paulmataruso/docker_open5gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add experimental deployment of openSIP IMS with open5gs HSS Cx

Browse Source
This commit is contained in:
herlesupreeth
2025-02-09 16:39:27 +01:00
parent b902dfd818
commit 21e205f58f
9 changed files with 1290 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

471
custom_deployments/open5gs_hss_cx/4g-volte-opensips-ims-deploy.yaml Normal file
View File

@@ -0,0 +1,471 @@
services:
mongo:
image: mongo:6.0
container_name: mongo
command: --bind_ip 0.0.0.0
env_file:
- .custom_env
volumes:
- mongodbdata:/data/db
- mongodbdata:/data/configdb
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
expose:
- "27017/udp"
- "27017/tcp"
networks:
default:
ipv4_address: ${MONGO_IP}
webui:
image: docker_open5gs
container_name: webui
depends_on:
- mongo
env_file:
- .custom_env
environment:
- COMPONENT_NAME=webui
volumes:
- ../../webui:/mnt/webui
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
expose:
- "9999/tcp"
ports:
- "9999:9999/tcp"
networks:
default:
ipv4_address: ${WEBUI_IP}
hss:
image: docker_open5gs
container_name: hss
env_file:
- .custom_env
environment:
- COMPONENT_NAME=hss
volumes:
- ./hss:/mnt/hss
- ./log:/open5gs/install/var/log/open5gs
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
depends_on:
- mongo
expose:
- "${HSS_BIND_PORT}/tcp"
- "${HSS_BIND_PORT}/sctp"
- "5868/tcp"
- "5868/sctp"
networks:
default:
ipv4_address: ${HSS_IP}
sgwc:
image: docker_open5gs
depends_on:
- smf
- upf
container_name: sgwc
env_file:
- .custom_env
environment:
- COMPONENT_NAME=sgwc
volumes:
- ../../sgwc:/mnt/sgwc
- ../../log:/open5gs/install/var/log/open5gs
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
expose:
- "2123/udp"
- "8805/udp"
networks:
default:
ipv4_address: ${SGWC_IP}
sgwu:
image: docker_open5gs
depends_on:
- smf
- upf
container_name: sgwu
env_file:
- .custom_env
environment:
- COMPONENT_NAME=sgwu
volumes:
- ../../sgwu:/mnt/sgwu
- ../../log:/open5gs/install/var/log/open5gs
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
expose:
- "8805/udp"
- "2152/udp"
# ports:
# - "2152:2152/udp"
networks:
default:
ipv4_address: ${SGWU_IP}
smf:
image: docker_open5gs
container_name: smf
env_file:
- .custom_env
environment:
- COMPONENT_NAME=smf
- DEPLOY_MODE=4G
volumes:
- ../../smf:/mnt/smf
- ../../log:/open5gs/install/var/log/open5gs
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
expose:
- "3868/udp"
- "3868/tcp"
- "3868/sctp"
- "5868/udp"
- "5868/tcp"
- "5868/sctp"
- "8805/udp"
- "2123/udp"
- "7777/tcp"
- "9091/tcp"
networks:
default:
ipv4_address: ${SMF_IP}
upf:
image: docker_open5gs
depends_on:
- smf
container_name: upf
env_file:
- .custom_env
environment:
- COMPONENT_NAME=upf
volumes:
- ../../upf:/mnt/upf
- ../../log:/open5gs/install/var/log/open5gs
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
expose:
- "2152/udp"
- "8805/udp"
- "9091/tcp"
cap_add:
- NET_ADMIN
privileged: true
sysctls:
- net.ipv4.ip_forward=1
networks:
default:
ipv4_address: ${UPF_IP}
mme:
image: docker_open5gs
depends_on:
- hss
- sgwc
- sgwu
- smf
- upf
- osmomsc
container_name: mme
env_file:
- .custom_env
environment:
- COMPONENT_NAME=mme
volumes:
- ./mme:/mnt/mme
- ./log:/open5gs/install/var/log/open5gs
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
expose:
- "3868/udp"
- "3868/tcp"
- "3868/sctp"
- "5868/udp"
- "5868/tcp"
- "5868/sctp"
- "36412/sctp"
- "2123/udp"
- "9091/tcp"
# ports:
# - "36412:36412/sctp"
networks:
default:
ipv4_address: ${MME_IP}
pcrf:
image: docker_open5gs
container_name: pcrf
env_file:
- .custom_env
environment:
- COMPONENT_NAME=pcrf
depends_on:
- mongo
volumes:
- ../../pcrf:/mnt/pcrf
- ../../log:/open5gs/install/var/log/open5gs
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
expose:
- "3868/udp"
- "3868/tcp"
- "3868/sctp"
- "5868/udp"
- "5868/tcp"
- "5868/sctp"
networks:
default:
ipv4_address: ${PCRF_IP}
dns:
build: ./dns
image: docker_dns
container_name: dns
env_file:
- .custom_env
volumes:
- ./dns:/mnt/dns
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
expose:
- "53/udp"
networks:
default:
ipv4_address: ${DNS_IP}
rtpengine:
build: ../../rtpengine
image: docker_rtpengine
container_name: rtpengine
privileged: true
env_file:
- .custom_env
volumes:
- ../../rtpengine:/mnt/rtpengine
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
cap_add:
- NET_ADMIN
environment:
- TABLE=0
- INTERFACE=${RTPENGINE_IP}
- LISTEN_NG=${RTPENGINE_IP}:2223
- PIDFILE=/run/ngcp-rtpengine-daemon.pid
- PORT_MAX=50000
- PORT_MIN=49000
- NO_FALLBACK=no
- TOS=184
expose:
- "2223/udp"
- "49000-50000/udp"
networks:
default:
ipv4_address: ${RTPENGINE_IP}
mysql:
build: ../../mysql
image: docker_mysql
container_name: mysql
env_file:
- .custom_env
volumes:
- dbdata:/var/lib/mysql
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
expose:
- "3306/tcp"
networks:
default:
ipv4_address: ${MYSQL_IP}
icscf:
image: opensips/opensips:ims-ce
container_name: icscf
dns: ${DNS_IP}
volumes:
- ./opensips_ims_icscf:/mnt/icscf
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
env_file:
- .custom_env
environment:
- COMPONENT_NAME=icscf
entrypoint: /mnt/icscf/icscf_init.sh
depends_on:
- dns
- mysql
- hss
expose:
- "3869/udp"
- "3869/tcp"
- "4060/udp"
- "4060/tcp"
networks:
default:
ipv4_address: ${ICSCF_IP}
scscf:
image: opensips/opensips:ims-ce
container_name: scscf
dns: ${DNS_IP}
volumes:
- ./opensips_ims_scscf:/mnt/scscf
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
env_file:
- .custom_env
environment:
- COMPONENT_NAME=scscf
entrypoint: /mnt/scscf/scscf_init.sh
depends_on:
- dns
- mysql
- hss
expose:
- "3870/udp"
- "3870/tcp"
- "6060/udp"
- "6060/tcp"
networks:
default:
ipv4_address: ${SCSCF_IP}
pcscf:
image: opensips/opensips:ims-ce
container_name: pcscf
dns: ${DNS_IP}
privileged: true
cap_add:
- NET_ADMIN
volumes:
- ../../opensips_ims_pcscf:/mnt/pcscf
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
env_file:
- .custom_env
environment:
- COMPONENT_NAME=pcscf
- DEPLOY_MODE=4G
entrypoint: /mnt/pcscf/pcscf_init.sh
depends_on:
- dns
- mysql
- rtpengine
- icscf
- scscf
expose:
- "3871/udp"
- "3871/tcp"
- "5060/tcp"
- "5060/udp"
- "5100-5120/tcp"
- "5100-5120/udp"
- "6100-6120/tcp"
- "6100-6120/udp"
networks:
default:
ipv4_address: ${PCSCF_IP}
smsc:
image: docker_kamailio
container_name: smsc
dns: ${DNS_IP}
volumes:
- ../../smsc:/mnt/smsc
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
env_file:
- .custom_env
environment:
- COMPONENT_NAME=smsc
depends_on:
- dns
- mysql
expose:
- "7090/udp"
- "7090/tcp"
networks:
default:
ipv4_address: ${SMSC_IP}
osmomsc:
build: ../../osmomsc
image: docker_osmomsc
container_name: osmomsc
volumes:
- ../../osmomsc:/mnt/osmomsc
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
env_file:
- .custom_env
environment:
- COMPONENT_NAME=osmomsc
depends_on:
- osmohlr
expose:
- "29118/sctp"
- "2775/tcp"
networks:
default:
ipv4_address: ${OSMOMSC_IP}
osmohlr:
build: ../../osmohlr
image: docker_osmohlr
container_name: osmohlr
volumes:
- ../../osmohlr:/mnt/osmohlr
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
env_file:
- .custom_env
environment:
- COMPONENT_NAME=osmohlr
expose:
- "4222/tcp"
networks:
default:
ipv4_address: ${OSMOHLR_IP}
metrics:
build: ../../metrics
image: docker_metrics
container_name: metrics
env_file:
- .custom_env
volumes:
- ../../metrics:/mnt/metrics
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
expose:
- "9090/tcp"
ports:
- "9090:9090/tcp"
networks:
default:
ipv4_address: ${METRICS_IP}
grafana:
image: grafana/grafana:11.3.0
container_name: grafana
env_file:
- .custom_env
volumes:
- grafana_data:/var/lib/grafana
- ../../grafana/:/etc/grafana/provisioning/
- ../../grafana:/mnt/grafana
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
environment:
- GF_SECURITY_ADMIN_USER=${GRAFANA_USERNAME}
- GF_SECURITY_ADMIN_PASSWORD=${GRAFANA_PASSWORD}
#- GF_INSTALL_PLUGINS=${GRAFANA_INSTALL_PLUGINS}
- GF_PATHS_PROVISIONING=/etc/grafana/provisioning
- GF_PATHS_DATA=/var/lib/grafana
- METRICS_IP=${METRICS_IP}
expose:
- "3000/tcp"
ports:
- "3000:3000/tcp"
networks:
default:
ipv4_address: ${GRAFANA_IP}
networks:
default:
name: docker_open5gs_default
ipam:
config:
- subnet: ${TEST_NETWORK}
volumes:
grafana_data:
name: grafana_data
mongodbdata:
name: docker_open5gs_mongodbdata
dbdata:
name: docker_open5gs_dbdata

14
custom_deployments/open5gs_hss_cx/opensips_ims_icscf/freeDiameter.conf Normal file
View File

@@ -0,0 +1,14 @@
Identity = "icscf.IMS_DOMAIN";
Realm = "IMS_DOMAIN";
Port = ICSCF_BIND_PORT;
ListenOn = "ICSCF_IP";
SecPort = 0;
No_SCTP;
NoRelay;
ConnectPeer = "hss.EPC_DOMAIN" {
Realm = "EPC_DOMAIN";
No_TLS;
ConnectTo = "HSS_IP";
port = HSS_BIND_PORT;
};

32
custom_deployments/open5gs_hss_cx/opensips_ims_icscf/icscf.dictionary Normal file
View File

@@ -0,0 +1,32 @@
VENDOR 10415 TGPP
ATTRIBUTE Visited-Network-Identifier 600 string 10415
ATTRIBUTE Public-Identity 601 string 10415
ATTRIBUTE Server-Name 602 string 10415
APPLICATION-AUTH 16777216/10415 3GPP Cx
REQUEST 300 User-Authorization Request
{
Session-Id | REQUIRED | 1
Origin-Host | REQUIRED | 1
Origin-Realm | REQUIRED | 1
Destination-Realm | REQUIRED | 1
Vendor-Specific-Application-Id | REQUIRED | 1
Auth-Session-State | REQUIRED | 1
User-Name | REQUIRED | 1
Public-Identity | REQUIRED | 1
Visited-Network-Identifier | REQUIRED | 1
}
ANSWER 300 User-Authorization Answer
{
Session-Id | REQUIRED | 1
Origin-Host | REQUIRED | 1
Origin-Realm | REQUIRED | 1
Destination-Host | OPTIONAL | 1
Destination-Realm | OPTIONAL | 1
Vendor-Specific-Application-Id | REQUIRED | 1
Auth-Session-State | REQUIRED | 1
Experimental-Result | REQUIRED | 1
}

51
custom_deployments/open5gs_hss_cx/opensips_ims_icscf/icscf_init.sh Executable file
View File

@@ -0,0 +1,51 @@
#!/bin/bash
# BSD 2-Clause License
# Copyright (c) 2020, Supreeth Herle
# All rights reserved.
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are met:
# 1. Redistributions of source code must retain the above copyright notice, this
# list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright notice,
# this list of conditions and the following disclaimer in the documentation
# and/or other materials provided with the distribution.
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
[ ${#MNC} == 3 ] && IMS_DOMAIN="ims.mnc${MNC}.mcc${MCC}.3gppnetwork.org" || IMS_DOMAIN="ims.mnc0${MNC}.mcc${MCC}.3gppnetwork.org"
[ ${#MNC} == 3 ] && EPC_DOMAIN="epc.mnc${MNC}.mcc${MCC}.3gppnetwork.org" || EPC_DOMAIN="epc.mnc0${MNC}.mcc${MCC}.3gppnetwork.org"
mkdir -p /etc/opensips
cp /mnt/icscf/freeDiameter.conf /etc/opensips
cp /mnt/icscf/icscf.dictionary /etc/opensips
cp /mnt/icscf/opensips.cfg /etc/opensips
sed -i 's|ICSCF_IP|'$ICSCF_IP'|g' /etc/opensips/freeDiameter.conf
sed -i 's|HSS_IP|'$HSS_IP'|g' /etc/opensips/freeDiameter.conf
sed -i 's|IMS_DOMAIN|'$IMS_DOMAIN'|g' /etc/opensips/freeDiameter.conf
sed -i 's|EPC_DOMAIN|'$EPC_DOMAIN'|g' /etc/opensips/freeDiameter.conf
sed -i 's|HSS_BIND_PORT|'$HSS_BIND_PORT'|g' /etc/opensips/freeDiameter.conf
sed -i 's|ICSCF_BIND_PORT|'$ICSCF_BIND_PORT'|g' /etc/opensips/freeDiameter.conf
sed -i 's|ICSCF_IP|'$ICSCF_IP'|g' /etc/opensips/opensips.cfg
sed -i 's|IMS_DOMAIN|'$IMS_DOMAIN'|g' /etc/opensips/opensips.cfg
sed -i 's|EPC_DOMAIN|'$EPC_DOMAIN'|g' /etc/opensips/opensips.cfg
# Sync docker time
#ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone
exec /usr/sbin/opensips -F $@

226
custom_deployments/open5gs_hss_cx/opensips_ims_icscf/opensips.cfg Normal file
View File

@@ -0,0 +1,226 @@
#
# OpenSIPS residential configuration script
# by OpenSIPS Solutions <team@opensips-solutions.com>
#
# This script was generated via "make menuconfig", from
# the "Residential" scenario.
# You can enable / disable more features / functionalities by
# re-generating the scenario with different options.#
#
# Please refer to the Core CookBook at:
# https://opensips.org/Resources/DocsCookbooks
# for a explanation of possible statements, functions and parameters.
#
####### Global Parameters #########
/* uncomment the following lines to enable debugging */
#debug_mode=yes
log_level=3
xlog_level=3
log_stderror=yes
log_stdout=yes
log_facility=LOG_LOCAL0
udp_workers=4
/* uncomment the next line to enable the auto temporary blacklisting of
not available destinations (default disabled) */
#disable_dns_blacklist=no
/* uncomment the next line to enable IPv6 lookup after IPv4 dns
lookup failures (default disabled) */
#dns_try_ipv6=yes
socket=udp:ICSCF_IP:4060
socket=tcp:ICSCF_IP:4060
alias="icscf.IMS_DOMAIN"
#set module path
mpath="/usr/lib/x86_64-linux-gnu/opensips/modules"
####### Modules Section ########
####### http module ######
loadmodule "httpd.so"
modparam("httpd", "ip", "ICSCF_IP")
modparam("httpd", "port", 8080)
#### SIGNALING module
loadmodule "signaling.so"
#### StateLess module
loadmodule "sl.so"
#### Transaction Module
loadmodule "tm.so"
modparam("tm", "fr_timeout", 5)
modparam("tm", "fr_inv_timeout", 30)
modparam("tm", "restart_fr_on_each_reply", 0)
modparam("tm", "onreply_avp_mode", 1)
#### Record Route Module
loadmodule "rr.so"
/* do not append from tag to the RR (no need for this script) */
modparam("rr", "append_fromtag", 0)
#### MAX ForWarD module
loadmodule "maxfwd.so"
#### SIP MSG OPerationS module
loadmodule "sipmsgops.so"
#### FIFO Management Interface
loadmodule "mi_fifo.so"
modparam("mi_fifo", "fifo_name", "/run/opensips/opensips_fifo")
modparam("mi_fifo", "fifo_mode", 0666)
#### USeR LOCation module
loadmodule "usrloc.so"
modparam("usrloc", "nat_bflag", "NAT")
modparam("usrloc", "working_mode_preset", "single-instance-no-db")
#### REGISTRAR module
loadmodule "registrar.so"
modparam("registrar", "tcp_persistent_flag", "TCP_PERSISTENT")
/* uncomment the next line not to allow more than 10 contacts per AOR */
#modparam("registrar", "max_contacts", 10)
#### ACCounting module
loadmodule "acc.so"
/* what special events should be accounted ? */
modparam("acc", "early_media", 0)
modparam("acc", "report_cancels", 0)
/* by default we do not adjust the direct of the sequential requests.
if you enable this parameter, be sure to enable "append_fromtag"
in "rr" module */
modparam("acc", "detect_direction", 0)
loadmodule "proto_udp.so"
loadmodule "proto_tcp.so"
#### aaa_diameter module
loadmodule "aaa_diameter.so"
modparam("aaa_diameter", "fd_log_level", 1) # max amount of logging, quite annoying
modparam("aaa_diameter", "realm", "EPC_DOMAIN")
modparam("aaa_diameter", "peer_identity", "hss")
modparam("aaa_diameter", "aaa_url",
"diameter:/etc/opensips/freeDiameter.conf;extra-avps-file:/etc/opensips/icscf.dictionary")
#### JSON module
loadmodule "json.so"
####### Routing Logic ########
# main request routing logic
route{
xlog("L_INFO", "[$ci] Start route time [$Tf] method ($rm) r-uri ($ru) \n");
if (!mf_process_maxfwd_header(10)) {
send_reply(483,"Too Many Hops");
exit;
}
if (has_totag()) {
# handle hop-by-hop ACK (no routing required)
if ( is_method("ACK") && t_check_trans() ) {
t_relay();
exit;
}
# sequential request within a dialog should
# take the path determined by record-routing
if ( !loose_route() ) {
# we do record-routing for all our traffic, so we should not
# receive any sequential requests without Route hdr.
send_reply(404,"Not here");
exit;
}
if (is_method("BYE")) {
# do accounting even if the transaction fails
do_accounting("log","failed");
}
# route it out to whatever destination was set by loose_route()
# in $du (destination URI).
route(relay);
exit;
}
# CANCEL processing
if (is_method("CANCEL")) {
if (t_check_trans())
t_relay();
exit;
}
# absorb retransmissions, but do not create transaction
t_check_trans();
if (is_method("REGISTER")) {
xlog("L_INFO", "[$ci] Received REGISTER for $tu - doing UAR\n");
$var(payload) = "[
{ \"Session-Id\": \"icscf.IMS_DOMAIN;"+$Ts+"."+$Tsm+";"+$pp+"\" },
{ \"Origin-Host\": \"icscf.IMS_DOMAIN\" },
{ \"Origin-Realm\": \"IMS_DOMAIN\" },
{ \"Destination-Realm\": \"EPC_DOMAIN\" },
{ \"Vendor-Specific-Application-Id\": [{\"Vendor-Id\": 10415},
{\"Auth-Application-Id\": 16777216}]},
{ \"Auth-Session-State\": 1 },
{ \"User-Name\": \""+$fU+"@"+$fd+"\" },
{ \"Public-Identity\": \""+$fu+"\" },
{ \"Visited-Network-Identifier\": \"IMS_DOMAIN\" }
]";
$var(rc) = dm_send_request(16777216, 300, $var(payload), $var(rpl_avps));
xlog("[$ci] UAA rc: $var(rc), UAA AVPs: $var(rpl_avps)\n");
$var(server_name) = NULL;
$json(rpl_avps) := $var(rpl_avps);
for ($var(item) in $(json(rpl_avps)[*])) {
$json(item) := $var(item);
for ($var(key) in $(json(item.keys)[*])) {
if ($var(key) == "Server-Name") {
$var(server_name) = $json(item/$var(key));
break;
}
}
if ($var(server_name) != NULL)
break;
}
if ($var(server_name) == NULL) {
xlog("L_ERR", "[$ci] No server available! Relaying to default S-CSCF\n");
$var(server_name) = "sip:scscf.IMS_DOMAIN:6060";
}
# relay to S-CSCF
xlog("L_INFO", "[$ci] using S-CSCF $var(server_name)\n");
$ru = $var(server_name);
route(relay);
exit;
}
send_reply(503,"Not Implemented");
exit;
}
route[relay] {
if (!t_relay()) {
send_reply(500,"Internal Error");
}
exit;
}

14
custom_deployments/open5gs_hss_cx/opensips_ims_scscf/freeDiameter.conf Normal file
View File

@@ -0,0 +1,14 @@
Identity = "scscf.IMS_DOMAIN";
Realm = "IMS_DOMAIN";
Port = SCSCF_BIND_PORT;
ListenOn = "SCSCF_IP";
SecPort = 0;
No_SCTP;
NoRelay;
ConnectPeer = "hss.EPC_DOMAIN" {
Realm = "EPC_DOMAIN";
No_TLS;
ConnectTo = "HSS_IP";
port = HSS_BIND_PORT;
};

301
custom_deployments/open5gs_hss_cx/opensips_ims_scscf/opensips.cfg Normal file
View File

@@ -0,0 +1,301 @@
#
# OpenSIPS residential configuration script
# by OpenSIPS Solutions <team@opensips-solutions.com>
#
# This script was generated via "make menuconfig", from
# the "Residential" scenario.
# You can enable / disable more features / functionalities by
# re-generating the scenario with different options.#
#
# Please refer to the Core CookBook at:
# https://opensips.org/Resources/DocsCookbooks
# for a explanation of possible statements, functions and parameters.
#
####### Global Parameters #########
/* uncomment the following lines to enable debugging */
#debug_mode=yes
log_level=3
xlog_level=3
log_stderror=yes
log_stdout=yes
xlog_buf_size=16384
log_facility=LOG_LOCAL0
udp_workers=4
/* uncomment the next line to enable the auto temporary blacklisting of
not available destinations (default disabled) */
#disable_dns_blacklist=no
/* uncomment the next line to enable IPv6 lookup after IPv4 dns
lookup failures (default disabled) */
#dns_try_ipv6=yes
socket=udp:SCSCF_IP:6060
socket=tcp:SCSCF_IP:6060
alias="scscf.IMS_DOMAIN"
#set module path
mpath="/usr/lib/x86_64-linux-gnu/opensips/modules"
####### Modules Section ########
#### MYSQL module
loadmodule "db_mysql.so"
#### SIGNALING module
loadmodule "signaling.so"
#### StateLess module
loadmodule "sl.so"
#### Transaction Module
loadmodule "tm.so"
modparam("tm", "fr_timeout", 5)
modparam("tm", "fr_inv_timeout", 30)
modparam("tm", "restart_fr_on_each_reply", 0)
modparam("tm", "onreply_avp_mode", 1)
#### Record Route Module
loadmodule "rr.so"
/* do not append from tag to the RR (no need for this script) */
modparam("rr", "append_fromtag", 0)
#### MAX ForWarD module
loadmodule "maxfwd.so"
#### SIP MSG OPerationS module
loadmodule "sipmsgops.so"
#### FIFO Management Interface
loadmodule "mi_fifo.so"
modparam("mi_fifo", "fifo_name", "/run/opensips/opensips_fifo")
modparam("mi_fifo", "fifo_mode", 0666)
#### USeR LOCation module
loadmodule "usrloc.so"
modparam("usrloc", "nat_bflag", "NAT")
modparam("usrloc", "working_mode_preset", "single-instance-no-db")
#### REGISTRAR module
loadmodule "registrar.so"
modparam("registrar", "tcp_persistent_flag", "TCP_PERSISTENT")
modparam("registrar", "attr_avp", "$avp(attr)")
/* uncomment the next line not to allow more than 10 contacts per AOR */
#modparam("registrar", "max_contacts", 10)
#### ACCounting module
loadmodule "acc.so"
/* what special events should be accounted ? */
modparam("acc", "early_media", 0)
modparam("acc", "report_cancels", 0)
/* by default we do not adjust the direct of the sequential requests.
if you enable this parameter, be sure to enable "append_fromtag"
in "rr" module */
modparam("acc", "detect_direction", 0)
loadmodule "proto_udp.so"
loadmodule "proto_tcp.so"
#### aaa_diameter module
loadmodule "aaa_diameter.so"
modparam("aaa_diameter", "fd_log_level", 1) # max amount of logging, quite annoying
modparam("aaa_diameter", "realm", "EPC_DOMAIN")
modparam("aaa_diameter", "peer_identity", "hss")
modparam("aaa_diameter", "aaa_url",
"diameter:/etc/opensips/freeDiameter.conf;extra-avps-file:/etc/opensips/scscf.dictionary")
loadmodule "auth_aka.so"
modparam("auth_aka", "default_av_mgm", "diameter")
modparam("auth_aka", "default_qop", "auth,auth-int")
loadmodule "aka_av_diameter.so"
modparam("aka_av_diameter", "realm",
"scscf.IMS_DOMAIN")
modparam("aka_av_diameter", "aaa_url",
"diameter:/etc/opensips/freeDiameter.conf;extra-avps-file:/etc/opensips/scscf.dictionary")
#### dialplan module
loadmodule "dialplan.so"
modparam("dialplan","db_url", "mysql://opensips_scscf:heslo@MYSQL_IP/opensips_scscf")
#### auth module
loadmodule "auth.so"
#### JSON module
loadmodule "json.so"
#### XML module
loadmodule "xml.so"
####### Routing Logic ########
# main request routing logic
route{
xlog("L_INFO", "[$ci] Start route time [$Tf] method ($rm) r-uri ($ru) \n");
if (!mf_process_maxfwd_header(10)) {
send_reply(483,"Too Many Hops");
exit;
}
if (has_totag()) {
# handle hop-by-hop ACK (no routing required)
if ( is_method("ACK") && t_check_trans() ) {
t_relay();
exit;
}
# sequential request within a dialog should
# take the path determined by record-routing
if ( !loose_route() ) {
# we do record-routing for all our traffic, so we should not
# receive any sequential requests without Route hdr.
send_reply(404,"Not here");
exit;
}
if (is_method("BYE")) {
# do accounting even if the transaction fails
do_accounting("log","failed");
}
# route it out to whatever destination was set by loose_route()
# in $du (destination URI).
route(relay);
exit;
}
# CANCEL processing
if (is_method("CANCEL")) {
if (t_check_trans())
t_relay();
exit;
}
# absorb retransmissions, but do not create transaction
t_check_trans();
if (is_method("REGISTER")) {
xlog("L_INFO", "[$ci] Received REGISTER for $tu - doing authorization\n");
if (!aka_www_authorize()) {
if (!async(aka_www_challenge(), aka_resume_mar))
t_reply(500, "Internal Error");
exit;
}
xlog("L_INFO", "[$ci] Received REGISTER for $tu - authorized, doing SAR\n");
$var(payload) = "[
{ \"Session-Id\": \"scscf.IMS_DOMAIN;"+$Ts+"."+$Tsm+";"+$pp+"\" },
{ \"Origin-Host\": \"scscf.IMS_DOMAIN\" },
{ \"Origin-Realm\": \"IMS_DOMAIN\" },
{ \"Destination-Realm\": \"EPC_DOMAIN\" },
{ \"Vendor-Specific-Application-Id\": [{\"Vendor-Id\": 10415},
{\"Auth-Application-Id\": 16777216}]},
{ \"Auth-Session-State\": 1 },
{ \"User-Name\": \""+$fU+"@"+$fd+"\" },
{ \"Public-Identity\": \""+$fu+"\" },
{ \"Server-Assignment-Type\": 1 },
{ \"User-Data-Already-Available\": 0},
{ \"Server-Name\": \"sip:scscf.IMS_DOMAIN:6060\" }
]";
if (!async(dm_send_request(16777216, 301, $var(payload), $var(rpl_avps)), aka_resume_sar)) {
t_reply(500, "Internal Error");
exit;
}
exit;
} else if (is_method("INVITE")) {
xlog("L_INFO", "[$ci] Received INVITE for $tu/$ru - checking dialplan\n");
loose_route(); # consume preloaded routes
if (!record_route()) {
xlog("L_ERR", "[$ci] Cannot do record_route()\n");
t_reply(503, "Internal Error");
exit;
}
if ($ru =~ "^tel:") {
$var(tel_user) = $rU;
$var(tel_domain) = $(ru{uri.param,phone-context});
$ru = "sip:" + $var(tel_user) + "@" + $var(tel_domain);
} else {
$rU = $(rU{s.select,0,;});
}
if (!dp_translate(1, $rU, $var(dialplan))) {
$var(dialplan) = "USER";
xlog("L_DBG", "[$ci] unknown dialplan - considering $var(dialplan)\n");
}
xlog("L_INFO", "[$ci] Dial $rU is a $var(dialplan) dialplan\n");
switch ($var(dialplan)) {
case "USER":
xlog("L_INFO", "[$ci] lookup user $rU/$(oU{s.select,0,;})\n");
if (!lookup("location")) {
xlog("L_ERR", "[$ci] Received INVITE for $tu/$ru not registered - sending to service\n");
t_reply(404, "User not found");
exit;
}
break;
case "SERVICE":
# TODO: handle service
case "APPLICATION":
# TODO: handle application server
default:
xlog("L_ERR", "[$ci] unknown $var(dialplan) dialplan\n");
t_reply(503, "Unknown dialplan");
exit;
}
if (!t_relay()) {
xlog("L_ERR", "[$ci] Cannot relay to $ru\n");
t_reply(503, "Internal Error");
}
exit;
}
send_reply(503,"Not Implemented");
exit;
}
route[relay] {
if (!t_relay()) {
send_reply(500,"Internal Error");
}
exit;
}
route[aka_resume_mar] {
xlog("L_DBG", "[$ci] MAA rc: $rc\n");
}
route[aka_resume_sar] {
xlog("[$ci] SAA rc: $var(rc), SAA AVPs: $var(rpl_avps)\n");
$avp(attr) = $ct.fields(params);
append_to_reply("Service-Route: <sip:orig@scscf.IMS_DOMAIN:6060;lr>\r\n");
$json(rpl_avps) := $var(rpl_avps);
for ($var(item) in $(json(rpl_avps)[*])) {
$json(item) := $var(item);
for ($var(key) in $(json(item.keys)[*])) {
if ($var(key) == "Cx-User-Data") {
$xml(data) := $json(item/$var(key));
$xml(profile) := $xml(data/IMSSubscription/ServiceProfile);
$var(idx) = 0;
while ($xml(profile/ServiceProfile/PublicIdentity[$var(idx)]) != NULL) {
append_to_reply("P-Associated-URI: <$xml(profile/ServiceProfile/PublicIdentity[$var(idx)]/Identity.val)>\r\n");
$var(idx) = $var(idx) + 1;
}
}
}
}
if (!save("location", "path-lazy")) {
t_reply(503, "Internal Error");
exit;
}
}

105
custom_deployments/open5gs_hss_cx/opensips_ims_scscf/scscf.dictionary Normal file
View File

@@ -0,0 +1,105 @@
VENDOR 10415 TGPP
ATTRIBUTE Visited-Network-Identifier 600 string 10415
ATTRIBUTE Public-Identity 601 string 10415
ATTRIBUTE Server-Name 602 string 10415
ATTRIBUTE Mandatory-Capability 604 unsigned32 10415
ATTRIBUTE Optional-Capability 605 unsigned32 10415
ATTRIBUTE Cx-User-Data 606 string 10415
ATTRIBUTE 3GPP-SIP-Number-Auth-Items 607 unsigned32 10415
ATTRIBUTE 3GPP-SIP-Authentication-Scheme 608 utf8string 10415
ATTRIBUTE 3GPP-SIP-Authenticate 609 hexstring 10415
ATTRIBUTE 3GPP-SIP-Authorization 610 hexstring 10415
ATTRIBUTE 3GPP-SIP-Authentication-Context 611 string 10415
ATTRIBUTE 3GPP-SIP-Item-Number 613 unsigned32 10415
ATTRIBUTE Server-Assignment-Type 614 unsigned32 10415
ATTRIBUTE User-Data-Already-Available 624 unsigned32 10415
ATTRIBUTE Confidentiality-Key 625 hexstring 10415
ATTRIBUTE Integrity-Key 626 hexstring 10415
ATTRIBUTE Primary-Event-Charging-Function-Name 619 string 10415
ATTRIBUTE Secondary-Event-Charging-Function-Name 620 string 10415
ATTRIBUTE Primary-Charging-Collection-Function-Name 621 string 10415
ATTRIBUTE Secondary-Charging-Collection-Function-Name 622 string 10415
ATTRIBUTE 3GPP-SIP-Auth-Data-Item 612 grouped 10415
{
3GPP-SIP-Item-Number | OPTIONAL | 1
3GPP-SIP-Authentication-Scheme | OPTIONAL | 1
3GPP-SIP-Authenticate | OPTIONAL | 1
3GPP-SIP-Authorization | OPTIONAL | 1
3GPP-SIP-Authentication-Context | OPTIONAL | 1
Confidentiality-Key | OPTIONAL | 1
Integrity-Key | OPTIONAL | 1
}
ATTRIBUTE Charging-Information 618 grouped 10415
{
Primary-Event-Charging-Function-Name | OPTIONAL | 1
Secondary-Event-Charging-Function-Name | OPTIONAL | 1
Primary-Charging-Collection-Function-Name | OPTIONAL | 1
Secondary-Charging-Collection-Function-Name | OPTIONAL | 1
}
APPLICATION-AUTH 16777216/10415 3GPP Cx
REQUEST 301 Server-Assignment Request
{
Session-Id | REQUIRED | 1
Origin-Host | REQUIRED | 1
Origin-Realm | REQUIRED | 1
Destination-Realm | REQUIRED | 1
Vendor-Specific-Application-Id | REQUIRED | 1
Auth-Session-State | REQUIRED | 1
Public-Identity | REQUIRED | 1
Server-Name | REQUIRED | 1
User-Name | REQUIRED | 1
Server-Assignment-Type | REQUIRED | 1
User-Data-Already-Available | REQUIRED | 1
}
ANSWER 301 Server-Assignment Answer
{
Session-Id | REQUIRED | 1
Origin-Host | REQUIRED | 1
Origin-Realm | REQUIRED | 1
Destination-Host | OPTIONAL | 1
Destination-Realm | OPTIONAL | 1
Vendor-Specific-Application-Id | REQUIRED | 1
Auth-Session-State | REQUIRED | 1
User-Name | REQUIRED | 1
Cx-User-Data | REQUIRED | 1
Charging-Information | OPTIONAL | 1
Result-Code | REQUIRED | 1
}
REQUEST 303 Multimedia-Auth Request
{
Session-Id | REQUIRED | 1
Origin-Host | REQUIRED | 1
Origin-Realm | REQUIRED | 1
Destination-Realm | REQUIRED | 1
Vendor-Specific-Application-Id | REQUIRED | 1
Auth-Session-State | REQUIRED | 1
Public-Identity | REQUIRED | 1
3GPP-SIP-Number-Auth-Items | REQUIRED | 1
3GPP-SIP-Auth-Data-Item | REQUIRED | 1
Server-Name | REQUIRED | 1
}
ANSWER 303 Multimedia-Auth Answer
{
Session-Id | REQUIRED | 1
Origin-Host | REQUIRED | 1
Origin-Realm | REQUIRED | 1
Destination-Host | OPTIONAL | 1
Destination-Realm | OPTIONAL | 1
Vendor-Specific-Application-Id | REQUIRED | 1
Auth-Session-State | REQUIRED | 1
Public-Identity | REQUIRED | 1
3GPP-SIP-Number-Auth-Items | REQUIRED | 1
3GPP-SIP-Auth-Data-Item | REQUIRED | 1
User-Name | REQUIRED | 1
Result-Code | REQUIRED | 1
}

76
custom_deployments/open5gs_hss_cx/opensips_ims_scscf/scscf_init.sh Executable file
View File

@@ -0,0 +1,76 @@
#!/bin/bash
# BSD 2-Clause License
# Copyright (c) 2020, Supreeth Herle
# All rights reserved.
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are met:
# 1. Redistributions of source code must retain the above copyright notice, this
# list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright notice,
# this list of conditions and the following disclaimer in the documentation
# and/or other materials provided with the distribution.
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
[ ${#MNC} == 3 ] && IMS_DOMAIN="ims.mnc${MNC}.mcc${MCC}.3gppnetwork.org" || IMS_DOMAIN="ims.mnc0${MNC}.mcc${MCC}.3gppnetwork.org"
[ ${#MNC} == 3 ] && EPC_DOMAIN="epc.mnc${MNC}.mcc${MCC}.3gppnetwork.org" || EPC_DOMAIN="epc.mnc0${MNC}.mcc${MCC}.3gppnetwork.org"
mkdir -p /etc/opensips
cp /mnt/scscf/freeDiameter.conf /etc/opensips
cp /mnt/scscf/scscf.dictionary /etc/opensips
cp /mnt/scscf/opensips.cfg /etc/opensips
while ! mysqladmin ping -h ${MYSQL_IP} --silent; do
sleep 5;
done
# Sleep until permissions are set
sleep 10;
# Create SCSCF database, populate tables and grant privileges
if [[ -z "`mysql -u root -h ${MYSQL_IP} -qfsBe "SELECT SCHEMA_NAME FROM INFORMATION_SCHEMA.SCHEMATA WHERE SCHEMA_NAME='opensips_scscf'" 2>&1`" ]];
then
mysql -u root -h ${MYSQL_IP} -e "create database opensips_scscf;"
mysql -u root -h ${MYSQL_IP} opensips_scscf < /usr/share/opensips/mysql/standard-create.sql
mysql -u root -h ${MYSQL_IP} opensips_scscf < /usr/share/opensips/mysql/dialplan-create.sql
SCSCF_USER_EXISTS=`mysql -u root -h ${MYSQL_IP} -s -N -e "SELECT EXISTS(SELECT 1 FROM mysql.user WHERE User = 'opensips_scscf' AND Host = '%')"`
if [[ "$SCSCF_USER_EXISTS" == 0 ]]
then
mysql -u root -h ${MYSQL_IP} -e "CREATE USER 'opensips_scscf'@'%' IDENTIFIED WITH mysql_native_password BY 'heslo'";
mysql -u root -h ${MYSQL_IP} -e "CREATE USER 'opensips_scscf'@'$SCSCF_IP' IDENTIFIED WITH mysql_native_password BY 'heslo'";
mysql -u root -h ${MYSQL_IP} -e "GRANT ALL ON opensips_scscf.* TO 'opensips_scscf'@'%'";
mysql -u root -h ${MYSQL_IP} -e "GRANT ALL ON opensips_scscf.* TO 'opensips_scscf'@'$SCSCF_IP'";
mysql -u root -h ${MYSQL_IP} -e "FLUSH PRIVILEGES;"
fi
fi
sed -i 's|SCSCF_IP|'$SCSCF_IP'|g' /etc/opensips/freeDiameter.conf
sed -i 's|HSS_IP|'$HSS_IP'|g' /etc/opensips/freeDiameter.conf
sed -i 's|IMS_DOMAIN|'$IMS_DOMAIN'|g' /etc/opensips/freeDiameter.conf
sed -i 's|EPC_DOMAIN|'$EPC_DOMAIN'|g' /etc/opensips/freeDiameter.conf
sed -i 's|HSS_BIND_PORT|'$HSS_BIND_PORT'|g' /etc/opensips/freeDiameter.conf
sed -i 's|SCSCF_BIND_PORT|'$SCSCF_BIND_PORT'|g' /etc/opensips/freeDiameter.conf
sed -i 's|SCSCF_IP|'$SCSCF_IP'|g' /etc/opensips/opensips.cfg
sed -i 's|IMS_DOMAIN|'$IMS_DOMAIN'|g' /etc/opensips/opensips.cfg
sed -i 's|EPC_DOMAIN|'$EPC_DOMAIN'|g' /etc/opensips/opensips.cfg
sed -i 's|MYSQL_IP|'$MYSQL_IP'|g' /etc/opensips/opensips.cfg
# Sync docker time
#ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone
exec /usr/sbin/opensips -F $@