free5gc · tim-ywliu · Oct 18, 2024 · Apr 15, 2022 · May 25, 2022 · Jul 7, 2022
diff --git a/.golangci.yml b/.golangci.yml
@@ -5,7 +5,7 @@ run:
   # default concurrency is a available CPU number
   concurrency: 4
   # timeout for analysis, e.g. 30s, 5m, default is 1m
-  timeout: 3m
+  timeout: 5m
   # exit code when at least one issue was found, default is 1
   issues-exit-code: 1
   # include test files or not, default is true

diff --git a/go.mod b/go.mod
@@ -5,11 +5,13 @@ go 1.21
 require (
 	github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d
 	github.com/free5gc/aper v1.0.6-0.20240503143507-2c4c4780b98f
+	github.com/free5gc/ike v1.1.1-0.20241014015325-083f89768f43
 	github.com/free5gc/ngap v1.0.9-0.20240708062829-734d184eed74
 	github.com/free5gc/sctp v1.0.1
-	github.com/free5gc/util v1.0.7-0.20240713162917-350ee8f4af4c
+	github.com/free5gc/util v1.0.7-0.20241017071924-da29aef99a1c
 	github.com/gin-contrib/pprof v1.5.0
 	github.com/gin-gonic/gin v1.10.0
+	github.com/google/gopacket v1.1.19
 	github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826
 	github.com/pkg/errors v0.9.1
 	github.com/sirupsen/logrus v1.9.3

diff --git a/go.sum b/go.sum
@@ -16,14 +16,16 @@ github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/free5gc/aper v1.0.6-0.20240503143507-2c4c4780b98f h1:sO8FFwAq7feSw/vKN9ioY+fX1gNTXd6/xQOqaeclzsA=
 github.com/free5gc/aper v1.0.6-0.20240503143507-2c4c4780b98f/go.mod h1:oh3dtNsje2W4/q3pfidMWQKXbXIehXK3t6CD9tXmHx0=
+github.com/free5gc/ike v1.1.1-0.20241014015325-083f89768f43 h1:cgpG06umqWTAwYy/bLXXcdNg+k7+qkinsElCVZzuOSI=
+github.com/free5gc/ike v1.1.1-0.20241014015325-083f89768f43/go.mod h1:57Ujd9Xjva02mt3OVfepYKiheFHO5Y0YCQyBgB1p1Qs=
 github.com/free5gc/ngap v1.0.9-0.20240708062829-734d184eed74 h1:foSd3OVtTfDmn3EZbsBngK+U93Mv8YE+qSja7FvKEVU=
 github.com/free5gc/ngap v1.0.9-0.20240708062829-734d184eed74/go.mod h1:UsPP9LWVyNwu5sm7ZE5toAFeBNkkyj0rh+4Q3ylRBi8=
 github.com/free5gc/openapi v1.0.9-0.20240503143645-eac9f06c2f6b h1:+VcgZq+3apB6Xr4jEqgGf/uAECRF038SwixEvvxhYrM=
 github.com/free5gc/openapi v1.0.9-0.20240503143645-eac9f06c2f6b/go.mod h1:0qRW+H1/Nyzw5tjjvyp+90m+2SOZZefGQC9QV8iPwu8=
 github.com/free5gc/sctp v1.0.1 h1:g8WDO97r8B9ubkT5Hyk9b4I1fZUOii9Z39gQ2eRaASo=
 github.com/free5gc/sctp v1.0.1/go.mod h1:7QXfRWCmlkBGD0EIu3qL5o71bslfIakydz4h2QDZdjQ=
-github.com/free5gc/util v1.0.7-0.20240713162917-350ee8f4af4c h1:baToZn4hxGKoCm3BWwYlRuZoCQ74cMZUJzg9BVLEdE0=
-github.com/free5gc/util v1.0.7-0.20240713162917-350ee8f4af4c/go.mod h1:IHKIBd4OM9rwSJ0fG/hv6pXbVC+Eu4Lcaq++BWkfSsY=
+github.com/free5gc/util v1.0.7-0.20241017071924-da29aef99a1c h1:vJ3IJPvW4gt7i7d3y8KMp42jypeKsfUG+CqSiFRoXAU=
+github.com/free5gc/util v1.0.7-0.20241017071924-da29aef99a1c/go.mod h1:IHKIBd4OM9rwSJ0fG/hv6pXbVC+Eu4Lcaq++BWkfSsY=
 github.com/gabriel-vasile/mimetype v1.4.3 h1:in2uUcidCuFcDKtdcBxlR0rJ1+fsokWf+uqxgUFjbI0=
 github.com/gabriel-vasile/mimetype v1.4.3/go.mod h1:d8uq/6HKRL6CGdk+aubisF/M5GcPfT7nKyLpA0lbSSk=
 github.com/gin-contrib/pprof v1.5.0 h1:E/Oy7g+kNw94KfdCy3bZxQFtyDnAX2V7axRS7sNYVrU=
@@ -49,6 +51,8 @@ github.com/golang-jwt/jwt/v5 v5.2.1/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVI
 github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
 github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
+github.com/google/gopacket v1.1.19 h1:ves8RnFZPGiFnTS0uPQStjwru6uO6h+nlr9j6fL7kF8=
+github.com/google/gopacket v1.1.19/go.mod h1:iJ8V8n6KS+z2U1A8pUwu8bW5SyEMkXJB8Yo/Vo+TKTo=
 github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
 github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
 github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg=
@@ -114,23 +118,35 @@ github.com/wmnsk/go-gtp v0.8.11-0.20240705144331-f53bfdd4233b/go.mod h1:pXocxsDk
 golang.org/x/arch v0.0.0-20210923205945-b76863e36670/go.mod h1:5om86z9Hs0C8fWVUuoMHwpExlXzs5Tkyp9hOrfG7pp8=
 golang.org/x/arch v0.8.0 h1:3wRIsP3pM4yUptoR96otTUOXI367OS0+c9eeRi9doIc=
 golang.org/x/arch v0.8.0/go.mod h1:FEVrYAQjsQXMVJ1nsMoVVXPZg6p2JE2mx8psSWTDQys=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.25.0 h1:ypSNr+bnYL2YhwoMt2zPxHFmbAN1KZs/njMG3hxUp30=
 golang.org/x/crypto v0.25.0/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/M=
+golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
+golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
+golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.27.0 h1:5K3Njcw06/l2y9vpGCSdcxWOYHOUk3dVNGDXN+FvAys=
 golang.org/x/net v0.27.0/go.mod h1:dDi0PyhWNoiUOrAS8uXv/vnScO4wnHQO4mj9fn/RytE=
+golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190606203320-7fc4e5ec1444/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.22.0 h1:RI27ohtqKCnwULzJLqkv897zojh5/DwS/ENaMzUOaWI=
 golang.org/x/sys v0.22.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4=
 golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI=
+golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 google.golang.org/protobuf v1.34.1 h1:9ddQBjfCyZPOHPUiPxpYESBLc+T8P3E+Vo4IbKZgFWg=
 google.golang.org/protobuf v1.34.1/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY=
-gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 h1:YR8cESwS4TdDjEe65xsg0ogRM/Nc3DYOhEAlW+xobZo=
+gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
 gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=

diff --git a/pkg/context/3gpp_types.go → internal/context/3gpp_types.go b/pkg/context/3gpp_types.go → internal/context/3gpp_types.go
diff --git a/pkg/context/amf.go → internal/context/amf.go b/pkg/context/amf.go → internal/context/amf.go
@@ -21,7 +21,7 @@ type N3IWFAMF struct {
 	// Overload related
 	AMFOverloadContent *AMFOverloadContent
 	// Relative Context
-	N3iwfRanUeList map[int64]*N3IWFRanUe // ranUeNgapId as key
+	N3iwfRanUeList map[int64]RanUe // ranUeNgapId as key
 }
 
 type AMFTNLAssociationItem struct {
@@ -47,12 +47,12 @@ func (amf *N3IWFAMF) init(sctpAddr string, conn *sctp.SCTPConn) {
 	amf.SCTPAddr = sctpAddr
 	amf.SCTPConn = conn
 	amf.AMFTNLAssociationList = make(map[string]*AMFTNLAssociationItem)
-	amf.N3iwfRanUeList = make(map[int64]*N3IWFRanUe)
+	amf.N3iwfRanUeList = make(map[int64]RanUe)
 }
 
-func (amf *N3IWFAMF) FindUeByAmfUeNgapID(id int64) *N3IWFRanUe {
+func (amf *N3IWFAMF) FindUeByAmfUeNgapID(id int64) RanUe {
 	for _, ranUe := range amf.N3iwfRanUeList {
-		if ranUe.AmfUeNgapId == id {
+		if ranUe.GetSharedCtx().AmfUeNgapId == id {
 			return ranUe
 		}
 	}

diff --git a/pkg/context/context.go → internal/context/context.go b/pkg/context/context.go → internal/context/context.go
@@ -4,7 +4,7 @@ import (
 	"context"
 	"crypto/rand"
 	"crypto/rsa"
-	"crypto/sha1"
+	"crypto/sha1" // #nosec G505
 	"crypto/x509"
 	"encoding/pem"
 	"fmt"
@@ -24,6 +24,7 @@ import (
 	"github.com/free5gc/ngap/ngapType"
 	"github.com/free5gc/sctp"
 	"github.com/free5gc/util/idgenerator"
+	"github.com/free5gc/util/ippool"
 )
 
 type n3iwf interface {
@@ -45,9 +46,9 @@ type N3IWFContext struct {
 	ChildSA                sync.Map // map[uint32]*ChildSecurityAssociation, inboundSPI as key
 	GTPConnectionWithUPF   sync.Map // map[string]*gtpv1.UPlaneConn, UPF address as key
 	AllocatedUEIPAddress   sync.Map // map[string]*N3IWFIkeUe, IPAddr as key
-	AllocatedUETEID        sync.Map // map[uint32]*N3IWFRanUe, TEID as key
+	AllocatedUETEID        sync.Map // map[uint32]*RanUe, TEID as key
 	IKEUePool              sync.Map // map[uint64]*N3IWFIkeUe, SPI as key
-	RANUePool              sync.Map // map[int64]*N3IWFRanUe, RanUeNgapID as key
+	RANUePool              sync.Map // map[int64]*RanUe, RanUeNgapID as key
 	IKESPIToNGAPId         sync.Map // map[uint64]RanUeNgapID, SPI as key
 	NGAPIdToIKESPI         sync.Map // map[uint64]SPI, RanUeNgapID as key
 
@@ -56,12 +57,12 @@ type N3IWFContext struct {
 	N3IWFCertificate     []byte
 	N3IWFPrivateKey      *rsa.PrivateKey
 
-	UeIPRange *net.IPNet
+	IPSecInnerIPPool *ippool.IPPool
+	// TODO: [TWIF] TwifUe may has its own IP address pool
 
 	// XFRM interface
 	XfrmIfaces          sync.Map // map[uint32]*netlink.Link, XfrmIfaceId as key
 	XfrmParentIfaceName string
-
 	// Every UE's first UP IPsec will use default XFRM interface, additoinal UP IPsec will offset its XFRM id
 	XfrmIfaceIdOffsetForUP uint32
 }
@@ -120,11 +121,11 @@ func NewContext(n3iwf n3iwf) (*N3IWFContext, error) {
 	n.N3IWFCertificate = block.Bytes
 
 	// UE IP address range
-	_, ueIPRange, err := net.ParseCIDR(cfg.GetUEIPAddrRange())
+	ueIPPool, err := ippool.NewIPPool(cfg.GetUEIPAddrRange())
 	if err != nil {
-		return nil, errors.Errorf("Parse CIDR failed: %+v", err)
+		return nil, errors.Errorf("NewContext(): %+v", err)
 	}
-	n.UeIPRange = ueIPRange
+	n.IPSecInnerIPPool = ueIPPool
 
 	// XFRM related
 	ikeBindIfaceName, err := getInterfaceName(cfg.GetIKEBindAddr())
@@ -190,11 +191,12 @@ func (c *N3IWFContext) NewN3iwfRanUe() *N3IWFRanUe {
 		return nil
 	}
 	n3iwfRanUe := &N3IWFRanUe{
-		N3iwfCtx: c,
+		RanUeSharedCtx: RanUeSharedCtx{
+			N3iwfCtx: c,
+		},
 	}
 	n3iwfRanUe.init(ranUeNgapId)
 	c.RANUePool.Store(ranUeNgapId, n3iwfRanUe)
-	n3iwfRanUe.TemporaryPDUSessionSetupData = new(PDUSessionSetupTemporaryData)
 
 	return n3iwfRanUe
 }
@@ -218,10 +220,21 @@ func (c *N3IWFContext) IkeUePoolLoad(spi uint64) (*N3IWFIkeUe, bool) {
 	}
 }
 
-func (c *N3IWFContext) RanUePoolLoad(ranUeNgapId int64) (*N3IWFRanUe, bool) {
+func (c *N3IWFContext) RanUePoolLoad(id interface{}) (RanUe, bool) {
+	var ranUeNgapId int64
+
+	cfgLog := logger.CfgLog
+	switch id := id.(type) {
+	case int64:
+		ranUeNgapId = id
+	default:
+		cfgLog.Warnf("RanUePoolLoad unhandle type: %t", id)
+		return nil, false
+	}
+
 	ranUe, ok := c.RANUePool.Load(ranUeNgapId)
 	if ok {
-		return ranUe.(*N3IWFRanUe), ok
+		return ranUe.(RanUe), ok
 	} else {
 		return nil, ok
 	}
@@ -256,7 +269,7 @@ func (c *N3IWFContext) DeleteIkeSPIFromNgapId(ranUeNgapId int64) {
 	c.NGAPIdToIKESPI.Delete(ranUeNgapId)
 }
 
-func (c *N3IWFContext) RanUeLoadFromIkeSPI(spi uint64) (*N3IWFRanUe, error) {
+func (c *N3IWFContext) RanUeLoadFromIkeSPI(spi uint64) (RanUe, error) {
 	ranNgapId, ok := c.IKESPIToNGAPId.Load(spi)
 	if ok {
 		ranUe, err := c.RanUePoolLoad(ranNgapId.(int64))
@@ -371,26 +384,30 @@ func (c *N3IWFContext) GTPConnectionWithUPFStore(upfAddr string, conn *gtpv1.UPl
 	c.GTPConnectionWithUPF.Store(upfAddr, conn)
 }
 
-func (c *N3IWFContext) NewInternalUEIPAddr(ikeUe *N3IWFIkeUe) net.IP {
+func (c *N3IWFContext) NewIPsecInnerUEIP(ikeUe *N3IWFIkeUe) (net.IP, error) {
 	var ueIPAddr net.IP
-
+	var err error
 	cfg := c.Config()
 	ipsecGwAddr := cfg.GetIPSecGatewayAddr()
-	// TODO: Check number of allocated IP to detect running out of IPs
+
 	for {
-		ueIPAddr = generateRandomIPinRange(c.UeIPRange)
-		if ueIPAddr != nil {
-			if ueIPAddr.String() == ipsecGwAddr {
-				continue
-			}
-			_, ok := c.AllocatedUEIPAddress.LoadOrStore(ueIPAddr.String(), ikeUe)
-			if !ok {
-				break
-			}
+		ueIPAddr, err = c.IPSecInnerIPPool.Allocate(nil)
+		if err != nil {
+			return nil, errors.Wrapf(err, "NewIPsecInnerUEIP()")
+		}
+		if ueIPAddr.String() == ipsecGwAddr {
+			continue
+		}
+		_, ok := c.AllocatedUEIPAddress.LoadOrStore(ueIPAddr.String(), ikeUe)
+		if ok {
+			logger.CtxLog.Warnf("NewIPsecInnerUEIP(): IP(%v) is used by other IkeUE",
+				ueIPAddr.String())
+		} else {
+			break
 		}
 	}
 
-	return ueIPAddr
+	return ueIPAddr, nil
 }
 
 func (c *N3IWFContext) DeleteInternalUEIPAddr(ipAddr string) {
@@ -405,12 +422,16 @@ func (c *N3IWFContext) AllocatedUEIPAddressLoad(ipAddr string) (*N3IWFIkeUe, boo
 	return nil, false
 }
 
-func (c *N3IWFContext) NewTEID(ranUe *N3IWFRanUe) uint32 {
+func (c *N3IWFContext) NewTEID(ranUe RanUe) uint32 {
 	teid64, err := c.TEIDGenerator.Allocate()
 	if err != nil {
 		logger.CtxLog.Errorf("New TEID failed: %+v", err)
 		return 0
 	}
+	if teid64 < 0 || teid64 > math.MaxUint32 {
+		logger.CtxLog.Warnf("NewTEID teid64 out of uint32 range: %d, use maxUint32", teid64)
+		return 0
+	}
 	teid32 := uint32(teid64)
 
 	c.AllocatedUETEID.Store(teid32, ranUe)
@@ -423,10 +444,10 @@ func (c *N3IWFContext) DeleteTEID(teid uint32) {
 	c.AllocatedUETEID.Delete(teid)
 }
 
-func (c *N3IWFContext) AllocatedUETEIDLoad(teid uint32) (*N3IWFRanUe, bool) {
+func (c *N3IWFContext) AllocatedUETEIDLoad(teid uint32) (RanUe, bool) {
 	ranUe, ok := c.AllocatedUETEID.Load(teid)
 	if ok {
-		return ranUe.(*N3IWFRanUe), ok
+		return ranUe.(RanUe), ok
 	}
 	return nil, false
 }
@@ -435,9 +456,12 @@ func (c *N3IWFContext) AMFSelection(
 	ueSpecifiedGUAMI *ngapType.GUAMI,
 	ueSpecifiedPLMNId *ngapType.PLMNIdentity,
 ) *N3IWFAMF {
-	var availableAMF *N3IWFAMF
+	var availableAMF, defaultAMF *N3IWFAMF
 	c.AMFPool.Range(func(key, value interface{}) bool {
 		amf := value.(*N3IWFAMF)
+		if defaultAMF == nil {
+			defaultAMF = amf
+		}
 		if amf.FindAvalibleAMFByCompareGUAMI(ueSpecifiedGUAMI) {
 			availableAMF = amf
 			return false
@@ -451,24 +475,9 @@ func (c *N3IWFContext) AMFSelection(
 			return true
 		}
 	})
-	return availableAMF
-}
-
-func generateRandomIPinRange(subnet *net.IPNet) net.IP {
-	ipAddr := make([]byte, 4)
-	randomNumber := make([]byte, 4)
-
-	_, err := rand.Read(randomNumber)
-	if err != nil {
-		logger.CtxLog.Errorf("Generate random number for IP address failed: %+v", err)
-		return nil
-	}
-
-	// TODO: elimenate network name, gateway, and broadcast
-	for i := 0; i < 4; i++ {
-		alter := randomNumber[i] & (subnet.Mask[i] ^ 255)
-		ipAddr[i] = subnet.IP[i] + alter
+	if availableAMF == nil &&
+		defaultAMF != nil {
+		availableAMF = defaultAMF
 	}
-
-	return net.IPv4(ipAddr[0], ipAddr[1], ipAddr[2], ipAddr[3])
+	return availableAMF
 }