paulmataruso/docker-open5gs-prod-315010
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

first commit

Browse Source
This commit is contained in:
Paul Mataruso
2025-08-21 01:07:07 +00:00
commit e57af8a8e9
305 changed files with 40120 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
opensips_ims_scscf/freeDiameter.conf Normal file
View File

@@ -0,0 +1,13 @@
Identity = "scscf.IMS_DOMAIN";
Realm = "IMS_DOMAIN";
Port = SCSCF_BIND_PORT;
ListenOn = "SCSCF_IP";
SecPort = 0;
No_SCTP;
NoRelay;
ConnectPeer = "hss.IMS_DOMAIN" {
No_TLS;
ConnectTo = "PYHSS_IP";
port = PYHSS_BIND_PORT;
};

311
opensips_ims_scscf/opensips.cfg Normal file
View File

@@ -0,0 +1,311 @@
#
# OpenSIPS residential configuration script
# by OpenSIPS Solutions <team@opensips-solutions.com>
#
# This script was generated via "make menuconfig", from
# the "Residential" scenario.
# You can enable / disable more features / functionalities by
# re-generating the scenario with different options.#
#
# Please refer to the Core CookBook at:
# https://opensips.org/Resources/DocsCookbooks
# for a explanation of possible statements, functions and parameters.
#
####### Global Parameters #########
/* uncomment the following lines to enable debugging */
#debug_mode=yes
log_level=3
xlog_level=3
log_stderror=yes
log_stdout=yes
xlog_buf_size=16384
log_facility=LOG_LOCAL0
udp_workers=4
/* uncomment the next line to enable the auto temporary blacklisting of
not available destinations (default disabled) */
#disable_dns_blacklist=no
/* uncomment the next line to enable IPv6 lookup after IPv4 dns
lookup failures (default disabled) */
#dns_try_ipv6=yes
socket=udp:SCSCF_IP:6060
socket=tcp:SCSCF_IP:6060
alias="scscf.IMS_DOMAIN"
#set module path
mpath="/usr/local/opensips/modules"
####### Modules Section ########
#### MYSQL module
loadmodule "db_mysql.so"
#### SIGNALING module
loadmodule "signaling.so"
#### StateLess module
loadmodule "sl.so"
#### Transaction Module
loadmodule "tm.so"
modparam("tm", "fr_timeout", 5)
modparam("tm", "fr_inv_timeout", 30)
modparam("tm", "restart_fr_on_each_reply", 0)
modparam("tm", "onreply_avp_mode", 1)
#### Record Route Module
loadmodule "rr.so"
/* do not append from tag to the RR (no need for this script) */
modparam("rr", "append_fromtag", 0)
#### MAX ForWarD module
loadmodule "maxfwd.so"
#### SIP MSG OPerationS module
loadmodule "sipmsgops.so"
#### FIFO Management Interface
loadmodule "mi_fifo.so"
modparam("mi_fifo", "fifo_name", "/var/run/opensips/opensips_fifo")
modparam("mi_fifo", "fifo_mode", 0666)
#### USeR LOCation module
loadmodule "usrloc.so"
modparam("usrloc", "nat_bflag", "NAT")
modparam("usrloc", "working_mode_preset", "single-instance-no-db")
#### REGISTRAR module
loadmodule "registrar.so"
modparam("registrar", "tcp_persistent_flag", "TCP_PERSISTENT")
modparam("registrar", "attr_avp", "$avp(attr)")
/* uncomment the next line not to allow more than 10 contacts per AOR */
#modparam("registrar", "max_contacts", 10)
#### ACCounting module
loadmodule "acc.so"
/* what special events should be accounted ? */
modparam("acc", "early_media", 0)
modparam("acc", "report_cancels", 0)
/* by default we do not adjust the direct of the sequential requests.
if you enable this parameter, be sure to enable "append_fromtag"
in "rr" module */
modparam("acc", "detect_direction", 0)
loadmodule "proto_udp.so"
loadmodule "proto_tcp.so"
#### aaa_diameter module
loadmodule "aaa_diameter.so"
modparam("aaa_diameter", "fd_log_level", 1) # max amount of logging, quite annoying
modparam("aaa_diameter", "realm", "IMS_DOMAIN")
modparam("aaa_diameter", "peer_identity", "hss")
modparam("aaa_diameter", "aaa_url",
"diameter:/etc/opensips/freeDiameter.conf;extra-avps-file:/etc/opensips/scscf.dictionary")
loadmodule "auth_aka.so"
modparam("auth_aka", "default_av_mgm", "diameter")
modparam("auth_aka", "default_qop", "auth")
loadmodule "aka_av_diameter.so"
modparam("aka_av_diameter", "realm",
"scscf.IMS_DOMAIN")
modparam("aka_av_diameter", "aaa_url",
"diameter:/etc/opensips/freeDiameter.conf;extra-avps-file:/etc/opensips/scscf.dictionary")
#### dialplan module
loadmodule "dialplan.so"
modparam("dialplan","db_url", "mysql://opensips_scscf:heslo@MYSQL_IP/opensips_scscf")
#### auth module
loadmodule "auth.so"
#### JSON module
loadmodule "json.so"
#### XML module
loadmodule "xml.so"
####### Routing Logic ########
# main request routing logic
route{
xlog("L_INFO", "[$ci] Start route time [$Tf] method ($rm) r-uri ($ru) \n");
if (!mf_process_maxfwd_header(10)) {
send_reply(483,"Too Many Hops");
exit;
}
if (has_totag()) {
# handle hop-by-hop ACK (no routing required)
if ( is_method("ACK") && t_check_trans() ) {
t_relay();
exit;
}
# sequential request within a dialog should
# take the path determined by record-routing
if ( !loose_route() ) {
# we do record-routing for all our traffic, so we should not
# receive any sequential requests without Route hdr.
send_reply(404,"Not here");
exit;
}
if (is_method("BYE")) {
# do accounting even if the transaction fails
do_accounting("log","failed");
}
# route it out to whatever destination was set by loose_route()
# in $du (destination URI).
route(relay);
exit;
}
# CANCEL processing
if (is_method("CANCEL")) {
if (t_check_trans())
t_relay();
exit;
}
# absorb retransmissions, but do not create transaction
t_check_trans();
if (is_method("REGISTER")) {
xlog("L_INFO", "[$ci] Received REGISTER for $tu - doing authorization\n");
if (!aka_www_authorize()) {
if (!async(aka_www_challenge(), aka_resume_mar))
t_reply(500, "Internal Error");
exit;
}
xlog("L_INFO", "[$ci] Received REGISTER for $tu - authorized, doing SAR\n");
$var(payload) = "[
{ \"Session-Id\": \"scscf.IMS_DOMAIN;"+$Ts+"."+$Tsm+";"+$pp+"\" },
{ \"Origin-Host\": \"scscf.IMS_DOMAIN\" },
{ \"Origin-Realm\": \"IMS_DOMAIN\" },
{ \"Destination-Realm\": \"IMS_DOMAIN\" },
{ \"Vendor-Specific-Application-Id\": [{\"Vendor-Id\": 10415},
{\"Auth-Application-Id\": 16777216}]},
{ \"Auth-Session-State\": 1 },
{ \"User-Name\": \""+$fU+"@"+$fd+"\" },
{ \"Public-Identity\": \""+$fu+"\" },
{ \"Server-Assignment-Type\": 1 },
{ \"User-Data-Already-Available\": 0},
{ \"Server-Name\": \"sip:scscf.IMS_DOMAIN:6060\" }
]";
if (!async(dm_send_request(16777216, 301, $var(payload), $var(rpl_avps)), aka_resume_sar)) {
t_reply(500, "Internal Error");
exit;
}
exit;
} else if (is_method("INVITE")) {
xlog("L_INFO", "[$ci] Received INVITE for $tu/$ru - checking dialplan\n");
loose_route(); # consume preloaded routes
if (!record_route()) {
xlog("L_ERR", "[$ci] Cannot do record_route()\n");
t_reply(503, "Internal Error");
exit;
}
if ($ru =~ "^tel:") {
$var(tel_user) = $rU;
$var(tel_domain) = $(ru{uri.param,phone-context});
$ru = "sip:" + $var(tel_user) + "@" + $var(tel_domain);
} else {
$rU = $(rU{s.select,0,;});
}
if (!dp_translate(1, $rU, $var(dialplan))) {
$var(dialplan) = "USER";
xlog("L_DBG", "[$ci] unknown dialplan - considering $var(dialplan)\n");
}
xlog("L_INFO", "[$ci] Dial $rU is a $var(dialplan) dialplan\n");
switch ($var(dialplan)) {
case "USER":
xlog("L_INFO", "[$ci] lookup user $rU/$(oU{s.select,0,;})\n");
if (!lookup("location")) {
xlog("L_ERR", "[$ci] Received INVITE for $tu/$ru not registered - sending to service\n");
t_reply(404, "User not found");
exit;
}
break;
case "SERVICE":
# TODO: handle service
case "APPLICATION":
# TODO: handle application server
default:
xlog("L_ERR", "[$ci] unknown $var(dialplan) dialplan\n");
t_reply(503, "Unknown dialplan");
exit;
}
if (!t_relay()) {
xlog("L_ERR", "[$ci] Cannot relay to $ru\n");
t_reply(503, "Internal Error");
}
exit;
}
send_reply(503,"Not Implemented");
exit;
}
route[relay] {
if (!t_relay()) {
send_reply(500,"Internal Error");
}
exit;
}
route[aka_resume_mar] {
xlog("L_DBG", "[$ci] MAA rc: $rc\n");
}
route[aka_resume_sar] {
xlog("[$ci] SAA rc: $var(rc), SAA AVPs: $var(rpl_avps)\n");
$avp(attr) = $ct.fields(params);
append_to_reply("Service-Route: <sip:orig@scscf.IMS_DOMAIN:6060;lr>\r\n");
$json(rpl_avps) := $var(rpl_avps);
for ($var(item) in $(json(rpl_avps)[*])) {
$json(item) := $var(item);
for ($var(key) in $(json(item.keys)[*])) {
if ($var(key) == "Cx-User-Data") {
$xml(data) := $json(item/$var(key));
$xml(profile) := $xml(data/IMSSubscription/ServiceProfile);
$var(idx) = 0;
while ($xml(profile/ServiceProfile/PublicIdentity[$var(idx)]) != NULL) {
append_to_reply("P-Associated-URI: <$xml(profile/ServiceProfile/PublicIdentity[$var(idx)]/Identity.val)>\r\n");
$var(uri) = $xml(profile/ServiceProfile/PublicIdentity[$var(idx)]/Identity.val);
if ($var(uri) == $tu) {
# Save AoR for IMPU in format sip:IMSI@IMS_DOMAIN and send 200 response.
if (!save("location", "path-lazy")) {
t_reply(503, "Internal Error");
exit;
}
} else {
# Save AoR for IMPU in other formats and dont send response.
if (!save("location", "no-reply, path-lazy", $var(uri))) {
t_reply(503, "Internal Error");
exit;
}
}
$var(idx) = $var(idx) + 1;
}
}
}
}
}

105
opensips_ims_scscf/scscf.dictionary Normal file
View File

@@ -0,0 +1,105 @@
VENDOR 10415 TGPP
ATTRIBUTE Visited-Network-Identifier 600 string 10415
ATTRIBUTE Public-Identity 601 string 10415
ATTRIBUTE Server-Name 602 string 10415
ATTRIBUTE Mandatory-Capability 604 unsigned32 10415
ATTRIBUTE Optional-Capability 605 unsigned32 10415
ATTRIBUTE Cx-User-Data 606 string 10415
ATTRIBUTE 3GPP-SIP-Number-Auth-Items 607 unsigned32 10415
ATTRIBUTE 3GPP-SIP-Authentication-Scheme 608 utf8string 10415
ATTRIBUTE 3GPP-SIP-Authenticate 609 hexstring 10415
ATTRIBUTE 3GPP-SIP-Authorization 610 hexstring 10415
ATTRIBUTE 3GPP-SIP-Authentication-Context 611 string 10415
ATTRIBUTE 3GPP-SIP-Item-Number 613 unsigned32 10415
ATTRIBUTE Server-Assignment-Type 614 unsigned32 10415
ATTRIBUTE User-Data-Already-Available 624 unsigned32 10415
ATTRIBUTE Confidentiality-Key 625 hexstring 10415
ATTRIBUTE Integrity-Key 626 hexstring 10415
ATTRIBUTE Primary-Event-Charging-Function-Name 619 string 10415
ATTRIBUTE Secondary-Event-Charging-Function-Name 620 string 10415
ATTRIBUTE Primary-Charging-Collection-Function-Name 621 string 10415
ATTRIBUTE Secondary-Charging-Collection-Function-Name 622 string 10415
ATTRIBUTE 3GPP-SIP-Auth-Data-Item 612 grouped 10415
{
3GPP-SIP-Item-Number | OPTIONAL | 1
3GPP-SIP-Authentication-Scheme | OPTIONAL | 1
3GPP-SIP-Authenticate | OPTIONAL | 1
3GPP-SIP-Authorization | OPTIONAL | 1
3GPP-SIP-Authentication-Context | OPTIONAL | 1
Confidentiality-Key | OPTIONAL | 1
Integrity-Key | OPTIONAL | 1
}
ATTRIBUTE Charging-Information 618 grouped 10415
{
Primary-Event-Charging-Function-Name | OPTIONAL | 1
Secondary-Event-Charging-Function-Name | OPTIONAL | 1
Primary-Charging-Collection-Function-Name | OPTIONAL | 1
Secondary-Charging-Collection-Function-Name | OPTIONAL | 1
}
APPLICATION-AUTH 16777216/10415 3GPP Cx
REQUEST 301 Server-Assignment Request
{
Session-Id | REQUIRED | 1
Origin-Host | REQUIRED | 1
Origin-Realm | REQUIRED | 1
Destination-Realm | REQUIRED | 1
Vendor-Specific-Application-Id | REQUIRED | 1
Auth-Session-State | REQUIRED | 1
Public-Identity | REQUIRED | 1
Server-Name | REQUIRED | 1
User-Name | REQUIRED | 1
Server-Assignment-Type | REQUIRED | 1
User-Data-Already-Available | REQUIRED | 1
}
ANSWER 301 Server-Assignment Answer
{
Session-Id | REQUIRED | 1
Origin-Host | REQUIRED | 1
Origin-Realm | REQUIRED | 1
Destination-Host | OPTIONAL | 1
Destination-Realm | OPTIONAL | 1
Vendor-Specific-Application-Id | REQUIRED | 1
Auth-Session-State | REQUIRED | 1
User-Name | REQUIRED | 1
Cx-User-Data | REQUIRED | 1
Charging-Information | OPTIONAL | 1
Result-Code | REQUIRED | 1
}
REQUEST 303 Multimedia-Auth Request
{
Session-Id | REQUIRED | 1
Origin-Host | REQUIRED | 1
Origin-Realm | REQUIRED | 1
Destination-Realm | REQUIRED | 1
Vendor-Specific-Application-Id | REQUIRED | 1
Auth-Session-State | REQUIRED | 1
Public-Identity | REQUIRED | 1
3GPP-SIP-Number-Auth-Items | REQUIRED | 1
3GPP-SIP-Auth-Data-Item | REQUIRED | 1
Server-Name | REQUIRED | 1
}
ANSWER 303 Multimedia-Auth Answer
{
Session-Id | REQUIRED | 1
Origin-Host | REQUIRED | 1
Origin-Realm | REQUIRED | 1
Destination-Host | OPTIONAL | 1
Destination-Realm | OPTIONAL | 1
Vendor-Specific-Application-Id | REQUIRED | 1
Auth-Session-State | REQUIRED | 1
Public-Identity | REQUIRED | 1
3GPP-SIP-Number-Auth-Items | REQUIRED | 1
3GPP-SIP-Auth-Data-Item | REQUIRED | 1
User-Name | REQUIRED | 1
Result-Code | REQUIRED | 1
}

76
opensips_ims_scscf/scscf_init.sh Executable file
View File

@@ -0,0 +1,76 @@
#!/bin/bash
# BSD 2-Clause License
# Copyright (c) 2020, Supreeth Herle
# All rights reserved.
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are met:
# 1. Redistributions of source code must retain the above copyright notice, this
# list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright notice,
# this list of conditions and the following disclaimer in the documentation
# and/or other materials provided with the distribution.
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
[ ${#MNC} == 3 ] && IMS_DOMAIN="ims.mnc${MNC}.mcc${MCC}.3gppnetwork.org" || IMS_DOMAIN="ims.mnc0${MNC}.mcc${MCC}.3gppnetwork.org"
mkdir -p /etc/opensips
cp /mnt/scscf/freeDiameter.conf /etc/opensips
cp /mnt/scscf/scscf.dictionary /etc/opensips
cp /mnt/scscf/opensips.cfg /etc/opensips
# For mi_fifo module.
mkdir -p /var/run/opensips
while ! mysqladmin ping -h ${MYSQL_IP} --silent; do
sleep 5;
done
# Sleep until permissions are set
sleep 10;
# Create SCSCF database, populate tables and grant privileges
if [[ -z "`mysql -u root -h ${MYSQL_IP} -qfsBe "SELECT SCHEMA_NAME FROM INFORMATION_SCHEMA.SCHEMATA WHERE SCHEMA_NAME='opensips_scscf'" 2>&1`" ]];
then
mysql -u root -h ${MYSQL_IP} -e "create database opensips_scscf;"
mysql -u root -h ${MYSQL_IP} opensips_scscf < /usr/local/share/opensips/mysql/standard-create.sql
mysql -u root -h ${MYSQL_IP} opensips_scscf < /usr/local/share/opensips/mysql/dialplan-create.sql
SCSCF_USER_EXISTS=`mysql -u root -h ${MYSQL_IP} -s -N -e "SELECT EXISTS(SELECT 1 FROM mysql.user WHERE User = 'opensips_scscf' AND Host = '%')"`
if [[ "$SCSCF_USER_EXISTS" == 0 ]]
then
mysql -u root -h ${MYSQL_IP} -e "CREATE USER 'opensips_scscf'@'%' IDENTIFIED WITH mysql_native_password BY 'heslo'";
mysql -u root -h ${MYSQL_IP} -e "CREATE USER 'opensips_scscf'@'$SCSCF_IP' IDENTIFIED WITH mysql_native_password BY 'heslo'";
mysql -u root -h ${MYSQL_IP} -e "GRANT ALL ON opensips_scscf.* TO 'opensips_scscf'@'%'";
mysql -u root -h ${MYSQL_IP} -e "GRANT ALL ON opensips_scscf.* TO 'opensips_scscf'@'$SCSCF_IP'";
mysql -u root -h ${MYSQL_IP} -e "FLUSH PRIVILEGES;"
fi
fi
sed -i 's|SCSCF_IP|'$SCSCF_IP'|g' /etc/opensips/freeDiameter.conf
sed -i 's|PYHSS_IP|'$PYHSS_IP'|g' /etc/opensips/freeDiameter.conf
sed -i 's|IMS_DOMAIN|'$IMS_DOMAIN'|g' /etc/opensips/freeDiameter.conf
sed -i 's|PYHSS_BIND_PORT|'$PYHSS_BIND_PORT'|g' /etc/opensips/freeDiameter.conf
sed -i 's|SCSCF_BIND_PORT|'$SCSCF_BIND_PORT'|g' /etc/opensips/freeDiameter.conf
sed -i 's|SCSCF_IP|'$SCSCF_IP'|g' /etc/opensips/opensips.cfg
sed -i 's|IMS_DOMAIN|'$IMS_DOMAIN'|g' /etc/opensips/opensips.cfg
sed -i 's|MYSQL_IP|'$MYSQL_IP'|g' /etc/opensips/opensips.cfg
# Sync docker time
#ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone
exec opensips -f /etc/opensips/opensips.cfg -F $@