osmith has uploaded this change for review. ( https://gerrit.osmocom.org/c/osmo-ttcn3-hacks/+/38266?usp=email )
Change subject: ggsn: add testenv.cfg for open5gs ......................................................................
ggsn: add testenv.cfg for open5gs
Change-Id: If11c0fcba84122d2398cb50208f161b9a3961df6 --- M ggsn_tests/GGSN_Tests.cfg A ggsn_tests/open5gs/freediameter.conf A ggsn_tests/open5gs/open5gs-smf.yaml A ggsn_tests/open5gs/open5gs-upf.yaml A ggsn_tests/open5gs/testenv.sh A ggsn_tests/testenv_open5gs.cfg 6 files changed, 484 insertions(+), 1 deletion(-)
git pull ssh://gerrit.osmocom.org:29418/osmo-ttcn3-hacks refs/changes/66/38266/1
diff --git a/ggsn_tests/GGSN_Tests.cfg b/ggsn_tests/GGSN_Tests.cfg index 3d4d2af..6b27bf6 100644 --- a/ggsn_tests/GGSN_Tests.cfg +++ b/ggsn_tests/GGSN_Tests.cfg @@ -18,7 +18,7 @@ GGSN_Tests.m_bind_ip_gtpu := "127.0.0.1" # GGSN IP address GGSN_Tests.m_ggsn_ip_gtpc := "127.0.0.2" -GGSN_Tests.m_ggsn_ip_gtpu := "127.0.0.2" +GGSN_Tests.m_ggsn_ip_gtpu := "127.0.0.2" # For open5gs: 127.0.0.222 # GGSN announced DNS address GGSN_Tests.m_ggsn_ip4_dns1 := "172.18.3.201" GGSN_Tests.m_ggsn_ip6_dns1 := "fd02:db8:3::201" @@ -29,6 +29,7 @@ GGSN_Tests.mp_n3_requests := 2;
GGSN_Tests.m_ggsn_conf := GGSN_CONF_ALL +GGSN_Tests.m_ggsn_impl := GGSN_IMPL_OSMOCOM # For open5gs: GGSN_IMPL_OPEN5GS
[EXECUTE] GGSN_Tests.control diff --git a/ggsn_tests/open5gs/freediameter.conf b/ggsn_tests/open5gs/freediameter.conf new file mode 100644 index 0000000..6311878 --- /dev/null +++ b/ggsn_tests/open5gs/freediameter.conf @@ -0,0 +1,266 @@ +# This is a sample configuration file for freeDiameter daemon. + +# Most of the options can be omitted, as they default to reasonable values. +# Only TLS-related options must be configured properly in usual setups. + +# It is possible to use "include" keyword to import additional files +# e.g.: include "/etc/freeDiameter.d/*.conf" +# This is exactly equivalent as copy & paste the content of the included file(s) +# where the "include" keyword is found. + + +############################################################## +## Peer identity and realm + +# The Diameter Identity of this daemon. +# This must be a valid FQDN that resolves to the local host. +# Default: hostname's FQDN +#Identity = "aaa.koganei.freediameter.net"; +Identity = "smf.localdomain"; + +# The Diameter Realm of this daemon. +# Default: the domain part of Identity (after the first dot). +#Realm = "koganei.freediameter.net"; +Realm = "localdomain"; + +############################################################## +## Transport protocol configuration + +# The port this peer is listening on for incoming connections (TCP and SCTP). +# Default: 3868. Use 0 to disable. +Port = 3868; + +# The port this peer is listening on for incoming TLS-protected connections (TCP and SCTP). +# See TLS_old_method for more information about TLS flavours. +# Note: we use TLS/SCTP instead of DTLS/SCTP at the moment. This will change in future version of freeDiameter. +# Default: 5868. Use 0 to disable. +SecPort = 0; + +# Use RFC3588 method for TLS protection, where TLS is negociated after CER/CEA exchange is completed +# on the unsecure connection. The alternative is RFC6733 mechanism, where TLS protects also the +# CER/CEA exchange on a dedicated secure port. +# This parameter only affects outgoing connections. +# The setting can be also defined per-peer (see Peers configuration section). +# Default: use RFC6733 method with separate port for TLS. +#TLS_old_method; + +# Disable use of TCP protocol (only listen and connect over SCTP) +# Default : TCP enabled +#No_TCP; + +# Disable use of SCTP protocol (only listen and connect over TCP) +# Default : SCTP enabled +#No_SCTP; +# This option is ignored if freeDiameter is compiled with DISABLE_SCTP option. + +# Prefer TCP instead of SCTP for establishing new connections. +# This setting may be overwritten per peer in peer configuration blocs. +# Default : SCTP is attempted first. +#Prefer_TCP; + +# Default number of streams per SCTP associations. +# This setting may be overwritten per peer basis. +# Default : 30 streams +#SCTP_streams = 30; + +############################################################## +## Endpoint configuration + +# Disable use of IP addresses (only IPv6) +# Default : IP enabled +#No_IP; + +# Disable use of IPv6 addresses (only IP) +# Default : IPv6 enabled +#No_IPv6; + +# Specify local addresses the server must bind to +# Default : listen on all addresses available. +#ListenOn = "202.249.37.5"; +#ListenOn = "2001:200:903:2::202:1"; +#ListenOn = "fe80::21c:5ff:fe98:7d62%eth0"; +ListenOn = "127.0.0.2"; + + +############################################################## +## Server configuration + +# How many Diameter peers are allowed to be connecting at the same time ? +# This parameter limits the number of incoming connections from the time +# the connection is accepted until the first CER is received. +# Default: 5 unidentified clients in paralel. +#ThreadsPerServer = 5; + +############################################################## +## TLS Configuration + +# TLS is managed by the GNUTLS library in the freeDiameter daemon. +# You may find more information about parameters and special behaviors +# in the relevant documentation. +# http://www.gnu.org/software/gnutls/manual/ + +# Credentials of the local peer +# The X509 certificate and private key file to use for the local peer. +# The files must contain PKCS-1 encoded RSA key, in PEM format. +# (These parameters are passed to gnutls_certificate_set_x509_key_file function) +# Default : NO DEFAULT +#TLS_Cred = "<x509 certif file.PEM>" , "<x509 private key file.PEM>"; +#TLS_Cred = "/etc/ssl/certs/freeDiameter.pem", "/etc/ssl/private/freeDiameter.key"; + +# Certificate authority / trust anchors +# The file containing the list of trusted Certificate Authorities (PEM list) +# (This parameter is passed to gnutls_certificate_set_x509_trust_file function) +# The directive can appear several times to specify several files. +# Default : GNUTLS default behavior +#TLS_CA = "<file.PEM>"; + +# Certificate Revocation List file +# The information about revoked certificates. +# The file contains a list of trusted CRLs in PEM format. They should have been verified before. +# (This parameter is passed to gnutls_certificate_set_x509_crl_file function) +# Note: openssl CRL format might have interoperability issue with GNUTLS format. +# Default : GNUTLS default behavior +#TLS_CRL = "<file.PEM>"; + +# GNU TLS Priority string +# This string allows to configure the behavior of GNUTLS key exchanges +# algorithms. See gnutls_priority_init function documentation for information. +# You should also refer to the Diameter required TLS support here: +# http://tools.ietf.org/html/rfc6733#section-13.1 +# Default : "NORMAL" +# Example: TLS_Prio = "NONE:+VERS-TLS1.1:+AES-128-CBC:+RSA:+SHA1:+COMP-NULL"; +#TLS_Prio = "NORMAL"; + +# Diffie-Hellman parameters size +# Set the number of bits for generated DH parameters +# Valid value should be 768, 1024, 2048, 3072 or 4096. +# (This parameter is passed to gnutls_dh_params_generate2 function, +# it usually should match RSA key size) +# Default : 1024 +#TLS_DH_Bits = 1024; + +# Alternatively, you can specify a file to load the PKCS#3 encoded +# DH parameters directly from. This accelerates the daemon start +# but is slightly less secure. If this file is provided, the +# TLS_DH_Bits parameters has no effect. +# Default : no default. +#TLS_DH_File = "<file.PEM>"; + + +############################################################## +## Timers configuration + +# The Tc timer of this peer. +# It is the delay before a new attempt is made to reconnect a disconnected peer. +# The value is expressed in seconds. The recommended value is 30 seconds. +# Default: 30 +#TcTimer = 30; + +# The Tw timer of this peer. +# It is the delay before a watchdog message is sent, as described in RFC 3539. +# The value is expressed in seconds. The default value is 30 seconds. Value must +# be greater or equal to 6 seconds. See details in the RFC. +# Default: 30 +#TwTimer = 30; + +############################################################## +## Applications configuration + +# Disable the relaying of Diameter messages? +# For messages not handled locally, the default behavior is to forward the +# message to another peer if any is available, according to the routing +# algorithms. In addition the "0xffffff" application is advertised in CER/CEA +# exchanges. +# Default: Relaying is enabled. +#NoRelay; +NoRelay; + +# Number of server threads that can handle incoming messages at the same time. +# Default: 4 +#AppServThreads = 4; + +# Other applications are configured by loaded extensions. + +############################################################## +## Extensions configuration + +# The freeDiameter framework merely provides support for +# Diameter Base Protocol. The specific application behaviors, +# as well as advanced functions, are provided +# by loadable extensions (plug-ins). +# These extensions may in addition receive the name of a +# configuration file, the format of which is extension-specific. +# +# Format: +#LoadExtension = "/path/to/extension" [ : "/optional/configuration/file" ] ; +# +# Examples: +#LoadExtension = "extensions/sample.fdx"; +#LoadExtension = "extensions/sample.fdx":"conf/sample.conf"; + +# Extensions are named as follow: +# dict_* for extensions that add content to the dictionary definitions. +# dbg_* for extensions useful only to retrieve more information on the framework execution. +# acl_* : Access control list, to control which peers are allowed to connect. +# rt_* : routing extensions that impact how messages are forwarded to other peers. +# app_* : applications, these extensions usually register callbacks to handle specific messages. +# test_* : dummy extensions that are useful only in testing environments. + + +# The dbg_msg_dump.fdx extension allows you to tweak the way freeDiameter displays some +# information about some events. This extension does not actually use a configuration file +# but receives directly a parameter in the string passed to the extension. Here are some examples: +## LoadExtension = "dbg_msg_dumps.fdx" : "0x1111"; # Removes all default hooks, very quiet even in case of errors. +## LoadExtension = "dbg_msg_dumps.fdx" : "0x2222"; # Display all events with few details. +## LoadExtension = "dbg_msg_dumps.fdx" : "0x0080"; # Dump complete information about sent and received messages. +# The four digits respectively control: connections, routing decisions, sent/received messages, errors. +# The values for each digit are: +# 0 - default - keep the default behavior +# 1 - quiet - remove any specific log +# 2 - compact - display only a summary of the information +# 4 - full - display the complete information on a single long line +# 8 - tree - display the complete information in an easier to read format spanning several lines. + +LoadExtension = "dbg_msg_dumps.fdx" : "0x8888"; +LoadExtension = "dict_rfc5777.fdx"; +LoadExtension = "dict_mip6i.fdx"; +LoadExtension = "dict_nasreq.fdx"; +LoadExtension = "dict_nas_mipv6.fdx"; +LoadExtension = "dict_dcca.fdx"; +LoadExtension = "dict_dcca_3gpp.fdx"; + + +############################################################## +## Peers configuration + +# The local server listens for incoming connections. By default, +# all unknown connecting peers are rejected. Extensions can override this behavior (e.g., acl_wl). +# +# In addition to incoming connections, the local peer can +# be configured to establish and maintain connections to some +# Diameter nodes and allow connections from these nodes. +# This is achieved with the ConnectPeer directive described below. +# +# Note that the configured Diameter Identity MUST match +# the information received inside CEA, or the connection will be aborted. +# +# Format: +#ConnectPeer = "diameterid" [ { parameter1; parameter2; ...} ] ; +# Parameters that can be specified in the peer's parameter list: +# No_TCP; No_SCTP; No_IP; No_IPv6; Prefer_TCP; TLS_old_method; +# No_TLS; # assume transparent security instead of TLS. DTLS is not supported yet (will change in future versions). +# Port = 5868; # The port to connect to +# TcTimer = 30; +# TwTimer = 30; +# ConnectTo = "202.249.37.5"; +# ConnectTo = "2001:200:903:2::202:1"; +# TLS_Prio = "NORMAL"; +# Realm = "realm.net"; # Reject the peer if it does not advertise this realm. +# Examples: +#ConnectPeer = "aaa.wide.ad.jp"; +#ConnectPeer = "old.diameter.serv" { TcTimer = 60; TLS_old_method; No_SCTP; Port=3868; } ; +ConnectPeer = "pcrf.localdomain" { ConnectTo = "127.0.0.1"; Port = 3868; No_TLS; TcTimer = 2; }; +ConnectPeer = "ocs.localdomain" { ConnectTo = "127.0.0.1"; Port = 3869; No_TLS; TcTimer = 2; }; + + +############################################################## diff --git a/ggsn_tests/open5gs/open5gs-smf.yaml b/ggsn_tests/open5gs/open5gs-smf.yaml new file mode 100644 index 0000000..0e26550 --- /dev/null +++ b/ggsn_tests/open5gs/open5gs-smf.yaml @@ -0,0 +1,55 @@ +# See https://github.com/open5gs/open5gs/blob/main/configs/open5gs/smf.yaml.in + +logger: + level: info + +global: + max: + ue: 1024 + +smf: + pfcp: + server: + - address: 127.0.0.2 + client: + upf: + - address: 127.0.0.222 + gtpc: + server: + - address: 127.0.0.2 + option: + so_bindtodevice: lo + gtpu: + server: + - address: 127.0.0.2 + port: 2152 + option: + so_bindtodevice: lo + metrics: + server: + - address: 127.0.0.2 + port: 9090 + session: + - subnet: 176.16.16.1/20 + dnn: internet + - subnet: 2001:780:44:2000:0:0:0:1/56 + dnn: inet6 + - subnet: 176.16.32.1/20 + dnn: inet46 + - subnet: 2001:780:44:2100:0:0:0:1/56 + dnn: inet46 + dns: + - 172.18.3.201 + - 8.8.8.8 + - fd02:db8:3::201 + - 2001:4860:4860::8844 + mtu: 1400 + ctf: + enabled: auto + freeDiameter: open5gs/freediameter.conf + +parameter: + +max: + +time: diff --git a/ggsn_tests/open5gs/open5gs-upf.yaml b/ggsn_tests/open5gs/open5gs-upf.yaml new file mode 100644 index 0000000..7e38eea --- /dev/null +++ b/ggsn_tests/open5gs/open5gs-upf.yaml @@ -0,0 +1,42 @@ +# See https://github.com/open5gs/open5gs/blob/main/configs/open5gs/upf.yaml.in + +logger: + level: info + +global: + max: + ue: 1024 + +upf: + pfcp: + server: + - address: 127.0.0.222 + gtpu: + server: + - address: 127.0.0.222 + port: 2152 + option: + so_bindtodevice: lo + session: + - subnet: 176.16.16.1/20 + dnn: internet + dev: ogstun4 + - subnet: 2001:780:44:2000:0:0:0:1/56 + dnn: inet6 + dev: ogstun6 + - subnet: 176.16.32.1/20 + dnn: inet46 + dev: ogstun46 + - subnet: 2001:780:44:2100:0:0:0:1/56 + dnn: inet46 + dev: ogstun46 + +smf: + pfcp: + - address: 127.0.0.2 + +parameter: + +max: + +time: diff --git a/ggsn_tests/open5gs/testenv.sh b/ggsn_tests/open5gs/testenv.sh new file mode 100755 index 0000000..9cc1c70 --- /dev/null +++ b/ggsn_tests/open5gs/testenv.sh @@ -0,0 +1,103 @@ +#!/bin/sh -ex +DEV=ggsn_dummy + +check_usage() { + if [ -z "$TESTENV_CLEAN_REASON" ]; then + set +x + echo "Do not run this script manually." + echo "Run 'testenv.py run ggsn' instead." + exit 1 + fi +} + +adjust_ttcn3_config() { + sed -i 's/^GGSN_Tests.m_ggsn_impl := .*/GGSN_Tests.m_ggsn_impl := GGSN_IMPL_OPEN5GS/' \ + ../testsuite/GGSN_Tests.cfg + sed -i 's/^GGSN_Tests.m_ggsn_ip_gtpu := .*/GGSN_Tests.m_ggsn_ip_gtpu := "127.0.0.222"/' \ + ../testsuite/GGSN_Tests.cfg +} + +setcap_open5gs_upfd() { + sudo setcap CAP_NET_RAW=+eip $(which open5gs-upfd) +} + +add_tun() { + local name="$1" + if ! grep "$name" /proc/net/dev > /dev/null; then + sudo ip tuntap add name $name mode tun + fi +} + +add_addr() { + local name="$1" + local addr="$2" + + sudo ip addr add "$addr" dev "$name" +} + +add_tun_all() { + add_tun "ogstun4" + add_tun "ogstun6" + add_tun "ogstun46" + + add_addr "ogstun4" "176.16.16.1/20" + add_addr "ogstun6" "2001:780:44:2000:0:0:0:1/56" + add_addr "ogstun46" "176.16.32.1/20" + add_addr "ogstun46" "2001:780:44:2100:0:0:0:1/56" + + sudo ip link set ogstun4 up + sudo ip link set ogstun6 up + sudo ip link set ogstun46 up +} + +del_tun() { + local name="$1" + + if ip link ls dev "$name" >/dev/null 2>&1; then + sudo ip link set "$name" down + sudo ip link del "$name" + fi +} + +del_tun_all() { + del_tun "ogstun4" + del_tun "ogstun6" + del_tun "ogstun46" +} + +add_dummy_netdev() { + # Add a network device reachable through the GTP tunnel that can answer ICMP + # pings (for e.g. TC_pdp4_act_deact_gtpu_access) + sudo ip link add "$DEV" type dummy + sudo ip addr add "172.18.3.201" dev "$DEV" + sudo ip addr add "fd02:db8:3::201" dev "$DEV" + sudo ip link set "$DEV" up +} + +del_dummy_netdev() { + if ip link ls dev "$DEV" >/dev/null 2>&1; then + sudo ip link del "$DEV" + fi +} + +check_usage + +case "$TESTENV_CLEAN_REASON" in + prepare) + setcap_open5gs_upfd + adjust_ttcn3_config + del_dummy_netdev + del_tun_all + add_dummy_netdev + add_tun_all + ;; + crashed|finished) + del_dummy_netdev + del_tun_all + ;; + *) + set +x + echo "ERROR: unexpected TESTENV_CLEAN_REASON: $TESTENV_CLEAN_REASON" + exit 1 + ;; +esac diff --git a/ggsn_tests/testenv_open5gs.cfg b/ggsn_tests/testenv_open5gs.cfg new file mode 100644 index 0000000..2d107a8 --- /dev/null +++ b/ggsn_tests/testenv_open5gs.cfg @@ -0,0 +1,16 @@ +[testsuite] +program=GGSN_Tests +config=GGSN_Tests.cfg + +[smf] +program=open5gs-smfd -c open5gs/open5gs-smf.yaml +make=open5gs +package=open5gs-smf +copy=open5gs/open5gs-smf.yaml open5gs/freediameter.conf + +[upf] +program=open5gs-upfd -c open5gs/open5gs-upf.yaml +make=open5gs +package=open5gs-upf +copy=open5gs/open5gs-upf.yaml open5gs/testenv.sh +clean=open5gs/testenv.sh
-
osmith