI.
- Remove UDR client creating, and move the parameters creating from UDR.
- Pint the return value of API and the function I want to move.
  - Im not sure if authSubs can directly receive the return of this format(map[string]interface{}), without the trasformation of API(response->authSubs), the usage of authSubs below are all in the content of the return from func QueryAuthSubsDataProcedure in UDR.
  - Sort up the output of return map of func QueryAuthSubsDataProcedure, so they are matched and can indeed call the parameters.
- Reduce the receive parameters to two, an comment out the API process.
- Delete the redundent of API part, because it has directly calls the func QueryAuthSubsDataProcedure.
  - But keep the printing line in
strictHex
- Add one more function from UDM, here is what it does.
make -> Link
Resynchronization
Here I just checked the modification before :
- So in func AuthenticationProcedure, the resync info passed to func SendUEAuthenticationAuthenticateRequest will be set to nil.
  
  But it will be set in func HandleAuthenticationFailure if there is a sync failure happened.
- In func SendUEAuthenticationAuthenticateRequest, it just passes the parameter if it receives it, and doesn't do more process.
- In past modification, I commented out the resync process in func UeAuthPostRequestProcedure because it includes ausf context edit, but I want to keep the resync info passing, so I do this modificaiton.
  - Then if the resync info exists, the info will not be lost, and will be received by func GenerateAuthDataProcedure.
  - But here I'm not sure commenting out this Rand parameter filling will affect or not (There will not have Rand parameter ?).
- In func GenerateAuthDataProcedure.
  - It decodes Auts/Rand from ResynchronizationInfo, and use aucSQN to generate SQN & mac.
  - aucSQN
    - It is a function in original UDM, so copy it to AMF.
  - Then it uses some imported function to do computation in if/else -> Link
    - In else part, comment out the suci checking, only keep the logger printing and return.
increment sqn(call UDR -> call function)
- Do some computation for SQN. -> Link
- Save the computaion results into DB
  - Here is the API operation in UDR, need to combine it into AMF.
- Modification 1 : Move the API calling/parameter passing to here.
  - Modify the error process.
- Modification 2 : Attach the parts (1&2) forgot in the UDR function calling last time (get data from DB), the http calling has been imported when doing AUSF funciton moving.
  
  And the util calling need to be modified because it is originally from UDR.
- Modification 3 : util function
  - Originally, UDR import this folder "github.com/free5gc/udr/internal/util" and call the function in this file.
  - But only these two functions(get, modify) I import from UDR call that file, so I decide to move the called functions directly.
  - The http and model need to add have been imported in my files, so just move and modify.
  - About the variable declaration -> Link
- Modification 4 : func patchDataToDBAndNotify
  - Add one import ("encoding/json").
  - Comment out the notify function calling, because it is not nessesiry to send a notification from UDR in future, just modify the DB. But Im not sure whether this notification will affect other module or not.
  - About the recover() function -> Link

Modules need to be added
- "math/rand"
  "time"
- "github.com/free5gc/util/milenage"
- "strings"
- "cryptoRand "crypto/rand"
- "reflect"
- "math/big"
- "github.com/free5gc/util/mongoapi"
- "go.mongodb.org/mongo-driver/bson"
- "encoding/json"
logger function
logger function (UDR)

Compilation

Problem 1

Need to go get some imported module

About tha fatal lines info -> Link
Type these commands :



cd NFs/amf
go get github.com/free5gc/util/mongoapi@v1.0.5-0.20230306071612-a52909216bd2
go get github.com/free5gc/amf/internal/sbi/consumer

I don't know if it is right to go get in the root folder.

Need to go get in the folder which has go.mod

I don't know why make command say that I need to go get amf/comsumer, maybe because I did the modification in comsumer folder.
And if I ignore the errors above and make directly, I will get the same errors.

So I just ignore it and keep debugging.

Problem 2

->
The logger problem : logger printing functions used in UDR/UDM/AUSF are not in AMF.
- When you check the logger.go it imports in AMF and UDR, you will find they has very similar structure.
- So I think we can just add the logger variable that AMF does not have, but UDR has.
This variable is definded in orignal file, by a const function, so add it.

V
Add variables
Plus M to prevent the repeat error.

Problem 3

This error is that I didnt deal with the parameters in the function calling which I have commented out.
- For checking whther this action will affect the DB modifiction or not, I print out these two variables in original free5gc, so the modification is the SQN number, and we can make sure that the modification is made between these two RestfulAPIGetOne.
- And if you check the content of the notify functions, you can find that they only use these got values for sending http message, not for computing or something, so we can peacefully ignore them.
- So this check item is finished.
- And the method is adding two print line so the variables will be used.
Need to difine it using :=, or the compiler can not verify it in return line.

->
- In error place, it use the received err to give to Detail.
- In the called function, the pd is returned as err.
- As you can see, the pd is also created from problemDetails.
- So there is no one item called err.Error() for us to use, I think it is because it is originally call API, not function, there will has some funciton we can call.
- Here I change it to one of the item in the models.ProblemDetails that can be called, and to represent the Detail(DATA NOT FOUND).
- Change the function name.
  
  ->
- The compiler can not find the PermanentKey item, I guess it is because the passing format problem or naming problem.
- I print the passing value in three places
- The results are like below, we can see that the value turn to memory address after API process.
- So based on the error message, we need to transform the map[string]interface format.
  - About the explanation, disadvantage and reason of this format -> Link .
    - The other reason that I don't use this fromat directly as below, is that there are too many palce need to modify, so it's more efficient by creating a structure.
  - First do the definition.
    - Compared to the content of map format.
  - Then do the transformation of the data received from MongoDB in this function.
  - The original calling of authSubs should be done successfully, notice that the return format defining should be changed correctlly, or the compiler will report the same error.
    
    V
  - Compared to Terry's MongoDB client -> Link .
- This is also defined as const in original funciton, so add it.

The AuthSubs declaration is in the same file with calling function, so don't need to add model. to import.

V
Just delete the redundent returned variable, I forgot why I put one more variable here.

V

Problem 4

- I think the problem here is the previous declaration assign err as *model.ProblemDetails, because the called function is from UDR, the return format is not the same as here(hex.DecodeString originally from UDM).
- So I change the parameter name which will be used only for hex function,
- The problem is the checking action here can not match the structure(Milenage.Op) with nil.
- Here we can reserver the OpValue only, because the error report here is just to know whther the OpValue exists or not.
The remaining errors are all the same with 1.
- So I just change their names.
- Here is another function calling(milenage), so I change to another nameing.
- The 411 line is still hex function.
- Need to change to :=, or there will have this problem
- Or like this.

Problem 5

The same so keep changing.

Problem 6

- It is continued from problem 2-5, and is same as problem 3-3.
- In func ModifyAuthenticationProcedure, the returned structure include Cause and Detail, but Detail is assigned as "", so we can only use Cause to print out what happened("MODIFY_NOT_ALLOWED").
At line 602.

V
At line 609.

V
- I dont know why it doesnt need := here, the error pops up when I add :=.
- From the model it imports, the type is not string.
- One solution is that transfer the string format to model.AuthMethod.
  - ~~But we need to define this model like the github import.~~
- Another solution is that change the declaration in AuthSub.
- Originally I dont want to use model.AuthMethod, but use "5G_AKA" to compare directly.
  - But there are some flaws.
  - Also below has some other palce using this model format, to compare with the reutrn value from this UDM function.
- So I decide to change the format in AuthSubs, then I don't need to do some change if the model is used in the part after.

Problem 7

After the resync part is OK, compiler say that we didnt use the parameters k, op, opc.
- So comment out them at here.
  
  V
  - But it will be another problem, because the k declared in if/else will only be seen recognized in if/else.
- So we still need to define them at begining, and need to change := to =, then the errHex and errMil need to be defined too.
  - Like here, after uncomment out the parameters defining and change := to =.
  - Comfirm te return formats of these function.
  - We can see the err returned by them are type error.
  - So the declaration is like this.

Until here, we finish the successful compiling of func GenerateAuthDataProcedure of UDM, so next is to keep debug in below part(AUSF, AMF).

Problem 8

Add variables.
V
- The same as previous problem.
- There are some return inlcuding Detail, some doesnt include, so I print out both cause and detail.
- It assign status code but parameter rep has been commented out.
  - The rep is declared as http.Response
  - So I go to see the format of status code in this package(net/http).
  - About the int32 function : Link
- Then I want to know the status code value when error happens, so I change the K in webconsole, and add printing lines in original free5gc.
  
  V
  - Here you can see the Forbidden status code is 403.
- And if you check all error return, you can find that their status are all http.StatusForbidden, so change the parameter to 403(int) directly.
  - Confirm that the format of problemDetails.Status is int32, so that the value 403 can be assigned directly.
- In the function definition, the returned variable number need to change.
  
  V
- Add variables.

Problem 9

V
- Because I commented out here before.
  - But now I think it can be reserved before, because updateAuthenticationInfo.ServingNetworkName is received from func SendUEAuthenticationAuthenticateRequest and it write the SN name here.
  - Because it has value, I think we can just store it but not do any authorization.
- So uncomment out it, and assign it to responseBody and authInfoReq.
- No need to add &.
  
  V
- It is also resulted from the format of err, because of the changing from API to function calling.
- Because there is no API passing between func SendUEAuthenticationAuthenticateRequest and func UeAuthPostRequestProcedure, the received err has already been &models.ProblemDetails, we don't need to extract the problem from err, use err directly(err is address so don't add & before it).

Derive Kseaf but not used.
I think it will not be used so just comment out this part.

Test

Problem 1

The explanation of ChatGPT.













var client *mongo.Client
var err error

client, err = mongo.Connect(context.TODO(), options.Client().ApplyURI("mongodb://localhost:27017"))
if err != nil {
    log.Fatal(err)
}

// 檢查連接
err = client.Ping(context.TODO(), nil)
if err != nil {
    log.Fatal(err)
}

It seems that I didn't set a client for MongoDB connection, go to see the line that error tells to me.

V

V
- As you can see, the client is also created in the same file which is called by UDR function, and in this func SetMongoDB it will build the connection with DB.
- Terry build the connection by himself, you can see the process -> Link
- And then I'm wondering where the original Free5GC do thhis action -> Link
So I copy the connection building process from UDR to AMF in init.go.
- The passing parameters in called function can be find in factory.
- And the parameters creating sequence is like below.
  - V
    
    V
    
    V
    
    V
    
    V
  - I don't know how it fill the mongo name and url from config.yaml to here, but it is confirmed that this two parameters are set in yaml file.
- So we can direcly input these value to set the connection.

Problem 2

For logs' sources.
I have comfirmed that the setting in free5gc-ue.yaml and webconsole are no problem.
Then I think maybe the searching keywords have problem, so I printing out supi.
- As you can see, the collname is matched with the display on mongodb-compass, one hyphen(-, or you can say dash) is missing in ueId.
- So modify here.
  
  V

Problem 3

For logs' sources, it is right after the getDataFromDB, so data is got, but the transfer is not successful.
The explanation from ChatGPT.
So I think we can change the format of which will recieve number into float64 directly.
- And this is also why Terry has some float64 in his structure.
- I also check that these EncryptionAlgorithm and EncryptionKey will not be used in parts after, so this change will not cause error.

Result

Result 1

CN side
- It has a successful req. generating, but stucks in handling resp. and then keeps receiving the initial messages from UE.
gnb side
UE side
- The timer will expired when waiting the ACK, after UE receives the req. and send the resp., so UE stucks on here and then keeps retrying registration.

Trace the result 1.

V
V
V

V
V

Problem 1

Normally, if the modification on auth req. is successful, CN should properly process the rep., and have a successful 5G-AKA, so I go to find the source of the server no response error, to see which part cause this.
- First I print out the passing variable and received variables, I want to check the content or resStar and the err which causes the error report.
  - The result.
- Then keep tracing where is the final stop point, so I go into func HandleAuth5gAkaComfirmRequest, which is call by client.DefaultApi.UeAuthenticationsAuthCtxId5gAkaConfirmationPut.
  - After the API routing and the function of comparing res* and xres*, print out something to check whether the received values from the called func Auth5gAkaComfirmRequestProcedure are matched with previous part.
  - The strange thing is that it didnt print out anything, still the same after compiling.
- So I go back to the API routing place who forward the message to func HandleAuth5gAkaComfirmRequest.
  - Print out some text before and after forwarding, to see where is the stop point.
  - The result is still the same, nothing printed out, which means the error happens before the message reaching the router.go & api_defaut.go of AUSF.
I go back to see the printed err, it says missing protocol scheme, and no return & http response.
- I go to see the format confirmData is declared.
  
  V
  
  V
  
  V but I can only find the function about configuration.
- Then I notice that the scheme is used in here, and confirmUri is declared from parsing ue.AuthenticationCtx.Links["5g-aka"].Href, which is matched with the printed err.
- So I go to see the content of ue.
  
  V
  
  V
  
  V then find that the format of ue.AuthenticationCtx is imported here.
- Find on github.
  
  V we can see the Links definition
  
  V see back to code, you can see it use Links.Herf
  
  V if you check here, you can see the source of Herf
Finally, if you search Links or Herf in the file, you can confirm that real reason is that I modify the putLink generating process, so there are some missed item.
- Then it is wrapped in responseBody, returned to handler.go as ueAuthenticationCtx, and wrapped into ue, so that is why there is an error when parsing ue.AuthenticationCtx, causing that ausfUri is not complete.
  
  V
- You can also confirm by see that the first %s doesnt print out.

I need to reconstruct the URI if I want to have a successful call to AUSF, but it is useless for the 2nd modification, because the client including ausfUri will be commented out after changing to function calling.
But I want to test whether my change on 1st is OK for UE access, so I will just assign the locationURI manually even if it will be commented out.
- self is declared here.
  
  V find in original ausf file
  
  V
  
  V
  
  V
- And factory.AusfAuthResUriPrefix is here.
- It seems that printing out them in original free5gc is faster
So they are all string format, can direcly add them together.

Result 2

CN side
gnb side & UE side
- The same.

Problem 2

I comment out here and assign the value manually.
It will turn out these error in process.

After compiling OK, it turns out other errors related to AUSF context.
It will be too much if I keep modify the AUSF context, so I decide to do 2nd modification directly, and ignore AUSF related part.

Github upload version before problem 1

Github upload version after problem 2

2nd req & resp

Method

Same as 1st, use the function call in AMF.
- In ue_authentication.go(AMF)
- Call by func SendAuth5gAkaConfirmRequest

Reserve parts :
- RES* & XRES* comparison in AUSF
  - In ue_authentication.go
    - func HandleAuth5gAkaComfirmRequestProcedure
  - In function.go
    - func logConfirmFailureAndInformUDM
    - func sendAuthResultToUDM
- Change format and call UDR in UDM
  - In generate_auth_data.go
    - func ConfirmAuthDataProcedure
  - In converter.go
    - func ToBsonM
- MongoDB API in UDR
  - In data_repository.go
  - func CreateAuthenticationStatusProcedure
Reduction
- API -> function calling (Some functions, URI setting, parameters passing, http interaction)
- Get data from AUSF context.
- EAP-AKA'
- Simplfy SUCI checking

Modification

Prerequisite

Move the reserved parts to AMF, and put them above func SendAuth5gAkaConfirmRequest.

Implementation

The parts need to check after modification :
(They are in the folded area below, here just for final confirmation and not for check list)

func SendAuth5gAkaConfirmRequest
func HandleAuth5gAkaComfirmRequestProcedure
func logConfirmFailureAndInformUDM
func sendAuthResultToUDM
func ConfirmAuthDataProcedure
func CreateAuthenticationStatusProcedure

func SendAuth5gAkaConfirmRequest

Comment out the ausf part.
- I dont know whether it is necessory to use comfirmData's optional.Interface format or I can pass resStar directly.
- But it seems like an API working on Nausf, so I think I can ignore it by just pass resStar string to function.
I want to know the received value in the called function func HandleAuth5gAkaComfirmRequest, so I print out these variables.
- The result is restar and suci.
- So that I know I can modify like this.
  - Also change the name of called function.

func HandleAuth5gAkaComfirmRequestProcedure

About the API function between this and previous function, I just move the logger and comment out it.
Format
- This variable will receive resStar, so change format to string.
- This format is from model, and includes supi and Kseaf
  - supi will be return back to handler.go and save to ue, so we can reserve this format.
  - There is another format in model for resStar, but here I just pass resStar directly.
- Delete this redudent parameter, because I passed resStar to here directly.
- I find that handler encode resStar before passing it, so I print out some value in original free5gc to confirm if I need to decode it.
  - In handler, resStar, resStar[:] are the same, so the point is tha value after encoding.
    
    Use text book for conveniently wathing.
  - In AMF, the value stay same after the wrap of confirmData.
  - In AUSF, there has already a printing function existedd to compare the res* and xres*, but the printing format is Hexadecimal(%x), so I just print out the %+v format to ensure that they are compared in encoded status.
    - About the explanation of %x -> Link
  - So if two sides are all encoded and then compared, I dont need to do decoding.
ausf context
- Comment out the process of checking SUCI and get the SUPI from ausf context, because all ausf context related parts are commented out, and we need to get the SUPI from ConfirmationDataResponseID(SUCI).
  - Use this transfer again, and change variable name.
  - Then manually set the SNname by print out the string in original free5gc
- Because Xres* store in AUSF context originally, and previous modification comments out it and didnt store it in other parameter, so we need to add one to store Xres*.
  - Xres* is encoded in func GenerateAuthDataProcedure.
  - And is stored in ausf context in func UeAuthPostRequestProcedure.
  - Add a global variable to store it.
  - Change the variable.
- HRES* & HXRES* comparison is here, above the calling of func SendAuth5gAkaConfirmRequest.
  - And HxresStar is got from ue.AuthenticationCtx.Var5gAuthData, which receives the hxres* from AUSF function direcly.
  - So it will not be affected by ausf context.
- Kseaf process is commented out before, so here just give it zero string for storing in ue context.
- Comment out these two.
- UdmUeauUrl doesnt exist without ausf context, so comment them out too.

logger function

func logConfirmFailureAndInformUDM

Before
After

logger function

func sendAuthResultToUDM

Before
After
- self.GetSelfID() get the Nfid which is string.
  - Here change to get the AMF Nfid, but AMF doesnt have func GetSelfID(), so directly retrieve it, I dont know it is right or not using pointer to do it.

func ConfirmAuthDataProcedure

Move the logger and comment out UDM API process.
Before
After
- Move the DB parameters setting and function calling and then comment out the UDR API process
  - The original authEvent wrapping uses optional.Interface format , which I think is for API process, so I comment out them, and to see how to pass authEvent to DB.
  - Here is the modification of moved parameters setting and function calling in UDR API process.
    - The function changing the authEvent to Bson is from UDR, so we need to move it to here, make sure if there is any new import mod or not.
      
      V
  - Delete the util.
    
    ->
- Because func CreateAuthenticationStatusProcedure doesnt have return, so we can comment the http API error report, and also API calling.
  - But this function need to return one err, so just keep it nil.

logger function

func CreateAuthenticationStatusProcedure

No need to change.
- About the ueId adding, because originally authEvent doesnt have this item, and the chatGPT explanation.

Comilation

Problem 1

- This problem is that originally the variables in string format are declared together, about the explanation -> Link.
So just give them the format.

Problem 2

I think that is becaues logger.DataRepoLog.Errorf needs string to print, but the format of err is error, original print function use logger.DataRepoLog.Error.

V
- Change the return format declaration.
  
  V
- It causes other problem.
  - Just print problemDetails itself.
    
    V
- Remove the redudent &.
  
  V

Test

No problem

Result

CN side
- 5G-AKA is successful but security mode has some problem.
gnb side
UE side

The original log is like this.
The SMC explanation -> Link
Wireshark (Test with UERANSIM in other VM)
- From UE's reject message, it has a cause.
  - And security mode rejected, unspecified (24) is a keyword to search.
  - It is a LTE note about SMC in here
- From 5GC's DownlinkNAS SMC, we can see the contens of the packet is the same as normal 5GC (Except for message authentication code).
  - Modified.
  - Normal.
In logs.
- It is hard to find where is the problem source by tracing the 5GC error message (wrong security header type : 0x0, message type 95) in code or googleing the UE error message (Rejecting Security Mode Command with cause [SEC_MODE_REJECTED_UNSPECIFIED]).
  - Will only find the header of UE's uplinkNAS is wrong, and print the error by call the printing function, and the parameters is from free5gc/nas.
  - Or find some problem discussion.

In the process above, I was doubting that maybe the cause is from the modification in ue_authentication.go, the missing in some parameter resulit in the rejection of UE.
And I ask Terry that whether the commenting out of Kseaf generating affects it or not, the answar is YES.
- But I didnt know which part in security mode will use Kseaf, because I need to know where to put Kseaf value instead of AUSF context if I recover the generating process.
- And Terry say that I can put into AMF context, becausee the security mode is working in AMF, and will access the parameter in AMF context.

Github upload version

Security mode

Method

Uncomment out the Derive Kseaf from Kausf in AUSF function (func UeAuthPostRequestProcedure) and try to put the value in UE context of AMF : type AmfUe struct.

Modification & Compilation & Test

Problem 1 (Preparation)

The point is that the mutual context of UE is passing in handler.go and func SendUEAuthenticationAuthenticateRequest in ue_authentication.go, so we can not direcly put the value in func UeAuthPostRequestProcedure because ue.context is not passed to this function (Or we add a new variable, but we need to modify more place).
1. Like this error is that I want to call AmfUe in context folder.
2. Even I change to the right name of import, and compile successfully, the test has error.
3. Or I want to use GetSelf in context, but it is wrong, Kseaf is in context for UE, not in the AMFcontext
  - The error for this

Problem 2 (Preparation)

We need to use hex.EncodeToString().

Problem 3 (1st req & resp : func UeAuthPostRequestProcedure)

Because this function doesnt have the ue context variable, so I decide to put Kseaf into return variable.
Then receive and put Kseaf into ue context in this function.
In handler.go, it will receive ue and the ue variable is the same one (amfUe) passed from func Authentication in sm.go.

V

V
- In func Authentication, it uses the same variable amfUe to call this function.
- So if I load Kseaf into ue, it will be saved into amfUe by pointer passing.

My method is put Kseaf into responseBody, so we need to change its format.
- Check the format on model repo.
- Then put it above this function, change the responseBody declaration, and add Kseaf declaration in structure.
- And assign Kseaf to it after generating.
And the error in above screenshot is about the format of variables in structure.
- For first one you can find the difined source on repo
  
  V
  
  V
  
  V
- For second one.
  
  V
  
  V
  
  V

Problem 3-1

The problem is caused by the format in structure, which is not matched with the use below.
Here I can change two places, in struc or in the use below, I choose to modify in struc directly, it is successful so I didnt try to change the second place.
- The original variables are set as remarks commented out behind the sentence.

Problem 3-2

This form is correct one.

Problem 4 (Functions calling & func SendUEAuthenticationAuthenticateRequest)

- It is caused by the return variable declaration.
- It is in func SendUEAuthenticationAuthenticateRequest, to put the received Kseaf into ue context which is passed from func AuthenticaionProcedure to here.
- Dont need to add models.
- After Kseaf is assigned, we need to put the other value into the original passing format, so declar a new variable using model's format and assign the value one by one.

Problem 5 (2nd req & resp : func HandleAuthenticationResponse & func SendAuth5gAkaConfirmRequest & func HandleAuth5gAkaComfirmRequestProcedure)

The compilation is successful but the test is still tha same problem.

So I find another place where call Kseaf in UE context for using, and add logger in three places to see whether the Kseaf exists or not.
- In func SendUEAuthenticationAuthenticateRequest.
- In func AuthenticationProcedure
- The results of these two all have the value of Kseaf.
- In func HandleAuthenticationResponse
- But the third place doesnt have.
Then when you go to :

V
func SendAuth5gAkaConfirmRequest

V
func HandleAuth5gAkaComfirmRequestProcedure
You can see if the authentication confirm is successful, it will get Kseaf from susf context, but I have commented out it and give it null value, because I thought Kseaf would not ne used.
- So I comment out here to prevent the null value cover the original value.

Result

CN side
- The SMC is successful, and UE get the IP
- PFCP is also builded.
gnb side
UE side

Remember to comment out the logger which is used for test.

Github upload version

Removal process

Prerequisite

Because the result is successful, meaning that we don't need AUSF for 5G-AKA, now we can remove it to test again.
- In Makefile
- In run.sh
After that, you can see there is no AUSF initialization when running.

Modification & Compilation & Test

Problem 1

Comment out AUSF selecting part.

Result

After the error is solved, it is successful, then it is the same as above.

Github upload version

Test with muiltiple UE

Method

Use the commands on the wiki of UERANSIM github -> Link
Pre-register the UE in webconsole.

Problems encountered

Use 5 UEs to test.

Problem 1

CN side
gnb side
UE side

There is no UE data in 5GC, so add them on webconsole, the SUCI will be from imsi-…3~7.

Problem 2

Only one UE will successfully build the PDU session.
And you can see some Synch failure for 4 UEs
Other four will have a confirmation failed
- Find that the XresStar comparison is not successful, not the same with res*.

But if I use original free5gc, it will be successful for muiltiple UE.
- CN side
- gnb side
- UE side

So I think the problem is that I use global variable for setting Xres*, then every UE's Xres* will be the same.
- Here you can check the result that tests with 2 UEs.
- And if you scroll up, you can see the final XresStar stored in the global variable is from imsi-…0003, so the imsi-…0004 will not pass the 5G-AKA confirmation.

Modification & Compilation

Pre

Some differences between the original storing method and global method.
eed to ensure Xres* is stored independently for each UE. Using global variables in a concurrent environment can lead to race conditions and data corruption.So I need to use context or mapping to process it.
- First import "sync", and change the delclaration.
- Then before comparison, get the value using supi from map, and do the error report.

Problem 1

hex.DecodeString() has two return, but encode only one, so dont mess up them.

Problem 2

Problem 3

Instead of hex.encodestring()

Problem 4

The Xres* is in if/else, so outside there can not be used.

Put the if/else of map in the most ouside place.

Test

Problem 1

Because there is no supi transformation in func UeAuthPostRequestProcedure
So here change supi to ConfirmationDataResponseID which is suci, use supci to find in map.

V

Result

2 UEs

CN side (Can accept 2 UEs.)
gnb side
UE side

5 UEs

UE side
Ping internet test
- You can see there are 5 tunnels builded in UE's VM.
- Ping from these tunnels.

Ping from uesimtun0 not successful but ping directly successful.

In the VM of free5gc, need to set these network rules.





sudo sysctl -w net.ipv4.ip_forward=1
sudo iptables -t nat -A POSTROUTING -o ens18 -j MASQUERADE
sudo iptables -A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1400
sudo systemctl stop ufw
sudo iptables -I FORWARD 1 -j ACCEPT

Syntax	Example	Reference
# Header	Header	基本排版
- Unordered List	Unordered List
1. Ordered List	Ordered List
- [ ] Todo List	Todo List
> Blockquote	Blockquote
Bold font	Bold font
Italics font	Italics font
~~Strikethrough~~	~~Strikethrough~~
19^th^	19^th
H~2~O	H₂O
++Inserted text++	Inserted text
==Marked text==	Marked text
[link text](https:// "title")	Link
![image alt](https:// "title")	Image
`Code`	`Code`	在筆記中貼入程式碼
```javascript var i = 0; ```	`var i = 0;`	在筆記中貼入程式碼
:smile:		Emoji list
{%youtube youtube_id %}	Externals
$L^aT_eX$	L^aT_eX
:::info This is a alert area. :::	This is a alert area.