From c83626ea50b175748cce28cc6c0729ebf3ee932c Mon Sep 17 00:00:00 2001
From: herlesupreeth <herlesupreeth@gmail.com>
Date: Wed, 14 Oct 2020 15:12:49 +0200
Subject: [PATCH] Add docker files related to UPF

---
 upf/Dockerfile  |  30 ++++++++++++++
 upf/tun_if.py   | 101 ++++++++++++++++++++++++++++++++++++++++++++++++
 upf/upf.yaml    |  29 ++++++++++++++
 upf/upf_init.sh |  42 ++++++++++++++++++++
 4 files changed, 202 insertions(+)
 create mode 100644 upf/Dockerfile
 create mode 100755 upf/tun_if.py
 create mode 100644 upf/upf.yaml
 create mode 100755 upf/upf_init.sh

diff --git a/upf/Dockerfile b/upf/Dockerfile
new file mode 100644
index 0000000..aedd727
--- /dev/null
+++ b/upf/Dockerfile
@@ -0,0 +1,30 @@
+# BSD 2-Clause License
+
+# Copyright (c) 2020, Supreeth Herle
+# All rights reserved.
+
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+
+# 1. Redistributions of source code must retain the above copyright notice, this
+#    list of conditions and the following disclaimer.
+
+# 2. Redistributions in binary form must reproduce the above copyright notice,
+#    this list of conditions and the following disclaimer in the documentation
+#    and/or other materials provided with the distribution.
+
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+FROM docker_open5gs
+
+CMD /mnt/upf/upf_init.sh  && \
+    cd install/bin && ./open5gs-upfd
\ No newline at end of file
diff --git a/upf/tun_if.py b/upf/tun_if.py
new file mode 100755
index 0000000..7ac7819
--- /dev/null
+++ b/upf/tun_if.py
@@ -0,0 +1,101 @@
+# BSD 2-Clause License
+
+# Copyright (c) 2020, Supreeth Herle
+# All rights reserved.
+
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+
+# 1. Redistributions of source code must retain the above copyright notice, this
+#    list of conditions and the following disclaimer.
+
+# 2. Redistributions in binary form must reproduce the above copyright notice,
+#    this list of conditions and the following disclaimer in the documentation
+#    and/or other materials provided with the distribution.
+
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+import click
+import subprocess
+import ipaddress
+
+"""
+Usage in command line:
+e.g:
+$ python3 tun_if.py --tun_ifname ogstun --ipv4_range 192.168.100.0/24 --ipv6_range fd84:6aea:c36e:2b69::/64
+"""
+
+def validate_ip_net(ctx, param, value):
+	try:
+		ip_net = ipaddress.ip_network(value)
+		return ip_net
+	except ValueError:
+		raise click.BadParameter('Value does not represent a valid IPv4/IPv6 range')
+
+@click.command()
+@click.option('--tun_ifname',
+			required=True,
+			help='TUN interface name e.g. ogstun')
+@click.option('--ipv4_range',
+			required=True,
+			callback=validate_ip_net,
+			help='UE IPv4 Address range in CIDR format e.g. 192.168.100.0/24')
+@click.option('--ipv6_range',
+			required=True,
+			callback=validate_ip_net,
+			help='UE IPv6 Address range in CIDR format e.g. fd84:6aea:c36e:2b69::/64')
+@click.option('--nat_rule',
+			default='yes',
+			help='Option specifying whether to add NATing iptables rule or not')
+def start(tun_ifname,
+		  ipv4_range,
+		  ipv6_range,
+		  nat_rule):
+
+	# Get the first IP address in the IP range and netmask prefix length
+	first_ipv4_addr = next(ipv4_range.hosts(), None)
+	if not first_ipv4_addr:
+		raise ValueError('Invalid UE IPv4 range. Only one IP given')
+	else:
+		first_ipv4_addr = first_ipv4_addr.exploded
+	first_ipv6_addr = next(ipv6_range.hosts(), None)
+	if not first_ipv6_addr:
+		raise ValueError('Invalid UE IPv6 range. Only one IP given')
+	else:
+		first_ipv6_addr = first_ipv6_addr.exploded
+
+	ipv4_netmask_prefix = ipv4_range.prefixlen
+	ipv6_netmask_prefix = ipv6_range.prefixlen
+
+	# Setup the TUN interface, set IP address and setup IPtables
+	# if ls /sys/class/net | grep "ogstun" ; then ip link delete ogstun; fi
+	execute_bash_cmd('ip tuntap add name ' + tun_ifname + ' mode tun')
+	execute_bash_cmd('ip addr add ' + first_ipv4_addr + '/' + str(ipv4_netmask_prefix) + ' dev ' + tun_ifname)
+	execute_bash_cmd('ip addr add ' + first_ipv6_addr + '/' + str(ipv6_netmask_prefix) + ' dev ' + tun_ifname)
+	execute_bash_cmd('ip link set ' + tun_ifname + ' mtu 1450')
+	execute_bash_cmd('ip link set ' + tun_ifname + ' up')
+	if nat_rule == 'yes':
+		execute_bash_cmd('if ! iptables-save | grep -- \"-A POSTROUTING -s ' + ipv4_range.with_prefixlen + ' ! -o ' + tun_ifname + ' -j MASQUERADE\" ; then ' +
+			'iptables -t nat -A POSTROUTING -s ' + ipv4_range.with_prefixlen + ' ! -o ' + tun_ifname + ' -j MASQUERADE; fi')
+		execute_bash_cmd('if ! ip6tables-save | grep -- \"-A POSTROUTING -s ' + ipv6_range.with_prefixlen + ' ! -o ' + tun_ifname + ' -j MASQUERADE\" ; then ' +
+			'ip6tables -t nat -A POSTROUTING -s ' + ipv6_range.with_prefixlen + ' ! -o ' + tun_ifname + ' -j MASQUERADE; fi')
+		execute_bash_cmd('if ! iptables-save | grep -- \"-A INPUT -i ' + tun_ifname + ' -j ACCEPT\" ; then ' +
+			'iptables -A INPUT -i ' + tun_ifname + ' -j ACCEPT; fi')
+		execute_bash_cmd('if ! ip6tables-save | grep -- \"-A INPUT -i ' + tun_ifname + ' -j ACCEPT\" ; then ' +
+			'ip6tables -A INPUT -i ' + tun_ifname + ' -j ACCEPT; fi')
+
+def execute_bash_cmd(bash_cmd):
+	#print("Executing: /bin/bash -c " + bash_cmd)
+	return subprocess.run(bash_cmd, stdout=subprocess.PIPE, shell=True)
+
+if __name__ == '__main__':
+	start()
diff --git a/upf/upf.yaml b/upf/upf.yaml
new file mode 100644
index 0000000..f1d7a13
--- /dev/null
+++ b/upf/upf.yaml
@@ -0,0 +1,29 @@
+logger:
+    file: /open5gs/install/var/log/open5gs/upf.log
+
+parameter:
+    no_ipv6: true
+    prefer_ipv4: true
+
+upf:
+    pfcp:
+      - addr: UPF_IP
+    gtpu:
+      - addr: UPF_IP
+    pdn:
+      - addr: 192.168.100.1/24
+        dev: ogstun
+        apn: internet
+      - addr: fd84:6aea:c36e:2b69::/64
+        dev: ogstun
+        apn: internet
+      - addr: 192.168.101.1/24
+        apn: ims
+        dev: ogstun2
+      - addr: fd1f:76f3:da9b:0101::/64
+        apn: ims
+        dev: ogstun2
+
+smf:
+    pfcp:
+      - addr: SMF_IP
diff --git a/upf/upf_init.sh b/upf/upf_init.sh
new file mode 100755
index 0000000..987ab0c
--- /dev/null
+++ b/upf/upf_init.sh
@@ -0,0 +1,42 @@
+#!/bin/bash
+
+# BSD 2-Clause License
+
+# Copyright (c) 2020, Supreeth Herle
+# All rights reserved.
+
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+
+# 1. Redistributions of source code must retain the above copyright notice, this
+#    list of conditions and the following disclaimer.
+
+# 2. Redistributions in binary form must reproduce the above copyright notice,
+#    this list of conditions and the following disclaimer in the documentation
+#    and/or other materials provided with the distribution.
+
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+export LC_ALL=C.UTF-8
+export LANG=C.UTF-8
+export IP_ADDR=$(awk 'END{print $1}' /etc/hosts)
+export IF_NAME=$(ip r | awk '/default/ { print $5 }')
+
+python3 /mnt/upf/tun_if.py --tun_ifname ogstun --ipv4_range 192.168.100.0/24 --ipv6_range fd84:6aea:c36e:2b69::/64
+python3 /mnt/upf/tun_if.py --tun_ifname ogstun2 --ipv4_range 192.168.101.0/24 --ipv6_range fd1f:76f3:da9b:0101::/64 --nat_rule 'no'
+
+cp /mnt/upf/upf.yaml install/etc/open5gs
+sed -i 's|UPF_IP|'$UPF_IP'|g' install/etc/open5gs/upf.yaml
+sed -i 's|SMF_IP|'$SMF_IP'|g' install/etc/open5gs/upf.yaml
+
+# Sync docker time
+#ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone