mirror of
https://gitea.osmocom.org/cellular-infrastructure/osmo-upf.git
synced 2025-11-02 21:13:46 +00:00
Compare commits
19 Commits
neels/man
...
neels/gtpl
| Author | SHA1 | Date | |
|---|---|---|---|
|
f49790f8c8 | ||
|
|
6859de09d2 | ||
|
|
5ac599ce17 | ||
|
|
33061164f3 | ||
|
|
62e0f7e135 | ||
|
|
58a9c167b3 | ||
|
|
7bd92c13aa | ||
|
|
3efa019656 | ||
|
|
4738fc2014 | ||
|
afe7a51c8f | ||
|
|
7713d784c9 | ||
|
|
0d96ea1730 | ||
|
|
a21bcec358 | ||
|
|
9395752540 | ||
|
0b83ceb20d | ||
|
|
77806ea88b | ||
|
|
60cbef5885 | ||
|
|
8ec1871914 | ||
|
|
aa6eabf766 |
@@ -19,7 +19,6 @@ SUBDIRS = \
|
||||
BUILT_SOURCES = $(top_srcdir)/.version
|
||||
EXTRA_DIST = \
|
||||
.version \
|
||||
contrib/osmo-upf.spec.in \
|
||||
debian \
|
||||
git-version-gen \
|
||||
osmoappdesc.py \
|
||||
|
||||
@@ -23,3 +23,7 @@ pfcp
|
||||
local-addr 127.0.0.12
|
||||
tunmap
|
||||
table-name osmo-upf-12
|
||||
|
||||
# gtp-dev only for GTP-U Echo service
|
||||
tunend
|
||||
dev create gtp-echo-12 127.0.0.12
|
||||
|
||||
25
contrib/osmo-pfcp-tool-scripts/osmo-upf-tunend.gtplab2.cfg
Normal file
25
contrib/osmo-pfcp-tool-scripts/osmo-upf-tunend.gtplab2.cfg
Normal file
@@ -0,0 +1,25 @@
|
||||
log stderr
|
||||
logging filter all 1
|
||||
logging color 1
|
||||
logging print category-hex 0
|
||||
logging print category 1
|
||||
logging timestamp 0
|
||||
logging print file basename last
|
||||
logging print level 1
|
||||
logging level set-all notice
|
||||
logging level set-all info
|
||||
logging level session debug
|
||||
logging level nft debug
|
||||
logging level gtp debug
|
||||
#logging level set-all debug
|
||||
|
||||
line vty
|
||||
bind 127.0.0.2
|
||||
ctrl
|
||||
bind 127.0.0.2
|
||||
|
||||
timer pfcp x24 5000
|
||||
pfcp
|
||||
local-addr 172.16.32.2
|
||||
tunend
|
||||
dev create apn2 172.16.32.2
|
||||
@@ -1,5 +1,5 @@
|
||||
timer pfcp x23 0
|
||||
pfcp-peer 127.0.0.1
|
||||
pfcp-peer 127.0.0.11
|
||||
tx assoc-setup-req
|
||||
sleep 1
|
||||
session tunend
|
||||
|
||||
@@ -1,92 +0,0 @@
|
||||
#
|
||||
# spec file for package osmo-upf
|
||||
#
|
||||
# Copyright (c) 2017, Martin Hauke <mardnh@gmx.de>
|
||||
#
|
||||
# All modifications and additions to the file contributed by third parties
|
||||
# remain the property of their copyright owners, unless otherwise agreed
|
||||
# upon. The license for this file, and modifications and additions to the
|
||||
# file, is the same license as for the pristine package itself (unless the
|
||||
# license for the pristine package is not an Open Source License, in which
|
||||
# case the license is the MIT License). An "Open Source License" is a
|
||||
# license that conforms to the Open Source Definition (Version 1.9)
|
||||
# published by the Open Source Initiative.
|
||||
|
||||
## Disable LTO for now since it breaks compilation of the tests
|
||||
## https://osmocom.org/issues/4113
|
||||
%define _lto_cflags %{nil}
|
||||
|
||||
Name: osmo-upf
|
||||
Version: @VERSION@
|
||||
Release: 0
|
||||
Summary: OsmoUPF: Osmocom User Plane Function
|
||||
License: AGPL-3.0-or-later AND GPL-2.0-or-later
|
||||
Group: Hardware/Mobile
|
||||
URL: https://osmocom.org/projects/osmo-upf
|
||||
Source: %{name}-%{version}.tar.xz
|
||||
BuildRequires: autoconf-archive
|
||||
BuildRequires: automake >= 1.9
|
||||
BuildRequires: libtool >= 2
|
||||
BuildRequires: lksctp-tools-devel
|
||||
BuildRequires: pkgconfig >= 0.20
|
||||
%if 0%{?suse_version}
|
||||
BuildRequires: systemd-rpm-macros
|
||||
%endif
|
||||
BuildRequires: pkgconfig(libgtpnl) >= 1.2.0
|
||||
BuildRequires: pkgconfig(libnftables) >= 1.0.2
|
||||
BuildRequires: pkgconfig(libosmocore) >= 1.6.0
|
||||
BuildRequires: pkgconfig(libosmoctrl) >= 1.6.0
|
||||
BuildRequires: pkgconfig(libosmovty) >= 1.6.0
|
||||
BuildRequires: pkgconfig(libosmo-pfcp) >= 0.1.0
|
||||
BuildRequires: pkgconfig(talloc)
|
||||
%{?systemd_requires}
|
||||
|
||||
%description
|
||||
OsmoUPF: Osmocom User Plane Function
|
||||
|
||||
%prep
|
||||
%setup -q
|
||||
|
||||
%build
|
||||
echo "%{version}" >.tarball-version
|
||||
autoreconf -fi
|
||||
%configure \
|
||||
--docdir=%{_docdir}/%{name} \
|
||||
--with-systemdsystemunitdir=%{_unitdir}
|
||||
make %{?_smp_mflags}
|
||||
|
||||
%install
|
||||
%make_install
|
||||
|
||||
%if 0%{?suse_version}
|
||||
%preun
|
||||
%service_del_preun %{name}.service
|
||||
|
||||
%postun
|
||||
%service_del_postun %{name}.service
|
||||
|
||||
%pre
|
||||
%service_add_pre %{name}.service
|
||||
|
||||
%post
|
||||
%service_add_post %{name}.service
|
||||
%endif
|
||||
|
||||
%check
|
||||
make %{?_smp_mflags} check || (find . -name testsuite.log -exec cat {} +)
|
||||
|
||||
%files
|
||||
%license COPYING
|
||||
%doc AUTHORS README.md
|
||||
%{_bindir}/osmo-upf
|
||||
%{_bindir}/osmo-pfcp-tool
|
||||
%dir %{_docdir}/%{name}/examples
|
||||
%dir %{_docdir}/%{name}/examples/osmo-upf
|
||||
%{_docdir}/%{name}/examples/osmo-upf/osmo-upf.cfg
|
||||
%{_docdir}/%{name}/examples/osmo-upf/osmo-upf-create-dev.cfg
|
||||
%{_docdir}/%{name}/examples/osmo-upf/osmo-upf-mockup.cfg
|
||||
%dir %{_sysconfdir}/osmocom
|
||||
%config(noreplace) %{_sysconfdir}/osmocom/osmo-upf.cfg
|
||||
%{_unitdir}/%{name}.service
|
||||
|
||||
%changelog
|
||||
@@ -8,8 +8,11 @@ Type=simple
|
||||
StateDirectory=osmocom
|
||||
WorkingDirectory=%S/osmocom
|
||||
Restart=always
|
||||
User=osmocom
|
||||
Group=osmocom
|
||||
ExecStart=/usr/bin/osmo-upf -c /etc/osmocom/osmo-upf.cfg
|
||||
RestartSec=2
|
||||
AmbientCapabilities=CAP_NET_ADMIN
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
|
||||
38
debian/postinst
vendored
Executable file
38
debian/postinst
vendored
Executable file
@@ -0,0 +1,38 @@
|
||||
#!/bin/sh -e
|
||||
case "$1" in
|
||||
configure)
|
||||
# Create the osmocom group and user (if it doesn't exist yet)
|
||||
if ! getent group osmocom >/dev/null; then
|
||||
groupadd --system osmocom
|
||||
fi
|
||||
if ! getent passwd osmocom >/dev/null; then
|
||||
useradd \
|
||||
--system \
|
||||
--gid osmocom \
|
||||
--home-dir /var/lib/osmocom \
|
||||
--shell /sbin/nologin \
|
||||
--comment "Open Source Mobile Communications" \
|
||||
osmocom
|
||||
fi
|
||||
|
||||
# Fix permissions of previous (root-owned) install (OS#4107)
|
||||
if dpkg --compare-versions "$2" le "0.2.0"; then
|
||||
if [ -e /etc/osmocom/osmo-upf.cfg ]; then
|
||||
chown -v osmocom:osmocom /etc/osmocom/osmo-upf.cfg
|
||||
chmod -v 0660 /etc/osmocom/osmo-upf.cfg
|
||||
fi
|
||||
|
||||
if [ -d /etc/osmocom ]; then
|
||||
chown -v root:osmocom /etc/osmocom
|
||||
chmod -v 2775 /etc/osmocom
|
||||
fi
|
||||
|
||||
mkdir -p /var/lib/osmocom
|
||||
chown -R -v osmocom:osmocom /var/lib/osmocom
|
||||
fi
|
||||
;;
|
||||
esac
|
||||
|
||||
# dh_installdeb(1) will replace this with shell code automatically
|
||||
# generated by other debhelper scripts.
|
||||
#DEBHELPER#
|
||||
@@ -85,11 +85,11 @@ improve in the future, see https://osmocom.org/issues/5682 .
|
||||
|
||||
OsmoUPF uses two distinct Linux kernel features:
|
||||
|
||||
* The GTP module is used for GTP encapsulation/decapsulation from/to
|
||||
* The GTP module is used for `tunend`: GTP encapsulation/decapsulation from/to
|
||||
"the internet".
|
||||
|
||||
* The netfilter module is used for GTP tunnel proxying, also known as
|
||||
tunnel forwarding or tunnel mapping.
|
||||
* The netfilter framework and nftables are used for `tunmap`: GTP tunnel proxying,
|
||||
also known as tunnel forwarding or tunnel mapping.
|
||||
|
||||
.Linux kernel feature usage
|
||||
[graphviz]
|
||||
@@ -97,8 +97,12 @@ OsmoUPF uses two distinct Linux kernel features:
|
||||
include::upf_gtp_roles.dot[]
|
||||
----
|
||||
|
||||
GTP kernel module configuration can be omitted for sites that serve only as GTP
|
||||
forwarding proxy, without encapsulation/decapsulation of GTP payloads.
|
||||
GTP kernel module configuration in the `tunend` section can be omitted for sites
|
||||
that serve only as GTP forwarding proxy, without encapsulation/decapsulation of
|
||||
GTP payloads -- except to provide GTP Echo service, see <<gtp_echo>>.
|
||||
|
||||
Netfilter configuration in the `tunmap` section can be omitted for sites only
|
||||
serving as GTP tunnel endpoint.
|
||||
|
||||
[[gtp_module]]
|
||||
=== Configure Linux Kernel GTP Module for `tunend`
|
||||
@@ -163,11 +167,57 @@ this GTP device. When using ANY, there should be exactly one GTP dev configured.
|
||||
The Linux kernel netfilter module is used for GTP tunnel proxying, also known as
|
||||
tunnel forwarding or tunnel mapping.
|
||||
|
||||
Using the netfilter module usually requires no configuration in `osmo-upf.cfg`.
|
||||
When using the netfilter module, you may set up `osmo-upf.cfg` for:
|
||||
- GTP Echo (required)
|
||||
- nft table name (optional)
|
||||
|
||||
`osmo-upf` creates a new netfilter table, under which it submits rule sets for
|
||||
GTP tunnel proxying. This table name defaults to `osmo-upf`. A custom table name
|
||||
can be configured in `osmo-upf.cfg` like this:
|
||||
[[gtp_echo]]
|
||||
==== GTP Echo
|
||||
|
||||
You need to ensure that OsmoUPF responds to GTP Echo requests.
|
||||
- A GTP device configured for `tunend` implicitly includes a GTP Echo service.
|
||||
- For `tunmap`, no GTP Echo mechanism is implemented.
|
||||
|
||||
So, when your use case is `tunmap` only, you should still add a GTP device as
|
||||
for `tunend`, only to provide the GTP Echo service.
|
||||
|
||||
Here are some options to do so:
|
||||
|
||||
If you have no GTP devices configured in `osmo-upf.cfg` yet, you can add a
|
||||
single GTP device without a specific IP address, in order to respond to GTP-U
|
||||
Echo requests on all interfaces to anyone that is asking:
|
||||
|
||||
----
|
||||
tunend
|
||||
dev create gtp-echo
|
||||
----
|
||||
|
||||
Note that `gtp-echo` is just an arbitrary GTP device name, choose any string
|
||||
that makes a valid network device name and is still available, as in the `dev`
|
||||
argument in the `ip addr show dev` command on Linux.
|
||||
|
||||
This will bind osmo-upf on 0.0.0.0:2152 to respond to GTP Echo requests.
|
||||
|
||||
If you would like to limit GTP Echo responses to specific network interfaces,
|
||||
you need to add a separate GTP device per local IP address:
|
||||
|
||||
----
|
||||
tunend
|
||||
dev create gtp-echo1 192.168.0.23
|
||||
dev create gtp-echo2 10.9.8.17
|
||||
----
|
||||
|
||||
This will bind osmo-upf only on 192.168.0.23:2152 and 10.9.8.17:2152 to respond
|
||||
to GTP Echo requests.
|
||||
|
||||
For creating and manipulating a GTP device in more versatile ways, see
|
||||
<<gtp_module>>.
|
||||
|
||||
==== nft Table Name
|
||||
|
||||
For `tunmap`, `osmo-upf` creates a new nft table, under which it submits
|
||||
rule sets for GTP tunnel proxying. This table name defaults to `osmo-upf`. A
|
||||
custom table name can be configured in `osmo-upf.cfg` like this:
|
||||
|
||||
----
|
||||
tunmap
|
||||
@@ -176,3 +226,44 @@ tunmap
|
||||
|
||||
When running more than one osmo-upf process on a system, pick distinct table
|
||||
names to avoid name collisions in the nftables rulesets.
|
||||
|
||||
=== IP Forwarding
|
||||
|
||||
In order to allow forwarding GTP payloads, the Linux operating system must
|
||||
be configured to allow IP forwarding.
|
||||
|
||||
Note that there are many distribution-specific ways to configure this, and there
|
||||
might be higher-level firewall rule management software available like `ufw`.
|
||||
You should configure firewall rules matching your distribution and setup.
|
||||
|
||||
To allow IP forwarding from and to all interfaces globally in a reboot-safe way,
|
||||
you may put a line like this in /etc/sysctl.conf:
|
||||
|
||||
----
|
||||
net.ipv4.ip_forward=1
|
||||
----
|
||||
|
||||
To do the same in an ad-hoc way that is not reboot safe but takes effect
|
||||
immediately:
|
||||
|
||||
----
|
||||
sudo sh -c "echo 1 > /proc/sys/net/ipv4/ip_forward"
|
||||
----
|
||||
|
||||
It is also possible to instruct the firewall to allow IP forwarding for specific
|
||||
network devices only. For example, on a Debian based system, place an nft
|
||||
ruleset like this in `/etc/nftables.conf`:
|
||||
|
||||
----
|
||||
define gtp_netdevs = { eth0, eth23 };
|
||||
|
||||
table inet filter {
|
||||
chain forward {
|
||||
type filter hook forward priority filter; policy drop;
|
||||
iifname $gtp_netdevs oifname $gtp_netdevs udp dport 2152 accept
|
||||
}
|
||||
}
|
||||
----
|
||||
|
||||
This ruleset allows IP forwarding, but limited to the GTP-U port 2152,
|
||||
and to two specific network devices eth0 and eth23.
|
||||
|
||||
@@ -97,7 +97,7 @@ DEFUN(c_listen, c_listen_cmd,
|
||||
|
||||
rc = osmo_pfcp_endpoint_bind(g_pfcp_tool->ep);
|
||||
if (rc) {
|
||||
vty_out(vty, "Failed to bind PFCP endpoint on %s: %s%s\n",
|
||||
vty_out(vty, "Failed to bind PFCP endpoint on %s: %s%s",
|
||||
osmo_sockaddr_to_str_c(OTC_SELECT, osmo_pfcp_endpoint_get_local_addr(g_pfcp_tool->ep)),
|
||||
strerror(-rc), VTY_NEWLINE);
|
||||
return CMD_WARNING;
|
||||
@@ -108,7 +108,7 @@ DEFUN(c_listen, c_listen_cmd,
|
||||
DEFUN(c_sleep, c_sleep_cmd,
|
||||
"sleep <0-999999> [<0-999>]",
|
||||
"Let some time pass\n"
|
||||
"Seconds to wait\n")
|
||||
"Seconds to wait\n" "Additional milliseconds to wait\n")
|
||||
{
|
||||
int secs = atoi(argv[0]);
|
||||
int msecs = 0;
|
||||
|
||||
@@ -50,23 +50,43 @@ struct gtp1u_hdr {
|
||||
|
||||
static int tx_echo_resp(struct upf_gtp_dev *dev, const struct osmo_sockaddr *remote, uint16_t seq_nr);
|
||||
|
||||
static int rx_echo_req(struct upf_gtp_dev *dev, const struct osmo_sockaddr *remote, const struct gtp1u_hdr *rx_h)
|
||||
static int rx_echo_req(struct upf_gtp_dev *dev, const struct osmo_sockaddr *remote, const struct gtp1u_hdr *rx_h,
|
||||
size_t msg_len)
|
||||
{
|
||||
if (!rx_h->s) {
|
||||
LOG_GTP_DEV(dev, LOGL_ERROR, "rx GTPv1-U ECHO REQ without sequence nr\n");
|
||||
return -1;
|
||||
}
|
||||
uint16_t seq_nr = 0;
|
||||
uint8_t recovery_count = 0;
|
||||
if (msg_len >= (sizeof(*rx_h) + 2) && rx_h->data2[0] == GTP1U_IEI_RECOVERY)
|
||||
recovery_count = rx_h->data2[1];
|
||||
|
||||
seq_nr = rx_h->s;
|
||||
LOG_GTP_DEV(dev, LOGL_INFO, "<- %s: rx GTPv1-U Echo Request: seq_nr=%u recovery_count=%u\n",
|
||||
osmo_sockaddr_to_str(remote), seq_nr, recovery_count);
|
||||
|
||||
return tx_echo_resp(dev, remote, rx_h->ext.seq_nr);
|
||||
}
|
||||
|
||||
static void rx_echo_resp(struct upf_gtp_dev *dev, const struct osmo_sockaddr *remote, const struct gtp1u_hdr *rx_h,
|
||||
size_t msg_len)
|
||||
{
|
||||
if (msg_len < (sizeof(*rx_h) + 2)) {
|
||||
LOG_GTP_DEV(dev, LOGL_ERROR,
|
||||
"<- %s: rx GTPv1-U Echo Response, but message is too short (%zu < %zu)\n",
|
||||
osmo_sockaddr_to_str_c(OTC_SELECT, remote), msg_len, (sizeof(*rx_h) + 2));
|
||||
return;
|
||||
}
|
||||
|
||||
uint8_t recovery_count = rx_h->data2[1];
|
||||
LOG_GTP_DEV(dev, LOGL_INFO, "<- %s: rx GTPv1-U Echo Response: seq_nr=%u recovery_count=%u\n",
|
||||
osmo_sockaddr_to_str(remote), rx_h->ext.seq_nr, recovery_count);
|
||||
}
|
||||
|
||||
static int tx_echo_resp(struct upf_gtp_dev *dev, const struct osmo_sockaddr *remote, uint16_t seq_nr)
|
||||
{
|
||||
struct msgb *msg;
|
||||
struct gtp1u_hdr *tx_h;
|
||||
int rc;
|
||||
|
||||
msg = msgb_alloc_headroom(1024, 128, "GTP-echo-resp");
|
||||
msg = msgb_alloc_headroom(1024, 128, "GTPv1-U-echo-resp");
|
||||
tx_h = (void *)msgb_put(msg, sizeof(*tx_h));
|
||||
|
||||
*tx_h = (struct gtp1u_hdr){
|
||||
@@ -90,10 +110,15 @@ static int tx_echo_resp(struct upf_gtp_dev *dev, const struct osmo_sockaddr *rem
|
||||
|
||||
rc = sendto(dev->gtpv1.ofd.fd, msgb_data(msg), msgb_length(msg), 0, &remote->u.sa, sizeof(*remote));
|
||||
if (rc < 0) {
|
||||
int err = errno;
|
||||
LOG_GTP_DEV(dev, LOGL_ERROR, "GTP1-U sendto(len=%d, to=%s): %s\n", msgb_length(msg),
|
||||
osmo_sockaddr_to_str(remote), strerror(err));
|
||||
rc = -errno;
|
||||
LOG_GTP_DEV(dev, LOGL_ERROR, "-> %s: tx GTPv1-U Echo Response: sendto(len=%d): %s\n",
|
||||
osmo_sockaddr_to_str(remote), msgb_length(msg), strerror(-rc));
|
||||
} else {
|
||||
LOG_GTP_DEV(dev, LOGL_INFO, "-> %s: tx GTPv1-U Echo Response: seq_nr=%u recovery_count=%u\n",
|
||||
osmo_sockaddr_to_str(remote), seq_nr, g_upf->tunend.recovery_count);
|
||||
rc = 0;
|
||||
}
|
||||
msgb_free(msg);
|
||||
return rc;
|
||||
}
|
||||
|
||||
@@ -120,39 +145,42 @@ int upf_gtpu_echo_read_cb(struct osmo_fd *ofd, unsigned int what)
|
||||
/* A GTPv1-U header of size 8 is valid, but this code expects to handle only ECHO REQUEST messages. These are
|
||||
* required to have a sequence number, hence this check here consciously uses the full sizeof(*h) == 12. */
|
||||
if (sz < sizeof(*h)) {
|
||||
LOG_GTP_DEV(dev, LOGL_ERROR, "rx GTP packet smaller than the GTPv1-U header + sequence nr: %zd < %zu\n",
|
||||
sz, sizeof(*h));
|
||||
LOG_GTP_DEV(dev, LOGL_ERROR,
|
||||
"<- %s: rx GTPv1-U packet smaller than the GTPv1-U header + sequence nr: %zd < %zu\n",
|
||||
osmo_sockaddr_to_str(&remote), sz, sizeof(*h));
|
||||
return -1;
|
||||
}
|
||||
|
||||
h = (const struct gtp1u_hdr *)buf;
|
||||
if (h->version != 1) {
|
||||
LOG_GTP_DEV(dev, LOGL_ERROR, "rx GTP v%u: only GTP version 1 supported\n", h->version);
|
||||
LOG_GTP_DEV(dev, LOGL_ERROR, "<- %s: rx GTPv1-U v%u: only GTP version 1 supported\n",
|
||||
osmo_sockaddr_to_str(&remote), h->version);
|
||||
return -1;
|
||||
}
|
||||
|
||||
h_length = osmo_load16be(&h->length);
|
||||
if (offsetof(struct gtp1u_hdr, data1) + h_length > sz) {
|
||||
LOG_GTP_DEV(dev, LOGL_ERROR, "rx GTP: header + h.length = %zu > received bytes = %zd\n",
|
||||
offsetof(struct gtp1u_hdr, data1) + h_length, sz);
|
||||
LOG_GTP_DEV(dev, LOGL_ERROR, "<- %s: rx GTPv1-U: header + h.length = %zu > received bytes = %zd\n",
|
||||
osmo_sockaddr_to_str(&remote), offsetof(struct gtp1u_hdr, data1) + h_length, sz);
|
||||
return -1;
|
||||
}
|
||||
|
||||
switch (h->msg_type) {
|
||||
case GTP1U_MSGTYPE_ECHO_REQ:
|
||||
return rx_echo_req(dev, &remote, h);
|
||||
return rx_echo_req(dev, &remote, h, sz);
|
||||
case GTP1U_MSGTYPE_ECHO_RSP:
|
||||
rx_echo_resp(dev, &remote, h, sz);
|
||||
return 0;
|
||||
default:
|
||||
LOG_GTP_DEV(dev, LOGL_ERROR, "rx: GTPv1-U message type %u not supported\n", h->msg_type);
|
||||
return -1;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
int upf_gtpu_echo_setup(struct upf_gtp_dev *dev)
|
||||
{
|
||||
if (dev->gtpv1.ofd.fd == -1) {
|
||||
LOGP(DGTP, LOGL_ERROR, "Cannot setup GTP-U ECHO: GTP-v1 socket not initialized\n");
|
||||
LOGP(DGTP, LOGL_ERROR, "Cannot setup GTPv1-U ECHO: socket not initialized\n");
|
||||
return -EINVAL;
|
||||
}
|
||||
|
||||
|
||||
@@ -177,7 +177,7 @@ static int tunmap_add_single_direction(char *buf, size_t buflen,
|
||||
* # add chain for verdict map in postrouting
|
||||
* add chain inet osmo-upf tunmap-post-123
|
||||
* # mangle source address and GTP TID at postrouting
|
||||
* add rule inet osmo-upf tunmap-post-123 ip saddr set 2.2.2.1 @ih,32,32 set 0x00000102 counter accept
|
||||
* add rule inet osmo-upf tunmap-post-123 ip saddr set 2.2.2.1 udp sport set 2152 @ih,32,32 set 0x00000102 counter accept
|
||||
*
|
||||
* # add elements to verdict map, jump to chain
|
||||
* add element inet osmo-upf tunmap-pre { 2.2.2.3 . 0x00000203 : jump tunmap-pre-123 }
|
||||
@@ -200,6 +200,7 @@ static int tunmap_add_single_direction(char *buf, size_t buflen,
|
||||
args->table_name, from_peer->chain_id);
|
||||
OSMO_STRBUF_PRINTF(sb, " ip saddr set ");
|
||||
OSMO_STRBUF_APPEND(sb, osmo_sockaddr_to_str_buf2, to_peer->addr_local);
|
||||
OSMO_STRBUF_PRINTF(sb, " udp sport set 2152");
|
||||
OSMO_STRBUF_PRINTF(sb, " @ih,32,32 set 0x%x", to_peer->teid_remote);
|
||||
OSMO_STRBUF_PRINTF(sb, " counter accept;\n");
|
||||
|
||||
|
||||
@@ -21,7 +21,7 @@ $(srcdir)/package.m4: $(top_srcdir)/configure.ac
|
||||
} >'$(srcdir)/package.m4'
|
||||
|
||||
EXTRA_DIST = \
|
||||
upf.vty \
|
||||
$(srcdir)/*.vty \
|
||||
testsuite.at \
|
||||
$(srcdir)/package.m4 \
|
||||
$(TESTSUITE) \
|
||||
|
||||
@@ -18,13 +18,13 @@ add rule inet osmo-upf post meta mark vmap @tunmap-post;
|
||||
add chain inet osmo-upf tunmap-pre-123;
|
||||
add rule inet osmo-upf tunmap-pre-123 ip daddr set 3.3.3.3 meta mark set 123 counter accept;
|
||||
add chain inet osmo-upf tunmap-post-123;
|
||||
add rule inet osmo-upf tunmap-post-123 ip saddr set 2.2.2.3 @ih,32,32 set 0x302 counter accept;
|
||||
add rule inet osmo-upf tunmap-post-123 ip saddr set 2.2.2.3 udp sport set 2152 @ih,32,32 set 0x302 counter accept;
|
||||
add element inet osmo-upf tunmap-pre { 2.2.2.1 . 0x201 : jump tunmap-pre-123 };
|
||||
add element inet osmo-upf tunmap-post { 123 : jump tunmap-post-123 };
|
||||
add chain inet osmo-upf tunmap-pre-321;
|
||||
add rule inet osmo-upf tunmap-pre-321 ip daddr set 1.1.1.1 meta mark set 321 counter accept;
|
||||
add chain inet osmo-upf tunmap-post-321;
|
||||
add rule inet osmo-upf tunmap-post-321 ip saddr set 2.2.2.1 @ih,32,32 set 0x102 counter accept;
|
||||
add rule inet osmo-upf tunmap-post-321 ip saddr set 2.2.2.1 udp sport set 2152 @ih,32,32 set 0x102 counter accept;
|
||||
add element inet osmo-upf tunmap-pre { 2.2.2.3 . 0x203 : jump tunmap-pre-321 };
|
||||
add element inet osmo-upf tunmap-post { 321 : jump tunmap-post-321 };
|
||||
|
||||
|
||||
@@ -63,17 +63,17 @@ DSESSION DEBUG up_session(1-2-3-4-0x1){INIT}: enabling: GTP:tunmap GTP-access-r:
|
||||
add chain inet osmo-upf tunmap-pre-1;
|
||||
add rule inet osmo-upf tunmap-pre-1 ip daddr set 13.14.15.16 meta mark set 1 counter accept;
|
||||
add chain inet osmo-upf tunmap-post-1;
|
||||
add rule inet osmo-upf tunmap-post-1 ip saddr set 1.1.1.1 @ih,32,32 set 0x101 counter accept;
|
||||
add rule inet osmo-upf tunmap-post-1 ip saddr set 1.1.1.1 udp sport set 2152 @ih,32,32 set 0x101 counter accept;
|
||||
add element inet osmo-upf tunmap-pre { 1.1.1.1 . 0x2 : jump tunmap-pre-1 };
|
||||
add element inet osmo-upf tunmap-post { 1 : jump tunmap-post-1 };
|
||||
add chain inet osmo-upf tunmap-pre-2;
|
||||
add rule inet osmo-upf tunmap-pre-2 ip daddr set 5.6.7.8 meta mark set 2 counter accept;
|
||||
add chain inet osmo-upf tunmap-post-2;
|
||||
add rule inet osmo-upf tunmap-post-2 ip saddr set 1.1.1.1 @ih,32,32 set 0x100 counter accept;
|
||||
add rule inet osmo-upf tunmap-post-2 ip saddr set 1.1.1.1 udp sport set 2152 @ih,32,32 set 0x100 counter accept;
|
||||
add element inet osmo-upf tunmap-pre { 1.1.1.1 . 0x1 : jump tunmap-pre-2 };
|
||||
add element inet osmo-upf tunmap-post { 2 : jump tunmap-post-2 };
|
||||
|
||||
DNFT DEBUG run nft ruleset: "add chain inet osmo-upf tunmap-pre-1;\nadd rule inet osmo-upf tunmap-pre-1 ip daddr set 13.14.15.16 meta mark set 1 counter accept;\nadd chain inet osmo-upf tunmap-post-1;\nadd rule inet osmo-upf tunmap-post-1 ip saddr set 1.1.1.1 @ih,32,32 set 0x101 counter accept;\nadd element inet osmo-upf tunmap-pre { 1.1.1.1 . 0x2 : jump tunmap-pre-1 };\nadd element inet osmo-upf tunmap-post { 1 : jump tunmap-post-1 };\nadd chain inet osmo-upf tunmap-pre-2;\nadd rule inet osmo-upf tunmap-pre-2 ip daddr set 5.6.7.8 meta mark set 2 counter accept;\nadd chain inet osmo-upf tunmap-post-2;\nadd rule inet osmo-upf tunmap-post-2 ip saddr set 1.1.1.1 @ih,32,32 set 0x100 counter accept;\nadd element inet osmo-upf tunmap-pre { 1.1.1.1 . 0x1 : jump tunmap-pre-2 };\nadd element inet osmo-upf tunmap-post { 2 : jump tunmap-post-2 };\n"
|
||||
DNFT DEBUG run nft ruleset: "add chain inet osmo-upf tunmap-pre-1;\nadd rule inet osmo-upf tunmap-pre-1 ip daddr set 13.14.15.16 meta mark set 1 counter accept;\nadd chain inet osmo-upf tunmap-post-1;\nadd rule inet osmo-upf tunmap-post-1 ip saddr set 1.1.1.1 udp sport set 2152 @ih,32,32 set 0x101 counter accept;\nadd element inet osmo-upf tunmap-pre { 1.1.1.1 . 0x2 : jump tunmap-pre-1 };\nadd element inet osmo-upf tunmap-post { 1 : jump tunmap-post-1 };\nadd chain inet osmo-upf tunmap-pre-2;\nadd rule inet osmo-upf tunmap-pre-2 ip daddr set 5.6.7.8 meta mark set 2 counter accept;\nadd chain inet osmo-upf tunmap-post-2;\nadd rule inet osmo-upf tunmap-post-2 ip saddr set 1.1.1.1 udp sport set 2152 @ih,32,32 set 0x100 counter accept;\nadd element inet osmo-upf tunmap-pre { 1.1.1.1 . 0x1 : jump tunmap-pre-2 };\nadd element inet osmo-upf tunmap-post { 2 : jump tunmap-post-2 };\n"
|
||||
DGTP NOTICE GTP:tunmap GTP-access-r:5.6.7.8 TEID-access-r:0x100 GTP-access-l:1.1.1.1 TEID-access-l:0x2 GTP-core-r:13.14.15.16 TEID-core-r:0x101 GTP-core-l:1.1.1.1 TEID-core-l:0x1 PFCP-peer:1.2.3.4 SEID-l:0x1 PDR-access:2 PDR-core:1: Enabled tunmap, nft chain IDs: access--1-> <-2--core
|
||||
|
||||
[test override] PFCP tx:
|
||||
@@ -128,17 +128,17 @@ DSESSION DEBUG up_session(1-2-3-4-0x2){INIT}: enabling: GTP:tunmap GTP-access-r:
|
||||
add chain inet osmo-upf tunmap-pre-3;
|
||||
add rule inet osmo-upf tunmap-pre-3 ip daddr set 13.14.15.16 meta mark set 3 counter accept;
|
||||
add chain inet osmo-upf tunmap-post-3;
|
||||
add rule inet osmo-upf tunmap-post-3 ip saddr set 1.1.1.1 @ih,32,32 set 0x103 counter accept;
|
||||
add rule inet osmo-upf tunmap-post-3 ip saddr set 1.1.1.1 udp sport set 2152 @ih,32,32 set 0x103 counter accept;
|
||||
add element inet osmo-upf tunmap-pre { 1.1.1.1 . 0x4 : jump tunmap-pre-3 };
|
||||
add element inet osmo-upf tunmap-post { 3 : jump tunmap-post-3 };
|
||||
add chain inet osmo-upf tunmap-pre-4;
|
||||
add rule inet osmo-upf tunmap-pre-4 ip daddr set 5.6.7.8 meta mark set 4 counter accept;
|
||||
add chain inet osmo-upf tunmap-post-4;
|
||||
add rule inet osmo-upf tunmap-post-4 ip saddr set 1.1.1.1 @ih,32,32 set 0x102 counter accept;
|
||||
add rule inet osmo-upf tunmap-post-4 ip saddr set 1.1.1.1 udp sport set 2152 @ih,32,32 set 0x102 counter accept;
|
||||
add element inet osmo-upf tunmap-pre { 1.1.1.1 . 0x3 : jump tunmap-pre-4 };
|
||||
add element inet osmo-upf tunmap-post { 4 : jump tunmap-post-4 };
|
||||
|
||||
DNFT DEBUG run nft ruleset: "add chain inet osmo-upf tunmap-pre-3;\nadd rule inet osmo-upf tunmap-pre-3 ip daddr set 13.14.15.16 meta mark set 3 counter accept;\nadd chain inet osmo-upf tunmap-post-3;\nadd rule inet osmo-upf tunmap-post-3 ip saddr set 1.1.1.1 @ih,32,32 set 0x103 counter accept;\nadd element inet osmo-upf tunmap-pre { 1.1.1.1 . 0x4 : jump tunmap-pre-3 };\nadd element inet osmo-upf tunmap-post { 3 : jump tunmap-post-3 };\nadd chain inet osmo-upf tunmap-pre-4;\nadd rule inet osmo-upf tunmap-pre-4 ip daddr set 5.6.7.8 meta mark set 4 counter accept;\nadd chain inet osmo-upf tunmap-post-4;\nadd rule inet osmo-upf tunmap-post-4 ip saddr set 1.1.1.1 @ih,32,32 set 0x102 counter accept;\nadd element inet osmo-upf tunmap-pre { 1.1.1.1 . 0x3 : jump tunmap-pre-4 };\nadd element inet osmo-upf tunmap-post { 4 : jump tunmap-post-4 };\n"
|
||||
DNFT DEBUG run nft ruleset: "add chain inet osmo-upf tunmap-pre-3;\nadd rule inet osmo-upf tunmap-pre-3 ip daddr set 13.14.15.16 meta mark set 3 counter accept;\nadd chain inet osmo-upf tunmap-post-3;\nadd rule inet osmo-upf tunmap-post-3 ip saddr set 1.1.1.1 udp sport set 2152 @ih,32,32 set 0x103 counter accept;\nadd element inet osmo-upf tunmap-pre { 1.1.1.1 . 0x4 : jump tunmap-pre-3 };\nadd element inet osmo-upf tunmap-post { 3 : jump tunmap-post-3 };\nadd chain inet osmo-upf tunmap-pre-4;\nadd rule inet osmo-upf tunmap-pre-4 ip daddr set 5.6.7.8 meta mark set 4 counter accept;\nadd chain inet osmo-upf tunmap-post-4;\nadd rule inet osmo-upf tunmap-post-4 ip saddr set 1.1.1.1 udp sport set 2152 @ih,32,32 set 0x102 counter accept;\nadd element inet osmo-upf tunmap-pre { 1.1.1.1 . 0x3 : jump tunmap-pre-4 };\nadd element inet osmo-upf tunmap-post { 4 : jump tunmap-post-4 };\n"
|
||||
DGTP NOTICE GTP:tunmap GTP-access-r:5.6.7.8 TEID-access-r:0x102 GTP-access-l:1.1.1.1 TEID-access-l:0x4 GTP-core-r:13.14.15.16 TEID-core-r:0x103 GTP-core-l:1.1.1.1 TEID-core-l:0x3 PFCP-peer:1.2.3.4 SEID-l:0x2 PDR-access:2 PDR-core:1: Enabled tunmap, nft chain IDs: access--3-> <-4--core
|
||||
|
||||
[test override] PFCP tx:
|
||||
@@ -236,17 +236,17 @@ DSESSION DEBUG up_session(1-2-3-4-0x1){INIT}: enabling: GTP:tunmap GTP-access-r:
|
||||
add chain inet osmo-upf tunmap-pre-1;
|
||||
add rule inet osmo-upf tunmap-pre-1 ip daddr set 13.14.15.16 meta mark set 1 counter accept;
|
||||
add chain inet osmo-upf tunmap-post-1;
|
||||
add rule inet osmo-upf tunmap-post-1 ip saddr set 1.1.1.1 @ih,32,32 set 0x105 counter accept;
|
||||
add rule inet osmo-upf tunmap-post-1 ip saddr set 1.1.1.1 udp sport set 2152 @ih,32,32 set 0x105 counter accept;
|
||||
add element inet osmo-upf tunmap-pre { 1.1.1.1 . 0x2 : jump tunmap-pre-1 };
|
||||
add element inet osmo-upf tunmap-post { 1 : jump tunmap-post-1 };
|
||||
add chain inet osmo-upf tunmap-pre-2;
|
||||
add rule inet osmo-upf tunmap-pre-2 ip daddr set 5.6.7.8 meta mark set 2 counter accept;
|
||||
add chain inet osmo-upf tunmap-post-2;
|
||||
add rule inet osmo-upf tunmap-post-2 ip saddr set 1.1.1.1 @ih,32,32 set 0x104 counter accept;
|
||||
add rule inet osmo-upf tunmap-post-2 ip saddr set 1.1.1.1 udp sport set 2152 @ih,32,32 set 0x104 counter accept;
|
||||
add element inet osmo-upf tunmap-pre { 1.1.1.1 . 0x1 : jump tunmap-pre-2 };
|
||||
add element inet osmo-upf tunmap-post { 2 : jump tunmap-post-2 };
|
||||
|
||||
DNFT DEBUG run nft ruleset: "add chain inet osmo-upf tunmap-pre-1;\nadd rule inet osmo-upf tunmap-pre-1 ip daddr set 13.14.15.16 meta mark set 1 counter accept;\nadd chain inet osmo-upf tunmap-post-1;\nadd rule inet osmo-upf tunmap-post-1 ip saddr set 1.1.1.1 @ih,32,32 set 0x105 counter accept;\nadd element inet osmo-upf tunmap-pre { 1.1.1.1 . 0x2 : jump tunmap-pre-1 };\nadd element inet osmo-upf tunmap-post { 1 : jump tunmap-post-1 };\nadd chain inet osmo-upf tunmap-pre-2;\nadd rule inet osmo-upf tunmap-pre-2 ip daddr set 5.6.7.8 meta mark set 2 counter accept;\nadd chain inet osmo-upf tunmap-post-2;\nadd rule inet osmo-upf tunmap-post-2 ip saddr set 1.1.1.1 @ih,32,32 set 0x104 counter accept;\nadd element inet osmo-upf tunmap-pre { 1.1.1.1 . 0x1 : jump tunmap-pre-2 };\nadd element inet osmo-upf tunmap-post { 2 : jump tunmap-post-2 };\n"
|
||||
DNFT DEBUG run nft ruleset: "add chain inet osmo-upf tunmap-pre-1;\nadd rule inet osmo-upf tunmap-pre-1 ip daddr set 13.14.15.16 meta mark set 1 counter accept;\nadd chain inet osmo-upf tunmap-post-1;\nadd rule inet osmo-upf tunmap-post-1 ip saddr set 1.1.1.1 udp sport set 2152 @ih,32,32 set 0x105 counter accept;\nadd element inet osmo-upf tunmap-pre { 1.1.1.1 . 0x2 : jump tunmap-pre-1 };\nadd element inet osmo-upf tunmap-post { 1 : jump tunmap-post-1 };\nadd chain inet osmo-upf tunmap-pre-2;\nadd rule inet osmo-upf tunmap-pre-2 ip daddr set 5.6.7.8 meta mark set 2 counter accept;\nadd chain inet osmo-upf tunmap-post-2;\nadd rule inet osmo-upf tunmap-post-2 ip saddr set 1.1.1.1 udp sport set 2152 @ih,32,32 set 0x104 counter accept;\nadd element inet osmo-upf tunmap-pre { 1.1.1.1 . 0x1 : jump tunmap-pre-2 };\nadd element inet osmo-upf tunmap-post { 2 : jump tunmap-post-2 };\n"
|
||||
DGTP NOTICE GTP:tunmap GTP-access-r:5.6.7.8 TEID-access-r:0x104 GTP-access-l:1.1.1.1 TEID-access-l:0x2 GTP-core-r:13.14.15.16 TEID-core-r:0x105 GTP-core-l:1.1.1.1 TEID-core-l:0x1 PFCP-peer:1.2.3.4 SEID-l:0x1 PDR-access:2 PDR-core:1: Enabled tunmap, nft chain IDs: access--1-> <-2--core
|
||||
|
||||
[test override] PFCP tx:
|
||||
@@ -301,17 +301,17 @@ DSESSION DEBUG up_session(1-2-3-4-0x3){INIT}: enabling: GTP:tunmap GTP-access-r:
|
||||
add chain inet osmo-upf tunmap-pre-5;
|
||||
add rule inet osmo-upf tunmap-pre-5 ip daddr set 13.14.15.16 meta mark set 5 counter accept;
|
||||
add chain inet osmo-upf tunmap-post-5;
|
||||
add rule inet osmo-upf tunmap-post-5 ip saddr set 1.1.1.1 @ih,32,32 set 0x107 counter accept;
|
||||
add rule inet osmo-upf tunmap-post-5 ip saddr set 1.1.1.1 udp sport set 2152 @ih,32,32 set 0x107 counter accept;
|
||||
add element inet osmo-upf tunmap-pre { 1.1.1.1 . 0x6 : jump tunmap-pre-5 };
|
||||
add element inet osmo-upf tunmap-post { 5 : jump tunmap-post-5 };
|
||||
add chain inet osmo-upf tunmap-pre-6;
|
||||
add rule inet osmo-upf tunmap-pre-6 ip daddr set 5.6.7.8 meta mark set 6 counter accept;
|
||||
add chain inet osmo-upf tunmap-post-6;
|
||||
add rule inet osmo-upf tunmap-post-6 ip saddr set 1.1.1.1 @ih,32,32 set 0x106 counter accept;
|
||||
add rule inet osmo-upf tunmap-post-6 ip saddr set 1.1.1.1 udp sport set 2152 @ih,32,32 set 0x106 counter accept;
|
||||
add element inet osmo-upf tunmap-pre { 1.1.1.1 . 0x5 : jump tunmap-pre-6 };
|
||||
add element inet osmo-upf tunmap-post { 6 : jump tunmap-post-6 };
|
||||
|
||||
DNFT DEBUG run nft ruleset: "add chain inet osmo-upf tunmap-pre-5;\nadd rule inet osmo-upf tunmap-pre-5 ip daddr set 13.14.15.16 meta mark set 5 counter accept;\nadd chain inet osmo-upf tunmap-post-5;\nadd rule inet osmo-upf tunmap-post-5 ip saddr set 1.1.1.1 @ih,32,32 set 0x107 counter accept;\nadd element inet osmo-upf tunmap-pre { 1.1.1.1 . 0x6 : jump tunmap-pre-5 };\nadd element inet osmo-upf tunmap-post { 5 : jump tunmap-post-5 };\nadd chain inet osmo-upf tunmap-pre-6;\nadd rule inet osmo-upf tunmap-pre-6 ip daddr set 5.6.7.8 meta mark set 6 counter accept;\nadd chain inet osmo-upf tunmap-post-6;\nadd rule inet osmo-upf tunmap-post-6 ip saddr set 1.1.1.1 @ih,32,32 set 0x106 counter accept;\nadd element inet osmo-upf tunmap-pre { 1.1.1.1 . 0x5 : jump tunmap-pre-6 };\nadd element inet osmo-upf tunmap-post { 6 : jump tunmap-post-6 };\n"
|
||||
DNFT DEBUG run nft ruleset: "add chain inet osmo-upf tunmap-pre-5;\nadd rule inet osmo-upf tunmap-pre-5 ip daddr set 13.14.15.16 meta mark set 5 counter accept;\nadd chain inet osmo-upf tunmap-post-5;\nadd rule inet osmo-upf tunmap-post-5 ip saddr set 1.1.1.1 udp sport set 2152 @ih,32,32 set 0x107 counter accept;\nadd element inet osmo-upf tunmap-pre { 1.1.1.1 . 0x6 : jump tunmap-pre-5 };\nadd element inet osmo-upf tunmap-post { 5 : jump tunmap-post-5 };\nadd chain inet osmo-upf tunmap-pre-6;\nadd rule inet osmo-upf tunmap-pre-6 ip daddr set 5.6.7.8 meta mark set 6 counter accept;\nadd chain inet osmo-upf tunmap-post-6;\nadd rule inet osmo-upf tunmap-post-6 ip saddr set 1.1.1.1 udp sport set 2152 @ih,32,32 set 0x106 counter accept;\nadd element inet osmo-upf tunmap-pre { 1.1.1.1 . 0x5 : jump tunmap-pre-6 };\nadd element inet osmo-upf tunmap-post { 6 : jump tunmap-post-6 };\n"
|
||||
DGTP NOTICE GTP:tunmap GTP-access-r:5.6.7.8 TEID-access-r:0x106 GTP-access-l:1.1.1.1 TEID-access-l:0x6 GTP-core-r:13.14.15.16 TEID-core-r:0x107 GTP-core-l:1.1.1.1 TEID-core-l:0x5 PFCP-peer:1.2.3.4 SEID-l:0x3 PDR-access:2 PDR-core:1: Enabled tunmap, nft chain IDs: access--5-> <-6--core
|
||||
|
||||
[test override] PFCP tx:
|
||||
|
||||
Reference in New Issue
Block a user