paulmataruso/open5gs
1
0
Fork 0
mirror of https://github.com/open5gs/open5gs.git synced 2025-10-22 23:31:57 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
3f6f2a8846106e30c4a2fc5034be46cc48562027
open5gs/configs/open5gs/pcf.yaml.in
Sukchan Lee 3f6f2a8846 [SBI] Enable SSL Key Logging for Enhanced Debugging and Analysis (#3647) 
- Add `sslkeylogfile` configuration options to `*.yaml.in` in NFs.
- Update `open5gs-common.dirs` to include `var/log/open5gs/tls` directory
- Extend `ogs_sbi_context_s` structure in `context.h` to include `sslkeylog`
- Modify `context.c` to parse and handle `sslkeylogfile` settings
- Update `server.c` and `server.h` to manage the `sslkeylog` field
  in server structures
- Update `ogs_sbi_client_add` and `ogs_sbi_client_remove` functions to handle
  `sslkeylog` field.
- Adjust `meson.build` to create the TLS log directory during installation

This commit introduces SSL key logging functionality to Open5GS,
enabling the capture of SSL/TLS keys. This feature is essential
for debugging encrypted traffic and allows integration with tools
like Wireshark for decrypting TLS sessions.
2024-12-30 21:21:41 +09:00

250 lines
8.9 KiB
YAML
Raw Blame History

db_uri: mongodb://localhost/open5gs
logger:
file:
path: @localstatedir@/log/open5gs/pcf.log
# level: info # fatal|error|warn|info(default)|debug|trace
global:
max:
ue: 1024 # The number of UE can be increased depending on memory size.
# peer: 64
pcf:
sbi:
server:
- address: 127.0.0.13
port: 7777
client:
# nrf:
# - uri: http://127.0.0.10:7777
scp:
- uri: http://127.0.0.200:7777
metrics:
server:
- address: 127.0.0.13
port: 9090
################################################################################
# Locally configured policy
# - The PCF in the VPLMN uses locally configured policies
# according to the roaming agreement with the HPLMN operator
# as input for PCC Rule generation.
################################################################################
#
# o You don't have to use MongoDB if you use the policy configuration as below.
#
# policy:
# - plmn_id:
# mcc: 999
# mnc: 70
# slice:
# - sst: 1 # 1,2,3,4
# default_indicator: true
# session:
# - name: internet
# type: 3 # 1:IPv4, 2:IPv6, 3:IPv4v6
# ambr:
# downlink:
# value: 1
# unit: 3 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
# uplink:
# value: 1
# unit: 3
# qos:
# index: 9 # 1, 2, 3, 4, 65, 66, 67, 75, 71, 72, 73, 74, 76, 5, 6, 7, 8, 9, 69, 70, 79, 80, 82, 83, 84, 85, 86
# arp:
# priority_level: 8 # 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15
# pre_emption_vulnerability: 1 # 1: Disabled, 2:Enabled
# pre_emption_capability: 1 # 1: Disabled, 2:Enabled
# - name: ims
# type: 3 # 1:IPv4, 2:IPv6, 3:IPv4v6
# ambr:
# downlink:
# value: 1
# unit: 3 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
# uplink:
# value: 1
# unit: 3 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
# qos:
# index: 5 # 1, 2, 3, 4, 65, 66, 67, 75, 71, 72, 73, 74, 76, 5, 6, 7, 8, 9, 69, 70, 79, 80, 82, 83, 84, 85, 86
# arp:
# priority_level: 1 # 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15
# pre_emption_vulnerability: 1 # 1: Disabled, 2:Enabled
# pre_emption_capability: 1 # 1: Disabled, 2:Enabled
# pcc_rule:
# - qos:
# index: 1 # 1, 2, 3, 4, 65, 66, 67, 75, 71, 72, 73, 74, 76, 5, 6, 7, 8, 9, 69, 70, 79, 80, 82, 83, 84, 85, 86
# arp:
# priority_level: 1 # 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15
# pre_emption_vulnerability: 1 # 1: Disabled, 2:Enabled
# pre_emption_capability: 1 # 1: Disabled, 2:Enabled
# mbr:
# downlink:
# value: 82
# unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
# uplink:
# value: 82
# unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
# gbr:
# downlink:
# value: 82
# unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
# uplink:
# value: 82
# unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
# flow:
# - direction: 2
# description: "permit out icmp from any to assigned"
# - direction: 1
# description: "permit out icmp from any to assigned"
# - direction: 2
# description: "permit out udp from 10.200.136.98/32 23455 to assigned 1-65535"
# - direction: 1
# description: "permit out udp from 10.200.136.98/32 1-65535 to assigned 50021"
# - qos:
# index: 2 # 1, 2, 3, 4, 65, 66, 67, 75, 71, 72, 73, 74, 76, 5, 6, 7, 8, 9, 69, 70, 79, 80, 82, 83, 84, 85, 86
# arp:
# priority_level: 4 # 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15
# pre_emption_vulnerability: 2 # 1: Disabled, 2:Enabled
# pre_emption_capability: 2 # 1: Disabled, 2:Enabled
# mbr:
# downlink:
# value: 802
# unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
# uplink:
# value: 802
# unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
# gbr:
# downlink:
# value: 802
# unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
# uplink:
# value: 802
# unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
# - plmn_id:
# mcc: 001
# mnc: 01
# slice:
# - sst: 1 # 1,2,3,4
# sd: 000001
# default_indicator: true
# session:
# - name: internet
# type: 3 # 1:IPv4, 2:IPv6, 3:IPv4v6
# ambr:
# downlink:
# value: 1
# unit: 3 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
# uplink:
# value: 1
# unit: 3
# qos:
# index: 9 # 1, 2, 3, 4, 65, 66, 67, 75, 71, 72, 73, 74, 76, 5, 6, 7, 8, 9, 69, 70, 79, 80, 82, 83, 84, 85, 86
# arp:
# priority_level: 8 # 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15
# pre_emption_vulnerability: 1 # 1: Disabled, 2:Enabled
# pre_emption_capability: 1 # 1: Disabled, 2:Enabled
#
################################################################################
# SBI Server
################################################################################
# o Override SBI address to be advertised to NRF
# sbi:
# server:
# - dev: eth0
# advertise: open5gs-pcf.svc.local
#
# sbi:
# server:
# - address: localhost
# advertise:
# - 127.0.0.99
# - ::1
#
################################################################################
# SBI Client
################################################################################
# o Direct communication with NRF interaction
# sbi:
# client:
# nrf:
# - uri: http://127.0.0.10:7777
#
# o Indirect communication with delegated discovery
# sbi:
# client:
# scp:
# - uri: http://127.0.0.200:7777
#
# o Indirect communication without delegated discovery
# sbi:
# client:
# nrf:
# - uri: http://127.0.0.10:7777
# scp:
# - uri: http://127.0.0.200:7777
# discovery:
# delegated: no
#
################################################################################
# HTTPS scheme with TLS
################################################################################
# o Set as default if not individually set
# default:
# tls:
# server:
# scheme: https
# private_key: @sysconfdir@/open5gs/tls/pcf.key
# cert: @sysconfdir@/open5gs/tls/pcf.crt
# client:
# scheme: https
# cacert: @sysconfdir@/open5gs/tls/ca.crt
# sbi:
# server:
# - address: pcf.localdomain
# client:
# nrf:
# - uri: https://nrf.localdomain
#
# o Enable SSL key logging for Wireshark
# - This configuration allows capturing SSL/TLS session keys
# for debugging or analysis purposes using Wireshark.
# default:
# tls:
# server:
# scheme: https
# private_key: @sysconfdir@/open5gs/tls/pcf.key
# cert: @sysconfdir@/open5gs/tls/pcf.crt
# sslkeylogfile: @localstatedir@/log/open5gs/tls/pcf-server-sslkeylog.log
# client:
# scheme: https
# cacert: @sysconfdir@/open5gs/tls/ca.crt
# client_sslkeylogfile: @localstatedir@/log/open5gs/tls/pcf-client-sslkeylog.log
# sbi:
# server:
# - address: pcf.localdomain
# client:
# nrf:
# - uri: https://nrf.localdomain
#
# o Add client TLS verification
# default:
# tls:
# server:
# scheme: https
# private_key: @sysconfdir@/open5gs/tls/pcf.key
# cert: @sysconfdir@/open5gs/tls/pcf.crt
# verify_client: true
# verify_client_cacert: @sysconfdir@/open5gs/tls/ca.crt
# client:
# scheme: https
# cacert: @sysconfdir@/open5gs/tls/ca.crt
# client_private_key: @sysconfdir@/open5gs/tls/pcf.key
# client_cert: @sysconfdir@/open5gs/tls/pcf.crt
# sbi:
# server:
# - address: pcf.localdomain
# client:
# nrf:
# - uri: https://nrf.localdomain
Reference in New Issue View Git Blame Copy Permalink