pespin has uploaded this change for review. ( https://gerrit.osmocom.org/c/osmo-ttcn3-hacks/+/40367?usp=email )

Change subject: 5gc: initial ......................................................................

5gc: initial

Change-Id: I867433c87c6da2f0d1f299245aedf4830acbf539 --- A 5gc/C5G_Tests.cfg A 5gc/C5G_Tests.default A 5gc/C5G_Tests.ttcn A 5gc/README.md A 5gc/create_test_subscribers.sh A 5gc/expected-results.xml A 5gc/gen_links.sh A 5gc/mongod.conf A 5gc/open5gs/open5gs-amf.yaml A 5gc/open5gs/open5gs-ausf.yaml A 5gc/open5gs/open5gs-bsf.yaml A 5gc/open5gs/open5gs-nrf.yaml A 5gc/open5gs/open5gs-pcf.yaml A 5gc/open5gs/open5gs-scp.yaml A 5gc/open5gs/open5gs-sepp1.yaml A 5gc/open5gs/open5gs-sepp2.yaml A 5gc/open5gs/open5gs-smf-freediameter.conf A 5gc/open5gs/open5gs-smf.yaml A 5gc/open5gs/open5gs-udm.yaml A 5gc/open5gs/open5gs-udr.yaml A 5gc/open5gs/open5gs-upf.yaml A 5gc/open5gs/open5gs_prepare.sh A 5gc/regen_makefile.sh A 5gc/testenv.cfg M Makefile 25 files changed, 3,545 insertions(+), 1 deletion(-)

git pull ssh://gerrit.osmocom.org:29418/osmo-ttcn3-hacks refs/changes/67/40367/1

diff --git a/5gc/C5G_Tests.cfg b/5gc/C5G_Tests.cfg new file mode 100644 index 0000000..85ad9a3 --- /dev/null +++ b/5gc/C5G_Tests.cfg @@ -0,0 +1,23 @@ +[ORDERED_INCLUDE] +# Common configuration, shared between test suites +"../Common.cfg" +# testsuite specific configuration, not expected to change +"./C5G_Tests.default" + +# Local configuration below + +[LOGGING] + +[TESTPORT_PARAMETERS] + +[MODULE_PARAMETERS] +# S1 interface +mp_5gc_ngap_ip := "127.0.0.5"; +mp_5gc_ngap_port := 38412; +mp_local_ngap_ip := "127.0.0.202"; +mp_local_ngap_port := 50000; + +[MAIN_CONTROLLER] + +[EXECUTE] +C5G_Tests.control diff --git a/5gc/C5G_Tests.default b/5gc/C5G_Tests.default new file mode 100644 index 0000000..1c220d8 --- /dev/null +++ b/5gc/C5G_Tests.default @@ -0,0 +1,12 @@ +[LOGGING] +FileMask := LOG_ALL | TTCN_MATCHING; +mtc.FileMask := ERROR | WARNING | PARALLEL | VERDICTOP; + +[TESTPORT_PARAMETERS] + + +[MODULE_PARAMETERS] + +[MAIN_CONTROLLER] + +[EXECUTE] diff --git a/5gc/C5G_Tests.ttcn b/5gc/C5G_Tests.ttcn new file mode 100644 index 0000000..4d8bbc6 --- /dev/null +++ b/5gc/C5G_Tests.ttcn @@ -0,0 +1,294 @@ +/* 5GC (55G Core) test suite in TTCN-3 + * (C) 2025 by sysmocom - s.f.m.c. GmbH info@sysmocom.de + * All rights reserved. + * Author: Pau Espin Pedrol pespin@sysmocom.de + * + * Released under the terms of GNU General Public License, Version 2 or + * (at your option) any later version. + * + * SPDX-License-Identifier: GPL-2.0-or-later + */ + +module C5G_Tests { + +import from General_Types all; +import from Native_Functions all; +import from IPL4asp_Types all; +import from Misc_Helpers all; + +import from Osmocom_Types all; + +import from NGAP_PDU_Descriptions all; +import from NGAP_IEs all; +import from NGAP_PDU_Contents all; +import from NGAP_Constants all; + +import from NGAP_Types all; +import from NGAP_Pixits all; +import from NGAP_Templates all; +import from NGAP_Functions all; +import from NGAP_Emulation all; + +/* (maximum) number of emulated eNBs */ +const integer NUM_NGRAN := 1; + +/* (maximum) number of emulated UEs */ +const integer NUM_UE := 1; + + +modulepar { + /* NG-C interface */ + charstring mp_5gc_ngap_ip := "127.0.0.1"; + integer mp_5gc_ngap_port := 38412; + charstring mp_local_ngap_ip := "127.0.0.1"; + integer mp_local_ngap_port := 50000; + PLMNIdentity mp_plmn_id := '99f907'O; + uint24_t mp_tac := 1; +} + +/* parameters of emulated gNB / ng-eNB */ +type record NGRANParams { + GlobalRANNodeID global_ngran_id, + NGRAN_CGI cell_identity, + SupportedTAList supported_ta_list +} + +/* parameters of emulated UE */ +type record UeParams { + hexstring imsi, + charstring ue_ip, + //NAS_EPS_Types.GUTI guti optional, + octetstring kasme optional, + + /* TEI (Control) local side, S11 (SGW) */ + OCT4 s11_teic_local, + /* TEI (Control) remote side, S11 (SGW) */ + OCT4 s11_teic_remote optional, + /* TEI (Control) local side, S5c (PGW) */ + OCT4 s5c_teic_local, + /* TEI (Control) remote side, S5c (PGW) */ + OCT4 s5c_teic_remote optional//, +} + +type component MTC_CT { + /* S1 intreface of emulated ENBs */ + var NGRANParams g_ngran_pars[NUM_NGRAN]; + var NGAP_Emulation_CT vc_NGAP[NUM_NGRAN]; + port NGAP_PT NGAP_UNIT[NUM_NGRAN]; + port NGAPEM_PROC_PT NGAP_PROC[NUM_NGRAN]; + + var UeParams g_ue_pars[NUM_UE]; +} + +type component ConnHdlr /* extends GTP2_ConnHdlr */ { + var ConnHdlrPars g_pars; + timer g_Tguard := 30.0; + + //var Gtp1cPeer g_gn_iface_peer := { connId := 1, remName := mp_gn_remote_ip, remPort := mp_gn_remote_port }; +} + +type record ConnHdlrPars { + /* copied over from MTC_CT on start of component */ + NGRANParams ngran_pars[NUM_NGRAN], + /* copied over from MTC_CT on start of component */ + UeParams ue_pars, + /* currently used 5GC (index into ngran_pars, NGAP, ...) */ + integer c5g_idx//, + /* Currently set KSI */ + //NAS_KeySetIdentifierV kset_id +} + +/* send incoming unit data messages (like reset) to global NGAP_UNIT port */ +friend function NGapForwardUnitdataCallback(NGAP_PDU msg) +runs on NGAP_Emulation_CT return template NGAP_PDU { + NGAP_UNIT.send(msg); + return omit; +} + +friend function f_init_one_ngran(charstring id, integer num := 0) runs on MTC_CT { + id := id & "-NGAP" & int2str(num); + var NGAPOps ops := { + create_cb := refers(NGAP_Emulation.ExpectedCreateCallback), + unitdata_cb := refers(NGapForwardUnitdataCallback) + }; + var NGAP_conn_parameters pars := { + remote_ip := mp_5gc_ngap_ip, + remote_sctp_port := mp_5gc_ngap_port, + local_ip := mp_local_ngap_ip, + local_sctp_port := mp_local_ngap_port + num //, + //role := NAS_ROLE_UE + }; + var NGRANParams ngran_pars := { + global_ngran_id := valueof(m_globalRANNodeID_globalGNB_ID(m_ie_globalGnbId(mp_plmn_id, int2bit(num, 22)))), + cell_identity := { nR_CGI := valueof(m_nR_CGI(mp_plmn_id, int2bit(num, 36))) }, + supported_ta_list := { + { + tAC := int2oct(mp_tac, 3), + broadcastPLMNList := { + valueof(m_ie_broadcastPLMNItem(mp_plmn_id, { m_sliceSupportItem(m_s_NSSAI('01'O)) })) + }, + iE_Extensions := omit + } + } + }; + + g_ngran_pars[num] := ngran_pars; + vc_NGAP[num] := NGAP_Emulation_CT.create(id); + map(vc_NGAP[num]:NGAP, system:NGAP_CODEC_PT); + connect(vc_NGAP[num]:NGAP_PROC, self:NGAP_PROC[num]); + connect(vc_NGAP[num]:NGAP_UNIT, self:NGAP_UNIT[num]); + vc_NGAP[num].start(NGAP_Emulation.main(ops, pars, id)); + NGAP_UNIT[num].receive(NGAPEM_Event:{up_down:=NGAPEM_EVENT_UP}); +} +friend function f_init_one_ue(inout UeParams uep, integer imsi_suffix) { +/* + uep := { + imsi := f_gen_imsi(imsi_suffix), + ue_ip := "192.168.123.50", + guti := omit, + kasme := omit, + s11_teic_local := '00000000'O, + s11_teic_remote := omit, + s5c_teic_local := '00000000'O, + s5c_teic_remote := omit, + bearer := { + ebi := omit, + s11_teid_local := omit, + s11_teid_remote := omit, + s5c_teid_local := omit, + s5c_teid_remote := omit + } + } +*/ +} +friend function f_init_ngap(charstring id, integer imsi_suffix) runs on MTC_CT { + var integer i; + for (i := 0; i < NUM_NGRAN; i := i+1) { + f_init_one_ngran(id, i); + } + for (i := 0; i < NUM_UE; i := i+1) { + f_init_one_ue(g_ue_pars[i], i*1000 + imsi_suffix); + } +} + +/* generate parameters for a connection handler */ +friend function f_init_pars(integer ue_idx := 0) +runs on MTC_CT return ConnHdlrPars { + var ConnHdlrPars pars := { + ngran_pars := g_ngran_pars, + ue_pars := g_ue_pars[ue_idx], + c5g_idx := 0//, + //kset_id := valueof(ts_NAS_KeySetIdentifierV('000'B, c_NAS_TSC_NATIVE_SEC_CTX)) + }; + return pars; +} + +type function void_fn(ConnHdlrPars pars) runs on ConnHdlr; + +/* start a connection handler with given parameters */ +friend function f_start_handler_with_pars(void_fn fn, ConnHdlrPars pars, integer ngap_idx := 0) +runs on MTC_CT return ConnHdlr { + var ConnHdlr vc_conn; + var charstring id := testcasename() & int2str(ngap_idx); + + vc_conn := ConnHdlr.create(id); + /* NGAP part */ +// connect(vc_conn:NGAP, vc_NGAP[ngap_idx]:NGAP_CLIENT); +// connect(vc_conn:NGAP_PROC, vc_NGAP[ngap_idx]:NGAP_PROC); + + /* We cannot use vc_conn.start(f_init_handler(fn, id, pars)); as we cannot have + * a stand-alone 'derefers()' call, see https://www.eclipse.org/forums/index.php/t/1091364/ */ + vc_conn.start(derefers(fn)(pars)); + return vc_conn; +} + +/* altstep for the global guard timer */ +private altstep as_Tguard()runs on ConnHdlr { + [] g_Tguard.timeout { + setverdict(fail, "Tguard timeout"); + mtc.stop; + } +} + +friend function f_init_handler(ConnHdlrPars pars, float t_guard := 30.0) runs on ConnHdlr { + /* make parameters available via component variable */ + g_pars := pars; + /* start guard timre and activate it as default */ + g_Tguard.start(t_guard); + activate(as_Tguard()); +} + + + +friend function f_ngap_setup(integer idx := 0, template NGAP_IEs.Cause cause := omit) runs on MTC_CT { + var template (present) NGAP_IEs.Cause exp_cause := ?; + var boolean exp_fail := false; + timer T := 5.0; + var template (value) NGAP_PDU tx_pdu; + var template (present) NGAP_PDU exp_pdu; + var NGAP_PDU rx_pdu; + + tx_pdu := m_ngap_initMsg(m_n2_NGSetupRequest(g_ngran_pars[idx].global_ngran_id, + g_ngran_pars[idx].supported_ta_list, + v32)); + + if (not istemplatekind(cause, "omit")) { + exp_fail := true; + exp_cause := cause; + } + + if (exp_fail) { + exp_pdu := mw_ngap_unsuccMsg((mw_n2_NGSetupFailure(exp_cause), + mw_n2_NGSetupFailure_TimeToWait(exp_cause))); + } else { + exp_pdu := mw_ngap_succMsg(mw_n2_NGSetupResponse); + } + + NGAP_UNIT[idx].send(tx_pdu); + T.start; + alt { + [] NGAP_UNIT[idx].receive(exp_pdu) { + setverdict(pass); + } + [] NGAP_UNIT[idx].receive(NGAP_PDU:?) -> value rx_pdu { + Misc_Helpers.f_shutdown(__BFILE__, __LINE__, fail, + log2str("Received unexpected NGAP ", rx_pdu, " vs exp ", exp_pdu)); + } + [] T.timeout { + Misc_Helpers.f_shutdown(__BFILE__, __LINE__, fail, "Timeout waiting for NGAP Setup result"); + } + } +} +/* NG Setup procedure to 5GC using a Global gNB ID containing unknown/foreign PLMN. + * Related: https://github.com/open5gs/open5gs/issues/3544 */ +testcase TC_ng_setup_unknown_global_gnb_id_plmn() runs on MTC_CT { + var charstring id := testcasename(); + f_init_ngap(id, 1); + g_ngran_pars[0].global_ngran_id.globalGNB_ID.pLMNIdentity := '62F224'O; + f_ngap_setup(0); +} + +/* Unsuccessful NG Setup procedure to AMF (wrong PLMN) */ +testcase TC_ng_setup_wrong_tac() runs on MTC_CT { + var charstring id := testcasename(); + f_init_ngap(id, 2); + g_ngran_pars[0].supported_ta_list[0].broadcastPLMNList[0].pLMNIdentity := '62F224'O; + f_ngap_setup(0, {misc:=unknown_PLMN_or_SNPN}); +} + +/* NG Setup procedure to 5GC using a correct Global gNB ID. */ +testcase TC_ng_setup() runs on MTC_CT { + var charstring id := testcasename(); + f_init_ngap(id, 3); + f_ngap_setup(0); +} + + +control { + execute( TC_ng_setup() ); + execute( TC_ng_setup_unknown_global_gnb_id_plmn() ); + execute( TC_ng_setup_wrong_tac() ); +} + + +} diff --git a/5gc/README.md b/5gc/README.md new file mode 100644 index 0000000..9705567 --- /dev/null +++ b/5gc/README.md @@ -0,0 +1,21 @@ +# C5G_Tests.ttcn + +* external interfaces + * NG-C: SCTP/NGAP(emulates gNB or/and g-eNB side) towards AMF + * NG-U: UDP/GTPv1U (emulates gNB or/and g-eNB side) towards UPF + * Internet: emulates the Internet side from/to UPF + +{% dot 5gc_tests.svg +digraph G { + rankdir=LR; + ATS [label="ATS\nC5G_Tests.ttcn"]; + AMF [label="AMF\open5gs-amfd",shape="box"]; + SMF [label="SMF\nopen5gs-smfd"]; + UPF [label="UPF\nopen5gs-upfd"]; + + ATS -> AMF [label="NGAP"]; + ATS -> UPF [label="GTPv1U",style="dashed"]; + AMF -> SMF [label="GTPv2C"]; + SMF -> UPF [label="PFCP"]; +} +%} diff --git a/5gc/create_test_subscribers.sh b/5gc/create_test_subscribers.sh new file mode 100755 index 0000000..f5b6c5b --- /dev/null +++ b/5gc/create_test_subscribers.sh @@ -0,0 +1,27 @@ +#!/bin/sh -ex +DB_URI="mongodb://127.0.0.103/open5gs" +DBCTL="$TESTENV_CACHE_DIR/open5gs-dbctl" +DBCTL_CMD="$DBCTL --db_uri=$DB_URI" + +if ! [ -e "$DBCTL" ]; then + wget "https://raw.githubusercontent.com/open5gs/open5gs/v2.7.1/misc/db/open5gs-dbc..." \ + -O "$DBCTL" +fi + +if ! [ -x "$DBCTL" ]; then + chmod +x "$DBCTL" +fi + +# mongod needs some time to bootstrap... +while ! mongosh --quiet $DB_URI</dev/null; do + sleep 1 +done + +# Create a test subscriber with IMSI=001010000000000 +$DBCTL_CMD add 001010000000000 3c6e0b8a9c15224a8228b9a98ca1531d 762a2206fe0b4151ace403c86a11e479 + +# Mark test subscriber with IMSI=001010000000001 as: +# Subscriber-Status=OPERATOR_DETERMINED_BARRING (1) +# Operator-Determined-Barring="Barring of all outgoing inter-zonal calls except those directed to the home PLMN country" (7) +$DBCTL_CMD add 001010000000001 3c6e0b8a9c15224a8228b9a98ca1531d 762a2206fe0b4151ace403c86a11e479 +$DBCTL_CMD subscriber_status 001010000000001 1 7 diff --git a/5gc/expected-results.xml b/5gc/expected-results.xml new file mode 100644 index 0000000..3652aab --- /dev/null +++ b/5gc/expected-results.xml @@ -0,0 +1,6 @@ +<?xml version="1.0"?> +<testsuite name='Titan' tests='1' failures='0' errors='0' skipped='0' inconc='0' time='MASKED'> + <testcase classname='C5G_Tests' name='TC_ng_setup_unknown_global_gnb_id_plmn' time='MASKED'/> + <testcase classname='C5G_Tests' name='TC_ng_setup_wrong_tac' time='MASKED'/> + <testcase classname='C5G_Tests' name='TC_ng_setup' time='MASKED'/> +</testsuite> diff --git a/5gc/gen_links.sh b/5gc/gen_links.sh new file mode 100755 index 0000000..b86d4ed --- /dev/null +++ b/5gc/gen_links.sh @@ -0,0 +1,33 @@ +#!/bin/bash -e + +BASEDIR=../deps + +. ../_buildsystem/gen_links.inc.sh + +DIR=$BASEDIR/titan.Libraries.TCCUsefulFunctions/src +FILES="TCCInterface_Functions.ttcn TCCConversion_Functions.ttcn TCCConversion.cc TCCInterface.cc TCCInterface_ip.h" +FILES+=" TCCEncoding_Functions.ttcn TCCEncoding.cc " # GSM 7-bit coding +gen_links $DIR $FILES + +DIR=$BASEDIR/titan.TestPorts.Common_Components.Socket-API/src +FILES="Socket_API_Definitions.ttcn" +gen_links $DIR $FILES + +# Required by MGCP and IPA +DIR=$BASEDIR/titan.TestPorts.IPL4asp/src +FILES="IPL4asp_Functions.ttcn IPL4asp_PT.cc IPL4asp_PT.hh IPL4asp_PortType.ttcn IPL4asp_Types.ttcn IPL4asp_discovery.cc IPL4asp_protocol_L234.hh" +gen_links $DIR $FILES + +DIR=../library/ngap +FILES="NGAP_CommonDataTypes.asn NGAP_Constants.asn NGAP_Containers.asn NGAP_IEs.asn NGAP_PDU_Contents.asn NGAP_PDU_Descriptions.asn " +FILES+="NGAP_EncDec.cc NGAP_Types.ttcn NGAP_Pixits.ttcn NGAP_Templates.ttcn " +gen_links $DIR $FILES + +DIR=../library +FILES="Misc_Helpers.ttcn General_Types.ttcn GSM_Types.ttcn Osmocom_Types.ttcn Native_Functions.ttcn Native_FunctionDefs.cc IPCP_Types.ttcn IPCP_Templates.ttcn " +FILES+="SCTP_Templates.ttcn " +FILES+="DNS_Helpers.ttcn " +FILES+="NGAP_CodecPort.ttcn NGAP_CodecPort_CtrlFunctDef.cc NGAP_CodecPort_CtrlFunct.ttcn NGAP_Functions.ttcn NGAP_Emulation.ttcn " +gen_links $DIR $FILES + +gen_links_finish diff --git a/5gc/mongod.conf b/5gc/mongod.conf new file mode 100644 index 0000000..ff648f4 --- /dev/null +++ b/5gc/mongod.conf @@ -0,0 +1,45 @@ +# mongod.conf + +# for documentation of all options, see: +# http://docs.mongodb.org/manual/reference/configuration-options/ + +# Where and how to store data. +storage: + dbPath: db +# journal: +# enabled: true +# engine: +# mmapv1: +# wiredTiger: + +# where to write logging data. +# systemLog: +# destination: file +# logAppend: true +# path: /data/mongod.log + +# network interfaces +net: + port: 27017 + bindIp: 127.0.0.103 + + +# how the process runs +processManagement: + timeZoneInfo: /usr/share/zoneinfo + +#security: + +#operationProfiling: + +#replication: + +#sharding: + +## Enterprise-Only Options: + +#auditLog: + +#snmp: + + diff --git a/5gc/open5gs/open5gs-amf.yaml b/5gc/open5gs/open5gs-amf.yaml new file mode 100644 index 0000000..3a749c9 --- /dev/null +++ b/5gc/open5gs/open5gs-amf.yaml @@ -0,0 +1,299 @@ +logger: + level: debug +# level: info # fatal|error|warn|info(default)|debug|trace + +global: + max: + ue: 1024 # The number of UE can be increased depending on memory size. +# peer: 64 + +amf: + sbi: + server: + - address: 127.0.0.5 + port: 7777 + client: +# nrf: +# - uri: http://127.0.0.10:7777 + scp: + - uri: http://127.0.0.200:7777 + ngap: + server: + - address: 127.0.0.5 + metrics: + server: + - address: 127.0.0.5 + port: 9090 + guami: + - plmn_id: + mcc: 999 + mnc: 70 + amf_id: + region: 2 + set: 1 + tai: + - plmn_id: + mcc: 999 + mnc: 70 + tac: 1 + plmn_support: + - plmn_id: + mcc: 999 + mnc: 70 + s_nssai: + - sst: 1 + security: + integrity_order : [ NIA2, NIA1, NIA0 ] + ciphering_order : [ NEA0, NEA1, NEA2 ] + network_name: + full: Open5GS + short: Next + amf_name: open5gs-amf0 + time: +# t3502: +# value: 720 # 12 minutes * 60 = 720 seconds + t3512: + value: 540 # 9 minutes * 60 = 540 seconds + +################################################################################ +# SBI Server +################################################################################ +# o Bind to the address on the eth0 and advertise as open5gs-amf.svc.local +# sbi: +# server: +# - dev:eth0 +# advertise: open5gs-amf.svc.local +# +# o Specify a custom port number 7777 while binding to the given address +# sbi: +# server: +# - address: amf.localdomain +# port: 7777 +# +# o Bind to 127.0.0.5 and advertise as open5gs-amf.svc.local +# sbi: +# server: +# - address: 127.0.0.5 +# port: 7777 +# advertise: open5gs-amf.svc.local +# +# o Bind to port 7777 but advertise with a different port number 8888 +# sbi: +# server: +# - address: 127.0.0.5 +# port: 7777 +# advertise: open5gs-amf.svc.local:8888 +# +################################################################################ +# SBI Client +################################################################################ +# o Direct Communication with NRF +# sbi: +# client: +# nrf: +# - uri: http://127.0.0.10:7777 +# +# o Indirect Communication by Delegating to SCP +# sbi: +# client: +# scp: +# - uri: http://127.0.0.200:7777 +# +# o Indirect Communication without Delegation +# sbi: +# client: +# nrf: +# - uri: http://127.0.0.10:7777 +# scp: +# - uri: http://127.0.0.200:7777 +# delegated: +# nrf: +# nfm: no # Directly communicate NRF management functions +# disc: no # Directly communicate NRF discovery +# scp: +# next: no # Do not delegate to SCP for next-hop +# +# o Indirect Communication with Delegated Discovery +# sbi: +# client: +# nrf: +# - uri: http://127.0.0.10:7777 +# scp: +# - uri: http://127.0.0.200:7777 +# delegated: +# nrf: +# nfm: no # Directly communicate NRF management functions +# disc: yes # Delegate discovery to SCP +# scp: +# next: yes # Delegate to SCP for next-hop communications +# +# o Default delegation: all communications are delegated to the SCP +# sbi: +# client: +# nrf: +# - uri: http://127.0.0.10:7777 +# scp: +# - uri: http://127.0.0.200:7777 +# # No 'delegated' section; defaults to AUTO delegation +# +################################################################################ +# HTTPS scheme with TLS +################################################################################ +# o Set as default if not individually set +# default: +# tls: +# server: +# scheme: https +# private_key: @sysconfdir@/open5gs/tls/amf.key +# cert: @sysconfdir@/open5gs/tls/amf.crt +# client: +# scheme: https +# cacert: @sysconfdir@/open5gs/tls/ca.crt +# sbi: +# server: +# - address: amf.localdomain +# client: +# nrf: +# - uri: https://nrf.localdomain +# +# o Enable SSL key logging for Wireshark +# - This configuration allows capturing SSL/TLS session keys +# for debugging or analysis purposes using Wireshark. +# default: +# tls: +# server: +# scheme: https +# private_key: @sysconfdir@/open5gs/tls/amf.key +# cert: @sysconfdir@/open5gs/tls/amf.crt +# sslkeylogfile: @localstatedir@/log/open5gs/tls/amf-server-sslkeylog.log +# client: +# scheme: https +# cacert: @sysconfdir@/open5gs/tls/ca.crt +# client_sslkeylogfile: @localstatedir@/log/open5gs/tls/amf-client-sslkeylog.log +# sbi: +# server: +# - address: amf.localdomain +# client: +# nrf: +# - uri: https://nrf.localdomain +# +# o Add client TLS verification +# default: +# tls: +# server: +# scheme: https +# private_key: @sysconfdir@/open5gs/tls/amf.key +# cert: @sysconfdir@/open5gs/tls/amf.crt +# verify_client: true +# verify_client_cacert: @sysconfdir@/open5gs/tls/ca.crt +# client: +# scheme: https +# cacert: @sysconfdir@/open5gs/tls/ca.crt +# client_private_key: @sysconfdir@/open5gs/tls/amf.key +# client_cert: @sysconfdir@/open5gs/tls/amf.crt +# sbi: +# server: +# - address: amf.localdomain +# client: +# nrf: +# - uri: https://nrf.localdomain +# +################################################################################ +# NGAP Server +################################################################################ +# o Listen on address available in `eth0` interface +# ngap: +# server: +# - dev: eth0 +# +################################################################################ +# 3GPP Specification +################################################################################ +# o GUAMI +# guami: +# - plmn_id: +# mcc: 999 +# mnc: 70 +# amf_id: +# region: 2 +# set: 1 +# pointer: 4 +# - plmn_id: +# mcc: 001 +# mnc: 01 +# amf_id: +# region: 5 +# set: 2 +# +# o TAI +# tai: +# - plmn_id: +# mcc: 001 +# mnc: 01 +# tac: [1, 3, 5] +# tai: +# - plmn_id: +# mcc: 002 +# mnc: 02 +# tac: [6-10, 15-18] +# tai: +# - plmn_id: +# mcc: 003 +# mnc: 03 +# tac: 20 +# - plmn_id: +# mcc: 004 +# mnc: 04 +# tac: 21 +# tai: +# - plmn_id: +# mcc: 005 +# mnc: 05 +# tac: [22, 28] +# - plmn_id: +# mcc: 006 +# mnc: 06 +# tac: [30-32, 34, 36-38, 40-42, 44, 46, 48] +# - plmn_id: +# mcc: 007 +# mnc: 07 +# tac: 50 +# - plmn_id: +# mcc: 008 +# mnc: 08 +# tac: 60 +# - plmn_id: +# mcc: 009 +# mnc: 09 +# tac: [70, 80] +# +# o PLMN Support +# plmn_support: +# - plmn_id: +# mcc: 999 +# mnc: 70 +# s_nssai: +# - sst: 1 +# sd: 010000 +# - plmn_id: +# mcc: 999 +# mnc: 70 +# s_nssai: +# - sst: 1 +# +# o Access Control +# access_control: +# - default_reject_cause: 13 +# - plmn_id: +# reject_cause: 15 +# mcc: 001 +# mnc: 01 +# - plmn_id: +# mcc: 002 +# mnc: 02 +# - plmn_id: +# mcc: 999 +# mnc: 70 +# +# o Relative Capacity +# relative_capacity: 100 diff --git a/5gc/open5gs/open5gs-ausf.yaml b/5gc/open5gs/open5gs-ausf.yaml new file mode 100644 index 0000000..a7d9465 --- /dev/null +++ b/5gc/open5gs/open5gs-ausf.yaml @@ -0,0 +1,162 @@ +logger: + level: debug +# level: info # fatal|error|warn|info(default)|debug|trace + +global: + max: + ue: 1024 # The number of UE can be increased depending on memory size. +# peer: 64 + +ausf: + sbi: + server: + - address: 127.0.0.11 + port: 7777 + client: +# nrf: +# - uri: http://127.0.0.10:7777 + scp: + - uri: http://127.0.0.200:7777 + +################################################################################ +# SBI Server +################################################################################ +# o Bind to the address on the eth0 and advertise as open5gs-ausf.svc.local +# sbi: +# server: +# - dev:eth0 +# advertise: open5gs-ausf.svc.local +# +# o Specify a custom port number 7777 while binding to the given address +# sbi: +# server: +# - address: ausf.localdomain +# port: 7777 +# +# o Bind to 127.0.0.11 and advertise as open5gs-ausf.svc.local +# sbi: +# server: +# - address: 127.0.0.11 +# port: 7777 +# advertise: open5gs-ausf.svc.local +# +# o Bind to port 7777 but advertise with a different port number 8888 +# sbi: +# server: +# - address: 127.0.0.11 +# port: 7777 +# advertise: open5gs-ausf.svc.local:8888 +# +################################################################################ +# SBI Client +################################################################################ +# o Direct Communication with NRF +# sbi: +# client: +# nrf: +# - uri: http://127.0.0.10:7777 +# +# o Indirect Communication by Delegating to SCP +# sbi: +# client: +# scp: +# - uri: http://127.0.0.200:7777 +# +# o Indirect Communication without Delegation +# sbi: +# client: +# nrf: +# - uri: http://127.0.0.10:7777 +# scp: +# - uri: http://127.0.0.200:7777 +# delegated: +# nrf: +# nfm: no # Directly communicate NRF management functions +# disc: no # Directly communicate NRF discovery +# scp: +# next: no # Do not delegate to SCP for next-hop +# +# o Indirect Communication with Delegated Discovery +# sbi: +# client: +# nrf: +# - uri: http://127.0.0.10:7777 +# scp: +# - uri: http://127.0.0.200:7777 +# delegated: +# nrf: +# nfm: no # Directly communicate NRF management functions +# disc: yes # Delegate discovery to SCP +# scp: +# next: yes # Delegate to SCP for next-hop communications +# +# o Default delegation: all communications are delegated to the SCP +# sbi: +# client: +# nrf: +# - uri: http://127.0.0.10:7777 +# scp: +# - uri: http://127.0.0.200:7777 +# # No 'delegated' section; defaults to AUTO delegation +# +################################################################################ +# HTTPS scheme with TLS +################################################################################ +# o Set as default if not individually set +# default: +# tls: +# server: +# scheme: https +# private_key: @sysconfdir@/open5gs/tls/ausf.key +# cert: @sysconfdir@/open5gs/tls/ausf.crt +# client: +# scheme: https +# cacert: @sysconfdir@/open5gs/tls/ca.crt +# sbi: +# server: +# - address: ausf.localdomain +# client: +# nrf: +# - uri: https://nrf.localdomain +# +# o Enable SSL key logging for Wireshark +# - This configuration allows capturing SSL/TLS session keys +# for debugging or analysis purposes using Wireshark. +# default: +# tls: +# server: +# scheme: https +# private_key: @sysconfdir@/open5gs/tls/ausf.key +# cert: @sysconfdir@/open5gs/tls/ausf.crt +# sslkeylogfile: @localstatedir@/log/open5gs/tls/ausf-server-sslkeylog.log +# client: +# scheme: https +# cacert: @sysconfdir@/open5gs/tls/ca.crt +# client_sslkeylogfile: @localstatedir@/log/open5gs/tls/ausf-client-sslkeylog.log +# sbi: +# server: +# - address: ausf.localdomain +# client: +# nrf: +# - uri: https://nrf.localdomain +# +# o Add client TLS verification +# default: +# tls: +# server: +# scheme: https +# private_key: @sysconfdir@/open5gs/tls/ausf.key +# cert: @sysconfdir@/open5gs/tls/ausf.crt +# verify_client: true +# verify_client_cacert: @sysconfdir@/open5gs/tls/ca.crt +# client: +# scheme: https +# cacert: @sysconfdir@/open5gs/tls/ca.crt +# client_private_key: @sysconfdir@/open5gs/tls/ausf.key +# client_cert: @sysconfdir@/open5gs/tls/ausf.crt +# sbi: +# server: +# - address: ausf.localdomain +# client: +# nrf: +# - uri: https://nrf.localdomain diff --git a/5gc/open5gs/open5gs-bsf.yaml b/5gc/open5gs/open5gs-bsf.yaml new file mode 100644 index 0000000..bc20d74 --- /dev/null +++ b/5gc/open5gs/open5gs-bsf.yaml @@ -0,0 +1,162 @@ +logger: + level: debug +# level: info # fatal|error|warn|info(default)|debug|trace + +global: + max: + ue: 1024 # The number of UE can be increased depending on memory size. +# peer: 64 + +bsf: + sbi: + server: + - address: 127.0.0.15 + port: 7777 + client: +# nrf: +# - uri: http://127.0.0.10:7777 + scp: + - uri: http://127.0.0.200:7777 + +################################################################################ +# SBI Server +################################################################################ +# o Bind to the address on the eth0 and advertise as open5gs-bsf.svc.local +# sbi: +# server: +# - dev:eth0 +# advertise: open5gs-bsf.svc.local +# +# o Specify a custom port number 7777 while binding to the given address +# sbi: +# server: +# - address: bsf.localdomain +# port: 7777 +# +# o Bind to 127.0.0.15 and advertise as open5gs-bsf.svc.local +# sbi: +# server: +# - address: 127.0.0.15 +# port: 7777 +# advertise: open5gs-bsf.svc.local +# +# o Bind to port 7777 but advertise with a different port number 8888 +# sbi: +# server: +# - address: 127.0.0.15 +# port: 7777 +# advertise: open5gs-bsf.svc.local:8888 +# +################################################################################ +# SBI Client +################################################################################ +# o Direct Communication with NRF +# sbi: +# client: +# nrf: +# - uri: http://127.0.0.10:7777 +# +# o Indirect Communication by Delegating to SCP +# sbi: +# client: +# scp: +# - uri: http://127.0.0.200:7777 +# +# o Indirect Communication without Delegation +# sbi: +# client: +# nrf: +# - uri: http://127.0.0.10:7777 +# scp: +# - uri: http://127.0.0.200:7777 +# delegated: +# nrf: +# nfm: no # Directly communicate NRF management functions +# disc: no # Directly communicate NRF discovery +# scp: +# next: no # Do not delegate to SCP for next-hop +# +# o Indirect Communication with Delegated Discovery +# sbi: +# client: +# nrf: +# - uri: http://127.0.0.10:7777 +# scp: +# - uri: http://127.0.0.200:7777 +# delegated: +# nrf: +# nfm: no # Directly communicate NRF management functions +# disc: yes # Delegate discovery to SCP +# scp: +# next: yes # Delegate to SCP for next-hop communications +# +# o Default delegation: all communications are delegated to the SCP +# sbi: +# client: +# nrf: +# - uri: http://127.0.0.10:7777 +# scp: +# - uri: http://127.0.0.200:7777 +# # No 'delegated' section; defaults to AUTO delegation +# +################################################################################ +# HTTPS scheme with TLS +################################################################################ +# o Set as default if not individually set +# default: +# tls: +# server: +# scheme: https +# private_key: @sysconfdir@/open5gs/tls/bsf.key +# cert: @sysconfdir@/open5gs/tls/bsf.crt +# client: +# scheme: https +# cacert: @sysconfdir@/open5gs/tls/ca.crt +# sbi: +# server: +# - address: bsf.localdomain +# client: +# nrf: +# - uri: https://nrf.localdomain +# +# o Enable SSL key logging for Wireshark +# - This configuration allows capturing SSL/TLS session keys +# for debugging or analysis purposes using Wireshark. +# default: +# tls: +# server: +# scheme: https +# private_key: @sysconfdir@/open5gs/tls/bsf.key +# cert: @sysconfdir@/open5gs/tls/bsf.crt +# sslkeylogfile: @localstatedir@/log/open5gs/tls/bsf-server-sslkeylog.log +# client: +# scheme: https +# cacert: @sysconfdir@/open5gs/tls/ca.crt +# client_sslkeylogfile: @localstatedir@/log/open5gs/tls/bsf-client-sslkeylog.log +# sbi: +# server: +# - address: bsf.localdomain +# client: +# nrf: +# - uri: https://nrf.localdomain +# +# o Add client TLS verification +# default: +# tls: +# server: +# scheme: https +# private_key: @sysconfdir@/open5gs/tls/bsf.key +# cert: @sysconfdir@/open5gs/tls/bsf.crt +# verify_client: true +# verify_client_cacert: @sysconfdir@/open5gs/tls/ca.crt +# client: +# scheme: https +# cacert: @sysconfdir@/open5gs/tls/ca.crt +# client_private_key: @sysconfdir@/open5gs/tls/bsf.key +# client_cert: @sysconfdir@/open5gs/tls/bsf.crt +# sbi: +# server: +# - address: bsf.localdomain +# client: +# nrf: +# - uri: https://nrf.localdomain diff --git a/5gc/open5gs/open5gs-nrf.yaml b/5gc/open5gs/open5gs-nrf.yaml new file mode 100644 index 0000000..bbbddce --- /dev/null +++ b/5gc/open5gs/open5gs-nrf.yaml @@ -0,0 +1,100 @@ +logger: + level: debug +# level: info # fatal|error|warn|info(default)|debug|trace + +global: + max: + ue: 1024 # The number of UE can be increased depending on memory size. +# peer: 64 + +nrf: + serving: # 5G roaming requires PLMN in NRF + - plmn_id: + mcc: 999 + mnc: 70 + sbi: + server: + - address: 127.0.0.10 + port: 7777 + +################################################################################ +# SBI Server +################################################################################ +# o Bind to the address on the eth0 and advertise as open5gs-nrf.svc.local +# sbi: +# server: +# - dev:eth0 +# advertise: open5gs-nrf.svc.local +# +# o Specify a custom port number 7777 while binding to the given address +# sbi: +# server: +# - address: nrf.localdomain +# port: 7777 +# +# o Bind to 127.0.0.10 and advertise as open5gs-nrf.svc.local +# sbi: +# server: +# - address: 127.0.0.10 +# port: 7777 +# advertise: open5gs-nrf.svc.local +# +# o Bind to port 7777 but advertise with a different port number 8888 +# sbi: +# server: +# - address: 127.0.0.10 +# port: 7777 +# advertise: open5gs-nrf.svc.local:8888 +# +################################################################################ +# HTTPS scheme with TLS +################################################################################ +# o Set as default if not individually set +# default: +# tls: +# server: +# scheme: https +# private_key: @sysconfdir@/open5gs/tls/nrf.key +# cert: @sysconfdir@/open5gs/tls/nrf.crt +# client: +# scheme: https +# cacert: @sysconfdir@/open5gs/tls/ca.crt +# sbi: +# server: +# - address: nrf.localdomain +# +# o Enable SSL key logging for Wireshark +# - This configuration allows capturing SSL/TLS session keys +# for debugging or analysis purposes using Wireshark. +# default: +# tls: +# server: +# scheme: https +# private_key: @sysconfdir@/open5gs/tls/nrf.key +# cert: @sysconfdir@/open5gs/tls/nrf.crt +# sslkeylogfile: @localstatedir@/log/open5gs/tls/nrf-server-sslkeylog.log +# client: +# scheme: https +# cacert: @sysconfdir@/open5gs/tls/ca.crt +# client_sslkeylogfile: @localstatedir@/log/open5gs/tls/nrf-client-sslkeylog.log +# sbi: +# server: +# - address: nrf.localdomain +# +# o Add client TLS verification +# default: +# tls: +# server: +# scheme: https +# private_key: @sysconfdir@/open5gs/tls/nrf.key +# cert: @sysconfdir@/open5gs/tls/nrf.crt +# verify_client: true +# verify_client_cacert: @sysconfdir@/open5gs/tls/ca.crt +# client: +# scheme: https +# cacert: @sysconfdir@/open5gs/tls/ca.crt +# client_private_key: @sysconfdir@/open5gs/tls/nrf.key +# client_cert: @sysconfdir@/open5gs/tls/nrf.crt +# sbi: +# server: +# - address: nrf.localdomain diff --git a/5gc/open5gs/open5gs-pcf.yaml b/5gc/open5gs/open5gs-pcf.yaml new file mode 100644 index 0000000..4b10780 --- /dev/null +++ b/5gc/open5gs/open5gs-pcf.yaml @@ -0,0 +1,300 @@ +db_uri: mongodb://127.0.0.103/open5gs +logger: + level: debug +# level: info # fatal|error|warn|info(default)|debug|trace + +global: + max: + ue: 1024 # The number of UE can be increased depending on memory size. +# peer: 64 + +pcf: + sbi: + server: + - address: 127.0.0.13 + port: 7777 + client: +# nrf: +# - uri: http://127.0.0.10:7777 + scp: + - uri: http://127.0.0.200:7777 + metrics: + server: + - address: 127.0.0.13 + port: 9090 + +################################################################################ +# PCF Policy Configuration: UE Home PLMN and SUPI Range Based Policies +################################################################################ +# +# This configuration applies policies based on the UE's home PLMN ID and +# SUPI range. When both supi_range and plmn_id are specified in a policy, +# the policy is applied only if both conditions are met. +# +# supi_range: Specifies one or more ranges of SUPIs. A maximum of 16 ranges +# can be defined. +# plmn_id : Specifies the UE's home PLMN using MCC and MNC. +# +# Example: +# +# policy: +# - supi_range: # Filter policies by SUPI +# - 999700000000001-999709999999999 +# - 315010000000001-315010999999999 +# plmn_id: # Filter policies by home PLMN-ID +# mcc: 999 +# mnc: 70 +# slice: # Specify slice configuration +# - sst: 1 # Allowed values: 1, 2, 3, 4 +# default_indicator: true +# session: # Define session based on DNN +# - name: internet +# type: 3 # 1: IPv4, 2: IPv6, 3: IPv4v6 +# ambr: +# downlink: +# value: 1 +# unit: 3 # 0: bps, 1: Kbps, 2: Mbps, 3: Gbps, 4: Tbps +# uplink: +# value: 1 +# unit: 3 +# qos: +# index: 9 # Allowed values: 1,2,3,4,65,66,67,75,71,72, +# # 73,74,76,5,6,7,8,9,69,70,79,80,82,83, +# # 84,85,86 +# arp: +# priority_level: 8 # Allowed values: 1 to 15 +# pre_emption_vulnerability: 1 # 1: Disabled, 2: Enabled +# pre_emption_capability: 1 # 1: Disabled, 2: Enabled +# - name: ims +# type: 3 # 1: IPv4, 2: IPv6, 3: IPv4v6 +# ambr: +# downlink: +# value: 1 +# unit: 3 # 0: bps, 1: Kbps, 2: Mbps, 3: Gbps, 4: Tbps +# uplink: +# value: 1 +# unit: 3 +# qos: +# index: 5 # Allowed values: 1,2,3,4,65,66,67,75,71,72, +# # 73,74,76,5,6,7,8,9,69,70,79,80,82,83, +# # 84,85,86 +# arp: +# priority_level: 1 # Allowed values: 1 to 15 +# pre_emption_vulnerability: 1 # 1: Disabled, 2: Enabled +# pre_emption_capability: 1 # 1: Disabled, 2: Enabled +# pcc_rule: +# - qos: +# index: 1 # Allowed values as above +# arp: +# priority_level: 1 # Allowed values: 1 to 15 +# pre_emption_vulnerability: 1 # 1: Disabled, 2: Enabled +# pre_emption_capability: 1 # 1: Disabled, 2: Enabled +# mbr: +# downlink: +# value: 82 +# unit: 1 # 0: bps, 1: Kbps, 2: Mbps, 3: Gbps, 4: Tbps +# uplink: +# value: 82 +# unit: 1 +# gbr: +# downlink: +# value: 82 +# unit: 1 +# uplink: +# value: 82 +# unit: 1 +# flow: +# - direction: 2 +# description: "permit out icmp from any to assigned" +# - direction: 1 +# description: "permit out icmp from any to assigned" +# - direction: 2 +# description: "permit out udp from 10.200.136.98/32 23455 to assigned 1-65535" +# - direction: 1 +# description: "permit out udp from 10.200.136.98/32 1-65535 to assigned 50021" +# - qos: +# index: 2 # Allowed values as above +# arp: +# priority_level: 4 # Allowed values: 1 to 15 +# pre_emption_vulnerability: 2 # 1: Disabled, 2: Enabled +# pre_emption_capability: 2 # 1: Disabled, 2: Enabled +# mbr: +# downlink: +# value: 802 +# unit: 1 +# uplink: +# value: 802 +# unit: 1 +# gbr: +# downlink: +# value: 802 +# unit: 1 +# uplink: +# value: 802 +# unit: 1 +# +# - supi_range: # Filter policies by SUPI only +# - 001010000000001-001019999999999 +# slice: # Specify slice configuration +# - sst: 1 # Allowed values: 1, 2, 3, 4 +# sd: 000001 +# default_indicator: true +# session: # Define session based on DNN +# - name: internet +# type: 3 # 1: IPv4, 2: IPv6, 3: IPv4v6 +# ambr: +# downlink: +# value: 1 +# unit: 3 # 0: bps, 1: Kbps, 2: Mbps, 3: Gbps, 4: Tbps +# uplink: +# value: 1 +# unit: 3 +# qos: +# index: 9 # Allowed values as above +# arp: +# priority_level: 8 # Allowed values: 1 to 15 +# pre_emption_vulnerability: 1 # 1: Disabled, 2: Enabled +# pre_emption_capability: 1 # 1: Disabled, 2: Enabled +# +################################################################################ +# SBI Server +################################################################################ +# o Bind to the address on the eth0 and advertise as open5gs-pcf.svc.local +# sbi: +# server: +# - dev:eth0 +# advertise: open5gs-pcf.svc.local +# +# o Specify a custom port number 7777 while binding to the given address +# sbi: +# server: +# - address: pcf.localdomain +# port: 7777 +# +# o Bind to 127.0.0.13 and advertise as open5gs-pcf.svc.local +# sbi: +# server: +# - address: 127.0.0.13 +# port: 7777 +# advertise: open5gs-pcf.svc.local +# +# o Bind to port 7777 but advertise with a different port number 8888 +# sbi: +# server: +# - address: 127.0.0.13 +# port: 7777 +# advertise: open5gs-pcf.svc.local:8888 +# +################################################################################ +# SBI Client +################################################################################ +# o Direct Communication with NRF +# sbi: +# client: +# nrf: +# - uri: http://127.0.0.10:7777 +# +# o Indirect Communication by Delegating to SCP +# sbi: +# client: +# scp: +# - uri: http://127.0.0.200:7777 +# +# o Indirect Communication without Delegation +# sbi: +# client: +# nrf: +# - uri: http://127.0.0.10:7777 +# scp: +# - uri: http://127.0.0.200:7777 +# delegated: +# nrf: +# nfm: no # Directly communicate NRF management functions +# disc: no # Directly communicate NRF discovery +# scp: +# next: no # Do not delegate to SCP for next-hop +# +# o Indirect Communication with Delegated Discovery +# sbi: +# client: +# nrf: +# - uri: http://127.0.0.10:7777 +# scp: +# - uri: http://127.0.0.200:7777 +# delegated: +# nrf: +# nfm: no # Directly communicate NRF management functions +# disc: yes # Delegate discovery to SCP +# scp: +# next: yes # Delegate to SCP for next-hop communications +# +# o Default delegation: all communications are delegated to the SCP +# sbi: +# client: +# nrf: +# - uri: http://127.0.0.10:7777 +# scp: +# - uri: http://127.0.0.200:7777 +# # No 'delegated' section; defaults to AUTO delegation +# +################################################################################ +# HTTPS scheme with TLS +################################################################################ +# o Set as default if not individually set +# default: +# tls: +# server: +# scheme: https +# private_key: @sysconfdir@/open5gs/tls/pcf.key +# cert: @sysconfdir@/open5gs/tls/pcf.crt +# client: +# scheme: https +# cacert: @sysconfdir@/open5gs/tls/ca.crt +# sbi: +# server: +# - address: pcf.localdomain +# client: +# nrf: +# - uri: https://nrf.localdomain +# +# o Enable SSL key logging for Wireshark +# - This configuration allows capturing SSL/TLS session keys +# for debugging or analysis purposes using Wireshark. +# default: +# tls: +# server: +# scheme: https +# private_key: @sysconfdir@/open5gs/tls/pcf.key +# cert: @sysconfdir@/open5gs/tls/pcf.crt +# sslkeylogfile: @localstatedir@/log/open5gs/tls/pcf-server-sslkeylog.log +# client: +# scheme: https +# cacert: @sysconfdir@/open5gs/tls/ca.crt +# client_sslkeylogfile: @localstatedir@/log/open5gs/tls/pcf-client-sslkeylog.log +# sbi: +# server: +# - address: pcf.localdomain +# client: +# nrf: +# - uri: https://nrf.localdomain +# +# o Add client TLS verification +# default: +# tls: +# server: +# scheme: https +# private_key: @sysconfdir@/open5gs/tls/pcf.key +# cert: @sysconfdir@/open5gs/tls/pcf.crt +# verify_client: true +# verify_client_cacert: @sysconfdir@/open5gs/tls/ca.crt +# client: +# scheme: https +# cacert: @sysconfdir@/open5gs/tls/ca.crt +# client_private_key: @sysconfdir@/open5gs/tls/pcf.key +# client_cert: @sysconfdir@/open5gs/tls/pcf.crt +# sbi: +# server: +# - address: pcf.localdomain +# client: +# nrf: +# - uri: https://nrf.localdomain diff --git a/5gc/open5gs/open5gs-scp.yaml b/5gc/open5gs/open5gs-scp.yaml new file mode 100644 index 0000000..f2f1574 --- /dev/null +++ b/5gc/open5gs/open5gs-scp.yaml @@ -0,0 +1,197 @@ +logger: + level: debug +# level: info # fatal|error|warn|info(default)|debug|trace + +global: + max: + ue: 1024 # The number of UE can be increased depending on memory size. +# peer: 64 + +scp: + sbi: + server: + - address: 127.0.0.200 + port: 7777 + client: + nrf: + - uri: http://127.0.0.10:7777 + +################################################################################ +# SCP Info +################################################################################ +# o SCP port number(s) WITHOUT SCP Domain +# - If no SCP port information is present in ScpInfo or +# in ScpDomainInfo for a specific SCP domain, +# the HTTP client shall use the default HTTP port number, +# i.e. TCP port 80 for "http" URIs or TCP port 443 +# for "https" URIs as specified in IETF RFC 7540 [9] +# when sending a request to the SCP within the specific SCP domain. +# info: +# port: +# http: 7777 +# https: 8888 +# +# o SCP port number(s) WITH SCP Domain +# - If this attribute is present, +# it has precedence over the scpPorts attribute of ScpInfo. +# info: +# domain: +# - name: SCP_Domain_1 +# fqdn: scp.localdomain +# port: +# http: 7777 +# https: 8888 +# +# o Complex Example +# info: +# port: +# http: 7777 +# https: 8888 +# domain: +# - name: SCP_Domain_1 +# fqdn: scp.hplmndomain +# port: +# http: 3333 +# https: 4444 +# - name: SCP_Domain_2 +# fqdn: scp.vplmndomain +# port: +# http: 5555 +# https: 6666 +# +################################################################################ +# SBI Server +################################################################################ +# o Bind to the address on the eth0 and advertise as open5gs-scp.svc.local +# sbi: +# server: +# - dev:eth0 +# advertise: open5gs-scp.svc.local +# +# o Specify a custom port number 7777 while binding to the given address +# sbi: +# server: +# - address: scp.localdomain +# port: 7777 +# +# o Bind to 127.0.0.200 and advertise as open5gs-scp.svc.local +# sbi: +# server: +# - address: 127.0.0.200 +# port: 7777 +# advertise: open5gs-scp.svc.local +# +# o Bind to port 7777 but advertise with a different port number 8888 +# sbi: +# server: +# - address: 127.0.0.200 +# port: 7777 +# advertise: open5gs-scp.svc.local:8888 +# +################################################################################ +# SBI Client +################################################################################ +# o Direct Communication with NRF +# sbi: +# client: +# nrf: +# - uri: http://127.0.0.10:7777 +# +# o Indirect Communication by Delegating to Next-SCP +# sbi: +# client: +# scp: +# - uri: http://127.0.0.200:7777 +# +# o Indirect Communication without Delegation +# sbi: +# client: +# nrf: +# - uri: http://127.0.0.10:7777 +# scp: +# - uri: http://127.0.0.200:7777 +# delegated: +# scp: +# next: no # Do not delegate to SCP for next-hop +# +# o Indirect Communication with Delegation +# sbi: +# client: +# nrf: +# - uri: http://127.0.0.10:7777 +# scp: +# - uri: http://127.0.0.200:7777 +# delegated: +# scp: +# next: yes # Delegate to SCP for next-hop communications +# +# o Default delegation: all communications are delegated to the Next-SCP +# sbi: +# client: +# nrf: +# - uri: http://127.0.0.10:7777 +# scp: +# - uri: http://127.0.0.200:7777 +# # No 'delegated' section; defaults to AUTO delegation +# +################################################################################ +# HTTPS scheme with TLS +################################################################################ +# o Set as default if not individually set +# default: +# tls: +# server: +# scheme: https +# private_key: @sysconfdir@/open5gs/tls/scp.key +# cert: @sysconfdir@/open5gs/tls/scp.crt +# client: +# scheme: https +# cacert: @sysconfdir@/open5gs/tls/ca.crt +# sbi: +# server: +# - address: scp.localdomain +# client: +# nrf: +# - uri: https://nrf.localdomain +# +# o Enable SSL key logging for Wireshark +# - This configuration allows capturing SSL/TLS session keys +# for debugging or analysis purposes using Wireshark. +# default: +# tls: +# server: +# scheme: https +# private_key: @sysconfdir@/open5gs/tls/scp.key +# cert: @sysconfdir@/open5gs/tls/scp.crt +# sslkeylogfile: @localstatedir@/log/open5gs/tls/scp-server-sslkeylog.log +# client: +# scheme: https +# cacert: @sysconfdir@/open5gs/tls/ca.crt +# client_sslkeylogfile: @localstatedir@/log/open5gs/tls/scp-client-sslkeylog.log +# sbi: +# server: +# - address: scp.localdomain +# client: +# nrf: +# - uri: https://nrf.localdomain +# +# o Add client TLS verification +# default: +# tls: +# server: +# scheme: https +# private_key: @sysconfdir@/open5gs/tls/scp.key +# cert: @sysconfdir@/open5gs/tls/scp.crt +# verify_client: true +# verify_client_cacert: @sysconfdir@/open5gs/tls/ca.crt +# client: +# scheme: https +# cacert: @sysconfdir@/open5gs/tls/ca.crt +# client_private_key: @sysconfdir@/open5gs/tls/scp.key +# client_cert: @sysconfdir@/open5gs/tls/scp.crt +# sbi: +# server: +# - address: scp.localdomain +# client: +# nrf: +# - uri: https://nrf.localdomain diff --git a/5gc/open5gs/open5gs-sepp1.yaml b/5gc/open5gs/open5gs-sepp1.yaml new file mode 100644 index 0000000..52f4e0d --- /dev/null +++ b/5gc/open5gs/open5gs-sepp1.yaml @@ -0,0 +1,284 @@ +logger: + level: debug +# level: info # fatal|error|warn|info(default)|debug|trace + +global: + max: + ue: 1024 # The number of UE can be increased depending on memory size. +# peer: 64 + +sepp: + default: + tls: + server: + private_key: @sysconfdir@/open5gs/tls/sepp1.key + cert: @sysconfdir@/open5gs/tls/sepp1.crt + client: + cacert: @sysconfdir@/open5gs/tls/ca.crt + sbi: + server: + - address: 127.0.1.250 + port: 7777 + client: +# nrf: +# - uri: http://127.0.0.10:7777 + scp: + - uri: http://127.0.0.200:7777 + n32: + server: + - sender: sepp1.localdomain + scheme: https + address: 127.0.1.251 + port: 7777 + n32f: + scheme: https + address: 127.0.1.252 + port: 7777 + client: + sepp: + - receiver: sepp2.localdomain + uri: https://sepp2.localdomain:7777 + resolve: 127.0.2.251 + n32f: + uri: https://sepp2.localdomain:7777 + resolve: 127.0.2.252 + +################################################################################ +# SEPP Info +################################################################################ +# o SEPP port number(s) for HTTP and/or HTTPS +# - This attribute shall be present if the SEPP uses non-default HTTP and/or +# HTTPS ports. When present, it shall contain the HTTP and/or HTTPS ports. +# (Minimum: 0 Maximum: 65535) +# info: +# port: +# http: 7777 +# https: 8888 +# +################################################################################ +# No TLS - N32 Server/Client +################################################################################ +# o SEPP uses the same interface that other NFs(NRF, AMF, ...) use. +# sbi: +# server: +# - address: 127.0.1.250 +# port: 7777 +# client: +# scp: +# - uri: http://127.0.0.200:7777 +# n32: +# server: +# - sender: sepp1.localdomain +# client: +# sepp: +# - receiver: sepp2.localdomain +# uri: http://127.0.2.250:7777 +# +# o SEPP uses a separate interface +# that is different from those used by other NFs. +# sbi: +# server: +# - address: 127.0.1.250 +# port: 7777 +# client: +# scp: +# - uri: http://127.0.0.200:7777 +# n32: +# server: +# - sender: sepp1.localdomain +# address: 127.0.1.251 +# port: 7777 +# client: +# sepp: +# - receiver: sepp2.localdomain +# uri: http://127.0.2.251:7777 +# +# o Not only SEPP but also the N32 forwarding uses a separate interface +# that is different from those used by other NFs. +# sbi: +# server: +# - address: 127.0.1.250 +# port: 7777 +# client: +# scp: +# - uri: http://127.0.0.200:7777 +# n32: +# server: +# - sender: sepp1.localdomain +# address: 127.0.1.251 +# port: 7777 +# n32f: +# address: 127.0.1.252 +# port: 7777 +# client: +# sepp: +# - receiver: sepp2.localdomain +# uri: http://127.0.2.251:7777 +# n32f: +# uri: http://127.0.2.252:7777 +# +################################################################################ +# HTTPS scheme with TLS - N32 Server/Client +################################################################################ +# +# o Only N32 uses HTTPS with TLS, while other NFs use HTTP without TLS. +# default: +# tls: +# server: +# private_key: @sysconfdir@/open5gs/tls/sepp1.key +# cert: @sysconfdir@/open5gs/tls/sepp1.crt +# client: +# cacert: @sysconfdir@/open5gs/tls/ca.crt +# sbi: +# server: +# - address: 127.0.1.250 +# port: 7777 +# client: +# scp: +# - uri: http://127.0.0.200:7777 +# n32: +# server: +# - sender: sepp1.localdomain +# scheme: https +# address: 127.0.1.251 +# client: +# sepp: +# - receiver: sepp2.localdomain +# uri: https://sepp2.localdomain +# resolve: 127.0.2.251 +# +# o Enable SSL key logging for Wireshark +# - This configuration allows capturing SSL/TLS session keys +# for debugging or analysis purposes using Wireshark. +# default: +# tls: +# server: +# private_key: @sysconfdir@/open5gs/tls/sepp1.key +# cert: @sysconfdir@/open5gs/tls/sepp1.crt +# sslkeylogfile: @localstatedir@/log/open5gs/tls/sepp1-server-sslkeylog.log +# client: +# cacert: @sysconfdir@/open5gs/tls/ca.crt +# client_sslkeylogfile: @localstatedir@/log/open5gs/tls/sepp1-client-sslkeylog.log +# sbi: +# server: +# - address: 127.0.1.250 +# port: 7777 +# client: +# scp: +# - uri: http://127.0.0.200:7777 +# n32: +# server: +# - sender: sepp1.localdomain +# scheme: https +# address: 127.0.1.251 +# client: +# sepp: +# - receiver: sepp2.localdomain +# uri: https://sepp2.localdomain +# resolve: 127.0.2.251 +# +# o Add client TLS verification to N32 interface +# default: +# tls: +# server: +# private_key: @sysconfdir@/open5gs/tls/sepp1.key +# cert: @sysconfdir@/open5gs/tls/sepp1.crt +# verify_client: true +# verify_client_cacert: @sysconfdir@/open5gs/tls/ca.crt +# client: +# cacert: @sysconfdir@/open5gs/tls/ca.crt +# client_private_key: @sysconfdir@/open5gs/tls/sepp1.key +# client_cert: @sysconfdir@/open5gs/tls/sepp1.crt +# sbi: +# server: +# - address: 127.0.1.250 +# port: 7777 +# client: +# scp: +# - uri: http://127.0.0.200:7777 +# n32: +# server: +# - sender: sepp1.localdomain +# scheme: https +# address: 127.0.1.251 +# client: +# sepp: +# - receiver: sepp2.localdomain +# uri: https://sepp2.localdomain +# resolve: 127.0.2.251 +# +# o Both SEPP and N32 forwarding also uses HTTPS with TLS, +# while other NFs use HTTP without TLS. +# default: +# tls: +# server: +# private_key: @sysconfdir@/open5gs/tls/sepp1.key +# cert: @sysconfdir@/open5gs/tls/sepp1.crt +# verify_client: true +# verify_client_cacert: @sysconfdir@/open5gs/tls/ca.crt +# client: +# cacert: @sysconfdir@/open5gs/tls/ca.crt +# client_private_key: @sysconfdir@/open5gs/tls/sepp1.key +# client_cert: @sysconfdir@/open5gs/tls/sepp1.crt +# sbi: +# server: +# - address: 127.0.1.250 +# port: 7777 +# client: +# scp: +# - uri: http://127.0.0.200:7777 +# n32: +# server: +# - sender: sepp1.localdomain +# scheme: https +# address: 127.0.1.251 +# n32f: +# scheme: https +# address: 127.0.1.252 +# client: +# sepp: +# - receiver: sepp2.localdomain +# uri: https://sepp2.localdomain +# resolve: 127.0.2.251 +# n32f: +# uri: https://sepp2.localdomain +# resolve: 127.0.2.252 +# +# o N32 control and N32 forwarding interface use different key/certificate. +# sbi: +# server: +# - address: 127.0.1.250 +# port: 7777 +# client: +# scp: +# - uri: http://127.0.0.200:7777 +# n32: +# server: +# - sender: sepp1.localdomain +# scheme: https +# address: 127.0.1.251 +# private_key: @sysconfdir@/open5gs/tls/sepp1.key +# cert: @sysconfdir@/open5gs/tls/sepp1.crt +# verify_client: true +# verify_client_cacert: @sysconfdir@/open5gs/tls/ca.crt +# n32f: +# scheme: https +# address: 127.0.1.252 +# private_key: @sysconfdir@/open5gs/tls/sepp1-n32f.key +# cert: @sysconfdir@/open5gs/tls/sepp1-n32f.crt +# verify_client: true +# verify_client_cacert: @sysconfdir@/open5gs/tls/ca.crt +# client: +# sepp: +# - receiver: sepp2.localdomain +# uri: https://sepp2.localdomain +# resolve: 127.0.2.251 +# cacert: @sysconfdir@/open5gs/tls/ca.crt +# client_private_key: @sysconfdir@/open5gs/tls/sepp1.key +# client_cert: @sysconfdir@/open5gs/tls/sepp1.crt +# n32f: +# uri: https://sepp2.localdomain +# resolve: 127.0.2.252 +# cacert: @sysconfdir@/open5gs/tls/ca.crt +# client_private_key: @sysconfdir@/open5gs/tls/sepp1-n32f.key +# client_cert: @sysconfdir@/open5gs/tls/sepp1-n32f.crt diff --git a/5gc/open5gs/open5gs-sepp2.yaml b/5gc/open5gs/open5gs-sepp2.yaml new file mode 100644 index 0000000..1ef0039 --- /dev/null +++ b/5gc/open5gs/open5gs-sepp2.yaml @@ -0,0 +1,286 @@ +logger: + level: debug +# level: info # fatal|error|warn|info(default)|debug|trace + +global: + max: + ue: 1024 # The number of UE can be increased depending on memory size. +# peer: 64 + +sepp: + default: + tls: + server: + private_key: @sysconfdir@/open5gs/tls/sepp2.key + cert: @sysconfdir@/open5gs/tls/sepp2.crt +# sslkeylogfile: @localstatedir@/log/open5gs/tls/sepp2-server-sslkeylog.log + client: + cacert: @sysconfdir@/open5gs/tls/ca.crt +# sslkeylogfile: @localstatedir@/log/open5gs/tls/sepp2-client-sslkeylog.log + sbi: + server: + - address: 127.0.2.250 + port: 7777 + client: +# nrf: +# - uri: http://127.0.0.10:7777 + scp: + - uri: http://127.0.0.200:7777 + n32: + server: + - sender: sepp2.localdomain + scheme: https + address: 127.0.2.251 + port: 7777 + n32f: + scheme: https + address: 127.0.2.252 + port: 7777 + client: + sepp: + - receiver: sepp1.localdomain + uri: https://sepp1.localdomain:7777 + resolve: 127.0.1.251 + n32f: + uri: https://sepp1.localdomain:7777 + resolve: 127.0.1.252 + +################################################################################ +# SEPP Info +################################################################################ +# o SEPP port number(s) for HTTP and/or HTTPS +# - This attribute shall be present if the SEPP uses non-default HTTP and/or +# HTTPS ports. When present, it shall contain the HTTP and/or HTTPS ports. +# (Minimum: 0 Maximum: 65535) +# info: +# port: +# http: 7777 +# https: 8888 +# +################################################################################ +# No TLS - N32 Server/Client +################################################################################ +# o SEPP uses the same interface that other NFs(NRF, AMF, ...) use. +# sbi: +# server: +# - address: 127.0.2.250 +# port: 7777 +# client: +# scp: +# - uri: http://127.0.0.200:7777 +# n32: +# server: +# - sender: sepp2.localdomain +# client: +# sepp: +# - receiver: sepp1.localdomain +# uri: http://127.0.1.250:7777 +# +# o SEPP uses a separate interface +# that is different from those used by other NFs. +# sbi: +# server: +# - address: 127.0.2.250 +# port: 7777 +# client: +# scp: +# - uri: http://127.0.0.200:7777 +# n32: +# server: +# - sender: sepp2.localdomain +# address: 127.0.2.251 +# port: 7777 +# client: +# sepp: +# - receiver: sepp1.localdomain +# uri: http://127.0.1.251:7777 +# +# o Not only SEPP but also the N32 forwarding uses a separate interface +# that is different from those used by other NFs. +# sbi: +# server: +# - address: 127.0.2.250 +# port: 7777 +# client: +# scp: +# - uri: http://127.0.0.200:7777 +# n32: +# server: +# - sender: sepp2.localdomain +# address: 127.0.2.251 +# port: 7777 +# n32f: +# address: 127.0.2.252 +# port: 7777 +# client: +# sepp: +# - receiver: sepp1.localdomain +# uri: http://127.0.1.251:7777 +# n32f: +# uri: http://127.0.1.252:7777 +# +################################################################################ +# HTTPS scheme with TLS - N32 Server/Client +################################################################################ +# +# o Only N32 uses HTTPS with TLS, while other NFs use HTTP without TLS. +# default: +# tls: +# server: +# private_key: @sysconfdir@/open5gs/tls/sepp2.key +# cert: @sysconfdir@/open5gs/tls/sepp2.crt +# client: +# cacert: @sysconfdir@/open5gs/tls/ca.crt +# sbi: +# server: +# - address: 127.0.2.250 +# port: 7777 +# client: +# scp: +# - uri: http://127.0.0.200:7777 +# n32: +# server: +# - sender: sepp2.localdomain +# scheme: https +# address: 127.0.2.251 +# client: +# sepp: +# - receiver: sepp1.localdomain +# uri: https://sepp1.localdomain +# resolve: 127.0.1.251 +# +# o Enable SSL key logging for Wireshark +# - This configuration allows capturing SSL/TLS session keys +# for debugging or analysis purposes using Wireshark. +# default: +# tls: +# server: +# private_key: @sysconfdir@/open5gs/tls/sepp2.key +# cert: @sysconfdir@/open5gs/tls/sepp2.crt +# sslkeylogfile: @localstatedir@/log/open5gs/tls/sepp2-server-sslkeylog.log +# client: +# cacert: @sysconfdir@/open5gs/tls/ca.crt +# client_sslkeylogfile: @localstatedir@/log/open5gs/tls/sepp2-client-sslkeylog.log +# sbi: +# server: +# - address: 127.0.2.250 +# port: 7777 +# client: +# scp: +# - uri: http://127.0.0.200:7777 +# n32: +# server: +# - sender: sepp2.localdomain +# scheme: https +# address: 127.0.2.251 +# client: +# sepp: +# - receiver: sepp1.localdomain +# uri: https://sepp1.localdomain +# resolve: 127.0.1.251 +# +# o Add client TLS verification to N32 interface +# default: +# tls: +# server: +# private_key: @sysconfdir@/open5gs/tls/sepp2.key +# cert: @sysconfdir@/open5gs/tls/sepp2.crt +# verify_client: true +# verify_client_cacert: @sysconfdir@/open5gs/tls/ca.crt +# client: +# cacert: @sysconfdir@/open5gs/tls/ca.crt +# client_private_key: @sysconfdir@/open5gs/tls/sepp2.key +# client_cert: @sysconfdir@/open5gs/tls/sepp2.crt +# sbi: +# server: +# - address: 127.0.2.250 +# port: 7777 +# client: +# scp: +# - uri: http://127.0.0.200:7777 +# n32: +# server: +# - sender: sepp2.localdomain +# scheme: https +# address: 127.0.2.251 +# client: +# sepp: +# - receiver: sepp1.localdomain +# uri: https://sepp1.localdomain +# resolve: 127.0.1.251 +# +# o Both SEPP and N32 forwarding also uses HTTPS with TLS, +# while other NFs use HTTP without TLS. +# default: +# tls: +# server: +# private_key: @sysconfdir@/open5gs/tls/sepp2.key +# cert: @sysconfdir@/open5gs/tls/sepp2.crt +# verify_client: true +# verify_client_cacert: @sysconfdir@/open5gs/tls/ca.crt +# client: +# cacert: @sysconfdir@/open5gs/tls/ca.crt +# client_private_key: @sysconfdir@/open5gs/tls/sepp2.key +# client_cert: @sysconfdir@/open5gs/tls/sepp2.crt +# sbi: +# server: +# - address: 127.0.2.250 +# port: 7777 +# client: +# scp: +# - uri: http://127.0.0.200:7777 +# n32: +# server: +# - sender: sepp2.localdomain +# scheme: https +# address: 127.0.2.251 +# n32f: +# scheme: https +# address: 127.0.2.252 +# client: +# sepp: +# - receiver: sepp1.localdomain +# uri: https://sepp1.localdomain +# resolve: 127.0.1.251 +# n32f: +# uri: https://sepp1.localdomain +# resolve: 127.0.1.252 +# +# o N32 control and N32 forwarding interface use different key/certificate. +# sbi: +# server: +# - address: 127.0.2.250 +# port: 7777 +# client: +# scp: +# - uri: http://127.0.0.200:7777 +# n32: +# server: +# - sender: sepp2.localdomain +# scheme: https +# address: 127.0.2.251 +# private_key: @sysconfdir@/open5gs/tls/sepp2.key +# cert: @sysconfdir@/open5gs/tls/sepp2.crt +# verify_client: true +# verify_client_cacert: @sysconfdir@/open5gs/tls/ca.crt +# n32f: +# scheme: https +# address: 127.0.2.252 +# private_key: @sysconfdir@/open5gs/tls/sepp2-n32f.key +# cert: @sysconfdir@/open5gs/tls/sepp2-n32f.crt +# verify_client: true +# verify_client_cacert: @sysconfdir@/open5gs/tls/ca.crt +# client: +# sepp: +# - receiver: sepp1.localdomain +# uri: https://sepp1.localdomain +# resolve: 127.0.1.251 +# cacert: @sysconfdir@/open5gs/tls/ca.crt +# client_private_key: @sysconfdir@/open5gs/tls/sepp2.key +# client_cert: @sysconfdir@/open5gs/tls/sepp2.crt +# n32f: +# uri: https://sepp1.localdomain +# resolve: 127.0.1.252 +# cacert: @sysconfdir@/open5gs/tls/ca.crt +# client_private_key: @sysconfdir@/open5gs/tls/sepp2-n32f.key +# client_cert: @sysconfdir@/open5gs/tls/sepp2-n32f.crt diff --git a/5gc/open5gs/open5gs-smf-freediameter.conf b/5gc/open5gs/open5gs-smf-freediameter.conf new file mode 100644 index 0000000..7b3f165 --- /dev/null +++ b/5gc/open5gs/open5gs-smf-freediameter.conf @@ -0,0 +1,268 @@ +# This is a sample configuration file for freeDiameter daemon. + +# Most of the options can be omitted, as they default to reasonable values. +# Only TLS-related options must be configured properly in usual setups. + +# It is possible to use "include" keyword to import additional files +# e.g.: include "/etc/freeDiameter.d/*.conf" +# This is exactly equivalent as copy & paste the content of the included file(s) +# where the "include" keyword is found. + + +############################################################## +## Peer identity and realm + +# The Diameter Identity of this daemon. +# This must be a valid FQDN that resolves to the local host. +# Default: hostname's FQDN +#Identity = "aaa.koganei.freediameter.net"; +Identity = "smf.localdomain"; + +# The Diameter Realm of this daemon. +# Default: the domain part of Identity (after the first dot). +#Realm = "koganei.freediameter.net"; +Realm = "localdomain"; + +############################################################## +## Transport protocol configuration + +# The port this peer is listening on for incoming connections (TCP and SCTP). +# Default: 3868. Use 0 to disable. +Port = 3868; + +# The port this peer is listening on for incoming TLS-protected connections (TCP and SCTP). +# See TLS_old_method for more information about TLS flavours. +# Note: we use TLS/SCTP instead of DTLS/SCTP at the moment. This will change in future version of freeDiameter. +# Default: 5868. Use 0 to disable. +#SecPort = 5868; +SecPort = 0; + +# Use RFC3588 method for TLS protection, where TLS is negociated after CER/CEA exchange is completed +# on the unsecure connection. The alternative is RFC6733 mechanism, where TLS protects also the +# CER/CEA exchange on a dedicated secure port. +# This parameter only affects outgoing connections. +# The setting can be also defined per-peer (see Peers configuration section). +# Default: use RFC6733 method with separate port for TLS. +#TLS_old_method; + +# Disable use of TCP protocol (only listen and connect over SCTP) +# Default : TCP enabled +#No_TCP; + +# Disable use of SCTP protocol (only listen and connect over TCP) +# Default : SCTP enabled +#No_SCTP; +# This option is ignored if freeDiameter is compiled with DISABLE_SCTP option. + +# Prefer TCP instead of SCTP for establishing new connections. +# This setting may be overwritten per peer in peer configuration blocs. +# Default : SCTP is attempted first. +#Prefer_TCP; + +# Default number of streams per SCTP associations. +# This setting may be overwritten per peer basis. +# Default : 30 streams +#SCTP_streams = 30; + +############################################################## +## Endpoint configuration + +# Disable use of IP addresses (only IPv6) +# Default : IP enabled +#No_IP; + +# Disable use of IPv6 addresses (only IP) +# Default : IPv6 enabled +#No_IPv6; + +# Specify local addresses the server must bind to +# Default : listen on all addresses available. +#ListenOn = "202.249.37.5"; +#ListenOn = "2001:200:903:2::202:1"; +#ListenOn = "fe80::21c:5ff:fe98:7d62%eth0"; +ListenOn = "127.0.0.4"; + + +############################################################## +## Server configuration + +# How many Diameter peers are allowed to be connecting at the same time ? +# This parameter limits the number of incoming connections from the time +# the connection is accepted until the first CER is received. +# Default: 5 unidentified clients in paralel. +#ThreadsPerServer = 5; + +############################################################## +## TLS Configuration + +# TLS is managed by the GNUTLS library in the freeDiameter daemon. +# You may find more information about parameters and special behaviors +# in the relevant documentation. +# http://www.gnu.org/software/gnutls/manual/ + +# Credentials of the local peer +# The X509 certificate and private key file to use for the local peer. +# The files must contain PKCS-1 encoded RSA key, in PEM format. +# (These parameters are passed to gnutls_certificate_set_x509_key_file function) +# Default : NO DEFAULT +#TLS_Cred = "<x509 certif file.PEM>" , "<x509 private key file.PEM>"; +#TLS_Cred = "/etc/ssl/certs/freeDiameter.pem", "/etc/ssl/private/freeDiameter.key"; +#TLS_Cred = "@sysconfdir@/open5gs/tls/smf.crt", "@sysconfdir@/open5gs/tls/smf.key"; + +# Certificate authority / trust anchors +# The file containing the list of trusted Certificate Authorities (PEM list) +# (This parameter is passed to gnutls_certificate_set_x509_trust_file function) +# The directive can appear several times to specify several files. +# Default : GNUTLS default behavior +#TLS_CA = "<file.PEM>"; +#TLS_CA = "@sysconfdir@/open5gs/tls/ca.crt"; + +# Certificate Revocation List file +# The information about revoked certificates. +# The file contains a list of trusted CRLs in PEM format. They should have been verified before. +# (This parameter is passed to gnutls_certificate_set_x509_crl_file function) +# Note: openssl CRL format might have interoperability issue with GNUTLS format. +# Default : GNUTLS default behavior +#TLS_CRL = "<file.PEM>"; + +# GNU TLS Priority string +# This string allows to configure the behavior of GNUTLS key exchanges +# algorithms. See gnutls_priority_init function documentation for information. +# You should also refer to the Diameter required TLS support here: +# http://tools.ietf.org/html/rfc6733#section-13.1 +# Default : "NORMAL" +# Example: TLS_Prio = "NONE:+VERS-TLS1.1:+AES-128-CBC:+RSA:+SHA1:+COMP-NULL"; +#TLS_Prio = "NORMAL"; + +# Diffie-Hellman parameters size +# Set the number of bits for generated DH parameters +# Valid value should be 768, 1024, 2048, 3072 or 4096. +# (This parameter is passed to gnutls_dh_params_generate2 function, +# it usually should match RSA key size) +# Default : 1024 +#TLS_DH_Bits = 1024; + +# Alternatively, you can specify a file to load the PKCS#3 encoded +# DH parameters directly from. This accelerates the daemon start +# but is slightly less secure. If this file is provided, the +# TLS_DH_Bits parameters has no effect. +# Default : no default. +#TLS_DH_File = "<file.PEM>"; + + +############################################################## +## Timers configuration + +# The Tc timer of this peer. +# It is the delay before a new attempt is made to reconnect a disconnected peer. +# The value is expressed in seconds. The recommended value is 30 seconds. +# Default: 30 +#TcTimer = 30; + +# The Tw timer of this peer. +# It is the delay before a watchdog message is sent, as described in RFC 3539. +# The value is expressed in seconds. The default value is 30 seconds. Value must +# be greater or equal to 6 seconds. See details in the RFC. +# Default: 30 +#TwTimer = 30; + +############################################################## +## Applications configuration + +# Disable the relaying of Diameter messages? +# For messages not handled locally, the default behavior is to forward the +# message to another peer if any is available, according to the routing +# algorithms. In addition the "0xffffff" application is advertised in CER/CEA +# exchanges. +# Default: Relaying is enabled. +#NoRelay; +NoRelay; + +# Number of server threads that can handle incoming messages at the same time. +# Default: 4 +#AppServThreads = 4; + +# Other applications are configured by loaded extensions. + +############################################################## +## Extensions configuration + +# The freeDiameter framework merely provides support for +# Diameter Base Protocol. The specific application behaviors, +# as well as advanced functions, are provided +# by loadable extensions (plug-ins). +# These extensions may in addition receive the name of a +# configuration file, the format of which is extension-specific. +# +# Format: +#LoadExtension = "/path/to/extension" [ : "/optional/configuration/file" ] ; +# +# Examples: +#LoadExtension = "extensions/sample.fdx"; +#LoadExtension = "extensions/sample.fdx":"conf/sample.conf"; + +# Extensions are named as follow: +# dict_* for extensions that add content to the dictionary definitions. +# dbg_* for extensions useful only to retrieve more information on the framework execution. +# acl_* : Access control list, to control which peers are allowed to connect. +# rt_* : routing extensions that impact how messages are forwarded to other peers. +# app_* : applications, these extensions usually register callbacks to handle specific messages. +# test_* : dummy extensions that are useful only in testing environments. + + +# The dbg_msg_dump.fdx extension allows you to tweak the way freeDiameter displays some +# information about some events. This extension does not actually use a configuration file +# but receives directly a parameter in the string passed to the extension. Here are some examples: +## LoadExtension = "dbg_msg_dumps.fdx" : "0x1111"; # Removes all default hooks, very quiet even in case of errors. +## LoadExtension = "dbg_msg_dumps.fdx" : "0x2222"; # Display all events with few details. +## LoadExtension = "dbg_msg_dumps.fdx" : "0x0080"; # Dump complete information about sent and received messages. +# The four digits respectively control: connections, routing decisions, sent/received messages, errors. +# The values for each digit are: +# 0 - default - keep the default behavior +# 1 - quiet - remove any specific log +# 2 - compact - display only a summary of the information +# 4 - full - display the complete information on a single long line +# 8 - tree - display the complete information in an easier to read format spanning several lines. + +LoadExtension = "dbg_msg_dumps.fdx" : "0x8888"; +LoadExtension = "dict_rfc5777.fdx"; +LoadExtension = "dict_mip6i.fdx"; +LoadExtension = "dict_nasreq.fdx"; +LoadExtension = "dict_nas_mipv6.fdx"; +LoadExtension = "dict_dcca.fdx"; +LoadExtension = "dict_dcca_3gpp.fdx"; + + +############################################################## +## Peers configuration + +# The local server listens for incoming connections. By default, +# all unknown connecting peers are rejected. Extensions can override this behavior (e.g., acl_wl). +# +# In addition to incoming connections, the local peer can +# be configured to establish and maintain connections to some +# Diameter nodes and allow connections from these nodes. +# This is achieved with the ConnectPeer directive described below. +# +# Note that the configured Diameter Identity MUST match +# the information received inside CEA, or the connection will be aborted. +# +# Format: +#ConnectPeer = "diameterid" [ { parameter1; parameter2; ...} ] ; +# Parameters that can be specified in the peer's parameter list: +# No_TCP; No_SCTP; No_IP; No_IPv6; Prefer_TCP; TLS_old_method; +# No_TLS; # assume transparent security instead of TLS. DTLS is not supported yet (will change in future versions). +# Port = 5868; # The port to connect to +# TcTimer = 30; +# TwTimer = 30; +# ConnectTo = "202.249.37.5"; +# ConnectTo = "2001:200:903:2::202:1"; +# TLS_Prio = "NORMAL"; +# Realm = "realm.net"; # Reject the peer if it does not advertise this realm. +# Examples: +#ConnectPeer = "aaa.wide.ad.jp"; +#ConnectPeer = "old.diameter.serv" { TcTimer = 60; TLS_old_method; No_SCTP; Port=3868; } ; +ConnectPeer = "pcrf.localdomain" { ConnectTo = "127.0.0.9"; No_TLS; }; + + +############################################################## diff --git a/5gc/open5gs/open5gs-smf.yaml b/5gc/open5gs/open5gs-smf.yaml new file mode 100644 index 0000000..c6a6405 --- /dev/null +++ b/5gc/open5gs/open5gs-smf.yaml @@ -0,0 +1,422 @@ +logger: + level: debug +# level: info # fatal|error|warn|info(default)|debug|trace + +global: + max: + ue: 1024 # The number of UE can be increased depending on memory size. +# peer: 64 + +smf: + sbi: + server: + - address: 127.0.0.4 + port: 7777 + client: +# nrf: +# - uri: http://127.0.0.10:7777 + scp: + - uri: http://127.0.0.200:7777 + pfcp: + server: + - address: 127.0.0.4 + client: + upf: + - address: 127.0.0.7 + gtpc: + server: + - address: 127.0.0.4 + gtpu: + server: + - address: 127.0.0.4 + metrics: + server: + - address: 127.0.0.4 + port: 9090 + session: + - subnet: 10.45.0.0/16 + gateway: 10.45.0.1 + - subnet: 2001:db8:cafe::/48 + gateway: 2001:db8:cafe::1 + dns: + - 8.8.8.8 + - 8.8.4.4 + - 2001:4860:4860::8888 + - 2001:4860:4860::8844 + mtu: 1400 +# p-cscf: +# - 127.0.0.1 +# - ::1 +# ctf: +# enabled: auto # auto(default)|yes|no + freeDiameter: open5gs-smf-freediameter.conf + +################################################################################ +# SMF Info +################################################################################ +# <SMF Selection - 5G Core only> +# 1. SMF sends SmfInfo(S-NSSAI, DNN, TAI) to the NRF +# 2. NRF responds to AMF with SmfInfo during NF-Discovery. +# 3. AMF selects SMF based on S-NSSAI, DNN and TAI in SmfInfo. +# +# Note that if there is no SmfInfo, any AMF can select this SMF. +# +# o S-NSSAI[SST:1] and DNN[internet] - At least 1 DNN is required in S-NSSAI +# info: +# - s_nssai: +# - sst: 1 +# dnn: +# - internet +# +# o S-NSSAI[SST:1 SD:009000] and DNN[internet or ims] +# info: +# - s_nssai: +# - sst: 1 +# sd: 009000 +# dnn: +# - internet +# - ims +# +# o S-NSSAI[SST:1] and DNN[internet] and TAI[PLMN-ID:99970 TAC:1] +# info: +# - s_nssai: +# - sst: 1 +# dnn: +# - internet +# tai: +# - plmn_id: +# mcc: 999 +# mnc: 70 +# tac: 1 +# +# o If any of conditions below are met: +# - S-NSSAI[SST:1] and DNN[internet] and TAI[PLMN-ID:99970 TAC:1-9] +# - S-NSSAI[SST:2 SD:000080] and DNN[internet or ims] +# - S-NSSAI[SST:4] and DNN[internet] and TAI[PLMN-ID:99970 TAC:10-20,30-40] +# info: +# - s_nssai: +# - sst: 1 +# dnn: +# - internet +# tai: +# - plmn_id: +# mcc: 999 +# mnc: 70 +# tac: +# - 1-9 +# - s_nssai: +# - sst: 2 +# sd: 000080 +# dnn: +# - internet +# - ims +# - s_nssai: +# - sst: 4 +# dnn: +# - internet +# tai: +# - plmn_id: +# mcc: 999 +# mnc: 70 +# tac: +# - 10-20 +# - 30-40 +# +# o Complex Example +# info: +# - s_nssai: +# - sst: 1 +# dnn: +# - internet +# - sst: 1 +# sd: 000080 +# dnn: +# - internet +# - ims +# - sst: 1 +# sd: 009000 +# dnn: +# [internet, ims] +# - sst: 2 +# dnn: +# - internet +# - sst: 3 +# sd: 123456 +# dnn: +# - internet +# tai: +# - plmn_id: +# mcc: 999 +# mnc: 70 +# tac: [1, 2, 3] +# - plmn_id: +# mcc: 999 +# mnc: 70 +# tac: 4 +# - plmn_id: +# mcc: 999 +# mnc: 70 +# tac: +# - 5 +# - 6 +# - plmn_id: +# mcc: 999 +# mnc: 70 +# tac: +# - 100-200 +# - 300-400 +# - plmn_id: +# mcc: 999 +# mnc: 70 +# tac: +# - 500-600 +# - 700-800 +# - 900-1000 +# - s_nssai: +# - sst: 4 +# dnn: +# - internet +# tai: +# - plmn_id: +# mcc: 999 +# mnc: 70 +# tac: 99 +# +################################################################################ +# SBI Server +################################################################################ +# o Bind to the address on the eth0 and advertise as open5gs-smf.svc.local +# sbi: +# server: +# - dev:eth0 +# advertise: open5gs-smf.svc.local +# +# o Specify a custom port number 7777 while binding to the given address +# sbi: +# server: +# - address: smf.localdomain +# port: 7777 +# +# o Bind to 127.0.0.4 and advertise as open5gs-smf.svc.local +# sbi: +# server: +# - address: 127.0.0.4 +# port: 7777 +# advertise: open5gs-smf.svc.local +# +# o Bind to port 7777 but advertise with a different port number 8888 +# sbi: +# server: +# - address: 127.0.0.4 +# port: 7777 +# advertise: open5gs-smf.svc.local:8888 +# +################################################################################ +# SBI Client +################################################################################ +# o Direct Communication with NRF +# sbi: +# client: +# nrf: +# - uri: http://127.0.0.10:7777 +# +# o Indirect Communication by Delegating to SCP +# sbi: +# client: +# scp: +# - uri: http://127.0.0.200:7777 +# +# o Indirect Communication without Delegation +# sbi: +# client: +# nrf: +# - uri: http://127.0.0.10:7777 +# scp: +# - uri: http://127.0.0.200:7777 +# delegated: +# nrf: +# nfm: no # Directly communicate NRF management functions +# disc: no # Directly communicate NRF discovery +# scp: +# next: no # Do not delegate to SCP for next-hop +# +# o Indirect Communication with Delegated Discovery +# sbi: +# client: +# nrf: +# - uri: http://127.0.0.10:7777 +# scp: +# - uri: http://127.0.0.200:7777 +# delegated: +# nrf: +# nfm: no # Directly communicate NRF management functions +# disc: yes # Delegate discovery to SCP +# scp: +# next: yes # Delegate to SCP for next-hop communications +# +# o Default delegation: all communications are delegated to the SCP +# sbi: +# client: +# nrf: +# - uri: http://127.0.0.10:7777 +# scp: +# - uri: http://127.0.0.200:7777 +# # No 'delegated' section; defaults to AUTO delegation +# +################################################################################ +# HTTPS scheme with TLS +################################################################################ +# o Set as default if not individually set +# default: +# tls: +# server: +# scheme: https +# private_key: @sysconfdir@/open5gs/tls/smf.key +# cert: @sysconfdir@/open5gs/tls/smf.crt +# client: +# scheme: https +# cacert: @sysconfdir@/open5gs/tls/ca.crt +# sbi: +# server: +# - address: smf.localdomain +# client: +# nrf: +# - uri: https://nrf.localdomain +# +# o Enable SSL key logging for Wireshark +# - This configuration allows capturing SSL/TLS session keys +# for debugging or analysis purposes using Wireshark. +# default: +# tls: +# server: +# scheme: https +# private_key: @sysconfdir@/open5gs/tls/smf.key +# cert: @sysconfdir@/open5gs/tls/smf.crt +# sslkeylogfile: @localstatedir@/log/open5gs/tls/smf-server-sslkeylog.log +# client: +# scheme: https +# cacert: @sysconfdir@/open5gs/tls/ca.crt +# client_sslkeylogfile: @localstatedir@/log/open5gs/tls/smf-client-sslkeylog.log +# sbi: +# server: +# - address: smf.localdomain +# client: +# nrf: +# - uri: https://nrf.localdomain +# +# o Add client TLS verification +# default: +# tls: +# server: +# scheme: https +# private_key: @sysconfdir@/open5gs/tls/smf.key +# cert: @sysconfdir@/open5gs/tls/smf.crt +# verify_client: true +# verify_client_cacert: @sysconfdir@/open5gs/tls/ca.crt +# client: +# scheme: https +# cacert: @sysconfdir@/open5gs/tls/ca.crt +# client_private_key: @sysconfdir@/open5gs/tls/smf.key +# client_cert: @sysconfdir@/open5gs/tls/smf.crt +# sbi: +# server: +# - address: smf.localdomain +# client: +# nrf: +# - uri: https://nrf.localdomain +# +################################################################################ +# PFCP Server +################################################################################ +# o Override PFCP address to be advertised to UPF in PFCP association +# pfcp: +# server: +# - dev: eth0 +# advertise: open5gs-smf.svc.local +# +################################################################################ +# PFCP Client +################################################################################ +# o UPF selection by eNodeB TAC +# (either single TAC or multiple TACs, DECIMAL representation) +# pfcp: +# client: +# upf: +# - address: 127.0.0.7 +# tac: 1 +# - address: 127.0.0.12 +# tac: [3,5,8] +# +# o UPF selection by UE's DNN/APN (either single DNN/APN or multiple DNNs/APNs) +# pfcp: +# client: +# upf: +# - address: 127.0.0.7 +# dnn: ims +# - address: 127.0.0.12 +# dnn: [internet, web] +# +# o UPF selection by CellID(e_cell_id: 28bit, nr_cell_id: 36bit) +# (either single enb_id or multiple enb_ids, HEX representation) +# pfcp: +# client: +# upf: +# - address: 127.0.0.7 +# e_cell_id: 463 +# - address: 127.0.0.12 +# nr_cell_id: [123456789, 9413] +# +################################################################################ +# GTP-C Server +################################################################################ +# o Listen on IPv4 and IPv6 +# gtpc: +# server: +# - address: 127.0.0.4 +# - address: fd69:f21d:873c:fa::3 +# +################################################################################ +# GTP-U Server +################################################################################ +# o Listen on IPv4 and IPv6 +# gtpu: +# server: +# - address: 127.0.0.4 +# - address: ::1 +# +################################################################################ +# 3GPP Specification +################################################################################ +# o Specific DNN/APN(e.g 'ims') uses 10.46.0.1/16, 2001:db8:babe::1/48 +# (If the UE has unknown DNN/APN(not internet/ims), SMF/UPF will crash.) +# session: +# - subnet: 10.45.0.0/16 +# gateway: 10.45.0.1 +# dnn: internet +# - subnet: 2001:db8:cafe::/48 +# dnn: internet +# - subnet: 10.46.0.0/16 +# gateway: 10.46.0.1 +# dnn: ims +# - subnet: 2001:db8:babe::/48 +# dnn: ims +# +# o Pool Range +# session: +# - subnet: 10.45.0.0/16 +# gateway: 10.45.0.1 +# range: +# - 10.45.0.100-10.45.0.200 +# - 10.45.1.100- +# - -10.45.0.200 +# - subnet: 2001:db8:cafe::/48 +# range: +# - 2001:db8:cafe:a0::0-2001:db8:cafe:b0::0 +# - 2001:db8:cafe:c0::0-2001:db8:cafe:d0::0 +# +# o Security Indication(5G Core only) +# security_indication: +# integrity_protection_indication: required|preferred|not-needed +# confidentiality_protection_indication: required|preferred|not-needed +# maximum_integrity_protected_data_rate_uplink: bitrate64kbs|maximum-UE-rate +# maximum_integrity_protected_data_rate_downlink: bitrate64kbs|maximum-UE-rate diff --git a/5gc/open5gs/open5gs-udm.yaml b/5gc/open5gs/open5gs-udm.yaml new file mode 100644 index 0000000..c17f471 --- /dev/null +++ b/5gc/open5gs/open5gs-udm.yaml @@ -0,0 +1,221 @@ +logger: + level: debug +# level: info # fatal|error|warn|info(default)|debug|trace + +global: + max: + ue: 1024 # The number of UE can be increased depending on memory size. +# peer: 64 + +udm: + hnet: + - id: 1 + scheme: 1 + key: @sysconfdir@/open5gs/hnet/curve25519-1.key + - id: 2 + scheme: 2 + key: @sysconfdir@/open5gs/hnet/secp256r1-2.key + - id: 3 + scheme: 1 + key: @sysconfdir@/open5gs/hnet/curve25519-3.key + - id: 4 + scheme: 2 + key: @sysconfdir@/open5gs/hnet/secp256r1-4.key + - id: 5 + scheme: 1 + key: @sysconfdir@/open5gs/hnet/curve25519-5.key + - id: 6 + scheme: 2 + key: @sysconfdir@/open5gs/hnet/secp256r1-6.key + sbi: + server: + - address: 127.0.0.12 + port: 7777 + client: +# nrf: +# - uri: http://127.0.0.10:7777 + scp: + - uri: http://127.0.0.200:7777 + +################################################################################ +# Home Network Public Key +################################################################################ +# o Generate the private key as below. +# $ openssl genpkey -algorithm X25519 -out /etc/open5gs/hnet/curve25519-1.key +# $ openssl ecparam -name prime256v1 -genkey -conv_form compressed -out /etc/open5gs/hnet/secp256r1-2.key +# +# o The private and public keys can be viewed with the command. +# The public key is used when creating the SIM. +# $ openssl pkey -in /etc/open5gs/hnet/curve25519-1.key -text +# $ openssl ec -in /etc/open5gs/hnet/secp256r1-2.key -conv_form compressed -text +# +# o Home network public key identifier(PKI) value : 1 +# Protection scheme identifier : ECIES scheme profile A +# hnet: +# - id: 1 +# scheme: 1 +# key: /etc/open5gs/hnet/curve25519-1.key +# +# o Home network public key identifier(PKI) value : 2 +# Protection scheme identifier : ECIES scheme profile B +# hnet: +# - id: 2 +# scheme: 2 +# key: /etc/open5gs/hnet/secp256r1-2.key +# +# o Home network public key identifier(PKI) value : 3 +# Protection scheme identifier : ECIES scheme profile A +# hnet: +# - id: 3 +# scheme: 1 +# key: /etc/open5gs/hnet/curve25519-1.key +# +# o Home network public key identifier(PKI) value : 4 +# Protection scheme identifier : ECIES scheme profile B +# hnet: +# - id: 4 +# scheme: 2 +# key: /etc/open5gs/hnet/secp256r1-2.key +# +################################################################################ +# SBI Server +################################################################################ +# o Bind to the address on the eth0 and advertise as open5gs-udm.svc.local +# sbi: +# server: +# - dev:eth0 +# advertise: open5gs-udm.svc.local +# +# o Specify a custom port number 7777 while binding to the given address +# sbi: +# server: +# - address: udm.localdomain +# port: 7777 +# +# o Bind to 127.0.0.12 and advertise as open5gs-udm.svc.local +# sbi: +# server: +# - address: 127.0.0.12 +# port: 7777 +# advertise: open5gs-udm.svc.local +# +# o Bind to port 7777 but advertise with a different port number 8888 +# sbi: +# server: +# - address: 127.0.0.12 +# port: 7777 +# advertise: open5gs-udm.svc.local:8888 +# +################################################################################ +# SBI Client +################################################################################ +# o Direct Communication with NRF +# sbi: +# client: +# nrf: +# - uri: http://127.0.0.10:7777 +# +# o Indirect Communication by Delegating to SCP +# sbi: +# client: +# scp: +# - uri: http://127.0.0.200:7777 +# +# o Indirect Communication without Delegation +# sbi: +# client: +# nrf: +# - uri: http://127.0.0.10:7777 +# scp: +# - uri: http://127.0.0.200:7777 +# delegated: +# nrf: +# nfm: no # Directly communicate NRF management functions +# disc: no # Directly communicate NRF discovery +# scp: +# next: no # Do not delegate to SCP for next-hop +# +# o Indirect Communication with Delegated Discovery +# sbi: +# client: +# nrf: +# - uri: http://127.0.0.10:7777 +# scp: +# - uri: http://127.0.0.200:7777 +# delegated: +# nrf: +# nfm: no # Directly communicate NRF management functions +# disc: yes # Delegate discovery to SCP +# scp: +# next: yes # Delegate to SCP for next-hop communications +# +# o Default delegation: all communications are delegated to the SCP +# sbi: +# client: +# nrf: +# - uri: http://127.0.0.10:7777 +# scp: +# - uri: http://127.0.0.200:7777 +# # No 'delegated' section; defaults to AUTO delegation +# +################################################################################ +# HTTPS scheme with TLS +################################################################################ +# o Set as default if not individually set +# default: +# tls: +# server: +# scheme: https +# private_key: @sysconfdir@/open5gs/tls/udm.key +# cert: @sysconfdir@/open5gs/tls/udm.crt +# client: +# scheme: https +# cacert: @sysconfdir@/open5gs/tls/ca.crt +# sbi: +# server: +# - address: udm.localdomain +# client: +# nrf: +# - uri: https://nrf.localdomain +# +# o Enable SSL key logging for Wireshark +# - This configuration allows capturing SSL/TLS session keys +# for debugging or analysis purposes using Wireshark. +# default: +# tls: +# server: +# scheme: https +# private_key: @sysconfdir@/open5gs/tls/udm.key +# cert: @sysconfdir@/open5gs/tls/udm.crt +# sslkeylogfile: @localstatedir@/log/open5gs/tls/udm-server-sslkeylog.log +# client: +# scheme: https +# cacert: @sysconfdir@/open5gs/tls/ca.crt +# client_sslkeylogfile: @localstatedir@/log/open5gs/tls/udm-client-sslkeylog.log +# sbi: +# server: +# - address: udm.localdomain +# client: +# nrf: +# - uri: https://nrf.localdomain +# +# o Add client TLS verification +# default: +# tls: +# server: +# scheme: https +# private_key: @sysconfdir@/open5gs/tls/udm.key +# cert: @sysconfdir@/open5gs/tls/udm.crt +# verify_client: true +# verify_client_cacert: @sysconfdir@/open5gs/tls/ca.crt +# client: +# scheme: https +# cacert: @sysconfdir@/open5gs/tls/ca.crt +# client_private_key: @sysconfdir@/open5gs/tls/udm.key +# client_cert: @sysconfdir@/open5gs/tls/udm.crt +# sbi: +# server: +# - address: udm.localdomain +# client: +# nrf: +# - uri: https://nrf.localdomain diff --git a/5gc/open5gs/open5gs-udr.yaml b/5gc/open5gs/open5gs-udr.yaml new file mode 100644 index 0000000..f155142 --- /dev/null +++ b/5gc/open5gs/open5gs-udr.yaml @@ -0,0 +1,163 @@ +db_uri: mongodb://127.0.0.103/open5gs +logger: + level: debug +# level: info # fatal|error|warn|info(default)|debug|trace + +global: + max: + ue: 1024 # The number of UE can be increased depending on memory size. +# peer: 64 + +udr: + sbi: + server: + - address: 127.0.0.20 + port: 7777 + client: +# nrf: +# - uri: http://127.0.0.10:7777 + scp: + - uri: http://127.0.0.200:7777 + +################################################################################ +# SBI Server +################################################################################ +# o Bind to the address on the eth0 and advertise as open5gs-udr.svc.local +# sbi: +# server: +# - dev:eth0 +# advertise: open5gs-udr.svc.local +# +# o Specify a custom port number 7777 while binding to the given address +# sbi: +# server: +# - address: udr.localdomain +# port: 7777 +# +# o Bind to 127.0.0.20 and advertise as open5gs-udr.svc.local +# sbi: +# server: +# - address: 127.0.0.20 +# port: 7777 +# advertise: open5gs-udr.svc.local +# +# o Bind to port 7777 but advertise with a different port number 8888 +# sbi: +# server: +# - address: 127.0.0.20 +# port: 7777 +# advertise: open5gs-udr.svc.local:8888 +# +################################################################################ +# SBI Client +################################################################################ +# o Direct Communication with NRF +# sbi: +# client: +# nrf: +# - uri: http://127.0.0.10:7777 +# +# o Indirect Communication by Delegating to SCP +# sbi: +# client: +# scp: +# - uri: http://127.0.0.200:7777 +# +# o Indirect Communication without Delegation +# sbi: +# client: +# nrf: +# - uri: http://127.0.0.10:7777 +# scp: +# - uri: http://127.0.0.200:7777 +# delegated: +# nrf: +# nfm: no # Directly communicate NRF management functions +# disc: no # Directly communicate NRF discovery +# scp: +# next: no # Do not delegate to SCP for next-hop +# +# o Indirect Communication with Delegated Discovery +# sbi: +# client: +# nrf: +# - uri: http://127.0.0.10:7777 +# scp: +# - uri: http://127.0.0.200:7777 +# delegated: +# nrf: +# nfm: no # Directly communicate NRF management functions +# disc: yes # Delegate discovery to SCP +# scp: +# next: yes # Delegate to SCP for next-hop communications +# +# o Default delegation: all communications are delegated to the SCP +# sbi: +# client: +# nrf: +# - uri: http://127.0.0.10:7777 +# scp: +# - uri: http://127.0.0.200:7777 +# # No 'delegated' section; defaults to AUTO delegation +# +################################################################################ +# HTTPS scheme with TLS +################################################################################ +# o Set as default if not individually set +# default: +# tls: +# server: +# scheme: https +# private_key: @sysconfdir@/open5gs/tls/udr.key +# cert: @sysconfdir@/open5gs/tls/udr.crt +# client: +# scheme: https +# cacert: @sysconfdir@/open5gs/tls/ca.crt +# sbi: +# server: +# - address: udr.localdomain +# client: +# nrf: +# - uri: https://nrf.localdomain +# +# o Enable SSL key logging for Wireshark +# - This configuration allows capturing SSL/TLS session keys +# for debugging or analysis purposes using Wireshark. +# default: +# tls: +# server: +# scheme: https +# private_key: @sysconfdir@/open5gs/tls/udr.key +# cert: @sysconfdir@/open5gs/tls/udr.crt +# sslkeylogfile: @localstatedir@/log/open5gs/tls/udr-server-sslkeylog.log +# client: +# scheme: https +# cacert: @sysconfdir@/open5gs/tls/ca.crt +# client_sslkeylogfile: @localstatedir@/log/open5gs/tls/udr-client-sslkeylog.log +# sbi: +# server: +# - address: udr.localdomain +# client: +# nrf: +# - uri: https://nrf.localdomain +# +# o Add client TLS verification +# default: +# tls: +# server: +# scheme: https +# private_key: @sysconfdir@/open5gs/tls/udr.key +# cert: @sysconfdir@/open5gs/tls/udr.crt +# verify_client: true +# verify_client_cacert: @sysconfdir@/open5gs/tls/ca.crt +# client: +# scheme: https +# cacert: @sysconfdir@/open5gs/tls/ca.crt +# client_private_key: @sysconfdir@/open5gs/tls/udr.key +# client_cert: @sysconfdir@/open5gs/tls/udr.crt +# sbi: +# server: +# - address: udr.localdomain +# client: +# nrf: +# - uri: https://nrf.localdomain diff --git a/5gc/open5gs/open5gs-upf.yaml b/5gc/open5gs/open5gs-upf.yaml new file mode 100644 index 0000000..ff9b845 --- /dev/null +++ b/5gc/open5gs/open5gs-upf.yaml @@ -0,0 +1,87 @@ +logger: + level: debug +# level: info # fatal|error|warn|info(default)|debug|trace + +global: + max: + ue: 1024 # The number of UE can be increased depending on memory size. +# peer: 64 + +upf: + pfcp: + server: + - address: 127.0.0.7 + client: +# smf: # UPF PFCP Client try to associate SMF PFCP Server +# - address: 127.0.0.4 + gtpu: + server: + - address: 127.0.0.7 + session: + - subnet: 10.45.0.0/16 + gateway: 10.45.0.1 + - subnet: 2001:db8:cafe::/48 + gateway: 2001:db8:cafe::1 + metrics: + server: + - address: 127.0.0.7 + port: 9090 + +################################################################################ +# PFCP Server +################################################################################ +# o Override PFCP address to be advertised to SMF in PFCP association +# pfcp: +# server: +# - dev: eth0 +# advertise: open5gs-upf.svc.local +# +################################################################################ +# GTP-U Server +################################################################################ +# o Override SGW-U GTP-U address to be advertised inside S1AP messages +# gtpu: +# server: +# - dev: ens3 +# advertise: upf1.5gc.mnc001.mcc001.3gppnetwork.org +# +# o User Plane IP Resource information +# gtpu: +# server: +# - address: +# - 127.0.0.7 +# - ::1 +# teid_range_indication: 4 +# teid_range: 10 +# network_instance: internet +# source_interface: 0 +# - address: 127.0.10.4 +# teid_range_indication: 4 +# teid_range: 5 +# network_instance: ims +# source_interface: 1 +# +################################################################################ +# 3GPP Specification +################################################################################ +# +# o Specific DNN/APN(e.g 'ims') uses 10.46.0.1/16, 2001:db8:babe::1/48 +# $ sudo ip addr add 10.45.0.1/16 dev ogstun +# $ sudo ip addr add 2001:db8:cafe::1/48 dev ogstun2 +# $ sudo ip addr add 10.46.0.1/16 dev ogstun3 +# $ sudo ip addr add 2001:db8:babe::1/48 dev ogstun3 +# +# session: +# - subnet: 10.45.0.0/16 +# gateway: 10.45.0.1 +# dnn: internet +# - subnet: 2001:db8:cafe::/48 +# dnn: internet +# dev: ogstun2 +# - subnet: 10.46.0.0/16 +# gateway: 10.46.0.1 +# dnn: ims +# dev: ogstun3 +# - subnet: 2001:db8:babe::/48 +# dnn: ims +# dev: ogstun3 diff --git a/5gc/open5gs/open5gs_prepare.sh b/5gc/open5gs/open5gs_prepare.sh new file mode 100755 index 0000000..2946f21 --- /dev/null +++ b/5gc/open5gs/open5gs_prepare.sh @@ -0,0 +1,20 @@ +#!/bin/sh -ex + +set_ogs_sysconf_dir() { + if [ -z "$OSMO_DEV_MAKE_DIR" ]; then + # With --binary-repo + OGS_INSTALL_DIR="/" + OGS_SYSCONF_DIR="$OGS_INSTALL_DIR/etc/" + else + # Without --binary-repo + OGS_INSTALL_DIR="$OSMO_DEV_MAKE_DIR"/.. + OGS_SYSCONF_DIR="$OGS_INSTALL_DIR/usr/etc/" + fi +} + +adjust_sysconfdir_config() { + sed -i "s~@sysconfdir@~$1~g" $2 +} + +set_ogs_sysconf_dir +adjust_sysconfdir_config "$OGS_SYSCONF_DIR" ./*.yaml diff --git a/5gc/regen_makefile.sh b/5gc/regen_makefile.sh new file mode 100755 index 0000000..3b4b77c --- /dev/null +++ b/5gc/regen_makefile.sh @@ -0,0 +1,22 @@ +#!/bin/sh -e + +NAME=C5G_Tests + +# *.asn +# *.c +FILES=" + *.asn + *.ttcn + IPL4asp_PT.cc + IPL4asp_discovery.cc + Native_FunctionDefs.cc + NGAP_CodecPort_CtrlFunctDef.cc + NGAP_EncDec.cc + TCCConversion.cc + TCCEncoding.cc + TCCInterface.cc +" + +. ../_buildsystem/regen_makefile.inc.sh + +sed -i -e 's/^LINUX_LIBS = -lxml2 -lsctp/LINUX_LIBS = -lxml2 -lsctp -lfftranscode -lgnutls/' Makefile diff --git a/5gc/testenv.cfg b/5gc/testenv.cfg new file mode 100644 index 0000000..7a92524 --- /dev/null +++ b/5gc/testenv.cfg @@ -0,0 +1,89 @@ +[testsuite] +program=C5G_Tests +config=C5G_Tests.cfg + +[db] +prepare=mkdir db +program=mongod --config mongod.conf +setup=create_test_subscribers.sh +copy=mongod.conf +make=no +package=no + +[nrf] +program=open5gs-nrfd -c open5gs-nrf.yaml +make=open5gs +package=open5gs-nrf +copy=open5gs/open5gs-nrf.yaml + +[scp] +program=open5gs-scpd -c open5gs-scp.yaml +make=open5gs +package=open5gs-scp +copy=open5gs/open5gs-scp.yaml + +[sepp1] +prepare=./open5gs_prepare.sh +program=open5gs-seppd -c open5gs-sepp1.yaml +make=open5gs +package=open5gs-sepp1 +copy=open5gs/open5gs-sepp1.yaml open5gs/open5gs_prepare.sh + +[sepp2] +prepare=./open5gs_prepare.sh +program=open5gs-seppd -c open5gs-sepp2.yaml +make=open5gs +package=open5gs-sepp2 +copy=open5gs/open5gs-sepp2.yaml open5gs/open5gs_prepare.sh + +[bsf] +program=open5gs-bsfd -c open5gs-bsf.yaml +make=open5gs +package=open5gs-bsf +copy=open5gs/open5gs-bsf.yaml + +[smf] +program=open5gs-smfd -c open5gs-smf.yaml +make=open5gs +package=open5gs-smf +copy=open5gs/open5gs-smf.yaml open5gs/open5gs-smf-freediameter.conf + +[upf] +program=open5gs-upfd -c open5gs-upf.yaml +make=open5gs +package=open5gs-upf +copy=open5gs/open5gs-upf.yaml +# TODO: add tuns manually, see ggsn_tests/open5gs/testenv.sh +#copy=open5gs/open5gs-upf.yaml open5gs/testenv.sh +#clean=./testenv.sh + +[ausf] +program=open5gs-ausfd -c open5gs-ausf.yaml +make=open5gs +package=open5gs-ausf +copy=open5gs/open5gs-ausf.yaml + +[udm] +prepare=./open5gs_prepare.sh +program=open5gs-udmd -c open5gs-udm.yaml +make=open5gs +package=open5gs-udm +copy=open5gs/open5gs-udm.yaml open5gs/open5gs_prepare.sh + +[udr] +program=open5gs-udrd -c open5gs-udr.yaml +make=open5gs +package=open5gs-udr +copy=open5gs/open5gs-udr.yaml + +[pcf] +program=open5gs-pcfd -c open5gs-pcf.yaml +make=open5gs +package=open5gs-pcf +copy=open5gs/open5gs-pcf.yaml + +[amf] +program=open5gs-amfd -c open5gs-amf.yaml +make=open5gs +package=open5gs-amf +copy=open5gs/open5gs-amf.yaml diff --git a/Makefile b/Makefile index e490df8..1f9b3f0 100644 --- a/Makefile +++ b/Makefile @@ -16,6 +16,7 @@ BUILDDIR ?= _build

SUBDIRS= \ + 5gc \ asterisk \ bsc \ bsc-nat \ @@ -59,7 +60,7 @@ ifeq ($(NPROC),) NPROC=1 endif -PARALLEL_MAKE ?= -j$(NPROC) +PARALLEL_MAKE ?= -j4

# This master makefile allows you to do things like # make clean (remove all generated binary, c++ and symlinks)