paulmataruso/open5gs
1
0
Fork 0
mirror of https://github.com/open5gs/open5gs.git synced 2025-11-02 21:13:40 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: paulmataruso:v2.7.1
Branches Tags
paulmataruso:main paulmataruso:n9
paulmataruso:v2.7.6 paulmataruso:v2.7.5 paulmataruso:v2.7.2 paulmataruso:v2.7.1 paulmataruso:v2.7.0 paulmataruso:v2.6.6 paulmataruso:v2.6.4 paulmataruso:v2.6.3 paulmataruso:v2.6.2 paulmataruso:v2.6.1 paulmataruso:v2.5.9 paulmataruso:v2.4.15 paulmataruso:v2.5.8 paulmataruso:v2.4.14 paulmataruso:v2.5.6 paulmataruso:v2.4.12 paulmataruso:v2.4.9 paulmataruso:v2.4.8 paulmataruso:v2.4.7 paulmataruso:v2.4.5 paulmataruso:v2.4.4 paulmataruso:v2.4.3 paulmataruso:v2.4.1 paulmataruso:v2.4.0 paulmataruso:v2.3.6 paulmataruso:v2.3.2 paulmataruso:v2.3.1 paulmataruso:v2.3.0 paulmataruso:v2.2.9 paulmataruso:v2.2.8 paulmataruso:v2.2.7 paulmataruso:v2.2.6 paulmataruso:v2.2.1 paulmataruso:v2.2.0 paulmataruso:v2.1.7 paulmataruso:v2.1.5 paulmataruso:v2.1.4 paulmataruso:v2.1.3 paulmataruso:v2.1.1 paulmataruso:v2.1.0 paulmataruso:v2.0.22 paulmataruso:v2.0.18 paulmataruso:v2.0.0 paulmataruso:v1.3.0 paulmataruso:v1.2.4 paulmataruso:v1.2.3 paulmataruso:v1.2.2 paulmataruso:v1.2.1 paulmataruso:v1.2.0 paulmataruso:v1.1.0 paulmataruso:v1.0.0 paulmataruso:v0.5.2 paulmataruso:v0.5.1 paulmataruso:v0.5.0 paulmataruso:v0.4.4 paulmataruso:v0.4.3 paulmataruso:v0.4.2 paulmataruso:v0.4.1 paulmataruso:v0.4.0 paulmataruso:v0.3.11 paulmataruso:v0.3.10 paulmataruso:v0.3.9 paulmataruso:v0.3.8 paulmataruso:v0.3.7 paulmataruso:v0.3.6 paulmataruso:v0.3.5 paulmataruso:v0.3.4 paulmataruso:v0.3.3 paulmataruso:v0.3.2 paulmataruso:v0.3.1 paulmataruso:v0.3.0 paulmataruso:v0.2.0 paulmataruso:v0.1.1 paulmataruso:v0.1.0
..
compare: paulmataruso:a22dc2144831f4af4bb6b03eec863e0f01328791
Branches Tags
paulmataruso:main paulmataruso:n9
paulmataruso:v2.7.6 paulmataruso:v2.7.5 paulmataruso:v2.7.2 paulmataruso:v2.7.1 paulmataruso:v2.7.0 paulmataruso:v2.6.6 paulmataruso:v2.6.4 paulmataruso:v2.6.3 paulmataruso:v2.6.2 paulmataruso:v2.6.1 paulmataruso:v2.5.9 paulmataruso:v2.4.15 paulmataruso:v2.5.8 paulmataruso:v2.4.14 paulmataruso:v2.5.6 paulmataruso:v2.4.12 paulmataruso:v2.4.9 paulmataruso:v2.4.8 paulmataruso:v2.4.7 paulmataruso:v2.4.5 paulmataruso:v2.4.4 paulmataruso:v2.4.3 paulmataruso:v2.4.1 paulmataruso:v2.4.0 paulmataruso:v2.3.6 paulmataruso:v2.3.2 paulmataruso:v2.3.1 paulmataruso:v2.3.0 paulmataruso:v2.2.9 paulmataruso:v2.2.8 paulmataruso:v2.2.7 paulmataruso:v2.2.6 paulmataruso:v2.2.1 paulmataruso:v2.2.0 paulmataruso:v2.1.7 paulmataruso:v2.1.5 paulmataruso:v2.1.4 paulmataruso:v2.1.3 paulmataruso:v2.1.1 paulmataruso:v2.1.0 paulmataruso:v2.0.22 paulmataruso:v2.0.18 paulmataruso:v2.0.0 paulmataruso:v1.3.0 paulmataruso:v1.2.4 paulmataruso:v1.2.3 paulmataruso:v1.2.2 paulmataruso:v1.2.1 paulmataruso:v1.2.0 paulmataruso:v1.1.0 paulmataruso:v1.0.0 paulmataruso:v0.5.2 paulmataruso:v0.5.1 paulmataruso:v0.5.0 paulmataruso:v0.4.4 paulmataruso:v0.4.3 paulmataruso:v0.4.2 paulmataruso:v0.4.1 paulmataruso:v0.4.0 paulmataruso:v0.3.11 paulmataruso:v0.3.10 paulmataruso:v0.3.9 paulmataruso:v0.3.8 paulmataruso:v0.3.7 paulmataruso:v0.3.6 paulmataruso:v0.3.5 paulmataruso:v0.3.4 paulmataruso:v0.3.3 paulmataruso:v0.3.2 paulmataruso:v0.3.1 paulmataruso:v0.3.0 paulmataruso:v0.2.0 paulmataruso:v0.1.1 paulmataruso:v0.1.0

399 Commits
v2.7.1 ... a22dc21448

Author SHA1 Message Date
Sukchan Lee
a22dc21448 update it 2025-09-26 22:38:07 +09:00
Sukchan Lee
6d63440b8f update it 2025-09-26 22:15:25 +09:00
Sukchan Lee
d2956187ea added sgwc debug 2025-09-24 22:23:44 +09:00
Sukchan Lee
82d7487eef Added debug log 2025-09-24 22:01:43 +09:00
Sukchan Lee
be765fe2b0 [AMF/MME] Add size validation for NGAP/S1AP IE fields to prevent crashes (#4087) 
- Added explicit size checks for critical IE fields (PLMNIdentity, TAC,
  GTP-TEID, Cell-ID, UE security capability algorithms, etc.) before
  memcpy() operations.
- When size mismatch is detected, log an error and return an Error
  Indication (or Setup Failure) with appropriate protocol cause
  (semantic_error or message_not_compatible_with_receiver_state).
- Introduced s1ap_send_error_indication1(enb_ue_t *enb_ue, ...)
  as a helper for cases where ENB UE context is available directly.
  s1ap_send_error_indication2(mme_ue_t *mme_ue, ...) now delegates
  to the new function, reducing code duplication.
- Replaced ogs_assert() checks with graceful error handling paths
  to avoid abnormal process termination.

This improves robustness against malformed or non-compliant NGAP/S1AP
messages and prevents potential AMF/MME crashes.
 2025-09-24 21:22:46 +09:00
Sukchan Lee
3978db2fa6 [AMF] Fix crash on malformed NGSetupRequest PLMNIdentity 
When the NGSetupRequest contains an invalid GlobalRANNodeID or
BroadcastPLMNItem with a malformed PLMNIdentity, the AMF previously
performed memcpy() without checking the buffer size. This could lead
to invalid memory access and crash.

Fix by validating PLMNIdentity size against sizeof(ogs_plmn_id_t) and
sending NGSetupFailure with CauseProtocol_semantic_error if invalid.

Also add regression tests:
- Build malformed NGSetupRequest with incorrect PLMNIdentity size
- Verify AMF does not crash and returns NGSetupFailure

This resolves the crash reported in issue #4087.
 2025-09-23 23:08:42 +09:00
Sukchan Lee
9d8e94f176 [SGWC] Prevent crash on PFCP Session Modification with no bearers (#4073) 
In some handover scenarios, `sgwc_sxa_build_bearer_to_modify_list()` could
be invoked when there were no bearers to modify. This led to an assertion
failure:

    Assertion `num_of_remove_pdr + num_of_remove_far + ...` failed

This patch adds explicit checks on `sess->bearer_list` before building or
sending PFCP Session Modification Requests. If no bearers are present, the
request is skipped and an error is logged with IMSI/APN/TEID context
instead of aborting the process.

Changes include:
- Added `ogs_list_count(&sess->bearer_list)` checks in
  `pfcp-path.c`, `s11-handler.c`, `s5c-handler.c`, and `sxa-handler.c`.
- Gracefully skip SMR when bearer list is empty in
  Delete Indirect Data Forwarding Tunnel Request handling.
- Log diagnostic information (IMSI, APN, TEIDs) when no bearer is found.

This prevents SGWC from crashing under DEBUG logging and concurrent HO
scenarios, and allows multiple handover sessions to proceed more stably.
 2025-09-22 20:48:07 +09:00
Sukchan Lee
05b6af91c1 [MME] Send paging outcome before removing UE context (#4063) 
When the UE context was removed (e.g. after implicit detach or Delete
Session response), ongoing paging procedures were not finalized. This
caused the MME to skip sending the appropriate paging outcome (e.g.
Downlink Data Notification ACK, Create Bearer Response, Update Bearer
Response, Delete Bearer Response, SGSAP Paging Reject, etc.) depending
on the paging type.

As a result, the SGW or MSC/VLR could continue retransmitting, and the
MME produced spurious "Unknown timer[T3413]" errors.

This patch introduces `MME_UE_REMOVE_WITH_PAGING_FAIL`, which:
- Checks if paging is ongoing before removing the UE context
- Calls `mme_send_after_paging()` to send the correct outcome message
  (Unable to page UE or equivalent cause) according to paging type
- Removes the UE context afterwards

This change ensures that all paging procedures are completed with a
proper response as required by 3GPP specifications, improving network
interoperability and eliminating misleading timer errors.
 2025-09-21 18:29:02 +09:00
Sukchan Lee
a9955e34d4 [AMF] Ignore unexpected DELETE method in gmm_state_authentication (#4074) 
When the AMF receives a DELETE request for the registration API while in
the gmm_state_authentication state, it currently crashes because the
HTTP method is not handled. This appears to be a race condition.

To fix this, explicitly handle OGS_SBI_HTTP_METHOD_DELETE by ignoring the
message and logging an error, similar to the handling of other
unexpected SBI messages.
 2025-09-17 21:50:47 +09:00
Sukchan Lee
8669094586 [AMF] Ignore unexpected PATCH method in gmm_state_authentication (#4074) 
When the AMF receives a PATCH request for the registration API while in
the gmm_state_authentication state, it currently crashes because the
HTTP method is not handled. This appears to be a race condition.

To fix this, explicitly handle OGS_SBI_HTTP_METHOD_PATCH by ignoring the
message and logging an error, similar to the handling of other
unexpected SBI messages.
 2025-09-17 21:50:47 +09:00
Sukchan Lee
994eaa2c9a [AMF] Fix crash when sending GMM reject after T3522 expiry (#4074) 
- Add handling for DEREGISTRATION_REQUEST_FROM_UE when T3522 expires
- Improve error logging with NAS message type and value
 2025-09-17 21:50:47 +09:00
Sukchan Lee
0bf649226b [SBI] Prevent UAF/double-free by using pool ID in timer callbacks (#4074) 
- Use ogs_pool_id_calloc() / ogs_pool_id_free() instead of ogs_pool_alloc() / ogs_pool_free()
  to assign stable pool IDs to connection_t and ogs_sbi_session_t.
- Pass pool ID to ogs_timer_add() instead of raw pointer.
- In connection_timer_expired() and session_timer_expired(), resolve object via
  ogs_pool_find_by_id() and safely return if the object has already been freed.
- Add safety checks and error logs for invalid IDs and missing objects.

This prevents use-after-free or double-free crashes when timer callbacks
are triggered after the object has been freed under heavy load.
 2025-09-17 21:50:47 +09:00
Sukchan Lee
8254f12d82 [SGWC] Fix crash when bearer context is not found in S11 Create Indirect Data Forwarding Tunnel Request (#4073) 
Previously, the code asserted the existence of a bearer when handling
Create Indirect Data Forwarding Tunnel Request. If the bearer was not
found, this caused a crash.

This patch adds a null check for the bearer. If no bearer is found,
it now logs an error and sends a GTP error response with
CAUSE_CONTEXT_NOT_FOUND, then returns gracefully.
 2025-09-16 17:23:35 +09:00
herlesupreeth
548ffff1ff [PCRF] Check for QCI 5 only in case of 3GG RAT during Rx AAR for IMS signalling 2025-09-16 06:41:20 +09:00
Sukchan Lee
f3efd37103 [SGWC] Add proper error handling for bearer/tunnel allocation failures (#4073) 
Previously, sgwc_bearer_add() and sgwc_tunnel_add() relied on ogs_assert()
for allocation failures (bearer, tunnel, PDR, FAR). Under heavy handover
(ViLTE ping-pong HO) conditions, pool exhaustion could trigger assertions
and crash the SGW-C.

This patch:
- Adds NULL checks for ogs_pool_id_calloc() in bearer/tunnel creation
- Adds NULL checks for ogs_pfcp_pdr_add() and ogs_pfcp_far_add()
- Cleans up partially created objects on failure
- Returns System Failure for S11 CIDFT requests if tunnel creation fails
- Adds NULL checks before removing PDR/FAR in sgwc_tunnel_remove()
- Fixes log message for PDR allocation failure

These changes improve stability during repeated HO scenarios by preventing
assertion crashes when resource pools are exhausted.
 2025-09-14 11:25:43 +09:00
Sukchan Lee
9dbc0cffb5 [SMF] Fix crash when stream is NULL in smf_state_operational() (#4061) 
During integration tests with a third-party SCP, SMF crashed after
processing the UDM response to a PUT request during UE attachment.
This issue was traced to a missing NULL-check on the `stream` pointer
inside smf_state_operational().

Previously, the code asserted `stream` unconditionally when sending
the HTTP response or PDU session created data. If the SBI stream had
already been removed, the assertion failed, causing SMF to abort.

This patch adds a NULL-check for `stream`. When `stream` is NULL,
an error log is printed instead of asserting. This prevents SMF from
crashing and allows it to continue processing.

Tested with:
- Open5GS v2.7.6-21-g0516e01
- SCP from another vendor (crash reproduced and fixed)
- Open5GS SCP (no crash observed)

Fixes: smf_state_operational() assertion failure at smf-sm.c:1075
 2025-09-14 10:56:31 +09:00
Sukchan Lee
edfdd3d126 Follow-up on (#4044) 2025-09-14 10:36:00 +09:00
hug0lin
fc42f3039c Open5GS connected UEs, APN/DNN, IP addresses (#4044) 
Added additional fields: snssai, qos flow, pdu, and UE state. For 5G (for LTE, the pdu state is currently unknown).

curl -s http://127.0.0.4:9090/connected-ues |jq .
 {
    "supi": "imsi-999700000083810",                 // 5G RAT
    "pdu": [
      {
        "psi": 1,
        "dnn": "internet",
        "ipv4": "10.45.0.2",
        "snssai": {
          "sst": 1,
          "sd": "ffffff"
        },
        "qos_flows": [
          {
            "qfi": 1,
            "5qi": 9
          }
        ],
        "pdu_state": "inactive"
      }
    ],
    "ue_activity": "idle"
  },
{
    "supi": "001010000056492",            // LTE RAT
    "pdu": [
      {
        "ebi": 5,
        "apn": "internet",
        "ipv4": "10.45.0.3",
        "qos_flows": [
          {
            "ebi": 5,
            "qci": 9
          }
        ],
        "pdu_state": "unknown"
      }
    ],
    "ue_activity": "unknown"
  },

Added other outputs related to the connected gNBs/eNBs to AMF and MME, so we should have the basic tools for the 4G/5G core operation.

curl -s http://127.0.0.4:9090/connected-ues |jq .
curl -s http://127.0.0.5:9090/connected-gnbs | jq .
curl -s http://127.0.0.2:9090/connected-enb |jq .

curl -s http://127.0.0.5:9090/connected-gnbs |jq .
[
  {
    "gnb_id": 100,
    "plmn": "99970",
    "network": {
      "amf_name": "efire-amf0",
      "ngap_port": 38412
    },
    "ng": {
      "setup_success": true,
      "sctp": {
        "peer": "[192.168.168.100]:60110",
        "max_out_streams": 2,
        "next_ostream_id": 1
      }
    },
    "supported_ta_list": [
      {
        "tac": "000001",
        "bplmns": [
          {
            "plmn": "99970",
            "snssai": [
              {
                "sst": 1,
                "sd": "ffffff"
              }
            ]
          },
          {
            "plmn": "99971",
            "snssai": [
              {
                "sst": 2,
                "sd": "000000"
              }
            ]
          }
        ]
      },
      {
        "tac": "000051",
        "bplmns": [
          {
            "plmn": "00101",
            "snssai": [
              {
                "sst": 2,
                "sd": "123456"
              }
            ]
          }
        ]
      },
    ],
    "num_connected_ues": 0
  }
]

curl -s http://127.0.0.2:9090/connected-enbs |jq .
[
  {
    "enb_id": 264040,
    "plmn": "99970",
    "network": {
      "mme_name": "efire-mme0"
    },
    "s1": {
      "setup_success": true,
      "sctp": {
        "peer": "[192.168.168.254]:36412",
        "max_out_streams": 10,
        "next_ostream_id": 1
      }
    },
    "supported_ta_list": [
      {
        "tac": "000001",
        "plmn": "99970"
      }
    ],
    "num_connected_ues": 1
  }
]

curl -s http://127.0.0.4:9090/connected-ues |jq .
[
  {
    "supi": "imsi-999700000083810",
    "pdu": [
      {
        "psi": 1,
        "dnn": "internet",
        "ipv4": "10.45.0.2",
        "snssai": {
          "sst": 1,
          "sd": "ffffff"
        },
        "qos_flows": [
          {
            "qfi": 1,
            "5qi": 9
          }
        ],
        "pdu_state": "inactive"
      }
    ],
    "ue_activity": "idle"
  },
  {
    "supi": "imsi-999700000021635",
    "pdu": [
      {
        "psi": 1,
        "dnn": "ims",
        "ipv4": "10.45.0.124",
        "ipv6": "2001:db8:cafe:79::7a",
        "snssai": {
          "sst": 1,
          "sd": "ffffff"
        },
        "qos_flows": [
          {
            "qfi": 1,
            "5qi": 5
          }
        ],
        "pdu_state": "active"
      }
    ],
    "ue_activity": "active"
  }
]
 2025-09-13 10:02:01 +09:00
Pau Espin Pedrol
606877bf11 [MME] SGsAP: Implement initial Rx of ALERT-REQUEST 
Answer ALERT-REQUEST with either ALERT-ACK or ALERT-REJECT.

This commit leaves unimplemented (to be implemented in the future)
the part regarding setting of internal NEAF flag for UE inside MME
and then triggering SGsAP-UE-ACTIVITY-INDICATION towards VLR.

See 3GPP TS 23.272 and 3GPP TS 29.118 (grep for "Alert" and "Activity")
for further information.
 2025-09-11 07:22:26 +09:00
Pau Espin Pedrol
a8eec6e9e6 [MME] SGsAP: Do not close SCTP socket upon rx SGsAP-RESET-INDICATION 
This is not mentioned anywhere in the specs and may just create an
endless loop of open5gs-mmed re-connecting and VLR sending a RESET.
 2025-09-10 08:34:12 +09:00
Pau Espin Pedrol
0a045eeb12 [MME] SGsAP-PAGING-REQUEST: Improve handling of Service Indicator 2025-09-10 08:33:08 +09:00
Pau Espin Pedrol
12eb5bbc3d [MME] SGsAP: Improve error handling in SGsAP-PAGING-REQUEST 2025-09-10 08:33:08 +09:00
Pau Espin Pedrol
62f961bfbf [MME] emm-handler: Interpret unused Attach Type as EPS Attach 
3GPP TS 24.301:
"All other values are unused and shall be interpreted as "EPS attach", if received by the
network".
 2025-09-08 22:23:23 +09:00
Pau Espin Pedrol
5d7d3e755f [MME] Fix several values in OGS_NAS_ATTACH_TYPE_* 
Values for Emergency Attach and Reserved were wrong.
 2025-09-08 22:23:23 +09:00
Sukchan Lee
59391d8d5c [SMF] Drop invalid assert on dl_pdr->precedence (uint32_t PFCP Precedence) 
PFCP PDR precedence is a uint32_t. In Open5GS the default
OGS_PFCP_DEFAULT_PDR_PRECEDENCE is 65535. The previous assert enforced
(0,255), which is incorrect and causes valid configurations to abort.
Remove the assert and pass the precedence through as-is.

Fixes assertion failures seen in TC_pdu_sess_modification in
osmo-ttcn3-hacks.
 2025-08-24 10:51:36 +09:00
Pau Espin Pedrol
f7889f2be3 [5G-NAS] Avoid parse failure with Packet Filter match-all type 2025-08-24 10:43:22 +09:00
Pau Espin Pedrol
b11350f969 [5G-NAS] Improve QoS Rules parsing 
The older version of the code was wrong (or at least not exactly
correct) in many (corner) cases.

* Split the parsing of Packet Filter List into its own helper function
  to simplify the code
* Improve error logging to provide more info on which QoS rule failed.
* Add some extra logic checking match between 'Length of QoS rule' and
  existance of m+1 and m+2 bytes.
* Correct logic checking expected/unexpected presence of m+1 and m+2
  octets based on Rule Operation Code according to specs.
 2025-08-24 10:43:22 +09:00
Pau Espin Pedrol
1bdbaa4ef2 cosmetic: lib/nas/5gs/types.c: Fix trailing whitespace 2025-08-24 10:43:22 +09:00
hug0lin
da27d6eab9 Update 01-genodebs.md 2025-08-19 16:07:20 +09:00
Sukchan Lee
a1a42c4e50 [DOCS] Added 5G Roaming by @infinitydon (#4042, #4007) 2025-08-18 18:16:10 +09:00
Sukchan Lee
fb3cba40e5 [HR] V-UPF: preserve PSC on N2 indirect (Access->Access) without QER (#2194) 
Home-Routed roaming: during Xn/N2 handover the source gNB may forward
remaining DL data to the core using UL PDU Session Information (PSC).
On the V-UPF the PSC was lost on the indirect path because OHR+OHC
removed the incoming GTP-U header (and its extensions) and we did not
recreate PSC when no QER/QFI was provisioned by the V-SMF.

This change makes the V-UPF rebuild a DL PSC for the target gNB even
when QER is absent, limited to the Access->Access indirect path
(source gNB -> V-UPF -> target gNB).

Why this is needed in HR:
- In HR deployments the V-SMF typically does not provision QER/QFI for
  the temporary indirect path. Without recreating PSC from recvhdr, the
  extension header disappears after OHR+OHC and the target gNB cannot
  see the QFI during handover buffering/forwarding.
 2025-08-15 11:07:56 +09:00
Sukchan Lee
0c56903c98 Follow-up on #4039 2025-08-13 18:38:09 +09:00
mitmitmitm
417f6e0e56 [SMF] Use PFCP Outer hdr. removal type IP regardless of sess. type 
Previously, Outer Header Removal was set according to PDU session type.
However, outer header IP version is independent of inner packet IP version or
PDU session type. It typically depends on UPF and gNB configuration. Set it to
GTP-U/UDP/IP to handle both IPv4 and IPv6 cases, according to TS 29.244, Table
8.2.64-1, Note 4: "The CP function shall use this value to instruct UP function
to remove the GTP-U/UDP/IP header regardless it is IPv4 or IPv6."

No changes at UPF are necessary because it already ignores Outer Header Removal
Description type and Kernel correctly decapsulates the outer IP header at
socket level.
 2025-08-13 18:35:34 +09:00
Sukchan Lee
d787589889 [DIAM] refactor answer header creation in callbacks 
This change moves the call to fd_msg_new_answer_from_req so that the answer
header is created immediately after the incoming request is received,
ensuring that the ans pointer is initialized before any message‐specific
allocations or parsing take place.

This refactoring guarantees that the answer message is set up once and early,
which improves readability and ensures that proper cleanup can occur
without repeated steps.

Refer to:
- Issues #4012
- Pull Request #4034
- Commit f23d7a5
 2025-08-03 16:13:36 +09:00
Sukchan Lee
f23d7a5e95 [DIAM] Enhance Exception Handling in all Rx Callbacks 
Add robust error checks and logging to MME, SMF, PCRF, and HSS
Diameter callback functions. Prevent assertion failures by
handling unexpected or late messages gracefully.
 2025-08-02 15:15:06 +09:00
Pau Espin Pedrol
4e21cff6e6 sbi: Fix typo in log debug msg 2025-07-30 22:09:32 +09:00
Sukchan Lee
ad80da3060 Merge branch 'r2.7.6' 2025-07-28 22:51:13 +09:00
Sukchan Lee
38ab9de5c4 [DOC] Open5GS works with eNBs 2025-07-28 22:50:20 +09:00
Sukchan Lee
f73d81f3be Merge branch 'r2.7.6' 2025-07-22 11:16:09 +09:00
Sukchan Lee
66bc558e41 [AMF/SEC] Log error instead of aborting on SM context release during security-mode state 
Instead of aborting the AMF when an SM context release is requested during the
security-mode state, log an error and allow the system to continue operating.

This avoids a fatal assertion failure and improves overall availability. The
error message "Invalid state transition: cannot release SM Context during
security-mode state" provides a clear debug trace for issue #4012.
 2025-07-22 11:14:22 +09:00
Sukchan Lee
60a9707b8e Merge branch 'r2.7.6' 2025-07-21 16:52:07 +09:00
Sukchan Lee
a850c4d1d2 Revert "[SMF] Refactor core address‐resolution to robustly support both IP literals and hostnames (#4008)" 
This reverts commit 64bb567aa2.
 2025-07-21 16:51:41 +09:00
Sukchan Lee
64bb567aa2 [SMF] Refactor core address‐resolution to robustly support both IP literals and hostnames (#4008) 
This change revises the existing ogs_addaddrinfo() function to handle
partial failures without aborting the process, ensure proper cleanup
of any nodes allocated before an error, and emit more informative logs
(including getaddrinfo() errors and situations where no usable addresses
 are returned).

By introducing “tail” and “first_new” pointers, new entries can be appended
to an existing list and safely detached if memory allocation fails mid‐stream.

On top of that, a new helper API, ogs_sockaddr_from_ip_or_fqdn(), was added.

It automatically detects whether its input is a numeric IPv4/IPv6 literal
or a hostname (using AI_NUMERICHOST when appropriate), then delegates
resolution to ogs_addaddrinfo().

Errors are logged at the error level but do not trigger a fatal exit,
and any partial lists are cleaned up before returning.

Finally, the SMF configuration parser in context.c was updated to use
this new API for “p-cscf” entries, allowing both raw IP addresses
and DNS names in smf.yaml.

Corresponding adjustments were made in context.h (to change the p_cscf
and p_cscf6 arrays to mutable char pointers) and in the cleanup routine
smf_context_final() to free any dynamically allocated strings.

Together, these improvements eliminate duplicate parsing logic,
streamline configuration handling, and increase the overall resilience
of address resolution across Open5GS.
 2025-07-21 16:47:47 +09:00
Sukchan Lee
753523033d [SMF] Refactor core address‐resolution to robustly support both IP literals and hostnames (#4008) 
This change revises the existing ogs_addaddrinfo() function to handle
partial failures without aborting the process, ensure proper cleanup
of any nodes allocated before an error, and emit more informative logs
(including getaddrinfo() errors and situations where no usable addresses
 are returned).

By introducing “tail” and “first_new” pointers, new entries can be appended
to an existing list and safely detached if memory allocation fails mid‐stream.

On top of that, a new helper API, ogs_sockaddr_from_ip_or_fqdn(), was added.

It automatically detects whether its input is a numeric IPv4/IPv6 literal
or a hostname (using AI_NUMERICHOST when appropriate), then delegates
resolution to ogs_addaddrinfo().

Errors are logged at the error level but do not trigger a fatal exit,
and any partial lists are cleaned up before returning.

Finally, the SMF configuration parser in context.c was updated to use
this new API for “p-cscf” entries, allowing both raw IP addresses
and DNS names in smf.yaml.

Corresponding adjustments were made in context.h (to change the p_cscf
and p_cscf6 arrays to mutable char pointers) and in the cleanup routine
smf_context_final() to free any dynamically allocated strings.

Together, these improvements eliminate duplicate parsing logic,
streamline configuration handling, and increase the overall resilience
of address resolution across Open5GS.
 2025-07-21 16:44:45 +09:00
Sukchan Lee
e3c3a911fa [PKG] Initialize n2smbuf to fix SMF compilation errors 
This commit fixes compilation errors in the SMF GSM state handlers
by declaring and initializing the n2smbuf variable at the top of
both smf_gsm_state_operational and smf_gsm_state_wait_pfcp_deletion,
and removes the redundant type specifiers from the switch‐case assignments.
 2025-07-20 09:29:24 +09:00
Sukchan Lee
0516e01903 Merge branch 'main' into home-routed 2025-07-19 10:42:40 +09:00
Sukchan Lee
d9d3abdd48 Release v2.7.6 2025-07-19 10:32:41 +09:00
Sukchan Lee
c58b8f0819 [SEC/SMF] Handle invalid NAMF_COMM API messages and escalate SBI logs to errors (#4000) 
Added a handler to catch invalid NAMF_COMM API messages
and prevent assertion failures, and upgraded related SBI log statements
from warnings to errors.
 2025-07-19 09:45:52 +09:00
Sukchan Lee
b9ec94a0d2 Enable parsing of block‑level HTML in Kramdown so Markdown syntax 
(e.g. inside <details> tags) is rendered correctly.
 2025-07-19 08:03:01 +09:00
Sukchan Lee
c917760a47 [HR] Update documentation to include Home Routed Roaming feature (#2194) 
This update adds a comprehensive description of the Home Routed Roaming
functionality, enhances the architecture section and message
flow diagrams to illustrate the new routing process, and provides
clear configuration examples and command‑line snippets to assist
users with setup.
 2025-07-19 08:00:48 +09:00
Sukchan Lee
7b75746fe8 [HR] Support Xn/N2 handover for Home-Routed Roaming (Direct Forwarding only) (#2194) 
This commit adds Xn and N2 handover procedures to the Home-Routed Roaming code.
Direct forwarding is now fully operational.

Indirect forwarding for N2 handovers is not yet supported.

To preserve the GTP-U header and extension header (even without QER)
along the source gNB -> V-UPF -> target gNB path, future work will create
PDRs without Outer Header Removal IE and FARs without Outer Header Creation IE
and implement the necessary UPF logic.
 2025-07-14 22:03:32 +09:00
Sukchan Lee
f21bc06054 Merge branch 'main' into home-routed 2025-07-12 08:13:15 +09:00
Sukchan Lee
fc38ede6a2 [SMF] Fix crash by handling failure in N1 message construction (#3989) 
If gsm_build_pdu_session_establishment_accept() fails due to invalid PCO,
the SMF previously hit an assertion and crashed. This patch adds a proper
error check and transitions to the reject state to prevent the crash.

This was originally reported in issue #3969.

A missing error handling path in 'smf_gsm_state_wait_pfcp_establishment'
led to an assertion failure.
 2025-07-11 22:39:18 +09:00
Sukchan Lee
7575a7be13 [AMF/MME] Fix crash during S1/X2 handover cancellation by validating UE context association before deassociation (#3983) 
Problem:
During inter-eNB/RAN handover scenarios, such as S1/N2 handover followed by X2/Xn handover cancellation,
the UE context may end up partially moved or duplicated across multiple eNBs. If the handover
is canceled by the target eNB and followed by subsequent UE Context Release or PathSwitchRequest
procedures, the MME can crash due to inconsistent context state. Specifically, when deassociating
the mme_ue <-> enb_ue (or amf_ue <-> ran_ue) pair, the code unconditionally resets the association
fields (`mme_ue->enb_ue_id`, `enb_ue->mme_ue_id`, etc.), even if they no longer reflect an actual
association due to the earlier handover cancellation.

Root Cause:
The MME or AMF state machine incorrectly assumes that the associated context IDs are still valid
and proceeds to unlink the context. When the PathSwitchRequest arrives after the UE context has
been (partially or fully) released, the assertion `enb_ue != NULL` or the mismatch in expected ID
(e.g., `mme_ue->enb_ue_id != enb_ue->id`) leads to a crash.

Solution:
This patch introduces stricter association validation before unlinking UE contexts. Specifically:

- The unlinking functions such as `enb_ue_unlink()` and `amf_ue_deassociate()` were replaced with
  more explicit versions: `enb_ue_deassociate_mme_ue()` and `amf_ue_deassociate_ran_ue()`, which
  compare the current context ID with the expected one.
- If the ID mismatch is detected, the deassociation is skipped and a detailed error is logged
  (rather than crashing with an assertion).
- This approach prevents crashes during handover cancellation cases and avoids incorrectly
  cleaning up a context that is already associated with a new peer.

Additionally:
- The same pattern was applied consistently across MME and AMF modules including:
  - `s1ap-handler.c`, `mme-context.c`, `mme-s11-handler.c`, `mme-gtp-path.c`
  - `ngap-handler.c`, `nsmf-handler.c`, `sbi-path.c`
- All previously direct field resets (`xxx_ue->xxx_ue_id = OGS_INVALID_POOL_ID`) are now guarded
  with validation logic.
- Logging was improved to aid in debugging unexpected deassociation cases.

This change improves robustness of the MME/AMF against abnormal handover procedures and
ensures graceful handling of late context release requests or race conditions during
handover cancel and re-establishment.

Fixes: assertion failure in `sgw_ue_check_if_relocated()` during PathSwitchRequest
 2025-07-11 22:28:48 +09:00
Sukchan Lee
701505102f [MME/SEC] Validate PDN type in ESM handler and reject unsupported types (#3980) 
Add a check to ensure only IPv4, IPv6, or IPv4v6 PDN types are allowed.
For any other (unknown) PDN type, send a PDN Connectivity Reject with cause
Unknown PDN Type instead of proceeding to a fatal assertion.

This prevents the MME from crashing when it receives a malformed NAS message.
 2025-07-10 10:32:45 +09:00
Sukchan Lee
cf63dd6319 [AMF/SEC] Avoid AMF crash on late SBI client events by removing ran_ue_find_by_id assertions (#3979) 
In certain race conditions, the AMF could receive an SBI response
after the RAN UE context has already been removed.

The ran_ue_find_by_id assertions in
both amf_npcf_am_policy_control_build_create and
amf_nsmf_pdusession_build_create_sm_context would
trigger a fatal abort.

This change removes those assertions so that late SBI client events are
safely ignored and do not crash the AMF.
 2025-07-10 07:59:29 +09:00
Sukchan Lee
f168f7586a [SMF] Prevent SMF crash on closed or invalid HTTP/2 streams (#3978) 
During PDU Session release, under memory pressure or upon receiving
an RST_STREAM, the SMF could still attempt to process an already-closed
HTTP/2 stream. This led to a fatal assert(stream) in smf_state_operational(),
terminating the entire SMF process even though the error affected
only a single UE context.

This commit adds a null check for the stream before sending the HTTP status.
If the stream has already been removed, SMF now logs an error instead of
asserting.
 2025-07-09 22:03:35 +09:00
Sukchan Lee
f47f2bd4f7 [AMF] Add handling to ignore delayed NUDM-SDM responses and prevent AMF crash (#3977) 
Previously, if the AMF received an smf-select-data response (or related SBI
messages) from the NUDM-SDM after the UE context had been released, the GMM
state machine would hit an unhandled event and abort with a fatal assertion.

This commit adds a new case for OGS_SBI_SERVICE_NAME_NUDM_SDM
in gmm_state_exception(), explicitly ignoring SBI messages for AM_DATA,
SMF_SELECT_DATA, UE_CONTEXT_IN_SMF_DATA, and SDM_SUBSCRIPTIONS
(with a warning log).

Any truly unexpected resource names now emit an error log instead
of triggering assert_if_reached. As a result, the AMF will safely drop late
NUDM-SDM responses without crashing.
 2025-07-09 21:53:21 +09:00
Sukchan Lee
ae5fda2620 [AMF] Ensure AMF gracefully rejects registrations with no subscription slices (#3970) 
Previously, malformed S-NSSAI parameters could trigger a fatal assertion in
amf_update_allowed_nssai when the UE had zero slices in its subscription
database. This patch introduces an explicit check for amf_ue->num_of_slice == 0,
logs a clear error message including the UE’s SUPI, and returns false to
reject the registration.

The removed assertion prevents AMF crashes and ensures
that other UEs continue to be served normally.
 2025-07-09 21:41:52 +09:00
Sukchan Lee
345800ba94 [SMF] Improve robustness of PCO parsing and building by replacing fatal assertions with error handling (#3969) 
Previously, malformed Protocol Configuration Options (PCO) data would trigger
ogs_assert failures in both the generic parser and SMF build routines,
causing the SMF process to abort unconditionally.

This commit replaces those fatal assertions with conditional checks:

In ogs_pco_parse(), switch from ogs_assert(size == data_len) to
ogs_expect(size == data_len), allowing the function to return gracefully.

In SMF's PCO build (smf_pco_build) and all downstream build paths
(including GN, GSM, S5C modules), replace ogs_assert(pco_len > 0)
with explicit if (pco_len <= 0) checks that:

Ensure that malformed or incomplete PCOs no longer crash the process,
but instead are handled cleanly so the network function can continue operating.
 2025-07-09 21:28:08 +09:00
Sukchan Lee
bca0a7b6e0 [AMF/SEC] pass AMF UE context to downlink NAS transport to prevent fatal crash (#3950) 
When SM Context creation fails (e.g. 504 from SMF) the AMF continued
to build and send a NAS downlink message by dynamically looking up
the AMF UE context from ran_ue->amf_ue_id inside ngap_build_downlink_nas_transport().
If ran_ue_deassociate() had already removed that mapping, the lookup
would return NULL, triggering a fatal assertion and crashing the AMF.

This patch changes:
  1. nas_5gs_send_to_downlink_nas_transport() and
     ngap_build_downlink_nas_transport() signatures to accept an
     explicit amf_ue_t * parameter alongside ran_ue_t *.
  2. All calls to nas_5gs_send_to_downlink_nas_transport() to pass
     the correct amf_ue pointer (from sess->amf_ue_id).
  3. Removal of the dynamic lookup and fatal assertion in
     ngap_build_downlink_nas_transport(), replacing it with
     ogs_assert(amf_ue) on the passed-in context.

By carrying the valid AMF UE context through the call chain, we
ensure that downlink NAS transport always has a correct pointer,
even when the ran_ue-to-amf_ue mapping has been cleared. This
prevents invalid internal state transitions and eliminates the
ngap_build_downlink_nas_transport() crash when handling SMF failures.
 2025-07-04 15:30:29 +09:00
Sukchan Lee
465e90f45b [SEC/AMF] Replace SM context release abort with error log (#3946) 
SM context release in initial‐context‐setup should not abort the AMF.

Use ogs_error instead of ogs_assert_if_reached to log
the invalid state transition and maintain process availability.
 2025-07-04 09:27:29 +09:00
Sukchan Lee
1f30edac27 [SEC/AMF] Add robust error handling for NPCF AM policy control SBI messages (#3948) 
This change enhances the GMM state machine’s resilience by explicitly
handling SBI messages from the NPCF AM policy control service.
 2025-07-03 10:55:50 +09:00
Sukchan Lee
8e5fed1611 [SEC/AMF] Ignore late NUDM_UECM PUT registration responses (#3947) 
Any unexpected HTTP methods or resource names generate an error
and an assertion, ensuring that truly invalid cases are caught.

By adding these checks and early exits, we avoid fatal assertion failures
in scenarios where the AMF’s state machine would otherwise have no matching
transition for a late SBI callback.
 2025-07-03 10:13:03 +09:00
Sukchan Lee
c86f9150ec [UPF] Handle session allocation failure gracefully when maximum sessions are reached (#3964) 
In upf_sess_add, replace the unconditional assertion on sess with a check
that detects when the session pool is exhausted. If allocation fails,
log an error message (“Maximum number of Session reached”) and
return NULL instead of aborting the process.

This change prevents the UPF from crashing when the PFCP session limit (4096) is
exceeded and allows it to reject additional session establishment requests
cleanly.
 2025-07-01 16:52:34 +09:00
Sukchan Lee
94cf8ee0e0 [HR] Implement handling of UE-initiated PDU Session Modification (#2194) 
This commit consolidates the entire ue-mod feature branch
into a single update on top of the latest home-routed code.
 2025-06-30 10:07:06 +09:00
Sukchan Lee
932101b919 Merge branch 'main' into home-routed 2025-06-30 10:02:57 +09:00
Sukchan Lee
67ba7f92bb [SBI] guard against NULL http->content in parse_multipart (#3942) 
In lib/sbi/message.c parse_multipart(), http->content may be NULL.
This occurs on empty-body multipart POSTs and causes a segfault.

Add guard to check http->content, log an error, and return OGS_ERROR.
 2025-06-28 10:12:54 +09:00
Sukchan Lee
53e9e059ed [NFM] Prevent dispatch of SBI events to NF instance FSMs finalized by SIGTERM (#3938) 
In state_operational, guard against dispatching to NF instance FSMs whose
state has been reset to zero by ogs_fsm_fini() in event_termination(). Drop any
incoming SBI events for those instances and log an error, preventing assertion
failures when late HTTP callbacks arrive after an asynchronous SIGTERM shutdown.
 2025-06-27 17:12:49 +09:00
Sukchan Lee
db0196cba7 [AMF] Skip unprovisioned sessions to prevent premature error indication (#3951) 
In the previous implementation, the AMF would send a Partial-handover error
indication whenever it encountered a session not found in the subscriber DB,
even if valid sessions remained. This resulted in unexpected error responses
during NG handover.

To resolve this, we record the initial SMF transaction count before iterating
through the UE session list. Sessions without a valid SMF context now produce
a warning and are skipped, while continuing to send Handover Notify messages
for provisioned sessions. After processing, we compare the SMF transaction
count to the initial value. If no valid sessions were handled, we send a
Partial-handover error indication.

With this change, unprovisioned sessions no longer trigger a premature error
indication, allowing valid PDU sessions to complete NG handover successfully.
 2025-06-27 15:22:08 +09:00
Sukchan Lee
f64a65843a [SBI] use CURL_AT_LEAST_VERSION for MAX_CONCURRENT_STREAMS check 
In lib/sbi/client.c, the conditional compilation for
CURLMOPT_MAX_CONCURRENT_STREAMS was using #ifdef, which does not
ensure the option is set when the symbol is undefined.

Replace the check with #if CURL_AT_LEAST_VERSION(7,67,0) so that the
client applies the max concurrent streams setting on supported
libcurl versions. This fixes pool.event always showing the default
value and enables dynamic adjustment according to pool.stream.
 2025-06-27 11:10:01 +09:00
Sukchan Lee
8852fbada0 Merge branch 'main' into home-routed 2025-06-17 17:34:46 +09:00
Sukchan Lee
52ca325ed5 [AMF] Follow-up on #3880 2025-06-17 17:34:18 +09:00
mitmitmitm
a538e31bed [SMF] If GTPU conf has advert addr, use it in up2cp FAR 
SMF constructs up2cp FAR's outer_header_creation with |ogs_gtp_self()->gtpu_ip|
as DST IP address. Therefore, set |ogs_gtp_self()->gtpu_ip| to GTPU advertise
address. If advertise addr is not set, fall back to socket address as usual.
 2025-06-10 17:06:27 +09:00
Bostjan Meglic
ceb764b65f [AMF] fix possible crash when receiving SDM Change Notification 
In case that "item_change" variable does not hold "new_value", resulting
in a NULL dereferencing crash.
 2025-06-08 22:46:05 +09:00
Sukchan Lee
245fcda14d [MME/AMF]: Align reject cause for unknown UE/IMSI with 3GPP TS 29.272 Annex A (#3924) 
According to 3GPP TS 29.272 Annex A, when the HSS/UDM responds with
DIAMETER_ERROR_USER_UNKNOWN (5001), the MME/AMF should respond to the UE with
NAS EMM cause #8 (EPS services and non-EPS services not allowed), rather than
cause #11 (PLMN not allowed).

Previously, Open5GS returned cause #11 by default. However, this behavior is
problematic for private LTE environments where multiple operators may use the
same PLMN (e.g., 999/99 as per ITU-T E.212). In such cases, a UE rejected
with cause #11 will add the PLMN to its Forbidden PLMN list (FPLMN), causing
the device to avoid that PLMN for an extended period—even if another
compatible private network using the same PLMN exists.

This patch restores compliance with TS 29.272 by changing the default mapping
from cause #11 to cause #8 in both the 4G MME (emm_cause_from_diameter) and
5G AMF (gmm_cause_from_sbi) when handling unknown subscriber cases.

This ensures:
- Standard-conformant behavior across networks
- Better UE behavior in roaming or private LTE scenarios
- Avoids unnecessary FPLMN blacklisting in UE

Reference Issues:
- #263
- #1281
- #1332
 2025-06-08 22:44:48 +09:00
Sukchan Lee
f0005164a2 Merge branch 'main' into home-routed 2025-06-01 16:54:26 +09:00
Sukchan Lee
9f5d133657 [AMF/MME] Prevent AMF/MME crash when UE context is deleted (#3910) 
Prevent crashes when UE context is missing in AMF and MME by replacing direct
assertions with conditional checks and error logging.

Removed unconditional ogs_assert(ran_ue) in AMF's GMM handlers and
ogs_assert(enb_ue) in MME's EMM handlers.

Now, if the UE context lookup returns NULL, log an error (including SUPI/IMSI,
NAS message type, and IDs), dump the NAS packet in hex for debugging,
and exit the handler gracefully instead of aborting.
 2025-06-01 16:21:14 +09:00
Sukchan Lee
2daa44adab [SMF] Include N2 ACK for unchanged tunnel on repeated PathSwitchRequest (#3909) 
Fix missing N2 signaling when tunnel information is unchanged,
causing AMF crash on repeated PathSwitchRequest

When a second PathSwitchRequest arrives without any tunnel changes,
the handler previously returned HTTP 204 No Content and omitted N2 information.

This led to a fatal assertion in the AMF SM context, since it expected
to receive updated N2 data even when the tunnel remained the same.

This patch modifies ngap_handle_path_switch_request_transfer to build
and send the N2 SM buffer in the “else” branch.

It calls ngap_build_path_switch_request_ack_transfer to construct
the Path Switch Request Acknowledge N2 message and then delivers it
with smf_sbi_send_sm_context_updated_data_n2smbuf.

A new test case is also added to verify that N2 signaling is correctly
transmitted when tunnel parameters have not changed.
 2025-06-01 15:46:53 +09:00
Sukchan Lee
db1887035a [SMF] Handle missing UPF gracefully in SMF session selection (#3907) 
In src/smf/context.c:

 - Wrap UPF selection logic in a conditional that checks if pfcp_node
   is non-NULL.

 - If no UPF is available (pfcp_node == NULL), log an error and assert
   that sess->pfcp_node remains NULL, instead of crashing.

 - Only call selected_upf_node() and set up the GTP session when a prior UPF
   entry exists.

In src/smf/gn-handler.c:

 - After invoking smf_sess_select_upf(), verify sess->pfcp_node.

 - If no UPF was selected, log an error ("No UPF available for session") and
   return OGS_GTP1_CAUSE_SYSTEM_FAILURE instead of asserting.

In src/smf/s5c-handler.c:

 - Mirror the same check for sess->pfcp_node after smf_sess_select_upf().

 - If no UPF is available, log an error and return
   OGS_GTP2_CAUSE_SYSTEM_FAILURE.

 - If the selected UPF is not yet PFCP-associated, log a specific error
   message and return OGS_GTP2_CAUSE_REMOTE_PEER_NOT_RESPONDING.

These changes ensure that SMF does not abort when no UPF is configured or
associated; instead, it fails the session request with an appropriate GTP cause.
 2025-06-01 13:35:30 +09:00
Sukchan Lee
78bdd63984 [AMF] Follow-up on #3380 2025-05-31 20:51:41 +09:00
Matej Gradišar
799103257b [AMF] Fix UE context transfer when only NRF is client (#3880) 
* [AMF] Fix UE context transfer when only NRF is client

If UE context transfer is initiated and the new AMF does not get the
old AMF from NRF or no UE context is retrieved from the old AMF,
we do not want to reject UE registration. Send identity request instead.
Test "transfer-error-case" is added into the commit.

* [tests] Unite tests for UE context transfer

All tests for UE context transfer with different configs are placed
into test folder transfer.

* [tests] Make two binaries for UE context transfer tests

For each test config a different test binary is created.
 2025-05-31 20:51:06 +09:00
Sukchan Lee
ae4d8433eb [HR] Implement Network-Initiated PDU Session Modification (Home-Routed Roaming) (#2194) 
This commit adds support for processing network-initiated PDU Session
Modification in a home-routed roaming context, following section 4.3.3.3
of the specification.
 2025-05-31 15:44:44 +09:00
Pau Espin Pedrol
e93bc6b5c8 [SBI] Log error code description upon query failure 
Sometimes (eg res=16) the conn->error buffer is left empty by curl, so
also logging the name of the error code provides some extra useful
information.
 2025-05-29 06:02:21 +09:00
Pau Espin Pedrol
73976c938b [AMF] Fix order of IEs in NG Setup Failure 
Cause goes before TimeToWait accoding to 3GPP TS 38.413 ASN.1 definition
"NGSetupFailureIEs NGAP-PROTOCOL-IES" and section 9.2.6.3.
 2025-05-24 21:32:22 +09:00
Pau Espin Pedrol
8ec8832318 [AMF] cosmetic: Fix trailing whitespace 2025-05-24 21:32:22 +09:00
Sukchan Lee
3c1117d4fd [SBI] Fix parsing and serialization of _links "item" array (#3897) 
Previously, Open5GS assumed the _links map contained an array under the key
"items". However, the 3GPP specification (TS29.510 section 4.9.4 and TS29.501
Table 6.1.6.2.25-1) defines this member name as "item".

As a result, when interacting with vendor NRF implementations that use "item",
Open5GS could not find the array and logged "No items", causing JSON errors.

This change updates both serialization and parsing in lib/sbi/custom/links.c:

- In ogs_sbi_links_convertToJSON(), replace the property name "items" with
  "item" when building JSON.
- In ogs_sbi_links_parseFromJSON(), retrieve the array under "item" and adjust
  the error message to "No item" if the member is missing.

With these corrections, Open5GS will correctly handle NRF responses using "item"
and remain compliant with the indirect communication model defined by 3GPP.
 2025-05-18 14:32:39 +09:00
Bostjan Meglic
a35b5af124 [AMF] save the correct serving GUAMI for particular UE 
In case AMF is configured for multiple PLMN's, it would send a wrong
GUAMI in the Registration Accept message to the UE, also in other NAS
and SBI messages. Previously, it would only send the first configured
PLMN.
 2025-05-13 21:20:52 +09:00
Sukchan Lee
3e6b7e961d Merge branch 'main' into home-routed 2025-05-10 12:08:47 +09:00
Sukchan Lee
78ea40881c [ipfw2] override errx() to prevent exit on error (#3840) 
In ipfw2.c errx() would call exit(), aborting the UPF thread on rule parse
errors. Add a macro mapping errx() to ogs_log_message() so errors are logged.
We no longer call exit() and the main loop continues on error.
 2025-05-09 16:47:42 +09:00
Sukchan Lee
3a91d2aa3f [SBI] Guard against missing poll.write in session_write_callback to prevent shutdown assertion (#3893, #3807, #2411, #2312) 
Prior to this change, `session_write_callback()` unconditionally asserted that
`sbi_sess->poll.write` was non-NULL when the write queue drained, then removed
it from the poll set. In edge cases—particularly when using curl 8.x with
external epoll and `SIGPIPE` disabled—a late `EPOLLOUT` or errant write-ready
notification could arrive after `poll.write` had already been cleared. This
triggered the assertion in `nghttp2-server.c:1765`, aborting the process on
shutdown or session teardown.

This commit replaces the hard assertion with a runtime guard. If `poll.write`
is present, it is removed and reset to NULL as before. If it is already NULL,
we emit an warning log (`ogs_warn`) instead of aborting. This ensures any stray
write events after cleanup are safely ignored, allowing a clean exit without
crashing.

- Wrap `ogs_pollset_remove()` and pointer clear in `if (sbi_sess->poll.write)`
- Log an warning when `poll.write` is unexpectedly absent
- Preserve original behavior when `poll.write` is valid

This change resolves the fatal assertion observed on process exit after the
EPOLLERR/SIGPIPE fix and improves overall shutdown robustness.
 2025-05-09 16:03:50 +09:00
Sukchan Lee
9ce109a9e1 [PCF] split PCF_UE context into distinct AM and SM contexts (#3868) 
Separate the monolithic PCF_UE structure into PCF_UE_AM and PCF_UE_SM
to fully decouple AM‐ and SM‐policy lifecycles.
 2025-05-09 15:12:25 +09:00
herlesupreeth
8e286b67f1 [PCF] Add AF in list of allowed NF types for PCF 2025-05-08 11:20:25 +09:00
Spencer Sevilla
a82a63bb1f need to NULL out poll/sock pointers to prevent mme crash on vlr detach 2025-05-07 21:29:57 +09:00
Sukchan Lee
cfa4457502 [AMF/MME] Remove fatal assertions on oversized SCTP messages in NGAP and S1AP handlers (#3878) 
Previously, any SCTP recv would trigger ogs_fatal and an assert_if_reached
when MSG_EOR wasn’t set, causing the AMF or MME to crash on oversized
or fragmented packets. Since we rely on a 32 KB receive buffer and
do not support SCTP reassembly, this change replaces the conditional
fatal/assert logic with a single ogs_error call in both ngap_recv_handler
and s1ap_recv_handler.

Oversized or partial SCTP messages are now logged and dropped instead of
crashing the process.
 2025-05-06 17:52:51 +09:00
Sukchan Lee
62cb997552 [AMF/MME] Modify common_register_state to handle missing UE contexts gracefully (#3874) 
Previously, both AMF and MME assumed that RAN UE contexts would always
be present, triggering fatal assertions when a context lookup failed.

This change introduces explicit checks in the common_register_state handlers
to detect missing NG and S1 contexts without crashing:
 2025-05-06 16:28:48 +09:00
Sukchan Lee
9a524df8c0 Merge branch 'main' of https://github.com/open5gs/open5gs 2025-05-06 15:49:33 +09:00
Sukchan Lee
aab6940cd5 [AMF] improve HTTP/2 timeout handling and error logging (#3862, #3863) 
- Check ran_ue existence and abort if NG context has already been removed
- Detect deassociated RAN-UE (invalid amf_ue_id) and
  break to avoid further processing
- Validate AMF-UE ID matches ran_ue->amf_ue_id and skip on mismatch
 2025-05-06 15:47:17 +09:00
Sukchan Lee
3b53144ca5 [AMF/MME] default to Non-GBR flow when MBR/GBR parameters are missing (#3858) 
- Replace hard assertions on MBR/GBR presence in S1AP e‐RAB setup
  with a runtime check: if any of the four parameters (MBR DL/UL, GBR DL/UL)
  is missing, log an error and treat the bearer as Non-GBR
- Mirror the same logic in SMF’s NGAP build routines for PDU Session Resource
  Setup and Modify transfers: drop the assertions, emit detailed error messages
  with the missing MBR/GBR values, and omit GBR IEs
- Ensures graceful handling of incomplete QoS configurations by defaulting
  to best‐effort (Non-GBR) rather than crashing
 2025-05-05 22:06:44 +09:00
Sukchan Lee
2231e48870 [AMF] guard ran_ue to avoid assertion crash [#3851] 
If `ran_ue` has already been removed, log a warning using the UE’s SUPI
instead of triggering an assertion failure.
 2025-05-05 10:14:48 +09:00
Sukchan Lee
c145fc88aa [NRF] prevent invalid NF type registration DoS (#3846) 
Ensure that NFs with invalid types are rejected and never added,
preventing the denial-of-service crash.
 2025-05-05 09:54:29 +09:00
Sukchan Lee
e0dc936016 [NRF] reject SELF nf instance in SBI operations (#3845) 
Prevent the NRF from processing requests that target its own
instance ID. This prevents a denial of service vulnerability.
If an SBI request attempts to delete or modify the local NRF
instance, respond with 404 Not Found and log an error, avoiding
a crash due to the state machine assertion.
 2025-05-05 09:32:25 +09:00
Sukchan Lee
3706479582 [ipfw] guard token parsing loop against buffer overflow 
The token parsing loop in ogs_ipfw_compile_rule() lacked a bound on the
number of tokens stored in the 'av' array. This could overflow the stack
buffer when parsing overly long flow descriptions. Add a check to ensure
'i' remains below MAX_NUM_OF_TOKEN-2 before assigning to 'av[i]'.
 2025-05-05 07:55:45 +09:00
Sukchan Lee
ca61a901d5 Implement PDU Session Release for Home-Routed Roaming and fix N4 step ordering in 4.3.4.2 
- Add support for PDU Session Release in 3GPP TS 23.502 section 4.3.4.3
  Note: PCF-initiated release flow for Home-Routed Roaming is not implemented;
- Fix N4 release step ordering in 3GPP TS 23.502 section 4.3.4.2 UE or network requested PDU Session Release for Non-Roaming and Roaming with Local Breakout
 2025-05-02 21:28:25 +09:00
ethonshield
7b40d5a3f1 Add tutorial doc on how to configure Open5GS with 5G-Sharp-Orchestrator 2025-04-29 22:46:14 +09:00
Spencer Sevilla
4c2f40d2c2 more verbose DNN reject message 2025-04-27 08:15:51 +09:00
Pallavi Das
fba00abd75 Typos Fix 2025-04-27 08:14:54 +09:00
Sukchan Lee
d3edce9e91 [UDM] Update UE state machine to handle authentication retrieval errors (#3864) 
- In `udm_ue_state_operational()`:
  - Wrap the call to `udm_nudr_dr_handle_subscription_authentication()`
    in an `if` check.
  - On failure (`false`), log an error via
    `ogs_error("udm_nudr_dr_handle_subscription_authentication() failed")`.
  - Transition the FSM to `udm_ue_state_exception` using `OGS_FSM_TRAN()`.

This change ensures that failures during subscription authentication
REST calls are not silently ignored, and that the UE state machine moves into
an exception state for proper error handling and recovery.
 2025-04-19 20:57:39 +09:00
Pallavi Das
cd80aa432e Typos Fix 2025-04-19 20:45:25 +09:00
shellwayxw
90cb00ced3 Always make fqdn a NULL terminated string 2025-04-17 17:14:15 +09:00
shellwayxw
31d3f575d2 Fix stack overflow in ogs_pfcp_extract_node_id() 2025-04-17 17:14:15 +09:00
shellwayxw
726b588d76 Fix integer overflow in PFCP ogs_pfcp_parse_sdf_filter() 2025-04-17 17:14:15 +09:00
Sukchan Lee
1182a99d04 [AMF/MME] Fix potential buffer overflow in ASCII-to-USC2 conversion 
In amf_context_parse_config(), update the loop condition to ensure that
((i * 2) + 1) remains below
(OGS_NAS_MAX_NETWORK_NAME_LEN - 1) before performing any writes.
This change prevents potential out-of-bounds memory writes during
the conversion of an ASCII string to USC-2, thereby fixing a buffer
overflow issue.

This issue was observed on Ubuntu 25.04 and reported in the osmocom
nightly package.
 2025-04-13 06:55:22 +00:00
Sukchan Lee
d66d6f868a Merge branch 'main' into home-routed 2025-04-06 18:37:36 +09:00
Sukchan Lee
46f74c8019 Merge branch 'main' into home-routed 2025-04-06 18:36:57 +09:00
Sukchan Lee
9217889f8a [HSS,S6A] Add two Supported-Features AVPs to ULA for 5G-NSA roaming (#3832) 
This commit adds support for two Supported-Features AVPs in the
UpdateLocationAnswer (ULA) to enable 5G-NSA roaming. The first AVP
includes subscriber restrictions, while the second AVP signals that NR
as Secondary RAT is supported. Updates include modifications to
lib/diameter/s6a/message.c, lib/diameter/s6a/message.h, and
src/hss/hss-s6a-path.c.
 2025-04-06 17:01:54 +09:00
Sukchan Lee
6af18a15c3 [SMF] Add userLocationInfo and timeZone to PCF SM Policy request (#3755) 
This commit enhances the SM Policy request sent to the PCF
by incorporating user location information and time zone data.

The SMF now builds a userLocationInfo structure using the session's NR TAI
and NR CGI details, along with a timestamp generated from the current GMT time.

Additionally, the UE's time zone is included in the request context,
and the ratType is explicitly set to NR.
 2025-04-06 11:18:49 +09:00
Sukchan Lee
bf1cb6a024 [HSS/DBI] Follow-up on #3829 2025-04-05 18:26:32 +09:00
Farzaneh_sz
51acc388a6 get ifc data from db and insert in cx user data 2025-04-05 18:24:32 +09:00
Sukchan Lee
7dfd9a3964 Release v2.7.5 2025-03-30 22:05:34 +09:00
Sukchan Lee
b326b99f28 [CORE] Fix busy loop and blocking in curl with EPOLLERR handling in Open5GS 2.7.x (#3807, #2411, #2312) 
In Open5GS 2.7.x, when using curl 8.x with external epoll, an issue occurred
where the peer connection was closed, triggering EPOLLERR. At this point,
POLL_OUT should have been set to trigger the write event handler, invoking
`event_cb()` and calling `curl_multi_socket_action`. This would allow
`curl_multi_info_read` to execute without blocking.

However, when `event_cb()` wasn't invoked, `curl_multi_socket_action` was
not called, causing `curl_multi_info_read` to block. This resulted in a busy
loop in epoll, continuously checking for the closed peer connection.

This issue specifically affects Open5GS 2.7.x with curl 8.x, and is observed
on Ubuntu versions starting from **noble** and later. It does not occur on
Ubuntu Jammy.

The solution involves globally ignoring SIGPIPE and fixing the epoll logic
to ensure POLL_OUT is triggered when EPOLLERR occurs, allowing `curl_multi_socket_action`
to be invoked and `curl_multi_info_read` to run non-blocking. This resolves
the busy loop and connection issues caused by peer disconnects when using
curl 8.x and external epoll.

This fix improves the stability and performance of Open5GS when used with
curl 8.x and Ubuntu versions **noble** and above.
 2025-03-30 21:46:31 +09:00
Sukchan Lee
33fb33be45 Update document for v2.7.4 2025-03-26 20:08:31 +09:00
Sukchan Lee
555395a8e8 Release v2.7.4 2025-03-27 04:46:16 +09:00
Sukchan Lee
ae6cedf8e8 Revert "[SBI] replace calls to free_<nf>_info() with OpenAPI_<nf>_info_free()" 
This reverts commit 7ad40395a0.
 2025-03-26 10:04:06 +09:00
Sukchan Lee
704083db3b [SBI] Fix improper inclusion of callback headers in non-callback requests (#3798) 
This commit fixes an issue where the callback header (3gpp-Sbi-Callback)
was incorrectly added in non-callback requests. Specifically, for registration
(PUT) and subscription requests in the AMF and SMF modules, the callback
header was included even though these are not asynchronous notifications.

Changes include:
- Removing the callback header assignment in src/amf/nudm-build.c and
  src/smf/nudm-build.c for registration and subscription requests.
- Removing the callback header in NRF subscription-related builds in
  lib/sbi/nnrf-build.c where it was not required.
- Adding the callback header only for actual notification or callback
  operations (e.g. in src/amf/nsmf-build.c for N1/N2 transfer failure and
  in src/nrf/nnrf-build.c for NF status notifications).
- Introducing a new callback macro in lib/sbi/message.h for
  Namf_Communication_onN1N2TransferFailure.

This aligns the implementation with the standard, ensuring that callback
headers are only included in genuine callback/notification messages.
 2025-03-25 14:50:20 +09:00
Sukchan Lee
1d46a0e475 Update document for v2.7.3 2025-03-23 12:55:19 +09:00
Sukchan Lee
e16a8fc42e Release v2.7.3 2025-03-23 11:56:01 +09:00
Sukchan Lee
708f789792 [UPF/SGWU] fix: validate f_teid_len to avoid TEID swap bug on restart (#3747, #3574) 
When UPF/SGW-U is restarted, missing f_teid_len validation causes an error.
This patch adds checks for f_teid_len > 0 in ogs_pfcp_pdr_swap_teid and
in the SGW-U and N4 handler functions.
 2025-03-23 11:21:03 +09:00
Sukchan Lee
a5510f1870 [AMF/MME] Fix segfault on NG/S1 handover cancel by checking for NULL target UE (#3789) 
When a UE handover occurs, the target UE may already be removed. This
patch adds a NULL pointer check and logs an error instead of causing a
segmentation fault in both enb and sgw deassociation functions.
 2025-03-21 20:30:08 +09:00
Bostjan Meglic
fa3edde329 [NAS] add support for 30-seconds unit for GPRS3 timer 2025-03-21 17:52:12 +09:00
Sukchan Lee
63d26667bc [AMF/MME] Fix UE context deletion vulnerability using memento restoration (#3754) 
Renamed backup/restore security context functions to save/restore
memento and updated flag to "can_restore_context". Updated AMF and MME
state machines to restore context on failure, preventing malicious
deletion triggered by spoofed NAS messages.
 2025-03-21 17:28:47 +09:00
Sukchan Lee
10b161fbb9 [AMF] Refactor AMF Region ID Handling (#3778) 
- Changed amf_region_id type from uint16_t to uint8_t in context.h.
- Updated context.c to use ogs_amf_region_id() for extracting and comparing
  the region ID.
 2025-03-16 12:22:39 +09:00
Bostjan Meglic
9e6b86b84e [AMF] fix AmfInfo when AMF Set Id was configured beyond 4 
AMF Set Id is 10 bits long. Previously only the 2 bits from field "set2"
were used.
 2025-03-16 12:12:18 +09:00
Bostjan Meglic
49c5a280da [AMF,SBI] add support for TAI ranges in AmfInfo 
- fix an out-of-array-bounds-write to nf_info->amf.nr_tai during list1
TAI parsing, in case that sum of ranges of TAC's was bigger than 16
(OGS_MAX_NUM_OF_TAI).
- add checks for out-of-array-bounds
- fix indents
- fix error check
- subjectively prettify the code

[sbi] DEBUG: ogs_sbi_nf_state_will_register(): ENTRY (../lib/sbi/nf-sm.c:208)
[sbi] ERROR: CHECK CONFIGURATION: No Start/End in TacRange (../lib/sbi/nnrf-build.c:1094)
[sbi] FATAL: ogs_nnrf_nfm_build_nf_profile: Assertion `AmfInfo' failed. (../lib/sbi/nnrf-build.c:342)
[core] FATAL: backtrace() returned 13 addresses (../lib/core/ogs-abort.c:37)

Example configuration with which to trigger AMF crash before the fix:

guami:
  - plmn_id:
      mcc: "001"
      mnc: "01"
    amf_id:
      pointer: 31
      region: 2
      set: 1
  - plmn_id:
      mcc: "999"
      mnc: "93"
    amf_id:
      pointer: 31
      region: 2
      set: 1
  - plmn_id:
      mcc: "010"
      mnc: "310"
    amf_id:
      pointer: 32
      region: 2
      set: 1
tai:
  - plmn_id:
      mcc: "001"
      mnc: "01"
    tac:
      - 1
      - 5-6
  - plmn_id:
      mcc: "999"
      mnc: "93"
    tac:
      - 1
      - 11
  - plmn_id:
      mcc: "010"
      mnc: "310"
    tac:
      - 1011
      - 1020-1030
 2025-03-16 12:12:18 +09:00
Bostjan Meglic
8f008c8440 [SBI] replace manual free's with calls to OpenAPI_<struct>_free() 2025-03-16 12:12:18 +09:00
Bostjan Meglic
7ad40395a0 [SBI] replace calls to free_<nf>_info() with OpenAPI_<nf>_info_free() 2025-03-16 12:12:18 +09:00
Sukchan Lee
106a9accd4 [AMF/MME] Fix security context restoration and state transition cleanup (#3756) 
- Backup sensitive security context fields (e.g. xres, kasme, rand, autn,
  keys, counters) when transitioning from REGISTERED state.
- Set the can_restore_security_context flag in common_register_state()
  based on whether the transition originates from a REGISTERED or
  de-registered state.
- In emm_state_authentication(), restore the security context and revert
  to the REGISTERED state on authentication failure only if restoration
  is allowed; otherwise, transition to an exception state.
- Remove the redundant unconditional state transition in the cleanup block
  to prevent overriding a valid restoration.
 2025-03-16 11:57:14 +09:00
Sukchan Lee
e3dd98cd29 [PFCP] Prevent buffer overflow in PFCP context by using safe string copy (#3775) 
Replace unsafe strcpy calls with ogs_cpystrn in both ogs_pfcp_dev_add()
and ogs_pfcp_subnet_add() to ensure proper length checking.

This change prevents potential buffer overflows when handling ifname
and dnn fields, which could otherwise lead to unintended overwrites
(e.g., fd and num_of_range).
 2025-03-12 17:50:17 +09:00
Sukchan Lee
70310979c5 [KSI] Update EPC KSI issuance to match 5G Core behavior 
Previously, the EPC used the UE-provided KSI directly in the Authentication
Request (except for the special case where the UE sent
OGS_NAS_KSI_NO_KEY_IS_AVAILABLE, which was reset to 0).

This commit changes the EPC to follow the 5G Core approach
for issuing KSI in Attach-Request.

Now, when a Attach Request is received and a new Authentication Vector is
generated, the EPC performs the following steps:

- Extract the KSI value from the UE's request.
- Increment the extracted KSI by 1.
- Use the incremented KSI in the Authentication Request sent to the UE.

This detailed process ensures that the EPC issues the KSI consistently
with 5G Core standards, improving key management and interoperability.
 2025-03-10 15:15:47 +09:00
Sukchan Lee
1abc3b6d5f [SMF] Separate EPC-only attach config to avoid NRF register timeout 
Previously, sample.yaml was used for both 5GC and EPC attach tests.
Because SMF had SBI configured, it sent a register PUT to NRF even in
EPC-only tests (where nrf/scp was not run), leading to a missing HTTP
response and connection timer expiry.

Now, attach.yaml is used for EPC, preventing the unwanted NRF registration.
 2025-03-10 09:53:00 +09:00
jmasterfunk84
ec7c9a80c1 Ignore MIP-H-A-H 2025-03-07 10:23:01 +09:00
Sukchan Lee
cb2359dca0 [PFCP] Validate F-TEID parameters to prevent UPF/SGWU crash (#3747) 
This commit introduces robust validation for the F-TEID information element
in the PFCP message handling. Previously, malformed F-TEID values (such as
a zero length, zero TEID, or a TEID exceeding the pool size) could lead
to an assertion failure and crash the UPF.

The changes ensure that:
- The F-TEID length is greater than zero, confirming the IE is present.
- The TEID is a non-zero value, as a valid TEID must be positive.
- The TEID does not exceed the allowed pool size (max_ue * 4 * 16).

If any of these conditions are not met, an error is logged with the F-TEID
length and TEID value, and the function returns an error code
(OGS_PFCP_CAUSE_MANDATORY_IE_INCORRECT), preventing further processing
of the malformed message.
 2025-03-07 10:14:57 +09:00
Sukchan Lee
4012f572ed [SBI] Send GOAWAY on shutdown for all sessions to prevent RST (#3470) 
When another NF restarts, curl reuses the existing connection, which in
curl 8.9.1 causes the nghttp2 server to send an RST. This commit sends a
GOAWAY frame to every active session on shutdown, ensuring a graceful
termination and avoiding RST errors.

Previous versions such as curl 7.81.0 did not exhibit this behavior.
 2025-03-04 14:32:57 +09:00
Sukchan Lee
d187ce245b [SBI] Fix NF recovery failure on NF restart (#3740) 
Previously, nf_instance pointers were stored in nf_type_array and
service_type_array. This led to dangling pointers when an NF instance
was removed via ogs_sbi_nf_instance_remove(), causing incomplete cleanup
and improper recovery on UDR or other NF restarts. The issue resulted in
the system falling back to nf_instance->client with the default port 80,
leading to connection failures.

To resolve the problem, nf_instance_id is now stored instead of the
pointer. The validity of an NF instance is verified using
ogs_sbi_nf_instance_find(nf_instance_id), which ensures proper cleanup
and correct recovery.
 2025-03-04 14:32:57 +09:00
Sukchan Lee
6c67863971 [SEC] Fix crash when max_num_of_ostreams < 2 2025-02-28 16:44:17 +09:00
Bostjan Meglic
6fe6b88d9b [all] fix possible null dereference when using ProblemDetails 
In case that NF do not send ProblemDetails in the response.
Do not assume that ProblemDetails is always present, to prevent null
pointer dereferencing.
 2025-02-28 16:15:16 +09:00
Sukchan Lee
8cae6112cc [SEC] Fix crash in eNBDirectInformationTransfer due to missing Inter_SystemInformationTransferType 
This commit resolves an issue where the system would crash
when Inter_SystemInformationTransferType was not present.
 2025-02-28 14:27:10 +09:00
jmasterfunk84
8bdfdcf5df [AUSF] Cleanup ausf_ue when it is not found in UDM (#3743) 
* Remove ausf_ue when unknown in UDM

* cover both error cases
 2025-02-28 07:08:03 +09:00
jmasterfunk84
f98d0a780d [AUSF] Check length of SUCI_or_SUPI before trying to process (#3742) 
* Check length of supi/suci

* check all the things
 2025-02-28 07:07:24 +09:00
Sukchan Lee
1b21eba81e [UPF] Fixes: Crash in upf_sess_set_ue_ip when PDN type is invalid (#3727) 
When receiving a PFCP Session Establishment Request with an invalid PDN type(0),
the UPF would crash due to a failed assertion.

This commit improves error handling by:

- Removing the session_type assertion check that caused the crash
- Changing warning log to error log for better visibility
- Returning CAUSE_SERVICE_NOT_SUPPORTED instead of proceeding
  with invalid type

This prevents potential DoS attacks through malformed PFCP messages.
 2025-02-24 20:54:35 +09:00
Bostjan Meglic
6a2225bb68 [SBI] retrieve all currently registered NF's on app startup 
Before this, there were 2 different ways to search for neighbouring
NF's:

a) in the case AMF was started _before_ UDM, AMF would create
subscription to NRF to notify it when a UDM would (un)register. In this
case, NF instance would remain in AMF's context indefinitely.

b) in the case AMF was started _after_ UDM, AMF would have to use NF
discovery mechanism to search for NF's. In this case, NF instance would
remain in AMF's context for the duration of Search's validity (defaults
to 30 seconds). After validity expires, NF would expire. This means that
for heavy traffic situations, AMF would constantly issue discovery
requests.

[SBI] save only wanted NF instances on NF List Retrieval

When retrieving a list of NF Instances from NRF, save only the NF's that
we want. Check the NF instance against our subscription list for either
the NF type or NF Service.
This can still cause a DoS on NRF when NF starts in case there are 100's
of NF's in the network, but prevents using too much memory on NF.
 2025-02-20 20:13:18 +09:00
Spencer Sevilla
ba05380f5b also adding a default config option for newly generated sbi connections 2025-02-14 20:03:09 +09:00
Spencer Sevilla
68c6310717 add option to support curl binding local interface/ip for sbi calls 2025-02-14 20:03:09 +09:00
Bostjan Meglic
b32b1e981b [PFCP] fix crash for when PFCP NodeId is FQDN 
Test scenario:
- start 5G core
- wait for 5 minutes after SMF establishes PFCP association to UPF (DNS
query refresh interval)
- register UE and establish PDU session
- crash

[upf] DEBUG: upf_state_operational(): UPF_EVT_N4_MESSAGE (../src/upf/upf-sm.c:51)
[upf] DEBUG: upf_pfcp_state_associated(): UPF_EVT_N4_MESSAGE (../src/upf/pfcp-sm.c:185)
[upf] INFO: [Added] Number of UPF-Sessions is now 1 (../src/upf/context.c:217)
[upf] DEBUG: Session Establishment Request (../src/upf/n4-handler.c:66)
[gtp] INFO: gtp_connect() [127.0.0.8]:2152 (../lib/gtp/path.c:60)
[upf] INFO: UE F-SEID[UP:0x1230 CP:0x5817] APN[local] PDN-Type[1] IPv4[10.46.0.2] IPv6[] (../src/upf/context.c:532)
[upf] INFO: UE F-SEID[UP:0x1230 CP:0x5817] APN[local] PDN-Type[1] IPv4[10.46.0.2] IPv6[] (../src/upf/context.c:532)
[upf] DEBUG: Session Establishment Response (../src/upf/n4-build.c:36)
[pfcp] FATAL: ogs_pfcp_sendto: should not be reached. (../lib/pfcp/path.c:158)
[core] FATAL: backtrace() returned 12 addresses (../lib/core/ogs-abort.c:37)
/open5gs/build/src/upf/../../lib/pfcp/libogspfcp.so.2(ogs_pfcp_sendto+0x1c8) [0x7f73c5ac0888]
/open5gs/build/src/upf/../../lib/pfcp/libogspfcp.so.2(ogs_pfcp_xact_commit+0x170) [0x7f73c5ac3510]
/open5gs/./build/src/upf/open5gs-upfd(+0x109eb) [0x55d7f20f99eb]
/open5gs/./build/src/upf/open5gs-upfd(+0x12351) [0x55d7f20fb351]
/open5gs/build/src/upf/../../lib/core/libogscore.so.2(ogs_fsm_dispatch+0x24) [0x7f73c5b57574]
/open5gs/./build/src/upf/open5gs-upfd(+0xc445) [0x55d7f20f5445]
/open5gs/build/src/upf/../../lib/core/libogscore.so.2(ogs_fsm_dispatch+0x24) [0x7f73c5b57574]
/open5gs/./build/src/upf/open5gs-upfd(+0x77fb) [0x55d7f20f07fb]
/open5gs/build/src/upf/../../lib/core/libogscore.so.2(+0xfb05) [0x7f73c5b4cb05]
/lib/x86_64-linux-gnu/libc.so.6(+0x9ca94) [0x7f73c551ea94]
/lib/x86_64-linux-gnu/libc.so.6(__clone+0x44) [0x7f73c55aba34]
 2025-02-13 22:44:43 +09:00
Juan Pontón Rodríguez
f1e1f4a2a9 Update context.c 2025-02-13 20:20:34 +09:00
Sukchan Lee
8715915469 [UDM/UDR] Follow up on #3690 2025-02-11 07:04:42 +09:00
jmasterfunk84
600a7629ad [UDM][UDR] Add support for nssai resource in nudm-sdm (#3690) 
* [UDM][UDR] Add support for nssai resource in nudm-sdm

* Resolve Memory Issue

* Protect from multiple field entries, remove macros

* remove request_from_server, make use of xact state

* typo....

* definition cleanup
 2025-02-11 07:03:06 +09:00
Sukchan Lee
90afca821b Merge branch 'main' into home-routed 2025-02-09 11:15:55 +09:00
Sukchan Lee
056b50c9c8 [AMF] Fix crash on duplicate PDU session requests due to NULL SUPI (#3710) 
When a duplicate PDU session establishment is received, the AMF logs a
warning and proceeds to update the SM context via the SBI interface. This
process eventually calls amf_nsmf_pdusession_build_create_sm_context(), which
uses the SUPI to build the SBI URI header. If the SUPI is NULL, then the header's
resource component becomes NULL. This leads to a call to ogs_uridup() that
asserts on the NULL value, causing a crash.

This commit adds a check before invoking the SBI update. If the SUPI is NULL,
the update is skipped and a warning is logged. This prevents the invalid URI
build process and avoids the subsequent crash in ogs_uridup().
 2025-02-06 21:26:06 +09:00
Sukchan Lee
e31e9965f0 [AMF] Fix AMF crash during UE handover by handling unexpected SBI responses (#3707) 
During handover between two gNBs, the AMF enters an invalid state when it
receives an unexpected SBI response from the UDM in the process of sending
a smf-select-data request. This bug could lead to an AMF crash as the state
machine in gmm_state_registration encountered an unknown state.

The fix adds explicit handling for SBI messages with resource names such as
AM_DATA, SMF_SELECT_DATA, UE_CONTEXT_IN_SMF_DATA, and SDM_SUBSCRIPTIONS.
If the HTTP response status is not OK, CREATED, or NO_CONTENT, a warning
is logged and the message is ignored. This prevents the AMF from transitioning
into an abnormal state and improves overall stability during frequent handovers.
 2025-02-06 20:56:04 +09:00
Sukchan Lee
07cb42110e [DBI] Improve YAML policy config by adding SUPI range filtering 
Previously, policies were configured via YAML files without MongoDB.
This update enhances the YAML approach by adding the 'supi_range' key to
filter policies based on UE SUPI ranges. When both 'supi_range' and
'plmn_id' are provided, both conditions must be met.

Note that PLMN-ID filtering will be deprecated in a future release.
 2025-02-05 21:56:15 +09:00
Bostjan Meglic
e5545669fc [AMF] fix saving SDM subscription client info 2025-02-04 21:16:18 +09:00
Sukchan Lee
59f64970dd Update cifuzz 2025-02-04 21:09:20 +09:00
Sukchan Lee
bbfd462406 [PFCP] Fix the compile error (#3689) 2025-02-03 08:50:40 +09:00
Sukchan Lee
9c36fa5ccd [MME] Fix crash related to eNodeB context handling during indirect tunnel responses 
Replace enb_ue with source_ue to correctly reference the target eNodeB
context during handover. Added null checks and assertions to ensure proper
session cleanup in both mme-s11-handler.c and s1ap-handler.c.
 2025-02-02 11:48:17 +09:00
Sukchan Lee
350bc271fa [SEC] Fix PFCP Message Length Validation in ogs_pfcp_recvfrom (#3689) 
This commit modifies the message length check in ogs_pfcp_recvfrom.
Previously, the condition only verified that the received size was less than
the expected length, which could allow messages that are too long to be
processed.

The condition now requires an exact match between the received
size and the expected total PFCP message length, ensuring proper message
validation.
 2025-02-02 11:25:14 +09:00
Sukchan Lee
32cf4daf3a [SEC] Improve PFCP Message Validation to Prevent Fragmentation Attacks (#3689) 
This commit adds additional checks in the PFCP receive callback to ensure
that a complete PFCP message is received before parsing. A minimum header
length check and a total message length validation are now performed. This
prevents incomplete, fragmented messages from being processed and avoids
potential parsing errors and DoS conditions.
 2025-02-02 10:42:31 +09:00
Sukchan Lee
b1462f7236 [UDM] Handle maximum SDM subscription limit gracefully (#3688) 
Previously, the function `udm_nudm_sdm_handle_subscription_create()` would
trigger a fatal assertion failure if the maximum number of SDM subscriptions
was reached.

This commit adds error handling to check if the subscription pool allocation
fails.

If `udm_sdm_subscription_add()` returns NULL, an appropriate error message is
logged, and a 400 Bad Request response is sent back to the client instead of
causing a crash.
 2025-02-01 12:35:33 +09:00
Sukchan Lee
81f69b436c [DOCS] Update installation guide (#3681) 
to conditionally install `libidn-dev` or `libidn11-dev`,
depending on availability, and clarify common dependencies for Debian/Ubuntu.
 2025-01-22 17:53:36 +09:00
Sukchan Lee
3f38d66790 Merge branch 'main' into home-routed 2025-01-19 17:11:20 +09:00
Sukchan Lee
df11b05a1e Replaced deprecated libidn11-dev with libidn-dev across the project. 
This update improves compatibility with newer distributions by modifying
dependency declarations in control files, Dockerfiles, and documentation.
 2025-01-19 12:21:51 +09:00
Sukchan Lee
aaa950e6cf [SBI] Guard OpenSSL keylog callback with version check 
Wrap SSL_CTX_set_keylog_callback calls with an OpenSSL version check
to ensure compatibility with versions older than 1.1.1.

This prevents compilation issues on earlier OpenSSL releases,
such as those found on Ubuntu 18.04(bionic).
 2025-01-19 12:18:52 +09:00
Sukchan Lee
9c370ff89a [PFCP] Reduce DNS spam for FQDN nodes (#3431) (#3664) 
Each received PFCP message triggered ogs_pfcp_node_find(), causing a DNS
resolution if node_id was FQDN. Under heavy traffic, this could lead to
excessive DNS queries.

- Implement a 300-second refresh interval to avoid repeated DNS lookups.
- Store last_dns_refresh in each node to defer new queries until needed.
- Treat config-based nodes with no Node ID as UNKNOWN, matching them by IP
  alone until ogs_pfcp_node_merge() updates their ID.
- Validate IPv4, IPv6, or FQDN types in ogs_pfcp_node_merge() and reject
  invalid IDs.
- Provide inline code comments for clarity and maintainability.
 2025-01-18 12:15:00 +09:00
Bostjan Meglic
ba6a84d1b3 [pfcp] remove unused memory pool 2025-01-16 18:05:25 +09:00
Bostjan Meglic
78a993c486 [pfcp] fix use-after-free error 
Variable was used after it was free'd (put back into the
application's memory pool, but still).
 2025-01-16 18:05:25 +09:00
Bostjan Meglic
49d2f76fe1 [pfcp] fix return value 
Return value should be a pointer to sockaddr instead of status code.
 2025-01-16 18:05:25 +09:00
Sukchan Lee
2e68706f1e [AMF] prevent crash on npcf-am-policy-control SBI response handling (#3671) 
This commit addresses an Open5GS bug where the AMF process crashes
when receiving npcf-am-policy-control service responses during UE handovers.
The crash was occurring in the gmm_state_authentication() function
when the AMF encountered an unexpected SBI (Service Based Interface) message
from the PCF related to AM Policy Control requests.

Added a new case block in gmm_state_authentication() to explicitly handle
messages with the service name OGS_SBI_SERVICE_NAME_NPCF_AM_POLICY_CONTROL.
 2025-01-16 17:19:44 +09:00
Sukchan Lee
13585a34e3 [Metrics] Added PFCP related measurement 2025-01-12 11:47:12 +09:00
Sukchan Lee
d181ab54cc [PFCP] Refactor PFCP address handling (#3431) 
- Replace direct usage of OGS_ADDR/OGS_PORT macros with
  ogs_sockaddr_to_string_static() for consistent IPv4/IPv6 logging.
- Remove redundant stack buffer allocations for address printing.
- Update PFCP node address handling to use addr_list and related
  merges, avoiding obsolete sa_list references.
- Use ogs_pfcp_extract_node_id() and related APIs to safely extract
  PFCP Node ID, improving error handling and reducing stack usage.
 2025-01-11 20:33:02 +09:00
Sukchan Lee
8ff1d1b666 [CORE] Refactor ogs_sockaddr_strdup to use static buffer and rename 
- Changed ogs_sockaddr_strdup to ogs_sockaddr_to_string_static
- Replaced dynamic allocation with a static buffer
- Updated source and header files accordingly
 2025-01-11 20:33:02 +09:00
Sukchan Lee
df079b48d8 [PFCP] Add ogs_pfcp_get_node_id function with util modules (#3431) 
Created util.h and util.c to implement the ogs_pfcp_get_node_id function,
which retrieves the node_id from a PFCP message. Utilized the
ogs_pfcp_status_e enum for enhanced error handling, distinguishing
between success, absence, and error states.
 2025-01-11 20:33:02 +09:00
Sukchan Lee
ff917e9436 [GTP/PFCP] Enable server to bind to multiple addresses via FQDN resolution (#3431) 
Modified the `ogs_gtp/pfcp_context_parse_config` function to iterate through
all configured GTP/PFCP server addresses. When a Fully Qualified Domain
Name (FQDN) resolves to multiple IP addresses, the server now binds and
listens on each IP address individually.

These modifications enhance the flexibility and reliability of the GTP/PFCP
server within Open5GS, allowing it to handle multiple network
interfaces and redundant IP configurations as required.
 2025-01-11 20:33:02 +09:00
Sukchan Lee
04ec945e1d [SBI] Follow up on #3655 2025-01-11 20:24:30 +09:00
Bostjan Meglic
90cd67fcca [AMF,SMF] Prevent mapped HPLMN SST to always be set 
In case that mapped HPLMN SST was not set by the UE in the request to
Establish PDU Session, AMF/SMF would assume it is set to 0 (since the
recent change to allow SST value 0).
 2025-01-11 20:22:46 +09:00
Bostjan Meglic
c331207233 [all] allow value of 0 for S-NSSAI SST 
3GPP TS 23.003: 28.4.2 Format of the S-NSSAI

The SST field may have standardized and non-standardized values. Values
0 to 127 belong to the standardized SST range and they are defined in
3GPP TS 23.501 [119]. Values 128 to 255 belong to the Operator-specific
range.
 2025-01-11 20:22:46 +09:00
Sukchan Lee
34a9816c7b [SMF] Update comments for PR #3660 2025-01-09 21:02:37 +09:00
herlesupreeth
a38530f4f5 [SMF] Update QoS parameters even when only PFs needs to be added to QoS Flow 2025-01-09 21:00:16 +09:00
Sukchan Lee
fce22ca069 Fix the example configuration for AMF-TLS 2025-01-02 22:08:38 +09:00
Sukchan Lee
f04497ac31 [SBI] Allow direct NRF communication in Model C by configuring delegation modes (#3399) 
Introduce client_delegated_config to manage delegation settings for NRF and SCP
separately. This ensures that in Model C, all NRF-related procedures
(registration, heartbeat, deregistration, etc.) communicate directly with the
NRF without routing through the SCP. This change aligns Open5GS behavior with
3GPP standards, providing consistent direct communication for both discovery
and management in Model C, and maintaining indirect communication in Model D.

- Direct Communication with NRF
```
sbi:
  client:
    nrf:
      - uri: http://127.0.0.10:7777
```

- Indirect Communication by Delegating to SCP
```
sbi:
  client:
    scp:
      - uri: http://127.0.0.200:7777
```

- Indirect Communication without Delegation
```
sbi:
  client:
    nrf:
      - uri: http://127.0.0.10:7777
    scp:
      - uri: http://127.0.0.200:7777
    delegated:
      nrf:
        nfm: no    # Directly communicate NRF management functions
        disc: no   # Directly communicate NRF discovery
      scp:
        next: no   # Do not delegate to SCP for next-hop
```

- Indirect Communication with Delegated Discovery
```
sbi:
  client:
    nrf:
      - uri: http://127.0.0.10:7777
    scp:
      - uri: http://127.0.0.200:7777
    delegated:
      nrf:
        nfm: no    # Directly communicate NRF management functions
        disc: yes  # Delegate discovery to SCP
      scp:
        next: yes  # Delegate to SCP for next-hop communications
```

- Default delegation: all communications are delegated to the SCP
```
sbi:
  client:
    nrf:
      - uri: http://127.0.0.10:7777
    scp:
      - uri: http://127.0.0.200:7777
    # No 'delegated' section; defaults to AUTO delegation
```
 2025-01-02 17:49:40 +09:00
Sukchan Lee
be5a7e1ded [SBI] Added support for custom port numbers in SBI configuration with FQDN.(#3385) 
This update allows the parsing and handling of user-defined port numbers
in the `advertise` field or explicitly in the `server` configuration for
SBI. Users can now specify non-default ports for both binding and
advertising while maintaining compatibility with existing configurations.
The feature includes logic to handle FQDNs with embedded port numbers
(e.g., `example.com:8080`) and ensures proper memory management during
parsing. Updated the client association logic to utilize custom ports
when specified.

Examples:
- Bind to the address on the eth0 and advertise as open5gs-amf.svc.local
```
  sbi:
    server:
      - dev:eth0
        advertise: open5gs-amf.svc.local
```

- Specify a custom port number 7777 while binding to the given address
```
  sbi:
    server:
      - address: amf.localdomain
        port: 7777
```

- Bind to 127.0.0.5 and advertise as open5gs-amf.svc.local
```
  sbi:
    server:
      - address: 127.0.0.5
        port: 7777
        advertise: open5gs-amf.svc.local
```

- Bind to port 7777 but advertise with a different port number 8888
```
  sbi:
    server:
      - address: 127.0.0.5
        port: 7777
        advertise: open5gs-amf.svc.local:8888
```
 2024-12-31 22:04:55 +09:00
Sukchan Lee
3f6f2a8846 [SBI] Enable SSL Key Logging for Enhanced Debugging and Analysis (#3647) 
- Add `sslkeylogfile` configuration options to `*.yaml.in` in NFs.
- Update `open5gs-common.dirs` to include `var/log/open5gs/tls` directory
- Extend `ogs_sbi_context_s` structure in `context.h` to include `sslkeylog`
- Modify `context.c` to parse and handle `sslkeylogfile` settings
- Update `server.c` and `server.h` to manage the `sslkeylog` field
  in server structures
- Update `ogs_sbi_client_add` and `ogs_sbi_client_remove` functions to handle
  `sslkeylog` field.
- Adjust `meson.build` to create the TLS log directory during installation

This commit introduces SSL key logging functionality to Open5GS,
enabling the capture of SSL/TLS keys. This feature is essential
for debugging encrypted traffic and allows integration with tools
like Wireshark for decrypting TLS sessions.
 2024-12-30 21:21:41 +09:00
Sukchan Lee
35a14b595d Merge branch 'sctp-fix' 2024-12-27 09:25:24 +09:00
Sukchan Lee
33960bbb66 [NRF] Implemented PLMN list update handling in nrf_nnrf_handle_nf_update (#3566) 
- Added functionality to parse and validate the plmnList JSON array
  during a PATCH request.
- Updated the nf_instance structure with new PLMN data from the request.
- Ensured robust error handling for invalid PLMN entries
  and excessive PLMN counts.
- Responded with appropriate HTTP status codes for success and error scenarios.
 2024-12-26 14:38:00 +09:00
Sukchan Lee
2ce9f2b27e [SEC] Fix overflow issue of adjusting the URR access (#3642) 
Adjusted the URR access logic to prevent out-of-bounds access
by ensuring the URR ID is within the valid range.
 2024-12-25 18:04:42 +09:00
Sukchan Lee
badbefe7b3 [SGsAP] Refactor SCTP socket creation (#3344) 
- Removed `create_sctp_socket_from_addr_list` function.
- Introduced direct use of `sctp_socket_family_from_addr_list` in
  `ogs_sctp_server` and `ogs_sctp_client`.
- Ensured proper handling of address family selection for SCTP sockets,
  defaulting to `AF_INET` or `AF_INET6` based on the address list.
- Added error handling for cases where no suitable address family is found.
 2024-12-25 12:21:35 +09:00
Sukchan Lee
68375f6c35 [SGsAP] Change SCTP socket to SOCK_STREAM and remove 'addr' field (#3344) 
Addressed feedback on commit 33532a5 by switching SGsAP's SCTP socket
from SOCK_SEQPACKET to SOCK_STREAM. This change eliminates the need
for the 'addr' field, as SOCK_STREAM does not require specifying the address
in sctp_sendmsg.

All references to the 'addr' field have been removed from the VLR structure
and related functions, simplifying SCTP message handling and ensuring better
compatibility with multiple addresses.

Updated `sgsap-sctp.c` accordingly to reflect these changes
and improve the reliability of SCTP connections.
 2024-12-25 11:09:07 +09:00
Sukchan Lee
08b9e7c55f [DBI] Fix crash in ogs_dbi_auth_info due to invalid SUPI (#3635) 
Added checks to validate the SUPI ID in the ogs_dbi_auth_info function
before calling ogs_assert. This prevents a crash when the SUPI ID is malformed,
such as when it does not contain a hyphen.

The fix ensures that invalid SUPI values are logged and handled gracefully,
avoiding assertion failures and crashes in the UDR.
 2024-12-24 17:14:50 +09:00
Sukchan Lee
4016293214 [SEC] Fix overflow issue with QFI in QoS flow and adjust URR access (#3642) 
- Modified the `ogs_nas_qos_rule_s` structure to increase the size
  of the `identifier` field from 4 bits to 6 bits in order to allow
  for larger QoS Flow Identifiers (QFI).
- Adjusted the URR access logic in `upf_sess_urr_acc_add` to prevent
  out-of-bounds access by ensuring the URR ID is within the valid range.
 2024-12-24 16:42:23 +09:00
Sukchan Lee
3b7654061f [SCTP] Refactor SCTP socket creation to use address family from sa_list (#3344) 
Refactored the SCTP socket creation logic to dynamically select
the address family based on the provided address list.

A new function, `create_sctp_socket_from_addr_list`, was introduced
to check for the presence of an IPv6 address in the address list and
create an SCTP socket accordingly.

If an IPv6 address is found, it uses AF_INET6; otherwise, it defaults
to AF_INET. This change was applied to both the `ogs_sctp_server` and
`ogs_sctp_client` functions.
 2024-12-24 15:30:46 +09:00
Sukchan Lee
33532a5858 [SGsAP] Refactor VLR Lookup to Use Socket Pointers Instead of Addresses (#3344) 
Updated the VLR (mme_vlr_t) lookup mechanism to identify VLR instances
using socket pointers rather than IP addresses.

Replaced the `mme_vlr_find_by_addr` function with `mme_vlr_find_by_sock` across
relevant modules, including `mme-context.c`, `mme-context.h`, and `mme-sm.c`.

Adjusted memory management for the `addr` field within the VLR structure
to ensure proper allocation and deallocation. Removed address assignments
in `sgsap-sctp.c` for usrsctp and updated logging to reflect the new socket-based
identification.
 2024-12-24 15:22:00 +09:00
Sukchan Lee
b0bfd35c63 [SCTP] Support setting local address (#3344) 
Added support for binding to local IP addresses in ogs_sctp_client and
ogs_sctp_server, and correct SGsAP configuration

Implemented the ability to bind to one or multiple local IP addresses using
`sctp_bindx()` in both the `ogs_sctp_client()` and `ogs_sctp_server()` APIs.

Users can now specify local addresses in the configuration files under the new
`local_addresses` field, reducing unnecessary complexity and signaling caused
by binding to `ANY_ADDR`.

This update addresses issue https://osmocom.org/issues/6509 by ensuring
correct operation in multi-interface and complex networking setups.

Additionally, corrected the `sgsap` configuration by changing it
from `server` to `client`, and added support for specifying `local_addresses`
for local binding as follows:

```
sgsap:
  client:
    - address: msc.open5gs.org # SCTP server address configured on the MSC/VL
      local_address: 127.0.0.2 # SCTP local IP addresses to be bound in the M
```
 2024-12-23 21:16:15 +09:00
Sukchan Lee
b44d159c7b [SMF] Add check for relay peer in ogs_diam_is_relay_or_app_advertised function (#3589) 
Modify the function to return true if the peer is a relay,
otherwise check for advertised application.
 2024-12-13 14:56:44 +09:00
Sukchan Lee
6ffd7c978f [BSF] Remove mandatory BSF dependency for PDU session establishment (#3626) 
Modified the PCF logic to bypass the BSF dependency when it is not available.
This change ensures that the 5G Core can operate without requiring a BSF,
allowing PDU sessions to be established successfully in setups
where only a single PCF is used.
 2024-12-12 17:00:17 +09:00
Sukchan Lee
92515a9721 [NAS] Fix heap-buffer-overflow vulnerability in NAS message decoding (#3622) 
Resolved a heap-buffer-overflow issue
in the ogs_nas_5gs_decode_registration_request function caused
by improper handling of empty pkbuf.

Added validation checks to ensure pkbuf size is non-zero
before accessing its data.

Reviewed similar patterns in other decoding functions
to prevent similar vulnerabilities.
 2024-12-11 21:21:09 +09:00
AlbertoBerlin
531e301f4d When building a PCO response, if the incoming PCO has MS_SUPPORT_LOCAL_ADDR_TFT_INDICATOR, the SMF will also reply with the indication. Otherwise newer phones will reject the type of TFT that SMF sends for dedicated bearers (e.g. VoNR or VoLTE) because they do include the local address without having advertised support for it. 2024-12-11 20:43:02 +09:00
Bostjan Meglic
7e00910bfc [AMF] save mapped HPLMN from Session Est Req 
In case that UE sends "mapped HPLMN" in the Session Establishment
Request, AMF did not save it and forward it in the request to SMF.
 2024-12-05 18:34:30 +09:00
Sukchan Lee
1b167ef44d [AMF] Fix state machine crash during UE context transfer in REGISTERED state (#3613) 
Added a handler in gmm_state_registered() to process SBI client events
for UE context transfer, preventing fatal errors and AMF crashes during
Initial Registration.
 2024-12-05 10:19:03 +09:00
Sukchan Lee
43bcf08d51 [AMF] Resolve crash caused by incorrect handling of UE registration in multiple states (#3608, #3612) 
This commit resolves additional crashes in the AMF caused by improper handling
of UE registration requests in various states of the GMM state machine.

The issue occurs when the AMF receives multiple registration requests
from the same UE while the previous UE context is being released,
leading to outdated or invalid authentication vectors being processed.

Although a previous fix addressed this problem in the gmm_state_exception
function, similar crashes were identified in other states within gmm-sm.c.

To address this, the handling of multiple registration requests
from the same UE has been refined across all relevant states.

The fix ensures proper synchronization and validation of UE contexts,
preventing the AMF from processing outdated authentication data and
maintaining stability during such edge cases.
 2024-12-04 14:24:01 +09:00
Sukchan Lee
525695501e [PFCP] Add assertion to ensure F-TEID.ch is false before TEID swap (#3036, #3574, #3610) 
This prevents incorrect restoration behavior by ensuring the TEID is only
swapped when F-TEID.ch is false, indicating the TEID has already been assigned.
 2024-12-03 08:59:34 +09:00
Sukchan Lee
e5f50f53f6 [PFCP] Ensure correct TEID restoration behavior by checking F-TEID.ch value (#3574) 
Added a check to ensure that TEID restoration via swap occurs only
when F-TEID.ch is false. In the restoration process, when F-TEID.ch is false,
it indicates that the TEID has already been assigned, and the swap operation is
necessary to restore the TEID. However, if F-TEID.ch is true, it means that
the UPF needs to assign a new TEID for the first time, and performing a swap
in this case would be incorrect.

This check ensures that the swap operation is only triggered
when the TEID is already assigned and prevents potential issues
during the TEID assignment process.
 2024-12-02 16:53:38 +09:00
Sukchan Lee
f780f9af45 [AMF] Fix crash due to incorrect handling of UE registration requests (#3608) 
This commit addresses an issue in the AMF where it crashes
upon receiving the Nausf_UEAuthentication_Authenticate response
in the gmm_state_exception function.

The crash occurs when the same UE continuously sends registration requests
while the previous UE context is released before the AUSF response is received,
leading to incorrect states in the gmm state machine.

The root cause was a lack of proper handling in the gmm_state_exception function
for the scenario where multiple registration requests from the same UE cause
the AMF to process outdated authentication vectors.

This update introduces a fix to handle this edge case
and prevent the AMF from crashing.
 2024-12-02 11:24:20 +09:00
Sukchan Lee
76060ff22b [AMF/MME] Add validation for NAS PDU and mitigate DoS attacks (#3607, #3606, #3131) 
- Added handling for empty NAS PDUs to prevent potential heap-buffer-overflow.

- Implemented safeguards to reject invalid NAS messages and mitigate DoS attacks
  by removing S1/NG Context for affected UEs.
 2024-12-02 10:07:16 +09:00
liuxiaoxinxinxin
e690005a24 Update ngap-path.c 2024-12-02 10:04:15 +09:00
dchard
c67bddd2b4 [MME] Add fake combined attach 
In case an external HSS is used, and the NAM field is set to 0 (PACKET_ONLY),
Open5GS MME will only respond with an "EPS_ONLY" attach accept. This behavior
causes a lot of UEs (mainly phones) to disconnect after 1-2 seconds without
further signalling.

To resolve this, a new flag is introduced:

```
global:
  parameter:
    fake_csfb: true
```

If this flag is set to 'ture', the MME will respond with a combined EPS/IMSI
attach accept even if the HSS NAM field is set to "PACKET_ONLY", or if the
MME has no SGs connection towards a CS core.

By default this flag is false, thus not modifying the original behavior.

Note: some commercial core network vendors do include the LAI part in a
"fake" combined EPS/IMSI attach accept message. As that field is optional, and
testing also indicates that it is not needed, this patch does not implement it.
 2024-11-28 22:32:58 +09:00
Sukchan Lee
b8208464a2 [NRF] Remove nfProfileChangesSupportInd from responses (#3585) 
According to TS 29.510, the NFProfile structure in the NFDiscovery API does not
include the nfProfileChangesSupportInd attribute. However, Open5GS NRF currently
includes this attribute in NFDiscovery API responses, which has led to
complaints from certain NF vendors.

This commit modifies the nrf_nnrf_handle_nf_discover function
in src/nrf/nnrf-handler.c to ensure that the nfProfileChangesSupportInd
attribute is excluded when constructing NFProfile for NFDiscovery responses.
 2024-11-28 20:47:16 +09:00
Sukchan Lee
c3dccf13fc Revert "Removing from discovery responses an invalid nfProfileChangesSupportInd which should not be there" 
This reverts commit 02e1729ca6.
 2024-11-28 20:46:45 +09:00
AlbertoBerlin
02e1729ca6 Removing from discovery responses an invalid nfProfileChangesSupportInd which should not be there 2024-11-28 20:46:05 +09:00
AlbertoBerlin
df83767653 Support for nf-instance-id as Subscription Condition in subscriptions to notifications from NRF 2024-11-28 20:46:05 +09:00
Pau Espin Pedrol
3358e5128f [MME] Fix typo in log line 2024-11-26 06:44:48 +09:00
Sukchan Lee
0bbbd0166e Added use_upg_vpp parameter for UPG-VPP configuration (#3591) 
This commit introduces a new parameter in the global configuration
to support UPG-VPP UPF. When the following setting is added:

```
global:
  parameter:
    use_upg_vpp: true
```

The SMF generates PFCP messages specifically tailored for UPG-VPP UPF.
This allows seamless integration and operation with UPG-VPP
by automatically adapting the message structure to its requirements.
 2024-11-25 16:47:03 +09:00
Sukchan Lee
b47bad8b84 [HR] Implement GTP-U processing for HR Roaming in User Plane (#2194) 
- Added support for the N9 For Roaming interface type:
  - Core interface act as V-UPF.
  - Access interface act as H-UPF.

- Modified V-UPF behavior:
  - V-UPF updates only the TEID and IP Address in the GTP-U header.
  - The content following the Extension Header is passed through directly
    between the UE and H-UPF.

This implementation ensures seamless data flow between the UE, V-UPF, and H-UPF
while maintaining integrity for Home Routed Roaming scenarios.
 2024-11-23 17:51:42 +09:00
mitmitmitm
f5de72b996 Support non-integer bitrate strings more accurately 
TS 29.571 - 5.5.2 Simple Data Types defines BitRate type as

	String representing a bit rate that shall be formatted as follows:

	Pattern: '^\d+(\.\d+)? (bps|Kbps|Mbps|Gbps|Tbps)$'

	Examples: "125 Mbps", "0.125 Gbps", "125000 Kbps"

Taking the "0.125 Gbps" example, rather than round 0.125 down to 0, parse it as
a double-float first before multiplying by 10^9, resulting in 1.25e8 (bps).
 2024-11-21 16:39:36 +09:00
Sukchan Lee
f03e220761 [DOCS] Update link of Mesaurement of UPF Performance (#3553) 2024-11-20 10:52:28 +09:00
Bostjan Meglic
5ebb2eb76e [SMF] fix wrong return value (int -> bool) 2024-11-19 17:17:31 +09:00
Bostjan Meglic
cfff6d28aa [AMF] prevent null-dereferencing 
Break early in case resouce allocation fails.
 2024-11-19 17:17:31 +09:00
nick
1c2098bf71 fix indentation issue in srsenb.yaml and rename srslte.yaml to srsenb.yaml in guide02 docs 2024-11-19 08:43:16 +09:00
Sukchan Lee
1fa8e5468e [AMF/MME] Fix handover failing due to GNB/eNBID hash table handling (#3569) 
Resolved an issue where Handover was failing when attempting to handover
from GNB-ID/eNB-ID 1 to GNB-ID/eNB-ID 0.

The problem occurred because the hash table managing GNB_ID values would
remove any entry with the default GNB-ID/eNB-ID of 0 before re-adding entries.

Consequently, any GNB/eNB configured with a GNB-ID/eNB-ID of 0
would be inadvertently deleted whenever another GNB was added.

This fix modifies the handling of the hash table to prevent the default
GNB-ID/eNB-ID (0) from being removed unintentionally, allowing handovers
between GNB-ID/eNB-ID 0 and other GNBs/eNBs to proceed without error.
 2024-11-14 16:26:49 +09:00
Sukchan Lee
dd7217acde [MME] Fix handling of unknown PLMN in S1 Setup Request (#3544, #3570) 
```
TS36.413

8.7.3 S1 Setup
8.7.3.4 Abnormal Conditions
If the eNB initiates the procedure by sending a S1 SETUP REQUEST message
including the PLMN Identity IEs and none of the PLMNs provided by the eNB
is identified by the MME, then the MME shall reject the eNB S1 Setup Request
procedure with the appropriate cause value, e.g., “Unknown PLMN”
```

Modified code to address abnormal conditions where the eNB initiates
the S1 Setup Request with a PLMN Identity IE that is unrecognized by the MME.

In this case, the MME now properly rejects the S1 Setup Request
with the cause value "Unknown PLMN" in compliance with the 3GPP specification
(8.7.3.4).
 2024-11-13 11:17:06 +09:00
Sukchan Lee
1519f73f0f [AMF] for (k, i, j) -> for(i, j, k) (#3544, #3570) 2024-11-13 11:08:50 +09:00
draga
85bb717bf6 fixed function to compare with amf supported plmns 2024-11-13 10:55:36 +09:00
Sukchan Lee
51fd59e7cf [UDM] Prevent crash by limiting the number of TOKENs (#3564) 
we modified the ogs_supi_from_suci function to prevent the crash
by limiting the number of tokens parsed
 2024-11-11 16:09:45 +09:00
Sukchan Lee
70c888f4c9 Merge branch 'main' into home-routed 2024-11-07 17:52:48 +09:00
Sukchan Lee
e227d57972 [SBI] Enable Custom Info in User-Agent Header for HTTP/2 Requests (#3555) 
In accordance with TS29.500 Section 5.2.2.2 on mandatory HTTP standard headers,
the User-Agent header in HTTP/2 requests is required to include the NF type
of the HTTP/2 client. Additionally, it is specified that the content
of the User-Agent header may be followed by a hyphen and custom information
when needed, providing greater flexibility for identifying the originating
NF type or adding other specific details.

To accommodate this requirement, I modified the code to allow for additional
information to be appended after the NF type in the User-Agent header,
separated by a hyphen.

This change ensures that the User-Agent header format can be customized
as needed for indirect communication scenarios and requests originating
from the SCP, improving compliance with the specification and enhancing
the adaptability of the header format for HTTP/2 communications.
 2024-11-07 11:20:40 +09:00
Sukchan Lee
421126682e [SMF] Change the Max Number of PCO from 16 to 32 2024-11-05 16:49:04 +09:00
Sukchan Lee
ae2a3255a5 [CSFB] Fix Location Update for non-EPS (#3381) 
While experimenting with CSFB, it was observed that when the UE returns
to E-UTRAN after a CS call, the UE performs a Tracking Area Update
with a combined Tracking Area/Location Area update and IMSI attach.
Currently, Open5GS's MME simply responds with a TAU Accept message
but does not inform the MSC/VLR.

As a result, no further MT (Mobile Terminated) CS/SMS services are possible
in cases where the MSC/VLR only attempts paging on GERAN.
However, some MSC/VLR implementations with fast fallback may still attempt
paging on E-UTRAN, allowing MT CS/SMS services to function intermittently.

According to 3GPP TS 29.118 Section 5.2.2 Procedures in the MME,
specifically Section 5.2.2.2.1, if the timer Ts6-1 is not running,
the MME shall start the location update for non-EPS services procedure
upon receiving a combined Tracking Area Update Request indicating
combined TA/LA updating with IMSI attach. However, SGs timers are not
implemented in Open5GS, which is a separate issue.

To comply with the specification and ensure that the MSC/VLR is informed
when the UE becomes reachable via SGs, the following changes have been
implemented:

1. Delay UEContextReleaseCommand:

When the active_flag is set to 0, the UEContextReleaseCommand is now delayed
until the MME receives the TAU Complete message from the UE. This ensures
that the UE has acknowledged the new P-TMSI before the network releases
the context, maintaining proper synchronization between the UE and the network.

2. Include Mobile Identity Only When P-TMSI Changes:

The Mobile Identity is now included in the Attach/TAU Accept messages
only when the MSC/VLR updates the P-TMSI. This ensures that the UE receives
the Mobile Identity information solely when there is an actual change
in the P-TMSI, preventing unnecessary or incorrect handling
of TAU Complete messages.

3. Send SGsAP-REALLOCATION-COMPLETE Conditionally:

The SGsAP-REALLOCATION-COMPLETE message is now sent to the MSC/VLR
only upon receiving a Attach/TAU Complete message from the UE.
This confirmation indicates that the UE has successfully updated its P-TMSI,
ensuring that the MSC/VLR is accurately informed of the change.

4. Handle P-TMSI Confirmation:

When the MSC/VLR updates the P-TMSI, Open5GS stores the new P-TMSI
in the next field of the mme_ue structure. Upon receiving the TAU Complete
message from the UE, indicating acknowledgment of the new P-TMSI,
Open5GS confirms the update by transferring the P-TMSI from the next field
to the current field. This ensures that the MME maintains an accurate and
up-to-date record of the P-TMSI as confirmed by the UE.
 2024-11-05 16:37:45 +09:00
Sukchan Lee
c888e2d62a [SBI] Fixed an issue in SCP TLS communication for Open5GS (#3541) 
Fixed an issue in SCP TLS communication for Open5GS where omitted port numbers
in HTTP/HTTPS URIs (e.g., "https://scp.localdomain" implying port 443) were not
handled correctly.

Updated the code to ensure that during FQDN and port comparisons,
cases where the port number is set to 0 are accounted for.

This fix resolves the problem with indirect SBI communication over SCP using TLS
allowing proper connectivity between network functions like BSF and NRF.
 2024-11-03 21:47:29 +09:00
Sukchan Lee
2031f7d8a1 [SBI] Make 'global' configuration optional instead of mandatory (#3466) 
Previously, the global configuration section was required for NF to start,
which differed from earlier versions where it was optional. This commit modifies
the implementation to make the global section optional again,
allowing NF to start without explicitly defining global settings.

This change restores the previous behavior and improves usability for users
who do not need to customize global settings.
 2024-11-01 15:32:46 +09:00
Sukchan Lee
1f42ddace1 [SCP/SEPP] Fixed memory leak in specific exception handling scenarios 
The memory leaks occurring in specific exception handling scenarios have been
resolved. For instance, when an HTTP2 connection closes, memory associated
with objects like response messages was not being freed properly.

This update addresses and fixes these issues.
 2024-11-01 14:31:11 +09:00
Sukchan Lee
bc02e48d1a [ePDG] Add Node-Identifier IE support in GTPv2 S2b Create-Session-Request for SMF Diameter S6b Routing (#3507) 
Implement support for Node-Identifier IE in GTPv2 S2b Create-Session-Request
to SMF for Diameter S6b integration

This patch adds support for processing the Node-Identifier IE within GTPv2
Create-Session-Request messages sent via the S2b interface to the SMF.
When the ePDG includes the Node-Identifier IE containing both host and realm
of the AAA-Server, the SMF now uses this information to populate
the Destination-Realm and Destination-Host AVPs in the Diameter S6b AAR message.

This enables seamless integration and allows the SMF to route requests directly
to the appropriate AAA-Server, enhancing interoperability in setups
where the host and realm data are required by the Diameter network.
 2024-10-31 22:22:25 +09:00
Sukchan Lee
ce36143f5c [PFCP] Add Missing 3GPP Interface Type in PFCP Messages 
This field was previously omitted, which could lead to
improper handling of interface-specific logic in certain scenarios.

The addition of the 3GPP Interface Type ensures correct behavior
in compliance with the 3GPP standards for PFCP message handling.
 2024-10-20 22:54:08 +09:00
Sukchan Lee
151275d708 [PFCP] Fix SGW-U/UPF Bugs and Improve Header Handling 
1. Fix SGW-U/UPF bug by comparing QFI only when PDI's QFI is present
Resolved an issue where the QoS Flow Identifier in the GTP-U Extension Header
was incorrectly compared regardless of the presence of PDI's QFI.
Updated the implementation to perform the comparison
only when PDI's QFI is present.

2. Add Outer Header Removal settings to SGW's PDR where necessary
Addressed the absence of Outer Header Removal in the SGW's PDR
by adding it to all required locations, ensuring proper header handling.

3. Remove unnecessary GTP-U Extension Header Removals
Eliminated all instances of GTP-U Extension Header Removal
since they should only be used during handover from 5GS to EPS.
This cleanup prevents improper header removals in other scenarios.

4. Delete unnecessary usage of Network Interface and UE IP Address
Removed all redundant references to Network Interface and UE IP Address,
streamlining the codebase and reducing potential confusion.

5. Change precedence so that Control has higher priority than Data
Adjusted the precedence settings to ensure that Control messages
are given higher priority over Data, enhancing the system's efficiency
and responsiveness.
 2024-10-20 18:52:21 +09:00
Sukchan Lee
0e441cf710 [MME] TAI and E_CGI IEs in SGs (#3518) 
Added UE's current TAI and E-CGI to SGsAP-LOCATION-UPDATE-REQUEST message
as per TS 29.118 5.2.2.2.1
 2024-10-20 16:40:49 +09:00
Sukchan Lee
e3790b45b4 [PFCP] Fix memory free issue causing crash (#3497) 
This commit fixes an issue where the system would crash
due to improper memory release after receiving crafted PFCP packets from UEs.
 2024-10-17 23:30:04 +09:00
Sukchan Lee
a50c313b81 [SMF] Update QoS Rule Handling (#3513) 
1. Set packet filter identifier values to 0 when the UE requests to:
  - Create new QoS rule
  - Modify existing QoS rule and replace all packet filters
  - Modify existing QoS rule and add packet filters - As specified in TS24.501, section 9.11.4.13, Table 9.11.4.13.1.

2. Revise QoS rule modification logic:
  - Instead of replacing packet filters based on their identifiers (EPC approach), update the implementation to delete all existing packet filters within the QoS rule and add new ones.
  - This ensures that when modifying an existing QoS rule to replace all packet filters, the packet filters are correctly reset and updated per 5G Core requirements.
 2024-10-17 15:55:34 +09:00
Sukchan Lee
5dc3905c39 [SMF] Fix Packet Filter Identifier handling and limit maximum number (#3505) 
- **Correct Packet Filter Identifier Handling:**
  Remove the addition of +1 when searching for the packet filter context using `smf_pf_find_by_identifier()` in the 5G Core SMF. According to 3GPP TS24.008 Section 10.5.6.12 and TS24.501 Section 9.11.4.13, the Packet Filter Identifier should range from 1 to 15 (or 0 to 15) depending on the operation and should be used directly as received from the UE.

- **Adjust Maximum Number of Packet Filter Identifiers:**
  Change the maximum number of Packet Filter Identifiers from **16** to **15** in the SMF to comply with the 3GPP specifications. The standards specify that the number of packet filters shall be greater than 0 and less than or equal to 15 for certain operations.

**Background:**

In the current 5GC implementation, the SMF incorrectly adds +1 to the identifier received from the UE and allows up to 16 identifiers, leading to mismatches and potential communication issues. These discrepancies cause the SMF to fail in correctly locating the packet filter context, resulting in improper QoS rule enforcement.

**Changes Made:**

- **For Packet Filter Identifier Handling:**
  - Updated the SMF code to use the identifier received from the UE directly without modification:
    ```c
    // Corrected code for 5GC:
    pf = smf_pf_find_by_identifier(
            qos_flow, qos_rule[i].pf[j].identifier);
    ```

- **For Maximum Number of Packet Filter Identifiers:**
  - Adjusted the code to enforce a maximum of 15 packet filters as per the specifications.

**Impact:**

- **Compliance:**
  - Ensures that the 5GC implementation of Open5GS adheres to the 3GPP TS24.008 and TS24.501 specifications regarding Packet Filter Identifier handling and limits.

- **Functionality:**
  - Corrects the mapping and management of packet filters between the UE and SMF in 5GC, preventing potential communication issues and misconfigurations.

- **EPC Implementation:**
  - The EPC implementation remains unaffected by these changes. EPC correctly handles the Packet Filter Identifier by decrementing it by 1 before sending it to the UE and adding +1 when searching for the packet filter context.

**Conclusion:**

By making these adjustments, we ensure proper synchronization between the UE and SMF in the 5G Core and maintain compliance with the 3GPP specifications. This fix resolves the mismatches caused by incorrect identifier handling and enforces the correct limit on the number of packet filters, enhancing the reliability and standards compliance of the 5GC implementation without impacting the existing correct behavior in EPC.
 2024-10-16 17:24:55 +09:00
Sukchan Lee
063fa42a28 Revert "[SMF] Fix Packet Filter Identifier handling in SMF (#3505)" 
This reverts commit f82fc85cc2.
 2024-10-16 09:32:16 +09:00
Sukchan Lee
f82fc85cc2 [SMF] Fix Packet Filter Identifier handling in SMF (#3505) 
Decrement the Packet Filter Identifier by 1 before sending it to the UE
during GSM message construction. This correction ensures proper synchronization
between the UE and SMF, allowing `smf_pf_find_by_identifier()` to accurately
locate the corresponding `pf` context without adjusting the identifier
during the search.

This fix aligns the 5GC implementation with the EPC behavior,
where the identifier was correctly decremented before transmission to the UE,
preventing mismatches and synchronization issues.
 2024-10-15 17:57:11 +09:00
Sukchan Lee
606788361c [SMF] Fixed incorrect prefix length in GTPv2 PAA IE (#3495) 
I have modified the PAA's IPv6 prefix length from 8 to 64.
This adjustment ensures that the prefix length now correctly reflects
the standard /64 notation, in accordance with the specifications.
 2024-10-11 14:58:14 +09:00
Sukchan Lee
55e5fc92dd [SMF] Fixed interface-type in the Create Bearer Request (#3484) 
I wanted to let you know that I have modified the SMF configuration
to send S2b PGW GTP-U instead of S5/S8 PGW GTP-U in WLAN.

This adjustment should ensure that the correct interface type is used,
as per the specifications.
 2024-10-11 14:52:09 +09:00
Sukchan Lee
cf4bbe83fc [HR] Control Plane between V-SMF/H-SMF (#2194) 
Implement Control Message handling between V-SMF and H-SMF
during Home Routed Roaming process

Completed the implementation of control messages exchanged
between V-SMF and H-SMF as part of the Home Routed Roaming process
 2024-10-10 17:30:20 +09:00
Sukchan Lee
af85bc0a66 [MME] Incorrectly being retrieved from the PLMN-ID (#3480) 
The issue was that the PLMN-ID of the TAI was incorrectly being
retrieved from the PLMN-ID of the EUTRAN_CGI.

As a result, when the PLMN-IDs of the TAI and EUTRAN_CGI were improperly set,
the MME would crash.

All issues have now been resolved.
 2024-10-07 22:10:39 +09:00
Sukchan Lee
6834bdf819 [HR] SMF selection (#2194) 
SMF selection according to 4.3.2.2.3 of TS23.502.

V-SMF makes discovery in the V-NRF according to V-NSSF.

H-SMF makes discovery in the H-NRF according to H-NSSF.
(The AMF goes through the V-NSSF and forwards the message seeking the NRF to the H-NSSF.)
 2024-09-16 08:55:52 +09:00
Pau Espin Pedrol
6d80d4322a [PCRF] Support retrieving metrics from freeDiameter thread 2024-09-05 21:51:12 +09:00
Pau Espin Pedrol
0c348cac68 [PCRF] Initial metrics support 
This commit doesn't add any PCRF specific metrics, only all the
boilerplate code to instantiate libmetrics and hence have the generic
prometheus metrics available.
 2024-09-05 21:51:12 +09:00
Sukchan Lee
3d3f18e342 [PCRF/HSS] Added missing files for enabling metrics (#3442) 2024-09-05 21:28:30 +09:00
Sukchan Lee
778d0cbc59 [PCRF/HSS] Enable Metrics (#3442) 2024-09-05 21:26:27 +09:00
Pau Espin Pedrol
787e555501 [PCRF] Enable ogs_app pollset 
This will be needed once metrics are included.
 2024-09-05 08:12:46 +09:00
Pau Espin Pedrol
7bf057ce00 [PCRF] Improve diameter logging 2024-09-05 08:11:59 +09:00
Pau Espin Pedrol
95e885bfba [PCRF] cosmetic: Fix trailing whitespace 2024-09-05 08:11:59 +09:00
Pau Espin Pedrol
34220b94cf diameter: stats: Fix unit typo in log 2024-09-05 08:11:59 +09:00
Sukchan Lee
219cda9b4f [MME/AMF] Fixed problem in MacOSX machine 
1. transfer needs 192.168.x.50
2. Compilation error in namf-build.c in MaxOSX
3. enb_ue can be NULL in esm-sm.c
 2024-09-04 22:00:29 +09:00
Pau Espin Pedrol
3e154f9571 [HSS] Initial support for SWx diameter metrics 2024-09-04 21:28:59 +09:00
Pau Espin Pedrol
5b66e3159a [HSS] Improve SWx diameter debug logs 2024-09-04 21:28:59 +09:00
Pau Espin Pedrol
b2f56b9641 [HSS] Initial support for S6a diameter metrics 2024-09-04 06:36:32 +09:00
Pau Espin Pedrol
7293b5f3e4 [HSS] Initial support for Cx diameter metrics 2024-09-04 06:36:32 +09:00
Pau Espin Pedrol
9db907a56e [HSS] First diameter metric 
This commit showcases how to add diameter based metrics to an app.
Follow-up commits will add further metrics for different diameter based
interfaces.
 2024-09-04 06:36:32 +09:00
Pau Espin Pedrol
a37a2099fc diameter: Support updating app with private metrics 2024-09-04 06:36:32 +09:00
Pau Espin Pedrol
902a602a2b diameter: Support configuring stats interval through config file 2024-09-04 06:36:32 +09:00
Pau Espin Pedrol
4308ba7f37 [HSS] Improve diameter based interface debug logs 
This way it's immediate to know whether stuff happens o nthe rx or the
tx path when looking at logs or even at the code.
 2024-09-03 23:16:36 +09:00
Pau Espin Pedrol
91674ffa8a diameter: stats: Split logging to helper function 2024-09-03 22:20:19 +09:00
Pau Espin Pedrol
36d2fb3ebb diameter: stats: Move stats struct outside of context 2024-09-03 22:20:19 +09:00
Pau Espin Pedrol
7fb0690950 diameter: stats: use monotonic clock & avoid drift 
We simply want to trigger the event at fixed intervals, we don't really
need the wall time.
 2024-09-03 22:20:19 +09:00
Pau Espin Pedrol
9cabb279c0 diameter: stats: Integrate into main loop 
There's no real need for a separate thread, it all can run with a timer.
Furthermore, this will ease submitting events towards app so that they
can update diameter metrics.
 2024-09-03 22:20:19 +09:00
Pau Espin Pedrol
b5d1e8ac61 diameter: split stats and logger modules 
Those 2 modules actually share nothing in common, so they can be totally
separated, making it easy to improve diameter stats in follo-up patches.
 2024-09-03 22:20:19 +09:00
Pau Espin Pedrol
9e87c6b1c6 cosmetic: diameter: Fix trailing whitespace 2024-09-03 22:20:19 +09:00
Pau Espin Pedrol
34c922a857 diameter: logger: Use typedef for ogs_diam_logger_t 
Same as done mostly everywhere in open5gs types.
 2024-09-03 22:20:19 +09:00
Sukchan Lee
b530221dea [AMF] Follow-up on #3409 2024-09-03 22:11:02 +09:00
Matej Gradisar
dab131d375 [AMF] Add UE context transfer and Registration status update states 2024-09-03 22:09:56 +09:00
Matej Gradisar
1a344aeb65 [Tests] Delete unnecessary code 2024-09-03 22:09:56 +09:00
Matej Gradisar
8c293bc710 [AMF] Registation status update and tests 2024-09-03 22:09:56 +09:00
Bostjan Meglic
5cf92c9851 [tests] Upgrade tests for multiple NFs 
The test scenario can now deploy multiple AMFs and other NFs.
 2024-09-03 22:09:56 +09:00
Sukchan Lee
ed68d0b016 [MME] Follow-up on #3429 #3422 2024-09-03 21:48:25 +09:00
Jiaxun Yang
deef017dfe [MME] config: Document hss_map yaml entry 
Signed-off-by: Jiaxun Yang <jiaxun.yang@flygoat.com>
 2024-08-29 16:39:45 +09:00
Jiaxun Yang
9d83eba550 [MME] Implement HSS Selection process 
Implement HSS selection process as described in TS 29.272 Section 7.16.
Use hss_map config entry to map between plmn and HSS realm & host.

Closes: https://github.com/open5gs/open5gs/issues/3422
Signed-off-by: Jiaxun Yang <jiaxun.yang@flygoat.com>
 2024-08-29 16:39:45 +09:00
Pau Espin Pedrol
51aca2826f [MME] 2g->4g: Delay SGSN Context Ack after UE becomes authorized 
This commit is a follow-up from previous one, split to ease review.
In this commit, the SGSN Context Ack towards SGSN plus session creation
towards SGW is further delayed until authorizing + SecurityModeCommand
against UE has succeeded, hence meaning we have a fully operating
context to communicate with it.
 2024-08-28 11:17:38 +09:00
Pau Espin Pedrol
5b0a0bf6cf [MME] 2g->4g: Delay SGSN Context Ack after Auth-Info towards HSS 
As per 3GPP TS 23.401 Annex D.3.6 step 6, "Security functions may be
executed" during TAU (UE cell reselection 2g->4g).

The idea is that the 4G network should check the integrity of the TAU,
and only if iexisting and valid then accept it right away. Otherwise,
an authorization procedure is started.

Until now, during 2g->4g TAU we were retrieving and acking the PDP Context
received from the SGSN and creating the session against the SGW right away.

Tests done so far with real phones ended up in unsuccesful results when
tring to reuse the 4g context derived from 2g, due to yet unknown
reasons.
Hence, with this patch we simply force for now the re-auth and
recreation of security context before completing the TAU. This showed
good results during testing with real phones.

The security context is recreated through:
* S6a 3gpp-Authentication-Info towards HSS
* S1AP/NAS Authentication Request+Response towards UE
* SecurityModeCommand towards UE.

This patch is the first step towards delaying SGSN Context Ack after the whole
authentication is done against the UE. Patches are splitted for ease of
review.
This patch is only delaying session setup after the S6a procedure.
Follow-up patch will delay it further.
 2024-08-28 11:17:38 +09:00
Pau Espin Pedrol
c1fb688f15 [MME] S6a AIA: Trigger next step in auth procedure in the FSM 
This is a preparatory patch for follow-up patches, making them easier to
review and placing actions in the FSM code.
 2024-08-28 11:17:38 +09:00
Pau Espin Pedrol
ad80448c11 [MME] Reject SGSN Context Resp if establishing session fail 2024-08-28 11:17:38 +09:00
Pau Espin Pedrol
561a55f790 cosmetic: MME: Fix trailing whitespace 2024-08-26 22:51:09 +09:00
Sukchan Lee
b6ddd7fffb [SMF] Reject PDU session during establishment(#3408) 
In case that UE requests a PDU session with specific SSC Mode
for which it is not authorized, reject the request
instead of trying to continue processing it.
 2024-08-26 13:46:36 +09:00
Runamook
19f6e0cf96 MSISDN Subscription-Id in Gx 2024-08-25 10:15:59 +09:00
Sukchan Lee
8305c4d50e [AMF/MME] Avoid crash if tx Security Mode Command fails (#3413) 
This can happen if a UE never sends the UE Network Capabilities IE (eg Attach or TAU) when coming from 2G to 4G:

```
08/21 11:45:31.476: [emm] DEBUG: emm_state_security_mode(): ENTRY (/open5gs/src/mme/emm-sm.c:1162) 08/21 11:45:31.476: [mme] DEBUG: [262420000000007] Security mode command (/open5gs/src/mme/nas-path.c:336)
08/21 11:45:31.476: [emm] DEBUG:     Replayed UE SEC[LEN:2 EEA:0x0 EIA:0x0 UEA:0x0 UIA:0x0 GEA:0x0] (/open5gs/src/mme/emm-build.c:385)
08/21 11:45:31.476: [emm] DEBUG:     Selected[Integrity:0x0 Encrypt:0x0] (/open5gs/src/mme/emm-build.c:393)
08/21 11:45:31.476: [emm] ERROR: Encrypt[0x0] can be skipped with EEA0, but Integrity[0x0] cannot be bypassed with EIA0 (/open5gs/src/mme/emm-build.c:447)
08/21 11:45:31.476: [mme] ERROR: emm_build_security_mode_command() failed (/open5gs/src/mme/nas-path.c:343)
08/21 11:45:31.476: [emm] ERROR: emm_state_security_mode: Expectation `r == OGS_OK' failed. (/open5gs/src/mme/emm-sm.c:1171)
```

Instead of crashing the MME/AME, fail gracefuly sending a UeContextReleaseCommand.

Reproduced/tested with a WIP ttcn3 test.
 2024-08-25 10:06:32 +09:00
Pau Espin Pedrol
4953628275 [MME] Avoid crash if tx Security Mode Command fails 
This can happen if a UE never sends the UE Network Capabilities IE
(eg Attach or TAU) when coming from 2G to 4G:
"""
08/21 11:45:31.476: [emm] DEBUG: emm_state_security_mode(): ENTRY (/open5gs/src/mme/emm-sm.c:1162)
08/21 11:45:31.476: [mme] DEBUG: [262420000000007] Security mode command (/open5gs/src/mme/nas-path.c:336)
08/21 11:45:31.476: [emm] DEBUG:     Replayed UE SEC[LEN:2 EEA:0x0 EIA:0x0 UEA:0x0 UIA:0x0 GEA:0x0] (/open5gs/src/mme/emm-build.c:385)
08/21 11:45:31.476: [emm] DEBUG:     Selected[Integrity:0x0 Encrypt:0x0] (/open5gs/src/mme/emm-build.c:393)
08/21 11:45:31.476: [emm] ERROR: Encrypt[0x0] can be skipped with EEA0, but Integrity[0x0] cannot be bypassed with EIA0 (/open5gs/src/mme/emm-build.c:447)
08/21 11:45:31.476: [mme] ERROR: emm_build_security_mode_command() failed (/open5gs/src/mme/nas-path.c:343)
08/21 11:45:31.476: [emm] ERROR: emm_state_security_mode: Expectation `r == OGS_OK' failed. (/open5gs/src/mme/emm-sm.c:1171)
"""

Instead of crashing the MME, fail gracefuly sending a UeContextReleaseCommand.
 2024-08-25 09:50:17 +09:00
Daniel Willmann
28f9de4b41 ogs_fqdn_parse: Write the terminating NULL byte even if the APN is empty 
Enter the while loop even if length == 1 (with len being 0) so that the
terminating NULL byte is written to dst.
 2024-08-25 09:42:48 +09:00
Daniel Willmann
591f0a2fca ogs_fqdn_parse: Don't fail when parsing the empty APN 
The osmocom ttcn3-mme-ogs test uses an APN consisting simply of the NULL
byte. This corresponds to one label of length zero, so simply the APN "".

Since commit 333d3fe1 ogs_fqdn_parse() returning zero is considered an
error in ogs_gtp1_parse_pdp_context().

Fix this by returning a negative value on error in ogs_fqdn_parse() and checking for
that.
 2024-08-25 09:42:48 +09:00
Bostjan Meglic
9d878d255d [SMF] Fix handling allowed SSC Modes and Session Types 
The standard mandates that one SSC Mode is the default (if UE does not
request one), with up to 2 additional SSC Modes can be selected.
Always check also the default SSC Mode if it can be selected.

Same logic applies for Session Types.
 2024-08-25 09:05:17 +09:00
Bostjan Meglic
b6d80cb244 [AMF] add supportedFeatures field in SDMSubscription request 
Set flag LimitedSubscriptions in the supportedFeatures field in
SDMSubscription. This flag should be set in case that AMF supports
unique SDM Subscription, notifying UDM in this case of the support.
 2024-08-25 08:48:18 +09:00
Sukchan Lee
d57bb9423b update it 2024-08-24 22:21:55 +09:00
Sukchan Lee
681115c4e5 update document 2024-08-24 19:18:55 +09:00
Sukchan Lee
2d2e03507b Remove Date in Support page 2024-08-24 19:15:54 +09:00
Sukchan Lee
0a58a5bcc2 update support page 2024-08-24 19:13:15 +09:00
Sukchan Lee
ecbe26d8d9 Introducing NewPlane 2024-08-24 19:05:32 +09:00
Alexander Couzens
3f36e2b8f2 [MME] mme-gn-handler: 2G->4G: set QoS on the translated bearer 
Otherwise the bearer contains qci = 0 and 0 values for the
priority, certain eNodeBs (Ericsson rbs6402) will reject such bearers.
 2024-08-21 06:16:35 +09:00
Alexander Couzens
62ddcd8757 [MME] mme-gn-handler: correct ARP for the translated bearer (2G->4G) 
The old comment describe the 4G to 2G mobility, not the 2G to 4G.
Correct the comments.
Also set the translated bearer vulnerability to 1, translated bearer
should always vulnerable to it.
 2024-08-21 06:16:35 +09:00
Alexander Couzens
b0c3dbe4dd [MME] mme-context.h: fix indention 2024-08-21 06:16:35 +09:00
Sukchan Lee
1efdcd6dfd Merge branch 'main' into issues3388 2024-08-19 16:26:40 +09:00
Sukchan Lee
333d3fe1c6 clang scan-build static analysis findings/resolutions (#3387) 
The clang scan-build procedure

```
Assume Ubuntu docker container with open5gs mounted to /src.

Assume these tools are installed to docker container:
sudo apt install -y clang-tools clang

For easy reference to clang scan-build tool:
Put normal open5gs build procedure into a file called /src/build

=======================
Inside docker container:
=======================
export CLANG_OUT_DIR=/src/scan_build_results

scan-build -disable-checker deadcode.DeadStores --override-compiler --keep-going
 --exclude subprojects --exclude tests --exclude lib/asn1c -maxloop 200 -o $CLANG_OUT_DIR -plist-html /src/build 2>&1 | tee /src/logclang.txt

=======================
Results:
=======================
Results are in html format in $CLANG_OUT_DIR - top level index.html
```

Note that in this analysis the following suppressions were assumed:
- no deadcode.DeadStores analysis since those are not functional findings
- exclude lib/asn1c for reason that is outside of open5gs control
- exclude tests for reason that those are not functional findings
- exclude subprojects since those are outside of open5gs control
 2024-08-16 16:42:12 +09:00
Bostjan Meglic
ed482784b9 [NRF] Add it's own available services to the NfProfile 
This can be used when retrieving a list of registered NRF's and how to
connect to them.
 2024-08-16 16:07:21 +09:00
Bostjan Meglic
06df59e654 [AMF] Send 5GMM cause in request to SMF on AMF-initiated session release 
Previously, 5GMM cause was not being sent due to missing "is_x_value"
not being set to true.
 2024-08-16 16:03:50 +09:00
Bostjan Meglic
a328f9a2f5 [AMF,SMF] Add optional PLMN-ID parameter to SDM GET queries 2024-08-16 16:01:37 +09:00
Sukchan Lee
cba4479c5c [SMF] Follow-up on #3393 2024-08-16 15:56:00 +09:00
Bostjan Meglic
d2e9583d77 [SMF] Handle SDM subscription to UDM during PDU session lifetime 
- create SDM subscription to UDM when PDU session is created, just
before sending SMF registration to UDM
- delete SDM subscription when PDU session is released
- handle SDM Change Notification, but not yet process items in it
 2024-08-16 15:51:06 +09:00
Sukchan Lee
96a64d7c43 [MME] fix UEContextReleaseCommand encode fail (#3388) 
UEContextReleaseCommand fails to encode as an ASN.1 message
if the Group is 0. This is added because there is currently
no exception handling when the gNB sends a Group of 0.
 2024-08-15 23:11:41 +09:00
Sukchan Lee
11e51846d7 [MME] Deliver ENB-UE over GTP XACT (#3388) 
When a GTP transaction occurs, the ENB-UE associated with the MME-UE may change.
To address this, we have changed the structure to include the ENB-UE
in the GTP transaction, similar to AMF.

When a UEContextReleaseRequest and a Service Request occur simultaneously,
the ENB-UE in the Release Access Bearer Request/Response GTP transaction is
designed to persist even if the ENB-UE Context changes.
 2024-08-15 23:00:13 +09:00
Sukchan Lee
a7d594c2b7 [AMF] fix UEContextReleaseCommand encode fail (#3388) 
UEContextReleaseCommand fails to encode as an ASN.1 message
if the Group is 0. This is added because there is currently
no exception handling when the gNB sends a Group of 0.
 2024-08-15 20:56:35 +09:00
Sukchan Lee
1a22479977 [AMF] Remove ngap_send_amf_ue_context_release_command() 
ngap_send_amf_ue_context_release_command() is unnecessary.
So, change ngap_send_amf_ue_context_release_command()
to ngap_send_ran_ue_context_release_command.
 2024-08-15 18:32:11 +09:00
Sukchan Lee
90475696f6 [HR] Configuration Update (#2194) 
Fixed SMF/NSSF configuration to use FQDNs for Home Routed Roaming.
 2024-08-12 15:19:42 +09:00
Sukchan Lee
d7126f98ac [HR] Added LBO Roaming Allowed in WebUI (#2194) 
According to TS29.503, we can choose whether or not to allow LBO roaming
on a per-session basis.

To this end, we have made changes to allow us to set this via the WebUI.
 2024-08-05 16:47:47 +09:00
Sukchan Lee
37430970f7 Update document for v2.7.2 2024-08-04 21:13:24 +09:00
Sukchan Lee
43fa4857cc Release v2.7.2 (Compilation error fix) 2024-08-04 21:10:00 +09:00
Sukchan Lee
5697cd792e Release v2.7.2 2024-08-04 20:39:12 +09:00
Sukchan Lee
d3a17338a0 Follow-up on #3368 
There was an issue with the output of the LOG message.
I fixed it again and applied it to the main branch.

Refer to #3360 #3361 #3363 #3364
 2024-08-04 20:22:59 +09:00
Sukchan Lee
b35dee9327 [NRF] Fix the subscription valdityTime (#3360 #3361 #3363 #3364) 
NF should accept 204 No Content for Update Subscription requests.
According to 3GPP 29.510 NRF specification document in figure 5.2.2.5.6.1
NRF may return 204 or 200 for success update operations.

2a. On success, if the NRF accepts the extension of the lifetime
of the subscription, and it accepts the requested value for the "validityTime"
attribute, a response with status code "204 No Content" shall be returned.

2b. On success, if the NRF accepts the extension of the lifetime
of the subscription, but it assigns a validity time different than
the value suggested by the NF Service Consumer, a "200 OK" response code shall
be returned. The response shall contain the new resource representation
of the "subscription" resource, which includes the new validity time,
as determined by the NRF, after which the subscription becomes invalid.

I changed it so that all NFs can receive both 200 and 204 STATUS.
I also changed the default behavior of NRFs to respond with 204,
which is NO CONTEXT.
 2024-08-04 13:32:53 +09:00
Sukchan Lee
d9a3132400 Tested on FreeBSD-14.1-STABLE (#3350) 
- Upgraded libraries to 4.5 to address compile error issues with CXX11 support
- Change the default version of FreeBSD Vagrant to 14.1-STABLE
- FreeBSD Platform documentation also changed to 14.x version
 2024-08-03 21:45:52 +09:00
Sukchan Lee
c5025ec64c [MEM] valgrind memcheck findings (#3349) 
The proposal out of the valgrind memcheck procedure are
a couple of small patches to open5gs within the patches subdirectory.
 2024-08-02 17:30:21 +09:00
Sukchan Lee
9828509668 [DIAM] Added sanity routine to avoid crash 2024-07-25 23:55:53 +09:00
Sukchan Lee
3f23d332bf [TFT] Incrase the number of flows 8->16 (#3343) 
TS24.008
10.5.6.12 Traffic Flow Template
Table 10.5.162: Traffic flow template information element

Number of packet filters (octet 3)
The number of packet filters contains the binary coding
for the number of packet filters in the packet filter list.
The number of packet filters field is encoded in bits 4
through 1 of octet 3 where bit 4 is the most significant
and bit 1 is the least significant bit.

For the "delete existing TFT" operation and
for the "no TFT operation", the number of packet filters shall be
coded as 0. For all other operations, the number of packet filters
shall be greater than 0 and less than or equal to 15.

The array of TLV messages is limited to 16.
So, Flow(PDI.SDF_Filter) in PDR is limited to 16.

Therefore, we defined the maximum number of flows as 16.
 2024-07-25 23:36:03 +09:00
Sukchan Lee
455f164c60 Revert "[TFT] Incrase the number of flows 8->16 (#3339)" 
This reverts commit 919176a9ab.
 2024-07-25 23:33:32 +09:00
Sukchan Lee
919176a9ab [TFT] Incrase the number of flows 8->16 (#3339) 
TS24.008
10.5.6.12 Traffic Flow Template
Table 10.5.162: Traffic flow template information element

Number of packet filters (octet 3)
The number of packet filters contains the binary coding
for the number of packet filters in the packet filter list.
The number of packet filters field is encoded in bits 4
through 1 of octet 3 where bit 4 is the most significant
and bit 1 is the least significant bit.

For the "delete existing TFT" operation and
for the "no TFT operation", the number of packet filters shall be
coded as 0. For all other operations, the number of packet filters
shall be greater than 0 and less than or equal to 15.

The array of TLV messages is limited to 16.
So, Flow(PDI.SDF_Filter) in PDR is limited to 16.

Therefore, we defined the maximum number of flows as 16.
 2024-07-25 23:29:10 +09:00
Sukchan Lee
2b793b3534 [SMF] add debug log in ogs_gtp2_parse_tft() 
SMF crashed in ogs_gtp2_parse_tft(). Add debug to find out
how the UE sends a Bearer Resource Modification Request and SMF crashes.
 2024-07-20 20:18:15 +09:00
Sukchan Lee
08a9291da1 [MME] Fix the crash after removing ogs_pool_cycle() (#3196) 2024-07-20 20:07:23 +09:00
Sukchan Lee
8d2d037314 [DIAM] Fix the crash when terminating Diameter 
When exiting a diameter interface, the session state data could be NULL.
So we added code to check the session state data
to prevent SIGSEGV occurring.
 2024-07-20 10:16:28 +09:00
Sukchan Lee
a9a60135f9 [AMF] Fix the crash since validityTime->30s(#3210) 
We're experiencing an issue after changing SearchResult.validityTime
from 3600 seconds to 30 seconds.

When AMF finds a PCF through Discovery, it can be deleted
after 30 seconds by ValidityTime.

We have changed our implementation to not send the PCF-ID in this case.

What we need to do is proactively add a part that will re-discover
the PCF when a situation arises where we really need the PCF-ID.
 2024-07-20 09:59:26 +09:00
Sukchan Lee
bc3823edc8 Merge branch 'main' of https://github.com/open5gs/open5gs 2024-07-20 07:32:50 +09:00
Sukchan Lee
0af9db84f8 [MME] Fixed Crash in mme-fd-path.c (#3196) 
Because mme_ue_find_by_id() and enb_ue_find_by_id() could be NULL,
we should not use assert()
 2024-07-20 07:31:14 +09:00
Nikhil Malik
3df4447049 Added NGAP LB blog in docs.md (#3329) 
* Update docs.md
 2024-07-18 14:55:31 +09:00
Sukchan Lee
eebbfd28b3 UPF Performance enhancement (#3306) (#3318) 
* [UPF/SGW-U] Optimizing data-path (#3306)

In ogs_pfcp_up_handle_pdr, there is a copy operation performed on recvbuf,
which can reduce the sending performance in the data path. Personally,
We believe that this copy operation can be eliminated.

Of course, if it is canceled, the recvbuf does not need to be released again
at the location where ogs_pfcp_up_handle_pdr is called. After testing,
it has indeed shown an improvement in performance of approximately 15-18%.

   /*
    sendbuf = ogs_pkbuf_copy(recvbuf);
    if (!sendbuf) {
        ogs_error("ogs_pkbuf_copy() failed");
        return false;
    }*/
    sendbuf = recvbuf;</div>

* update it
 2024-07-12 13:32:58 +09:00
Sukchan Lee
1b82ff08b6 [AMF] Added Additional-GUTI to ClearText (#3315) 
UE attached to 4G cell, terminates 4G connection,
then attempts 5G cell attach with TAC update - fails connection

Setup a UE on a 4G cell. Also have a 5G cell available to the UE.

Next, disable the 4G cell. The 4G connection terminates normally.

The UE scans the network and finds the 5G cell.

At this time the UE sends a registration to the 5G cell.
Open5gs sent back a reject with reason "Semantically incorrect message".
Then the UE did not try to attach again and lost the call forever.

Compare this scenario with a different core that we tested this scenario on.
With a different core (other than open5gs) the core sent back a reject
also but with a reason "UE can't be derived by network".
Then the UE tried attach again and the 5G call was successful.
Although this was successful for the other core it could be suggested
that not rejecting at all is good behavior.

There is a workaround which is that the Samsung UE could be put into
airplane mode and taken out of airplane mode and at that point
the UE is able to attach to the 5G cell. But this is a lot of manual effort
on the user of the UE which could be avoided with a simple open5gs change.

Note: Issue only happens when registration request + tracking area update
occurs on 5G cell attach following LTE cell being disabled.
If only registration occurs without a tracking area update
(such as the first time system is up) then it is ok with no rejection.

To solve this issue, added Additional-GUTI to the ClearText Group.
 2024-07-12 13:23:24 +09:00
Sukchan Lee
6f73a74690 [GTP/PFCP] Use Pool-ID in XACT (#3196) 
Due to the possiblity of problems with NS's like SMF using GTP/PFCP,
I changed the transaction memory to the pool id method.
 2024-07-10 10:20:19 +09:00
Sukchan Lee
b98731de96 Follow-up on #3282 2024-07-09 22:29:16 +09:00
Emanuele Di Pascale
9ed06f1da1 [MME,SMF]: allow setting of diameter TC_TIMER 
... via the YAML configuration
 2024-07-09 22:23:47 +09:00
Sukchan Lee
d2ca1dbd13 [MME] Fixed crash on GTP sending timeout (#3196) 2024-07-09 22:20:12 +09:00
Sukchan Lee
3134bcc5e8 [MME] Fixed crash when double free mme_ue (#3196) 2024-07-09 15:58:51 +09:00
herlesupreeth
ed0c1f4efb [SMF]: Issue PFCP session modification request if there are additional flows in RAR 2024-07-08 17:34:37 +09:00
Sukchan Lee
8c97ccf570 [SMF] Fixed a crash when sess is NULL (#3240) 2024-07-08 16:28:07 +09:00
Sukchan Lee
be68ea7b04 [SGWC/SMF] Fixed a crash (#3196) 
We're troubleshooting additional crashes that occur
while trying to fix the ogs_pool_cycle() issue.
 2024-07-07 20:44:10 +09:00
Sukchan Lee
c920f53d39 [MME] UEContextReleaseCommand cause (#3280) 
On 4G only... when UE sent an inactivity UEContextReleaseRequest,
Open5GS sent back UEContextReleaseCommand **with cause=normal-release.
This, in turn, does not allow the Samsung UE to return to the low power state
in our testing of the scenario.

Comparing the behavior of open5gs to other cores that we have tested
the other cores are sending a ** cause=“Radio Network Layer Cause”:
User inactivity ** when the UE sends inactivity. And this is what allows
other cores to transition the UE to the low power state whereas
with open5gs the UE is not entering the low power state.

We've fixed to allow open5gs to come to the same level of compliance
in this area as to the other cores.
 2024-07-06 18:23:45 +09:00
Sukchan Lee
d6cc83bae0 [SGWC] Fixed a crash 2024-07-06 17:45:40 +09:00
Sukchan Lee
3e10963168 [MME/GTP] More fix to manage multiple GTP (#3251) 
Update Bearer Request
Modify Bearer Context Request
Modify Bearer Context Accept
Update Bearer Response

In the process above, we incorrectly used the Timer
that the MME uses to wait for the eNB.

We used xact's holding timer, which continues to hold the transaction
for further exception handling even after sending the Update Bearer Response.

This timer should end exactly when the Update Bearer Response is sent
by the MME to the SGW-C. Therefore, we have added a new peer timer
in xact for this purpose.
 2024-07-06 16:57:39 +09:00
Sukchan Lee
a5d4254141 [GTP] Error Indication with deleting bearer(#3302) 
We fixed an issue in #3302 where MME does not send Downlink Data Notification
Acknowledge to SGW-C in Error Indication situation.

However, it did not work properly when this occurred in conjunction
with releasing the bearer as shown below.

>>>Seesion-Termination in Diameter
>>>SMF sends E-RABReleaseCommand and
            Deactivate EPS bearer request context

1. SGW-U received Error Indication
2. SGW-U sends PFCP Report Request to SGW-C
3. SGW-C sends PFCP Report Response to SGW-U
4. SGW-C sends Downlink Data Notification to MME (MME Connected with eNB)

>>> eNB sends E-RABReleaseCommand
>>> UE sends Deactivate EPS bearer context accept

5. MME sends UEContextReleaseCommand to the eNB
6. eNB sends UEContextReleaseComplete to the MME
7. MME sends S1-Paging to the eNB
8. eNB sends Service-Request to the MME
9. MME sends InitialContextSetupRequest to the eNB
10. eNB sends InitialContextSetupResponse to the MME

No bearer context, so cannot send Downlink Data Notification Acknowledge

So, we've fixed it as below.

>>>Seesion-Termination in Diameter
>>>SMF sends E-RABReleaseCommand and
            Deactivate EPS bearer request context

1. SGW-U received Error Indication
2. SGW-U sends PFCP Report Request to SGW-C
3. SGW-C sends PFCP Report Response to SGW-U
4. SGW-C sends Downlink Data Notification to MME (MME Connected with eNB)

>>>>>>>> Since eNB Connected, we send Downlink Data Notification Acknowledge here.

>>> eNB sends E-RABReleaseCommand
>>> UE sends Deactivate EPS bearer context accept

5. MME sends UEContextReleaseCommand to the eNB
6. eNB sends UEContextReleaseComplete to the MME
7. MME sends S1-Paging to the eNB
8. eNB sends Service-Request to the MME
9. MME sends InitialContextSetupRequest to the eNB
10. eNB sends InitialContextSetupResponse to the MME
 2024-07-06 16:07:53 +09:00
Sukchan Lee
133fafa395 [MME] Fixed Error Indication (#3302) 
We've encountered an issue where Downlink Data Notification Acks are not sent
in the following situations.

1. SGW-U received Error Indication
2. SGW-U sends PFCP Report Request to SGW-C
3. SGW-C sends PFCP Report Response to SGW-U
4. SGW-C sends Downlink Data Notification to MME
(MME Connected with eNB)
5. MME sends UEContextReleaseCommand to the eNB
6. eNB sends UEContextReleaseComplete to the MME
7. MME sends S1-Paging to the eNB
8. eNB sends Service-Request to the MME
9. MME sends InitialContextSetupRequest to the eNB
10. eNB sends InitialContextSetupResponse to the MME

Here, MME needs to send Downlink Data Notification Acknowledge.

So, we've fixed it
 2024-07-04 17:42:50 +09:00
Sukchan Lee
555c20c4c5 [POOL] REMOVE ogs_pool_cycle() (#3196) 2024-06-30 22:03:13 +09:00
Sukchan Lee
976f2473b0 [POOL] refactor mem pool in AUSF/PCF/UDM (#3196) 
Removed ogs_pool_cycle() from AUSF/PCF/UDM memory pool
and changed it to find by hash id.
 2024-06-30 22:03:13 +09:00
Sukchan Lee
ab8e46a03d [POOL] refactor SMF/UPF/SGW-C/SGW-U (#3196) 
Removed ogs_pool_cycle() from SMF/UPF/SGW-C/SGW-U memory pool
and changed it to find by hash id.
 2024-06-30 22:03:13 +09:00
Sukchan Lee
c151e4fbce [POOL] refactor memory pool in MME (#3196) 
Removed ogs_pool_cycle() from MME memory pool
and changed it to find by hash id.
 2024-06-30 22:03:13 +09:00
Sukchan Lee
253de8ee25 [POOL] refactor memory pool in AMF (#3196) 
Removed ogs_pool_cycle() from AMF memory pool
and changed it to find by hash id.
 2024-06-30 22:03:13 +09:00
Sukchan Lee
c1110573d6 [POOL] refactor memory in GTP/PFCP xact (#3196) 
Removed ogs_pool_cycle() from GTP/PFCP transacion
and changed it to find by hash id.
 2024-06-30 22:03:13 +09:00
Sukchan Lee
6cb518539b [POOL] refactor memory in HTTP server (#3196) 
Removed ogs_pool_cycle() from HTTP2 session and stream context
and changed it to find by hash id.
 2024-06-30 22:03:13 +09:00
Sukchan Lee
40e146d45a [POOL] change cycle to hash id in xact (#3196) 
I created ogs_sbi_xact_find_by_id() with a hash
to replace ogs_sbi_xact_cycle().

Modified to find the xact via xact->id
when making an HTTP request with the SBI client function
and waiting for the HTTP response.
 2024-06-30 22:03:13 +09:00
Sukchan Lee
b26f1f310f [POOL] Added hash id to pool (#3196) 
Pool library has the following issues with XXX_cycle,
including mme_enb_cycle()/amf_ue_cycle()

```
INIT POOL(SIZE:5)

Alloc Node1
Alloc Node2
Alloc Node3
Alloc Node4
Alloc Node5

Free Node4
Free Node3

PoolCycle(Node4) is NULL (Freed...OK!)
PoolCycle(Node3) is NULL (Freed...OK!)

Alloc Node6
Alloc Node7

PoolCycle(Node4) is Not NULL (Freed...but NOK!)
PoolCycle(Node3) is Not NULL (Freed...but NOK!)
PoolCycle(Node6) is Not NULL (Allocated...OK!)
PoolCycle(Node7) is Not NULL (Allocated...OK!)
```

If we use ogs_poll_alloc() to create and allocate a node,
the correct behavior of calling ogs_pool_free() on this node
and then later calling ogs_pool_cycle() on this node must always return NULL.

However, the behavior of calling ogs_pool_cycle() on this node
in the future may return a “valid” pointer.

To solve the problem, we added hash id to the pool memory and
ogs_pool_find_by_id() function is added.
 2024-06-30 22:03:13 +09:00
Daniel Willmann
dc2e167a8f [MME] Avoid duplicate be32toh() in mme_gn_build_sgsn_context_request() 
tlv_add_leaf() should already convert the byte order.
 2024-06-28 22:39:40 +09:00
Daniel Willmann
71e263c0a1 [MME] Pass PTMSI signature through to mme_gn_build_sgsn_context_request 
3GPP TS 23.003 Ch. 2.8.2.2.2 (Mapping in the UE) states "The P-TMSI
signature is sent intact to the MME."
So simply use the PTMSI signature from the TAU and pass it throught to the
SGSN Context Request.
 2024-06-28 22:39:40 +09:00
Daniel Willmann
2e180796e4 [MME] Fix GUTI <-> RAI/PTMSI derivation functions 
The algorithms described in 3GPP TS 23.003 Ch. 2.8.2.1.2 an 2.8.2.2.2
are not directly the inverse of each other.

To send a SGSN Context Request (in 2G -> 4G mobility) the algorithm in
2.8.2.2.2 has to be done in reverse (like mentioned in 2.8.2.2.3 -
Mapping in the new MME).

When parsing an SGSN Context Request (for 4G -> 2G mobility) the reverse
of 2.8.2.1.2 (as described in 2.8.2.1.3) has to be used.
PTMSI signature handling is added in a separate commit.
 2024-06-28 22:39:40 +09:00
nik-netlox
9e19d28c4b Update docs.md 2024-06-25 06:12:54 +09:00
Sukchan Lee
d0f6288484 Remove feature request in Issue template 2024-06-10 10:05:25 +09:00
Sukchan Lee
f0206c79f6 Follow up on #3249 2024-06-05 13:41:21 +09:00
errdemk
0de416e43f [UDM] Added Amf3GppAccessRegistration Information Retrieval Feature 2024-06-05 10:55:59 +09:00
Sukchan Lee
cf7af787dd [AMF/MME] Fix the gNB/eNB ID hash setting 
When setting hashes, we typically delete and set hashes that are set to OLD.

A hash set to OLD should be deleted by setting it to NULL,
but here we're deleting it with a value of NEW.

Therefore, we modified it to delete the OLD gNB/eNB ID
instead of NEW by setting a NULL value to Hash as Key.
 2024-06-03 21:40:23 +09:00
Sukchan Lee
53a63e1b40 [MME/GTP] Managing multiple GTP xact (#3240) 
Consider the following situation.
```
1. SMF->SGW-C->MME: First Update Bearer Request
2. MME->UE:         First Modify EPS bearer context request
3. SMF->SGW-C->MME: Second Update Bearer Request
4. MME->UE:         Second Modify EPS bearer context request
5. UE->MME:         First Modify EPS bearer context accept
6. MME->SGW-C->SMF: First Update Bearer Response
7. UE->MME:         Second Modify EPS bearer context accept
8. MME->SGW-C->SMF: Second Update Bearer Response
```

Until now, only one GTP transaction was managed for one bearer.

Therefore, if the UE does not send an EPS Modify bearer accept to the MME,
and the SMF/SGW-C sends an Update Bearer Request to the MME,
The NEW update bearer request overwrites the OLD that was previously managed.
So we modified it to manage them simultaneously.

However, we don't know if this is the right way to implement it.

So if the SMF/SGW-C sends 5 MMEs of Update Bearer Request and
the UE sends only 3 MMEs of Modify EPS bearer context accept,
we have no way to associate it.

Therefore, it's implemented so that we just process them sequentially and
2 of them are just timeout.
 2024-05-31 22:36:41 +09:00
Sukchan Lee
1111b06ac4 [AMF] Fixed issue context transfer (#3052) 
When the second AMF, which is the transfer, runs later than the SMF,
there is no client information.

Fixed to pre-create the Client when the Resource URI is transferred.
 2024-05-26 15:01:21 +09:00
Sukchan Lee
7062b9c0d6 [AMF] Follow-up on Context transfer (#3052) 2024-05-26 14:40:11 +09:00
Sukchan Lee
2a4d8db72e [MME] Prevent the Session stored in DB (#3220) 
Fixed to not change the session information stored in the DB
when transferring context from GERAN to EUTRAN.

Note that the Tracking Area Update Procedure differs
from the Attach Procedure in 5.3.2 in the point
at which HSS and ULR/ULA are performed.

3GPP TS 23.401
Ch 5.3.3 Tracking Area Update procedures

<Attach Procedure>
1. Security-mode complete
2. Update Location Request/Answer
3. Create Session Request/Response

<Tracking Area Update Procedure>
1. Security-mode complete
2. Create Session Request/Response
3. Update Location Request/Answer

When TAU creates a Create Session Request message,
there is no session type information in the Subscriber DB
that is received from HSS in the Update Location.

Therefore, TAU does not reflect the Session Type
but creates PDN Type by reflecting the information
in the Request Type as it is.
 2024-05-25 15:14:58 +09:00
Bostjan Meglic
4f7f4ec6e5 [AMF] Fix for storing 5G AKA Confirmation URL 
HTTP Location header field does not contain the "5g-aka-confirmation"
substring. Which means that when we try to delete the authentication
from AUSF, it fails.

/nausf-auth/v1/ue-authentications/1
vs
/nausf-auth/v1/ue-authentications/1/5g-aka-confirmation
 2024-05-23 23:34:22 +09:00
Pau Espin Pedrol
c6c73c1f70 MME: Gn: Fill PDP Context requested from SGSN with IP allocated by SMF 
IP assigned from SMF: session->paa
Static IP read from the Subscriber DB: session->ue_ip

When passing the PDP context information to the SGSN, we actually wanna
provide it with the IP address currently in use.
 2024-05-22 07:14:53 +09:00
Pau Espin Pedrol
f401e7df14 Revert "[MME] Fixed ttcn3-mme-test-ogs (#2806) (#315)" 
This reverts commit 87d9cdf569.
 2024-05-22 07:14:53 +09:00
Sukchan Lee
87d9cdf569 [MME] Fixed ttcn3-mme-test-ogs (#2806) (#315) 
Try to fix the following error

"MME_Tests.ttcn:955 : no SGSN Context Response from MME"
      MME_Tests.ttcn:1572 MME_Tests control part
      MME_Tests.ttcn:1457 TC_ue_cell_reselect_eutran_to_geran testcase
 2024-05-21 21:06:17 +09:00
Sukchan Lee
02d302b15a [SEC] Fix Assertion ogs_pfcp_parse_volume (#3207) 2024-05-18 21:37:28 +09:00
Sukchan Lee
15ff23de75 [SEC] Fix Assertion ogs_pfcp_parse_sdf_filter (#3207) 2024-05-18 21:37:28 +09:00
Sukchan Lee
b1bf2b10e2 [SEC] Fix Assertion ogs_pfcp_f_seid_to_ip (#3207) 2024-05-18 21:37:28 +09:00
Sukchan Lee
bd4d925f0f [SEC] Fix Assertion ogs_pfcp_parse_user_plane_ip_resource_info() (#3207) 2024-05-18 21:37:28 +09:00
Sukchan Lee
5f425445a8 [SEC] Fix Assertion ogs_gtp2_parse_uli (#3209) 2024-05-18 21:37:28 +09:00
Sukchan Lee
05deed616c [SEC] fix Assertion 0 < ogs_fadn_parse (#3207) 2024-05-18 21:37:28 +09:00
Sukchan Lee
4599b273fa [MME] Problem keep changing PDN-Type (#3209) 
If the UE continuously attempts to Attach while changing PDN Type,
it will cause the wrong IP to be assigned.
(e.g PDU-Type : IPv4v6 -> IPv4 -> IPv4v6)

This is because we use two variables at the same time,
one to read and store the Static IP from the Subscriber DB and
one to store the IP assigned from SMF, called session->paa.

When the UE attaches with PDN-Type set to IPv4v6,
MME saves the allocated IP in session->paa.

However, MME thinks it has been assigned a static IP based on the information
in session->paa, so changing the PDN-Type may result in the wrong IP
being assigned.

To solve this problem, I separated the variable(session->paa) that stores
the allocated IP received from SMF and the variable(session->ue_ip) that stores
the Static IP read from the Subscriber DB.

Therefore, the information read from the Subscriber DB
(session->session_type and session->ue_ip) should not be modified.
 2024-05-18 14:01:00 +09:00
Sukchan Lee
bba0ebe6a4 [SEC] crash for IMSI/MSISDN/IMEI overflow (#3207) 
When using ogs_buffer_to_bcd(), an overflow occurs if the input buffer length
is larger than the output bcd size, causing a crash.

We adjusted the size of the input buffer length using ogs_min as follows.
```
    sgwc_ue->imsi_len = ogs_min(imsi_len, OGS_MAX_IMSI_LEN);
    memcpy(sgwc_ue->imsi, imsi, sgwc_ue->imsi_len);
    ogs_buffer_to_bcd(sgwc_ue->imsi, sgwc_ue->imsi_len, sgwc_ue->imsi_bcd);
```
 2024-05-17 20:25:49 +09:00
Sukchan Lee
80ab4c4a1b [NF] Move ogs_log_config_domain() location (#3210) 
When we run the test, for example,
./tests/registration/registration simple-init,
wee get an INFO message like the one below.

```
05/17 14:24:03.933: [sbi] INFO: NF EndPoint(addr) setup [127.0.0.200:7777] (../lib/sbi/context.c:474)
```

When we run the code in Open5GS, the log level initially defaults to INFO.

However, for test code, we change the log level to ERROR
by automatically inserting the -e error option into argv.

The reason for this is to prevent WARNING and INFO messages
from appearing when the test code is run.

However, the log level to ERROR is changed at the bottom of
the initialize routine, which caused the above message
to be printed during testing.

To prevent this from being printed, I modified the code
to change that log level to ERROR a little earlier.
 2024-05-17 14:54:32 +09:00
Sukchan Lee
95de14c72b [SBI] SearchResult.validityPeriod 3600->30s (#3210) 
The validity time for NF Instances obtained through NF Discovery was
not properly implemented. Since the validity was 3600 seconds(1 hour),
which caused 5G Core to not work properly after 3600 seconds(1 hour).

There was an issue where an NF Instance should be deleted
when its validity time expired, but it was not working correctly
due to incorrect use of reference count.

Therefore, I have modified the Validity of NF Instances obtained
through NF Discovery to work properly.

I also changed the default value of valdityPeriod to 30 seconds.
 2024-05-17 14:54:32 +09:00
Sukchan Lee
7a9fea8aec [SBI] Re-factor NF Instance Context (#3093) 
Fixed not using Reference Count for adding/deleting NF Instances.

Up until now, NF Instances have been managed by referencing the Reference Count.

Initially, when an NF Instance is added, the Reference Count is incremented and
when it is deleted, the Reference Count is decremented.

If a UE discovers another NF Instance through the NF Discovery function,
the Reference Count is incremented. And if a UE de-registers,
the Reference Count of the discovered NF is decremented.

However, there's a problem with this approach.

When other NF is de-registered,
there is no guarantee that it will be 100% notified.

For example, if a UDM is de-registered, but an SCP is de-registered before it,
the AMF will not be notified that the UDM has been de-registered.

In situations where this is not clear, Reference Count cannot be used.

Therefore, we have modified it to not use the Reference Count method.

Also, when a UE connects, it is modified to always search
whether an NF Instance exists by NF Instance ID whenever it is discovered.

To do this, we modified lib/sbi/path.c as shown below.

```diff
@@ -281,13 +281,15 @@ int ogs_sbi_discover_and_send(ogs_sbi_xact_t *xact)
     }

     /* Target NF-Instance */
-    nf_instance = sbi_object->service_type_array[service_type].nf_instance;
+    nf_instance = ogs_sbi_nf_instance_find(
+            sbi_object->service_type_array[service_type].nf_instance_id);
     if (!nf_instance) {
         nf_instance = ogs_sbi_nf_instance_find_by_discovery_param(
                         target_nf_type, requester_nf_type, discovery_option);
-        if (nf_instance)
-            OGS_SBI_SETUP_NF_INSTANCE(
-                    sbi_object->service_type_array[service_type], nf_instance);
+        if (nf_instance) {
+            OGS_SBI_SETUP_NF_INSTANCE_ID(
+                    sbi_object->service_type_array[service_type], nf_instance->id);
+        }
     }
```
 2024-05-12 10:24:15 +09:00
Sukchan Lee
9d8d560be7 [DOCKER] Change UID from 1000 to 2000 
The ubuntu docker image defaults to UID 1000 as the ubuntu username,
so change the UID of the open5gs default user acetcom to 2000.
 2024-05-11 16:26:04 +09:00
Daniel Willmann
eb28c514ea [MME] s11: Allow CreateSessionResponse with no S5c TEID IE 
The TEID is already known (provided by SGSN through Gn SGSNContextResponse),
so not mandatory for it to be set.
 2024-05-11 01:07:45 +02:00
Pau Espin Pedrol
f16f6e3c6c [MME] s11: Allow CreateSessionResponse with no PAA IE 
The PAA is already known (provided by SGSN through Gn SGSNContextResponse),
so not mandatory for it to be set.
 2024-05-11 01:07:45 +02:00
Pau Espin Pedrol
190b39a75c cosmetic: [MME] Fix wrong content in comment line 2024-05-11 01:07:45 +02:00
Sukchan Lee
87b4e4535c [SEC] Stack overflow in PCRF/PCF (#3157) 
The indexes rx_message.ims_data.num_of_media_component and media_component->num_of_sub can overflow.

```
static int pcrf_rx_aar_cb( struct msg **msg, struct avp *avp,
        struct session *sess, void *opaque, enum disp_action *act)
..
        /* Gwt Specific-Action */
        case OGS_DIAM_RX_AVP_CODE_SPECIFIC_ACTION:
            break;
        /* Gwt Media-Component-Description */
        case OGS_DIAM_RX_AVP_CODE_MEDIA_COMPONENT_DESCRIPTION:
            media_component = &rx_message.ims_data.
                    media_component[rx_message.ims_data.num_of_media_component];

            ret = fd_msg_browse(avpch1, MSG_BRW_FIRST_CHILD, &avpch2, NULL);
            ogs_assert(ret == 0);
            while (avpch2) {
                ret = fd_msg_avp_hdr(avpch2, &hdr);
..
                }

                fd_msg_browse(avpch2, MSG_BRW_NEXT, &avpch2, NULL);
            }

            rx_message.ims_data.num_of_media_component++;
            break;
        default:
            ogs_warn("Not supported(%d)", hdr->avp_code);
            break;
        }
..
}
```
 2024-05-01 16:52:10 +09:00
Sukchan Lee
b57722178a [SEC] Heap overflow in open5gs-mmed/s1ap (#3153) 
Assert shall be triggered if the mme_enb_t object is corrupted.

```
$ gdb -q -p `pidof open5gs-mmed`
..
Using host libthread_db library "/lib/aarch64-linux-gnu/libthread_db.so.1".
0x0000ffff90deb46c in __GI___sigtimedwait (set=set@entry=0xfffffe63be68, info=info@entry=0xfffffe63bda8, timeout=timeout@entry=0x0) at ../sysdeps/unix/sysv/linux/sigtimedwait.c:61
61      ../sysdeps/unix/sysv/linux/sigtimedwait.c: No such file or directory.
Breakpoint 1 at 0xaaaabef69250: file ../src/mme/s1ap-handler.c, line 199.
[Switching to Thread 0xffff1efdef00 (LWP 20348)]

Thread 38 "open5gs-mmed" hit Breakpoint 1, s1ap_handle_s1_setup_request (enb=0xffff9029b5a0, message=0xffff1efdc498) at ../src/mme/s1ap-handler.c:199
warning: Source file is more recent than executable.
199         if (maximum_number_of_enbs_is_reached()) {
(gdb) p enb.supported_ta_list
$1 = {{plmn_id = {mcc1 = 0 '\000', mcc2 = 0 '\000', mcc3 = 1 '\001', mnc1 = 15 '\017', mnc2 = 0 '\000', mnc3 = 1 '\001'}, tac = 1} <repeats 256 times>}
(gdb) p enb
$2 = (mme_enb_t *) 0xffff9029b5a0
(gdb) p *enb
$3 = {lnode = {prev = 0x0, next = 0x0}, sm = {init = 0xaaaabef66540 <s1ap_state_initial>, fini = 0xaaaabef66640 <s1ap_state_final>, state = 0xaaaabef66730 <s1ap_state_operational>}, enb_id = 1, plmn_id = {
    mcc1 = 1 '\001', mcc2 = 2 '\002', mcc3 = 3 '\003', mnc1 = 15 '\017', mnc2 = 4 '\004', mnc3 = 5 '\005'}, sctp = {type = 1, sock = 0xfffedc000bd0, addr = 0xfffedc000e70, poll = {read = 0xffff9032a0f0,
      write = 0x0}, write_queue = {prev = 0x0, next = 0x0}}, state = {s1_setup_success = false}, max_num_of_ostreams = 30, ostream_id = 0, num_of_supported_ta_list = 258, supported_ta_list = {{plmn_id = {
        mcc1 = 0 '\000', mcc2 = 0 '\000', mcc3 = 1 '\001', mnc1 = 15 '\017', mnc2 = 0 '\000', mnc3 = 1 '\001'}, tac = 1} <repeats 256 times>}, s1_reset_ack = 0x10f100000110f100, enb_ue_list = {prev = 0x1,
    next = 0x0}}
pwndbg> vmmap enb
LEGEND: STACK | HEAP | CODE | DATA | RWX | RODATA
             Start                End Perm     Size Offset File
    0xffff8edd4000     0xffff8ede4000 ---p    10000      0 [anon_ffff8edd4]
►   0xffff8ede4000     0xffff90650000 rw-p  186c000      0 [anon_ffff8ede4] +0x1517010
    0xffff90650000     0xffff90659000 r-xp     9000      0 /usr/lib/aarch64-linux-gnu/libffi.so.8.1.0
```

The value s1_reset_ack = 0x10f100000110f100 shall contain a function pointer, but has been corrupted.

The following patch will abort the process:

```diff
$ diff --git a/src/mme/s1ap-handler.c b/src/mme/s1ap-handler.c
index dff401ded..55a1f7e1b 100644
--- a/src/mme/s1ap-handler.c
+++ b/src/mme/s1ap-handler.c
@@ -178,6 +178,7 @@ void s1ap_handle_s1_setup_request(mme_enb_t *enb, ogs_s1ap_message_t *message)
                 SupportedTAs_Item->broadcastPLMNs.list.array[j];
             ogs_assert(pLMNidentity);

+           ogs_assert(enb->num_of_supported_ta_list < OGS_ARRAY_SIZE(enb->supported_ta_list));
             memcpy(&enb->supported_ta_list[enb->num_of_supported_ta_list].tac,
                     tAC->buf, sizeof(uint16_t));
             enb->supported_ta_list[enb->num_of_supported_ta_list].tac =
@@ -310,6 +311,7 @@ void s1ap_handle_enb_configuration_update(
                     SupportedTAs_Item->broadcastPLMNs.list.array[j];
                 ogs_assert(pLMNidentity);

+               ogs_assert(enb->num_of_supported_ta_list < OGS_ARRAY_SIZE(enb->supported_ta_list));
                 memcpy(&enb->supported_ta_list[
                         enb->num_of_supported_ta_list].tac,
                         tAC->buf, sizeof(uint16_t));
```
 2024-05-01 16:25:33 +09:00
Sukchan Lee
7ea82cb87b [SEC] Heap overflow in open5gs-mmed/s6a (#3156) 
An assert shall be triggered.

The vulnerable code path is in src/mme/mme-fd-path.c:

```
/* s6a process Subscription-Data from avp */
static int mme_s6a_subscription_data_from_avp(struct avp *avp,
    ogs_subscription_data_t *subscription_data,
    mme_ue_t *mme_ue, uint32_t *subdatamask)
{
...
    /* AVP: 'MSISDN'( 701 )
     * The MSISDN AVP is of type OctetString. This AVP contains an MSISDN,
     * in international number format as described in ITU-T Rec E.164 [8],
     * encoded as a TBCD-string, i.e. digits from 0 through 9 are encoded
     * 0000 to 1001; 1111 is used as a filler when there is an odd number
     * of digits; bits 8 to 5 of octet n encode digit 2n; bits 4 to 1 of
     * octet n encode digit 2(n-1)+1.
     * Reference: 3GPP TS 29.329
     */
    ret = fd_avp_search_avp(avp, ogs_diam_s6a_msisdn, &avpch1);
    ogs_assert(ret == 0);
    if (avpch1) {
        ret = fd_msg_avp_hdr(avpch1, &hdr);
        ogs_assert(ret == 0);
        if (hdr->avp_value->os.data && hdr->avp_value->os.len) {
            mme_ue->msisdn_len = hdr->avp_value->os.len;                /* 1 */
            memcpy(mme_ue->msisdn, hdr->avp_value->os.data,
                    ogs_min(mme_ue->msisdn_len, OGS_MAX_MSISDN_LEN));   /* 2 */
            ogs_buffer_to_bcd(mme_ue->msisdn,
                    mme_ue->msisdn_len, mme_ue->msisdn_bcd);            /* 3 */
            *subdatamask = (*subdatamask | OGS_DIAM_S6A_SUBDATA_MSISDN);
        }
    }
```
 2024-05-01 14:51:11 +09:00
Sukchan Lee
e89aa79efe [SEC] Stack overflow in open5gs-hssd/s6a (#3155) 
An assert shall be triggered if a stack corruption occurs.

The vulnerable code path is in src/hss/hss-s6a-path.c:

```
static int hss_ogs_diam_s6a_air_cb( struct msg **msg, struct avp *avp,
        struct session *session, void *opaque, enum disp_action *act)
{
..
    ogs_plmn_id_t visited_plmn_id;
..
    ret = fd_msg_search_avp(qry, ogs_diam_visited_plmn_id, &avp);
    ogs_assert(ret == 0);
    ret = fd_msg_avp_hdr(avp, &hdr);
    ogs_assert(ret == 0);
    memcpy(&visited_plmn_id, hdr->avp_value->os.data, hdr->avp_value->os.len);
```
 2024-04-30 22:25:52 +09:00
Sukchan Lee
048a74005b [SEC] Heap overflow in parse PLMN-ID (#3154) 
An assert shall be triggered if sepp_node is corrupted.

```
pwndbg> p *sepp_node
$5 = {
  lnode = {
    prev = 0x0,
    next = 0xaaaac920c638
  },
  receiver = 0xaaaac9230990 "sepp2.localdomain",
  negotiated_security_scheme = OpenAPI_security_capability_TLS,
  target_apiroot_supported = true,
  plmn_id = {{
      mcc1 = 6 '\006',
      mcc2 = 6 '\006',
      mcc3 = 6 '\006',
      mnc1 = 6 '\006',
      mnc2 = 6 '\006',
      mnc3 = 6 '\006'
    } <repeats 12 times>},
  num_of_plmn_id = 6710887,
  target_plmn_id_presence = false,
  target_plmn_id = {
    mcc1 = 0 '\000',
    mcc2 = 0 '\000',
    mcc3 = 0 '\000',
    mnc1 = 0 '\000',
    mnc2 = 0 '\000',
    mnc3 = 0 '\000'
  },
  supported_features = 1,
  sm = {
    init = 0xaaaaada181fc <sepp_handshake_state_initial>,
    fini = 0xaaaaada18390 <sepp_handshake_state_final>,
    state = 0xaaaaada194b4 <sepp_handshake_state_established>
  },
  t_establish_interval = 0xffffa7d6c4e0,
  client = 0xaaaac91af010,
  n32f = {
    client = 0xaaaac91af090
  }
}
pwndbg> p/x sepp_node.num_of_plmn_id
$6 = 0x666667
```
 2024-04-30 22:10:45 +09:00
Sukchan Lee
f6c0ded7b4 [NSSF] Added POST nnrf-nfm/nf-status-notify 
When NSSF was first implemented, nf-status-notify was not required.

This is because there was no need to be notified
if other NFs were registered or de-registered in the NRF.

However, this situation changed with the addition of SEPP.

NSSFs can be notified whenever a SEPP registers or de-registers an NRF.

Therefore, we added nf-status-notify,
which was not implemented when the NSSF was originally created.
 2024-04-30 21:35:42 +09:00
Sukchan Lee
819861be2f [DOCS] Update Helm Chars Links (#3173) 2024-04-27 09:18:11 +09:00
Sukchan Lee
4c00edd839 Update document for v2.7.1 2024-04-19 21:24:08 +09:00
585 changed files with 56087 additions and 14732 deletions
Expand all files Collapse all files

2
.github/ISSUE_TEMPLATE/bugreport.yaml vendored
View File

@@ -18,7 +18,7 @@ body:
attributes:
label: Open5GS Release, Revision, or Tag
description: Please check if your issue has been resolved in the latest release.
placeholder: v2.6.0
placeholder: v2.7.1
validations:
required: true
- type: textarea

48
.github/ISSUE_TEMPLATE/feature_request.yaml vendored
View File

@@ -1,48 +0,0 @@
name: Feature request
description: Propose an enhancement to Open5GS
labels: ['Enhancement', 'triage']
body:
- type: markdown
attributes:
value: >
## Feature request
Please submit your feature request using the form. If your proposal is not sufficiently
well formed, we may request further clarification and expansion. If you're unsure about
how to formulate your request, please start a [discussion instead](https://github.com/open5gs/open5gs/dicsussions/).
- type: input
attributes:
label: Open5GS Release, Revision, or Tag
placeholder: v2.6.0
validations:
required: true
- type: input
attributes:
label: Components and subsystems
description: Which subsystems and components would this feature be relevant to?
validations:
required: true
- type: textarea
attributes:
label: Proposed functionality
description: >
Provide a detailed description of the feature or behaviour you are proposing. Please include any
Please include any relevant 3GPP standards and references and include any specific changes to
current protocols, processing pipelines, DIAMETER requests/responses, and interfaces. The more detail
you provide, the greater the chance your proposal has of being discussed.
If your feature request does not include anything actionable or sufficient details, you may be asked
to provide further clarification or your request may be rejected.
validations:
required: true
- type: textarea
attributes:
label: External dependencies
description: >
Please detail any new dependencies or implementations that this feature might introduce. e.g. Does the
proposal require the installation of additional packages? Are there further external nodes which may be
required for integration testing? (Not all feature requests will introduce new dependencies)

4
.github/workflows/cifuzz.yml vendored
View File

@@ -19,14 +19,14 @@ jobs:
fuzz-seconds: 300
output-sarif: true
- name: Upload Crash
uses: actions/upload-artifact@v3
uses: actions/upload-artifact@v4
if: failure() && steps.build.outcome == 'success'
with:
name: artifacts
path: ./out/artifacts
- name: Upload Sarif
if: always() && steps.build.outcome == 'success'
uses: github/codeql-action/upload-sarif@v2
uses: github/codeql-action/upload-sarif@v3
with:
# Path to SARIF file relative to the root of the repository
sarif_file: cifuzz-sarif/results.sarif

88
.github/workflows/meson-ci.yml vendored
View File

@@ -2,51 +2,51 @@ name: Meson Continuous Integration
on: [push, pull_request]
jobs:
macos-latest:
name: Build and Test on MacOS Latest
runs-on: macos-latest
steps:
# - name: Install MongoDB with Package Manager
# macos-latest:
# name: Build and Test on MacOS Latest
# runs-on: macos-latest
# steps:
## - name: Install MongoDB with Package Manager
## run: |
## brew tap mongodb/brew
## brew install mongodb-community
## brew services start mongodb-community
# - name: Create the TUN device with the interface name `ogstun`.
# run: |
# brew tap mongodb/brew
# brew install mongodb-community
# brew services start mongodb-community
- name: Create the TUN device with the interface name `ogstun`.
run: |
sudo ifconfig lo0 alias 127.0.0.2 netmask 255.255.255.255
sudo ifconfig lo0 alias 127.0.0.3 netmask 255.255.255.255
sudo ifconfig lo0 alias 127.0.0.4 netmask 255.255.255.255
sudo ifconfig lo0 alias 127.0.0.5 netmask 255.255.255.255
sudo ifconfig lo0 alias 127.0.0.5 netmask 255.255.255.255
sudo ifconfig lo0 alias 127.0.0.6 netmask 255.255.255.255
sudo ifconfig lo0 alias 127.0.0.7 netmask 255.255.255.255
sudo ifconfig lo0 alias 127.0.0.8 netmask 255.255.255.255
sudo ifconfig lo0 alias 127.0.0.9 netmask 255.255.255.255
sudo ifconfig lo0 alias 127.0.0.10 netmask 255.255.255.255
sudo ifconfig lo0 alias 127.0.0.11 netmask 255.255.255.255
sudo ifconfig lo0 alias 127.0.0.12 netmask 255.255.255.255
sudo ifconfig lo0 alias 127.0.0.13 netmask 255.255.255.255
sudo ifconfig lo0 alias 127.0.0.14 netmask 255.255.255.255
sudo ifconfig lo0 alias 127.0.0.15 netmask 255.255.255.255
sudo ifconfig lo0 alias 127.0.0.16 netmask 255.255.255.255
sudo ifconfig lo0 alias 127.0.0.17 netmask 255.255.255.255
sudo ifconfig lo0 alias 127.0.0.18 netmask 255.255.255.255
sudo ifconfig lo0 alias 127.0.0.19 netmask 255.255.255.255
sudo ifconfig lo0 alias 127.0.0.20 netmask 255.255.255.255
sudo ifconfig lo0 alias 127.0.1.10 netmask 255.255.255.255
- name: Install the dependencies for building the source code.
run: brew install mongo-c-driver libidn libmicrohttpd nghttp2 bison libusrsctp libtins talloc meson
- name: Check out repository code
uses: actions/checkout@main
- name: Setup Meson Build
run: PATH="/usr/local/opt/bison/bin:$PATH" PKG_CONFIG_PATH="/usr/local/opt/openssl/lib/pkgconfig:$PKG_CONFIG_PATH" meson setup build
env:
CC: gcc
- name : Build Open5GS
run: ninja -C build
- name: Test Open5GS
run: sudo meson test -C build -v crypt unit
# sudo ifconfig lo0 alias 127.0.0.2 netmask 255.255.255.255
# sudo ifconfig lo0 alias 127.0.0.3 netmask 255.255.255.255
# sudo ifconfig lo0 alias 127.0.0.4 netmask 255.255.255.255
# sudo ifconfig lo0 alias 127.0.0.5 netmask 255.255.255.255
# sudo ifconfig lo0 alias 127.0.0.5 netmask 255.255.255.255
# sudo ifconfig lo0 alias 127.0.0.6 netmask 255.255.255.255
# sudo ifconfig lo0 alias 127.0.0.7 netmask 255.255.255.255
# sudo ifconfig lo0 alias 127.0.0.8 netmask 255.255.255.255
# sudo ifconfig lo0 alias 127.0.0.9 netmask 255.255.255.255
# sudo ifconfig lo0 alias 127.0.0.10 netmask 255.255.255.255
# sudo ifconfig lo0 alias 127.0.0.11 netmask 255.255.255.255
# sudo ifconfig lo0 alias 127.0.0.12 netmask 255.255.255.255
# sudo ifconfig lo0 alias 127.0.0.13 netmask 255.255.255.255
# sudo ifconfig lo0 alias 127.0.0.14 netmask 255.255.255.255
# sudo ifconfig lo0 alias 127.0.0.15 netmask 255.255.255.255
# sudo ifconfig lo0 alias 127.0.0.16 netmask 255.255.255.255
# sudo ifconfig lo0 alias 127.0.0.17 netmask 255.255.255.255
# sudo ifconfig lo0 alias 127.0.0.18 netmask 255.255.255.255
# sudo ifconfig lo0 alias 127.0.0.19 netmask 255.255.255.255
# sudo ifconfig lo0 alias 127.0.0.20 netmask 255.255.255.255
# sudo ifconfig lo0 alias 127.0.1.10 netmask 255.255.255.255
# - name: Install the dependencies for building the source code.
# run: brew install mongo-c-driver libidn libmicrohttpd nghttp2 bison libusrsctp libtins talloc meson
# - name: Check out repository code
# uses: actions/checkout@main
# - name: Setup Meson Build
# run: PATH="/usr/local/opt/bison/bin:$PATH" PKG_CONFIG_PATH="/usr/local/opt/openssl/lib/pkgconfig:$PKG_CONFIG_PATH" meson setup build
# env:
# CC: gcc
# - name : Build Open5GS
# run: ninja -C build
# - name: Test Open5GS
# run: sudo meson test -C build -v crypt unit
#
ubuntu-latest:
name: Build and Test on Ubuntu Latest
runs-on: ubuntu-latest

6
README.md
View File

@@ -37,4 +37,8 @@ If you're contributing through a pull request to Open5GS project on GitHub, plea
## License
- Open5GS Open Source files are made available under the terms of the GNU Affero General Public License ([GNU AGPL v3.0](https://www.gnu.org/licenses/agpl-3.0.html)).
- [Commercial licenses](https://open5gs.org/open5gs/support/) are also available from [NeoPlane](https://neoplane.io/)
- [Commercial licenses](https://open5gs.org/open5gs/support/) are also available from [NewPlane](https://newplane.io/) at [sales@newplane.io](mailto:sales@newplane.io).
## Support
Technical support and customized services for Open5GS are provided by [NewPlane](https://newplane.io/) at [support@newplane.io](mailto:support@newplane.io).

335
configs/attach.yaml.in Normal file
View File

@@ -0,0 +1,335 @@
db_uri: mongodb://localhost/open5gs
logger:
test:
serving:
- plmn_id:
mcc: 999
mnc: 70
global:
parameter:
# no_nrf: true
# no_scp: true
no_sepp: true
# no_amf: true
# no_smf: true
# no_upf: true
# no_ausf: true
# no_udm: true
# no_pcf: true
# no_nssf: true
# no_bsf: true
# no_udr: true
# no_mme: true
# no_sgwc: true
# no_sgwu: true
# no_pcrf: true
# no_hss: true
mme:
freeDiameter:
identity: mme.localdomain
realm: localdomain
listen_on: 127.0.0.2
no_fwd: true
load_extension:
- module: @build_subprojects_freeDiameter_extensions_dir@/dbg_msg_dumps.fdx
conf: 0x8888
- module: @build_subprojects_freeDiameter_extensions_dir@/dict_rfc5777.fdx
- module: @build_subprojects_freeDiameter_extensions_dir@/dict_mip6i.fdx
- module: @build_subprojects_freeDiameter_extensions_dir@/dict_nasreq.fdx
- module: @build_subprojects_freeDiameter_extensions_dir@/dict_nas_mipv6.fdx
- module: @build_subprojects_freeDiameter_extensions_dir@/dict_dcca.fdx
- module: @build_subprojects_freeDiameter_extensions_dir@/dict_dcca_3gpp/dict_dcca_3gpp.fdx
connect:
- identity: hss.localdomain
address: 127.0.0.8
s1ap:
server:
- address: 127.0.0.2
gtpc:
server:
- address: 127.0.0.2
client:
sgwc:
- address: 127.0.0.3
smf:
- address: 127.0.0.4
metrics:
server:
- address: 127.0.0.2
port: 9090
gummei:
- plmn_id:
mcc: 999
mnc: 70
mme_gid: 2
mme_code: 1
tai:
- plmn_id:
mcc: 999
mnc: 70
tac: 1
security:
integrity_order : [ EIA2, EIA1, EIA0 ]
ciphering_order : [ EEA0, EEA1, EEA2 ]
network_name:
full: Open5GS
time:
t3412:
value: 540
sgwc:
gtpc:
server:
- address: 127.0.0.3
pfcp:
server:
- address: 127.0.0.3
client:
sgwu:
- address: 127.0.0.6
smf:
# sbi:
# server:
# - address: 127.0.0.4
# port: 7777
# client:
# scp:
# - uri: http://127.0.0.200:7777
pfcp:
server:
- address: 127.0.0.4
client:
upf:
- address: 127.0.0.7
gtpc:
server:
- address: 127.0.0.4
gtpu:
server:
- address: 127.0.0.4
metrics:
server:
- address: 127.0.0.4
port: 9090
session:
- subnet: 10.45.0.0/16
gateway: 10.45.0.1
- subnet: 2001:db8:cafe::/48
gateway: 2001:db8:cafe::1
dns:
- 8.8.8.8
- 8.8.4.4
- 2001:4860:4860::8888
- 2001:4860:4860::8844
mtu: 1400
freeDiameter:
identity: smf.localdomain
realm: localdomain
listen_on: 127.0.0.4
no_fwd: true
load_extension:
- module: @build_subprojects_freeDiameter_extensions_dir@/dbg_msg_dumps.fdx
conf: 0x8888
- module: @build_subprojects_freeDiameter_extensions_dir@/dict_rfc5777.fdx
- module: @build_subprojects_freeDiameter_extensions_dir@/dict_mip6i.fdx
- module: @build_subprojects_freeDiameter_extensions_dir@/dict_nasreq.fdx
- module: @build_subprojects_freeDiameter_extensions_dir@/dict_nas_mipv6.fdx
- module: @build_subprojects_freeDiameter_extensions_dir@/dict_dcca.fdx
- module: @build_subprojects_freeDiameter_extensions_dir@/dict_dcca_3gpp/dict_dcca_3gpp.fdx
connect:
- identity: pcrf.localdomain
address: 127.0.0.9
amf:
sbi:
server:
- address: 127.0.0.5
port: 7777
client:
scp:
- uri: http://127.0.0.200:7777
ngap:
server:
- address: 127.0.0.5
metrics:
server:
- address: 127.0.0.5
port: 9090
guami:
- plmn_id:
mcc: 999
mnc: 70
amf_id:
region: 2
set: 1
tai:
- plmn_id:
mcc: 999
mnc: 70
tac: 1
plmn_support:
- plmn_id:
mcc: 999
mnc: 70
s_nssai:
- sst: 1
security:
integrity_order : [ NIA2, NIA1, NIA0 ]
ciphering_order : [ NEA0, NEA1, NEA2 ]
network_name:
full: Open5GS
amf_name: open5gs-amf0
time:
t3512:
value: 540 # 9 mintues * 60 = 540 seconds
sgwu:
pfcp:
server:
- address: 127.0.0.6
gtpu:
server:
- address: 127.0.0.6
upf:
pfcp:
server:
- address: 127.0.0.7
gtpu:
server:
- address: 127.0.0.7
session:
- subnet: 10.45.0.0/16
gateway: 10.45.0.1
- subnet: 2001:db8:cafe::/48
gateway: 2001:db8:cafe::1
metrics:
server:
- address: 127.0.0.7
port: 9090
hss:
freeDiameter:
identity: hss.localdomain
realm: localdomain
listen_on: 127.0.0.8
no_fwd: true
load_extension:
- module: @build_subprojects_freeDiameter_extensions_dir@/dbg_msg_dumps.fdx
conf: 0x8888
- module: @build_subprojects_freeDiameter_extensions_dir@/dict_rfc5777.fdx
- module: @build_subprojects_freeDiameter_extensions_dir@/dict_mip6i.fdx
- module: @build_subprojects_freeDiameter_extensions_dir@/dict_nasreq.fdx
- module: @build_subprojects_freeDiameter_extensions_dir@/dict_nas_mipv6.fdx
- module: @build_subprojects_freeDiameter_extensions_dir@/dict_dcca.fdx
- module: @build_subprojects_freeDiameter_extensions_dir@/dict_dcca_3gpp/dict_dcca_3gpp.fdx
connect:
- identity: mme.localdomain
address: 127.0.0.2
pcrf:
freeDiameter:
identity: pcrf.localdomain
realm: localdomain
listen_on: 127.0.0.9
no_fwd: true
load_extension:
- module: @build_subprojects_freeDiameter_extensions_dir@/dbg_msg_dumps.fdx
conf: 0x8888
- module: @build_subprojects_freeDiameter_extensions_dir@/dict_rfc5777.fdx
- module: @build_subprojects_freeDiameter_extensions_dir@/dict_mip6i.fdx
- module: @build_subprojects_freeDiameter_extensions_dir@/dict_nasreq.fdx
- module: @build_subprojects_freeDiameter_extensions_dir@/dict_nas_mipv6.fdx
- module: @build_subprojects_freeDiameter_extensions_dir@/dict_dcca.fdx
- module: @build_subprojects_freeDiameter_extensions_dir@/dict_dcca_3gpp/dict_dcca_3gpp.fdx
connect:
- identity: smf.localdomain
address: 127.0.0.4
nrf:
sbi:
server:
- address: 127.0.0.10
port: 7777
scp:
sbi:
server:
- address: 127.0.0.200
port: 7777
client:
nrf:
- uri: http://127.0.0.10:7777
ausf:
sbi:
server:
- address: 127.0.0.11
port: 7777
client:
scp:
- uri: http://127.0.0.200:7777
udm:
hnet:
- id: 1
scheme: 1
key: @build_configs_dir@/open5gs/hnet/curve25519-1.key
- id: 2
scheme: 2
key: @build_configs_dir@/open5gs/hnet/secp256r1-2.key
sbi:
server:
- address: 127.0.0.12
port: 7777
client:
scp:
- uri: http://127.0.0.200:7777
pcf:
sbi:
server:
- address: 127.0.0.13
port: 7777
client:
scp:
- uri: http://127.0.0.200:7777
metrics:
server:
- address: 127.0.0.13
port: 9090
nssf:
sbi:
server:
- address: 127.0.0.14
port: 7777
client:
scp:
- uri: http://127.0.0.200:7777
nsi:
- uri: http://127.0.0.10:7777
s_nssai:
sst: 1
bsf:
sbi:
server:
- address: 127.0.0.15
port: 7777
client:
scp:
- uri: http://127.0.0.200:7777
udr:
sbi:
server:
- address: 127.0.0.20
port: 7777
client:
scp:
- uri: http://127.0.0.200:7777

2
configs/csfb.yaml.in
View File

@@ -59,7 +59,7 @@ mme:
smf:
- address: 127.0.0.4
sgsap:
server:
client:
- address: 127.0.0.2
map:
tai:

530
configs/examples/5gc-no-scp-sepp1-999-70.yaml.in Normal file
View File

@@ -0,0 +1,530 @@
db_uri: mongodb://localhost/open5gs
logger:
global:
parameter:
# no_nrf: true
no_scp: true
# no_sepp: true
# no_amf: true
# no_smf: true
# no_upf: true
# no_ausf: true
# no_udm: true
# no_pcf: true
# no_nssf: true
# no_bsf: true
# no_udr: true
no_mme: true
no_sgwc: true
no_sgwu: true
no_pcrf: true
no_hss: true
mme:
freeDiameter:
identity: mme.localdomain
realm: localdomain
listen_on: 127.0.1.2
no_fwd: true
load_extension:
- module: @build_subprojects_freeDiameter_extensions_dir@/dbg_msg_dumps.fdx
conf: 0x8888
- module: @build_subprojects_freeDiameter_extensions_dir@/dict_rfc5777.fdx
- module: @build_subprojects_freeDiameter_extensions_dir@/dict_mip6i.fdx
- module: @build_subprojects_freeDiameter_extensions_dir@/dict_nasreq.fdx
- module: @build_subprojects_freeDiameter_extensions_dir@/dict_nas_mipv6.fdx
- module: @build_subprojects_freeDiameter_extensions_dir@/dict_dcca.fdx
- module: @build_subprojects_freeDiameter_extensions_dir@/dict_dcca_3gpp/dict_dcca_3gpp.fdx
connect:
- identity: hss.localdomain
address: 127.0.1.8
s1ap:
server:
- address: 127.0.1.2
gtpc:
server:
- address: 127.0.1.2
client:
sgwc:
- address: 127.0.1.3
smf:
- address: 127.0.1.4
metrics:
server:
- address: 127.0.1.2
port: 9090
gummei:
- plmn_id:
mcc: 999
mnc: 70
mme_gid: 2
mme_code: 1
tai:
- plmn_id:
mcc: 999
mnc: 70
tac: 1
security:
integrity_order : [ EIA2, EIA1, EIA0 ]
ciphering_order : [ EEA0, EEA1, EEA2 ]
network_name:
full: Open5GS
time:
t3412:
value: 3240
sgwc:
gtpc:
server:
- address: 127.0.1.3
pfcp:
server:
- address: 127.0.1.3
client:
sgwu:
- address: 127.0.1.6
smf:
sbi:
server:
# - address: 127.0.1.4
# port: 7777
- address: smf.5gc.mnc070.mcc999.3gppnetwork.org
client:
nrf:
- uri: http://nrf.5gc.mnc070.mcc999.3gppnetwork.org
pfcp:
server:
- address: 127.0.1.4
client:
upf:
- address: 127.0.1.7
gtpc:
server:
- address: 127.0.1.4
gtpu:
server:
- address: 127.0.1.4
metrics:
server:
- address: 127.0.1.4
port: 9090
session:
- subnet: 10.45.0.0/16
gateway: 10.45.0.1
- subnet: 2001:db8:cafe::/48
gateway: 2001:db8:cafe::1
dns:
- 8.8.8.8
- 8.8.4.4
- 2001:4860:4860::8888
- 2001:4860:4860::8844
mtu: 1400
freeDiameter:
identity: smf.localdomain
realm: localdomain
listen_on: 127.0.1.4
no_fwd: true
load_extension:
- module: @build_subprojects_freeDiameter_extensions_dir@/dbg_msg_dumps.fdx
conf: 0x8888
- module: @build_subprojects_freeDiameter_extensions_dir@/dict_rfc5777.fdx
- module: @build_subprojects_freeDiameter_extensions_dir@/dict_mip6i.fdx
- module: @build_subprojects_freeDiameter_extensions_dir@/dict_nasreq.fdx
- module: @build_subprojects_freeDiameter_extensions_dir@/dict_nas_mipv6.fdx
- module: @build_subprojects_freeDiameter_extensions_dir@/dict_dcca.fdx
- module: @build_subprojects_freeDiameter_extensions_dir@/dict_dcca_3gpp/dict_dcca_3gpp.fdx
connect:
- identity: pcrf.localdomain
address: 127.0.1.9
amf:
sbi:
server:
- address: 127.0.1.5
port: 7777
client:
nrf:
- uri: http://nrf.5gc.mnc070.mcc999.3gppnetwork.org
ngap:
server:
- address: 127.0.1.5
metrics:
server:
- address: 127.0.1.5
port: 9090
access_control:
- plmn_id:
mcc: 999
mnc: 70
- plmn_id:
mcc: 001
mnc: 01
- plmn_id:
mcc: 315
mnc: 010
guami:
- plmn_id:
mcc: 999
mnc: 70
amf_id:
region: 2
set: 1
tai:
- plmn_id:
mcc: 999
mnc: 70
tac: 1
plmn_support:
- plmn_id:
mcc: 999
mnc: 70
s_nssai:
- sst: 1
security:
integrity_order : [ NIA2, NIA1, NIA0 ]
ciphering_order : [ NEA0, NEA1, NEA2 ]
network_name:
full: Open5GS
amf_name: open5gs-amf0
time:
t3512:
value: 540 # 9 mintues * 60 = 540 seconds
sgwu:
pfcp:
server:
- address: 127.0.1.6
gtpu:
server:
- address: 127.0.1.6
upf:
pfcp:
server:
- address: 127.0.1.7
gtpu:
server:
- address: 127.0.1.7
session:
- subnet: 10.45.0.0/16
gateway: 10.45.0.1
- subnet: 2001:db8:cafe::/48
gateway: 2001:db8:cafe::1
metrics:
server:
- address: 127.0.1.7
port: 9090
hss:
freeDiameter:
identity: hss.localdomain
realm: localdomain
listen_on: 127.0.1.8
no_fwd: true
load_extension:
- module: @build_subprojects_freeDiameter_extensions_dir@/dbg_msg_dumps.fdx
conf: 0x8888
- module: @build_subprojects_freeDiameter_extensions_dir@/dict_rfc5777.fdx
- module: @build_subprojects_freeDiameter_extensions_dir@/dict_mip6i.fdx
- module: @build_subprojects_freeDiameter_extensions_dir@/dict_nasreq.fdx
- module: @build_subprojects_freeDiameter_extensions_dir@/dict_nas_mipv6.fdx
- module: @build_subprojects_freeDiameter_extensions_dir@/dict_dcca.fdx
- module: @build_subprojects_freeDiameter_extensions_dir@/dict_dcca_3gpp/dict_dcca_3gpp.fdx
connect:
- identity: mme.localdomain
address: 127.0.1.2
pcrf:
freeDiameter:
identity: pcrf.localdomain
realm: localdomain
listen_on: 127.0.1.9
no_fwd: true
load_extension:
- module: @build_subprojects_freeDiameter_extensions_dir@/dbg_msg_dumps.fdx
conf: 0x8888
- module: @build_subprojects_freeDiameter_extensions_dir@/dict_rfc5777.fdx
- module: @build_subprojects_freeDiameter_extensions_dir@/dict_mip6i.fdx
- module: @build_subprojects_freeDiameter_extensions_dir@/dict_nasreq.fdx
- module: @build_subprojects_freeDiameter_extensions_dir@/dict_nas_mipv6.fdx
- module: @build_subprojects_freeDiameter_extensions_dir@/dict_dcca.fdx
- module: @build_subprojects_freeDiameter_extensions_dir@/dict_dcca_3gpp/dict_dcca_3gpp.fdx
connect:
- identity: smf.localdomain
address: 127.0.1.4
nrf:
serving:
- plmn_id:
mcc: 999
mnc: 70
sbi:
server:
# - address: 127.0.1.10
# port: 7777
- address: nrf.5gc.mnc070.mcc999.3gppnetwork.org
sepp:
default:
tls:
server:
private_key: @build_configs_dir@/open5gs/tls/sepp1.key
cert: @build_configs_dir@/open5gs/tls/sepp1.crt
client:
cacert: @build_configs_dir@/open5gs/tls/ca.crt
sbi:
server:
- address: 127.0.1.250
port: 7777
client:
nrf:
- uri: http://nrf.5gc.mnc070.mcc999.3gppnetwork.org
n32:
server:
- sender: sepp1.localdomain
address: 127.0.1.251
port: 7777
n32f:
address: 127.0.1.252
port: 7777
client:
sepp:
- receiver: sepp2.localdomain
uri: http://127.0.2.251:7777
n32f:
uri: http://127.0.2.252:7777
- receiver: sepp3.localdomain
uri: http://127.0.3.251:7777
n32f:
uri: http://127.0.3.252:7777
ausf:
sbi:
server:
# - address: 127.0.1.11
# port: 7777
- address: ausf.5gc.mnc070.mcc999.3gppnetwork.org
client:
nrf:
- uri: http://nrf.5gc.mnc070.mcc999.3gppnetwork.org
udm:
hnet:
- id: 1
scheme: 1
key: @build_configs_dir@/open5gs/hnet/curve25519-1.key
- id: 2
scheme: 2
key: @build_configs_dir@/open5gs/hnet/secp256r1-2.key
sbi:
server:
# - address: 127.0.1.12
# port: 7777
- address: udm.5gc.mnc070.mcc999.3gppnetwork.org
client:
nrf:
- uri: http://nrf.5gc.mnc070.mcc999.3gppnetwork.org
pcf:
sbi:
server:
- address: 127.0.1.13
port: 7777
client:
nrf:
- uri: http://nrf.5gc.mnc070.mcc999.3gppnetwork.org
metrics:
server:
- address: 127.0.1.13
port: 9090
policy:
- plmn_id:
mcc: 001
mnc: 01
slice:
- sst: 1 # 1,2,3,4
default_indicator: true
session:
- name: internet
type: 3 # 1:IPv4, 2:IPv6, 3:IPv4v6
ambr:
downlink:
value: 1
unit: 3 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
uplink:
value: 1
unit: 3
qos:
index: 9 # 1, 2, 3, 4, 65, 66, 67, 75, 71, 72, 73, 74, 76, 5, 6, 7, 8, 9, 69, 70, 79, 80, 82, 83, 84, 85, 86
arp:
priority_level: 8 # 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15
pre_emption_vulnerability: 1 # 1: Disabled, 2:Enabled
pre_emption_capability: 1 # 1: Disabled, 2:Enabled
- name: ims
type: 3 # 1:IPv4, 2:IPv6, 3:IPv4v6
ambr:
downlink:
value: 1
unit: 3 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
uplink:
value: 1
unit: 3 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
qos:
index: 5 # 1, 2, 3, 4, 65, 66, 67, 75, 71, 72, 73, 74, 76, 5, 6, 7, 8, 9, 69, 70, 79, 80, 82, 83, 84, 85, 86
arp:
priority_level: 1 # 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15
pre_emption_vulnerability: 1 # 1: Disabled, 2:Enabled
pre_emption_capability: 1 # 1: Disabled, 2:Enabled
pcc_rule:
- qos:
index: 1 # 1, 2, 3, 4, 65, 66, 67, 75, 71, 72, 73, 74, 76, 5, 6, 7, 8, 9, 69, 70, 79, 80, 82, 83, 84, 85, 86
arp:
priority_level: 1 # 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15
pre_emption_vulnerability: 1 # 1: Disabled, 2:Enabled
pre_emption_capability: 1 # 1: Disabled, 2:Enabled
mbr:
downlink:
value: 82
unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
uplink:
value: 82
unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
gbr:
downlink:
value: 82
unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
uplink:
value: 82
unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
- qos:
index: 2 # 1, 2, 3, 4, 65, 66, 67, 75, 71, 72, 73, 74, 76, 5, 6, 7, 8, 9, 69, 70, 79, 80, 82, 83, 84, 85, 86
arp:
priority_level: 4 # 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15
pre_emption_vulnerability: 2 # 1: Disabled, 2:Enabled
pre_emption_capability: 2 # 1: Disabled, 2:Enabled
mbr:
downlink:
value: 802
unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
uplink:
value: 802
unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
gbr:
downlink:
value: 802
unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
uplink:
value: 802
unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
- plmn_id:
mcc: 315
mnc: 010
slice:
- sst: 1 # 1,2,3,4
default_indicator: true
session:
- name: internet
type: 3 # 1:IPv4, 2:IPv6, 3:IPv4v6
ambr:
downlink:
value: 1
unit: 3 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
uplink:
value: 1
unit: 3
qos:
index: 9 # 1, 2, 3, 4, 65, 66, 67, 75, 71, 72, 73, 74, 76, 5, 6, 7, 8, 9, 69, 70, 79, 80, 82, 83, 84, 85, 86
arp:
priority_level: 8 # 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15
pre_emption_vulnerability: 1 # 1: Disabled, 2:Enabled
pre_emption_capability: 1 # 1: Disabled, 2:Enabled
- name: ims
type: 3 # 1:IPv4, 2:IPv6, 3:IPv4v6
ambr:
downlink:
value: 1
unit: 3 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
uplink:
value: 1
unit: 3 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
qos:
index: 5 # 1, 2, 3, 4, 65, 66, 67, 75, 71, 72, 73, 74, 76, 5, 6, 7, 8, 9, 69, 70, 79, 80, 82, 83, 84, 85, 86
arp:
priority_level: 1 # 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15
pre_emption_vulnerability: 1 # 1: Disabled, 2:Enabled
pre_emption_capability: 1 # 1: Disabled, 2:Enabled
pcc_rule:
- qos:
index: 1 # 1, 2, 3, 4, 65, 66, 67, 75, 71, 72, 73, 74, 76, 5, 6, 7, 8, 9, 69, 70, 79, 80, 82, 83, 84, 85, 86
arp:
priority_level: 1 # 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15
pre_emption_vulnerability: 1 # 1: Disabled, 2:Enabled
pre_emption_capability: 1 # 1: Disabled, 2:Enabled
mbr:
downlink:
value: 82
unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
uplink:
value: 82
unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
gbr:
downlink:
value: 82
unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
uplink:
value: 82
unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
- qos:
index: 2 # 1, 2, 3, 4, 65, 66, 67, 75, 71, 72, 73, 74, 76, 5, 6, 7, 8, 9, 69, 70, 79, 80, 82, 83, 84, 85, 86
arp:
priority_level: 4 # 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15
pre_emption_vulnerability: 2 # 1: Disabled, 2:Enabled
pre_emption_capability: 2 # 1: Disabled, 2:Enabled
mbr:
downlink:
value: 802
unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
uplink:
value: 802
unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
gbr:
downlink:
value: 802
unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
uplink:
value: 802
unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
nssf:
sbi:
server:
# - address: 127.0.1.14
# port: 7777
- address: nssf.5gc.mnc070.mcc999.3gppnetwork.org
client:
nrf:
- uri: http://nrf.5gc.mnc070.mcc999.3gppnetwork.org
nsi:
- uri: http://nrf.5gc.mnc070.mcc999.3gppnetwork.org
s_nssai:
sst: 1
bsf:
sbi:
server:
- address: 127.0.1.15
port: 7777
client:
nrf:
- uri: http://nrf.5gc.mnc070.mcc999.3gppnetwork.org
udr:
sbi:
server:
- address: 127.0.1.20
port: 7777
client:
nrf:
- uri: http://nrf.5gc.mnc070.mcc999.3gppnetwork.org

532
configs/examples/5gc-no-scp-sepp2-001-01.yaml.in Normal file
View File

@@ -0,0 +1,532 @@
db_uri: mongodb://localhost/open5gs
logger:
global:
parameter:
# no_nrf: true
no_scp: true
# no_sepp: true
# no_amf: true
# no_smf: true
# no_upf: true
# no_ausf: true
# no_udm: true
# no_pcf: true
# no_nssf: true
# no_bsf: true
# no_udr: true
no_mme: true
no_sgwc: true
no_sgwu: true
no_pcrf: true
no_hss: true
mme:
freeDiameter:
identity: mme.localdomain
realm: localdomain
listen_on: 127.0.2.2
no_fwd: true
load_extension:
- module: @build_subprojects_freeDiameter_extensions_dir@/dbg_msg_dumps.fdx
conf: 0x8888
- module: @build_subprojects_freeDiameter_extensions_dir@/dict_rfc5777.fdx
- module: @build_subprojects_freeDiameter_extensions_dir@/dict_mip6i.fdx
- module: @build_subprojects_freeDiameter_extensions_dir@/dict_nasreq.fdx
- module: @build_subprojects_freeDiameter_extensions_dir@/dict_nas_mipv6.fdx
- module: @build_subprojects_freeDiameter_extensions_dir@/dict_dcca.fdx
- module: @build_subprojects_freeDiameter_extensions_dir@/dict_dcca_3gpp/dict_dcca_3gpp.fdx
connect:
- identity: hss.localdomain
address: 127.0.2.8
s1ap:
server:
- address: 127.0.2.2
gtpc:
server:
- address: 127.0.2.2
client:
sgwc:
- address: 127.0.2.3
smf:
- address: 127.0.2.4
metrics:
server:
- address: 127.0.2.2
port: 9090
gummei:
- plmn_id:
mcc: 001
mnc: 01
mme_gid: 2
mme_code: 1
tai:
- plmn_id:
mcc: 001
mnc: 01
tac: 1
security:
integrity_order : [ EIA2, EIA1, EIA0 ]
ciphering_order : [ EEA0, EEA1, EEA2 ]
network_name:
full: Open5GS
time:
t3412:
value: 3240
sgwc:
gtpc:
server:
- address: 127.0.2.3
pfcp:
server:
- address: 127.0.2.3
client:
sgwu:
- address: 127.0.2.6
smf:
sbi:
server:
# - address: 127.0.2.4
# port: 7777
- address: smf.5gc.mnc001.mcc001.3gppnetwork.org
client:
nrf:
- uri: http://nrf.5gc.mnc001.mcc001.3gppnetwork.org
pfcp:
server:
- address: 127.0.2.4
client:
upf:
- address: 127.0.2.7
gtpc:
server:
- address: 127.0.2.4
gtpu:
server:
- address: 127.0.2.4
metrics:
server:
- address: 127.0.2.4
port: 9090
session:
- subnet: 10.46.0.0/16
gateway: 10.46.0.1
- subnet: 2001:db8:babe::/48
gateway: 2001:db8:babe::1
dns:
- 8.8.8.8
- 8.8.4.4
- 2001:4860:4860::8888
- 2001:4860:4860::8844
mtu: 1400
freeDiameter:
identity: smf.localdomain
realm: localdomain
listen_on: 127.0.2.4
no_fwd: true
load_extension:
- module: @build_subprojects_freeDiameter_extensions_dir@/dbg_msg_dumps.fdx
conf: 0x8888
- module: @build_subprojects_freeDiameter_extensions_dir@/dict_rfc5777.fdx
- module: @build_subprojects_freeDiameter_extensions_dir@/dict_mip6i.fdx
- module: @build_subprojects_freeDiameter_extensions_dir@/dict_nasreq.fdx
- module: @build_subprojects_freeDiameter_extensions_dir@/dict_nas_mipv6.fdx
- module: @build_subprojects_freeDiameter_extensions_dir@/dict_dcca.fdx
- module: @build_subprojects_freeDiameter_extensions_dir@/dict_dcca_3gpp/dict_dcca_3gpp.fdx
connect:
- identity: pcrf.localdomain
address: 127.0.2.9
amf:
sbi:
server:
- address: 127.0.2.5
port: 7777
client:
nrf:
- uri: http://nrf.5gc.mnc001.mcc001.3gppnetwork.org
ngap:
server:
- address: 127.0.2.5
metrics:
server:
- address: 127.0.2.5
port: 9090
access_control:
- plmn_id:
mcc: 999
mnc: 70
- plmn_id:
mcc: 001
mnc: 01
- plmn_id:
mcc: 315
mnc: 010
guami:
- plmn_id:
mcc: 001
mnc: 01
amf_id:
region: 2
set: 1
tai:
- plmn_id:
mcc: 001
mnc: 01
tac: 1
plmn_support:
- plmn_id:
mcc: 001
mnc: 01
s_nssai:
- sst: 1
security:
integrity_order : [ NIA2, NIA1, NIA0 ]
ciphering_order : [ NEA0, NEA1, NEA2 ]
network_name:
full: Open5GS
amf_name: open5gs-amf0
time:
t3512:
value: 540 # 9 mintues * 60 = 540 seconds
sgwu:
pfcp:
server:
- address: 127.0.2.6
gtpu:
server:
- address: 127.0.2.6
upf:
pfcp:
server:
- address: 127.0.2.7
gtpu:
server:
- address: 127.0.2.7
session:
- subnet: 10.46.0.0/16
gateway: 10.46.0.1
dev: ogstun2
- subnet: 2001:db8:babe::/48
gateway: 2001:db8:babe::1
dev: ogstun2
metrics:
server:
- address: 127.0.2.7
port: 9090
hss:
freeDiameter:
identity: hss.localdomain
realm: localdomain
listen_on: 127.0.2.8
no_fwd: true
load_extension:
- module: @build_subprojects_freeDiameter_extensions_dir@/dbg_msg_dumps.fdx
conf: 0x8888
- module: @build_subprojects_freeDiameter_extensions_dir@/dict_rfc5777.fdx
- module: @build_subprojects_freeDiameter_extensions_dir@/dict_mip6i.fdx
- module: @build_subprojects_freeDiameter_extensions_dir@/dict_nasreq.fdx
- module: @build_subprojects_freeDiameter_extensions_dir@/dict_nas_mipv6.fdx
- module: @build_subprojects_freeDiameter_extensions_dir@/dict_dcca.fdx
- module: @build_subprojects_freeDiameter_extensions_dir@/dict_dcca_3gpp/dict_dcca_3gpp.fdx
connect:
- identity: mme.localdomain
address: 127.0.2.2
pcrf:
freeDiameter:
identity: pcrf.localdomain
realm: localdomain
listen_on: 127.0.2.9
no_fwd: true
load_extension:
- module: @build_subprojects_freeDiameter_extensions_dir@/dbg_msg_dumps.fdx
conf: 0x8888
- module: @build_subprojects_freeDiameter_extensions_dir@/dict_rfc5777.fdx
- module: @build_subprojects_freeDiameter_extensions_dir@/dict_mip6i.fdx
- module: @build_subprojects_freeDiameter_extensions_dir@/dict_nasreq.fdx
- module: @build_subprojects_freeDiameter_extensions_dir@/dict_nas_mipv6.fdx
- module: @build_subprojects_freeDiameter_extensions_dir@/dict_dcca.fdx
- module: @build_subprojects_freeDiameter_extensions_dir@/dict_dcca_3gpp/dict_dcca_3gpp.fdx
connect:
- identity: smf.localdomain
address: 127.0.2.4
nrf:
serving:
- plmn_id:
mcc: 001
mnc: 01
sbi:
server:
# - address: 127.0.2.10
# port: 7777
- address: nrf.5gc.mnc001.mcc001.3gppnetwork.org
sepp:
default:
tls:
server:
private_key: @build_configs_dir@/open5gs/tls/sepp2.key
cert: @build_configs_dir@/open5gs/tls/sepp2.crt
client:
cacert: @build_configs_dir@/open5gs/tls/ca.crt
sbi:
server:
- address: 127.0.2.250
port: 7777
client:
nrf:
- uri: http://nrf.5gc.mnc001.mcc001.3gppnetwork.org
n32:
server:
- sender: sepp2.localdomain
address: 127.0.2.251
port: 7777
n32f:
address: 127.0.2.252
port: 7777
client:
sepp:
- receiver: sepp1.localdomain
uri: http://127.0.1.251:7777
n32f:
uri: http://127.0.1.252:7777
- receiver: sepp3.localdomain
uri: http://127.0.3.251:7777
n32f:
uri: http://127.0.3.252:7777
ausf:
sbi:
server:
# - address: 127.0.2.11
# port: 7777
- address: ausf.5gc.mnc001.mcc001.3gppnetwork.org
client:
nrf:
- uri: http://nrf.5gc.mnc001.mcc001.3gppnetwork.org
udm:
hnet:
- id: 1
scheme: 1
key: @build_configs_dir@/open5gs/hnet/curve25519-1.key
- id: 2
scheme: 2
key: @build_configs_dir@/open5gs/hnet/secp256r1-2.key
sbi:
server:
# - address: 127.0.2.12
# port: 7777
- address: udm.5gc.mnc001.mcc001.3gppnetwork.org
client:
nrf:
- uri: http://nrf.5gc.mnc001.mcc001.3gppnetwork.org
pcf:
sbi:
server:
- address: 127.0.2.13
port: 7777
client:
nrf:
- uri: http://nrf.5gc.mnc001.mcc001.3gppnetwork.org
metrics:
server:
- address: 127.0.2.13
port: 9090
policy:
- plmn_id:
mcc: 999
mnc: 70
slice:
- sst: 1 # 1,2,3,4
default_indicator: true
session:
- name: internet
type: 3 # 1:IPv4, 2:IPv6, 3:IPv4v6
ambr:
downlink:
value: 1
unit: 3 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
uplink:
value: 1
unit: 3
qos:
index: 9 # 1, 2, 3, 4, 65, 66, 67, 75, 71, 72, 73, 74, 76, 5, 6, 7, 8, 9, 69, 70, 79, 80, 82, 83, 84, 85, 86
arp:
priority_level: 8 # 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15
pre_emption_vulnerability: 1 # 1: Disabled, 2:Enabled
pre_emption_capability: 1 # 1: Disabled, 2:Enabled
- name: ims
type: 3 # 1:IPv4, 2:IPv6, 3:IPv4v6
ambr:
downlink:
value: 1
unit: 3 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
uplink:
value: 1
unit: 3 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
qos:
index: 5 # 1, 2, 3, 4, 65, 66, 67, 75, 71, 72, 73, 74, 76, 5, 6, 7, 8, 9, 69, 70, 79, 80, 82, 83, 84, 85, 86
arp:
priority_level: 1 # 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15
pre_emption_vulnerability: 1 # 1: Disabled, 2:Enabled
pre_emption_capability: 1 # 1: Disabled, 2:Enabled
pcc_rule:
- qos:
index: 1 # 1, 2, 3, 4, 65, 66, 67, 75, 71, 72, 73, 74, 76, 5, 6, 7, 8, 9, 69, 70, 79, 80, 82, 83, 84, 85, 86
arp:
priority_level: 1 # 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15
pre_emption_vulnerability: 1 # 1: Disabled, 2:Enabled
pre_emption_capability: 1 # 1: Disabled, 2:Enabled
mbr:
downlink:
value: 82
unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
uplink:
value: 82
unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
gbr:
downlink:
value: 82
unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
uplink:
value: 82
unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
- qos:
index: 2 # 1, 2, 3, 4, 65, 66, 67, 75, 71, 72, 73, 74, 76, 5, 6, 7, 8, 9, 69, 70, 79, 80, 82, 83, 84, 85, 86
arp:
priority_level: 4 # 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15
pre_emption_vulnerability: 2 # 1: Disabled, 2:Enabled
pre_emption_capability: 2 # 1: Disabled, 2:Enabled
mbr:
downlink:
value: 802
unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
uplink:
value: 802
unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
gbr:
downlink:
value: 802
unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
uplink:
value: 802
unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
- plmn_id:
mcc: 315
mnc: 010
slice:
- sst: 1 # 1,2,3,4
default_indicator: true
session:
- name: internet
type: 3 # 1:IPv4, 2:IPv6, 3:IPv4v6
ambr:
downlink:
value: 1
unit: 3 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
uplink:
value: 1
unit: 3
qos:
index: 9 # 1, 2, 3, 4, 65, 66, 67, 75, 71, 72, 73, 74, 76, 5, 6, 7, 8, 9, 69, 70, 79, 80, 82, 83, 84, 85, 86
arp:
priority_level: 8 # 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15
pre_emption_vulnerability: 1 # 1: Disabled, 2:Enabled
pre_emption_capability: 1 # 1: Disabled, 2:Enabled
- name: ims
type: 3 # 1:IPv4, 2:IPv6, 3:IPv4v6
ambr:
downlink:
value: 1
unit: 3 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
uplink:
value: 1
unit: 3 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
qos:
index: 5 # 1, 2, 3, 4, 65, 66, 67, 75, 71, 72, 73, 74, 76, 5, 6, 7, 8, 9, 69, 70, 79, 80, 82, 83, 84, 85, 86
arp:
priority_level: 1 # 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15
pre_emption_vulnerability: 1 # 1: Disabled, 2:Enabled
pre_emption_capability: 1 # 1: Disabled, 2:Enabled
pcc_rule:
- qos:
index: 1 # 1, 2, 3, 4, 65, 66, 67, 75, 71, 72, 73, 74, 76, 5, 6, 7, 8, 9, 69, 70, 79, 80, 82, 83, 84, 85, 86
arp:
priority_level: 1 # 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15
pre_emption_vulnerability: 1 # 1: Disabled, 2:Enabled
pre_emption_capability: 1 # 1: Disabled, 2:Enabled
mbr:
downlink:
value: 82
unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
uplink:
value: 82
unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
gbr:
downlink:
value: 82
unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
uplink:
value: 82
unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
- qos:
index: 2 # 1, 2, 3, 4, 65, 66, 67, 75, 71, 72, 73, 74, 76, 5, 6, 7, 8, 9, 69, 70, 79, 80, 82, 83, 84, 85, 86
arp:
priority_level: 4 # 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15
pre_emption_vulnerability: 2 # 1: Disabled, 2:Enabled
pre_emption_capability: 2 # 1: Disabled, 2:Enabled
mbr:
downlink:
value: 802
unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
uplink:
value: 802
unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
gbr:
downlink:
value: 802
unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
uplink:
value: 802
unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
nssf:
sbi:
server:
# - address: 127.0.2.14
# port: 7777
- address: nssf.5gc.mnc001.mcc001.3gppnetwork.org
client:
nrf:
- uri: http://nrf.5gc.mnc001.mcc001.3gppnetwork.org
nsi:
- uri: http://nrf.5gc.mnc001.mcc001.3gppnetwork.org
s_nssai:
sst: 1
bsf:
sbi:
server:
- address: 127.0.2.15
port: 7777
client:
nrf:
- uri: http://nrf.5gc.mnc001.mcc001.3gppnetwork.org
udr:
sbi:
server:
- address: 127.0.2.20
port: 7777
client:
nrf:
- uri: http://nrf.5gc.mnc001.mcc001.3gppnetwork.org

532
configs/examples/5gc-no-scp-sepp3-315-010.yaml.in Normal file
View File

@@ -0,0 +1,532 @@
db_uri: mongodb://localhost/open5gs
logger:
global:
parameter:
# no_nrf: true
no_scp: true
# no_sepp: true
# no_amf: true
# no_smf: true
# no_upf: true
# no_ausf: true
# no_udm: true
# no_pcf: true
# no_nssf: true
# no_bsf: true
# no_udr: true
no_mme: true
no_sgwc: true
no_sgwu: true
no_pcrf: true
no_hss: true
mme:
freeDiameter:
identity: mme.localdomain
realm: localdomain
listen_on: 127.0.3.2
no_fwd: true
load_extension:
- module: @build_subprojects_freeDiameter_extensions_dir@/dbg_msg_dumps.fdx
conf: 0x8888
- module: @build_subprojects_freeDiameter_extensions_dir@/dict_rfc5777.fdx
- module: @build_subprojects_freeDiameter_extensions_dir@/dict_mip6i.fdx
- module: @build_subprojects_freeDiameter_extensions_dir@/dict_nasreq.fdx
- module: @build_subprojects_freeDiameter_extensions_dir@/dict_nas_mipv6.fdx
- module: @build_subprojects_freeDiameter_extensions_dir@/dict_dcca.fdx
- module: @build_subprojects_freeDiameter_extensions_dir@/dict_dcca_3gpp/dict_dcca_3gpp.fdx
connect:
- identity: hss.localdomain
address: 127.0.3.8
s1ap:
server:
- address: 127.0.3.2
gtpc:
server:
- address: 127.0.3.2
client:
sgwc:
- address: 127.0.3.3
smf:
- address: 127.0.3.4
metrics:
server:
- address: 127.0.3.2
port: 9090
gummei:
- plmn_id:
mcc: 315
mnc: 010
mme_gid: 2
mme_code: 1
tai:
- plmn_id:
mcc: 315
mnc: 010
tac: 1
security:
integrity_order : [ EIA2, EIA1, EIA0 ]
ciphering_order : [ EEA0, EEA1, EEA2 ]
network_name:
full: Open5GS
time:
t3412:
value: 3240
sgwc:
gtpc:
server:
- address: 127.0.3.3
pfcp:
server:
- address: 127.0.3.3
client:
sgwu:
- address: 127.0.3.6
smf:
sbi:
server:
# - address: 127.0.3.4
# port: 7777
- address: smf.5gc.mnc010.mcc315.3gppnetwork.org
client:
nrf:
- uri: http://nrf.5gc.mnc010.mcc315.3gppnetwork.org
pfcp:
server:
- address: 127.0.3.4
client:
upf:
- address: 127.0.3.7
gtpc:
server:
- address: 127.0.3.4
gtpu:
server:
- address: 127.0.3.4
metrics:
server:
- address: 127.0.3.4
port: 9090
session:
- subnet: 10.47.0.0/16
gateway: 10.47.0.1
- subnet: 2001:db8:face::/48
gateway: 2001:db8:face::1
dns:
- 8.8.8.8
- 8.8.4.4
- 2001:4860:4860::8888
- 2001:4860:4860::8844
mtu: 1400
freeDiameter:
identity: smf.localdomain
realm: localdomain
listen_on: 127.0.3.4
no_fwd: true
load_extension:
- module: @build_subprojects_freeDiameter_extensions_dir@/dbg_msg_dumps.fdx
conf: 0x8888
- module: @build_subprojects_freeDiameter_extensions_dir@/dict_rfc5777.fdx
- module: @build_subprojects_freeDiameter_extensions_dir@/dict_mip6i.fdx
- module: @build_subprojects_freeDiameter_extensions_dir@/dict_nasreq.fdx
- module: @build_subprojects_freeDiameter_extensions_dir@/dict_nas_mipv6.fdx
- module: @build_subprojects_freeDiameter_extensions_dir@/dict_dcca.fdx
- module: @build_subprojects_freeDiameter_extensions_dir@/dict_dcca_3gpp/dict_dcca_3gpp.fdx
connect:
- identity: pcrf.localdomain
address: 127.0.3.9
amf:
sbi:
server:
- address: 127.0.3.5
port: 7777
client:
nrf:
- uri: http://nrf.5gc.mnc010.mcc315.3gppnetwork.org
ngap:
server:
- address: 127.0.3.5
metrics:
server:
- address: 127.0.3.5
port: 9090
access_control:
- plmn_id:
mcc: 999
mnc: 70
- plmn_id:
mcc: 001
mnc: 01
- plmn_id:
mcc: 315
mnc: 010
guami:
- plmn_id:
mcc: 315
mnc: 010
amf_id:
region: 2
set: 1
tai:
- plmn_id:
mcc: 315
mnc: 010
tac: 1
plmn_support:
- plmn_id:
mcc: 315
mnc: 010
s_nssai:
- sst: 1
security:
integrity_order : [ NIA2, NIA1, NIA0 ]
ciphering_order : [ NEA0, NEA1, NEA2 ]
network_name:
full: Open5GS
amf_name: open5gs-amf0
time:
t3512:
value: 540 # 9 mintues * 60 = 540 seconds
sgwu:
pfcp:
server:
- address: 127.0.3.6
gtpu:
server:
- address: 127.0.3.6
upf:
pfcp:
server:
- address: 127.0.3.7
gtpu:
server:
- address: 127.0.3.7
session:
- subnet: 10.47.0.0/16
gateway: 10.47.0.1
dev: ogstun3
- subnet: 2001:db8:face::/48
gateway: 2001:db8:face::1
dev: ogstun3
metrics:
server:
- address: 127.0.3.7
port: 9090
hss:
freeDiameter:
identity: hss.localdomain
realm: localdomain
listen_on: 127.0.3.8
no_fwd: true
load_extension:
- module: @build_subprojects_freeDiameter_extensions_dir@/dbg_msg_dumps.fdx
conf: 0x8888
- module: @build_subprojects_freeDiameter_extensions_dir@/dict_rfc5777.fdx
- module: @build_subprojects_freeDiameter_extensions_dir@/dict_mip6i.fdx
- module: @build_subprojects_freeDiameter_extensions_dir@/dict_nasreq.fdx
- module: @build_subprojects_freeDiameter_extensions_dir@/dict_nas_mipv6.fdx
- module: @build_subprojects_freeDiameter_extensions_dir@/dict_dcca.fdx
- module: @build_subprojects_freeDiameter_extensions_dir@/dict_dcca_3gpp/dict_dcca_3gpp.fdx
connect:
- identity: mme.localdomain
address: 127.0.3.2
pcrf:
freeDiameter:
identity: pcrf.localdomain
realm: localdomain
listen_on: 127.0.3.9
no_fwd: true
load_extension:
- module: @build_subprojects_freeDiameter_extensions_dir@/dbg_msg_dumps.fdx
conf: 0x8888
- module: @build_subprojects_freeDiameter_extensions_dir@/dict_rfc5777.fdx
- module: @build_subprojects_freeDiameter_extensions_dir@/dict_mip6i.fdx
- module: @build_subprojects_freeDiameter_extensions_dir@/dict_nasreq.fdx
- module: @build_subprojects_freeDiameter_extensions_dir@/dict_nas_mipv6.fdx
- module: @build_subprojects_freeDiameter_extensions_dir@/dict_dcca.fdx
- module: @build_subprojects_freeDiameter_extensions_dir@/dict_dcca_3gpp/dict_dcca_3gpp.fdx
connect:
- identity: smf.localdomain
address: 127.0.3.4
nrf:
serving:
- plmn_id:
mcc: 315
mnc: 010
sbi:
server:
# - address: 127.0.3.10
# port: 7777
- address: nrf.5gc.mnc010.mcc315.3gppnetwork.org
sepp:
default:
tls:
server:
private_key: @build_configs_dir@/open5gs/tls/sepp3.key
cert: @build_configs_dir@/open5gs/tls/sepp3.crt
client:
cacert: @build_configs_dir@/open5gs/tls/ca.crt
sbi:
server:
- address: 127.0.3.250
port: 7777
client:
nrf:
- uri: http://nrf.5gc.mnc010.mcc315.3gppnetwork.org
n32:
server:
- sender: sepp3.localdomain
address: 127.0.3.251
port: 7777
n32f:
address: 127.0.3.252
port: 7777
client:
sepp:
- receiver: sepp1.localdomain
uri: http://127.0.1.251:7777
n32f:
uri: http://127.0.1.252:7777
- receiver: sepp2.localdomain
uri: http://127.0.2.251:7777
n32f:
uri: http://127.0.2.252:7777
ausf:
sbi:
server:
# - address: 127.0.3.11
# port: 7777
- address: ausf.5gc.mnc010.mcc315.3gppnetwork.org
client:
nrf:
- uri: http://nrf.5gc.mnc010.mcc315.3gppnetwork.org
udm:
hnet:
- id: 1
scheme: 1
key: @build_configs_dir@/open5gs/hnet/curve25519-1.key
- id: 2
scheme: 2
key: @build_configs_dir@/open5gs/hnet/secp256r1-2.key
sbi:
server:
# - address: 127.0.3.12
# port: 7777
- address: udm.5gc.mnc010.mcc315.3gppnetwork.org
client:
nrf:
- uri: http://nrf.5gc.mnc010.mcc315.3gppnetwork.org
pcf:
sbi:
server:
- address: 127.0.3.13
port: 7777
client:
nrf:
- uri: http://nrf.5gc.mnc010.mcc315.3gppnetwork.org
metrics:
server:
- address: 127.0.3.13
port: 9090
policy:
- plmn_id:
mcc: 999
mnc: 70
slice:
- sst: 1 # 1,2,3,4
default_indicator: true
session:
- name: internet
type: 3 # 1:IPv4, 2:IPv6, 3:IPv4v6
ambr:
downlink:
value: 1
unit: 3 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
uplink:
value: 1
unit: 3
qos:
index: 9 # 1, 2, 3, 4, 65, 66, 67, 75, 71, 72, 73, 74, 76, 5, 6, 7, 8, 9, 69, 70, 79, 80, 82, 83, 84, 85, 86
arp:
priority_level: 8 # 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15
pre_emption_vulnerability: 1 # 1: Disabled, 2:Enabled
pre_emption_capability: 1 # 1: Disabled, 2:Enabled
- name: ims
type: 3 # 1:IPv4, 2:IPv6, 3:IPv4v6
ambr:
downlink:
value: 1
unit: 3 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
uplink:
value: 1
unit: 3 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
qos:
index: 5 # 1, 2, 3, 4, 65, 66, 67, 75, 71, 72, 73, 74, 76, 5, 6, 7, 8, 9, 69, 70, 79, 80, 82, 83, 84, 85, 86
arp:
priority_level: 1 # 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15
pre_emption_vulnerability: 1 # 1: Disabled, 2:Enabled
pre_emption_capability: 1 # 1: Disabled, 2:Enabled
pcc_rule:
- qos:
index: 1 # 1, 2, 3, 4, 65, 66, 67, 75, 71, 72, 73, 74, 76, 5, 6, 7, 8, 9, 69, 70, 79, 80, 82, 83, 84, 85, 86
arp:
priority_level: 1 # 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15
pre_emption_vulnerability: 1 # 1: Disabled, 2:Enabled
pre_emption_capability: 1 # 1: Disabled, 2:Enabled
mbr:
downlink:
value: 82
unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
uplink:
value: 82
unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
gbr:
downlink:
value: 82
unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
uplink:
value: 82
unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
- qos:
index: 2 # 1, 2, 3, 4, 65, 66, 67, 75, 71, 72, 73, 74, 76, 5, 6, 7, 8, 9, 69, 70, 79, 80, 82, 83, 84, 85, 86
arp:
priority_level: 4 # 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15
pre_emption_vulnerability: 2 # 1: Disabled, 2:Enabled
pre_emption_capability: 2 # 1: Disabled, 2:Enabled
mbr:
downlink:
value: 802
unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
uplink:
value: 802
unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
gbr:
downlink:
value: 802
unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
uplink:
value: 802
unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
- plmn_id:
mcc: 001
mnc: 01
slice:
- sst: 1 # 1,2,3,4
default_indicator: true
session:
- name: internet
type: 3 # 1:IPv4, 2:IPv6, 3:IPv4v6
ambr:
downlink:
value: 1
unit: 3 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
uplink:
value: 1
unit: 3
qos:
index: 9 # 1, 2, 3, 4, 65, 66, 67, 75, 71, 72, 73, 74, 76, 5, 6, 7, 8, 9, 69, 70, 79, 80, 82, 83, 84, 85, 86
arp:
priority_level: 8 # 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15
pre_emption_vulnerability: 1 # 1: Disabled, 2:Enabled
pre_emption_capability: 1 # 1: Disabled, 2:Enabled
- name: ims
type: 3 # 1:IPv4, 2:IPv6, 3:IPv4v6
ambr:
downlink:
value: 1
unit: 3 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
uplink:
value: 1
unit: 3 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
qos:
index: 5 # 1, 2, 3, 4, 65, 66, 67, 75, 71, 72, 73, 74, 76, 5, 6, 7, 8, 9, 69, 70, 79, 80, 82, 83, 84, 85, 86
arp:
priority_level: 1 # 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15
pre_emption_vulnerability: 1 # 1: Disabled, 2:Enabled
pre_emption_capability: 1 # 1: Disabled, 2:Enabled
pcc_rule:
- qos:
index: 1 # 1, 2, 3, 4, 65, 66, 67, 75, 71, 72, 73, 74, 76, 5, 6, 7, 8, 9, 69, 70, 79, 80, 82, 83, 84, 85, 86
arp:
priority_level: 1 # 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15
pre_emption_vulnerability: 1 # 1: Disabled, 2:Enabled
pre_emption_capability: 1 # 1: Disabled, 2:Enabled
mbr:
downlink:
value: 82
unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
uplink:
value: 82
unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
gbr:
downlink:
value: 82
unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
uplink:
value: 82
unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
- qos:
index: 2 # 1, 2, 3, 4, 65, 66, 67, 75, 71, 72, 73, 74, 76, 5, 6, 7, 8, 9, 69, 70, 79, 80, 82, 83, 84, 85, 86
arp:
priority_level: 4 # 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15
pre_emption_vulnerability: 2 # 1: Disabled, 2:Enabled
pre_emption_capability: 2 # 1: Disabled, 2:Enabled
mbr:
downlink:
value: 802
unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
uplink:
value: 802
unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
gbr:
downlink:
value: 802
unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
uplink:
value: 802
unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
nssf:
sbi:
server:
# - address: 127.0.3.14
# port: 7777
- address: nssf.5gc.mnc010.mcc315.3gppnetwork.org
client:
nrf:
- uri: http://nrf.5gc.mnc010.mcc315.3gppnetwork.org
nsi:
- uri: http://nrf.5gc.mnc010.mcc315.3gppnetwork.org
s_nssai:
sst: 1
bsf:
sbi:
server:
- address: 127.0.3.15
port: 7777
client:
nrf:
- uri: http://nrf.5gc.mnc010.mcc315.3gppnetwork.org
udr:
sbi:
server:
- address: 127.0.3.20
port: 7777
client:
nrf:
- uri: http://nrf.5gc.mnc010.mcc315.3gppnetwork.org

95
configs/examples/5gc-sepp1-999-70.yaml.in
View File

@@ -90,8 +90,9 @@ sgwc:
smf:
sbi:
server:
- address: 127.0.1.4
port: 7777
# - address: 127.0.1.4
# port: 7777
- address: smf.5gc.mnc070.mcc999.3gppnetwork.org
client:
scp:
- uri: http://127.0.1.200:7777
@@ -350,9 +351,9 @@ pcf:
- address: 127.0.1.13
port: 9090
policy:
- plmn_id:
mcc: 001
mnc: 01
- supi_range:
- 001010000000001-001019999999999
- 315010000000001-315010999999999
slice:
- sst: 1 # 1,2,3,4
default_indicator: true
@@ -428,90 +429,12 @@ pcf:
uplink:
value: 802
unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
- plmn_id:
mcc: 315
mnc: 010
slice:
- sst: 1 # 1,2,3,4
default_indicator: true
session:
- name: internet
type: 3 # 1:IPv4, 2:IPv6, 3:IPv4v6
ambr:
downlink:
value: 1
unit: 3 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
uplink:
value: 1
unit: 3
qos:
index: 9 # 1, 2, 3, 4, 65, 66, 67, 75, 71, 72, 73, 74, 76, 5, 6, 7, 8, 9, 69, 70, 79, 80, 82, 83, 84, 85, 86
arp:
priority_level: 8 # 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15
pre_emption_vulnerability: 1 # 1: Disabled, 2:Enabled
pre_emption_capability: 1 # 1: Disabled, 2:Enabled
- name: ims
type: 3 # 1:IPv4, 2:IPv6, 3:IPv4v6
ambr:
downlink:
value: 1
unit: 3 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
uplink:
value: 1
unit: 3 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
qos:
index: 5 # 1, 2, 3, 4, 65, 66, 67, 75, 71, 72, 73, 74, 76, 5, 6, 7, 8, 9, 69, 70, 79, 80, 82, 83, 84, 85, 86
arp:
priority_level: 1 # 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15
pre_emption_vulnerability: 1 # 1: Disabled, 2:Enabled
pre_emption_capability: 1 # 1: Disabled, 2:Enabled
pcc_rule:
- qos:
index: 1 # 1, 2, 3, 4, 65, 66, 67, 75, 71, 72, 73, 74, 76, 5, 6, 7, 8, 9, 69, 70, 79, 80, 82, 83, 84, 85, 86
arp:
priority_level: 1 # 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15
pre_emption_vulnerability: 1 # 1: Disabled, 2:Enabled
pre_emption_capability: 1 # 1: Disabled, 2:Enabled
mbr:
downlink:
value: 82
unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
uplink:
value: 82
unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
gbr:
downlink:
value: 82
unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
uplink:
value: 82
unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
- qos:
index: 2 # 1, 2, 3, 4, 65, 66, 67, 75, 71, 72, 73, 74, 76, 5, 6, 7, 8, 9, 69, 70, 79, 80, 82, 83, 84, 85, 86
arp:
priority_level: 4 # 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15
pre_emption_vulnerability: 2 # 1: Disabled, 2:Enabled
pre_emption_capability: 2 # 1: Disabled, 2:Enabled
mbr:
downlink:
value: 802
unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
uplink:
value: 802
unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
gbr:
downlink:
value: 802
unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
uplink:
value: 802
unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
nssf:
sbi:
server:
- address: 127.0.1.14
port: 7777
# - address: 127.0.1.14
# port: 7777
- address: nssf.5gc.mnc070.mcc999.3gppnetwork.org
client:
scp:
- uri: http://127.0.1.200:7777

95
configs/examples/5gc-sepp2-001-01.yaml.in
View File

@@ -90,8 +90,9 @@ sgwc:
smf:
sbi:
server:
- address: 127.0.2.4
port: 7777
# - address: 127.0.2.4
# port: 7777
- address: smf.5gc.mnc001.mcc001.3gppnetwork.org
client:
scp:
- uri: http://127.0.2.200:7777
@@ -351,9 +352,9 @@ pcf:
- address: 127.0.2.13
port: 9090
policy:
- plmn_id:
mcc: 999
mnc: 70
- supi_range:
- 999700000000001-999709999999999
- 315010000000001-315010999999999
slice:
- sst: 1 # 1,2,3,4
default_indicator: true
@@ -429,90 +430,12 @@ pcf:
uplink:
value: 802
unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
- plmn_id:
mcc: 315
mnc: 010
slice:
- sst: 1 # 1,2,3,4
default_indicator: true
session:
- name: internet
type: 3 # 1:IPv4, 2:IPv6, 3:IPv4v6
ambr:
downlink:
value: 1
unit: 3 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
uplink:
value: 1
unit: 3
qos:
index: 9 # 1, 2, 3, 4, 65, 66, 67, 75, 71, 72, 73, 74, 76, 5, 6, 7, 8, 9, 69, 70, 79, 80, 82, 83, 84, 85, 86
arp:
priority_level: 8 # 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15
pre_emption_vulnerability: 1 # 1: Disabled, 2:Enabled
pre_emption_capability: 1 # 1: Disabled, 2:Enabled
- name: ims
type: 3 # 1:IPv4, 2:IPv6, 3:IPv4v6
ambr:
downlink:
value: 1
unit: 3 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
uplink:
value: 1
unit: 3 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
qos:
index: 5 # 1, 2, 3, 4, 65, 66, 67, 75, 71, 72, 73, 74, 76, 5, 6, 7, 8, 9, 69, 70, 79, 80, 82, 83, 84, 85, 86
arp:
priority_level: 1 # 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15
pre_emption_vulnerability: 1 # 1: Disabled, 2:Enabled
pre_emption_capability: 1 # 1: Disabled, 2:Enabled
pcc_rule:
- qos:
index: 1 # 1, 2, 3, 4, 65, 66, 67, 75, 71, 72, 73, 74, 76, 5, 6, 7, 8, 9, 69, 70, 79, 80, 82, 83, 84, 85, 86
arp:
priority_level: 1 # 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15
pre_emption_vulnerability: 1 # 1: Disabled, 2:Enabled
pre_emption_capability: 1 # 1: Disabled, 2:Enabled
mbr:
downlink:
value: 82
unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
uplink:
value: 82
unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
gbr:
downlink:
value: 82
unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
uplink:
value: 82
unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
- qos:
index: 2 # 1, 2, 3, 4, 65, 66, 67, 75, 71, 72, 73, 74, 76, 5, 6, 7, 8, 9, 69, 70, 79, 80, 82, 83, 84, 85, 86
arp:
priority_level: 4 # 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15
pre_emption_vulnerability: 2 # 1: Disabled, 2:Enabled
pre_emption_capability: 2 # 1: Disabled, 2:Enabled
mbr:
downlink:
value: 802
unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
uplink:
value: 802
unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
gbr:
downlink:
value: 802
unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
uplink:
value: 802
unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
nssf:
sbi:
server:
- address: 127.0.2.14
port: 7777
# - address: 127.0.2.14
# port: 7777
- address: nssf.5gc.mnc001.mcc001.3gppnetwork.org
client:
scp:
- uri: http://127.0.2.200:7777

95
configs/examples/5gc-sepp3-315-010.yaml.in
View File

@@ -90,8 +90,9 @@ sgwc:
smf:
sbi:
server:
- address: 127.0.3.4
port: 7777
# - address: 127.0.3.4
# port: 7777
- address: smf.5gc.mnc010.mcc315.3gppnetwork.org
client:
scp:
- uri: http://127.0.3.200:7777
@@ -351,9 +352,9 @@ pcf:
- address: 127.0.3.13
port: 9090
policy:
- plmn_id:
mcc: 999
mnc: 70
- supi_range:
- 999700000000001-999709999999999
- 001010000000001-001019999999999
slice:
- sst: 1 # 1,2,3,4
default_indicator: true
@@ -429,90 +430,12 @@ pcf:
uplink:
value: 802
unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
- plmn_id:
mcc: 001
mnc: 01
slice:
- sst: 1 # 1,2,3,4
default_indicator: true
session:
- name: internet
type: 3 # 1:IPv4, 2:IPv6, 3:IPv4v6
ambr:
downlink:
value: 1
unit: 3 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
uplink:
value: 1
unit: 3
qos:
index: 9 # 1, 2, 3, 4, 65, 66, 67, 75, 71, 72, 73, 74, 76, 5, 6, 7, 8, 9, 69, 70, 79, 80, 82, 83, 84, 85, 86
arp:
priority_level: 8 # 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15
pre_emption_vulnerability: 1 # 1: Disabled, 2:Enabled
pre_emption_capability: 1 # 1: Disabled, 2:Enabled
- name: ims
type: 3 # 1:IPv4, 2:IPv6, 3:IPv4v6
ambr:
downlink:
value: 1
unit: 3 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
uplink:
value: 1
unit: 3 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
qos:
index: 5 # 1, 2, 3, 4, 65, 66, 67, 75, 71, 72, 73, 74, 76, 5, 6, 7, 8, 9, 69, 70, 79, 80, 82, 83, 84, 85, 86
arp:
priority_level: 1 # 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15
pre_emption_vulnerability: 1 # 1: Disabled, 2:Enabled
pre_emption_capability: 1 # 1: Disabled, 2:Enabled
pcc_rule:
- qos:
index: 1 # 1, 2, 3, 4, 65, 66, 67, 75, 71, 72, 73, 74, 76, 5, 6, 7, 8, 9, 69, 70, 79, 80, 82, 83, 84, 85, 86
arp:
priority_level: 1 # 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15
pre_emption_vulnerability: 1 # 1: Disabled, 2:Enabled
pre_emption_capability: 1 # 1: Disabled, 2:Enabled
mbr:
downlink:
value: 82
unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
uplink:
value: 82
unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
gbr:
downlink:
value: 82
unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
uplink:
value: 82
unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
- qos:
index: 2 # 1, 2, 3, 4, 65, 66, 67, 75, 71, 72, 73, 74, 76, 5, 6, 7, 8, 9, 69, 70, 79, 80, 82, 83, 84, 85, 86
arp:
priority_level: 4 # 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15
pre_emption_vulnerability: 2 # 1: Disabled, 2:Enabled
pre_emption_capability: 2 # 1: Disabled, 2:Enabled
mbr:
downlink:
value: 802
unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
uplink:
value: 802
unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
gbr:
downlink:
value: 802
unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
uplink:
value: 802
unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
nssf:
sbi:
server:
- address: 127.0.3.14
port: 7777
# - address: 127.0.3.14
# port: 7777
- address: nssf.5gc.mnc010.mcc315.3gppnetwork.org
client:
scp:
- uri: http://127.0.3.200:7777

95
configs/examples/5gc-tls-sepp1-999-70.yaml.in
View File

@@ -91,8 +91,9 @@ sgwc:
smf:
sbi:
server:
- address: 127.0.1.4
port: 7777
# - address: 127.0.1.4
# port: 7777
- address: smf.5gc.mnc070.mcc999.3gppnetwork.org
client:
scp:
- uri: http://127.0.1.200:7777
@@ -355,9 +356,9 @@ pcf:
- address: 127.0.1.13
port: 9090
policy:
- plmn_id:
mcc: 001
mnc: 01
- supi_range:
- 001010000000001-001019999999999
- 315010000000001-315010999999999
slice:
- sst: 1 # 1,2,3,4
default_indicator: true
@@ -433,90 +434,12 @@ pcf:
uplink:
value: 802
unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
- plmn_id:
mcc: 315
mnc: 010
slice:
- sst: 1 # 1,2,3,4
default_indicator: true
session:
- name: internet
type: 3 # 1:IPv4, 2:IPv6, 3:IPv4v6
ambr:
downlink:
value: 1
unit: 3 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
uplink:
value: 1
unit: 3
qos:
index: 9 # 1, 2, 3, 4, 65, 66, 67, 75, 71, 72, 73, 74, 76, 5, 6, 7, 8, 9, 69, 70, 79, 80, 82, 83, 84, 85, 86
arp:
priority_level: 8 # 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15
pre_emption_vulnerability: 1 # 1: Disabled, 2:Enabled
pre_emption_capability: 1 # 1: Disabled, 2:Enabled
- name: ims
type: 3 # 1:IPv4, 2:IPv6, 3:IPv4v6
ambr:
downlink:
value: 1
unit: 3 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
uplink:
value: 1
unit: 3 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
qos:
index: 5 # 1, 2, 3, 4, 65, 66, 67, 75, 71, 72, 73, 74, 76, 5, 6, 7, 8, 9, 69, 70, 79, 80, 82, 83, 84, 85, 86
arp:
priority_level: 1 # 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15
pre_emption_vulnerability: 1 # 1: Disabled, 2:Enabled
pre_emption_capability: 1 # 1: Disabled, 2:Enabled
pcc_rule:
- qos:
index: 1 # 1, 2, 3, 4, 65, 66, 67, 75, 71, 72, 73, 74, 76, 5, 6, 7, 8, 9, 69, 70, 79, 80, 82, 83, 84, 85, 86
arp:
priority_level: 1 # 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15
pre_emption_vulnerability: 1 # 1: Disabled, 2:Enabled
pre_emption_capability: 1 # 1: Disabled, 2:Enabled
mbr:
downlink:
value: 82
unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
uplink:
value: 82
unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
gbr:
downlink:
value: 82
unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
uplink:
value: 82
unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
- qos:
index: 2 # 1, 2, 3, 4, 65, 66, 67, 75, 71, 72, 73, 74, 76, 5, 6, 7, 8, 9, 69, 70, 79, 80, 82, 83, 84, 85, 86
arp:
priority_level: 4 # 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15
pre_emption_vulnerability: 2 # 1: Disabled, 2:Enabled
pre_emption_capability: 2 # 1: Disabled, 2:Enabled
mbr:
downlink:
value: 802
unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
uplink:
value: 802
unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
gbr:
downlink:
value: 802
unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
uplink:
value: 802
unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
nssf:
sbi:
server:
- address: 127.0.1.14
port: 7777
# - address: 127.0.1.14
# port: 7777
- address: nssf.5gc.mnc070.mcc999.3gppnetwork.org
client:
scp:
- uri: http://127.0.1.200:7777

95
configs/examples/5gc-tls-sepp2-001-01.yaml.in
View File

@@ -91,8 +91,9 @@ sgwc:
smf:
sbi:
server:
- address: 127.0.2.4
port: 7777
# - address: 127.0.2.4
# port: 7777
- address: smf.5gc.mnc001.mcc001.3gppnetwork.org
client:
scp:
- uri: http://127.0.2.200:7777
@@ -356,9 +357,9 @@ pcf:
- address: 127.0.2.13
port: 9090
policy:
- plmn_id:
mcc: 999
mnc: 70
- supi_range:
- 999700000000001-999709999999999
- 315010000000001-315010999999999
slice:
- sst: 1 # 1,2,3,4
default_indicator: true
@@ -434,90 +435,12 @@ pcf:
uplink:
value: 802
unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
- plmn_id:
mcc: 315
mnc: 010
slice:
- sst: 1 # 1,2,3,4
default_indicator: true
session:
- name: internet
type: 3 # 1:IPv4, 2:IPv6, 3:IPv4v6
ambr:
downlink:
value: 1
unit: 3 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
uplink:
value: 1
unit: 3
qos:
index: 9 # 1, 2, 3, 4, 65, 66, 67, 75, 71, 72, 73, 74, 76, 5, 6, 7, 8, 9, 69, 70, 79, 80, 82, 83, 84, 85, 86
arp:
priority_level: 8 # 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15
pre_emption_vulnerability: 1 # 1: Disabled, 2:Enabled
pre_emption_capability: 1 # 1: Disabled, 2:Enabled
- name: ims
type: 3 # 1:IPv4, 2:IPv6, 3:IPv4v6
ambr:
downlink:
value: 1
unit: 3 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
uplink:
value: 1
unit: 3 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
qos:
index: 5 # 1, 2, 3, 4, 65, 66, 67, 75, 71, 72, 73, 74, 76, 5, 6, 7, 8, 9, 69, 70, 79, 80, 82, 83, 84, 85, 86
arp:
priority_level: 1 # 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15
pre_emption_vulnerability: 1 # 1: Disabled, 2:Enabled
pre_emption_capability: 1 # 1: Disabled, 2:Enabled
pcc_rule:
- qos:
index: 1 # 1, 2, 3, 4, 65, 66, 67, 75, 71, 72, 73, 74, 76, 5, 6, 7, 8, 9, 69, 70, 79, 80, 82, 83, 84, 85, 86
arp:
priority_level: 1 # 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15
pre_emption_vulnerability: 1 # 1: Disabled, 2:Enabled
pre_emption_capability: 1 # 1: Disabled, 2:Enabled
mbr:
downlink:
value: 82
unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
uplink:
value: 82
unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
gbr:
downlink:
value: 82
unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
uplink:
value: 82
unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
- qos:
index: 2 # 1, 2, 3, 4, 65, 66, 67, 75, 71, 72, 73, 74, 76, 5, 6, 7, 8, 9, 69, 70, 79, 80, 82, 83, 84, 85, 86
arp:
priority_level: 4 # 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15
pre_emption_vulnerability: 2 # 1: Disabled, 2:Enabled
pre_emption_capability: 2 # 1: Disabled, 2:Enabled
mbr:
downlink:
value: 802
unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
uplink:
value: 802
unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
gbr:
downlink:
value: 802
unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
uplink:
value: 802
unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
nssf:
sbi:
server:
- address: 127.0.2.14
port: 7777
# - address: 127.0.2.14
# port: 7777
- address: nssf.5gc.mnc001.mcc001.3gppnetwork.org
client:
scp:
- uri: http://127.0.2.200:7777

95
configs/examples/5gc-tls-sepp3-315-010.yaml.in
View File

@@ -91,8 +91,9 @@ sgwc:
smf:
sbi:
server:
- address: 127.0.3.4
port: 7777
# - address: 127.0.3.4
# port: 7777
- address: smf.5gc.mnc010.mcc315.3gppnetwork.org
client:
scp:
- uri: http://127.0.3.200:7777
@@ -356,9 +357,9 @@ pcf:
- address: 127.0.3.13
port: 9090
policy:
- plmn_id:
mcc: 999
mnc: 70
- supi_range:
- 999700000000001-999709999999999
- 001010000000001-001010999999999
slice:
- sst: 1 # 1,2,3,4
default_indicator: true
@@ -434,90 +435,12 @@ pcf:
uplink:
value: 802
unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
- plmn_id:
mcc: 001
mnc: 01
slice:
- sst: 1 # 1,2,3,4
default_indicator: true
session:
- name: internet
type: 3 # 1:IPv4, 2:IPv6, 3:IPv4v6
ambr:
downlink:
value: 1
unit: 3 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
uplink:
value: 1
unit: 3
qos:
index: 9 # 1, 2, 3, 4, 65, 66, 67, 75, 71, 72, 73, 74, 76, 5, 6, 7, 8, 9, 69, 70, 79, 80, 82, 83, 84, 85, 86
arp:
priority_level: 8 # 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15
pre_emption_vulnerability: 1 # 1: Disabled, 2:Enabled
pre_emption_capability: 1 # 1: Disabled, 2:Enabled
- name: ims
type: 3 # 1:IPv4, 2:IPv6, 3:IPv4v6
ambr:
downlink:
value: 1
unit: 3 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
uplink:
value: 1
unit: 3 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
qos:
index: 5 # 1, 2, 3, 4, 65, 66, 67, 75, 71, 72, 73, 74, 76, 5, 6, 7, 8, 9, 69, 70, 79, 80, 82, 83, 84, 85, 86
arp:
priority_level: 1 # 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15
pre_emption_vulnerability: 1 # 1: Disabled, 2:Enabled
pre_emption_capability: 1 # 1: Disabled, 2:Enabled
pcc_rule:
- qos:
index: 1 # 1, 2, 3, 4, 65, 66, 67, 75, 71, 72, 73, 74, 76, 5, 6, 7, 8, 9, 69, 70, 79, 80, 82, 83, 84, 85, 86
arp:
priority_level: 1 # 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15
pre_emption_vulnerability: 1 # 1: Disabled, 2:Enabled
pre_emption_capability: 1 # 1: Disabled, 2:Enabled
mbr:
downlink:
value: 82
unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
uplink:
value: 82
unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
gbr:
downlink:
value: 82
unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
uplink:
value: 82
unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
- qos:
index: 2 # 1, 2, 3, 4, 65, 66, 67, 75, 71, 72, 73, 74, 76, 5, 6, 7, 8, 9, 69, 70, 79, 80, 82, 83, 84, 85, 86
arp:
priority_level: 4 # 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15
pre_emption_vulnerability: 2 # 1: Disabled, 2:Enabled
pre_emption_capability: 2 # 1: Disabled, 2:Enabled
mbr:
downlink:
value: 802
unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
uplink:
value: 802
unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
gbr:
downlink:
value: 802
unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
uplink:
value: 802
unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
nssf:
sbi:
server:
- address: 127.0.3.14
port: 7777
# - address: 127.0.3.14
# port: 7777
- address: nssf.5gc.mnc010.mcc315.3gppnetwork.org
client:
scp:
- uri: http://127.0.3.200:7777

9
configs/examples/gnb-001-01-ue-001-01.yaml.in
View File

@@ -325,6 +325,15 @@ bsf:
scp:
- uri: http://127.0.0.200:7777
af:
sbi:
server:
- address: 127.0.0.16
port: 7777
client:
scp:
- uri: http://127.0.2.200:7777
udr:
sbi:
server:

9
configs/examples/gnb-001-01-ue-315-010.yaml.in
View File

@@ -325,6 +325,15 @@ bsf:
scp:
- uri: http://127.0.0.200:7777
af:
sbi:
server:
- address: 127.0.0.16
port: 7777
client:
scp:
- uri: http://127.0.3.200:7777
udr:
sbi:
server:

9
configs/examples/gnb-001-01-ue-999-70.yaml.in
View File

@@ -320,6 +320,15 @@ bsf:
scp:
- uri: http://127.0.0.200:7777
af:
sbi:
server:
- address: 127.0.0.16
port: 7777
client:
scp:
- uri: http://127.0.1.200:7777
udr:
sbi:
server:

9
configs/examples/gnb-315-010-ue-001-01.yaml.in
View File

@@ -325,6 +325,15 @@ bsf:
scp:
- uri: http://127.0.0.200:7777
af:
sbi:
server:
- address: 127.0.0.16
port: 7777
client:
scp:
- uri: http://127.0.2.200:7777
udr:
sbi:
server:

9
configs/examples/gnb-315-010-ue-315-010.yaml.in
View File

@@ -320,6 +320,15 @@ bsf:
scp:
- uri: http://127.0.0.200:7777
af:
sbi:
server:
- address: 127.0.0.16
port: 7777
client:
scp:
- uri: http://127.0.3.200:7777
udr:
sbi:
server:

9
configs/examples/gnb-315-010-ue-999-70.yaml.in
View File

@@ -325,6 +325,15 @@ bsf:
scp:
- uri: http://127.0.0.200:7777
af:
sbi:
server:
- address: 127.0.0.16
port: 7777
client:
scp:
- uri: http://127.0.1.200:7777
udr:
sbi:
server:

9
configs/examples/gnb-999-70-ue-001-01.yaml.in
View File

@@ -325,6 +325,15 @@ bsf:
scp:
- uri: http://127.0.0.200:7777
af:
sbi:
server:
- address: 127.0.0.16
port: 7777
client:
scp:
- uri: http://127.0.2.200:7777
udr:
sbi:
server:

9
configs/examples/gnb-999-70-ue-315-010.yaml.in
View File

@@ -325,6 +325,15 @@ bsf:
scp:
- uri: http://127.0.0.200:7777
af:
sbi:
server:
- address: 127.0.0.16
port: 7777
client:
scp:
- uri: http://127.0.3.200:7777
udr:
sbi:
server:

9
configs/examples/gnb-999-70-ue-999-70.yaml.in
View File

@@ -320,6 +320,15 @@ bsf:
scp:
- uri: http://127.0.0.200:7777
af:
sbi:
server:
- address: 127.0.0.16
port: 7777
client:
scp:
- uri: http://127.0.1.200:7777
udr:
sbi:
server:

3
configs/examples/meson.build
View File

@@ -19,6 +19,9 @@ examples_conf = '''
5gc-sepp1-999-70.yaml
5gc-sepp2-001-01.yaml
5gc-sepp3-315-010.yaml
5gc-no-scp-sepp1-999-70.yaml
5gc-no-scp-sepp2-001-01.yaml
5gc-no-scp-sepp3-315-010.yaml
5gc-tls-sepp1-999-70.yaml
5gc-tls-sepp2-001-01.yaml
5gc-tls-sepp3-315-010.yaml

3
configs/meson.build
View File

@@ -32,6 +32,7 @@ conf_data.set('build_subprojects_freeDiameter_extensions_dir',
example_conf = '''
sample.yaml
attach.yaml
310014.yaml
csfb.yaml
volte.yaml
@@ -39,6 +40,8 @@ example_conf = '''
slice.yaml
srsenb.yaml
non3gpp.yaml
transfer.yaml
transfer-error-case.yaml
'''.split()
foreach file : example_conf

81
configs/open5gs/amf.yaml.in
View File

@@ -59,43 +59,83 @@ amf:
################################################################################
# SBI Server
################################################################################
# o Override SBI address to be advertised to NRF
# o Bind to the address on the eth0 and advertise as open5gs-amf.svc.local
# sbi:
# server:
# - dev:eth0
# advertise: open5gs-amf.svc.local
#
# o Specify a custom port number 7777 while binding to the given address
# sbi:
# server:
# - address: localhost
# advertise:
# - 127.0.0.99
# - ::1
# - address: amf.localdomain
# port: 7777
#
# o Bind to 127.0.0.5 and advertise as open5gs-amf.svc.local
# sbi:
# server:
# - address: 127.0.0.5
# port: 7777
# advertise: open5gs-amf.svc.local
#
# o Bind to port 7777 but advertise with a different port number 8888
# sbi:
# server:
# - address: 127.0.0.5
# port: 7777
# advertise: open5gs-amf.svc.local:8888
#
################################################################################
# SBI Client
################################################################################
# o Direct communication with NRF interaction
# o Direct Communication with NRF
# sbi:
# client:
# nrf:
# - uri: http://127.0.0.10:7777
#
# o Indirect communication with delegated discovery
# o Indirect Communication by Delegating to SCP
# sbi:
# client:
# scp:
# - uri: http://127.0.0.200:7777
#
# o Indirect communication without delegated discovery
# o Indirect Communication without Delegation
# sbi:
# client:
# nrf:
# - uri: http://127.0.0.10:7777
# scp:
# - uri: http://127.0.0.200:7777
# discovery:
# delegated: no
# delegated:
# nrf:
# nfm: no # Directly communicate NRF management functions
# disc: no # Directly communicate NRF discovery
# scp:
# next: no # Do not delegate to SCP for next-hop
#
# o Indirect Communication with Delegated Discovery
# sbi:
# client:
# nrf:
# - uri: http://127.0.0.10:7777
# scp:
# - uri: http://127.0.0.200:7777
# delegated:
# nrf:
# nfm: no # Directly communicate NRF management functions
# disc: yes # Delegate discovery to SCP
# scp:
# next: yes # Delegate to SCP for next-hop communications
#
# o Default delegation: all communications are delegated to the SCP
# sbi:
# client:
# nrf:
# - uri: http://127.0.0.10:7777
# scp:
# - uri: http://127.0.0.200:7777
# # No 'delegated' section; defaults to AUTO delegation
#
################################################################################
# HTTPS scheme with TLS
@@ -117,6 +157,27 @@ amf:
# nrf:
# - uri: https://nrf.localdomain
#
# o Enable SSL key logging for Wireshark
# - This configuration allows capturing SSL/TLS session keys
# for debugging or analysis purposes using Wireshark.
# default:
# tls:
# server:
# scheme: https
# private_key: @sysconfdir@/open5gs/tls/amf.key
# cert: @sysconfdir@/open5gs/tls/amf.crt
# sslkeylogfile: @localstatedir@/log/open5gs/tls/amf-server-sslkeylog.log
# client:
# scheme: https
# cacert: @sysconfdir@/open5gs/tls/ca.crt
# client_sslkeylogfile: @localstatedir@/log/open5gs/tls/amf-client-sslkeylog.log
# sbi:
# server:
# - address: amf.localdomain
# client:
# nrf:
# - uri: https://nrf.localdomain
#
# o Add client TLS verification
# default:
# tls:

83
configs/open5gs/ausf.yaml.in
View File

@@ -22,43 +22,83 @@ ausf:
################################################################################
# SBI Server
################################################################################
# o Override SBI address to be advertised to NRF
# o Bind to the address on the eth0 and advertise as open5gs-ausf.svc.local
# sbi:
# server:
# - dev: eth0
# - dev:eth0
# advertise: open5gs-ausf.svc.local
#
# o Specify a custom port number 7777 while binding to the given address
# sbi:
# server:
# - address: localhost
# advertise:
# - 127.0.0.99
# - ::1
# - address: ausf.localdomain
# port: 7777
#
# o Bind to 127.0.0.11 and advertise as open5gs-ausf.svc.local
# sbi:
# server:
# - address: 127.0.0.11
# port: 7777
# advertise: open5gs-ausf.svc.local
#
# o Bind to port 7777 but advertise with a different port number 8888
# sbi:
# server:
# - address: 127.0.0.11
# port: 7777
# advertise: open5gs-ausf.svc.local:8888
#
################################################################################
# SBI Client
################################################################################
# o Direct communication with NRF interaction
# o Direct Communication with NRF
# sbi:
# client:
# nrf:
# - uri: http://127.0.0.10:7777
#
# o Indirect communication with delegated discovery
# o Indirect Communication by Delegating to SCP
# sbi:
# client:
# scp:
# - uri: http://127.0.0.200:7777
#
# o Indirect communication without delegated discovery
# o Indirect Communication without Delegation
# sbi:
# client:
# nrf:
# - uri: http://127.0.0.10:7777
# scp:
# - uri: http://127.0.0.200:7777
# discovery:
# delegated: no
# delegated:
# nrf:
# nfm: no # Directly communicate NRF management functions
# disc: no # Directly communicate NRF discovery
# scp:
# next: no # Do not delegate to SCP for next-hop
#
# o Indirect Communication with Delegated Discovery
# sbi:
# client:
# nrf:
# - uri: http://127.0.0.10:7777
# scp:
# - uri: http://127.0.0.200:7777
# delegated:
# nrf:
# nfm: no # Directly communicate NRF management functions
# disc: yes # Delegate discovery to SCP
# scp:
# next: yes # Delegate to SCP for next-hop communications
#
# o Default delegation: all communications are delegated to the SCP
# sbi:
# client:
# nrf:
# - uri: http://127.0.0.10:7777
# scp:
# - uri: http://127.0.0.200:7777
# # No 'delegated' section; defaults to AUTO delegation
#
################################################################################
# HTTPS scheme with TLS
@@ -80,6 +120,27 @@ ausf:
# nrf:
# - uri: https://nrf.localdomain
#
# o Enable SSL key logging for Wireshark
# - This configuration allows capturing SSL/TLS session keys
# for debugging or analysis purposes using Wireshark.
# default:
# tls:
# server:
# scheme: https
# private_key: @sysconfdir@/open5gs/tls/ausf.key
# cert: @sysconfdir@/open5gs/tls/ausf.crt
# sslkeylogfile: @localstatedir@/log/open5gs/tls/ausf-server-sslkeylog.log
# client:
# scheme: https
# cacert: @sysconfdir@/open5gs/tls/ca.crt
# client_sslkeylogfile: @localstatedir@/log/open5gs/tls/ausf-client-sslkeylog.log
# sbi:
# server:
# - address: ausf.localdomain
# client:
# nrf:
# - uri: https://nrf.localdomain
#
# o Add client TLS verification
# default:
# tls:

83
configs/open5gs/bsf.yaml.in
View File

@@ -22,43 +22,83 @@ bsf:
################################################################################
# SBI Server
################################################################################
# o Override SBI address to be advertised to NRF
# o Bind to the address on the eth0 and advertise as open5gs-bsf.svc.local
# sbi:
# server:
# - dev: eth0
# - dev:eth0
# advertise: open5gs-bsf.svc.local
#
# o Specify a custom port number 7777 while binding to the given address
# sbi:
# server:
# - address: localhost
# advertise:
# - 127.0.0.99
# - ::1
# - address: bsf.localdomain
# port: 7777
#
# o Bind to 127.0.0.15 and advertise as open5gs-bsf.svc.local
# sbi:
# server:
# - address: 127.0.0.15
# port: 7777
# advertise: open5gs-bsf.svc.local
#
# o Bind to port 7777 but advertise with a different port number 8888
# sbi:
# server:
# - address: 127.0.0.15
# port: 7777
# advertise: open5gs-bsf.svc.local:8888
#
################################################################################
# SBI Client
################################################################################
# o Direct communication with NRF interaction
# o Direct Communication with NRF
# sbi:
# client:
# nrf:
# - uri: http://127.0.0.10:7777
#
# o Indirect communication with delegated discovery
# o Indirect Communication by Delegating to SCP
# sbi:
# client:
# scp:
# - uri: http://127.0.0.200:7777
#
# o Indirect communication without delegated discovery
# o Indirect Communication without Delegation
# sbi:
# client:
# nrf:
# - uri: http://127.0.0.10:7777
# scp:
# - uri: http://127.0.0.200:7777
# discovery:
# delegated: no
# delegated:
# nrf:
# nfm: no # Directly communicate NRF management functions
# disc: no # Directly communicate NRF discovery
# scp:
# next: no # Do not delegate to SCP for next-hop
#
# o Indirect Communication with Delegated Discovery
# sbi:
# client:
# nrf:
# - uri: http://127.0.0.10:7777
# scp:
# - uri: http://127.0.0.200:7777
# delegated:
# nrf:
# nfm: no # Directly communicate NRF management functions
# disc: yes # Delegate discovery to SCP
# scp:
# next: yes # Delegate to SCP for next-hop communications
#
# o Default delegation: all communications are delegated to the SCP
# sbi:
# client:
# nrf:
# - uri: http://127.0.0.10:7777
# scp:
# - uri: http://127.0.0.200:7777
# # No 'delegated' section; defaults to AUTO delegation
#
################################################################################
# HTTPS scheme with TLS
@@ -80,6 +120,27 @@ bsf:
# nrf:
# - uri: https://nrf.localdomain
#
# o Enable SSL key logging for Wireshark
# - This configuration allows capturing SSL/TLS session keys
# for debugging or analysis purposes using Wireshark.
# default:
# tls:
# server:
# scheme: https
# private_key: @sysconfdir@/open5gs/tls/bsf.key
# cert: @sysconfdir@/open5gs/tls/bsf.crt
# sslkeylogfile: @localstatedir@/log/open5gs/tls/bsf-server-sslkeylog.log
# client:
# scheme: https
# cacert: @sysconfdir@/open5gs/tls/ca.crt
# client_sslkeylogfile: @localstatedir@/log/open5gs/tls/bsf-client-sslkeylog.log
# sbi:
# server:
# - address: bsf.localdomain
# client:
# nrf:
# - uri: https://nrf.localdomain
#
# o Add client TLS verification
# default:
# tls:

4
configs/open5gs/hss.yaml.in
View File

@@ -11,5 +11,9 @@ global:
hss:
freeDiameter: @sysconfdir@/freeDiameter/hss.conf
metrics:
server:
- address: 127.0.0.8
port: 9090
# sms_over_ims: "sip:smsc.mnc001.mcc001.3gppnetwork.org:7060;transport=tcp"
# use_mongodb_change_stream: true

33
configs/open5gs/mme.yaml.in
View File

@@ -164,8 +164,9 @@ mme:
################################################################################
# o MSC/VLR
# sgsap:
# server:
# - address: 127.0.0.2
# client:
# - address: msc.open5gs.org # SCTP server address configured on the MSC/VLR
# local_address: 127.0.0.2 # SCTP local IP addresses to be bound in the MME
# map:
# tai:
# plmn_id:
@@ -188,7 +189,15 @@ mme:
# mcc: 002
# mnc: 02
# lac: 43692
# - address: msc.open5gs.org
# - address: # SCTP server address configured on the MSC/VLR
# - 127.0.0.88
# - 10.0.0.88
# - 172.16.0.88
# - 2001:db8:babe::88
# local_address: # SCTP local IP addresses to be bound in the MME
# - 127.0.0.2
# - 192.168.1.4
# - 2001:db8:cafe::2
# map:
# tai:
# plmn_id:
@@ -277,5 +286,23 @@ mme:
# mcc: 999
# mnc: 70
#
# o HSS Selection
# o realm and host are optional
# o realm will be generated from plmn_id if not provided
# o host will not be used if not provided
# hss_map:
# - plmn_id:
# mcc: 001
# mnc: 01
# - plmn_id:
# mcc: 002
# mnc: 02
# realm: epc.mnc002.mcc002.3gppnetwork.org
# - plmn_id:
# mcc: 999
# mnc: 70
# realm: localdomain
# host: hss.localdomain
#
# o Relative Capacity
# relative_capacity: 100

43
configs/open5gs/nrf.yaml.in
View File

@@ -21,18 +21,31 @@ nrf:
################################################################################
# SBI Server
################################################################################
# o Override SBI address to be advertised to NRF
# o Bind to the address on the eth0 and advertise as open5gs-nrf.svc.local
# sbi:
# server:
# - dev: eth0
# - dev:eth0
# advertise: open5gs-nrf.svc.local
#
# o Specify a custom port number 7777 while binding to the given address
# sbi:
# server:
# - address: localhost
# advertise:
# - 127.0.0.99
# - ::1
# - address: nrf.localdomain
# port: 7777
#
# o Bind to 127.0.0.10 and advertise as open5gs-nrf.svc.local
# sbi:
# server:
# - address: 127.0.0.10
# port: 7777
# advertise: open5gs-nrf.svc.local
#
# o Bind to port 7777 but advertise with a different port number 8888
# sbi:
# server:
# - address: 127.0.0.10
# port: 7777
# advertise: open5gs-nrf.svc.local:8888
#
################################################################################
# HTTPS scheme with TLS
@@ -51,6 +64,24 @@ nrf:
# server:
# - address: nrf.localdomain
#
# o Enable SSL key logging for Wireshark
# - This configuration allows capturing SSL/TLS session keys
# for debugging or analysis purposes using Wireshark.
# default:
# tls:
# server:
# scheme: https
# private_key: @sysconfdir@/open5gs/tls/nrf.key
# cert: @sysconfdir@/open5gs/tls/nrf.crt
# sslkeylogfile: @localstatedir@/log/open5gs/tls/nrf-server-sslkeylog.log
# client:
# scheme: https
# cacert: @sysconfdir@/open5gs/tls/ca.crt
# client_sslkeylogfile: @localstatedir@/log/open5gs/tls/nrf-client-sslkeylog.log
# sbi:
# server:
# - address: nrf.localdomain
#
# o Add client TLS verification
# default:
# tls:

88
configs/open5gs/nssf.yaml.in
View File

@@ -25,18 +25,31 @@ nssf:
################################################################################
# SBI Server
################################################################################
# o Override SBI address to be advertised to NRF
# o Bind to the address on the eth0 and advertise as open5gs-nssf.svc.local
# sbi:
# server:
# - dev: eth0
# - dev:eth0
# advertise: open5gs-nssf.svc.local
#
# o Specify a custom port number 7777 while binding to the given address
# sbi:
# server:
# - address: localhost
# advertise:
# - 127.0.0.99
# - ::1
# - address: nssf.localdomain
# port: 7777
#
# o Bind to 127.0.0.14 and advertise as open5gs-nssf.svc.local
# sbi:
# server:
# - address: 127.0.0.14
# port: 7777
# advertise: open5gs-nssf.svc.local
#
# o Bind to port 7777 but advertise with a different port number 8888
# sbi:
# server:
# - address: 127.0.0.14
# port: 7777
# advertise: open5gs-nssf.svc.local:8888
#
################################################################################
# SBI Client
@@ -64,27 +77,55 @@ nssf:
# sst: 1
# sd: 009000
#
# o Direct communication with NRF interaction
# o Direct Communication with NRF
# sbi:
# client:
# nrf:
# - uri: http://127.0.0.10:7777
#
# o Indirect communication with delegated discovery
# o Indirect Communication by Delegating to SCP
# sbi:
# client:
# scp:
# - uri: http://127.0.0.200:7777
#
# o Indirect communication without delegated discovery
# o Indirect Communication without Delegation
# sbi:
# client:
# nrf:
# - uri: http://127.0.0.10:7777
# scp:
# - uri: http://127.0.0.200:7777
# discovery:
# delegated: no
# delegated:
# nrf:
# nfm: no # Directly communicate NRF management functions
# disc: no # Directly communicate NRF discovery
# scp:
# next: no # Do not delegate to SCP for next-hop
#
# o Indirect Communication with Delegated Discovery
# sbi:
# client:
# nrf:
# - uri: http://127.0.0.10:7777
# scp:
# - uri: http://127.0.0.200:7777
# delegated:
# nrf:
# nfm: no # Directly communicate NRF management functions
# disc: yes # Delegate discovery to SCP
# scp:
# next: yes # Delegate to SCP for next-hop communications
#
# o Default delegation: all communications are delegated to the SCP
# sbi:
# client:
# nrf:
# - uri: http://127.0.0.10:7777
# scp:
# - uri: http://127.0.0.200:7777
# # No 'delegated' section; defaults to AUTO delegation
#
#
################################################################################
# HTTPS scheme with TLS
@@ -110,6 +151,31 @@ nssf:
# s_nssai:
# sst: 1
#
# o Enable SSL key logging for Wireshark
# - This configuration allows capturing SSL/TLS session keys
# for debugging or analysis purposes using Wireshark.
# default:
# tls:
# server:
# scheme: https
# private_key: @sysconfdir@/open5gs/tls/nssf.key
# cert: @sysconfdir@/open5gs/tls/nssf.crt
# sslkeylogfile: @localstatedir@/log/open5gs/tls/nssf-server-sslkeylog.log
# client:
# scheme: https
# cacert: @sysconfdir@/open5gs/tls/ca.crt
# client_sslkeylogfile: @localstatedir@/log/open5gs/tls/nssf-client-sslkeylog.log
# sbi:
# server:
# - address: nssf.localdomain
# client:
# nrf:
# - uri: https://nrf.localdomain
# nsi:
# - uri: https://nrf.localdomain
# s_nssai:
# sst: 1
#
# o Add client TLS verification
# default:
# tls:

195
configs/open5gs/pcf.yaml.in
View File

@@ -25,73 +25,85 @@ pcf:
port: 9090
################################################################################
# Locally configured policy
# - The PCF in the VPLMN uses locally configured policies
# according to the roaming agreement with the HPLMN operator
# as input for PCC Rule generation.
# PCF Policy Configuration: UE Home PLMN and SUPI Range Based Policies
################################################################################
#
# o You don't have to use MongoDB if you use the policy configuration as below.
# This configuration applies policies based on the UE's home PLMN ID and
# SUPI range. When both supi_range and plmn_id are specified in a policy,
# the policy is applied only if both conditions are met.
#
# supi_range: Specifies one or more ranges of SUPIs. A maximum of 16 ranges
# can be defined.
# plmn_id : Specifies the UE's home PLMN using MCC and MNC.
#
# Example:
#
# policy:
# - plmn_id:
# - supi_range: # Filter policies by SUPI
# - 999700000000001-999709999999999
# - 315010000000001-315010999999999
# plmn_id: # Filter policies by home PLMN-ID
# mcc: 999
# mnc: 70
# slice:
# - sst: 1 # 1,2,3,4
# slice: # Specify slice configuration
# - sst: 1 # Allowed values: 1, 2, 3, 4
# default_indicator: true
# session:
# session: # Define session based on DNN
# - name: internet
# type: 3 # 1:IPv4, 2:IPv6, 3:IPv4v6
# type: 3 # 1: IPv4, 2: IPv6, 3: IPv4v6
# ambr:
# downlink:
# value: 1
# unit: 3 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
# unit: 3 # 0: bps, 1: Kbps, 2: Mbps, 3: Gbps, 4: Tbps
# uplink:
# value: 1
# unit: 3
# qos:
# index: 9 # 1, 2, 3, 4, 65, 66, 67, 75, 71, 72, 73, 74, 76, 5, 6, 7, 8, 9, 69, 70, 79, 80, 82, 83, 84, 85, 86
# index: 9 # Allowed values: 1,2,3,4,65,66,67,75,71,72,
# # 73,74,76,5,6,7,8,9,69,70,79,80,82,83,
# # 84,85,86
# arp:
# priority_level: 8 # 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15
# pre_emption_vulnerability: 1 # 1: Disabled, 2:Enabled
# pre_emption_capability: 1 # 1: Disabled, 2:Enabled
# priority_level: 8 # Allowed values: 1 to 15
# pre_emption_vulnerability: 1 # 1: Disabled, 2: Enabled
# pre_emption_capability: 1 # 1: Disabled, 2: Enabled
# - name: ims
# type: 3 # 1:IPv4, 2:IPv6, 3:IPv4v6
# type: 3 # 1: IPv4, 2: IPv6, 3: IPv4v6
# ambr:
# downlink:
# value: 1
# unit: 3 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
# unit: 3 # 0: bps, 1: Kbps, 2: Mbps, 3: Gbps, 4: Tbps
# uplink:
# value: 1
# unit: 3 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
# unit: 3
# qos:
# index: 5 # 1, 2, 3, 4, 65, 66, 67, 75, 71, 72, 73, 74, 76, 5, 6, 7, 8, 9, 69, 70, 79, 80, 82, 83, 84, 85, 86
# index: 5 # Allowed values: 1,2,3,4,65,66,67,75,71,72,
# # 73,74,76,5,6,7,8,9,69,70,79,80,82,83,
# # 84,85,86
# arp:
# priority_level: 1 # 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15
# pre_emption_vulnerability: 1 # 1: Disabled, 2:Enabled
# pre_emption_capability: 1 # 1: Disabled, 2:Enabled
# priority_level: 1 # Allowed values: 1 to 15
# pre_emption_vulnerability: 1 # 1: Disabled, 2: Enabled
# pre_emption_capability: 1 # 1: Disabled, 2: Enabled
# pcc_rule:
# - qos:
# index: 1 # 1, 2, 3, 4, 65, 66, 67, 75, 71, 72, 73, 74, 76, 5, 6, 7, 8, 9, 69, 70, 79, 80, 82, 83, 84, 85, 86
# index: 1 # Allowed values as above
# arp:
# priority_level: 1 # 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15
# pre_emption_vulnerability: 1 # 1: Disabled, 2:Enabled
# pre_emption_capability: 1 # 1: Disabled, 2:Enabled
# priority_level: 1 # Allowed values: 1 to 15
# pre_emption_vulnerability: 1 # 1: Disabled, 2: Enabled
# pre_emption_capability: 1 # 1: Disabled, 2: Enabled
# mbr:
# downlink:
# value: 82
# unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
# unit: 1 # 0: bps, 1: Kbps, 2: Mbps, 3: Gbps, 4: Tbps
# uplink:
# value: 82
# unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
# unit: 1
# gbr:
# downlink:
# value: 82
# unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
# unit: 1
# uplink:
# value: 82
# unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
# unit: 1
# flow:
# - direction: 2
# description: "permit out icmp from any to assigned"
@@ -102,89 +114,129 @@ pcf:
# - direction: 1
# description: "permit out udp from 10.200.136.98/32 1-65535 to assigned 50021"
# - qos:
# index: 2 # 1, 2, 3, 4, 65, 66, 67, 75, 71, 72, 73, 74, 76, 5, 6, 7, 8, 9, 69, 70, 79, 80, 82, 83, 84, 85, 86
# index: 2 # Allowed values as above
# arp:
# priority_level: 4 # 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15
# pre_emption_vulnerability: 2 # 1: Disabled, 2:Enabled
# pre_emption_capability: 2 # 1: Disabled, 2:Enabled
# priority_level: 4 # Allowed values: 1 to 15
# pre_emption_vulnerability: 2 # 1: Disabled, 2: Enabled
# pre_emption_capability: 2 # 1: Disabled, 2: Enabled
# mbr:
# downlink:
# value: 802
# unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
# unit: 1
# uplink:
# value: 802
# unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
# unit: 1
# gbr:
# downlink:
# value: 802
# unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
# unit: 1
# uplink:
# value: 802
# unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
# - plmn_id:
# mcc: 001
# mnc: 01
# slice:
# - sst: 1 # 1,2,3,4
# unit: 1
#
# - supi_range: # Filter policies by SUPI only
# - 001010000000001-001019999999999
# slice: # Specify slice configuration
# - sst: 1 # Allowed values: 1, 2, 3, 4
# sd: 000001
# default_indicator: true
# session:
# session: # Define session based on DNN
# - name: internet
# type: 3 # 1:IPv4, 2:IPv6, 3:IPv4v6
# type: 3 # 1: IPv4, 2: IPv6, 3: IPv4v6
# ambr:
# downlink:
# value: 1
# unit: 3 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
# unit: 3 # 0: bps, 1: Kbps, 2: Mbps, 3: Gbps, 4: Tbps
# uplink:
# value: 1
# unit: 3
# qos:
# index: 9 # 1, 2, 3, 4, 65, 66, 67, 75, 71, 72, 73, 74, 76, 5, 6, 7, 8, 9, 69, 70, 79, 80, 82, 83, 84, 85, 86
# index: 9 # Allowed values as above
# arp:
# priority_level: 8 # 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15
# pre_emption_vulnerability: 1 # 1: Disabled, 2:Enabled
# pre_emption_capability: 1 # 1: Disabled, 2:Enabled
# priority_level: 8 # Allowed values: 1 to 15
# pre_emption_vulnerability: 1 # 1: Disabled, 2: Enabled
# pre_emption_capability: 1 # 1: Disabled, 2: Enabled
#
################################################################################
# SBI Server
################################################################################
# o Override SBI address to be advertised to NRF
# o Bind to the address on the eth0 and advertise as open5gs-pcf.svc.local
# sbi:
# server:
# - dev: eth0
# - dev:eth0
# advertise: open5gs-pcf.svc.local
#
# o Specify a custom port number 7777 while binding to the given address
# sbi:
# server:
# - address: localhost
# advertise:
# - 127.0.0.99
# - ::1
# - address: pcf.localdomain
# port: 7777
#
# o Bind to 127.0.0.13 and advertise as open5gs-pcf.svc.local
# sbi:
# server:
# - address: 127.0.0.13
# port: 7777
# advertise: open5gs-pcf.svc.local
#
# o Bind to port 7777 but advertise with a different port number 8888
# sbi:
# server:
# - address: 127.0.0.13
# port: 7777
# advertise: open5gs-pcf.svc.local:8888
#
################################################################################
# SBI Client
################################################################################
# o Direct communication with NRF interaction
# o Direct Communication with NRF
# sbi:
# client:
# nrf:
# - uri: http://127.0.0.10:7777
#
# o Indirect communication with delegated discovery
# o Indirect Communication by Delegating to SCP
# sbi:
# client:
# scp:
# - uri: http://127.0.0.200:7777
#
# o Indirect communication without delegated discovery
# o Indirect Communication without Delegation
# sbi:
# client:
# nrf:
# - uri: http://127.0.0.10:7777
# scp:
# - uri: http://127.0.0.200:7777
# discovery:
# delegated: no
# delegated:
# nrf:
# nfm: no # Directly communicate NRF management functions
# disc: no # Directly communicate NRF discovery
# scp:
# next: no # Do not delegate to SCP for next-hop
#
# o Indirect Communication with Delegated Discovery
# sbi:
# client:
# nrf:
# - uri: http://127.0.0.10:7777
# scp:
# - uri: http://127.0.0.200:7777
# delegated:
# nrf:
# nfm: no # Directly communicate NRF management functions
# disc: yes # Delegate discovery to SCP
# scp:
# next: yes # Delegate to SCP for next-hop communications
#
# o Default delegation: all communications are delegated to the SCP
# sbi:
# client:
# nrf:
# - uri: http://127.0.0.10:7777
# scp:
# - uri: http://127.0.0.200:7777
# # No 'delegated' section; defaults to AUTO delegation
#
################################################################################
# HTTPS scheme with TLS
@@ -206,6 +258,27 @@ pcf:
# nrf:
# - uri: https://nrf.localdomain
#
# o Enable SSL key logging for Wireshark
# - This configuration allows capturing SSL/TLS session keys
# for debugging or analysis purposes using Wireshark.
# default:
# tls:
# server:
# scheme: https
# private_key: @sysconfdir@/open5gs/tls/pcf.key
# cert: @sysconfdir@/open5gs/tls/pcf.crt
# sslkeylogfile: @localstatedir@/log/open5gs/tls/pcf-server-sslkeylog.log
# client:
# scheme: https
# cacert: @sysconfdir@/open5gs/tls/ca.crt
# client_sslkeylogfile: @localstatedir@/log/open5gs/tls/pcf-client-sslkeylog.log
# sbi:
# server:
# - address: pcf.localdomain
# client:
# nrf:
# - uri: https://nrf.localdomain
#
# o Add client TLS verification
# default:
# tls:

199
configs/open5gs/pcrf.yaml.in
View File

@@ -10,92 +10,125 @@ global:
# peer: 64
pcrf:
freeDiameter: @sysconfdir@/freeDiameter/pcrf.conf
metrics:
server:
- address: 127.0.0.9
port: 9090
################################################################################
# Locally configured policy
# PCRF Policy Configuration: SUPI Range Based Policies
################################################################################
#
# o You don't have to use MongoDB if you use the policy configuration as below.
# This configuration applies policies based solely on the UE's SUPI range.
#
# session:
# - name: internet
# type: 3 # 1:IPv4, 2:IPv6, 3:IPv4v6
# ambr:
# downlink:
# value: 1
# unit: 3 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
# uplink:
# value: 1
# unit: 3
# qos:
# index: 9 # 1, 2, 3, 4, 65, 66, 67, 75, 71, 72, 73, 74, 76, 5, 6, 7, 8, 9, 69, 70, 79, 80, 82, 83, 84, 85, 86
# arp:
# priority_level: 8 # 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15
# pre_emption_vulnerability: 1 # 1: Disabled, 2:Enabled
# pre_emption_capability: 1 # 1: Disabled, 2:Enabled
# - name: ims
# type: 3 # 1:IPv4, 2:IPv6, 3:IPv4v6
# ambr:
# downlink:
# value: 1
# unit: 3 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
# uplink:
# value: 1
# unit: 3 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
# qos:
# index: 5 # 1, 2, 3, 4, 65, 66, 67, 75, 71, 72, 73, 74, 76, 5, 6, 7, 8, 9, 69, 70, 79, 80, 82, 83, 84, 85, 86
# arp:
# priority_level: 1 # 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15
# pre_emption_vulnerability: 1 # 1: Disabled, 2:Enabled
# pre_emption_capability: 1 # 1: Disabled, 2:Enabled
# pcc_rule:
# - qos:
# index: 1 # 1, 2, 3, 4, 65, 66, 67, 75, 71, 72, 73, 74, 76, 5, 6, 7, 8, 9, 69, 70, 79, 80, 82, 83, 84, 85, 86
# arp:
# priority_level: 1 # 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15
# pre_emption_vulnerability: 1 # 1: Disabled, 2:Enabled
# pre_emption_capability: 1 # 1: Disabled, 2:Enabled
# mbr:
# downlink:
# value: 82
# unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
# uplink:
# value: 82
# unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
# gbr:
# downlink:
# value: 82
# unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
# uplink:
# value: 82
# unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
# flow:
# - direction: 2
# description: "permit out icmp from any to assigned"
# - direction: 1
# description: "permit out icmp from any to assigned"
# - direction: 2
# description: "permit out udp from 10.200.136.98/32 23455 to assigned 1-65535"
# - direction: 1
# description: "permit out udp from 10.200.136.98/32 1-65535 to assigned 50021"
# - qos:
# index: 2 # 1, 2, 3, 4, 65, 66, 67, 75, 71, 72, 73, 74, 76, 5, 6, 7, 8, 9, 69, 70, 79, 80, 82, 83, 84, 85, 86
# arp:
# priority_level: 4 # 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15
# pre_emption_vulnerability: 2 # 1: Disabled, 2:Enabled
# pre_emption_capability: 2 # 1: Disabled, 2:Enabled
# mbr:
# downlink:
# value: 802
# unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
# uplink:
# value: 802
# unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
# gbr:
# downlink:
# value: 802
# unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
# uplink:
# value: 802
# unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
# supi_range: Specifies one or more ranges of SUPIs.
# session: Defines the session configuration for each DNN.
#
# Example:
#
# policy:
# - supi_range: # Filter policies by SUPI
# - 999700000000001-999709999999999
# - 315010000000001-315010999999999
# session: # Define session based on DNN
# - name: internet
# type: 3 # 1: IPv4, 2: IPv6, 3: IPv4v6
# ambr:
# downlink:
# value: 1
# unit: 3 # 0: bps, 1: Kbps, 2: Mbps, 3: Gbps, 4: Tbps
# uplink:
# value: 1
# unit: 3
# qos:
# index: 9 # Allowed values: 1,2,3,4,65,66,67,75,71,72,
# # 73,74,76,5,6,7,8,9,69,70,79,80,82,83,
# # 84,85,86
# arp:
# priority_level: 8 # Allowed values: 1 to 15
# pre_emption_vulnerability: 1 # 1: Disabled, 2: Enabled
# pre_emption_capability: 1 # 1: Disabled, 2: Enabled
# - name: ims
# type: 3 # 1: IPv4, 2: IPv6, 3: IPv4v6
# ambr:
# downlink:
# value: 1
# unit: 3
# uplink:
# value: 1
# unit: 3
# qos:
# index: 5 # Allowed values as above
# arp:
# priority_level: 1 # Allowed values: 1 to 15
# pre_emption_vulnerability: 1 # 1: Disabled, 2: Enabled
# pre_emption_capability: 1 # 1: Disabled, 2: Enabled
# pcc_rule:
# - qos:
# index: 1 # Allowed values as above
# arp:
# priority_level: 1
# pre_emption_vulnerability: 1
# pre_emption_capability: 1
# mbr:
# downlink:
# value: 82
# unit: 1 # 0: bps, 1: Kbps, 2: Mbps, 3: Gbps, 4: Tbps
# uplink:
# value: 82
# unit: 1
# gbr:
# downlink:
# value: 82
# unit: 1
# uplink:
# value: 82
# unit: 1
# flow:
# - direction: 2
# description: "permit out icmp from any to assigned"
# - direction: 1
# description: "permit out icmp from any to assigned"
# - direction: 2
# description: "permit out udp from 10.200.136.98/32 23455 to assigned 1-65535"
# - direction: 1
# description: "permit out udp from 10.200.136.98/32 1-65535 to assigned 50021"
# - qos:
# index: 2 # Allowed values as above
# arp:
# priority_level: 4 # Allowed values: 1 to 15
# pre_emption_vulnerability: 2 # 1: Disabled, 2: Enabled
# pre_emption_capability: 2 # 1: Disabled, 2: Enabled
# mbr:
# downlink:
# value: 802
# unit: 1
# uplink:
# value: 802
# unit: 1
# gbr:
# downlink:
# value: 802
# unit: 1
# uplink:
# value: 802
# unit: 1
#
# - supi_range: # Filter policies by SUPI only
# - 001010000000001-001019999999999
# session: # Define session based on DNN
# - name: internet
# type: 3 # 1: IPv4, 2: IPv6, 3: IPv4v6
# ambr:
# downlink:
# value: 1
# unit: 3
# uplink:
# value: 1
# unit: 3
# qos:
# index: 9 # Allowed values as above
# arp:
# priority_level: 8 # Allowed values: 1 to 15
# pre_emption_vulnerability: 1 # 1: Disabled, 2: Enabled
# pre_emption_capability: 1 # 1: Disabled, 2: Enabled

85
configs/open5gs/scp.yaml.in
View File

@@ -63,28 +63,78 @@ scp:
################################################################################
# SBI Server
################################################################################
# o Override SBI address to be advertised to NRF
# o Bind to the address on the eth0 and advertise as open5gs-scp.svc.local
# sbi:
# server:
# - dev: eth0
# - dev:eth0
# advertise: open5gs-scp.svc.local
#
# o Specify a custom port number 7777 while binding to the given address
# sbi:
# server:
# - address: localhost
# advertise:
# - 127.0.0.99
# - ::1
# - address: scp.localdomain
# port: 7777
#
# o Bind to 127.0.0.200 and advertise as open5gs-scp.svc.local
# sbi:
# server:
# - address: 127.0.0.200
# port: 7777
# advertise: open5gs-scp.svc.local
#
# o Bind to port 7777 but advertise with a different port number 8888
# sbi:
# server:
# - address: 127.0.0.200
# port: 7777
# advertise: open5gs-scp.svc.local:8888
#
################################################################################
# SBI Client
################################################################################
# o Direct communication with NRF interaction
# o Direct Communication with NRF
# sbi:
# client:
# nrf:
# - uri: http://127.0.0.10:7777
#
# o Indirect Communication by Delegating to Next-SCP
# sbi:
# client:
# scp:
# - uri: http://127.0.0.200:7777
#
# o Indirect Communication without Delegation
# sbi:
# client:
# nrf:
# - uri: http://127.0.0.10:7777
# scp:
# - uri: http://127.0.0.200:7777
# delegated:
# scp:
# next: no # Do not delegate to SCP for next-hop
#
# o Indirect Communication with Delegation
# sbi:
# client:
# nrf:
# - uri: http://127.0.0.10:7777
# scp:
# - uri: http://127.0.0.200:7777
# delegated:
# scp:
# next: yes # Delegate to SCP for next-hop communications
#
# o Default delegation: all communications are delegated to the Next-SCP
# sbi:
# client:
# nrf:
# - uri: http://127.0.0.10:7777
# scp:
# - uri: http://127.0.0.200:7777
# # No 'delegated' section; defaults to AUTO delegation
#
################################################################################
# HTTPS scheme with TLS
################################################################################
@@ -105,6 +155,27 @@ scp:
# nrf:
# - uri: https://nrf.localdomain
#
# o Enable SSL key logging for Wireshark
# - This configuration allows capturing SSL/TLS session keys
# for debugging or analysis purposes using Wireshark.
# default:
# tls:
# server:
# scheme: https
# private_key: @sysconfdir@/open5gs/tls/scp.key
# cert: @sysconfdir@/open5gs/tls/scp.crt
# sslkeylogfile: @localstatedir@/log/open5gs/tls/scp-server-sslkeylog.log
# client:
# scheme: https
# cacert: @sysconfdir@/open5gs/tls/ca.crt
# client_sslkeylogfile: @localstatedir@/log/open5gs/tls/scp-client-sslkeylog.log
# sbi:
# server:
# - address: scp.localdomain
# client:
# nrf:
# - uri: https://nrf.localdomain
#
# o Add client TLS verification
# default:
# tls:

30
configs/open5gs/sepp1.yaml.in
View File

@@ -148,6 +148,36 @@ sepp:
# uri: https://sepp2.localdomain
# resolve: 127.0.2.251
#
# o Enable SSL key logging for Wireshark
# - This configuration allows capturing SSL/TLS session keys
# for debugging or analysis purposes using Wireshark.
# default:
# tls:
# server:
# private_key: @sysconfdir@/open5gs/tls/sepp1.key
# cert: @sysconfdir@/open5gs/tls/sepp1.crt
# sslkeylogfile: @localstatedir@/log/open5gs/tls/sepp1-server-sslkeylog.log
# client:
# cacert: @sysconfdir@/open5gs/tls/ca.crt
# client_sslkeylogfile: @localstatedir@/log/open5gs/tls/sepp1-client-sslkeylog.log
# sbi:
# server:
# - address: 127.0.1.250
# port: 7777
# client:
# scp:
# - uri: http://127.0.0.200:7777
# n32:
# server:
# - sender: sepp1.localdomain
# scheme: https
# address: 127.0.1.251
# client:
# sepp:
# - receiver: sepp2.localdomain
# uri: https://sepp2.localdomain
# resolve: 127.0.2.251
#
# o Add client TLS verification to N32 interface
# default:
# tls:

32
configs/open5gs/sepp2.yaml.in
View File

@@ -14,8 +14,10 @@ sepp:
server:
private_key: @sysconfdir@/open5gs/tls/sepp2.key
cert: @sysconfdir@/open5gs/tls/sepp2.crt
# sslkeylogfile: @localstatedir@/log/open5gs/tls/sepp2-server-sslkeylog.log
client:
cacert: @sysconfdir@/open5gs/tls/ca.crt
# sslkeylogfile: @localstatedir@/log/open5gs/tls/sepp2-client-sslkeylog.log
sbi:
server:
- address: 127.0.2.250
@@ -148,6 +150,36 @@ sepp:
# uri: https://sepp1.localdomain
# resolve: 127.0.1.251
#
# o Enable SSL key logging for Wireshark
# - This configuration allows capturing SSL/TLS session keys
# for debugging or analysis purposes using Wireshark.
# default:
# tls:
# server:
# private_key: @sysconfdir@/open5gs/tls/sepp2.key
# cert: @sysconfdir@/open5gs/tls/sepp2.crt
# sslkeylogfile: @localstatedir@/log/open5gs/tls/sepp2-server-sslkeylog.log
# client:
# cacert: @sysconfdir@/open5gs/tls/ca.crt
# client_sslkeylogfile: @localstatedir@/log/open5gs/tls/sepp2-client-sslkeylog.log
# sbi:
# server:
# - address: 127.0.2.250
# port: 7777
# client:
# scp:
# - uri: http://127.0.0.200:7777
# n32:
# server:
# - sender: sepp2.localdomain
# scheme: https
# address: 127.0.2.251
# client:
# sepp:
# - receiver: sepp1.localdomain
# uri: https://sepp1.localdomain
# resolve: 127.0.1.251
#
# o Add client TLS verification to N32 interface
# default:
# tls:

83
configs/open5gs/smf.yaml.in
View File

@@ -186,43 +186,83 @@ smf:
################################################################################
# SBI Server
################################################################################
# o Override SBI address to be advertised to NRF
# o Bind to the address on the eth0 and advertise as open5gs-smf.svc.local
# sbi:
# server:
# - dev: eth0
# - dev:eth0
# advertise: open5gs-smf.svc.local
#
# o Specify a custom port number 7777 while binding to the given address
# sbi:
# server:
# - address: localhost
# advertise:
# - 127.0.0.99
# - ::1
# - address: smf.localdomain
# port: 7777
#
# o Bind to 127.0.0.4 and advertise as open5gs-smf.svc.local
# sbi:
# server:
# - address: 127.0.0.4
# port: 7777
# advertise: open5gs-smf.svc.local
#
# o Bind to port 7777 but advertise with a different port number 8888
# sbi:
# server:
# - address: 127.0.0.4
# port: 7777
# advertise: open5gs-smf.svc.local:8888
#
################################################################################
# SBI Client
################################################################################
# o Direct communication with NRF interaction
# o Direct Communication with NRF
# sbi:
# client:
# nrf:
# - uri: http://127.0.0.10:7777
#
# o Indirect communication with delegated discovery
# o Indirect Communication by Delegating to SCP
# sbi:
# client:
# scp:
# - uri: http://127.0.0.200:7777
#
# o Indirect communication without delegated discovery
# o Indirect Communication without Delegation
# sbi:
# client:
# nrf:
# - uri: http://127.0.0.10:7777
# scp:
# - uri: http://127.0.0.200:7777
# discovery:
# delegated: no
# delegated:
# nrf:
# nfm: no # Directly communicate NRF management functions
# disc: no # Directly communicate NRF discovery
# scp:
# next: no # Do not delegate to SCP for next-hop
#
# o Indirect Communication with Delegated Discovery
# sbi:
# client:
# nrf:
# - uri: http://127.0.0.10:7777
# scp:
# - uri: http://127.0.0.200:7777
# delegated:
# nrf:
# nfm: no # Directly communicate NRF management functions
# disc: yes # Delegate discovery to SCP
# scp:
# next: yes # Delegate to SCP for next-hop communications
#
# o Default delegation: all communications are delegated to the SCP
# sbi:
# client:
# nrf:
# - uri: http://127.0.0.10:7777
# scp:
# - uri: http://127.0.0.200:7777
# # No 'delegated' section; defaults to AUTO delegation
#
################################################################################
# HTTPS scheme with TLS
@@ -244,6 +284,27 @@ smf:
# nrf:
# - uri: https://nrf.localdomain
#
# o Enable SSL key logging for Wireshark
# - This configuration allows capturing SSL/TLS session keys
# for debugging or analysis purposes using Wireshark.
# default:
# tls:
# server:
# scheme: https
# private_key: @sysconfdir@/open5gs/tls/smf.key
# cert: @sysconfdir@/open5gs/tls/smf.crt
# sslkeylogfile: @localstatedir@/log/open5gs/tls/smf-server-sslkeylog.log
# client:
# scheme: https
# cacert: @sysconfdir@/open5gs/tls/ca.crt
# client_sslkeylogfile: @localstatedir@/log/open5gs/tls/smf-client-sslkeylog.log
# sbi:
# server:
# - address: smf.localdomain
# client:
# nrf:
# - uri: https://nrf.localdomain
#
# o Add client TLS verification
# default:
# tls:

84
configs/open5gs/udm.yaml.in
View File

@@ -38,7 +38,6 @@ udm:
scp:
- uri: http://127.0.0.200:7777
#
################################################################################
# Home Network Public Key
################################################################################
@@ -82,43 +81,83 @@ udm:
################################################################################
# SBI Server
################################################################################
# o Override SBI address to be advertised to NRF
# o Bind to the address on the eth0 and advertise as open5gs-udm.svc.local
# sbi:
# server:
# - dev: eth0
# - dev:eth0
# advertise: open5gs-udm.svc.local
#
# o Specify a custom port number 7777 while binding to the given address
# sbi:
# server:
# - address: localhost
# advertise:
# - 127.0.0.99
# - ::1
# - address: udm.localdomain
# port: 7777
#
# o Bind to 127.0.0.12 and advertise as open5gs-udm.svc.local
# sbi:
# server:
# - address: 127.0.0.12
# port: 7777
# advertise: open5gs-udm.svc.local
#
# o Bind to port 7777 but advertise with a different port number 8888
# sbi:
# server:
# - address: 127.0.0.12
# port: 7777
# advertise: open5gs-udm.svc.local:8888
#
################################################################################
# SBI Client
################################################################################
# o Direct communication with NRF interaction
# o Direct Communication with NRF
# sbi:
# client:
# nrf:
# - uri: http://127.0.0.10:7777
#
# o Indirect communication with delegated discovery
# o Indirect Communication by Delegating to SCP
# sbi:
# client:
# scp:
# - uri: http://127.0.0.200:7777
#
# o Indirect communication without delegated discovery
# o Indirect Communication without Delegation
# sbi:
# client:
# nrf:
# - uri: http://127.0.0.10:7777
# scp:
# - uri: http://127.0.0.200:7777
# discovery:
# delegated: no
# delegated:
# nrf:
# nfm: no # Directly communicate NRF management functions
# disc: no # Directly communicate NRF discovery
# scp:
# next: no # Do not delegate to SCP for next-hop
#
# o Indirect Communication with Delegated Discovery
# sbi:
# client:
# nrf:
# - uri: http://127.0.0.10:7777
# scp:
# - uri: http://127.0.0.200:7777
# delegated:
# nrf:
# nfm: no # Directly communicate NRF management functions
# disc: yes # Delegate discovery to SCP
# scp:
# next: yes # Delegate to SCP for next-hop communications
#
# o Default delegation: all communications are delegated to the SCP
# sbi:
# client:
# nrf:
# - uri: http://127.0.0.10:7777
# scp:
# - uri: http://127.0.0.200:7777
# # No 'delegated' section; defaults to AUTO delegation
#
################################################################################
# HTTPS scheme with TLS
@@ -140,6 +179,27 @@ udm:
# nrf:
# - uri: https://nrf.localdomain
#
# o Enable SSL key logging for Wireshark
# - This configuration allows capturing SSL/TLS session keys
# for debugging or analysis purposes using Wireshark.
# default:
# tls:
# server:
# scheme: https
# private_key: @sysconfdir@/open5gs/tls/udm.key
# cert: @sysconfdir@/open5gs/tls/udm.crt
# sslkeylogfile: @localstatedir@/log/open5gs/tls/udm-server-sslkeylog.log
# client:
# scheme: https
# cacert: @sysconfdir@/open5gs/tls/ca.crt
# client_sslkeylogfile: @localstatedir@/log/open5gs/tls/udm-client-sslkeylog.log
# sbi:
# server:
# - address: udm.localdomain
# client:
# nrf:
# - uri: https://nrf.localdomain
#
# o Add client TLS verification
# default:
# tls:

83
configs/open5gs/udr.yaml.in
View File

@@ -23,43 +23,83 @@ udr:
################################################################################
# SBI Server
################################################################################
# o Override SBI address to be advertised to NRF
# o Bind to the address on the eth0 and advertise as open5gs-udr.svc.local
# sbi:
# server:
# - dev: eth0
# - dev:eth0
# advertise: open5gs-udr.svc.local
#
# o Specify a custom port number 7777 while binding to the given address
# sbi:
# server:
# - address: localhost
# advertise:
# - 127.0.0.99
# - ::1
# - address: udr.localdomain
# port: 7777
#
# o Bind to 127.0.0.20 and advertise as open5gs-udr.svc.local
# sbi:
# server:
# - address: 127.0.0.20
# port: 7777
# advertise: open5gs-udr.svc.local
#
# o Bind to port 7777 but advertise with a different port number 8888
# sbi:
# server:
# - address: 127.0.0.20
# port: 7777
# advertise: open5gs-udr.svc.local:8888
#
################################################################################
# SBI Client
################################################################################
# o Direct communication with NRF interaction
# o Direct Communication with NRF
# sbi:
# client:
# nrf:
# - uri: http://127.0.0.10:7777
#
# o Indirect communication with delegated discovery
# o Indirect Communication by Delegating to SCP
# sbi:
# client:
# scp:
# - uri: http://127.0.0.200:7777
#
# o Indirect communication without delegated discovery
# o Indirect Communication without Delegation
# sbi:
# client:
# nrf:
# - uri: http://127.0.0.10:7777
# scp:
# - uri: http://127.0.0.200:7777
# discovery:
# delegated: no
# delegated:
# nrf:
# nfm: no # Directly communicate NRF management functions
# disc: no # Directly communicate NRF discovery
# scp:
# next: no # Do not delegate to SCP for next-hop
#
# o Indirect Communication with Delegated Discovery
# sbi:
# client:
# nrf:
# - uri: http://127.0.0.10:7777
# scp:
# - uri: http://127.0.0.200:7777
# delegated:
# nrf:
# nfm: no # Directly communicate NRF management functions
# disc: yes # Delegate discovery to SCP
# scp:
# next: yes # Delegate to SCP for next-hop communications
#
# o Default delegation: all communications are delegated to the SCP
# sbi:
# client:
# nrf:
# - uri: http://127.0.0.10:7777
# scp:
# - uri: http://127.0.0.200:7777
# # No 'delegated' section; defaults to AUTO delegation
#
################################################################################
# HTTPS scheme with TLS
@@ -81,6 +121,27 @@ udr:
# nrf:
# - uri: https://nrf.localdomain
#
# o Enable SSL key logging for Wireshark
# - This configuration allows capturing SSL/TLS session keys
# for debugging or analysis purposes using Wireshark.
# default:
# tls:
# server:
# scheme: https
# private_key: @sysconfdir@/open5gs/tls/udr.key
# cert: @sysconfdir@/open5gs/tls/udr.crt
# sslkeylogfile: @localstatedir@/log/open5gs/tls/udr-server-sslkeylog.log
# client:
# scheme: https
# cacert: @sysconfdir@/open5gs/tls/ca.crt
# client_sslkeylogfile: @localstatedir@/log/open5gs/tls/udr-client-sslkeylog.log
# sbi:
# server:
# - address: udr.localdomain
# client:
# nrf:
# - uri: https://nrf.localdomain
#
# o Add client TLS verification
# default:
# tls:

2
configs/srsenb.yaml.in
View File

@@ -67,7 +67,7 @@ mme:
tai:
- plmn_id:
mcc: 901
mnc: 70
mnc: 70
tac: 7
security:
integrity_order : [ EIA2, EIA1, EIA0 ]

266
configs/transfer-error-case.yaml.in Normal file
View File

@@ -0,0 +1,266 @@
db_uri: mongodb://localhost/open5gs
logger:
test:
serving:
- plmn_id:
mcc: 999
mnc: 70
global:
parameter:
# no_nrf: true
no_scp: true
no_sepp: true
# no_amf: true
# no_smf: true
# no_upf: true
# no_ausf: true
# no_udm: true
# no_pcf: true
# no_nssf: true
# no_bsf: true
# no_udr: true
no_mme: true
no_sgwc: true
no_sgwu: true
no_pcrf: true
no_hss: true
smf:
sbi:
server:
- address: 127.0.0.4
port: 7777
client:
nrf:
- uri: http://127.0.0.10:7777
pfcp:
server:
- address: 127.0.0.4
client:
upf:
- address: 127.0.0.7
gtpc:
server:
- address: 127.0.0.4
gtpu:
server:
- address: 127.0.0.4
metrics:
server:
- address: 127.0.0.4
port: 9090
session:
- subnet: 10.45.0.0/16
gateway: 10.45.0.1
- subnet: 2001:db8:cafe::/48
gateway: 2001:db8:cafe::1
dns:
- 8.8.8.8
- 8.8.4.4
- 2001:4860:4860::8888
- 2001:4860:4860::8844
mtu: 1400
freeDiameter:
identity: smf.localdomain
realm: localdomain
listen_on: 127.0.0.4
no_fwd: true
load_extension:
- module: @build_subprojects_freeDiameter_extensions_dir@/dbg_msg_dumps.fdx
conf: 0x8888
- module: @build_subprojects_freeDiameter_extensions_dir@/dict_rfc5777.fdx
- module: @build_subprojects_freeDiameter_extensions_dir@/dict_mip6i.fdx
- module: @build_subprojects_freeDiameter_extensions_dir@/dict_nasreq.fdx
- module: @build_subprojects_freeDiameter_extensions_dir@/dict_nas_mipv6.fdx
- module: @build_subprojects_freeDiameter_extensions_dir@/dict_dcca.fdx
- module: @build_subprojects_freeDiameter_extensions_dir@/dict_dcca_3gpp/dict_dcca_3gpp.fdx
connect:
- identity: pcrf.localdomain
address: 127.0.0.9
amf:
sbi:
server:
- address: 127.0.0.5
port: 7777
client:
nrf:
- uri: http://127.0.0.10:7777
ngap:
server:
- address: 127.0.0.5
metrics:
server:
- address: 127.0.0.5
port: 9090
guami:
- plmn_id:
mcc: 999
mnc: 70
amf_id:
region: 2
set: 1
pointer: 31
tai:
- plmn_id:
mcc: 999
mnc: 70
tac: 1
plmn_support:
- plmn_id:
mcc: 999
mnc: 70
s_nssai:
- sst: 1
security:
integrity_order : [ NIA2, NIA1, NIA0 ]
ciphering_order : [ NEA0, NEA1, NEA2 ]
network_name:
full: Open5GS
amf_name: open5gs-amf0
time:
t3512:
value: 540 # 9 mintues * 60 = 540 seconds
# amf #2
amf:
sbi:
server:
- address: 127.0.0.50
port: 7777
client:
nrf:
- uri: http://127.0.0.10:7777
ngap:
server:
- address: 127.0.0.50
metrics:
server:
- address: 127.0.0.50
port: 9090
guami:
- plmn_id:
mcc: 999
mnc: 70
amf_id:
region: 2
set: 1
pointer: 30
tai:
- plmn_id:
mcc: 999
mnc: 70
tac: 1
plmn_support:
- plmn_id:
mcc: 999
mnc: 70
s_nssai:
- sst: 1
security:
integrity_order : [ NIA2, NIA1, NIA0 ]
ciphering_order : [ NEA0, NEA1, NEA2 ]
network_name:
full: Open5GS
amf_name: open5gs-amf1
time:
t3512:
value: 540 # 9 mintues * 60 = 540 seconds
upf:
pfcp:
server:
- address: 127.0.0.7
gtpu:
server:
- address: 127.0.0.7
session:
- subnet: 10.45.0.0/16
gateway: 10.45.0.1
- subnet: 2001:db8:cafe::/48
gateway: 2001:db8:cafe::1
metrics:
server:
- address: 127.0.0.7
port: 9090
nrf:
sbi:
server:
- address: 127.0.0.10
port: 7777
serving:
- plmn_id:
mcc: 999
mnc: 70
ausf:
sbi:
server:
- address: 127.0.0.11
port: 7777
client:
nrf:
- uri: http://127.0.0.10:7777
udm:
hnet:
- id: 1
scheme: 1
key: @build_configs_dir@/open5gs/hnet/curve25519-1.key
- id: 2
scheme: 2
key: @build_configs_dir@/open5gs/hnet/secp256r1-2.key
sbi:
server:
- address: 127.0.0.12
port: 7777
client:
nrf:
- uri: http://127.0.0.10:7777
pcf:
sbi:
server:
- address: 127.0.0.13
port: 7777
client:
nrf:
- uri: http://127.0.0.10:7777
metrics:
server:
- address: 127.0.0.13
port: 9090
nssf:
sbi:
server:
- address: 127.0.0.14
port: 7777
client:
nrf:
- uri: http://127.0.0.10:7777
nsi:
- uri: http://127.0.0.10:7777
s_nssai:
sst: 1
bsf:
sbi:
server:
- address: 127.0.0.15
port: 7777
client:
nrf:
- uri: http://127.0.0.10:7777
udr:
sbi:
server:
- address: 127.0.0.20
port: 7777
client:
nrf:
- uri: http://127.0.0.10:7777

271
configs/transfer.yaml.in Normal file
View File

@@ -0,0 +1,271 @@
db_uri: mongodb://localhost/open5gs
logger:
test:
serving:
- plmn_id:
mcc: 999
mnc: 70
global:
parameter:
# no_nrf: true
# no_scp: true
no_sepp: true
# no_amf: true
# no_smf: true
# no_upf: true
# no_ausf: true
# no_udm: true
# no_pcf: true
# no_nssf: true
# no_bsf: true
# no_udr: true
no_mme: true
no_sgwc: true
no_sgwu: true
no_pcrf: true
no_hss: true
smf:
sbi:
server:
- address: 127.0.0.4
port: 7777
client:
scp:
- uri: http://127.0.0.200:7777
pfcp:
server:
- address: 127.0.0.4
client:
upf:
- address: 127.0.0.7
gtpc:
server:
- address: 127.0.0.4
gtpu:
server:
- address: 127.0.0.4
metrics:
server:
- address: 127.0.0.4
port: 9090
session:
- subnet: 10.45.0.0/16
gateway: 10.45.0.1
- subnet: 2001:db8:cafe::/48
gateway: 2001:db8:cafe::1
dns:
- 8.8.8.8
- 8.8.4.4
- 2001:4860:4860::8888
- 2001:4860:4860::8844
mtu: 1400
freeDiameter:
identity: smf.localdomain
realm: localdomain
listen_on: 127.0.0.4
no_fwd: true
load_extension:
- module: @build_subprojects_freeDiameter_extensions_dir@/dbg_msg_dumps.fdx
conf: 0x8888
- module: @build_subprojects_freeDiameter_extensions_dir@/dict_rfc5777.fdx
- module: @build_subprojects_freeDiameter_extensions_dir@/dict_mip6i.fdx
- module: @build_subprojects_freeDiameter_extensions_dir@/dict_nasreq.fdx
- module: @build_subprojects_freeDiameter_extensions_dir@/dict_nas_mipv6.fdx
- module: @build_subprojects_freeDiameter_extensions_dir@/dict_dcca.fdx
- module: @build_subprojects_freeDiameter_extensions_dir@/dict_dcca_3gpp/dict_dcca_3gpp.fdx
connect:
- identity: pcrf.localdomain
address: 127.0.0.9
amf:
sbi:
server:
- address: 127.0.0.5
port: 7777
client:
scp:
- uri: http://127.0.0.200:7777
ngap:
server:
- address: 127.0.0.5
metrics:
server:
- address: 127.0.0.5
port: 9090
guami:
- plmn_id:
mcc: 999
mnc: 70
amf_id:
region: 2
set: 1
pointer: 31
tai:
- plmn_id:
mcc: 999
mnc: 70
tac: 1
plmn_support:
- plmn_id:
mcc: 999
mnc: 70
s_nssai:
- sst: 1
security:
integrity_order : [ NIA2, NIA1, NIA0 ]
ciphering_order : [ NEA0, NEA1, NEA2 ]
network_name:
full: Open5GS
amf_name: open5gs-amf0
time:
t3512:
value: 540 # 9 mintues * 60 = 540 seconds
# amf #2
amf:
sbi:
server:
- address: 127.0.0.50
port: 7777
client:
scp:
- uri: http://127.0.0.200:7777
ngap:
server:
- address: 127.0.0.50
metrics:
server:
- address: 127.0.0.50
port: 9090
guami:
- plmn_id:
mcc: 999
mnc: 70
amf_id:
region: 2
set: 1
pointer: 30
tai:
- plmn_id:
mcc: 999
mnc: 70
tac: 1
plmn_support:
- plmn_id:
mcc: 999
mnc: 70
s_nssai:
- sst: 1
security:
integrity_order : [ NIA2, NIA1, NIA0 ]
ciphering_order : [ NEA0, NEA1, NEA2 ]
network_name:
full: Open5GS
amf_name: open5gs-amf1
time:
t3512:
value: 540 # 9 mintues * 60 = 540 seconds
upf:
pfcp:
server:
- address: 127.0.0.7
gtpu:
server:
- address: 127.0.0.7
session:
- subnet: 10.45.0.0/16
gateway: 10.45.0.1
- subnet: 2001:db8:cafe::/48
gateway: 2001:db8:cafe::1
metrics:
server:
- address: 127.0.0.7
port: 9090
nrf:
sbi:
server:
- address: 127.0.0.10
port: 7777
scp:
sbi:
server:
- address: 127.0.0.200
port: 7777
client:
nrf:
- uri: http://127.0.0.10:7777
ausf:
sbi:
server:
- address: 127.0.0.11
port: 7777
client:
scp:
- uri: http://127.0.0.200:7777
udm:
hnet:
- id: 1
scheme: 1
key: @build_configs_dir@/open5gs/hnet/curve25519-1.key
- id: 2
scheme: 2
key: @build_configs_dir@/open5gs/hnet/secp256r1-2.key
sbi:
server:
- address: 127.0.0.12
port: 7777
client:
scp:
- uri: http://127.0.0.200:7777
pcf:
sbi:
server:
- address: 127.0.0.13
port: 7777
client:
scp:
- uri: http://127.0.0.200:7777
metrics:
server:
- address: 127.0.0.13
port: 9090
nssf:
sbi:
server:
- address: 127.0.0.14
port: 7777
client:
scp:
- uri: http://127.0.0.200:7777
nsi:
- uri: http://127.0.0.10:7777
s_nssai:
sst: 1
bsf:
sbi:
server:
- address: 127.0.0.15
port: 7777
client:
scp:
- uri: http://127.0.0.200:7777
udr:
sbi:
server:
- address: 127.0.0.20
port: 7777
client:
scp:
- uri: http://127.0.0.200:7777

108
debian/changelog vendored
View File

@@ -1,3 +1,111 @@
open5gs (2.7.6) unstable; urgency=medium
* Bug Fixed
-- Sukchan Lee <acetcom@gmail.com> Sat, 19 Jul 2025 10:02:38 +0900
open5gs (2.7.6~plucky) plucky; urgency=medium
* Bug Fixed
-- Sukchan Lee <acetcom@gmail.com> Sat, 19 Jul 2025 09:59:50 +0900
open5gs (2.7.6~oracular) oracular; urgency=medium
* Bug Fixed
-- Sukchan Lee <acetcom@gmail.com> Sat, 19 Jul 2025 09:57:14 +0900
open5gs (2.7.6~noble) noble; urgency=medium
* Bug Fixed
-- Sukchan Lee <acetcom@gmail.com> Sat, 19 Jul 2025 09:55:32 +0900
open5gs (2.7.6~jammy) jammy; urgency=medium
* Bug Fixed
-- Sukchan Lee <acetcom@gmail.com> Sat, 19 Jul 2025 09:53:39 +0900
open5gs (2.7.6~focal) focal; urgency=medium
* Bug Fixed
-- Sukchan Lee <acetcom@gmail.com> Sat, 19 Jul 2025 09:51:57 +0900
open5gs (2.7.6~bionic) bionic; urgency=medium
* Bug Fixed
-- Sukchan Lee <acetcom@gmail.com> Sat, 19 Jul 2025 09:49:35 +0900
open5gs (2.7.5) unstable; urgency=medium
* Bug Fixed
-- Sukchan Lee <acetcom@gmail.com> Sun, 30 Mar 2025 22:01:17 +0900
open5gs (2.7.5~oracular) oracular; urgency=medium
* Bug Fixed
-- Sukchan Lee <acetcom@gmail.com> Sun, 30 Mar 2025 22:00:22 +0900
open5gs (2.7.5~noble) noble; urgency=medium
* Bug Fixed
-- Sukchan Lee <acetcom@gmail.com> Sun, 30 Mar 2025 21:59:27 +0900
open5gs (2.7.5~jammy) jammy; urgency=medium
* Bug Fixed
-- Sukchan Lee <acetcom@gmail.com> Sun, 30 Mar 2025 21:58:02 +0900
open5gs (2.7.5~focal) focal; urgency=medium
* Bug Fixed
-- Sukchan Lee <acetcom@gmail.com> Sun, 30 Mar 2025 21:56:59 +0900
open5gs (2.7.5~bionic) bionic; urgency=medium
* Bug Fixed
-- Sukchan Lee <acetcom@gmail.com> Sun, 30 Mar 2025 21:55:48 +0900
open5gs (2.7.2) unstable; urgency=medium
* Bug Fixed
-- Sukchan Lee <acetcom@gmail.com> Sun, 04 Aug 2024 21:03:45 +0900
open5gs (2.7.2~jammy1) jammy; urgency=medium
* Bug Fixed
-- Sukchan Lee <acetcom@gmail.com> Sun, 04 Aug 2024 21:02:06 +0900
open5gs (2.7.2~focal1) focal; urgency=medium
* Bug Fixed
-- Sukchan Lee <acetcom@gmail.com> Sun, 04 Aug 2024 21:00:24 +0900
open5gs (2.7.2~noble1) noble; urgency=medium
* Bug Fixed
-- Sukchan Lee <acetcom@gmail.com> Sun, 04 Aug 2024 20:58:44 +0900
open5gs (2.7.2~bionic1) bionic; urgency=medium
* Bug Fixed
-- Sukchan Lee <acetcom@gmail.com> Sun, 04 Aug 2024 20:56:49 +0900
open5gs (2.7.1) unstable; urgency=medium
* Bug Fixed

2
debian/control vendored
View File

@@ -13,7 +13,7 @@ Build-Depends: debhelper (>= 11),
libgnutls28-dev,
libgcrypt-dev,
libssl-dev,
libidn11-dev,
libidn-dev | libidn11-dev,
libmongoc-dev,
libbson-dev,
libsctp-dev,

2
debian/open5gs-common.dirs vendored
View File

@@ -1 +1 @@
var/log/open5gs
var/log/open5gs/tls

2
docker/alpine/latest/dev/Dockerfile
View File

@@ -13,7 +13,7 @@ RUN apk update && \
sudo
ARG username=acetcom
RUN adduser -u 1000 acetcom -D && \
RUN adduser -u 2000 acetcom -D && \
echo "${username} ALL=(root) NOPASSWD:ALL" > /etc/sudoers.d/${username} && \
chmod 0440 /etc/sudoers.d/${username}

8
docker/debian/latest/base/Dockerfile
View File

@@ -22,7 +22,6 @@ RUN apt-get update && \
libgnutls28-dev \
libgcrypt-dev \
libssl-dev \
libidn11-dev \
libmongoc-dev \
libbson-dev \
libyaml-dev \
@@ -35,4 +34,9 @@ RUN apt-get update && \
ca-certificates \
netbase \
pkg-config && \
apt-get clean
if apt-cache show libidn-dev > /dev/null 2>&1; then \
apt-get install -y --no-install-recommends libidn-dev; \
else \
apt-get install -y --no-install-recommends libidn11-dev; \
fi && \
apt-get clean && rm -rf /var/lib/apt/lists/*

2
docker/debian/latest/dev/Dockerfile
View File

@@ -27,7 +27,7 @@ RUN apt-get update && \
COPY setup.sh /root
ARG username=acetcom
RUN useradd -m --uid=1000 ${username} && \
RUN useradd -m --uid=2000 ${username} && \
echo "${username} ALL=(root) NOPASSWD:ALL" > /etc/sudoers.d/${username} && \
chmod 0440 /etc/sudoers.d/${username}

2
docker/fedora/latest/dev/Dockerfile
View File

@@ -16,7 +16,7 @@ RUN dnf -y install \
COPY setup.sh /root
ARG username=acetcom
RUN useradd -m --uid=1000 ${username} && \
RUN useradd -m --uid=2000 ${username} && \
echo "${username} ALL=(root) NOPASSWD:ALL" > /etc/sudoers.d/${username} && \
chmod 0440 /etc/sudoers.d/${username}

8
docker/ubuntu/latest/base/Dockerfile
View File

@@ -22,7 +22,6 @@ RUN apt-get update && \
libgnutls28-dev \
libgcrypt-dev \
libssl-dev \
libidn11-dev \
libmongoc-dev \
libbson-dev \
libyaml-dev \
@@ -35,4 +34,9 @@ RUN apt-get update && \
ca-certificates \
netbase \
pkg-config && \
apt-get clean
if apt-cache show libidn-dev > /dev/null 2>&1; then \
apt-get install -y --no-install-recommends libidn-dev; \
else \
apt-get install -y --no-install-recommends libidn11-dev; \
fi && \
apt-get clean && rm -rf /var/lib/apt/lists/*

2
docker/ubuntu/latest/dev/Dockerfile
View File

@@ -33,7 +33,7 @@ RUN apt-get update && \
COPY setup.sh /root
ARG username=acetcom
RUN useradd -m --uid=1000 ${username} && \
RUN useradd -m --uid=2000 ${username} && \
echo "${username} ALL=(root) NOPASSWD:ALL" > /etc/sudoers.d/${username} && \
chmod 0440 /etc/sudoers.d/${username}

3
docs/_config.yml
View File

@@ -26,6 +26,9 @@ google_analytics: G-12MQZTB3JH
# Build settings
markdown: kramdown
kramdown:
parse_block_html: true
plugins:
- jekyll-feed
- jekyll-seo-tag

6
docs/_docs/guide/01-quickstart.md
View File

@@ -80,14 +80,14 @@ Import the public key used by the package management system.
```bash
$ sudo apt update
$ sudo apt install gnupg
$ curl -fsSL https://pgp.mongodb.com/server-6.0.asc | sudo gpg -o /usr/share/keyrings/mongodb-server-6.0.gpg --dearmor
$ curl -fsSL https://pgp.mongodb.com/server-8.0.asc | sudo gpg -o /usr/share/keyrings/mongodb-server-8.0.gpg --dearmor
```
Create the list file /etc/apt/sources.list.d/mongodb-org-6.0.list for your version of Ubuntu.
Create the list file /etc/apt/sources.list.d/mongodb-org-8.0.list for your version of Ubuntu.
On ubuntu 22.04 (Jammy)
```bash
$ echo "deb [ arch=amd64,arm64 signed-by=/usr/share/keyrings/mongodb-server-6.0.gpg] https://repo.mongodb.org/apt/ubuntu jammy/mongodb-org/6.0 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-6.0.list
$ echo "deb [ arch=amd64,arm64 signed-by=/usr/share/keyrings/mongodb-server-8.0.gpg] https://repo.mongodb.org/apt/ubuntu jammy/mongodb-org/8.0 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-8.0.list
```
Install the MongoDB packages.

21
docs/_docs/guide/02-building-open5gs-from-sources.md
View File

@@ -18,14 +18,14 @@ Import the public key used by the package management system.
```bash
$ sudo apt update
$ sudo apt install gnupg
$ curl -fsSL https://pgp.mongodb.com/server-6.0.asc | sudo gpg -o /usr/share/keyrings/mongodb-server-6.0.gpg --dearmor
$ curl -fsSL https://pgp.mongodb.com/server-8.0.asc | sudo gpg -o /usr/share/keyrings/mongodb-server-8.0.gpg --dearmor
```
Create the list file /etc/apt/sources.list.d/mongodb-org-6.0.list for your version of Ubuntu.
Create the list file /etc/apt/sources.list.d/mongodb-org-8.0.list for your version of Ubuntu.
On ubuntu 22.04 (Jammy)
```bash
$ echo "deb [ arch=amd64,arm64 signed-by=/usr/share/keyrings/mongodb-server-6.0.gpg] https://repo.mongodb.org/apt/ubuntu jammy/mongodb-org/6.0 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-6.0.list
$ echo "deb [ arch=amd64,arm64 signed-by=/usr/share/keyrings/mongodb-server-8.0.gpg] https://repo.mongodb.org/apt/ubuntu jammy/mongodb-org/8.0 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-8.0.list
```
Install the MongoDB packages.
@@ -58,10 +58,19 @@ $ sudo ip link set ogstun up
### Building Open5GS
---
Install the dependencies for building the source code.
Install the common dependencies for building the source code.
```bash
$ sudo apt install python3-pip python3-setuptools python3-wheel ninja-build build-essential flex bison git cmake libsctp-dev libgnutls28-dev libgcrypt-dev libssl-dev libidn11-dev libmongoc-dev libbson-dev libyaml-dev libnghttp2-dev libmicrohttpd-dev libcurl4-gnutls-dev libnghttp2-dev libtins-dev libtalloc-dev meson
$ sudo apt install python3-pip python3-setuptools python3-wheel ninja-build build-essential flex bison git cmake libsctp-dev libgnutls28-dev libgcrypt-dev libssl-dev libmongoc-dev libbson-dev libyaml-dev libnghttp2-dev libmicrohttpd-dev libcurl4-gnutls-dev libnghttp2-dev libtins-dev libtalloc-dev meson
```
Install libidn-dev or libidn11-dev depending on your system
```bash
$ if apt-cache show libidn-dev > /dev/null 2>&1; then
sudo apt-get install -y --no-install-recommends libidn-dev
else
sudo apt-get install -y --no-install-recommends libidn11-dev
fi
```
Git clone.
@@ -447,7 +456,7 @@ $ cp open5gs* /usr/bin/
For convenience, you can execute all NFs at once by using the following command.
```bash
$ ./build/tests/app/5gc ## 5G Core Only with ./build/configs/sample.yaml
$ ./build/tests/app/epc -c ./build/configs/srslte.yaml ## EPC Only with ./build/configs/srslte.yaml
$ ./build/tests/app/epc -c ./build/configs/srsenb.yaml ## EPC Only with ./build/configs/srsenb.yaml
$ ./build/tests/app/app ## Both 5G Core and EPC with ./build/configs/sample.yaml
```

15
docs/_docs/hardware/01-genodebs.md
View File

@@ -19,12 +19,15 @@ If you have tested radio hardware from a vendor not listed with Open5GS, please
* CableFree Small Cell Indoor radios (5G n77, n78 and other bands)
* CableFree Macro (BBU+RRH) radios (4G and 5G, various bands)
* Ericsson Baseband 6630 (21.Q3 Software) + Radio 2217, Radio 2219 (4G and 5G, various bands)
* Ericsson Baseband 6648/6651 IRU 8848 Dots 4475 (N78, N1,N3)
* Ericsson StreetMacro 6701 (21.Q3 Software) (5G mmWave, n261) (Baseband 6318 and AIR 1281 packaged together)
* Huawei BTS5900
* Huawei BTS5900 V100R019C10SPC220 (N78, N28)
* LIONS RANathon O-CU and O-DU + RANathon RS8601 Indoor O-RU + RANathon XG8600 Fronthaul Gateway
* NOKIA AEQE (SW: 5G20A)
* NOKIA AEQD (SW: 5G20A)
* NOKIA AEQP (SW: 5G21A)
* MOSO Networks Canopy 5GID1 Indoor 2T2R (5G n48 n78)
* ZTE ITBBU ITRAN-PNF V5.65.20.20F10 (n78, n1, n3)
### Commercial 4G
---
@@ -42,10 +45,12 @@ If you have tested radio hardware from a vendor not listed with Open5GS, please
* Baicells Nova 436Q
* Baicells Nova 227 (EBS & CBRS)
* Baicells Nova 233
* Ericsson Baseband 6630 (21Q1 Software)
* Baicells Nova 430i (band 48/CBRS, SW version BaiBLQ_3.0.12)
* Ericsson Baseband 6630/6648/6651 (21Q1 Software)
* Ericsson RBS 6402 (18.Q1 software, B2 B25 B4 B7 B252 B255)
* Ericsson RBS 6601 + DUL 20 01 + RUS 01 B8
* Gemtek WLTGFC-101 (S/W version 2.1.1746.1116)
* Gemtek WLTGFC-105 (band 3, SW version 2.1.2277.1720-wltgfc105-gemtek-fdd)
* Huawei BTS3900 (S/W version V100R011C10SPC230)
* Huawei BBU5900 with RRU5304W Band 7 FDD 2600Mhz 40W Version V100R016C10
* Klas VoyagerCell Duo 4GAP1000/4GAP1000X
@@ -55,7 +60,11 @@ If you have tested radio hardware from a vendor not listed with Open5GS, please
* Nokia FW2FA Flexi Zone Mini-Macro Outdoor BTS, 2x20w Band 39
* Nokia FWGR Flexi Zone Mini-Macro Outdoor BTS, 2x20w Band 1
* Nokia FWHG Flexi Zone Indoor Pico BTS, 2x250 mW Band 7
* Nokia FW2HHD Flexi Zone Multiband Indoor Pico BTS, Band 38/41(S/W TLS18SP_ENB)
* Mikrotik Intercell B1+B3 IC322GC-b1D+b3D
* Ruckus Q710 and Q910
* Sercomm SCE4255W "Englewood" (band 48/CBRS, SW version DG3934v3@2308041842)
* ZTE ITBBU ITRAN-PNF V5.65.20.20F10
### 4G/5G Software Stacks + SDRs
---
@@ -63,9 +72,11 @@ If you have tested radio hardware from a vendor not listed with Open5GS, please
* [Amarisoft](https://www.amarisoft.com/) + LimeSDR, USRP, Amarisoft PCI Express Card
* Open Air Interface 5G ([NR_SA_F1AP_5GRECORDS branch](https://gitlab.eurecom.fr/oai/openairinterface5g/-/tree/NR_SA_F1AP_5GRECORDS)) + USRP B210
* [srsLTE / srsENB](https://github.com/srsLTE/srsLTE) + LimeSDR, USRP, BladeRF x40 (BladeRF Not stable)
* [srsRAN_Project](https://github.com/srsran/srsRAN_Project) 5G O-RAN CU/DU based on USRP SDR.
### Misc Radio Hardware
---
* [OpenAirInterface v1.0.3](https://gitlab.eurecom.fr/oai/openairinterface5g/-/tree/v1.0.3) 4G RAN Simulator
* [OsmoBTS](https://osmocom.org/projects/osmobts/wiki) controlled ip.access NanoBTS (Used for CSFB with Osmocom)
* [UERANSIM](https://github.com/aligungr/UERANSIM) 5G RAN Simulator
* [PacketRusher](https://github.com/HewlettPackard/PacketRusher) 5G performance testing and validation tool

16
docs/_docs/platform/07-freebsd.md
View File

@@ -3,10 +3,10 @@ title: FreeBSD
head_inline: "<style> .blue { color: blue; } </style>"
---
This guide is based on **FreeBSD-13.1-STABLE**.
This guide is based on **FreeBSD-14.1-STABLE**.
{: .blue}
## Install **FreeBSD-13.1-STABLE** from Vagrant box (optional)
## Install **FreeBSD-14.1-STABLE** from Vagrant box (optional)
---
Vagrant provides a simple way to create and deploy Virtual Machines from
pre-built images using VirtualBox, libvirt, or VMWare as a hypervisor engine.
@@ -20,13 +20,13 @@ The instructions to install Vagrant are provided at
[vagrantup.com](https://www.vagrantup.com/).
### Create a FreeBSD-13.1-STABLE Virtual Machine using Vagrant
### Create a FreeBSD-14.1-STABLE Virtual Machine using Vagrant
---
Use the supplied `Vagrantfile` in the `vagrant` directory to create the
virtual machine.
Note that this Vagrantfile is identical to the base FreeBSD 13 box, with
Note that this Vagrantfile is identical to the base FreeBSD 14 box, with
the exception that the amount of virtual memory has been increased to 1GB:
```bash
@@ -37,7 +37,7 @@ vagrant up --provider virtualbox
### Log into the newly created FreeBSD VM
---
Use SSH to log into the FreeBSD 13 VM:
Use SSH to log into the FreeBSD 14 VM:
```bash
vagrant ssh
@@ -45,10 +45,10 @@ vagrant ssh
Note that the Open5GS source is *not* copied into the VM. The instructions
below provide the step by step instructions for setting up Open5GS for
either a bare metal or virtual FreeBSD 13 system.
either a bare metal or virtual FreeBSD 14 system.
The rest of the commands below are performed inside the FreeBSD VM as the
user 'vagrant', or on your bare metal FreeBSD 13 system as any normal user.
user 'vagrant', or on your bare metal FreeBSD 14 system as any normal user.
### Getting MongoDB
---
@@ -171,7 +171,7 @@ $ meson build --prefix=`pwd`/install
$ ninja -C build
```
**Note:** No source code changes are required for FreeBSD 11.x version. However, in FreeBSD 12.x/13.x version, we'll getting a crash with segmentation fault when calling basename(3). To avoid this, you need to change the freeDiameter source code as below.
**Note:** No source code changes are required for FreeBSD 11.x version. However, in FreeBSD 12.x/13.x/14.x version, we'll getting a crash with segmentation fault when calling basename(3). To avoid this, you need to change the freeDiameter source code as below.
{: .blue}
```diff

2
docs/_docs/troubleshoot/02-now-in-github-issues.md
View File

@@ -1356,7 +1356,7 @@ $ DIST=debian TAG=stretch docker-compose run dev
```bash
$ sudo dpkg --add-architecture armel
$ sudo apt update
$ sudo apt install libsctp-dev:armel libyaml-dev:armel libgnutls28-dev:armel libgcrypt-dev:armel libidn11-dev:armel libssl-dev:armel libmongoc-dev:armel libbson-dev:armel
$ sudo apt install libsctp-dev:armel libyaml-dev:armel libgnutls28-dev:armel libgcrypt-dev:armel libidn-dev:armel libssl-dev:armel libmongoc-dev:armel libbson-dev:armel
$ sudo apt install crossbuild-essential-armel
$ sudo apt install qemu
$ git clone https://github.com/{{ site.github_username }}/open5gs

4
docs/_docs/tutorial/01-your-first-lte.md
View File

@@ -165,8 +165,8 @@ $ make test
The Open5GS package is available on the recent versions of *Ubuntu*.
```bash
# Install the MongoDB Packages
$ curl -fsSL https://pgp.mongodb.com/server-6.0.asc | sudo gpg -o /usr/share/keyrings/mongodb-server-6.0.gpg --dearmor
$ echo "deb [ arch=amd64,arm64 signed-by=/usr/share/keyrings/mongodb-server-6.0.gpg] https://repo.mongodb.org/apt/ubuntu jammy/mongodb-org/6.0 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-6.0.list
$ curl -fsSL https://pgp.mongodb.com/server-8.0.asc | sudo gpg -o /usr/share/keyrings/mongodb-server-8.0.gpg --dearmor
$ echo "deb [ arch=amd64,arm64 signed-by=/usr/share/keyrings/mongodb-server-8.0.gpg] https://repo.mongodb.org/apt/ubuntu jammy/mongodb-org/8.0 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-8.0.list
$ sudo apt update
$ sudo apt install mongodb-org

928
docs/_docs/tutorial/05-roaming.md
View File

File diff suppressed because it is too large Load Diff

478
docs/_docs/tutorial/06-Open5GS-with-5G-Sharp-Orchestrator.md Normal file
View File

@@ -0,0 +1,478 @@
---
title: Open5GS with 5G Sharp Orchestrator
---
This tutorial is a guide to configure the tool 5G Sharp Orchestrator with Open5GS.
5G Sharp Orchestrator is a tool that serves as a comprehensive wrapper for configuring, deploying and monitoring 5G open-source network components, simplifying the orchestration process.
For more information on 5G Sharp Orchestrator please visit: https://github.com/Ethon-Shield/5g-sharp-orchestrator
![Basic Execution Example](https://raw.githubusercontent.com/Ethon-Shield/5g-sharp-orchestrator/9eddaf0c19d8333708271f1e3d6348735e32ae90/images/basic_execution_example.png)
# Usage
To correctly execute the 5G Sharp Orchestrator with Open5GS you will need to:
**0. Install prerequisites**
**1. Configure the project**
**2. Check the configuration is valid**
**3. Execute the tool**
This tutorial has been described with the following setup:
- Physical machine:
- i7 processor
- Ubuntu 22.04 LTS
- User "test"
- Connectivity - Offline
- Open5GS cloned and compiled in /home/test/open5gs
- srsRAN cloned and compiled in /home/test/srsRAN_Project
- Network parameters:
- MCC: 001
- MNC: 01
- TAC: 1
- SDR device:
- Ettus B200 mini
## 0. Install prerequisites
To be able to use the 5G Sharp Orchestrator tool, you will need to meet the following prerequisites.
<details>
<summary><strong>Software prerequisites</strong></summary>
This project needs certain binaries to be installed.
- The project has been successfully tested with **Ubuntu 22.04**
- UHD built from source (https://files.ettus.com/manual/page_build_guide.html)
- docker **version 19.03.0 or higher** (https://docs.docker.com/engine/install/ubuntu/)
```
# User going to be used should be in the docker group
sudo usermod -aG docker <user>
newgrp docker
```
- docker-compose **version 1.29.2 or higher** (https://docs.docker.com/compose/install/linux/)
- tmux **version 3.5a** (https://github.com/tmux/tmux/releases)
```bash
wget https://github.com/tmux/tmux/releases/download/3.5a/tmux-3.5a.tar.gz
tar -zxf tmux-3.5a.tar.gz
cd tmux-3.5a
./configure
make
sudo make install
```
- wireshark, tshark, expect
```bash
sudo add-apt-repository ppa:wireshark-dev/stable
sudo apt update
sudo apt install wireshark tshark expect
```
</details>
<details>
<summary><strong>Install Open5GS Core</strong></summary>
Official documentation: https://open5gs.org/open5gs/docs/guide/02-building-open5gs-from-sources/
To work with Open5GS core, it is recommended to build the project from source.
**1. Getting MongoDB**
- Install GNU Privacy Guard tool:
```
sudo apt update
sudo apt install gnupg
```
- Import the public key used by the package management system:
```
curl -fsSL https://pgp.mongodb.com/server-7.0.asc | sudo gpg -o /usr/share/keyrings/mongodb-server-7.0.gpg --dearmor
echo "deb [ arch=amd64,arm64 signed-by=/usr/share/keyrings/mongodb-server-7.0.gpg ] https://repo.mongodb.org/apt/ubuntu jammy/mongodb-org/7.0 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-7.0.list
```
- Install the MongoDB packages:
```
sudo apt update
sudo apt install -y mongodb-org
```
**NOTE**: MongoDB service needs to be running in order to execute the project. This can be done using the command ``sudo systemctl start mongod ``
**2. Building Open5GS**
Install the required dependencies:
```
sudo apt install python3-pip python3-setuptools python3-wheel ninja-build build-essential flex bison git cmake libsctp-dev libgnutls28-dev libgcrypt-dev libssl-dev libidn11-dev libmongoc-dev libbson-dev libyaml-dev libnghttp2-dev libmicrohttpd-dev libcurl4-gnutls-dev libnghttp2-dev libtins-dev libtalloc-dev meson
```
Clone the official project repository:
```
git clone https://github.com/open5gs/open5gs
```
Compile with <i>meson</i> and build with <i>ninja</i>:
```
cd open5gs/ meson build --prefix=`pwd`/install
ninja -C build
```
Check wether the compilation is correct:
```
./build/tests/registration/registration
```
Run all test programs:
```
cd build
sudo meson test -v
```
Perform the installation process:
```
cd build
ninja install
cd ../
```
</details>
<details>
<summary><strong>Install srsRAN gNB</strong></summary>
Official documentation: https://docs.srsran.com/projects/project/en/latest/user_manuals/source/installation.html
**1. Installing build tools and dependencies**
The required build tools and dependencies for the project can be installed in Ubuntu using the following command:
```
sudo apt-get install cmake make gcc g++ pkg-config libfftw3-dev libmbedtls-dev libsctp-dev libyaml-cpp-dev libgtest-devg
```
**2. Clone and build**
Clone the project repository:
```
git clone https://github.com/srsRAN/srsRAN_Project.git
```
Build the code-base:
```
cd srsRAN_Project
mkdir build
cd build
cmake ../
make -j $(nproc)
make test -j $(nproc)
sudo make install
```
</details>
<details>
<summary><strong>Hardware prerequisites</strong></summary>
- USRP devices.
- USB 3.0 port to connect the SDR.
- It is recommended to at least have an i7 processor.
</details>
## 1. Configuring the project
Once the prerequisites have been fullfilled, the next step is to setup the 5G Sharp Orchestrator. First of all, clone the repository:
```
cd ~/
git clone https://github.com/Ethon-Shield/5g-sharp-orchestrator.git
```
To configure the 5G Sharp Orchestrator with Open5GS you will need to modify the corresponding parameters in the file `./conf/sharp-orchestrator.src` . In this file you will be able to set different network parameters such as the MCC, MNC or TAC, encryption and integrity alogrithms, as well as defining the file paths of the corresponding binaries.
The following variables are set based on the example setup described at the start of the tutorial.
**SHARP ORCHESTRATOR**:
- **SHARP_ORCHESTRATOR_IP_ADDRESS**=127.0.0.1
- **SHARP_ORCHESTRATOR_USERNAME**="test"
- **SHARP_ORCHESTRATOR_WORKING_DIR**="/home/test/5g-sharp-orhcestrator/"
**GENERAL**:
- **MCC**=001
- **MNC**=01
- **TAC**=1
- **DEBUG**="false"
- **DNS_IP_ADDRESS**="8.8.8.8"
- **DEPLOY_NRCORE_ONLY**="false"
- **BACKUP_DIR_PREFIX**=""
**NRCORE**:
- **NRCORE_TECH**=OPEN5GS
- **INT_ALGO_PRIORITY_LIST**=NIA1,NIA2,NIA0
- **CIPH_ALGO_PRIORITY_LIST**=NEA1,NEA2,NEA0
- **NRCORE_OPEN5GS_WD**="/home/test/open5gs"
**GNB**:
- **GNB_TECH**=SRS
- **GNB_IP_ADDRESS**=127.0.0.1
- **GNB_USERNAME**="test"
- **GNB_WORKING_DIR**="/home/test/Desktop/gnb"
- **ARFCN**="641280"
- **SRS_GNB_BIN**="/home/test/srsRAN_Project/build/apps/gnb/gnb"
- **BAND**="78"
- **CHANNEL_BW**="20"
- **SCS**="15"
### SUDOERS file
It will be necessary to modify /etc/.sudoers file (via visudo for example) in order to be able to execute certain commands that need root privileges:
```bash
test ALL=(ALL) NOPASSWD: \
/usr/bin/kill -9 *, \
/usr/bin/chown -R * /tmp, \
/usr/bin/chown -R * /logs, \
/usr/sbin/ip tuntap add name ogstun mode tun, \
/usr/sbin/ip addr del 10.45.0.1/16 dev ogstun, \
/usr/sbin/ip addr add 10.45.0.1/16 dev ogstun, \
/usr/sbin/ip addr del 2001\:db8\:cafe\:\:1/48 dev ogstun, \
/usr/sbin/ip addr add 2001\:db8\:cafe\:\:1/48 dev ogstun, \
/usr/sbin/ip link set ogstun up, \
/usr/sbin/sysctl net.ipv4.conf.all.forwarding=1, \
/usr/sbin/iptables -P FORWARD ACCEPT, \
/usr/sbin/iptables -S, \
/usr/sbin/ip route del *, \
/usr/sbin/ip route add *, \
/usr/bin/unbuffer *, \
/usr/bin/kill -9 *
```
### SSH KEYS
Furthermore, although in this example setup we are only using one physical machine, the nodes will talk to each other via ssh. Consequently, it is important to store the public ssh key of the corresponding user.
1. Generate ssh key pair: `ssh-key-gen -t rsa`
2. Copy public pair into remote machine (in this example setup - localhost): `ssh-copy-id -i ~/.ssh/id_rsa.pub test@127.0.0.1`
## 2. Checking the configuation is valid
Once the project has been configured accordingly, check if it has been correctly configured executing the next script: `./bin/check_conf.sh`. All checks should have a **YES**.
<details>
<summary><strong> Example output </strong></summary>
```
##################################
Checking basic variables
##################################
BASIC variables are OK
##################################
Checking necessary binaries
##################################
tshark ... YES
expect ... YES
tmux ... YES
uhd_find_devices ... YES
uhd_usrp_probe ... YES
open5gs-nrfd ... YES
open5gs-scpd ... YES
open5gs-amfd ... YES
open5gs-smfd ... YES
open5gs-upfd ... YES
open5gs-ausfd ... YES
open5gs-udmd ... YES
open5gs-pcfd ... YES
open5gs-nssfd ... YES
open5gs-bsfd ... YES
open5gs-udrd ... YES
##################################
Checking CORE IP address, username and working dir
##################################
CORE IP ADDRESS ... YES
CORE USERNAME ... YES
CORE WORKING DIR ... YES
Checking if open5gs services are active
MongoDB is running ... YES
##################################
Checking SSH connections
##################################
CORE --> GNB ... YES
GNB --> CORE ... YES
##################################
Checking necessary repositories & binaries
##################################
OPEN5GS CORE
/home/test/open5gs/ directory ... YES
NOTES:
- /home/test/open5gs/ in TAG v2.7.2-65-g6d80d4322
gNB
SRS gnb bin ... YES
##################################
Checking sudoers file
##################################
NOPASSWD in ORCH & CORE for test for command /usr/bin/kill -9 \* ... YES
NOPASSWD in ORCH & CORE for test for command /usr/bin/chown -R \* /tmp ... YES
NOPASSWD in ORCH & CORE for test for command /usr/bin/chown -R \* /logs ... YES
NOPASSWD in ORCH & CORE for test for command /usr/sbin/ip tuntap add name ogstun mode tun ... YES
NOPASSWD in ORCH & CORE for test for command /usr/sbin/ip addr del 10.45.0.1/16 dev ogstun ... YES
NOPASSWD in ORCH & CORE for test for command /usr/sbin/ip addr add 10.45.0.1/16 dev ogstun ... YES
NOPASSWD in ORCH & CORE for test for command /usr/sbin/ip addr del 2001\:db8\:cafe\:\:1/48 dev ogstun ... YES
NOPASSWD in ORCH & CORE for test for command /usr/sbin/ip addr add 2001\:db8\:cafe\:\:1/48 dev ogstun ... YES
NOPASSWD in ORCH & CORE for test for command /usr/sbin/ip link set ogstun up ... YES
NOPASSWD in ORCH & CORE for test for command /usr/sbin/sysctl net.ipv4.conf.all.forwarding\=1 ... YES
NOPASSWD in ORCH & CORE for test for command /usr/sbin/iptables -P FORWARD ACCEPT ... YES
NOPASSWD in ORCH & CORE for test for command /usr/sbin/iptables -S ... YES
NOPASSWD in GNB for test for command /usr/sbin/ip route del \* in GNB ... YES
NOPASSWD in GNB for test for command /usr/sbin/ip route add \* in GNB ... YES
NOPASSWD in GNB for test for command /usr/bin/unbuffer \* in GNB ... YES
NOPASSWD in GNB for test for command /usr/bin/kill -9 \* in GNB ... YES
##################################
Checking sharp-orchestrator.src parameters
##################################
MCC 001 ... YES
MNC 01 ... YES
DEBUG false ... YES
DEPLOY_NRCORE_ONLY false ... YES
DNS_IP_ADDRESS 8.8.8.8 ... YES
AMF_IP_ADDRESS 127.0.0.100 ... YES
SHARP_ORCHESTRATOR_IP_ADDRESS 127.0.0.1 ... YES
NRCORE_IP_ADDRESS 127.0.0.1 ... YES
GNB_IP_ADDRESS 127.0.0.1 ... YES
##################################
Checking gNB directory
##################################
GNB directory ... YES
```
</details>
## 3. Executing the tool
After checking the configuration file and setting every paramater correctly, you will be able to start the orchestration process.
##### STARTING THE ORCHESTRATOR APP
To start the orchestrator app execute the following command:
```bash
./tui.sh
```
You will have an interactive menu to perform all the needed actions.
![Main Menu](https://raw.githubusercontent.com/Ethon-Shield/5g-sharp-orchestrator/9eddaf0c19d8333708271f1e3d6348735e32ae90/images/MAINMENU.png)
##### STARTING THE NETWORK
Choose the "Start network" option in the interactive menu --> "1"
##### STOPPING THE NETWORK
Choose the "Stop network" option in the interactive menu --> "2"
##### UPDATE GNB PARAMETERS ON REAL-TIME
Some parameters in the gNB can be updated on real-time. This is done to prevent the undeployment of the core network and slowing the whole process.
The current supported parameters for the srs gNB to be updated are:
- ARFCN
- BAND
- CHANNEL_BW
- SCS
Choose the "Change network parameters" option in the interactive menu --> "3"
This will show a sub menu with the different options:
- Setting the different parameters
- Updating them
![Submenu Update Parameters](https://raw.githubusercontent.com/Ethon-Shield/5g-sharp-orchestrator/9eddaf0c19d8333708271f1e3d6348735e32ae90/images/SUBMENU_update_parameters.png)
Before updating any parameter, you need to set the value. For that, choose the corresponding "set" option and the value to set will be asked.
The new set value will appear in the menu, as it is shown in the images below
![Submenu Update Parameters Set ARFCN](https://raw.githubusercontent.com/Ethon-Shield/5g-sharp-orchestrator/9eddaf0c19d8333708271f1e3d6348735e32ae90/images/SUBMENU_update_parameters_set_arfcn.png)
![Submenu Update Parameters ARFCN Set](https://raw.githubusercontent.com/Ethon-Shield/5g-sharp-orchestrator/9eddaf0c19d8333708271f1e3d6348735e32ae90/images/SUBMENU_update_parameters_arfcn_setted.png)
After setting all the values you want to update, choose the "Update parameters" option in the interactive menu for the changes to take place.
This action will stop the running gNB instance and start a new one with the updated parameters.
Any error in the gNB execution due to invalid parameters selection will be prompted in the log screen.
##### BACKING UP FILES DURING EXECUTION
Stopping the network will automatically perform a backup. This options is used if you want to perform a backup during the execution without stopping the network.
The backup will be saved in the sharp-orchestrator/backups directory.
Making a backup will save the following files:
```
├── logs -> DIR that includes all the logs from the network nodes
├── pcaps -> DIR that includes all the pcaps from the network nodes
├── conf -> DIR that includes the latest configuration files of the network nodes
└── sharp_orchestrator.log -> Orchestration log
```
Choose the "Make backup" option in the interactive menu --> "4"
##### MANAGE SUBSCRIBERS IN DATABASE
To be able to connect subscribers to the deployed network they need to be provisioned in the corresponding databases.
Choose the "Edit Database" option in the interactive menu --> "5"
This will show a sub menu with the different options:
- Setting the different parameters (IMSI, KI, OPC)
- Adding a subscriber to the database - needed parameters: IMSI, KI, OPC
- Updating a subscriber in the database - needed parameters: IMSI, KI, OPC
- Removing a subscriber from the database - needed parameters: IMSI
![Submenu Edit Database](https://raw.githubusercontent.com/Ethon-Shield/5g-sharp-orchestrator/9eddaf0c19d8333708271f1e3d6348735e32ae90/images/SUBMENU_edit_database.png)
Before performing an action to a subscriber, you need to add the required information. For that set the different parameters.
The next image shows an example of setting the IMSI:
![Submenu Edit Database Set IMSI](https://raw.githubusercontent.com/Ethon-Shield/5g-sharp-orchestrator/9eddaf0c19d8333708271f1e3d6348735e32ae90/images/SUBMENU_edit_database_set_imsi.png)
After setting the IMSI, you would be able to remove it from the database, by chossing the option "Remove subscriber from the database" --> 6
![Submenu Edit Database Remove Subscriber](https://raw.githubusercontent.com/Ethon-Shield/5g-sharp-orchestrator/9eddaf0c19d8333708271f1e3d6348735e32ae90/images/SUBMENU_edit_database_remove_subscriber.png)
</details>
# More configuration options
- If you only want to deploy the Open5GS nrcore network without the radio node, set the DEPLOY_NRCORE_ONLY variable to "true"
# Viewing PCAP files
- Go to Analyze --> Enabled Protocols --> check the box mac_nr and mac_nr_udp
- Sometimes, when debugging the PCAP files, the traffic is encrypted using EEA0. To view this traffic, in Wireshark go to Edit -> Preferences -> Protocols -> NAS-5GS -> check box "Try to detect and decode 5G-EA0 ciphered message"

20
docs/_pages/docs.md
View File

@@ -20,7 +20,7 @@ head_inline: "<style> ul { padding-bottom: 1em; } </style>"
- In the lab
- [A Demonstration of 30 Gbps Load Testing for Accelerated UPF with Open5gs](https://nextepc.com/technology)
- [Measurement of UPF Performance](https://github.com/s5uishida/simple_measurement_of_upf_performance)
- [Measurement of UPF Performance](https://github.com/s5uishida/sample_config_misc_for_mobile_network#performance_measurement)
- Troubleshooting
- [Simple Issues](troubleshoot/01-simple-issues)
@@ -43,12 +43,14 @@ head_inline: "<style> ul { padding-bottom: 1em; } </style>"
- [SMF Code Explanation](https://medium.com/@aditya.koranga/open5gs-smf-code-explanation-with-flow-charts-a3b3cd38c991)
- @infinitydon
- [OAI's O-RAN Integration With Open5gs 5G Core](https://futuredon.medium.com/integrating-disaggregated-openairinterface-o-ran-components-with-open5gs-5g-core-76e5deac1730)
- [Open5GS on Amazon Elastic Kubernetes Service](https://aws.amazon.com/blogs/opensource/open-source-mobile-core-network-implementation-on-amazon-elastic-kubernetes-service/)
- [Kubernetes Open5GS Deployment](https://dev.to/infinitydon/virtual-4g-simulation-using-kubernetes-and-gns3-3b7k?fbclid=IwAR1p99h13a-mCfejanbBQe0H0-jp5grXkn5mWf1WrTHf47UtegB2-UHGGZQ)
- [5G Core SBI mTLS Using External Certificate PKI](https://futuredon.medium.com/5g-core-sbi-mtls-using-external-certificate-pki-4ffc02ac7728)
- [5G Frame Routing](https://futuredon.medium.com/5g-frame-routing-6e34d8587123)
- [5G SCTP LoadBalancer Using LoxiLB](https://futuredon.medium.com/5g-sctp-loadbalancer-using-loxilb-b525198a9103)([Video Link](https://youtu.be/k3ICc7MXcC8))
- [5G Roaming With Mutual TLS](https://futuredon.medium.com/5g-roaming-with-mutual-tls-1468d109129c)
- [Building a Cloud-Native 5G Roaming Architecture with Open5GS](https://futuredon.medium.com/building-a-cloud-native-5g-roaming-architecture-with-open5gs-cert-manager-and-openbao-supporting-08168a937ddc)
- @nickvsnetworking
- [My first 5G Core : Open5GS and UERANSIM](http://nickvsnetworking.com/my-first-5g-core-open5gs-and-ueransim/)
@@ -75,8 +77,14 @@ head_inline: "<style> ul { padding-bottom: 1em; } </style>"
- [srsRAN with eUPF(eBPF/XDP UPF)](https://github.com/s5uishida/open5gs_epc_srsran_eupf_sample_config)
- @gradiant helm charts
- [Open5GS EPC and SRS LTE in kubernetes](https://gradiant.github.io/openverso-charts/open5gs-srslte.html)
- [Open5GS NGC and UERANSIM in kubernetes](https://gradiant.github.io/openverso-charts/open5gs-ueransim-gnb.html)
- [Open5GS NGC and OpenAirInterface GNB with ettus USRP in kubernetes](https://gradiant.github.io/openverso-charts/open5gs-oaignb.html)
- [Open5GS EPC and SRS ENB with ettus USRP in kubernetes](https://gradiant.github.io/openverso-charts/open5gs-srsenb.html)
- [Open5GS with Service Communication Proxy in kubernetes](https://gradiant.github.io/openverso-charts/open5gs-scp.html)
- [Open5GS and srsRAN-5G in kubernetes](https://gradiant.github.io/5g-charts/open5gs-srsran-5g-zmq.html)
- [Open5GS and srsLTE in kubernetes](https://gradiant.github.io/5g-charts/open5gs-srslte.html)
- [Open5GS and UERANSIM](https://gradiant.github.io/5g-charts/open5gs-ueransim-gnb.html)
- [Open5GS and PacketRusher](https://gradiant.github.io/5g-charts/open5gs-packetrusher.html)
- [Open5GS and OAI-GNB](https://gradiant.github.io/5g-charts/open5gs-oaignb.html)
- [Open5GS and srsenb](https://gradiant.github.io/5g-charts/open5gs-srsenb.html)
- [Open5GS with SCP(Service Communication Proxy](https://gradiant.github.io/5g-charts/open5gs-scp.html)
- @loxilb
- [Exploring 5G SCP with Open5GS and LoxiLB](https://dev.to/nikhilmalik/5g-service-communication-proxy-with-loxilb-4242)
- [NGAP Load Balancing with Open5GS and LoxiLB](https://www.loxilb.io/post/ngap-load-balancing-with-loxilb)

14
docs/_pages/support.md
View File

@@ -5,18 +5,18 @@ subject: Support
permalink: /support/
---
###### Updated Sep, 2022
Open5GS receives strong and ongoing support from [NewPlane Inc.](https://newplane.io), which proudly backs the project and contributes to its continuous development and success.
### Open5GS Licensing
### Licensing Options:
Open5GS is licensed under a dual licensing model designed to meet the development and distribution needs of both commercial and open source projects.
- **Commercial License**: Available for those who wish to develop and distribute their software without adhering to open-source license requirements. This option allows for full utilization of Open5GS capabilities and involves a strategic partnership with NewPlane. For more information, reach out to NewPlane at
[sales@newplane.io](mailto:sales@newplane.io).
The commercial Open5GS license gives you the full rights to create and distribute software on your own terms without any open source license obligations. You can grow with Open5GS by establishing a close strategic relationship with [NeoPlane](https://neoplane.io).
- **AGPL-3.0 License**: Ideal for open-source projects, academic research, and internal use where compliance with AGPL-3.0 is feasible. This license supports the open-source ethos and is suitable for a wide range of uses. If you have concerns about AGPL compliance, consider the commercial licensing option instead.
### Support and Customization:
Open5GS is also available under AGPL-3.0 open source licenses. The Open5GS open source licensing is ideal for use cases such as open source projects with open source distribution, student/academic purposes, hobby projects, internal research projects without external distribution, or other projects where all AGPL-3.0 obligations can be met.
If your legal department has policies regarding use of software licensed under the AGPL, you may prefer to have a commercial license. Contact [Sukchan Lee \<sales@neoplane.io\>](mailto:sales@neoplane.io) for more information on commercial licenses.
NewPlane offers comprehensive support and customization services to enhance your experience with Open5GS. Their team is equipped to assist with troubleshooting, address specific issues, and implement customized solutions. For support and customization inquiries, please contact NewPlane at [support@newplane.io](mailto:support@newplane.io).
### Our Partners

15
docs/_posts/2024-04-19-release-v2.7.1.md Normal file
View File

@@ -0,0 +1,15 @@
---
title: "v2.7.1 - Bug Fixed"
date: 2024-04-19 21:23:00 +0900
categories:
- Release
tags:
- News
- Release
head_inline: "<style> ul { padding-bottom: 1em; } .blue { color: blue; }</style>"
---
See [Release Note](https://github.com/open5gs/open5gs/releases/tag/v2.7.1)
Download -- [v2.7.1.tar.gz](https://github.com/open5gs/open5gs/archive/v2.7.1.tar.gz)
{: .notice--info}

15
docs/_posts/2024-08-04-release-v2.7.2.md Normal file
View File

@@ -0,0 +1,15 @@
---
title: "v2.7.2 - ogs_pool_cycle() removed"
date: 2024-08-04 21:13:00 +0900
categories:
- Release
tags:
- News
- Release
head_inline: "<style> ul { padding-bottom: 1em; } .blue { color: blue; }</style>"
---
See [Release Note](https://github.com/open5gs/open5gs/releases/tag/v2.7.2)
Download -- [v2.7.2.tar.gz](https://github.com/open5gs/open5gs/archive/v2.7.2.tar.gz)
{: .notice--info}

50
docs/_posts/2025-03-30-release-v2.7.5.md Normal file
View File

@@ -0,0 +1,50 @@
---
title: "v2.7.5 - Bug fixed"
date: 2025-03-30 22:05:00 +0900
categories:
- Release
tags:
- News
- Release
head_inline: "<style> ul { padding-bottom: 1em; } .blue { color: blue; }</style>"
---
# Open5GS Release Note Summary
This release introduces numerous improvements and bug fixes across core network components, enhancing overall stability, performance, and security. Below is a concise overview of the key updates:
## Session & Subscription Management
- **SMF Enhancements:**
Improved handling of SDM subscriptions to UDM during the PDU session lifetime.
- **Optional PLMN-ID:**
Added support for an optional PLMN-ID parameter in SDM GET queries (AMF/SMF).
- **5GMM Cause Reporting:**
AMF now sends a 5GMM cause in the request to SMF when initiating a session release.
## Mobility & Authentication Improvements
- **Mobility Fixes:**
Corrected QoS values for 2G to 4G mobility and fixed issues with UE context release and cell reselection.
- **Security & Authentication:**
Enhanced UE authentication processes, prevented crashes during security mode command failures, and implemented HSS selection improvements.
## Interface & Protocol Enhancements
- **Diameter & PFCP:**
- Integrated statistics into the main loop for Diameter interfaces, with enhanced debug logging for HSS and PCRF.
- Addressed multiple PFCP issues, including memory management, header handling, and correct TEID restoration.
- **NAS Module:**
Fixed a heap-buffer overflow vulnerability in NAS message decoding.
## SBI and Other Module Updates
- **SBI Enhancements:**
Enabled custom User-Agent header information for HTTP/2 requests, support for custom port numbers, and direct NRF communication.
- **Additional Fixes:**
- Resolved UE context handling issues during handovers and state transitions.
- Implemented various cosmetic fixes, typo corrections, and documentation updates.
- Introduced support for new parameters and refined subscription conditions.
Overall, this release emphasizes improved network reliability, enhanced security measures, and better support for 5G core operations while also addressing legacy issues.
See [Release Note](https://github.com/open5gs/open5gs/releases/tag/v2.7.5)
Download -- [v2.7.5.tar.gz](https://github.com/open5gs/open5gs/archive/v2.7.5.tar.gz)
{: .notice--info}

15
docs/_posts/2025-07-19-release-v2.7.6.md Normal file
View File

@@ -0,0 +1,15 @@
---
title: "v2.7.6 - Bug fixed"
date: 2025-07-19 22:05:00 +0900
categories:
- Release
tags:
- News
- Release
head_inline: "<style> ul { padding-bottom: 1em; } .blue { color: blue; }</style>"
---
See [Release Note](https://github.com/open5gs/open5gs/releases/tag/v2.7.6)
Download -- [v2.7.6.tar.gz](https://github.com/open5gs/open5gs/archive/v2.7.6.tar.gz)
{: .notice--info}

BIN
docs/assets/pcapng/5g-roaming-hr.pcapng Normal file
View File

Binary file not shown.

0
docs/assets/pcapng/5g_roaming_lbo.pcapng → docs/assets/pcapng/5g-roaming-lbo.pcapng
View File

237
lib/app/ogs-config.c
View File

@@ -60,8 +60,8 @@ void ogs_app_config_final(void)
static void recalculate_pool_size(void)
{
ogs_app()->pool.packet =
global_conf.max.ue * OGS_MAX_NUM_OF_PACKET_BUFFER;
ogs_app()->pool.gtpu =
global_conf.max.ue * OGS_MAX_NUM_OF_GTPU_BUFFER;
#define MAX_NUM_OF_TUNNEL 3 /* Num of Tunnel per Bearer */
ogs_app()->pool.sess = global_conf.max.ue * OGS_MAX_NUM_OF_SESS;
@@ -105,7 +105,7 @@ ogs_app_local_conf_t *ogs_local_conf(void)
return &local_conf;
}
static int global_conf_prepare(void)
int ogs_app_global_conf_prepare(void)
{
global_conf.sockopt.no_delay = true;
@@ -134,6 +134,30 @@ static int global_conf_validation(void)
return OGS_OK;
}
int ogs_app_count_nf_conf_sections(const char *conf_section)
{
if (!strcmp(conf_section, "amf"))
global_conf.parameter.amf_count++;
else if (!strcmp(conf_section, "smf"))
global_conf.parameter.smf_count++;
else if (!strcmp(conf_section, "upf"))
global_conf.parameter.upf_count++;
else if (!strcmp(conf_section, "ausf"))
global_conf.parameter.ausf_count++;
else if (!strcmp(conf_section, "udm"))
global_conf.parameter.udm_count++;
else if (!strcmp(conf_section, "pcf"))
global_conf.parameter.pcf_count++;
else if (!strcmp(conf_section, "nssf"))
global_conf.parameter.nssf_count++;
else if (!strcmp(conf_section, "bsf"))
global_conf.parameter.bsf_count++;
else if (!strcmp(conf_section, "udr"))
global_conf.parameter.udr_count++;
return OGS_OK;
}
int ogs_app_parse_global_conf(ogs_yaml_iter_t *parent)
{
int rv;
@@ -141,9 +165,6 @@ int ogs_app_parse_global_conf(ogs_yaml_iter_t *parent)
ogs_assert(parent);
rv = global_conf_prepare();
if (rv != OGS_OK) return rv;
ogs_yaml_iter_recurse(parent, &global_iter);
while (ogs_yaml_iter_next(&global_iter)) {
const char *global_key = ogs_yaml_iter_key(&global_iter);
@@ -226,6 +247,12 @@ int ogs_app_parse_global_conf(ogs_yaml_iter_t *parent)
} else if (!strcmp(parameter_key, "use_openair")) {
global_conf.parameter.use_openair =
ogs_yaml_iter_bool(&parameter_iter);
} else if (!strcmp(parameter_key, "use_upg_vpp")) {
global_conf.parameter.use_upg_vpp =
ogs_yaml_iter_bool(&parameter_iter);
} else if (!strcmp(parameter_key, "fake_csfb")) {
global_conf.parameter.fake_csfb =
ogs_yaml_iter_bool(&parameter_iter);
} else if (!strcmp(parameter_key,
"no_ipv4v6_local_addr_in_packet_filter")) {
global_conf.parameter.
@@ -408,8 +435,8 @@ static int local_conf_prepare(void)
* Heartbeat Interval(e.g: 10 seconds) + No Heartbeat Margin(1 second) */
local_conf.time.nf_instance.no_heartbeat_margin = 1;
/* 3600 seconds = 1 hour */
local_conf.time.nf_instance.validity_duration = 3600;
/* 30 seconds */
local_conf.time.nf_instance.validity_duration = 30;
/* 86400 seconds = 1 day */
local_conf.time.subscription.validity_duration = 86400;
@@ -459,6 +486,7 @@ int ogs_app_parse_local_conf(const char *local)
int rv;
yaml_document_t *document = NULL;
ogs_yaml_iter_t root_iter;
int idx = 0;
document = ogs_app()->document;
ogs_assert(document);
@@ -470,7 +498,8 @@ int ogs_app_parse_local_conf(const char *local)
while (ogs_yaml_iter_next(&root_iter)) {
const char *root_key = ogs_yaml_iter_key(&root_iter);
ogs_assert(root_key);
if (!strcmp(root_key, local)) {
if (!strcmp(root_key, local) &&
(idx++ == ogs_app()->config_section_id)) {
ogs_yaml_iter_t local_iter;
ogs_yaml_iter_recurse(&root_iter, &local_iter);
while (ogs_yaml_iter_next(&local_iter)) {
@@ -724,9 +753,83 @@ int ogs_app_parse_sockopt_config(
return OGS_OK;
}
/*----------------------------------------------------------------------
* Function: ogs_app_parse_supi_range_conf
*
* Parse the supi_range configuration from a YAML iterator.
*
* The expected YAML format is:
*
* supi_range:
* - 999700000000001-999700000099999
* - 310789000000005-310789000000888
*
* Both start and end must be provided.
*
* Returns:
* OGS_OK on success, OGS_ERROR on failure.
*----------------------------------------------------------------------*/
int ogs_app_parse_supi_range_conf(
ogs_yaml_iter_t *parent, ogs_supi_range_t *supi_range)
{
ogs_yaml_iter_t range_iter;
ogs_assert(parent);
ogs_assert(supi_range);
memset(supi_range, 0, sizeof(ogs_supi_range_t));
/* Recurse into the supi_range array node */
ogs_yaml_iter_recurse(parent, &range_iter);
ogs_assert(ogs_yaml_iter_type(&range_iter) != YAML_MAPPING_NODE);
do {
char *v = NULL;
char *start_str = NULL, *end_str = NULL;
if (ogs_yaml_iter_type(&range_iter) == YAML_SEQUENCE_NODE) {
if (!ogs_yaml_iter_next(&range_iter))
break;
}
v = (char *)ogs_yaml_iter_value(&range_iter);
if (v) {
ogs_assert(supi_range->num < OGS_MAX_NUM_OF_SUPI_RANGE);
/* Split the string on '-' */
start_str = strsep(&v, "-");
if (start_str == NULL || strlen(start_str) == 0) {
ogs_error("Invalid supi_range starter bound: %s", v);
return OGS_ERROR;
}
end_str = v;
if (end_str == NULL || strlen(end_str) == 0) {
ogs_error("Invalid supi_range upper bound: %s", v);
return OGS_ERROR;
}
supi_range->start[supi_range->num] =
ogs_uint64_from_string_decimal(start_str);
supi_range->end[supi_range->num] =
ogs_uint64_from_string_decimal(end_str);
supi_range->num++;
}
} while (ogs_yaml_iter_type(&range_iter) == YAML_SEQUENCE_NODE);
return OGS_OK;
}
static int parse_br_conf(ogs_yaml_iter_t *parent, ogs_bitrate_t *br)
{
ogs_yaml_iter_t br_iter;
ogs_assert(parent);
ogs_assert(br);
ogs_yaml_iter_recurse(parent, &br_iter);
while (ogs_yaml_iter_next(&br_iter)) {
@@ -1162,11 +1265,12 @@ int ogs_app_parse_session_conf(
return OGS_OK;
}
ogs_app_policy_conf_t *ogs_app_policy_conf_add(ogs_plmn_id_t *plmn_id)
ogs_app_policy_conf_t *ogs_app_policy_conf_add(
ogs_supi_range_t *supi_range, ogs_plmn_id_t *plmn_id)
{
ogs_app_policy_conf_t *policy_conf = NULL;
ogs_assert(plmn_id);
ogs_assert(supi_range || plmn_id);
ogs_pool_alloc(&policy_conf_pool, &policy_conf);
if (!policy_conf) {
@@ -1176,7 +1280,25 @@ ogs_app_policy_conf_t *ogs_app_policy_conf_add(ogs_plmn_id_t *plmn_id)
}
memset(policy_conf, 0, sizeof *policy_conf);
memcpy(&policy_conf->plmn_id, plmn_id, sizeof(ogs_plmn_id_t));
if (supi_range) {
int i;
memcpy(&policy_conf->supi_range, supi_range, sizeof(ogs_supi_range_t));
ogs_info("SUPI[%d]", policy_conf->supi_range.num);
for (i = 0; i < policy_conf->supi_range.num; i++)
ogs_info(" START[%lld]-END[%lld]",
(long long)policy_conf->supi_range.start[i],
(long long)policy_conf->supi_range.end[i]);
}
if (plmn_id) {
policy_conf->plmn_id_valid = true;
memcpy(&policy_conf->plmn_id, plmn_id, sizeof(ogs_plmn_id_t));
ogs_info("PLMN_ID[MCC:%03d.MNC:%03d]",
ogs_plmn_id_mcc(&policy_conf->plmn_id),
ogs_plmn_id_mnc(&policy_conf->plmn_id));
}
ogs_list_init(&policy_conf->slice_list);
@@ -1187,19 +1309,60 @@ ogs_app_policy_conf_t *ogs_app_policy_conf_add(ogs_plmn_id_t *plmn_id)
return policy_conf;
}
ogs_app_policy_conf_t *ogs_app_policy_conf_find_by_plmn_id(
ogs_plmn_id_t *plmn_id)
ogs_app_policy_conf_t *ogs_app_policy_conf_find(
const char *supi, const ogs_plmn_id_t *plmn_id)
{
ogs_app_policy_conf_t *policy_conf = NULL;
ogs_app_policy_conf_t *policy_conf;
int i;
ogs_assert(plmn_id);
char *supi_type = NULL;
char *supi_id = NULL;
uint64_t supi_decimal;
ogs_assert(supi);
supi_type = ogs_id_get_type(supi);
ogs_assert(supi_type);
supi_id = ogs_id_get_value(supi);
ogs_assert(supi_id);
supi_decimal = ogs_uint64_from_string_decimal(supi_id);
ogs_free(supi_type);
ogs_free(supi_id);
ogs_list_for_each(&local_conf.policy_list, policy_conf) {
if (memcmp(&policy_conf->plmn_id, plmn_id, sizeof(ogs_plmn_id_t)) == 0)
break;
/* If supi_range is set, check if supi_decimal falls within
* any of the defined ranges.
*/
if (policy_conf->supi_range.num > 0) {
int in_range = 0;
for (i = 0; i < policy_conf->supi_range.num; i++) {
if ((supi_decimal >= policy_conf->supi_range.start[i]) &&
(supi_decimal <= policy_conf->supi_range.end[i])) {
in_range = 1;
break;
}
}
if (!in_range) {
continue;
}
}
/* If a plmn_id is set and it does not match the
* current policy's plmn_id, skip this policy.
*/
if (policy_conf->plmn_id_valid &&
memcmp(&policy_conf->plmn_id, plmn_id,
sizeof(ogs_plmn_id_t)) != 0) {
continue;
}
/* Both conditions met; return this policy configuration */
return policy_conf;
}
return policy_conf;
return NULL;
}
void ogs_app_policy_conf_remove(ogs_app_policy_conf_t *policy_conf)
{
@@ -1223,13 +1386,12 @@ void ogs_app_policy_conf_remove_all(void)
}
ogs_app_slice_conf_t *ogs_app_slice_conf_add(
ogs_app_policy_conf_t *policy_conf, ogs_s_nssai_t *s_nssai)
ogs_app_policy_conf_t *policy_conf, const ogs_s_nssai_t *s_nssai)
{
ogs_app_slice_conf_t *slice_conf = NULL;
ogs_assert(policy_conf);
ogs_assert(s_nssai);
ogs_assert(s_nssai->sst);
ogs_pool_alloc(&slice_conf_pool, &slice_conf);
if (!slice_conf) {
@@ -1254,13 +1416,12 @@ ogs_app_slice_conf_t *ogs_app_slice_conf_add(
}
ogs_app_slice_conf_t *ogs_app_slice_conf_find_by_s_nssai(
ogs_app_policy_conf_t *policy_conf, ogs_s_nssai_t *s_nssai)
ogs_app_policy_conf_t *policy_conf, const ogs_s_nssai_t *s_nssai)
{
ogs_app_slice_conf_t *slice_conf = NULL;
ogs_assert(policy_conf);
ogs_assert(s_nssai);
ogs_assert(s_nssai->sst);
ogs_list_for_each(&policy_conf->slice_list, slice_conf) {
if (slice_conf->data.s_nssai.sst == s_nssai->sst &&
@@ -1325,7 +1486,7 @@ int ogs_app_check_policy_conf(void)
}
ogs_app_session_conf_t *ogs_app_session_conf_add(
ogs_app_slice_conf_t *slice_conf, char *name)
ogs_app_slice_conf_t *slice_conf, const char *name)
{
ogs_app_session_conf_t *session_conf = NULL;
@@ -1357,7 +1518,7 @@ ogs_app_session_conf_t *ogs_app_session_conf_add(
return session_conf;
}
ogs_app_session_conf_t *ogs_app_session_conf_find_by_dnn(
ogs_app_slice_conf_t *slice_conf, char *name)
ogs_app_slice_conf_t *slice_conf, const char *name)
{
ogs_app_session_conf_t *session_conf = NULL;
@@ -1400,29 +1561,27 @@ void ogs_app_session_conf_remove_all(ogs_app_slice_conf_t *slice_conf)
}
int ogs_app_config_session_data(
ogs_plmn_id_t *plmn_id, ogs_s_nssai_t *s_nssai, char *dnn,
const char *supi, const ogs_plmn_id_t *plmn_id,
const ogs_s_nssai_t *s_nssai, const char *dnn,
ogs_session_data_t *session_data)
{
ogs_app_policy_conf_t *policy_conf = NULL;
ogs_app_slice_conf_t *slice_conf = NULL;
ogs_app_session_conf_t *session_conf = NULL;
ogs_assert(supi);
ogs_assert(dnn);
ogs_assert(session_data);
if (plmn_id) {
policy_conf = ogs_app_policy_conf_find_by_plmn_id(plmn_id);
if (!policy_conf) {
ogs_error("No POLICY [MCC:%03d,MNC:%03d]",
ogs_plmn_id_mcc(plmn_id), ogs_plmn_id_mnc(plmn_id));
return OGS_ERROR;
}
} else {
policy_conf = ogs_list_first(&ogs_local_conf()->policy_list);
if (!policy_conf) {
ogs_error("No default POLICY for EPC");
return OGS_ERROR;
}
policy_conf = ogs_app_policy_conf_find(supi, plmn_id);
if (!policy_conf) {
if (plmn_id)
ogs_error("No POLICY [SUPI:%s] [MCC:%03d,MNC:%03d]",
supi, ogs_plmn_id_mcc(plmn_id), ogs_plmn_id_mnc(plmn_id));
else
ogs_error("No POLICY [SUPI:%s]", supi);
return OGS_ERROR;
}
if (s_nssai) {

50
lib/app/ogs-config.h
View File

@@ -52,6 +52,16 @@ typedef struct ogs_global_conf_s {
int no_scp;
int no_nrf;
int amf_count;
int smf_count;
int upf_count;
int ausf_count;
int udm_count;
int pcf_count;
int nssf_count;
int bsf_count;
int udr_count;
/* Network */
int no_ipv4;
int no_ipv6;
@@ -59,6 +69,8 @@ typedef struct ogs_global_conf_s {
int multicast;
int use_openair;
int fake_csfb;
int use_upg_vpp;
int no_ipv4v6_local_addr_in_packet_filter;
int no_pfcp_rr_select;
@@ -132,9 +144,24 @@ typedef struct ogs_local_conf_s {
} ogs_app_local_conf_t;
/* Structure for SUPI-range */
typedef struct {
int num;
#define OGS_MAX_NUM_OF_SUPI_RANGE 16
uint64_t start[OGS_MAX_NUM_OF_SUPI_RANGE];
uint64_t end[OGS_MAX_NUM_OF_SUPI_RANGE];
} ogs_supi_range_t;
/* Policy configuration structure. In a real system, additional fields
* (e.g., for plmn_id, slice list, etc.) would be added.
*/
typedef struct ogs_app_policy_conf_s {
ogs_lnode_t lnode;
ogs_supi_range_t supi_range;
bool plmn_id_valid;
ogs_plmn_id_t plmn_id;
ogs_list_t slice_list;
@@ -163,39 +190,46 @@ void ogs_app_config_final(void);
ogs_app_global_conf_t *ogs_global_conf(void);
ogs_app_local_conf_t *ogs_local_conf(void);
int ogs_app_count_nf_conf_sections(const char *conf_section);
int ogs_app_global_conf_prepare(void);
int ogs_app_parse_global_conf(ogs_yaml_iter_t *parent);
int ogs_app_parse_local_conf(const char *local);
int ogs_app_parse_sockopt_config(
ogs_yaml_iter_t *parent, ogs_sockopt_t *option);
int ogs_app_parse_supi_range_conf(
ogs_yaml_iter_t *parent, ogs_supi_range_t *supi_range);
int ogs_app_check_policy_conf(void);
int ogs_app_parse_session_conf(
ogs_yaml_iter_t *parent, ogs_app_slice_conf_t *slice_conf);
ogs_app_policy_conf_t *ogs_app_policy_conf_add(ogs_plmn_id_t *plmn_id);
ogs_app_policy_conf_t *ogs_app_policy_conf_find_by_plmn_id(
ogs_plmn_id_t *plmn_id);
ogs_app_policy_conf_t *ogs_app_policy_conf_add(
ogs_supi_range_t *supi_range, ogs_plmn_id_t *plmn_id);
ogs_app_policy_conf_t *ogs_app_policy_conf_find(
const char *supi, const ogs_plmn_id_t *plmn_id);
void ogs_app_policy_conf_remove(ogs_app_policy_conf_t *policy_conf);
void ogs_app_policy_conf_remove_all(void);
ogs_app_slice_conf_t *ogs_app_slice_conf_add(
ogs_app_policy_conf_t *policy_conf, ogs_s_nssai_t *s_nssai);
ogs_app_policy_conf_t *policy_conf, const ogs_s_nssai_t *s_nssai);
ogs_app_slice_conf_t *ogs_app_slice_conf_find_by_s_nssai(
ogs_app_policy_conf_t *policy_conf, ogs_s_nssai_t *s_nssai);
ogs_app_policy_conf_t *policy_conf, const ogs_s_nssai_t *s_nssai);
void ogs_app_slice_conf_remove(ogs_app_slice_conf_t *slice_conf);
void ogs_app_slice_conf_remove_all(ogs_app_policy_conf_t *policy_conf);
ogs_app_session_conf_t *ogs_app_session_conf_add(
ogs_app_slice_conf_t *slice_conf, char *name);
ogs_app_slice_conf_t *slice_conf, const char *name);
ogs_app_session_conf_t *ogs_app_session_conf_find_by_dnn(
ogs_app_slice_conf_t *slice_conf, char *name);
ogs_app_slice_conf_t *slice_conf, const char *name);
void ogs_app_session_conf_remove(ogs_app_session_conf_t *session_conf);
void ogs_app_session_conf_remove_all(
ogs_app_slice_conf_t *slice_conf);
int ogs_app_config_session_data(
ogs_plmn_id_t *plmn_id, ogs_s_nssai_t *s_nssai, char *dnn,
const char *supi, const ogs_plmn_id_t *plmn_id,
const ogs_s_nssai_t *s_nssai, const char *dnn,
ogs_session_data_t *session_data);
#ifdef __cplusplus

4
lib/app/ogs-context.h
View File

@@ -56,7 +56,7 @@ typedef struct ogs_app_context_s {
} usrsctp;
struct {
uint64_t packet;
uint64_t gtpu;
uint64_t sess;
uint64_t bearer;
@@ -85,6 +85,8 @@ typedef struct ogs_app_context_s {
uint64_t max_specs;
} metrics;
int config_section_id;
} ogs_app_context_t;
int ogs_app_context_init(void);

28
lib/app/ogs-init.c
View File

@@ -35,6 +35,7 @@ int ogs_app_initialize(
char *log_file;
char *log_level;
char *domain_mask;
char *config_section_id;
} optarg;
ogs_core_initialize();
@@ -50,7 +51,7 @@ int ogs_app_initialize(
memset(&optarg, 0, sizeof(optarg));
ogs_getopt_init(&options, (char**)argv);
while ((opt = ogs_getopt(&options, "c:l:e:m:")) != -1) {
while ((opt = ogs_getopt(&options, "c:l:e:m:k:")) != -1) {
switch (opt) {
case 'c':
optarg.config_file = options.optarg;
@@ -64,6 +65,9 @@ int ogs_app_initialize(
case 'm':
optarg.domain_mask = options.optarg;
break;
case 'k':
optarg.config_section_id = options.optarg;
break;
case '?':
default:
ogs_assert_if_reached();
@@ -124,7 +128,14 @@ int ogs_app_initialize(
ogs_app()->db_uri = ogs_env_get("DB_URI");
/**************************************************************************
* Stage 6 : Print Banner
* Stage 6 : Setup configuration section ID for running multiple NF from
* same config file
*/
if (optarg.config_section_id)
ogs_app()->config_section_id = atoi(optarg.config_section_id);
/**************************************************************************
* Stage 7 : Print Banner
*/
if (ogs_app()->version) {
ogs_log_print(OGS_LOG_INFO,
@@ -144,7 +155,7 @@ int ogs_app_initialize(
}
/**************************************************************************
* Stage 7 : Queue, Timer and Poll
* Stage 8 : Queue, Timer and Poll
*/
ogs_app()->queue = ogs_queue_create(ogs_app()->pool.event);
ogs_assert(ogs_app()->queue);
@@ -246,9 +257,14 @@ static int read_config(void)
static int context_prepare(void)
{
int rv;
#define USRSCTP_LOCAL_UDP_PORT 9899
ogs_app()->usrsctp.udp_port = USRSCTP_LOCAL_UDP_PORT;
rv = ogs_app_global_conf_prepare();
if (rv != OGS_OK) return rv;
return OGS_OK;
}
@@ -347,6 +363,12 @@ static int parse_config(void)
ogs_error("ogs_global_conf_parse_config() failed");
return rv;
}
} else {
rv = ogs_app_count_nf_conf_sections(root_key);
if (rv != OGS_OK) {
ogs_error("ogs_app_count_nf_conf_sections() failed");
return rv;
}
}
}

6
lib/asn1c/util/conv.c
View File

@@ -205,8 +205,10 @@ int ogs_asn_ip_to_BIT_STRING(ogs_ip_t *ip, BIT_STRING_t *bit_string)
bit_string->buf = CALLOC(bit_string->size, sizeof(uint8_t));
memcpy(bit_string->buf, &ip->addr6, OGS_IPV6_LEN);
ogs_debug(" IPv6[%s]", OGS_INET_NTOP(&ip->addr6, buf));
} else
ogs_assert_if_reached();
} else {
ogs_error("No IPv4 or IPv6");
return OGS_ERROR;
}
return OGS_OK;
}

33
lib/core/abts.c
View File

@@ -152,10 +152,17 @@ abts_suite *abts_add_suite(abts_suite *suite, const char *suite_name_full)
suite = malloc(sizeof(*suite));
suite->head = subsuite;
suite->tail = subsuite;
}
else {
suite->tail->next = subsuite;
suite->tail = subsuite;
} else {
/* Clang scan-build SA: NULL pointer dereference: add check for suite->tail=NULL */
if (suite->tail) {
suite->tail->next = subsuite;
suite->tail = subsuite;
} else {
fprintf(stderr, "suite->tail=NULL\n");
fflush(stderr);
free(subsuite);
return(NULL);
}
}
if (!should_test_run(subsuite->name)) {
@@ -203,6 +210,13 @@ static int report(abts_suite *suite)
end_suite(suite);
}
/* Clang scan-build SA: NULL pointer dereference: suite=NULL */
if (!suite) {
fprintf(stderr, "suite=NULL\n");
fflush(stderr);
return(1);
}
for (dptr = suite->head; dptr; dptr = dptr->next) {
count += dptr->failed;
}
@@ -499,6 +513,7 @@ static void show_help(const char *name)
" -q : turn off status in test\n"
" -x : exclute test-unit (e.g. -x sctp-test)\n"
" -l : list test-unit\n"
" -k : use <id> config section\n"
"\n", name);
}
@@ -509,6 +524,7 @@ int abts_main(int argc, const char *const argv[], const char **argv_out)
ogs_getopt_t options;
struct {
char *config_file;
char *config_section;
char *log_level;
char *domain_mask;
@@ -519,7 +535,7 @@ int abts_main(int argc, const char *const argv[], const char **argv_out)
memset(&optarg, 0, sizeof(optarg));
ogs_getopt_init(&options, (char**)argv);
while ((opt = ogs_getopt(&options, "hvxlqc:e:m:dt")) != -1) {
while ((opt = ogs_getopt(&options, "hvxlqc:e:m:dtk:")) != -1) {
switch (opt) {
case 'h':
show_help(argv[0]);
@@ -551,6 +567,9 @@ int abts_main(int argc, const char *const argv[], const char **argv_out)
case 't':
optarg.enable_trace = true;
break;
case 'k':
optarg.config_section = options.optarg;
break;
case '?':
fprintf(stderr, "%s: %s\n", argv[0], options.errmsg);
show_help(argv[0]);
@@ -588,6 +607,10 @@ int abts_main(int argc, const char *const argv[], const char **argv_out)
argv_out[i++] = "-m";
argv_out[i++] = optarg.domain_mask;
}
if (optarg.config_section) {
argv_out[i++] = "-k";
argv_out[i++] = optarg.config_section;
}
argv_out[i] = NULL;

8
lib/core/ogs-conv.c
View File

@@ -214,17 +214,17 @@ char *ogs_uint64_to_string(uint64_t x)
return dup;
}
ogs_uint24_t ogs_uint24_from_string(char *str)
ogs_uint24_t ogs_uint24_from_string(char *str, int base)
{
ogs_uint24_t x;
ogs_assert(str);
x.v = ogs_uint64_from_string(str);
x.v = ogs_uint64_from_string(str, base);
return x;
}
uint64_t ogs_uint64_from_string(char *str)
uint64_t ogs_uint64_from_string(char *str, int base)
{
uint64_t x;
@@ -234,7 +234,7 @@ uint64_t ogs_uint64_from_string(char *str)
return 0;
errno = 0;
x = strtoll(str, NULL, 16);
x = strtoll(str, NULL, base);
if ((errno == ERANGE && (x == LONG_MAX || x == LONG_MIN)) ||
(errno != 0 && x == 0)) {

13
lib/core/ogs-conv.h
View File

@@ -53,8 +53,17 @@ char *ogs_uint36_to_0string(uint64_t x);
char *ogs_uint64_to_0string(uint64_t x);
char *ogs_uint64_to_string(uint64_t x);
ogs_uint24_t ogs_uint24_from_string(char *str);
uint64_t ogs_uint64_from_string(char *str);
#define ogs_uint24_from_string_decimal(str) \
ogs_uint24_from_string((str), 10)
#define ogs_uint24_from_string_hexadecimal(str) \
ogs_uint24_from_string((str), 16)
ogs_uint24_t ogs_uint24_from_string(char *str, int base);
#define ogs_uint64_from_string_decimal(str) \
ogs_uint64_from_string((str), 10)
#define ogs_uint64_from_string_hexadecimal(str) \
ogs_uint64_from_string((str), 16)
uint64_t ogs_uint64_from_string(char *str, int base);
double *ogs_alloc_double(double value);

20
lib/core/ogs-epoll.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright (C) 2019 by Sukchan Lee <acetcom@gmail.com>
* Copyright (C) 2019-2025 by Sukchan Lee <acetcom@gmail.com>
*
* This file is part of Open5GS.
*
@@ -75,7 +75,8 @@ static void epoll_init(ogs_pollset_t *pollset)
context->epfd = epoll_create(pollset->capacity);
if (context->epfd < 0) {
ogs_log_message(OGS_LOG_FATAL, ogs_errno, "epoll_create() failed");
ogs_log_message(OGS_LOG_FATAL, ogs_errno,
"epoll_create() failed [%d]", pollset->capacity);
ogs_assert_if_reached();
return;
}
@@ -231,22 +232,7 @@ static int epoll_process(ogs_pollset_t *pollset, ogs_time_t timeout)
received = context->event_list[i].events;
if (received & EPOLLERR) {
/*
* The libevent library has OGS_POLLOUT turned on in EPOLLERR.
*
* However, SIGPIPE can occur if write() is called
* when the peer connection is closed.
*
* Therefore, Open5GS turns off OGS_POLLOUT
* so that write() cannot be called in case of EPOLLERR.
*
* See also #2411 and #2312
*/
#if 0
when = OGS_POLLIN|OGS_POLLOUT;
#else
when = OGS_POLLIN;
#endif
} else if ((received & EPOLLHUP) && !(received & EPOLLRDHUP)) {
when = OGS_POLLIN|OGS_POLLOUT;
} else {

3
lib/core/ogs-macros.h
View File

@@ -222,6 +222,9 @@ static ogs_inline ogs_uint24_t ogs_htobe24(ogs_uint24_t x)
((__oBJ)->reference_count)--
#define OGS_OBJECT_IS_REF(__oBJ) ((__oBJ)->reference_count > 1)
#define OGS_POINTER_TO_UINT(u) ((uintptr_t)(u))
#define OGS_UINT_TO_POINTER(u) ((void *)(uintptr_t)(u))
#ifdef __cplusplus
}
#endif

52
lib/core/ogs-pool.h
View File

@@ -28,7 +28,11 @@
extern "C" {
#endif
typedef uint32_t ogs_pool_id_t;
#define OGS_INVALID_POOL_ID 0
#define OGS_MIN_POOL_ID 1
#define OGS_MAX_POOL_ID 0x7fffffff
typedef int32_t ogs_pool_id_t;
#define OGS_POOL(pool, type) \
struct { \
@@ -36,6 +40,9 @@ typedef uint32_t ogs_pool_id_t;
int head, tail; \
int size, avail; \
type **free, *array, **index; \
\
ogs_hash_t *id_hash; \
ogs_pool_id_t id; \
} pool
/*
@@ -57,6 +64,9 @@ typedef uint32_t ogs_pool_id_t;
(pool)->free[i] = &((pool)->array[i]); \
(pool)->index[i] = NULL; \
} \
\
(pool)->id_hash = ogs_hash_make(); \
ogs_assert((pool)->id_hash); \
} while (0)
/*
@@ -70,6 +80,9 @@ typedef uint32_t ogs_pool_id_t;
free((pool)->free); \
free((pool)->array); \
free((pool)->index); \
\
ogs_assert((pool)->id_hash); \
ogs_hash_destroy((pool)->id_hash); \
} while (0)
/*
@@ -93,6 +106,9 @@ typedef uint32_t ogs_pool_id_t;
(pool)->free[i] = &((pool)->array[i]); \
(pool)->index[i] = NULL; \
} \
\
(pool)->id_hash = ogs_hash_make(); \
ogs_assert((pool)->id_hash); \
} while (0)
/*
@@ -108,14 +124,11 @@ typedef uint32_t ogs_pool_id_t;
ogs_free((pool)->free); \
ogs_free((pool)->array); \
ogs_free((pool)->index); \
\
ogs_assert((pool)->id_hash); \
ogs_hash_destroy((pool)->id_hash); \
} while (0)
#define ogs_pool_index(pool, node) (((node) - (pool)->array)+1)
#define ogs_pool_find(pool, _index) \
(_index > 0 && _index <= (pool)->size) ? (pool)->index[_index-1] : NULL
#define ogs_pool_cycle(pool, node) \
ogs_pool_find((pool), ogs_pool_index((pool), (node)))
#define ogs_pool_alloc(pool, node) do { \
*(node) = NULL; \
if ((pool)->avail > 0) { \
@@ -136,6 +149,31 @@ typedef uint32_t ogs_pool_id_t;
} \
} while (0)
#define ogs_pool_index(pool, node) (((node) - (pool)->array)+1)
#define ogs_pool_find(pool, _index) \
(_index > 0 && _index <= (pool)->size) ? (pool)->index[_index-1] : NULL
#define ogs_pool_id_calloc(pool, node) do { \
ogs_pool_alloc(pool, node); \
if (*node) { \
memset(*(node), 0, sizeof(**(node))); \
(*(node))->id = OGS_NEXT_ID((pool)->id, 1, OGS_MAX_POOL_ID); \
ogs_hash_set((pool)->id_hash, \
&((*(node))->id), sizeof(ogs_pool_id_t), *(node)); \
} \
} while (0)
#define ogs_pool_id_free(pool, node) do { \
ogs_assert(((node)->id) >= OGS_MIN_POOL_ID && \
((node)->id) <= OGS_MAX_POOL_ID); \
ogs_hash_set((pool)->id_hash, \
&((node)->id), sizeof(ogs_pool_id_t), NULL); \
ogs_pool_free(pool, node); \
} while (0)
#define ogs_pool_find_by_id(pool, id) \
ogs_hash_get((pool)->id_hash, &id, sizeof(ogs_pool_id_t))
#define ogs_pool_size(pool) ((pool)->size)
#define ogs_pool_avail(pool) ((pool)->avail)

30
lib/core/ogs-process.c
View File

@@ -370,9 +370,17 @@ int ogs_proc_join(ogs_proc_t *const process, int *const out_return_code)
}
if (process->child != waitpid(process->child, &status, 0)) {
process->child = 0;
ogs_error("waitpid failed: %d", status);
return OGS_ERROR;
}
process->child = 0;
if (process->nf_name) {
ogs_free(process->nf_name);
process->nf_name = NULL;
}
if (out_return_code) {
if (WIFEXITED(status)) {
*out_return_code = WEXITSTATUS(status);
@@ -416,9 +424,17 @@ int ogs_proc_terminate(ogs_proc_t *const process)
return OGS_ERROR;
}
#else
if (kill(process->child, SIGTERM) == -1) {
return OGS_ERROR;
if (process->child) {
if (kill(process->child, SIGTERM) == -1) {
if (errno == ESRCH) {
/* No such process */
return OGS_OK;
}
return OGS_ERROR;
}
}
#endif
return OGS_OK;
@@ -434,8 +450,14 @@ int ogs_proc_kill(ogs_proc_t *const process)
return OGS_ERROR;
}
#else
if (kill(process->child, SIGKILL) == -1) {
return OGS_ERROR;
if (process->child) {
if (kill(process->child, SIGKILL) == -1) {
if (errno == ESRCH) {
/* No such process */
return OGS_OK;
}
return OGS_ERROR;
}
}
#endif

4
lib/core/ogs-process.h
View File

@@ -73,6 +73,10 @@ typedef struct ogs_proc_s {
unsigned long dwProcessId;
#else
pid_t child;
// to force kill the right NF in tests if needed.
char *nf_name;
int index;
#endif
} ogs_proc_t;

13
lib/core/ogs-signal.c
View File

@@ -15,7 +15,7 @@
*/
/*
* Copyright (C) 2019 by Sukchan Lee <acetcom@gmail.com>
* Copyright (C) 2019-2025 by Sukchan Lee <acetcom@gmail.com>
*
* This file is part of Open5GS.
*
@@ -277,9 +277,20 @@ static void remove_sync_sigs(sigset_t *sig_mask)
#ifdef SIGIOT
sigdelset(sig_mask, SIGIOT);
#endif
/*
* SIGPIPE can occur if write() is called when the peer connection is closed.
*
* Therefore, Open5GS ignore SIGPIE signal
*
* See also #2411 and #2312
*/
#if 0
#ifdef SIGPIPE
sigdelset(sig_mask, SIGPIPE);
#endif
#endif
#ifdef SIGSEGV
sigdelset(sig_mask, SIGSEGV);
#endif

263
lib/core/ogs-sockaddr.c
View File

@@ -55,6 +55,10 @@
#undef OGS_LOG_DOMAIN
#define OGS_LOG_DOMAIN __ogs_sock_domain
static bool ogs_sockaddr_compare(const ogs_sockaddr_t *a,
const ogs_sockaddr_t *b,
bool compare_port);
/* If you want to use getnameinfo,
* you need to consider DNS query delay (about 10 seconds) */
#if 0
@@ -99,11 +103,18 @@ int ogs_addaddrinfo(ogs_sockaddr_t **sa_list,
int rc;
char service[NI_MAXSERV];
struct addrinfo hints, *ai, *ai_list;
ogs_sockaddr_t *prev;
ogs_sockaddr_t *prev = NULL;
/* Last node of original list (for appending) */
ogs_sockaddr_t *tail = NULL;
/* First newly added node (for cleanup on error) */
ogs_sockaddr_t *first_new = NULL;
char buf[OGS_ADDRSTRLEN];
ogs_assert(sa_list);
/* Prepare hints for getaddrinfo() */
memset(&hints, 0, sizeof(hints));
hints.ai_family = family;
hints.ai_socktype = SOCK_STREAM;
@@ -114,24 +125,41 @@ int ogs_addaddrinfo(ogs_sockaddr_t **sa_list,
rc = getaddrinfo(hostname, service, &hints, &ai_list);
if (rc != 0) {
ogs_log_message(OGS_LOG_ERROR, ogs_socket_errno,
"getaddrinfo(%d:%s:%d:0x%x) failed",
family, hostname, port, flags);
"getaddrinfo(%d:%s:%d:0x%x) failed: %s",
family, hostname ? hostname : "(null)",
port, flags, gai_strerror(rc));
/* Non-fatal: log the error and return */
return OGS_ERROR;
}
prev = NULL;
/* Find the end of the existing list, so new entries can be appended */
if (*sa_list) {
prev = *sa_list;
while(prev->next) prev = prev->next;
tail = *sa_list;
while (tail->next)
tail = tail->next;
prev = tail;
}
/* Iterate over each result from getaddrinfo and add to the linked list */
for (ai = ai_list; ai; ai = ai->ai_next) {
ogs_sockaddr_t *new, tmp;
if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
continue;
continue; /* Skip unsupported address families */
new = ogs_calloc(1, sizeof(ogs_sockaddr_t));
if (!new) {
ogs_error("ogs_calloc() failed");
/* Clean up any partially added entries on memory failure */
if (first_new) {
if (tail) {
/* detach new sub-list from original list */
tail->next = NULL;
} else {
*sa_list = NULL; /* no original list, reset head */
}
ogs_freeaddrinfo(first_new);
}
freeaddrinfo(ai_list);
return OGS_ERROR;
}
memcpy(&new->sa, ai->ai_addr, ai->ai_addrlen);
@@ -139,30 +167,49 @@ int ogs_addaddrinfo(ogs_sockaddr_t **sa_list,
if (hostname) {
if (ogs_inet_pton(ai->ai_family, hostname, &tmp) == OGS_OK) {
/* It's a valid IP address */
/* Input string is a valid numeric IP address */
ogs_debug("addr:%s, port:%d", OGS_ADDR(new, buf), port);
} else {
/* INVALID IP address! We assume it is a hostname */
/* Input string is not a numeric IP; treat it as a hostname */
new->hostname = ogs_strdup(hostname);
ogs_assert(new->hostname);
if (!new->hostname) {
ogs_error("ogs_strdup() failed");
/* Free the new node and any previously added nodes */
ogs_free(new);
if (first_new) {
if (tail) {
tail->next = NULL;
} else {
*sa_list = NULL;
}
ogs_freeaddrinfo(first_new);
}
freeaddrinfo(ai_list);
return OGS_ERROR;
}
ogs_debug("name:%s, port:%d", new->hostname, port);
}
}
if (!prev)
/* Link the new node into the list */
if (!prev) {
*sa_list = new;
else
} else {
prev->next = new;
}
prev = new;
if (!first_new) {
first_new = new; /* mark the first new node added */
}
}
freeaddrinfo(ai_list);
if (prev == NULL) {
if (first_new == NULL) {
/* No addresses were added (e.g., no AF_INET/AF_INET6 results) */
ogs_log_message(OGS_LOG_ERROR, ogs_socket_errno,
"ogs_getaddrinfo(%d:%s:%d:%d) failed",
family, hostname, port, flags);
"ogs_addaddrinfo(%d:%s:%d:0x%x) returned no addresses",
family, hostname ? hostname : "(null)", port, flags);
return OGS_ERROR;
}
@@ -264,6 +311,60 @@ int ogs_sortaddrinfo(ogs_sockaddr_t **sa_list, int family)
return OGS_OK;
}
/*--------------------------------------------------------------------------
* Merge a single node if not already in "dest" list
*--------------------------------------------------------------------------
*/
void ogs_merge_single_addrinfo(
ogs_sockaddr_t **dest, const ogs_sockaddr_t *item)
{
ogs_sockaddr_t *p;
ogs_sockaddr_t *new_sa;
ogs_assert(dest);
ogs_assert(item);
p = *dest;
while (p) {
if (ogs_sockaddr_is_equal(p, item)) {
/* Already exists */
return;
}
p = p->next;
}
new_sa = (ogs_sockaddr_t *)ogs_malloc(sizeof(*new_sa));
ogs_assert(new_sa);
memcpy(new_sa, item, sizeof(*new_sa));
if (item->hostname) {
new_sa->hostname = ogs_strdup(item->hostname);
ogs_assert(new_sa->hostname);
}
new_sa->next = NULL;
if (!(*dest)) {
*dest = new_sa;
} else {
p = *dest;
while (p->next)
p = p->next;
p->next = new_sa;
}
}
/*--------------------------------------------------------------------------
* Merge an entire src list into dest
*--------------------------------------------------------------------------
*/
void ogs_merge_addrinfo(ogs_sockaddr_t **dest, const ogs_sockaddr_t *src)
{
const ogs_sockaddr_t *cur;
cur = src;
while (cur) {
ogs_merge_single_addrinfo(dest, cur);
cur = cur->next;
}
}
ogs_sockaddr_t *ogs_link_local_addr(const char *dev, const ogs_sockaddr_t *sa)
{
#if defined(HAVE_GETIFADDRS)
@@ -419,13 +520,16 @@ socklen_t ogs_sockaddr_len(const void *sa)
}
}
bool ogs_sockaddr_is_equal(const void *p, const void *q)
/*
* Helper function to compare two addresses.
* If compare_port is true, compare both port and address.
* Otherwise, compare address only.
*/
static bool ogs_sockaddr_compare(const ogs_sockaddr_t *a,
const ogs_sockaddr_t *b,
bool compare_port)
{
const ogs_sockaddr_t *a, *b;
a = p;
ogs_assert(a);
b = q;
ogs_assert(b);
if (a->ogs_sa_family != b->ogs_sa_family)
@@ -433,23 +537,68 @@ bool ogs_sockaddr_is_equal(const void *p, const void *q)
switch (a->ogs_sa_family) {
case AF_INET:
if (a->sin.sin_port != b->sin.sin_port)
if (compare_port && (a->sin.sin_port != b->sin.sin_port))
return false;
if (memcmp(&a->sin.sin_addr, &b->sin.sin_addr, sizeof(struct in_addr)) != 0)
if (memcmp(&a->sin.sin_addr, &b->sin.sin_addr,
sizeof(struct in_addr)) != 0)
return false;
return true;
case AF_INET6:
if (a->sin6.sin6_port != b->sin6.sin6_port)
if (compare_port && (a->sin6.sin6_port != b->sin6.sin6_port))
return false;
if (memcmp(&a->sin6.sin6_addr, &b->sin6.sin6_addr, sizeof(struct in6_addr)) != 0)
if (memcmp(&a->sin6.sin6_addr, &b->sin6.sin6_addr,
sizeof(struct in6_addr)) != 0)
return false;
return true;
default:
ogs_error("Unexpected address faimily %u", a->ogs_sa_family);
ogs_error("Unexpected address family %u", a->ogs_sa_family);
ogs_abort();
return false; /* Defensive return */
}
}
/* Compare addresses including port */
bool ogs_sockaddr_is_equal(const void *p, const void *q)
{
const ogs_sockaddr_t *a = (const ogs_sockaddr_t *)p;
const ogs_sockaddr_t *b = (const ogs_sockaddr_t *)q;
return ogs_sockaddr_compare(a, b, true);
}
/* Compare addresses without considering port */
bool ogs_sockaddr_is_equal_addr(const void *p, const void *q)
{
const ogs_sockaddr_t *a = (const ogs_sockaddr_t *)p;
const ogs_sockaddr_t *b = (const ogs_sockaddr_t *)q;
return ogs_sockaddr_compare(a, b, false);
}
bool ogs_sockaddr_check_any_match(
ogs_sockaddr_t *base,
ogs_sockaddr_t *list, const ogs_sockaddr_t *single, bool compare_port)
{
ogs_sockaddr_t *p = NULL;
while (list) {
p = base;
while (p) {
if (ogs_sockaddr_compare(p, list, compare_port) == true)
return true;
p = p->next;
}
list = list->next;
}
if (single) {
p = base;
while (p) {
if (ogs_sockaddr_compare(p, single, compare_port) == true)
return true;
p = p->next;
}
}
return false;
}
static int parse_network(ogs_ipsubnet_t *ipsub, const char *network)
{
/* legacy syntax for ip addrs: a.b.c. ==> a.b.c.0/24 for example */
@@ -666,3 +815,65 @@ char *ogs_ipstrdup(ogs_sockaddr_t *addr)
return ogs_strdup(buf);
}
char *ogs_sockaddr_to_string_static(ogs_sockaddr_t *sa_list)
{
static char dumpstr[OGS_HUGE_LEN] = { 0, };
char *p, *last;
ogs_sockaddr_t *addr = NULL;
last = dumpstr + OGS_HUGE_LEN;
p = dumpstr;
addr = (ogs_sockaddr_t *)sa_list;
while (addr) {
char buf[OGS_ADDRSTRLEN];
p = ogs_slprintf(p, last, "[%s]:%d ",
OGS_ADDR(addr, buf), OGS_PORT(addr));
addr = addr->next;
}
if (p > dumpstr) {
/* If there is more than one addr, remove the last character */
*(p-1) = 0;
return dumpstr;
}
/* No address */
return NULL;
}
int ogs_sockaddr_from_ip_or_fqdn(ogs_sockaddr_t **sa_list,
int family, const char *ip_or_fqdn, uint16_t port)
{
int rc;
int flags = 0;
ogs_sockaddr_t tmp;
ogs_assert(sa_list);
ogs_assert(ip_or_fqdn);
/* Determine if the input is an IP literal (numeric address).
* If so, use AI_NUMERICHOST to avoid DNS lookup. */
if (ogs_inet_pton(AF_INET, ip_or_fqdn, &tmp) == OGS_OK ||
ogs_inet_pton(AF_INET6, ip_or_fqdn, &tmp) == OGS_OK) {
flags |= AI_NUMERICHOST;
}
/* Use ogs_addaddrinfo
* to perform resolution and construct the sockaddr list */
*sa_list = NULL;
rc = ogs_addaddrinfo(sa_list, family, ip_or_fqdn, port, flags);
if (rc != OGS_OK) {
ogs_error("Failed to resolve address: %s", ip_or_fqdn);
/* Cleanup: free any nodes that might have been added before failure */
if (*sa_list) {
ogs_freeaddrinfo(*sa_list);
*sa_list = NULL;
}
return OGS_ERROR;
}
return OGS_OK;
}

24
lib/core/ogs-sockaddr.h
View File

@@ -67,20 +67,8 @@ struct ogs_sockaddr_s {
* If there is a name in the configuration file,
* it is set in the 'hostname' of ogs_sockaddr_t.
* Then, it immediately call getaddrinfo() to fill addr in ogs_sockaddr_t.
*
* When it was always possible to convert DNS to addr, that was no problem.
* However, in some environments, such as Roaming, there are situations
* where it is difficult to always change the DNS to addr.
*
* So, 'fqdn' was created for the purpose of first use in ogs_sbi_client_t.
* 'fqdn' always do not change with addr.
* This value is used as it is in the actual client connection.
*
* Note that 'hostname' is still in use for server or other client
* except for ogs_sbi_client_t.
*/
char *hostname;
char *fqdn;
ogs_sockaddr_t *next;
};
@@ -103,6 +91,10 @@ int ogs_copyaddrinfo(
int ogs_filteraddrinfo(ogs_sockaddr_t **sa_list, int family);
int ogs_sortaddrinfo(ogs_sockaddr_t **sa_list, int family);
void ogs_merge_single_addrinfo(
ogs_sockaddr_t **dest, const ogs_sockaddr_t *item);
void ogs_merge_addrinfo(ogs_sockaddr_t **dest, const ogs_sockaddr_t *src);
ogs_sockaddr_t *ogs_link_local_addr(const char *dev, const ogs_sockaddr_t *sa);
ogs_sockaddr_t *ogs_link_local_addr_by_dev(const char *dev);
ogs_sockaddr_t *ogs_link_local_addr_by_sa(const ogs_sockaddr_t *sa);
@@ -119,12 +111,20 @@ int ogs_inet_pton(int family, const char *src, void *sa);
socklen_t ogs_sockaddr_len(const void *sa);
bool ogs_sockaddr_is_equal(const void *p, const void *q);
bool ogs_sockaddr_is_equal_addr(const void *p, const void *q);
bool ogs_sockaddr_check_any_match(
ogs_sockaddr_t *base,
ogs_sockaddr_t *list, const ogs_sockaddr_t *single, bool compare_port);
int ogs_ipsubnet(ogs_ipsubnet_t *ipsub,
const char *ipstr, const char *mask_or_numbits);
char *ogs_gethostname(ogs_sockaddr_t *addr);
char *ogs_ipstrdup(ogs_sockaddr_t *addr);
char *ogs_sockaddr_to_string_static(ogs_sockaddr_t *sa_list);
int ogs_sockaddr_from_ip_or_fqdn(ogs_sockaddr_t **sa_list,
int family, const char *ip_or_fqdn, uint16_t port);
#ifdef __cplusplus
}

5
lib/core/ogs-time.h
View File

@@ -84,8 +84,11 @@ typedef int64_t ogs_time_t;
/** @return ogs_time_t as a msec */
#define ogs_time_msec(time) (((time) / 1000) % 1000)
/** @return ogs_time_t as a msec */
/** @return ogs_time_t to msec */
#define ogs_time_to_msec(time) ((time) ? (1 + ((time) - 1) / 1000) : 0)
/** @return ogs_time_t to sec */
#define ogs_time_to_sec(time) \
((time) ? (1 + ((time) - 1) / OGS_USEC_PER_SEC) : 0)
/** @return milliseconds as an ogs_time_t */
#define ogs_time_from_msec(msec) ((ogs_time_t)(msec) * 1000)

21
lib/core/ogs-timer.c
View File

@@ -73,12 +73,6 @@ void ogs_timer_mgr_destroy(ogs_timer_mgr_t *manager)
ogs_free(manager);
}
static ogs_timer_t *ogs_timer_cycle(ogs_timer_mgr_t *manager, ogs_timer_t *timer)
{
ogs_assert(manager);
return ogs_pool_cycle(&manager->pool, timer);
}
ogs_timer_t *ogs_timer_add(
ogs_timer_mgr_t *manager, void (*cb)(void *data), void *data)
{
@@ -106,11 +100,6 @@ void ogs_timer_delete_debug(ogs_timer_t *timer, const char *file_line)
ogs_assert(timer);
manager = timer->manager;
ogs_assert(manager);
timer = ogs_timer_cycle(manager, timer);
if (!timer) {
ogs_fatal("ogs_timer_delete() failed in %s", file_line);
ogs_assert_if_reached();
}
ogs_timer_stop(timer);
@@ -126,11 +115,6 @@ void ogs_timer_start_debug(
manager = timer->manager;
ogs_assert(manager);
timer = ogs_timer_cycle(manager, timer);
if (!timer) {
ogs_fatal("ogs_timer_start() failed in %s", file_line);
ogs_assert_if_reached();
}
if (timer->running == true)
ogs_rbtree_delete(&manager->tree, timer);
@@ -145,11 +129,6 @@ void ogs_timer_stop_debug(ogs_timer_t *timer, const char *file_line)
ogs_assert(timer);
manager = timer->manager;
ogs_assert(manager);
timer = ogs_timer_cycle(manager, timer);
if (!timer) {
ogs_fatal("ogs_timer_stop() failed in %s", file_line);
ogs_assert_if_reached();
}
if (timer->running == false)
return;

10
lib/crypt/ecc.c
View File

@@ -1075,6 +1075,11 @@ int ecc_make_key(uint8_t p_publicKey[ECC_BYTES+1], uint8_t p_privateKey[ECC_BYTE
EccPoint l_public;
unsigned l_tries = 0;
/* Clang scan-build SA: Branch condition evaluates to garbage value: In 1st pass thru the do loop the struct l_public
* will not contain a value in the while() check if vli_isZero(l_private)==true and the continue branch is taken.
* Initialize l_public to fix the issue. */
memset(&l_public, 0, sizeof(EccPoint));
do
{
if(!getRandomNumber(l_private) || (l_tries++ >= MAX_TRIES))
@@ -1255,6 +1260,11 @@ int ecdsa_sign(const uint8_t p_privateKey[ECC_BYTES], const uint8_t p_hash[ECC_B
EccPoint p;
unsigned l_tries = 0;
/* Clang scan-build SA: Branch condition evaluates to garbage value: In 1st pass thru the do loop the struct "p"
* will not contain a value in the while() check if vli_isZero(k)==true and the continue branch is taken.
* Initialize "p" to fix the issue. */
memset(&p, 0, sizeof(EccPoint));
do
{
if(!getRandomNumber(k) || (l_tries++ >= MAX_TRIES))

12
lib/crypt/kasumi.c
View File

@@ -292,7 +292,13 @@ void kasumi_f8(u8 *key, u32 count, u32 bearer, u32 dir, u8 *data, int length)
/* Construct the modified key and then "kasumi" A */
for( n=0; n<16; ++n )
ModKey[n] = (u8)(key[n] ^ 0x55);
/* Clang scan-build SA: Result of operation is garbage: The function kasumi_key_schedule() is reporting that
* the array parameter "k" (ModKey) has garbage/uninitialized values. Don't see how that is possible
* because the array is fully populated by the loop above. */
#ifndef __clang_analyzer__
kasumi_key_schedule( ModKey );
#endif
kasumi( A.b8 ); /* First encryption to create modifier */
@@ -454,7 +460,13 @@ u8 *kasumi_f9(u8 *key, u32 count, u32 fresh, u32 dir, u8 *data, int length)
* key XORd with 0xAAAA..... */
for( n=0; n<16; ++n )
ModKey[n] = (u8)*key++ ^ 0xAA;
/* Clang scan-build SA: Result of operation is garbage: The function kasumi_key_schedule() is reporting that
* the array parameter "k" (ModKey) has garbage/uninitialized values. Don't see how that is possible
* because the array is fully populated by the loop above. */
#ifndef __clang_analyzer__
kasumi_key_schedule( ModKey );
#endif
kasumi( B.b8 );
/* We return the left-most 32-bits of the result */

12
lib/crypt/ogs-aes.c
View File

@@ -1255,6 +1255,12 @@ int ogs_aes_cbc_encrypt(const uint8_t *key, const uint32_t keybits,
*outlen = ((inlen - 1) / OGS_AES_BLOCK_SIZE + 1) * OGS_AES_BLOCK_SIZE;
/* Clang scan-build SA: Result of operation is garbage: The function ogs_aes_encrypt() is reporting that the
* array parameter rk has garbage/uninitialized values. The garbage values are because the SA is taking a path
* through ogs_aes_setup_enc() that doesn't match a valid keybits value and therefore the function is not
* populating rk. Fix the issue by initializing rk to 0 here. */
memset(rk, 0, sizeof(rk));
nrounds = ogs_aes_setup_enc(rk, key, keybits);
while (len >= OGS_AES_BLOCK_SIZE)
@@ -1310,6 +1316,12 @@ int ogs_aes_cbc_decrypt(const uint8_t *key, const uint32_t keybits,
*outlen = inlen;
/* Clang scan-build SA: Result of operation is garbage: The function ogs_aes_decrypt() is reporting that the
* array parameter rk has garbage/uninitialized values. The garbage values are because the SA is taking a path
* through ogs_aes_setup_enc() (from ogs_aes_setup_dec()) that doesn't match a valid keybits value and
* therefore the function is not populating rk. Fix the issue by initializing rk to 0 here. */
memset(rk, 0, sizeof(rk));
nrounds = ogs_aes_setup_dec(rk, key, keybits);
if (in != out)

10
lib/crypt/zuc.c
View File

@@ -327,12 +327,18 @@ void zuc_eea3(u8* CK, u32 COUNT, u32 BEARER, u32 DIRECTION,
C[i] = M[i] ^ ((z[i/4] >> (3-i%4)*8) & 0xff);
}
/*
* Issues #3349
* Valgrind memcheck: Invalid read & write: Add {}.
*/
/* zero last bits of data in case its length is not word-aligned (32 bits)
this is an addition to the C reference code, which did not handle it */
if (lastbits)
if (lastbits) {
i--;
C[i] &= 0x100 - (1<<lastbits);
}
ogs_free(z);
}
/* end of EEA3.c */

219
lib/dbi/ims.c
View File

@@ -120,7 +120,8 @@ int ogs_dbi_ims_data(char *supi, ogs_ims_data_t *ims_data)
bson_error_t error;
const bson_t *document;
bson_iter_t iter;
bson_iter_t child1_iter;
bson_iter_t child1_iter, child2_iter, child3_iter, child4_iter, child5_iter;
bson_iter_t child6_iter, child7_iter, child8_iter, child9_iter;
const char *utf8 = NULL;
uint32_t length = 0;
@@ -190,6 +191,222 @@ int ogs_dbi_ims_data(char *supi, ogs_ims_data_t *ims_data)
}
}
ims_data->num_of_msisdn = msisdn_index;
} else if (!strcmp(key, "ifc") &&
BSON_ITER_HOLDS_ARRAY(&iter)) {
int ifc_index = 0;
bson_iter_recurse(&iter, &child2_iter);
while (bson_iter_next(&child2_iter)) {
ogs_assert(ifc_index < OGS_MAX_NUM_OF_IFC);
bson_iter_recurse(&child2_iter, &child3_iter);
while (bson_iter_next(&child3_iter)) {
const char *child3_key = bson_iter_key(&child3_iter);
if (!strcmp(child3_key, "priority") &&
BSON_ITER_HOLDS_INT32(&child3_iter)) {
ims_data->ifc[ifc_index].priority =
bson_iter_int32(&child3_iter);
} else if (!strcmp(child3_key, "application_server") &&
BSON_ITER_HOLDS_DOCUMENT(&child3_iter)) {
bson_iter_recurse(&child3_iter, &child4_iter);
while (bson_iter_next(&child4_iter)) {
const char *child4_key =
bson_iter_key(&child4_iter);
if (!strcmp(child4_key, "server_name") &&
BSON_ITER_HOLDS_UTF8(&child4_iter)) {
utf8 = bson_iter_utf8(&child4_iter, &length);
ims_data->ifc[ifc_index]
.application_server.server_name =
ogs_strndup(utf8, length);
} else if (!strcmp(child4_key, "default_handling")
&& BSON_ITER_HOLDS_INT32(&child4_iter)) {
ims_data->ifc[ifc_index]
.application_server.default_handling =
bson_iter_int32(&child4_iter);
}
}
} else if (!strcmp(child3_key, "trigger_point") &&
BSON_ITER_HOLDS_DOCUMENT(&child3_iter)) {
bson_iter_recurse(&child3_iter, &child5_iter);
while (bson_iter_next(&child5_iter)) {
const char *child5_key =
bson_iter_key(&child5_iter);
if (!strcmp(child5_key, "condition_type_cnf") &&
BSON_ITER_HOLDS_INT32(&child5_iter)) {
ims_data->ifc[ifc_index]
.trigger_point.condition_type_cnf =
bson_iter_int32(&child5_iter);
} else if (!strcmp(child5_key, "spt") &&
BSON_ITER_HOLDS_ARRAY(&child5_iter)) {
int spt_index = 0;
bson_iter_recurse(&child5_iter, &child6_iter);
while (bson_iter_next(&child6_iter)) {
ogs_assert(spt_index < OGS_MAX_NUM_OF_SPT);
bson_iter_recurse(&child6_iter,
&child7_iter);
while (bson_iter_next(&child7_iter)) {
const char *child7_key =
bson_iter_key(&child7_iter);
if (!strcmp(child7_key,
"condition_negated") &&
BSON_ITER_HOLDS_INT32(
&child7_iter)) {
ims_data->ifc[ifc_index]
.trigger_point
.spt[spt_index]
.condition_negated =
bson_iter_int32(
&child7_iter);
} else if (!strcmp(child7_key, "group")
&& BSON_ITER_HOLDS_INT32(
&child7_iter)) {
ims_data->ifc[ifc_index]
.trigger_point
.spt[spt_index]
.group = bson_iter_int32(
&child7_iter);
} else if (!strcmp(child7_key,
"method") &&
BSON_ITER_HOLDS_UTF8(
&child7_iter)) {
utf8 = bson_iter_utf8(&child7_iter,
&length);
ims_data->ifc[ifc_index]
.trigger_point
.spt[spt_index]
.method =
ogs_strndup(utf8, length);
ims_data->ifc[ifc_index]
.trigger_point
.spt[spt_index]
.type = OGS_SPT_HAS_METHOD;
} else if (!strcmp(child7_key,
"session_case") &&
BSON_ITER_HOLDS_INT32(
&child7_iter)) {
ims_data->ifc[ifc_index]
.trigger_point
.spt[spt_index]
.session_case =
bson_iter_int32(
&child7_iter);
ims_data->ifc[ifc_index]
.trigger_point
.spt[spt_index]
.type =
OGS_SPT_HAS_SESSION_CASE;
} else if (!strcmp(child7_key,
"sip_header") &&
BSON_ITER_HOLDS_DOCUMENT(
&child7_iter)) {
bson_iter_recurse(&child7_iter,
&child8_iter);
while (bson_iter_next(
&child8_iter)) {
const char *child8_key =
bson_iter_key(
&child8_iter);
if (!strcmp(child8_key,
"header") &&
BSON_ITER_HOLDS_UTF8(
&child8_iter)) {
utf8 = bson_iter_utf8(
&child8_iter,
&length);
ims_data->ifc[ifc_index]
.trigger_point
.spt[spt_index]
.header =
ogs_strndup(utf8,
length);
} else if (!strcmp(child8_key,
"content") &&
BSON_ITER_HOLDS_UTF8(
&child8_iter)) {
utf8 = bson_iter_utf8(
&child8_iter,
&length);
ims_data->ifc[ifc_index]
.trigger_point
.spt[spt_index]
.header_content =
ogs_strndup(utf8,
length);
}
}
ims_data->ifc[ifc_index]
.trigger_point
.spt[spt_index]
.type = OGS_SPT_HAS_SIP_HEADER;
} else if (!strcmp(child7_key,
"sdp_line") &&
BSON_ITER_HOLDS_DOCUMENT(
&child7_iter)) {
bson_iter_recurse(&child7_iter,
&child9_iter);
while (bson_iter_next(
&child9_iter)) {
const char *child9_key =
bson_iter_key(
&child9_iter);
if (!strcmp(child9_key,
"line") &&
BSON_ITER_HOLDS_UTF8(
&child9_iter)) {
utf8 = bson_iter_utf8(
&child9_iter,
&length);
ims_data->ifc[ifc_index]
.trigger_point
.spt[spt_index]
.sdp_line =
ogs_strndup(utf8,
length);
} else if (!strcmp(child9_key,
"content") &&
BSON_ITER_HOLDS_UTF8(
&child9_iter)) {
utf8 = bson_iter_utf8(
&child9_iter,
&length);
ims_data->ifc[ifc_index]
.trigger_point
.spt[spt_index]
.sdp_line_content =
ogs_strndup(utf8,
length);
}
}
ims_data->ifc[ifc_index]
.trigger_point
.spt[spt_index]
.type = OGS_SPT_HAS_SDP_LINE;
} else if (!strcmp(child7_key,
"request_uri") &&
BSON_ITER_HOLDS_UTF8(
&child7_iter)) {
utf8 = bson_iter_utf8(&child7_iter,
&length);
ims_data->ifc[ifc_index]
.trigger_point
.spt[spt_index]
.request_uri =
ogs_strndup(utf8, length);
ims_data->ifc[ifc_index]
.trigger_point
.spt[spt_index]
.type = OGS_SPT_HAS_REQUEST_URI;
}
}
spt_index++;
}
ims_data->ifc->trigger_point.num_of_spt =
spt_index;
}
}
}
}
ifc_index++;
}
ims_data->num_of_ifc = ifc_index;
}
}

12
lib/dbi/session.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright (C) 2019-2023 by Sukchan Lee <acetcom@gmail.com>
* Copyright (C) 2019-2024 by Sukchan Lee <acetcom@gmail.com>
*
* This file is part of Open5GS.
*
@@ -19,7 +19,8 @@
#include "ogs-dbi.h"
int ogs_dbi_session_data(char *supi, ogs_s_nssai_t *s_nssai, char *dnn,
int ogs_dbi_session_data(
const char *supi, const ogs_s_nssai_t *s_nssai, const char *dnn,
ogs_session_data_t *session_data)
{
int rv = OGS_OK;
@@ -85,6 +86,7 @@ int ogs_dbi_session_data(char *supi, ogs_s_nssai_t *s_nssai, char *dnn,
if (!strcmp(key, OGS_SLICE_STRING) && BSON_ITER_HOLDS_ARRAY(&iter)) {
bson_iter_recurse(&iter, &child1_iter);
while (bson_iter_next(&child1_iter)) {
bool sst_presence = false;
uint8_t sst;
ogs_uint24_t sd;
@@ -97,6 +99,7 @@ int ogs_dbi_session_data(char *supi, ogs_s_nssai_t *s_nssai, char *dnn,
if (!strcmp(child2_key, OGS_SST_STRING) &&
BSON_ITER_HOLDS_INT32(&child2_iter)) {
sst_presence = true;
sst = bson_iter_int32(&child2_iter);
} else if (!strcmp(child2_key, OGS_SD_STRING) &&
BSON_ITER_HOLDS_UTF8(&child2_iter)) {
@@ -109,7 +112,7 @@ int ogs_dbi_session_data(char *supi, ogs_s_nssai_t *s_nssai, char *dnn,
}
}
if (!sst) {
if (!sst_presence) {
ogs_error("No SST");
continue;
}
@@ -166,6 +169,9 @@ done:
} else if (!strcmp(child4_key, OGS_TYPE_STRING) &&
BSON_ITER_HOLDS_INT32(&child4_iter)) {
session->session_type = bson_iter_int32(&child4_iter);
} else if (!strcmp(child4_key, OGS_LBO_ROAMING_ALLOWED_STRING) &&
BSON_ITER_HOLDS_BOOL(&child4_iter)) {
session->lbo_roaming_allowed = bson_iter_bool(&child4_iter);
} else if (!strcmp(child4_key, OGS_QOS_STRING) &&
BSON_ITER_HOLDS_DOCUMENT(&child4_iter)) {
bson_iter_recurse(&child4_iter, &child5_iter);

3
lib/dbi/session.h
View File

@@ -28,7 +28,8 @@
extern "C" {
#endif
int ogs_dbi_session_data(char *supi, ogs_s_nssai_t *s_nssai, char *dnn,
int ogs_dbi_session_data(
const char *supi, const ogs_s_nssai_t *s_nssai, const char *dnn,
ogs_session_data_t *session_data);
#ifdef __cplusplus

26
lib/dbi/subscription.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright (C) 2019-2023 by Sukchan Lee <acetcom@gmail.com>
* Copyright (C) 2019-2024 by Sukchan Lee <acetcom@gmail.com>
*
* This file is part of Open5GS.
*
@@ -39,9 +39,16 @@ int ogs_dbi_auth_info(char *supi, ogs_dbi_auth_info_t *auth_info)
ogs_assert(auth_info);
supi_type = ogs_id_get_type(supi);
ogs_assert(supi_type);
if (!supi_type) {
ogs_error("Invalid supi=%s", supi);
return OGS_ERROR;
}
supi_id = ogs_id_get_value(supi);
ogs_assert(supi_id);
if (!supi_id) {
ogs_error("Invalid supi=%s", supi);
ogs_free(supi_type);
return OGS_ERROR;
}
query = BCON_NEW(supi_type, BCON_UTF8(supi_id));
#if MONGOC_CHECK_VERSION(1, 5, 0)
@@ -459,6 +466,7 @@ int ogs_dbi_subscription_data(char *supi,
bson_iter_recurse(&iter, &child1_iter);
while (bson_iter_next(&child1_iter)) {
ogs_slice_data_t *slice_data = NULL;
bool sst_presence = false;
ogs_assert(
subscription_data->num_of_slice < OGS_MAX_NUM_OF_SLICE);
@@ -476,6 +484,7 @@ int ogs_dbi_subscription_data(char *supi,
if (!strcmp(child2_key, OGS_SST_STRING) &&
BSON_ITER_HOLDS_INT32(&child2_iter)) {
slice_data->s_nssai.sst = bson_iter_int32(&child2_iter);
sst_presence = true;
} else if (!strcmp(child2_key, OGS_SD_STRING) &&
BSON_ITER_HOLDS_UTF8(&child2_iter)) {
utf8 = bson_iter_utf8(&child2_iter, &length);
@@ -515,6 +524,11 @@ int ogs_dbi_subscription_data(char *supi,
BSON_ITER_HOLDS_INT32(&child4_iter)) {
session->session_type =
bson_iter_int32(&child4_iter);
} else if (!strcmp(child4_key,
OGS_LBO_ROAMING_ALLOWED_STRING) &&
BSON_ITER_HOLDS_BOOL(&child4_iter)) {
session->lbo_roaming_allowed =
bson_iter_bool(&child4_iter);
} else if (!strcmp(child4_key,
OGS_QOS_STRING) &&
BSON_ITER_HOLDS_DOCUMENT(&child4_iter)) {
@@ -787,6 +801,12 @@ int ogs_dbi_subscription_data(char *supi,
}
}
}
if (!sst_presence) {
ogs_error("No SST");
continue;
}
subscription_data->num_of_slice++;
}
} else if (!strcmp(key, OGS_MME_HOST_STRING) &&

19
lib/diameter/common/base.h
View File

@@ -28,6 +28,15 @@
extern "C" {
#endif
/* Configuration for ogs_diam_stats_ctx_t: */
typedef struct ogs_diam_config_stats_s {
/* Frequency at which freeDiameter thread stats are updated to the app. 0 = default 60 seconds. */
unsigned int interval_sec;
/* Size of struct to allocate for diameters private statistics, see ogs_diam_stats_ctx_t.
* Defaults to 0, no priv_stats allocated. */
size_t priv_stats_size;
} ogs_diam_config_stats_t;
/* This is default diameter configuration if there is no config file
* The Configuration : No TLS, Only TCP */
typedef struct ogs_diam_config_s {
@@ -43,6 +52,9 @@ typedef struct ogs_diam_config_s {
/* the local port for Diameter/TLS (default: 5658) in host byte order */
uint16_t cnf_port_tls;
/* default TC timer */
int cnf_timer_tc;
struct {
/* the peer does not relay messages (0xffffff app id) */
unsigned no_fwd: 1;
@@ -64,8 +76,13 @@ typedef struct ogs_diam_config_s {
const char *identity;
const char *addr; /* IP address of the remote peer */
uint16_t port; /* port to connect to. 0: default. */
int tc_timer; /* TcTimer value to use for this peer, use default if 0 */
} conn[MAX_NUM_OF_FD_CONN];
int num_of_conn;
/* Configure ogs_diam_stats_ctx_t: */
ogs_diam_config_stats_t stats;
} ogs_diam_config_t;
int ogs_diam_init(int mode, const char *conffile, ogs_diam_config_t *fd_config);
@@ -73,7 +90,7 @@ int ogs_diam_start(void);
void ogs_diam_final(void);
int ogs_diam_config_init(ogs_diam_config_t *fd_config);
bool ogs_diam_app_connected(uint32_t app_id);
bool ogs_diam_is_relay_or_app_advertised(uint32_t app_id);
int fd_avp_search_avp ( struct avp * groupedavp,
struct dict_object * what, struct avp ** avp );

9
lib/diameter/common/config.c
View File

@@ -69,6 +69,9 @@ static int diam_config_apply(ogs_diam_config_t *fd_config)
if (fd_config->cnf_flags.no_fwd)
fd_g_config->cnf_flags.no_fwd = fd_config->cnf_flags.no_fwd;
if (fd_config->cnf_timer_tc)
fd_g_config->cnf_timer_tc = fd_config->cnf_timer_tc;
/********************************************************************
* Diameter Client
*/
@@ -86,6 +89,8 @@ static int diam_config_apply(ogs_diam_config_t *fd_config)
fddpi.config.pic_flags.alg = PI_ALGPREF_SCTP;
fddpi.config.pic_flags.sec |= PI_SEC_NONE;
fddpi.config.pic_tctimer = fd_config->conn[i].tc_timer;
fddpi.config.pic_port = fd_config->conn[i].port;
fddpi.pi_diamid = (DiamId_t)fd_config->conn[i].identity;
@@ -100,7 +105,7 @@ static int diam_config_apply(ogs_diam_config_t *fd_config)
fd_config->conn[i].addr, errno, strerror(errno));
return OGS_ERROR;
}
CHECK_FCT_DO( fd_ep_add_merge(
&fddpi.pi_endpoints, ai->ai_addr, ai->ai_addrlen,
EP_FL_CONF | (disc ?: EP_ACCEPTALL) ), return OGS_ERROR);
@@ -192,7 +197,7 @@ int ogs_diam_config_init(ogs_diam_config_t *fd_config)
/* Display configuration */
b = fd_conf_dump(&buf, &len, NULL);
LOG_SPLIT(FD_LOG_NOTICE, NULL,
LOG_SPLIT(FD_LOG_NOTICE, NULL,
b ?: (char*)"<Error during configuration dump...>", NULL);
free(buf);

22
lib/diameter/common/init.c
View File

@@ -28,6 +28,8 @@ int ogs_diam_init(int mode, const char *conffile, ogs_diam_config_t *fd_config)
{
int ret;
ogs_assert(fd_config);
gnutls_global_set_log_level(0);
gnutls_global_set_log_function(diam_gnutls_log_func);
@@ -36,14 +38,14 @@ int ogs_diam_init(int mode, const char *conffile, ogs_diam_config_t *fd_config)
if (ret != 0) {
ogs_error("fd_log_handler_register() failed");
return ret;
}
}
ret = fd_core_initialize();
if (ret != 0) {
ogs_error("fd_core_initialize() failed");
return ret;
}
}
/* Parse the configuration file */
if (conffile) {
CHECK_FCT_DO( fd_core_parseconf(conffile), goto error );
@@ -55,7 +57,10 @@ int ogs_diam_init(int mode, const char *conffile, ogs_diam_config_t *fd_config)
CHECK_FCT( ogs_diam_message_init() );
/* Initialize FD logger */
CHECK_FCT_DO( ogs_diam_logger_init(mode), goto error );
CHECK_FCT_DO( ogs_diam_logger_init(), goto error );
/* Initialize FD stats */
CHECK_FCT_DO( ogs_diam_stats_init(mode, &fd_config->stats), goto error );
return 0;
error:
@@ -72,7 +77,7 @@ int ogs_diam_start(void)
CHECK_FCT_DO( fd_core_waitstartcomplete(), goto error );
CHECK_FCT( ogs_diam_logger_stats_start() );
CHECK_FCT( ogs_diam_stats_start() );
return 0;
error:
@@ -84,6 +89,7 @@ error:
void ogs_diam_final()
{
ogs_diam_stats_final();
ogs_diam_logger_final();
CHECK_FCT_DO( fd_core_shutdown(), ogs_error("fd_core_shutdown() failed") );
@@ -118,12 +124,12 @@ static void diam_log_func(int printlevel, const char *format, va_list ap)
ogs_log_printf(level, OGS_LOG_DOMAIN, 0, NULL, 0, NULL, 0, __VA_ARGS__)
switch(printlevel) {
case FD_LOG_ANNOYING:
case FD_LOG_ANNOYING:
diam_log_printf(OGS_LOG_TRACE, "[%d] %s\n", printlevel, buffer);
break;
break;
case FD_LOG_DEBUG:
diam_log_printf(OGS_LOG_TRACE, "[%d] %s\n", printlevel, buffer);
break;
break;
case FD_LOG_INFO:
diam_log_printf(OGS_LOG_TRACE, "[%d] %s\n", printlevel, buffer);
break;

Some files were not shown because too many files have changed in this diff Show More