forked from acouzens/open5gs
[SBI] HTTP2-TLS verification - ConfFile Changed
You should add the following configuration if you would not use TLS. sbi: server: no_tls: true client: no_tls: true
This commit is contained in:
parent
3e61c5984d
commit
05fbaf6958
|
@ -2,13 +2,14 @@ db_uri: mongodb://localhost/open5gs
|
|||
|
||||
logger:
|
||||
|
||||
tls:
|
||||
enabled: no
|
||||
sbi:
|
||||
server:
|
||||
no_tls: true
|
||||
cacert: @build_configs_dir@/open5gs/tls/ca.crt
|
||||
key: @build_configs_dir@/open5gs/tls/testserver.key
|
||||
cert: @build_configs_dir@/open5gs/tls/testserver.crt
|
||||
client:
|
||||
no_tls: true
|
||||
cacert: @build_configs_dir@/open5gs/tls/ca.crt
|
||||
key: @build_configs_dir@/open5gs/tls/testclient.key
|
||||
cert: @build_configs_dir@/open5gs/tls/testclient.crt
|
||||
|
|
|
@ -2,13 +2,14 @@ db_uri: mongodb://localhost/open5gs
|
|||
|
||||
logger:
|
||||
|
||||
tls:
|
||||
enabled: no
|
||||
sbi:
|
||||
server:
|
||||
no_tls: true
|
||||
cacert: @build_configs_dir@/open5gs/tls/ca.crt
|
||||
key: @build_configs_dir@/open5gs/tls/testserver.key
|
||||
cert: @build_configs_dir@/open5gs/tls/testserver.crt
|
||||
client:
|
||||
no_tls: true
|
||||
cacert: @build_configs_dir@/open5gs/tls/ca.crt
|
||||
key: @build_configs_dir@/open5gs/tls/testclient.key
|
||||
cert: @build_configs_dir@/open5gs/tls/testclient.crt
|
||||
|
|
|
@ -2,13 +2,14 @@ db_uri: mongodb://localhost/open5gs
|
|||
|
||||
logger:
|
||||
|
||||
tls:
|
||||
enabled: no
|
||||
sbi:
|
||||
server:
|
||||
no_tls: true
|
||||
cacert: @build_configs_dir@/open5gs/tls/ca.crt
|
||||
key: @build_configs_dir@/open5gs/tls/testserver.key
|
||||
cert: @build_configs_dir@/open5gs/tls/testserver.crt
|
||||
client:
|
||||
no_tls: true
|
||||
cacert: @build_configs_dir@/open5gs/tls/ca.crt
|
||||
key: @build_configs_dir@/open5gs/tls/testclient.key
|
||||
cert: @build_configs_dir@/open5gs/tls/testclient.crt
|
||||
|
|
|
@ -1,73 +1,91 @@
|
|||
#
|
||||
# logger:
|
||||
#
|
||||
# o Set OGS_LOG_INFO to all domain level
|
||||
# - If `level` is omitted, the default level is OGS_LOG_INFO)
|
||||
# - If `domain` is omitted, the all domain level is set from 'level'
|
||||
# (Nothing is needed)
|
||||
# (Default values are used, so no configuration is required)
|
||||
#
|
||||
# o Set OGS_LOG_ERROR to all domain level
|
||||
# - `level` can be set with none, fatal, error, warn, info, debug, trace
|
||||
# logger:
|
||||
# level: error
|
||||
#
|
||||
# o Set OGS_LOG_DEBUG to mme/emm domain level
|
||||
# logger:
|
||||
# level: debug
|
||||
# domain: mme,emm
|
||||
#
|
||||
# o Set OGS_LOG_TRACE to all domain level
|
||||
# logger:
|
||||
# level: trace
|
||||
# domain: core,ngap,nas,gmm,sbi,amf,event,tlv,mem,sock
|
||||
# domain: core,sbi,ausf,event,tlv,mem,sock
|
||||
#
|
||||
logger:
|
||||
file: @localstatedir@/log/open5gs/amf.log
|
||||
|
||||
#
|
||||
# tls:
|
||||
# enabled: auto|yes|no
|
||||
# - auto: Default. Use TLS only if key/cert is available
|
||||
# - yes: Use TLS always;
|
||||
# reject if no key/cert available
|
||||
# - no: Don't use TLS if there is an key/cert available
|
||||
# o TLS enable/disable
|
||||
# sbi:
|
||||
# server|client:
|
||||
# no_tls: false|true
|
||||
# - false: (Default) Use TLS
|
||||
# - true: TLS disabled
|
||||
#
|
||||
# o Server-side Key and Certficiate
|
||||
# o Verification enable/disable
|
||||
# sbi:
|
||||
# server|client:
|
||||
# no_verify: false|true
|
||||
# - false: (Default) Verify the PEER
|
||||
# - true: Skip the verification step
|
||||
#
|
||||
# o Server-side does not use TLS
|
||||
# sbi:
|
||||
# server:
|
||||
# key: /etc/open5gs/tls/amf.key
|
||||
# cert: /etc/open5gs/tls/amf.crt
|
||||
# no_tls: true
|
||||
#
|
||||
# o Client-side does not use TLS
|
||||
# o Client-side skips the verification step
|
||||
# sbi:
|
||||
# client:
|
||||
# enabled: no
|
||||
# no_verify: true
|
||||
# key: /etc/open5gs/tls/amf.key
|
||||
# cert: /etc/open5gs/tls/amf.crt
|
||||
#
|
||||
# o Use the specified certificate to verify client
|
||||
# o Use the specified certificate while verifying the client
|
||||
# sbi:
|
||||
# server
|
||||
# cacert: /etc/open5gs/tls/ca.crt
|
||||
#
|
||||
# o Use the specified certificate to verify server
|
||||
# o Use the specified certificate while verifying the server
|
||||
# sbi:
|
||||
# client
|
||||
# cacert: /etc/open5gs/tls/ca.crt
|
||||
#
|
||||
tls:
|
||||
enabled: no
|
||||
sbi:
|
||||
server:
|
||||
no_tls: true
|
||||
cacert: @sysconfdir@/open5gs/tls/ca.crt
|
||||
key: @sysconfdir@/open5gs/tls/amf.key
|
||||
cert: @sysconfdir@/open5gs/tls/amf.crt
|
||||
client:
|
||||
no_tls: true
|
||||
cacert: @sysconfdir@/open5gs/tls/ca.crt
|
||||
key: @sysconfdir@/open5gs/tls/amf.key
|
||||
cert: @sysconfdir@/open5gs/tls/amf.crt
|
||||
|
||||
#
|
||||
# amf:
|
||||
#
|
||||
# <SBI Server>
|
||||
#
|
||||
# o SBI Server(http://<all address available>:80)
|
||||
# sbi:
|
||||
# server:
|
||||
# no_tls: true
|
||||
# amf:
|
||||
# sbi:
|
||||
#
|
||||
# o SBI Server(http://<any address>:7777)
|
||||
# sbi:
|
||||
# server:
|
||||
# no_tls: true
|
||||
# amf:
|
||||
# sbi:
|
||||
# - addr:
|
||||
# - 0.0.0.0
|
||||
|
@ -75,17 +93,17 @@ tls:
|
|||
# port: 7777
|
||||
#
|
||||
# o SBI Server(https://<all address available>:443)
|
||||
# tls:
|
||||
# sbi:
|
||||
# server:
|
||||
# key: /etc/open5gs/tls/amf.key
|
||||
# cert: /etc/open5gs/tls/amf.crt
|
||||
# amf:
|
||||
# sbi:
|
||||
#
|
||||
# o SBI Server(http://127.0.0.5:80, http://[::1]:80)
|
||||
# tls:
|
||||
# enabled: no
|
||||
# o SBI Server(https://127.0.0.5:443, https://[::1]:443) without verification
|
||||
# sbi:
|
||||
# server:
|
||||
# no_verify: true
|
||||
# key: /etc/open5gs/tls/amf.key
|
||||
# cert: /etc/open5gs/tls/amf.crt
|
||||
# amf:
|
||||
|
@ -94,29 +112,48 @@ tls:
|
|||
# - addr: ::1
|
||||
#
|
||||
# o SBI Server(https://amf.open5gs.org:443)
|
||||
# Use the specified certificate to verify client
|
||||
# Use the specified certificate while verifying the client
|
||||
#
|
||||
# tls:
|
||||
# sbi:
|
||||
# server:
|
||||
# cacert: /etc/open5gs/tls/ca.crt
|
||||
# key: /etc/open5gs/tls/amf.key
|
||||
# cert: /etc/open5gs/tls/amf.crt
|
||||
# amf:
|
||||
# sbi:
|
||||
# - name: amf.open5gs.org
|
||||
#
|
||||
# o SBI Server(http://127.0.0.5:7777)
|
||||
# sbi:
|
||||
# server:
|
||||
# no_tls: true
|
||||
# amf:
|
||||
# sbi:
|
||||
# - addr: 127.0.0.5
|
||||
# port: 7777
|
||||
#
|
||||
# o SBI Server(http://<eth0 IP address>:80)
|
||||
# sbi:
|
||||
# server:
|
||||
# no_tls: true
|
||||
# amf:
|
||||
# sbi:
|
||||
# - dev: eth0
|
||||
#
|
||||
# o Provide custom SBI address to be advertised to NRF
|
||||
# sbi:
|
||||
# server:
|
||||
# no_tls: true
|
||||
# amf:
|
||||
# sbi:
|
||||
# - dev: eth0
|
||||
# advertise: open5gs-amf.svc.local
|
||||
#
|
||||
# o Another example of advertising on NRF
|
||||
# sbi:
|
||||
# server:
|
||||
# no_tls: true
|
||||
# amf:
|
||||
# sbi:
|
||||
# - addr: localhost
|
||||
# advertise:
|
||||
|
@ -127,6 +164,10 @@ tls:
|
|||
# - tcp_nodelay : true
|
||||
# - so_linger.l_onoff : false
|
||||
#
|
||||
# sbi:
|
||||
# server:
|
||||
# no_tls: true
|
||||
# amf:
|
||||
# sbi:
|
||||
# addr: 127.0.0.5
|
||||
# option:
|
||||
|
@ -138,9 +179,11 @@ tls:
|
|||
# <NF Service>
|
||||
#
|
||||
# o NF Service Name(Default : all NF services available)
|
||||
# amf:
|
||||
# service_name:
|
||||
#
|
||||
# o NF Service Name(Only some NF services are available)
|
||||
# amf:
|
||||
# service_name:
|
||||
# - namf-comm
|
||||
#
|
||||
|
@ -148,12 +191,21 @@ tls:
|
|||
#
|
||||
# o (Default) If you do not set Query Parameter as shown below,
|
||||
#
|
||||
# sbi:
|
||||
# server:
|
||||
# no_tls: true
|
||||
# amf:
|
||||
# sbi:
|
||||
# - addr: 127.0.0.5
|
||||
# port: 7777
|
||||
#
|
||||
# - 'service-names' is included.
|
||||
#
|
||||
# o Service-Names are not included
|
||||
# sbi:
|
||||
# server:
|
||||
# no_tls: true
|
||||
# amf:
|
||||
# sbi:
|
||||
# - addr: 127.0.0.5
|
||||
# port: 7777
|
||||
|
@ -172,6 +224,10 @@ tls:
|
|||
#
|
||||
# o (Default) If you do not set Delegated Discovery as shown below,
|
||||
#
|
||||
# sbi:
|
||||
# server:
|
||||
# no_tls: true
|
||||
# amf:
|
||||
# sbi:
|
||||
# - addr: 127.0.0.5
|
||||
# port: 7777
|
||||
|
@ -179,6 +235,10 @@ tls:
|
|||
# - Use SCP if SCP avaiable. Otherwise NRF is used.
|
||||
# => App fails if both NRF and SCP are unavailable.
|
||||
#
|
||||
# sbi:
|
||||
# server:
|
||||
# no_tls: true
|
||||
# amf:
|
||||
# sbi:
|
||||
# - addr: 127.0.0.5
|
||||
# port: 7777
|
||||
|
@ -194,23 +254,28 @@ tls:
|
|||
# <NGAP Server>>
|
||||
#
|
||||
# o NGAP Server(all address available)
|
||||
# amf:
|
||||
# ngap:
|
||||
#
|
||||
# o NGAP Server(0.0.0.0:38412)
|
||||
# amf:
|
||||
# ngap:
|
||||
# addr: 0.0.0.0
|
||||
#
|
||||
# o NGAP Server(127.0.0.5:38412, [::1]:38412)
|
||||
# amf:
|
||||
# ngap:
|
||||
# - addr: 127.0.0.5
|
||||
# - addr: ::1
|
||||
#
|
||||
# o NGAP Server(different port)
|
||||
# amf:
|
||||
# ngap:
|
||||
# - addr: 127.0.0.5
|
||||
# port: 38413
|
||||
#
|
||||
# o NGAP Server(address available in `eth0` interface)
|
||||
# amf:
|
||||
# ngap:
|
||||
# dev: eth0
|
||||
#
|
||||
|
@ -218,6 +283,7 @@ tls:
|
|||
# - sctp_nodelay : true
|
||||
# - so_linger.l_onoff : false
|
||||
#
|
||||
# amf:
|
||||
# ngap:
|
||||
# addr: 127.0.0.5
|
||||
# option:
|
||||
|
@ -237,6 +303,7 @@ tls:
|
|||
# - sinit_max_attempts : 4
|
||||
# - sinit_max_init_timeo : 8000(8secs)
|
||||
#
|
||||
# amf:
|
||||
# ngap:
|
||||
# addr: 127.0.0.5
|
||||
# option:
|
||||
|
@ -254,6 +321,7 @@ tls:
|
|||
# <Metrics Server>
|
||||
#
|
||||
# o Metrics Server(http://<any address>:9090)
|
||||
# amf:
|
||||
# metrics:
|
||||
# - addr: 0.0.0.0
|
||||
# port: 9090
|
||||
|
@ -261,6 +329,7 @@ tls:
|
|||
# <GUAMI>
|
||||
#
|
||||
# o Multiple GUAMI
|
||||
# amf:
|
||||
# guami:
|
||||
# - plmn_id:
|
||||
# mcc: 999
|
||||
|
@ -279,6 +348,7 @@ tls:
|
|||
# <TAI>
|
||||
#
|
||||
# o Multiple TAI
|
||||
# amf:
|
||||
# tai:
|
||||
# - plmn_id:
|
||||
# mcc: 001
|
||||
|
@ -310,6 +380,7 @@ tls:
|
|||
# <PLMN Support>
|
||||
#
|
||||
# o Multiple PLMN Support
|
||||
# amf:
|
||||
# plmn_support:
|
||||
# - plmn_id:
|
||||
# mcc: 999
|
||||
|
@ -325,16 +396,19 @@ tls:
|
|||
#
|
||||
# <Network Name>
|
||||
#
|
||||
# amf:
|
||||
# network_name:
|
||||
# full: Open5GS
|
||||
# short: Next
|
||||
#
|
||||
# <AMF Name>
|
||||
#
|
||||
# amf:
|
||||
# amf_name: amf1.open5gs.amf.5gc.mnc70.mcc999.3gppnetwork.org
|
||||
#
|
||||
# <Relative Capacity> - Default(255)
|
||||
#
|
||||
# amf:
|
||||
# relative_capacity: 100
|
||||
#
|
||||
amf:
|
||||
|
@ -371,19 +445,22 @@ amf:
|
|||
full: Open5GS
|
||||
amf_name: open5gs-amf0
|
||||
|
||||
#
|
||||
# scp:
|
||||
#
|
||||
# <SBI Client>>
|
||||
#
|
||||
# o SBI Client(http://127.0.1.10:7777)
|
||||
# sbi:
|
||||
# client:
|
||||
# no_tls: true
|
||||
# scp:
|
||||
# sbi:
|
||||
# addr: 127.0.1.10
|
||||
# port: 7777
|
||||
#
|
||||
# o SBI Client(https://127.0.1.10:443, https://[::1]:443)
|
||||
# tls:
|
||||
# o SBI Client(https://127.0.1.10:443, https://[::1]:443) without verification
|
||||
# sbi:
|
||||
# client:
|
||||
# no_verify: true
|
||||
# key: /etc/open5gs/tls/amf.key
|
||||
# cert: /etc/open5gs/tls/amf.crt
|
||||
# scp:
|
||||
|
@ -392,11 +469,13 @@ amf:
|
|||
# - addr: ::1
|
||||
#
|
||||
# o SBI Client(https://scp.open5gs.org:443)
|
||||
# Use the specified certificate to verify server
|
||||
# Use the specified certificate while verifying the server
|
||||
#
|
||||
# tls:
|
||||
# sbi:
|
||||
# client:
|
||||
# cacert: /etc/open5gs/tls/ca.crt
|
||||
# key: /etc/open5gs/tls/amf.key
|
||||
# cert: /etc/open5gs/tls/amf.crt
|
||||
# scp:
|
||||
# sbi:
|
||||
# - name: scp.open5gs.org
|
||||
|
@ -404,6 +483,10 @@ amf:
|
|||
# o SBI Client(http://[fd69:f21d:873c:fb::1]:80)
|
||||
# If prefer_ipv4 is true, http://127.0.1.10:80 is selected.
|
||||
#
|
||||
# sbi:
|
||||
# client:
|
||||
# no_tls: true
|
||||
# scp:
|
||||
# sbi:
|
||||
# addr:
|
||||
# - 127.0.1.10
|
||||
|
@ -413,6 +496,10 @@ amf:
|
|||
# - tcp_nodelay : true
|
||||
# - so_linger.l_onoff : false
|
||||
#
|
||||
# sbi:
|
||||
# client:
|
||||
# no_tls: true
|
||||
# scp:
|
||||
# sbi:
|
||||
# addr: 127.0.1.10
|
||||
# option:
|
||||
|
@ -427,19 +514,22 @@ scp:
|
|||
- addr: 127.0.1.10
|
||||
port: 7777
|
||||
|
||||
#
|
||||
# nrf:
|
||||
#
|
||||
# <SBI Client>>
|
||||
#
|
||||
# o SBI Client(http://127.0.0.10:7777)
|
||||
# sbi:
|
||||
# client:
|
||||
# no_tls: true
|
||||
# nrf:
|
||||
# sbi:
|
||||
# addr: 127.0.0.10
|
||||
# port: 7777
|
||||
#
|
||||
# o SBI Client(https://127.0.0.10:443, https://[::1]:443)
|
||||
# tls:
|
||||
# o SBI Client(https://127.0.0.10:443, https://[::1]:443) without verification
|
||||
# sbi:
|
||||
# client:
|
||||
# no_verify: true
|
||||
# key: /etc/open5gs/tls/amf.key
|
||||
# cert: /etc/open5gs/tls/amf.crt
|
||||
# nrf:
|
||||
|
@ -448,11 +538,13 @@ scp:
|
|||
# - addr: ::1
|
||||
#
|
||||
# o SBI Client(https://nrf.open5gs.org:443)
|
||||
# Use the specified certificate to verify server
|
||||
# Use the specified certificate while verifying the server
|
||||
#
|
||||
# tls:
|
||||
# sbi:
|
||||
# client:
|
||||
# cacert: /etc/open5gs/tls/ca.crt
|
||||
# key: /etc/open5gs/tls/amf.key
|
||||
# cert: /etc/open5gs/tls/amf.crt
|
||||
# nrf:
|
||||
# sbi:
|
||||
# - name: nrf.open5gs.org
|
||||
|
@ -469,6 +561,10 @@ scp:
|
|||
# - tcp_nodelay : true
|
||||
# - so_linger.l_onoff : false
|
||||
#
|
||||
# sbi:
|
||||
# client:
|
||||
# no_tls: true
|
||||
# nrf:
|
||||
# sbi:
|
||||
# addr: 127.0.0.10
|
||||
# option:
|
||||
|
@ -484,26 +580,28 @@ scp:
|
|||
# - ::1
|
||||
# port: 7777
|
||||
|
||||
#
|
||||
# parameter:
|
||||
#
|
||||
# o Disable use of IPv4 addresses (only IPv6)
|
||||
# no_ipv4: true
|
||||
# parameter:
|
||||
# no_ipv4: true
|
||||
#
|
||||
# o Disable use of IPv6 addresses (only IPv4)
|
||||
# no_ipv6: true
|
||||
# parameter:
|
||||
# no_ipv6: true
|
||||
#
|
||||
# o Prefer IPv4 instead of IPv6 for estabishing new GTP connections.
|
||||
# prefer_ipv4: true
|
||||
# parameter:
|
||||
# prefer_ipv4: true
|
||||
#
|
||||
parameter:
|
||||
|
||||
#
|
||||
# max:
|
||||
#
|
||||
# o Maximum Number of UE
|
||||
# o Maximum Number of UE
|
||||
# max:
|
||||
# ue: 1024
|
||||
# o Maximum Number of Peer(S1AP/NGAP, DIAMETER, GTP, PFCP or SBI)
|
||||
#
|
||||
# o Maximum Number of Peer(S1AP/NGAP, DIAMETER, GTP, PFCP or SBI)
|
||||
# max:
|
||||
# peer: 64
|
||||
#
|
||||
max:
|
||||
|
@ -514,35 +612,40 @@ max:
|
|||
#
|
||||
usrsctp:
|
||||
|
||||
#
|
||||
# time:
|
||||
#
|
||||
# o NF Instance Heartbeat (Default : 0)
|
||||
# NFs will not send heart-beat timer in NFProfile
|
||||
# NRF will send heart-beat timer in NFProfile
|
||||
# (Default values are used, so no configuration is required)
|
||||
#
|
||||
# o NF Instance Heartbeat (20 seconds)
|
||||
# NFs will send heart-beat timer (20 seconds) in NFProfile
|
||||
# NRF can change heart-beat timer in NFProfile
|
||||
#
|
||||
# time:
|
||||
# nf_instance:
|
||||
# heartbeat: 20
|
||||
#
|
||||
# o Message Wait Duration (Default : 10,000 ms = 10 seconds)
|
||||
# (Default values are used, so no configuration is required)
|
||||
#
|
||||
# o Message Wait Duration (3000 ms)
|
||||
# time:
|
||||
# message:
|
||||
# duration: 3000
|
||||
#
|
||||
# o Handover Wait Duration (Default : 300 ms)
|
||||
# Time to wait for AMF to send UEContextReleaseCommand
|
||||
# to the source gNB after receiving HandoverNotify
|
||||
# (Default values are used, so no configuration is required)
|
||||
#
|
||||
# o Handover Wait Duration (500ms)
|
||||
# time:
|
||||
# handover:
|
||||
# duration: 500
|
||||
#
|
||||
# o Timers of 5GS mobility/session management
|
||||
# time:
|
||||
# t3502:
|
||||
# value: 720 # 12 minutes * 60 = 720 seconds
|
||||
# t3512:
|
||||
|
|
|
@ -1,20 +1,21 @@
|
|||
#
|
||||
# logger:
|
||||
#
|
||||
# o Set OGS_LOG_INFO to all domain level
|
||||
# - If `level` is omitted, the default level is OGS_LOG_INFO)
|
||||
# - If `domain` is omitted, the all domain level is set from 'level'
|
||||
# (Nothing is needed)
|
||||
# (Default values are used, so no configuration is required)
|
||||
#
|
||||
# o Set OGS_LOG_ERROR to all domain level
|
||||
# - `level` can be set with none, fatal, error, warn, info, debug, trace
|
||||
# logger:
|
||||
# level: error
|
||||
#
|
||||
# o Set OGS_LOG_DEBUG to mme/emm domain level
|
||||
# logger:
|
||||
# level: debug
|
||||
# domain: mme,emm
|
||||
#
|
||||
# o Set OGS_LOG_TRACE to all domain level
|
||||
# logger:
|
||||
# level: trace
|
||||
# domain: core,sbi,ausf,event,tlv,mem,sock
|
||||
#
|
||||
|
@ -22,52 +23,69 @@ logger:
|
|||
file: @localstatedir@/log/open5gs/ausf.log
|
||||
|
||||
#
|
||||
# tls:
|
||||
# enabled: auto|yes|no
|
||||
# - auto: Default. Use TLS only if key/cert is available
|
||||
# - yes: Use TLS always;
|
||||
# reject if no key/cert available
|
||||
# - no: Don't use TLS if there is an key/cert available
|
||||
# o TLS enable/disable
|
||||
# sbi:
|
||||
# server|client:
|
||||
# no_tls: false|true
|
||||
# - false: (Default) Use TLS
|
||||
# - true: TLS disabled
|
||||
#
|
||||
# o Server-side Key and Certficiate
|
||||
# o Verification enable/disable
|
||||
# sbi:
|
||||
# server|client:
|
||||
# no_verify: false|true
|
||||
# - false: (Default) Verify the PEER
|
||||
# - true: Skip the verification step
|
||||
#
|
||||
# o Server-side does not use TLS
|
||||
# sbi:
|
||||
# server:
|
||||
# key: /etc/open5gs/tls/ausf.key
|
||||
# cert: /etc/open5gs/tls/ausf.crt
|
||||
# no_tls: true
|
||||
#
|
||||
# o Client-side does not use TLS
|
||||
# o Client-side skips the verification step
|
||||
# sbi:
|
||||
# client:
|
||||
# enabled: no
|
||||
# key: /etc/open5gs/tls/ausf.key
|
||||
# cert: /etc/open5gs/tls/ausf.crt
|
||||
# no_verify: true
|
||||
# key: /etc/open5gs/tls/amf.key
|
||||
# cert: /etc/open5gs/tls/amf.crt
|
||||
#
|
||||
# o Use the specified certificate to verify client
|
||||
# o Use the specified certificate while verifying the client
|
||||
# sbi:
|
||||
# server
|
||||
# cacert: /etc/open5gs/tls/ca.crt
|
||||
#
|
||||
# o Use the specified certificate to verify server
|
||||
# o Use the specified certificate while verifying the server
|
||||
# sbi:
|
||||
# client
|
||||
# cacert: /etc/open5gs/tls/ca.crt
|
||||
#
|
||||
tls:
|
||||
enabled: no
|
||||
sbi:
|
||||
server:
|
||||
no_tls: true
|
||||
cacert: @sysconfdir@/open5gs/tls/ca.crt
|
||||
key: @sysconfdir@/open5gs/tls/ausf.key
|
||||
cert: @sysconfdir@/open5gs/tls/ausf.crt
|
||||
client:
|
||||
no_tls: true
|
||||
cacert: @sysconfdir@/open5gs/tls/ca.crt
|
||||
key: @sysconfdir@/open5gs/tls/ausf.key
|
||||
cert: @sysconfdir@/open5gs/tls/ausf.crt
|
||||
|
||||
#
|
||||
# ausf:
|
||||
#
|
||||
# <SBI Server>
|
||||
#
|
||||
# o SBI Server(http://<all address available>:80)
|
||||
# sbi:
|
||||
# server:
|
||||
# no_tls: true
|
||||
# ausf:
|
||||
# sbi:
|
||||
#
|
||||
# o SBI Server(http://<any address>:7777)
|
||||
# sbi:
|
||||
# server:
|
||||
# no_tls: true
|
||||
# ausf:
|
||||
# sbi:
|
||||
# - addr:
|
||||
# - 0.0.0.0
|
||||
|
@ -75,17 +93,17 @@ tls:
|
|||
# port: 7777
|
||||
#
|
||||
# o SBI Server(https://<all address available>:443)
|
||||
# tls:
|
||||
# sbi:
|
||||
# server:
|
||||
# key: /etc/open5gs/tls/ausf.key
|
||||
# cert: /etc/open5gs/tls/ausf.crt
|
||||
# ausf:
|
||||
# sbi:
|
||||
#
|
||||
# o SBI Server(http://127.0.0.11:80, http://[::1]:80)
|
||||
# tls:
|
||||
# enabled: no
|
||||
# o SBI Server(https://127.0.0.11:443, https://[::1]:443) without verification
|
||||
# sbi:
|
||||
# server:
|
||||
# no_verify: true
|
||||
# key: /etc/open5gs/tls/ausf.key
|
||||
# cert: /etc/open5gs/tls/ausf.crt
|
||||
# ausf:
|
||||
|
@ -94,29 +112,48 @@ tls:
|
|||
# - addr: ::1
|
||||
#
|
||||
# o SBI Server(https://ausf.open5gs.org:443)
|
||||
# Use the specified certificate to verify client
|
||||
# Use the specified certificate while verifying the client
|
||||
#
|
||||
# tls:
|
||||
# sbi:
|
||||
# server:
|
||||
# cacert: /etc/open5gs/tls/ca.crt
|
||||
# key: /etc/open5gs/tls/ausf.key
|
||||
# cert: /etc/open5gs/tls/ausf.crt
|
||||
# ausf:
|
||||
# sbi:
|
||||
# - name: ausf.open5gs.org
|
||||
#
|
||||
# o SBI Server(http://127.0.0.11:7777)
|
||||
# sbi:
|
||||
# server:
|
||||
# no_tls: true
|
||||
# ausf:
|
||||
# sbi:
|
||||
# - addr: 127.0.0.11
|
||||
# port: 7777
|
||||
#
|
||||
# o SBI Server(http://<eth0 IP address>:80)
|
||||
# sbi:
|
||||
# server:
|
||||
# no_tls: true
|
||||
# ausf:
|
||||
# sbi:
|
||||
# - dev: eth0
|
||||
#
|
||||
# o Provide custom SBI address to be advertised to NRF
|
||||
# sbi:
|
||||
# server:
|
||||
# no_tls: true
|
||||
# ausf:
|
||||
# sbi:
|
||||
# - dev: eth0
|
||||
# advertise: open5gs-ausf.svc.local
|
||||
#
|
||||
# o Another example of advertising on NRF
|
||||
# sbi:
|
||||
# server:
|
||||
# no_tls: true
|
||||
# ausf:
|
||||
# sbi:
|
||||
# - addr: localhost
|
||||
# advertise:
|
||||
|
@ -127,6 +164,10 @@ tls:
|
|||
# - tcp_nodelay : true
|
||||
# - so_linger.l_onoff : false
|
||||
#
|
||||
# sbi:
|
||||
# server:
|
||||
# no_tls: true
|
||||
# ausf:
|
||||
# sbi:
|
||||
# addr: 127.0.0.11
|
||||
# option:
|
||||
|
@ -138,9 +179,11 @@ tls:
|
|||
# <NF Service>
|
||||
#
|
||||
# o NF Service Name(Default : all NF services available)
|
||||
# ausf:
|
||||
# service_name:
|
||||
#
|
||||
# o NF Service Name(Only some NF services are available)
|
||||
# ausf:
|
||||
# service_name:
|
||||
# - nausf-auth
|
||||
#
|
||||
|
@ -148,12 +191,21 @@ tls:
|
|||
#
|
||||
# o (Default) If you do not set Query Parameter as shown below,
|
||||
#
|
||||
# sbi:
|
||||
# server:
|
||||
# no_tls: true
|
||||
# ausf:
|
||||
# sbi:
|
||||
# - addr: 127.0.0.11
|
||||
# port: 7777
|
||||
#
|
||||
# - 'service-names' is included.
|
||||
#
|
||||
# o Service-Names are not included
|
||||
# sbi:
|
||||
# server:
|
||||
# no_tls: true
|
||||
# ausf:
|
||||
# sbi:
|
||||
# - addr: 127.0.0.11
|
||||
# port: 7777
|
||||
|
@ -172,6 +224,10 @@ tls:
|
|||
#
|
||||
# o (Default) If you do not set Delegated Discovery as shown below,
|
||||
#
|
||||
# sbi:
|
||||
# server:
|
||||
# no_tls: true
|
||||
# ausf:
|
||||
# sbi:
|
||||
# - addr: 127.0.0.11
|
||||
# port: 7777
|
||||
|
@ -179,6 +235,10 @@ tls:
|
|||
# - Use SCP if SCP avaiable. Otherwise NRF is used.
|
||||
# => App fails if both NRF and SCP are unavailable.
|
||||
#
|
||||
# sbi:
|
||||
# server:
|
||||
# no_tls: true
|
||||
# ausf:
|
||||
# sbi:
|
||||
# - addr: 127.0.0.11
|
||||
# port: 7777
|
||||
|
@ -196,32 +256,37 @@ ausf:
|
|||
- addr: 127.0.0.11
|
||||
port: 7777
|
||||
|
||||
#
|
||||
# scp:
|
||||
#
|
||||
# <SBI Client>>
|
||||
#
|
||||
# o SBI Client(http://127.0.1.10:7777)
|
||||
# sbi:
|
||||
# client:
|
||||
# no_tls: true
|
||||
# scp:
|
||||
# sbi:
|
||||
# addr: 127.0.1.10
|
||||
# port: 7777
|
||||
#
|
||||
# o SBI Client(https://127.0.1.10:443, https://[::1]:443)
|
||||
# tls:
|
||||
# o SBI Client(https://127.0.1.10:443, https://[::1]:443) without verification
|
||||
# sbi:
|
||||
# client:
|
||||
# key: /etc/open5gs/tls/ausf.key
|
||||
# cert: /etc/open5gs/tls/ausf.crt
|
||||
# no_verify: true
|
||||
# key: /etc/open5gs/tls/amf.key
|
||||
# cert: /etc/open5gs/tls/amf.crt
|
||||
# scp:
|
||||
# sbi:
|
||||
# - addr: 127.0.1.10
|
||||
# - addr: ::1
|
||||
#
|
||||
# o SBI Client(https://scp.open5gs.org:443)
|
||||
# Use the specified certificate to verify server
|
||||
# Use the specified certificate while verifying the server
|
||||
#
|
||||
# tls:
|
||||
# sbi:
|
||||
# client:
|
||||
# cacert: /etc/open5gs/tls/ca.crt
|
||||
# key: /etc/open5gs/tls/amf.key
|
||||
# cert: /etc/open5gs/tls/amf.crt
|
||||
# scp:
|
||||
# sbi:
|
||||
# - name: scp.open5gs.org
|
||||
|
@ -229,6 +294,10 @@ ausf:
|
|||
# o SBI Client(http://[fd69:f21d:873c:fb::1]:80)
|
||||
# If prefer_ipv4 is true, http://127.0.1.10:80 is selected.
|
||||
#
|
||||
# sbi:
|
||||
# client:
|
||||
# no_tls: true
|
||||
# scp:
|
||||
# sbi:
|
||||
# addr:
|
||||
# - 127.0.1.10
|
||||
|
@ -238,6 +307,10 @@ ausf:
|
|||
# - tcp_nodelay : true
|
||||
# - so_linger.l_onoff : false
|
||||
#
|
||||
# sbi:
|
||||
# client:
|
||||
# no_tls: true
|
||||
# scp:
|
||||
# sbi:
|
||||
# addr: 127.0.1.10
|
||||
# option:
|
||||
|
@ -252,32 +325,37 @@ scp:
|
|||
- addr: 127.0.1.10
|
||||
port: 7777
|
||||
|
||||
#
|
||||
# nrf:
|
||||
#
|
||||
# <SBI Client>>
|
||||
#
|
||||
# o SBI Client(http://127.0.0.10:7777)
|
||||
# sbi:
|
||||
# client:
|
||||
# no_tls: true
|
||||
# nrf:
|
||||
# sbi:
|
||||
# addr: 127.0.0.10
|
||||
# port: 7777
|
||||
#
|
||||
# o SBI Client(https://127.0.0.10:443, https://[::1]:443)
|
||||
# tls:
|
||||
# o SBI Client(https://127.0.0.10:443, https://[::1]:443) without verification
|
||||
# sbi:
|
||||
# client:
|
||||
# key: /etc/open5gs/tls/ausf.key
|
||||
# cert: /etc/open5gs/tls/ausf.crt
|
||||
# no_verify: true
|
||||
# key: /etc/open5gs/tls/amf.key
|
||||
# cert: /etc/open5gs/tls/amf.crt
|
||||
# nrf:
|
||||
# sbi:
|
||||
# - addr: 127.0.0.10
|
||||
# - addr: ::1
|
||||
#
|
||||
# o SBI Client(https://nrf.open5gs.org:443)
|
||||
# Use the specified certificate to verify server
|
||||
# Use the specified certificate while verifying the server
|
||||
#
|
||||
# tls:
|
||||
# sbi:
|
||||
# client:
|
||||
# cacert: /etc/open5gs/tls/ca.crt
|
||||
# key: /etc/open5gs/tls/amf.key
|
||||
# cert: /etc/open5gs/tls/amf.crt
|
||||
# nrf:
|
||||
# sbi:
|
||||
# - name: nrf.open5gs.org
|
||||
|
@ -294,6 +372,10 @@ scp:
|
|||
# - tcp_nodelay : true
|
||||
# - so_linger.l_onoff : false
|
||||
#
|
||||
# sbi:
|
||||
# client:
|
||||
# no_tls: true
|
||||
# nrf:
|
||||
# sbi:
|
||||
# addr: 127.0.0.10
|
||||
# option:
|
||||
|
@ -309,47 +391,51 @@ scp:
|
|||
# - ::1
|
||||
# port: 7777
|
||||
|
||||
#
|
||||
# parameter:
|
||||
#
|
||||
# o Disable use of IPv4 addresses (only IPv6)
|
||||
# no_ipv4: true
|
||||
# parameter:
|
||||
# no_ipv4: true
|
||||
#
|
||||
# o Disable use of IPv6 addresses (only IPv4)
|
||||
# no_ipv6: true
|
||||
# parameter:
|
||||
# no_ipv6: true
|
||||
#
|
||||
# o Prefer IPv4 instead of IPv6 for estabishing new GTP connections.
|
||||
# prefer_ipv4: true
|
||||
# parameter:
|
||||
# prefer_ipv4: true
|
||||
#
|
||||
parameter:
|
||||
|
||||
#
|
||||
# max:
|
||||
#
|
||||
# o Maximum Number of UE
|
||||
# o Maximum Number of UE
|
||||
# max:
|
||||
# ue: 1024
|
||||
# o Maximum Number of Peer(S1AP/NGAP, DIAMETER, GTP, PFCP or SBI)
|
||||
#
|
||||
# o Maximum Number of Peer(S1AP/NGAP, DIAMETER, GTP, PFCP or SBI)
|
||||
# max:
|
||||
# peer: 64
|
||||
#
|
||||
max:
|
||||
|
||||
#
|
||||
# time:
|
||||
#
|
||||
# o NF Instance Heartbeat (Default : 0)
|
||||
# NFs will not send heart-beat timer in NFProfile
|
||||
# NRF will send heart-beat timer in NFProfile
|
||||
# (Default values are used, so no configuration is required)
|
||||
#
|
||||
# o NF Instance Heartbeat (20 seconds)
|
||||
# NFs will send heart-beat timer (20 seconds) in NFProfile
|
||||
# NRF can change heart-beat timer in NFProfile
|
||||
#
|
||||
# time:
|
||||
# nf_instance:
|
||||
# heartbeat: 20
|
||||
#
|
||||
# o Message Wait Duration (Default : 10,000 ms = 10 seconds)
|
||||
# (Default values are used, so no configuration is required)
|
||||
#
|
||||
# o Message Wait Duration (3000 ms)
|
||||
# time:
|
||||
# message:
|
||||
# duration: 3000
|
||||
time:
|
||||
|
|
|
@ -1,75 +1,93 @@
|
|||
db_uri: mongodb://localhost/open5gs
|
||||
|
||||
#
|
||||
# logger:
|
||||
#
|
||||
# o Set OGS_LOG_INFO to all domain level
|
||||
# - If `level` is omitted, the default level is OGS_LOG_INFO)
|
||||
# - If `domain` is omitted, the all domain level is set from 'level'
|
||||
# (Nothing is needed)
|
||||
# (Default values are used, so no configuration is required)
|
||||
#
|
||||
# o Set OGS_LOG_ERROR to all domain level
|
||||
# - `level` can be set with none, fatal, error, warn, info, debug, trace
|
||||
# logger:
|
||||
# level: error
|
||||
#
|
||||
# o Set OGS_LOG_DEBUG to mme/emm domain level
|
||||
# logger:
|
||||
# level: debug
|
||||
# domain: mme,emm
|
||||
#
|
||||
# o Set OGS_LOG_TRACE to all domain level
|
||||
# logger:
|
||||
# level: trace
|
||||
# domain: core,sbi,bsf,event,tlv,mem,sock
|
||||
# domain: core,sbi,ausf,event,tlv,mem,sock
|
||||
#
|
||||
logger:
|
||||
file: @localstatedir@/log/open5gs/bsf.log
|
||||
|
||||
#
|
||||
# tls:
|
||||
# enabled: auto|yes|no
|
||||
# - auto: Default. Use TLS only if key/cert is available
|
||||
# - yes: Use TLS always;
|
||||
# reject if no key/cert available
|
||||
# - no: Don't use TLS if there is an key/cert available
|
||||
# o TLS enable/disable
|
||||
# sbi:
|
||||
# server|client:
|
||||
# no_tls: false|true
|
||||
# - false: (Default) Use TLS
|
||||
# - true: TLS disabled
|
||||
#
|
||||
# o Server-side Key and Certficiate
|
||||
# o Verification enable/disable
|
||||
# sbi:
|
||||
# server|client:
|
||||
# no_verify: false|true
|
||||
# - false: (Default) Verify the PEER
|
||||
# - true: Skip the verification step
|
||||
#
|
||||
# o Server-side does not use TLS
|
||||
# sbi:
|
||||
# server:
|
||||
# key: /etc/open5gs/tls/bsf.key
|
||||
# cert: /etc/open5gs/tls/bsf.crt
|
||||
# no_tls: true
|
||||
#
|
||||
# o Client-side does not use TLS
|
||||
# o Client-side skips the verification step
|
||||
# sbi:
|
||||
# client:
|
||||
# enabled: no
|
||||
# key: /etc/open5gs/tls/bsf.key
|
||||
# cert: /etc/open5gs/tls/bsf.crt
|
||||
# no_verify: true
|
||||
# key: /etc/open5gs/tls/amf.key
|
||||
# cert: /etc/open5gs/tls/amf.crt
|
||||
#
|
||||
# o Use the specified certificate to verify client
|
||||
# o Use the specified certificate while verifying the client
|
||||
# sbi:
|
||||
# server
|
||||
# cacert: /etc/open5gs/tls/ca.crt
|
||||
#
|
||||
# o Use the specified certificate to verify server
|
||||
# o Use the specified certificate while verifying the server
|
||||
# sbi:
|
||||
# client
|
||||
# cacert: /etc/open5gs/tls/ca.crt
|
||||
#
|
||||
tls:
|
||||
enabled: no
|
||||
sbi:
|
||||
server:
|
||||
no_tls: true
|
||||
cacert: @sysconfdir@/open5gs/tls/ca.crt
|
||||
key: @sysconfdir@/open5gs/tls/bsf.key
|
||||
cert: @sysconfdir@/open5gs/tls/bsf.crt
|
||||
client:
|
||||
no_tls: true
|
||||
cacert: @sysconfdir@/open5gs/tls/ca.crt
|
||||
key: @sysconfdir@/open5gs/tls/bsf.key
|
||||
cert: @sysconfdir@/open5gs/tls/bsf.crt
|
||||
|
||||
#
|
||||
# bsf:
|
||||
#
|
||||
# <SBI Server>
|
||||
#
|
||||
# o SBI Server(http://<all address available>:80)
|
||||
# sbi:
|
||||
# server:
|
||||
# no_tls: true
|
||||
# bsf:
|
||||
# sbi:
|
||||
#
|
||||
# o SBI Server(http://<any address>:7777)
|
||||
# sbi:
|
||||
# server:
|
||||
# no_tls: true
|
||||
# bsf:
|
||||
# sbi:
|
||||
# - addr:
|
||||
# - 0.0.0.0
|
||||
|
@ -77,48 +95,67 @@ tls:
|
|||
# port: 7777
|
||||
#
|
||||
# o SBI Server(https://<all address available>:443)
|
||||
# tls:
|
||||
# sbi:
|
||||
# server:
|
||||
# key: /etc/open5gs/tls/bsf.key
|
||||
# cert: /etc/open5gs/tls/bsf.crt
|
||||
# bsf:
|
||||
# sbi:
|
||||
#
|
||||
# o SBI Server(http://127.0.0.5:80, http://[::1]:80)
|
||||
# tls:
|
||||
# enabled: no
|
||||
# o SBI Server(https://127.0.0.15:443, https://[::1]:443) without verification
|
||||
# sbi:
|
||||
# server:
|
||||
# no_verify: true
|
||||
# key: /etc/open5gs/tls/bsf.key
|
||||
# cert: /etc/open5gs/tls/bsf.crt
|
||||
# bsf:
|
||||
# sbi:
|
||||
# - addr: 127.0.0.5
|
||||
# - addr: 127.0.0.15
|
||||
# - addr: ::1
|
||||
#
|
||||
# o SBI Server(https://bsf.open5gs.org:443)
|
||||
# Use the specified certificate to verify client
|
||||
# Use the specified certificate while verifying the client
|
||||
#
|
||||
# tls:
|
||||
# sbi:
|
||||
# server:
|
||||
# cacert: /etc/open5gs/tls/ca.crt
|
||||
# key: /etc/open5gs/tls/bsf.key
|
||||
# cert: /etc/open5gs/tls/bsf.crt
|
||||
# bsf:
|
||||
# sbi:
|
||||
# - name: bsf.open5gs.org
|
||||
#
|
||||
# o SBI Server(http://127.0.0.15:7777)
|
||||
# sbi:
|
||||
# server:
|
||||
# no_tls: true
|
||||
# bsf:
|
||||
# sbi:
|
||||
# - addr: 127.0.0.15
|
||||
# port: 7777
|
||||
#
|
||||
# o SBI Server(http://<eth0 IP address>:80)
|
||||
# sbi:
|
||||
# server:
|
||||
# no_tls: true
|
||||
# bsf:
|
||||
# sbi:
|
||||
# - dev: eth0
|
||||
#
|
||||
# o Provide custom SBI address to be advertised to NRF
|
||||
# sbi:
|
||||
# server:
|
||||
# no_tls: true
|
||||
# bsf:
|
||||
# sbi:
|
||||
# - dev: eth0
|
||||
# advertise: open5gs-bsf.svc.local
|
||||
#
|
||||
# o Another example of advertising on NRF
|
||||
# sbi:
|
||||
# server:
|
||||
# no_tls: true
|
||||
# bsf:
|
||||
# sbi:
|
||||
# - addr: localhost
|
||||
# advertise:
|
||||
|
@ -129,6 +166,10 @@ tls:
|
|||
# - tcp_nodelay : true
|
||||
# - so_linger.l_onoff : false
|
||||
#
|
||||
# sbi:
|
||||
# server:
|
||||
# no_tls: true
|
||||
# bsf:
|
||||
# sbi:
|
||||
# addr: 127.0.0.15
|
||||
# option:
|
||||
|
@ -140,9 +181,11 @@ tls:
|
|||
# <NF Service>
|
||||
#
|
||||
# o NF Service Name(Default : all NF services available)
|
||||
# bsf:
|
||||
# service_name:
|
||||
#
|
||||
# o NF Service Name(Only some NF services are available)
|
||||
# bsf:
|
||||
# service_name:
|
||||
# - nbsf-management
|
||||
#
|
||||
|
@ -150,12 +193,21 @@ tls:
|
|||
#
|
||||
# o (Default) If you do not set Query Parameter as shown below,
|
||||
#
|
||||
# sbi:
|
||||
# server:
|
||||
# no_tls: true
|
||||
# bsf:
|
||||
# sbi:
|
||||
# - addr: 127.0.0.15
|
||||
# port: 7777
|
||||
#
|
||||
# - 'service-names' is included.
|
||||
#
|
||||
# o Service-Names are not included
|
||||
# sbi:
|
||||
# server:
|
||||
# no_tls: true
|
||||
# bsf:
|
||||
# sbi:
|
||||
# - addr: 127.0.0.15
|
||||
# port: 7777
|
||||
|
@ -174,6 +226,10 @@ tls:
|
|||
#
|
||||
# o (Default) If you do not set Delegated Discovery as shown below,
|
||||
#
|
||||
# sbi:
|
||||
# server:
|
||||
# no_tls: true
|
||||
# bsf:
|
||||
# sbi:
|
||||
# - addr: 127.0.0.15
|
||||
# port: 7777
|
||||
|
@ -181,6 +237,10 @@ tls:
|
|||
# - Use SCP if SCP avaiable. Otherwise NRF is used.
|
||||
# => App fails if both NRF and SCP are unavailable.
|
||||
#
|
||||
# sbi:
|
||||
# server:
|
||||
# no_tls: true
|
||||
# bsf:
|
||||
# sbi:
|
||||
# - addr: 127.0.0.15
|
||||
# port: 7777
|
||||
|
@ -198,32 +258,37 @@ bsf:
|
|||
- addr: 127.0.0.15
|
||||
port: 7777
|
||||
|
||||
#
|
||||
# scp:
|
||||
#
|
||||
# <SBI Client>>
|
||||
#
|
||||
# o SBI Client(http://127.0.1.10:7777)
|
||||
# sbi:
|
||||
# client:
|
||||
# no_tls: true
|
||||
# scp:
|
||||
# sbi:
|
||||
# addr: 127.0.1.10
|
||||
# port: 7777
|
||||
#
|
||||
# o SBI Client(https://127.0.1.10:443, https://[::1]:443)
|
||||
# tls:
|
||||
# o SBI Client(https://127.0.1.10:443, https://[::1]:443) without verification
|
||||
# sbi:
|
||||
# client:
|
||||
# key: /etc/open5gs/tls/bsf.key
|
||||
# cert: /etc/open5gs/tls/bsf.crt
|
||||
# no_verify: true
|
||||
# key: /etc/open5gs/tls/amf.key
|
||||
# cert: /etc/open5gs/tls/amf.crt
|
||||
# scp:
|
||||
# sbi:
|
||||
# - addr: 127.0.1.10
|
||||
# - addr: ::1
|
||||
#
|
||||
# o SBI Client(https://scp.open5gs.org:443)
|
||||
# Use the specified certificate to verify server
|
||||
# Use the specified certificate while verifying the server
|
||||
#
|
||||
# tls:
|
||||
# sbi:
|
||||
# client:
|
||||
# cacert: /etc/open5gs/tls/ca.crt
|
||||
# key: /etc/open5gs/tls/amf.key
|
||||
# cert: /etc/open5gs/tls/amf.crt
|
||||
# scp:
|
||||
# sbi:
|
||||
# - name: scp.open5gs.org
|
||||
|
@ -231,6 +296,10 @@ bsf:
|
|||
# o SBI Client(http://[fd69:f21d:873c:fb::1]:80)
|
||||
# If prefer_ipv4 is true, http://127.0.1.10:80 is selected.
|
||||
#
|
||||
# sbi:
|
||||
# client:
|
||||
# no_tls: true
|
||||
# scp:
|
||||
# sbi:
|
||||
# addr:
|
||||
# - 127.0.1.10
|
||||
|
@ -240,6 +309,10 @@ bsf:
|
|||
# - tcp_nodelay : true
|
||||
# - so_linger.l_onoff : false
|
||||
#
|
||||
# sbi:
|
||||
# client:
|
||||
# no_tls: true
|
||||
# scp:
|
||||
# sbi:
|
||||
# addr: 127.0.1.10
|
||||
# option:
|
||||
|
@ -254,32 +327,37 @@ scp:
|
|||
- addr: 127.0.1.10
|
||||
port: 7777
|
||||
|
||||
#
|
||||
# nrf:
|
||||
#
|
||||
# <SBI Client>>
|
||||
#
|
||||
# o SBI Client(http://127.0.0.10:7777)
|
||||
# sbi:
|
||||
# client:
|
||||
# no_tls: true
|
||||
# nrf:
|
||||
# sbi:
|
||||
# addr: 127.0.0.10
|
||||
# port: 7777
|
||||
#
|
||||
# o SBI Client(https://127.0.0.10:443, https://[::1]:443)
|
||||
# tls:
|
||||
# o SBI Client(https://127.0.0.10:443, https://[::1]:443) without verification
|
||||
# sbi:
|
||||
# client:
|
||||
# key: /etc/open5gs/tls/bsf.key
|
||||
# cert: /etc/open5gs/tls/bsf.crt
|
||||
# no_verify: true
|
||||
# key: /etc/open5gs/tls/amf.key
|
||||
# cert: /etc/open5gs/tls/amf.crt
|
||||
# nrf:
|
||||
# sbi:
|
||||
# - addr: 127.0.0.10
|
||||
# - addr: ::1
|
||||
#
|
||||
# o SBI Client(https://nrf.open5gs.org:443)
|
||||
# Use the specified certificate to verify server
|
||||
# Use the specified certificate while verifying the server
|
||||
#
|
||||
# tls:
|
||||
# sbi:
|
||||
# client:
|
||||
# cacert: /etc/open5gs/tls/ca.crt
|
||||
# key: /etc/open5gs/tls/amf.key
|
||||
# cert: /etc/open5gs/tls/amf.crt
|
||||
# nrf:
|
||||
# sbi:
|
||||
# - name: nrf.open5gs.org
|
||||
|
@ -296,6 +374,10 @@ scp:
|
|||
# - tcp_nodelay : true
|
||||
# - so_linger.l_onoff : false
|
||||
#
|
||||
# sbi:
|
||||
# client:
|
||||
# no_tls: true
|
||||
# nrf:
|
||||
# sbi:
|
||||
# addr: 127.0.0.10
|
||||
# option:
|
||||
|
@ -311,47 +393,51 @@ scp:
|
|||
# - ::1
|
||||
# port: 7777
|
||||
|
||||
#
|
||||
# parameter:
|
||||
#
|
||||
# o Disable use of IPv4 addresses (only IPv6)
|
||||
# no_ipv4: true
|
||||
# parameter:
|
||||
# no_ipv4: true
|
||||
#
|
||||
# o Disable use of IPv6 addresses (only IPv4)
|
||||
# no_ipv6: true
|
||||
# parameter:
|
||||
# no_ipv6: true
|
||||
#
|
||||
# o Prefer IPv4 instead of IPv6 for estabishing new GTP connections.
|
||||
# prefer_ipv4: true
|
||||
# parameter:
|
||||
# prefer_ipv4: true
|
||||
#
|
||||
parameter:
|
||||
|
||||
#
|
||||
# max:
|
||||
#
|
||||
# o Maximum Number of UE
|
||||
# o Maximum Number of UE
|
||||
# max:
|
||||
# ue: 1024
|
||||
# o Maximum Number of Peer(S1AP/NGAP, DIAMETER, GTP, PFCP or SBI)
|
||||
#
|
||||
# o Maximum Number of Peer(S1AP/NGAP, DIAMETER, GTP, PFCP or SBI)
|
||||
# max:
|
||||
# peer: 64
|
||||
#
|
||||
max:
|
||||
|
||||
#
|
||||
# time:
|
||||
#
|
||||
# o NF Instance Heartbeat (Default : 0)
|
||||
# NFs will not send heart-beat timer in NFProfile
|
||||
# NRF will send heart-beat timer in NFProfile
|
||||
# (Default values are used, so no configuration is required)
|
||||
#
|
||||
# o NF Instance Heartbeat (20 seconds)
|
||||
# NFs will send heart-beat timer (20 seconds) in NFProfile
|
||||
# NRF can change heart-beat timer in NFProfile
|
||||
#
|
||||
# time:
|
||||
# nf_instance:
|
||||
# heartbeat: 20
|
||||
#
|
||||
# o Message Wait Duration (Default : 10,000 ms = 10 seconds)
|
||||
# (Default values are used, so no configuration is required)
|
||||
#
|
||||
# o Message Wait Duration (3000 ms)
|
||||
# time:
|
||||
# message:
|
||||
# duration: 3000
|
||||
time:
|
||||
|
|
|
@ -1,24 +1,25 @@
|
|||
db_uri: mongodb://localhost/open5gs
|
||||
|
||||
#
|
||||
# logger:
|
||||
#
|
||||
# o Set OGS_LOG_INFO to all domain level
|
||||
# - If `level` is omitted, the default level is OGS_LOG_INFO)
|
||||
# - If `domain` is omitted, the all domain level is set from 'level'
|
||||
# (Nothing is needed)
|
||||
# (Default values are used, so no configuration is required)
|
||||
#
|
||||
# o Set OGS_LOG_ERROR to all domain level
|
||||
# - `level` can be set with none, fatal, error, warn, info, debug, trace
|
||||
# logger:
|
||||
# level: error
|
||||
#
|
||||
# o Set OGS_LOG_DEBUG to mme/emm domain level
|
||||
# logger:
|
||||
# level: debug
|
||||
# domain: mme,emm
|
||||
#
|
||||
# o Set OGS_LOG_TRACE to all domain level
|
||||
# logger:
|
||||
# level: trace
|
||||
# domain: core,fd,hss,event,mem,sock
|
||||
# domain: core,sbi,ausf,event,tlv,mem,sock
|
||||
#
|
||||
logger:
|
||||
file: @localstatedir@/log/open5gs/hss.log
|
||||
|
@ -26,29 +27,37 @@ logger:
|
|||
hss:
|
||||
freeDiameter: @sysconfdir@/freeDiameter/hss.conf
|
||||
|
||||
# sms_over_ims: "sip:smsc.mnc001.mcc001.3gppnetwork.org:7060;transport=tcp"
|
||||
|
||||
#
|
||||
# parameter:
|
||||
# hss:
|
||||
# sms_over_ims: "sip:smsc.mnc001.mcc001.3gppnetwork.org:7060;transport=tcp"
|
||||
#
|
||||
|
||||
#
|
||||
# o Disable use of IPv4 addresses (only IPv6)
|
||||
# no_ipv4: true
|
||||
# parameter:
|
||||
# no_ipv4: true
|
||||
#
|
||||
# o Disable use of IPv6 addresses (only IPv4)
|
||||
# no_ipv6: true
|
||||
# parameter:
|
||||
# no_ipv6: true
|
||||
#
|
||||
# o Prefer IPv4 instead of IPv6 for estabishing new GTP connections.
|
||||
# prefer_ipv4: true
|
||||
# parameter:
|
||||
# prefer_ipv4: true
|
||||
#
|
||||
# o Use MongoDB Change Stream
|
||||
# parameter:
|
||||
# use_mongodb_change_stream: true
|
||||
#
|
||||
parameter:
|
||||
# use_mongodb_change_stream: true
|
||||
|
||||
#
|
||||
# max:
|
||||
#
|
||||
# o Maximum Number of UE
|
||||
# o Maximum Number of UE
|
||||
# max:
|
||||
# ue: 1024
|
||||
# o Maximum Number of Peer(S1AP/NGAP, DIAMETER, GTP, PFCP or SBI)
|
||||
#
|
||||
# o Maximum Number of Peer(S1AP/NGAP, DIAMETER, GTP, PFCP or SBI)
|
||||
# max:
|
||||
# peer: 64
|
||||
#
|
||||
max:
|
||||
|
|
|
@ -1,49 +1,53 @@
|
|||
#
|
||||
# logger:
|
||||
#
|
||||
# o Set OGS_LOG_INFO to all domain level
|
||||
# - If `level` is omitted, the default level is OGS_LOG_INFO)
|
||||
# - If `domain` is omitted, the all domain level is set from 'level'
|
||||
# (Nothing is needed)
|
||||
# (Default values are used, so no configuration is required)
|
||||
#
|
||||
# o Set OGS_LOG_ERROR to all domain level
|
||||
# - `level` can be set with none, fatal, error, warn, info, debug, trace
|
||||
# logger:
|
||||
# level: error
|
||||
#
|
||||
# o Set OGS_LOG_DEBUG to mme/emm domain level
|
||||
# logger:
|
||||
# level: debug
|
||||
# domain: mme,emm
|
||||
#
|
||||
# o Set OGS_LOG_TRACE to all domain level
|
||||
# logger:
|
||||
# level: trace
|
||||
# domain: core,s1ap,nas,fd,gtp,mme,emm,esm,event,tlv,mem,sock
|
||||
# domain: core,sbi,ausf,event,tlv,mem,sock
|
||||
#
|
||||
logger:
|
||||
file: @localstatedir@/log/open5gs/mme.log
|
||||
|
||||
#
|
||||
# mme:
|
||||
#
|
||||
# <S1AP Server>>
|
||||
#
|
||||
# o S1AP Server(all address available)
|
||||
# mme:
|
||||
# s1ap:
|
||||
#
|
||||
# o S1AP Server(0.0.0.0:36412)
|
||||
# mme:
|
||||
# s1ap:
|
||||
# addr: 0.0.0.0
|
||||
#
|
||||
# o S1AP Server(127.0.0.2:36412, [::1]:36412)
|
||||
# mme:
|
||||
# s1ap:
|
||||
# - addr: 127.0.0.2
|
||||
# - addr: ::1
|
||||
#
|
||||
# o S1AP Server(different port)
|
||||
# mme:
|
||||
# s1ap:
|
||||
# - addr: 127.0.0.2
|
||||
# port: 36413
|
||||
#
|
||||
# o S1AP Server(address available in `eth0` interface)
|
||||
# mme:
|
||||
# s1ap:
|
||||
# dev: eth0
|
||||
#
|
||||
|
@ -51,6 +55,7 @@ logger:
|
|||
# - sctp_nodelay : true
|
||||
# - so_linger.l_onoff : false
|
||||
#
|
||||
# mme:
|
||||
# s1ap:
|
||||
# addr: 127.0.0.2
|
||||
# option:
|
||||
|
@ -70,6 +75,7 @@ logger:
|
|||
# - sinit_max_attempts : 4
|
||||
# - sinit_max_init_timeo : 8000(8secs)
|
||||
#
|
||||
# mme:
|
||||
# s1ap:
|
||||
# addr: 127.0.0.2
|
||||
# option:
|
||||
|
@ -87,9 +93,11 @@ logger:
|
|||
# <GTP-C Server>>
|
||||
#
|
||||
# o GTP-C Server(all address available)
|
||||
# mme:
|
||||
# gtpc:
|
||||
#
|
||||
# o GTP-C Server(127.0.0.2:2123, [::1]:2123)
|
||||
# mme:
|
||||
# gtpc:
|
||||
# - addr: 127.0.0.2
|
||||
# - addr: ::1
|
||||
|
@ -97,6 +105,7 @@ logger:
|
|||
# <SGsAP>
|
||||
#
|
||||
# o Single MSC/VLR(127.0.0.2)
|
||||
# mme:
|
||||
# sgsap:
|
||||
# addr: 127.0.0.2
|
||||
# map:
|
||||
|
@ -123,6 +132,7 @@ logger:
|
|||
# lac: 43692
|
||||
#
|
||||
# o Multiple MSC/VLR
|
||||
# mme:
|
||||
# sgsap:
|
||||
# - addr: 127.0.0.2
|
||||
# port: 29119
|
||||
|
@ -178,6 +188,7 @@ logger:
|
|||
# <Metrics Server>
|
||||
#
|
||||
# o Metrics Server(http://<any address>:9090)
|
||||
# mme:
|
||||
# metrics:
|
||||
# - addr: 0.0.0.0
|
||||
# port: 9090
|
||||
|
@ -185,6 +196,7 @@ logger:
|
|||
# <GUMMEI>
|
||||
#
|
||||
# o Multiple GUMMEI
|
||||
# mme:
|
||||
# gummei:
|
||||
# - plmn_id:
|
||||
# mcc: 001
|
||||
|
@ -205,6 +217,7 @@ logger:
|
|||
# <TAI>
|
||||
#
|
||||
# o Multiple TAI
|
||||
# mme:
|
||||
# tai:
|
||||
# - plmn_id:
|
||||
# mcc: 001
|
||||
|
@ -235,17 +248,17 @@ logger:
|
|||
#
|
||||
#
|
||||
# <Network Name>
|
||||
#
|
||||
# mme:
|
||||
# network_name:
|
||||
# full: Open5GS
|
||||
# short: Next
|
||||
#
|
||||
# <MME Name>
|
||||
#
|
||||
# mme:
|
||||
# mme_name: open5gs-mme0
|
||||
#
|
||||
# <Relative Capacity> - Default(255)
|
||||
#
|
||||
# mme:
|
||||
# relative_capacity: 100
|
||||
#
|
||||
mme:
|
||||
|
@ -275,8 +288,6 @@ mme:
|
|||
full: Open5GS
|
||||
mme_name: open5gs-mme0
|
||||
|
||||
#
|
||||
# sgwc:
|
||||
#
|
||||
# <GTP-C Client>
|
||||
#
|
||||
|
@ -284,17 +295,20 @@ mme:
|
|||
#
|
||||
# o One SGW is defined.
|
||||
# If prefer_ipv4 is not true, [fd69:f21d:873c:fa::2] is selected.
|
||||
# sgwc:
|
||||
# gtpc:
|
||||
# addr:
|
||||
# - 127.0.0.3
|
||||
# - fd69:f21d:873c:fa::2
|
||||
#
|
||||
# o Two SGW are defined. MME selects SGW with round-robin manner per UE
|
||||
# sgwc:
|
||||
# gtpc:
|
||||
# - addr: 127.0.0.3
|
||||
# - addr: fd69:f21d:873c:fa::2
|
||||
#
|
||||
# o Three SGW are defined. MME selects SGW with round-robin manner per UE
|
||||
# sgwc:
|
||||
# gtpc:
|
||||
# - addr
|
||||
# - 127.0.0.3
|
||||
|
@ -306,30 +320,32 @@ mme:
|
|||
#
|
||||
# <SGW Selection Mode>
|
||||
#
|
||||
# o Round-Robin
|
||||
# o Round-Robin
|
||||
# sgwc:
|
||||
# gtpc:
|
||||
# addr: 127.0.0.3
|
||||
# addr: 127.0.2.2
|
||||
# addr: 127.0.4.2
|
||||
#
|
||||
# gtpc:
|
||||
# addr: 127.0.0.3
|
||||
# addr: 127.0.2.2
|
||||
# addr: 127.0.4.2
|
||||
#
|
||||
# o SGW selection by eNodeB TAC
|
||||
# o SGW selection by eNodeB TAC
|
||||
# (either single TAC or multiple TACs, DECIMAL representation)
|
||||
#
|
||||
# gtpc:
|
||||
# - addr: 127.0.0.3
|
||||
# tac: 26000
|
||||
# - addr: 127.0.2.2
|
||||
# tac: [25000, 27000, 28000]
|
||||
# sgwc:
|
||||
# gtpc:
|
||||
# - addr: 127.0.0.3
|
||||
# tac: 26000
|
||||
# - addr: 127.0.2.2
|
||||
# tac: [25000, 27000, 28000]
|
||||
#
|
||||
# o SGW selection by e_cell_id(28bit)
|
||||
# (either single or multiple e_cell_id, HEX representation)
|
||||
#
|
||||
# gtpc:
|
||||
# - addr: 127.0.0.3
|
||||
# e_cell_id: abcde01
|
||||
# - addr: 127.0.2.2
|
||||
# e_cell_id: [12345, a9413, 98765]
|
||||
# sgwc:
|
||||
# gtpc:
|
||||
# - addr: 127.0.0.3
|
||||
# e_cell_id: abcde01
|
||||
# - addr: 127.0.2.2
|
||||
# e_cell_id: [12345, a9413, 98765]
|
||||
#
|
||||
sgwc:
|
||||
gtpc:
|
||||
|
@ -344,15 +360,18 @@ sgwc:
|
|||
# - To use a different APN for each SMF, specify gtpc.apn as the APN name.
|
||||
# - If the HSS uses WebUI to set the SMF IP for each UE,
|
||||
# you can use a specific SMF node for each UE.
|
||||
# (Default values are used, so no configuration is required)
|
||||
#
|
||||
# o Two SMF are defined. 127.0.0.4:2123 is used.
|
||||
# [fd69:f21d:873c:fa::3]:2123 is ignored.
|
||||
# smf:
|
||||
# gtpc:
|
||||
# - addr: 127.0.0.4
|
||||
# - addr: fd69:f21d:873c:fa::3
|
||||
#
|
||||
# o One SMF is defined. if prefer_ipv4 is not true,
|
||||
# [fd69:f21d:873c:fa::3] is selected.
|
||||
# smf:
|
||||
# gtpc:
|
||||
# - addr:
|
||||
# - 127.0.0.4
|
||||
|
@ -361,6 +380,7 @@ sgwc:
|
|||
# o Two SMF are defined with a different APN.
|
||||
# - Note that if SMF IP for UE is configured in HSS,
|
||||
# the following configurion for this UE is ignored.
|
||||
# smf:
|
||||
# gtpc:
|
||||
# - addr: 127.0.0.4
|
||||
# apn: internet
|
||||
|
@ -368,6 +388,7 @@ sgwc:
|
|||
# apn: volte
|
||||
#
|
||||
# o If APN is omitted, the default APN uses the first SMF node.
|
||||
# smf:
|
||||
# gtpc:
|
||||
# - addr: 127.0.0.4
|
||||
# - addr: 127.0.0.5
|
||||
|
@ -378,31 +399,28 @@ smf:
|
|||
- 127.0.0.4
|
||||
- ::1
|
||||
|
||||
#
|
||||
# parameter:
|
||||
#
|
||||
# o Disable use of IPv4 addresses (only IPv6)
|
||||
# no_ipv4: true
|
||||
# parameter:
|
||||
# no_ipv4: true
|
||||
#
|
||||
# o Disable use of IPv6 addresses (only IPv4)
|
||||
# no_ipv6: true
|
||||
# parameter:
|
||||
# no_ipv6: true
|
||||
#
|
||||
# o Prefer IPv4 instead of IPv6 for estabishing new GTP connections.
|
||||
# prefer_ipv4: true
|
||||
#
|
||||
# o Use OAI UE
|
||||
# - Remove HashMME in Security-mode command message
|
||||
# - Use the length 1 of EPS network feature support in Attach accept message
|
||||
# use_openair: true
|
||||
# parameter:
|
||||
# prefer_ipv4: true
|
||||
#
|
||||
parameter:
|
||||
|
||||
#
|
||||
# max:
|
||||
#
|
||||
# o Maximum Number of UE
|
||||
# o Maximum Number of UE
|
||||
# max:
|
||||
# ue: 1024
|
||||
# o Maximum Number of Peer(S1AP/NGAP, DIAMETER, GTP, PFCP or SBI)
|
||||
#
|
||||
# o Maximum Number of Peer(S1AP/NGAP, DIAMETER, GTP, PFCP or SBI)
|
||||
# max:
|
||||
# peer: 64
|
||||
#
|
||||
max:
|
||||
|
@ -413,24 +431,27 @@ max:
|
|||
#
|
||||
usrsctp:
|
||||
|
||||
#
|
||||
# time:
|
||||
#
|
||||
# o Message Wait Duration (Default : 10,000 ms = 10 seconds)
|
||||
# (Default values are used, so no configuration is required)
|
||||
#
|
||||
# o Message Wait Duration (3000 ms)
|
||||
# time:
|
||||
# message:
|
||||
# duration: 3000
|
||||
#
|
||||
# o Handover Wait Duration (Default : 300 ms)
|
||||
# Time to wait for MME to send UEContextReleaseCommand
|
||||
# to the source eNB after receiving HandoverNotify
|
||||
# (Default values are used, so no configuration is required)
|
||||
#
|
||||
# o Handover Wait Duration (500ms)
|
||||
# time:
|
||||
# handover:
|
||||
# duration: 500
|
||||
#
|
||||
# o Timers of EPS mobility/session management
|
||||
# time:
|
||||
# t3402:
|
||||
# value: 720 # 12 minutes * 60 = 720 seconds
|
||||
# t3412:
|
||||
|
|
|
@ -1,73 +1,91 @@
|
|||
#
|
||||
# logger:
|
||||
#
|
||||
# o Set OGS_LOG_INFO to all domain level
|
||||
# - If `level` is omitted, the default level is OGS_LOG_INFO)
|
||||
# - If `domain` is omitted, the all domain level is set from 'level'
|
||||
# (Nothing is needed)
|
||||
# (Default values are used, so no configuration is required)
|
||||
#
|
||||
# o Set OGS_LOG_ERROR to all domain level
|
||||
# - `level` can be set with none, fatal, error, warn, info, debug, trace
|
||||
# logger:
|
||||
# level: error
|
||||
#
|
||||
# o Set OGS_LOG_DEBUG to mme/emm domain level
|
||||
# logger:
|
||||
# level: debug
|
||||
# domain: mme,emm
|
||||
#
|
||||
# o Set OGS_LOG_TRACE to all domain level
|
||||
# logger:
|
||||
# level: trace
|
||||
# domain: core,sbi,nrf,event,mem,sock
|
||||
# domain: core,sbi,ausf,event,tlv,mem,sock
|
||||
#
|
||||
logger:
|
||||
file: @localstatedir@/log/open5gs/nrf.log
|
||||
|
||||
#
|
||||
# tls:
|
||||
# enabled: auto|yes|no
|
||||
# - auto: Default. Use TLS only if key/cert is available
|
||||
# - yes: Use TLS always;
|
||||
# reject if no key/cert available
|
||||
# - no: Don't use TLS if there is an key/cert available
|
||||
# o TLS enable/disable
|
||||
# sbi:
|
||||
# server|client:
|
||||
# no_tls: false|true
|
||||
# - false: (Default) Use TLS
|
||||
# - true: TLS disabled
|
||||
#
|
||||
# o Server-side Key and Certficiate
|
||||
# o Verification enable/disable
|
||||
# sbi:
|
||||
# server|client:
|
||||
# no_verify: false|true
|
||||
# - false: (Default) Verify the PEER
|
||||
# - true: Skip the verification step
|
||||
#
|
||||
# o Server-side does not use TLS
|
||||
# sbi:
|
||||
# server:
|
||||
# key: /etc/open5gs/tls/nrf.key
|
||||
# cert: /etc/open5gs/tls/nrf.crt
|
||||
# no_tls: true
|
||||
#
|
||||
# o Client-side does not use TLS
|
||||
# o Client-side skips the verification step
|
||||
# sbi:
|
||||
# client:
|
||||
# enabled: no
|
||||
# key: /etc/open5gs/tls/nrf.key
|
||||
# cert: /etc/open5gs/tls/nrf.crt
|
||||
# no_verify: true
|
||||
# key: /etc/open5gs/tls/amf.key
|
||||
# cert: /etc/open5gs/tls/amf.crt
|
||||
#
|
||||
# o Use the specified certificate to verify client
|
||||
# o Use the specified certificate while verifying the client
|
||||
# sbi:
|
||||
# server
|
||||
# cacert: /etc/open5gs/tls/ca.crt
|
||||
#
|
||||
# o Use the specified certificate to verify server
|
||||
# o Use the specified certificate while verifying the server
|
||||
# sbi:
|
||||
# client
|
||||
# cacert: /etc/open5gs/tls/ca.crt
|
||||
#
|
||||
tls:
|
||||
enabled: no
|
||||
sbi:
|
||||
server:
|
||||
no_tls: true
|
||||
cacert: @sysconfdir@/open5gs/tls/ca.crt
|
||||
key: @sysconfdir@/open5gs/tls/nrf.key
|
||||
cert: @sysconfdir@/open5gs/tls/nrf.crt
|
||||
client:
|
||||
no_tls: true
|
||||
cacert: @sysconfdir@/open5gs/tls/ca.crt
|
||||
key: @sysconfdir@/open5gs/tls/nrf.key
|
||||
cert: @sysconfdir@/open5gs/tls/nrf.crt
|
||||
|
||||
#
|
||||
# nrf:
|
||||
#
|
||||
# <SBI Server>
|
||||
#
|
||||
# o SBI Server(http://<all address available>:80)
|
||||
# sbi:
|
||||
# server:
|
||||
# no_tls: true
|
||||
# nrf:
|
||||
# sbi:
|
||||
#
|
||||
# o SBI Server(http://<any address>:7777)
|
||||
# sbi:
|
||||
# server:
|
||||
# no_tls: true
|
||||
# nrf:
|
||||
# sbi:
|
||||
# - addr:
|
||||
# - 0.0.0.0
|
||||
|
@ -75,47 +93,81 @@ tls:
|
|||
# port: 7777
|
||||
#
|
||||
# o SBI Server(https://<all address available>:443)
|
||||
# tls:
|
||||
# sbi:
|
||||
# server:
|
||||
# key: /etc/open5gs/tls/nrf.key
|
||||
# cert: /etc/open5gs/tls/nrf.crt
|
||||
# nrf:
|
||||
# sbi:
|
||||
#
|
||||
# o SBI Server(http://127.0.0.5:80, http://[::1]:80)
|
||||
# tls:
|
||||
# enabled: no
|
||||
# o SBI Server(https://127.0.0.10:443, https://[::1]:443) without verification
|
||||
# sbi:
|
||||
# server:
|
||||
# no_verify: true
|
||||
# key: /etc/open5gs/tls/nrf.key
|
||||
# cert: /etc/open5gs/tls/nrf.crt
|
||||
# nrf:
|
||||
# sbi:
|
||||
# - addr: 127.0.0.5
|
||||
# - addr: 127.0.0.10
|
||||
# - addr: ::1
|
||||
#
|
||||
# o SBI Server(https://nrf.open5gs.org:443)
|
||||
# Use the specified certificate to verify client
|
||||
# Use the specified certificate while verifying the client
|
||||
#
|
||||
# tls:
|
||||
# sbi:
|
||||
# server:
|
||||
# cacert: /etc/open5gs/tls/ca.crt
|
||||
# key: /etc/open5gs/tls/nrf.key
|
||||
# cert: /etc/open5gs/tls/nrf.crt
|
||||
# nrf:
|
||||
# sbi:
|
||||
# - name: nrf.open5gs.org
|
||||
#
|
||||
# o SBI Server(http://127.0.0.10:7777)
|
||||
# sbi:
|
||||
# server:
|
||||
# no_tls: true
|
||||
# nrf:
|
||||
# sbi:
|
||||
# - addr: 127.0.0.10
|
||||
# port: 7777
|
||||
#
|
||||
# o SBI Server(http://<eth0 IP address>:80)
|
||||
# sbi:
|
||||
# server:
|
||||
# no_tls: true
|
||||
# nrf:
|
||||
# sbi:
|
||||
# dev: eth0
|
||||
# - dev: eth0
|
||||
#
|
||||
# o Provide custom SBI address to be advertised to NRF
|
||||
# sbi:
|
||||
# server:
|
||||
# no_tls: true
|
||||
# nrf:
|
||||
# sbi:
|
||||
# - dev: eth0
|
||||
# advertise: open5gs-nrf.svc.local
|
||||
#
|
||||
# o Another example of advertising on NRF
|
||||
# sbi:
|
||||
# server:
|
||||
# no_tls: true
|
||||
# nrf:
|
||||
# sbi:
|
||||
# - addr: localhost
|
||||
# advertise:
|
||||
# - 127.0.0.99
|
||||
# - ::1
|
||||
#
|
||||
# o SBI Option (Default)
|
||||
# - tcp_nodelay : true
|
||||
# - so_linger.l_onoff : false
|
||||
#
|
||||
# sbi:
|
||||
# server:
|
||||
# no_tls: true
|
||||
# nrf:
|
||||
# sbi:
|
||||
# addr: 127.0.0.10
|
||||
# option:
|
||||
|
@ -127,9 +179,11 @@ tls:
|
|||
# <NF Service>
|
||||
#
|
||||
# o NF Service Name(Default : all NF services available)
|
||||
# nrf:
|
||||
# service_name:
|
||||
#
|
||||
# o NF Service Name(Only some NF services are available)
|
||||
# nrf:
|
||||
# service_name:
|
||||
# - nnrf-nfm
|
||||
# - nnrf-disc
|
||||
|
@ -141,32 +195,37 @@ nrf:
|
|||
- ::1
|
||||
port: 7777
|
||||
|
||||
#
|
||||
# scp:
|
||||
#
|
||||
# <SBI Client>>
|
||||
#
|
||||
# o SBI Client(http://127.0.1.10:7777)
|
||||
# sbi:
|
||||
# client:
|
||||
# no_tls: true
|
||||
# scp:
|
||||
# sbi:
|
||||
# addr: 127.0.1.10
|
||||
# port: 7777
|
||||
#
|
||||
# o SBI Client(https://127.0.1.10:443, https://[::1]:443)
|
||||
# tls:
|
||||
# o SBI Client(https://127.0.1.10:443, https://[::1]:443) without verification
|
||||
# sbi:
|
||||
# client:
|
||||
# key: /etc/open5gs/tls/nrf.key
|
||||
# cert: /etc/open5gs/tls/nrf.crt
|
||||
# no_verify: true
|
||||
# key: /etc/open5gs/tls/amf.key
|
||||
# cert: /etc/open5gs/tls/amf.crt
|
||||
# scp:
|
||||
# sbi:
|
||||
# - addr: 127.0.1.10
|
||||
# - addr: ::1
|
||||
#
|
||||
# o SBI Client(https://scp.open5gs.org:443)
|
||||
# Use the specified certificate to verify server
|
||||
# Use the specified certificate while verifying the server
|
||||
#
|
||||
# tls:
|
||||
# sbi:
|
||||
# client:
|
||||
# cacert: /etc/open5gs/tls/ca.crt
|
||||
# key: /etc/open5gs/tls/amf.key
|
||||
# cert: /etc/open5gs/tls/amf.crt
|
||||
# scp:
|
||||
# sbi:
|
||||
# - name: scp.open5gs.org
|
||||
|
@ -174,6 +233,10 @@ nrf:
|
|||
# o SBI Client(http://[fd69:f21d:873c:fb::1]:80)
|
||||
# If prefer_ipv4 is true, http://127.0.1.10:80 is selected.
|
||||
#
|
||||
# sbi:
|
||||
# client:
|
||||
# no_tls: true
|
||||
# scp:
|
||||
# sbi:
|
||||
# addr:
|
||||
# - 127.0.1.10
|
||||
|
@ -183,6 +246,10 @@ nrf:
|
|||
# - tcp_nodelay : true
|
||||
# - so_linger.l_onoff : false
|
||||
#
|
||||
# sbi:
|
||||
# client:
|
||||
# no_tls: true
|
||||
# scp:
|
||||
# sbi:
|
||||
# addr: 127.0.1.10
|
||||
# option:
|
||||
|
@ -197,62 +264,74 @@ scp:
|
|||
- addr: 127.0.1.10
|
||||
port: 7777
|
||||
|
||||
#
|
||||
# parameter:
|
||||
|
||||
#
|
||||
# o Disable use of IPv4 addresses (only IPv6)
|
||||
# no_ipv4: true
|
||||
# parameter:
|
||||
# no_ipv4: true
|
||||
#
|
||||
# o Disable use of IPv6 addresses (only IPv4)
|
||||
# no_ipv6: true
|
||||
# parameter:
|
||||
# no_ipv6: true
|
||||
#
|
||||
# o Prefer IPv4 instead of IPv6 for estabishing new GTP connections.
|
||||
# prefer_ipv4: true
|
||||
# parameter:
|
||||
# prefer_ipv4: true
|
||||
#
|
||||
parameter:
|
||||
|
||||
#
|
||||
# max:
|
||||
#
|
||||
# o Maximum Number of UE
|
||||
# o Maximum Number of UE
|
||||
# max:
|
||||
# ue: 1024
|
||||
# o Maximum Number of Peer(S1AP/NGAP, DIAMETER, GTP, PFCP or SBI)
|
||||
#
|
||||
# o Maximum Number of Peer(S1AP/NGAP, DIAMETER, GTP, PFCP or SBI)
|
||||
# max:
|
||||
# peer: 64
|
||||
#
|
||||
max:
|
||||
|
||||
#
|
||||
# time:
|
||||
#
|
||||
# o NF Instance Heartbeat (Default : 10 seconds)
|
||||
# (Default values are used, so no configuration is required)
|
||||
#
|
||||
# o NF Instance Heartbeat (Disabled)
|
||||
# time:
|
||||
# nf_instance:
|
||||
# heartbeat: 0
|
||||
#
|
||||
# o NF Instance Heartbeat (5 seconds)
|
||||
# time:
|
||||
# nf_instance:
|
||||
# heartbeat: 5
|
||||
#
|
||||
# o NF Instance Validity (Default : 3600 seconds = 1 hour)
|
||||
# (Default values are used, so no configuration is required)
|
||||
#
|
||||
# o NF Instance Validity (10 seconds)
|
||||
# time:
|
||||
# nf_instance:
|
||||
# validity: 10
|
||||
#
|
||||
# o Subscription Validity (Default : 86400 seconds = 1 day)
|
||||
# (Default values are used, so no configuration is required)
|
||||
#
|
||||
# o Subscription Validity (Disabled)
|
||||
# time:
|
||||
# subscription:
|
||||
# validity: 0
|
||||
#
|
||||
# o Subscription Validity (3600 seconds = 1 hour)
|
||||
# time:
|
||||
# subscription:
|
||||
# validity: 3600
|
||||
#
|
||||
# o Message Wait Duration (Default : 10,000 ms = 10 seconds)
|
||||
# (Default values are used, so no configuration is required)
|
||||
#
|
||||
# o Message Wait Duration (3000 ms)
|
||||
# time:
|
||||
# message:
|
||||
# duration: 3000
|
||||
time:
|
||||
|
|
|
@ -1,73 +1,91 @@
|
|||
#
|
||||
# logger:
|
||||
#
|
||||
# o Set OGS_LOG_INFO to all domain level
|
||||
# - If `level` is omitted, the default level is OGS_LOG_INFO)
|
||||
# - If `domain` is omitted, the all domain level is set from 'level'
|
||||
# (Nothing is needed)
|
||||
# (Default values are used, so no configuration is required)
|
||||
#
|
||||
# o Set OGS_LOG_ERROR to all domain level
|
||||
# - `level` can be set with none, fatal, error, warn, info, debug, trace
|
||||
# logger:
|
||||
# level: error
|
||||
#
|
||||
# o Set OGS_LOG_DEBUG to mme/emm domain level
|
||||
# logger:
|
||||
# level: debug
|
||||
# domain: mme,emm
|
||||
#
|
||||
# o Set OGS_LOG_TRACE to all domain level
|
||||
# logger:
|
||||
# level: trace
|
||||
# domain: core,sbi,nssf,event,tlv,mem,sock
|
||||
# domain: core,sbi,ausf,event,tlv,mem,sock
|
||||
#
|
||||
logger:
|
||||
file: @localstatedir@/log/open5gs/nssf.log
|
||||
|
||||
#
|
||||
# tls:
|
||||
# enabled: auto|yes|no
|
||||
# - auto: Default. Use TLS only if key/cert is available
|
||||
# - yes: Use TLS always;
|
||||
# reject if no key/cert available
|
||||
# - no: Don't use TLS if there is an key/cert available
|
||||
# o TLS enable/disable
|
||||
# sbi:
|
||||
# server|client:
|
||||
# no_tls: false|true
|
||||
# - false: (Default) Use TLS
|
||||
# - true: TLS disabled
|
||||
#
|
||||
# o Server-side Key and Certficiate
|
||||
# o Verification enable/disable
|
||||
# sbi:
|
||||
# server|client:
|
||||
# no_verify: false|true
|
||||
# - false: (Default) Verify the PEER
|
||||
# - true: Skip the verification step
|
||||
#
|
||||
# o Server-side does not use TLS
|
||||
# sbi:
|
||||
# server:
|
||||
# key: /etc/open5gs/tls/nssf.key
|
||||
# cert: /etc/open5gs/tls/nssf.crt
|
||||
# no_tls: true
|
||||
#
|
||||
# o Client-side does not use TLS
|
||||
# o Client-side skips the verification step
|
||||
# sbi:
|
||||
# client:
|
||||
# enabled: no
|
||||
# key: /etc/open5gs/tls/nssf.key
|
||||
# cert: /etc/open5gs/tls/nssf.crt
|
||||
# no_verify: true
|
||||
# key: /etc/open5gs/tls/amf.key
|
||||
# cert: /etc/open5gs/tls/amf.crt
|
||||
#
|
||||
# o Use the specified certificate to verify client
|
||||
# o Use the specified certificate while verifying the client
|
||||
# sbi:
|
||||
# server
|
||||
# cacert: /etc/open5gs/tls/ca.crt
|
||||
#
|
||||
# o Use the specified certificate to verify server
|
||||
# o Use the specified certificate while verifying the server
|
||||
# sbi:
|
||||
# client
|
||||
# cacert: /etc/open5gs/tls/ca.crt
|
||||
#
|
||||
tls:
|
||||
enabled: no
|
||||
sbi:
|
||||
server:
|
||||
no_tls: true
|
||||
cacert: @sysconfdir@/open5gs/tls/ca.crt
|
||||
key: @sysconfdir@/open5gs/tls/nssf.key
|
||||
cert: @sysconfdir@/open5gs/tls/nssf.crt
|
||||
client:
|
||||
no_tls: true
|
||||
cacert: @sysconfdir@/open5gs/tls/ca.crt
|
||||
key: @sysconfdir@/open5gs/tls/nssf.key
|
||||
cert: @sysconfdir@/open5gs/tls/nssf.crt
|
||||
|
||||
#
|
||||
# nssf:
|
||||
#
|
||||
# <SBI Server>
|
||||
#
|
||||
# o SBI Server(http://<all address available>:80)
|
||||
# sbi:
|
||||
# server:
|
||||
# no_tls: true
|
||||
# nssf:
|
||||
# sbi:
|
||||
#
|
||||
# o SBI Server(http://<any address>:7777)
|
||||
# sbi:
|
||||
# server:
|
||||
# no_tls: true
|
||||
# nssf:
|
||||
# sbi:
|
||||
# - addr:
|
||||
# - 0.0.0.0
|
||||
|
@ -75,48 +93,67 @@ tls:
|
|||
# port: 7777
|
||||
#
|
||||
# o SBI Server(https://<all address available>:443)
|
||||
# tls:
|
||||
# sbi:
|
||||
# server:
|
||||
# key: /etc/open5gs/tls/nssf.key
|
||||
# cert: /etc/open5gs/tls/nssf.crt
|
||||
# nssf:
|
||||
# sbi:
|
||||
#
|
||||
# o SBI Server(http://127.0.0.5:80, http://[::1]:80)
|
||||
# tls:
|
||||
# enabled: no
|
||||
# o SBI Server(https://127.0.0.14:443, https://[::1]:443) without verification
|
||||
# sbi:
|
||||
# server:
|
||||
# no_verify: true
|
||||
# key: /etc/open5gs/tls/nssf.key
|
||||
# cert: /etc/open5gs/tls/nssf.crt
|
||||
# nssf:
|
||||
# sbi:
|
||||
# - addr: 127.0.0.5
|
||||
# - addr: 127.0.0.14
|
||||
# - addr: ::1
|
||||
#
|
||||
# o SBI Server(https://nssf.open5gs.org:443)
|
||||
# Use the specified certificate to verify client
|
||||
# Use the specified certificate while verifying the client
|
||||
#
|
||||
# tls:
|
||||
# sbi:
|
||||
# server:
|
||||
# cacert: /etc/open5gs/tls/ca.crt
|
||||
# key: /etc/open5gs/tls/nssf.key
|
||||
# cert: /etc/open5gs/tls/nssf.crt
|
||||
# nssf:
|
||||
# sbi:
|
||||
# - name: nssf.open5gs.org
|
||||
#
|
||||
# o SBI Server(http://127.0.0.14:7777)
|
||||
# sbi:
|
||||
# server:
|
||||
# no_tls: true
|
||||
# nssf:
|
||||
# sbi:
|
||||
# - addr: 127.0.0.14
|
||||
# port: 7777
|
||||
#
|
||||
# o SBI Server(http://<eth0 IP address>:80)
|
||||
# sbi:
|
||||
# server:
|
||||
# no_tls: true
|
||||
# nssf:
|
||||
# sbi:
|
||||
# - dev: eth0
|
||||
#
|
||||
# o Provide custom SBI address to be advertised to NRF
|
||||
# sbi:
|
||||
# server:
|
||||
# no_tls: true
|
||||
# nssf:
|
||||
# sbi:
|
||||
# - dev: eth0
|
||||
# advertise: open5gs-nssf.svc.local
|
||||
#
|
||||
# o Another example of advertising on NRF
|
||||
# sbi:
|
||||
# server:
|
||||
# no_tls: true
|
||||
# nssf:
|
||||
# sbi:
|
||||
# - addr: localhost
|
||||
# advertise:
|
||||
|
@ -127,6 +164,10 @@ tls:
|
|||
# - tcp_nodelay : true
|
||||
# - so_linger.l_onoff : false
|
||||
#
|
||||
# sbi:
|
||||
# server:
|
||||
# no_tls: true
|
||||
# nssf:
|
||||
# sbi:
|
||||
# addr: 127.0.0.14
|
||||
# option:
|
||||
|
@ -141,6 +182,7 @@ tls:
|
|||
# - NRF[http://::1:7777/nnrf-nfm/v1/nf-instances]
|
||||
# NSSAI[SST:1]
|
||||
#
|
||||
# nssf:
|
||||
# nsi:
|
||||
# - addr: ::1
|
||||
# port: 7777
|
||||
|
@ -157,6 +199,7 @@ tls:
|
|||
# 2. NRF[http://127.0.0.10:7777/nnrf-nfm/v1/nf-instances]
|
||||
# NSSAI[SST:1, SD:009000]
|
||||
#
|
||||
# nssf:
|
||||
# nsi:
|
||||
# - addr: ::1
|
||||
# port: 7777
|
||||
|
@ -177,6 +220,7 @@ tls:
|
|||
# - tcp_nodelay : true
|
||||
# - so_linger.l_onoff : false
|
||||
#
|
||||
# nssf:
|
||||
# nsi:
|
||||
# addr: ::1
|
||||
# option:
|
||||
|
@ -188,9 +232,11 @@ tls:
|
|||
# <NF Service>
|
||||
#
|
||||
# o NF Service Name(Default : all NF services available)
|
||||
# nssf:
|
||||
# service_name:
|
||||
#
|
||||
# o NF Service Name(Only some NF services are available)
|
||||
# nssf:
|
||||
# service_name:
|
||||
# - nnssf-nsselection
|
||||
#
|
||||
|
@ -198,12 +244,21 @@ tls:
|
|||
#
|
||||
# o (Default) If you do not set Query Parameter as shown below,
|
||||
#
|
||||
# sbi:
|
||||
# server:
|
||||
# no_tls: true
|
||||
# nssf:
|
||||
# sbi:
|
||||
# - addr: 127.0.0.14
|
||||
# port: 7777
|
||||
#
|
||||
# - 'service-names' is included.
|
||||
#
|
||||
# o Service-Names are not included
|
||||
# sbi:
|
||||
# server:
|
||||
# no_tls: true
|
||||
# nssf:
|
||||
# sbi:
|
||||
# - addr: 127.0.0.14
|
||||
# port: 7777
|
||||
|
@ -222,6 +277,10 @@ tls:
|
|||
#
|
||||
# o (Default) If you do not set Delegated Discovery as shown below,
|
||||
#
|
||||
# sbi:
|
||||
# server:
|
||||
# no_tls: true
|
||||
# nssf:
|
||||
# sbi:
|
||||
# - addr: 127.0.0.14
|
||||
# port: 7777
|
||||
|
@ -229,6 +288,10 @@ tls:
|
|||
# - Use SCP if SCP avaiable. Otherwise NRF is used.
|
||||
# => App fails if both NRF and SCP are unavailable.
|
||||
#
|
||||
# sbi:
|
||||
# server:
|
||||
# no_tls: true
|
||||
# nssf:
|
||||
# sbi:
|
||||
# - addr: 127.0.0.14
|
||||
# port: 7777
|
||||
|
@ -251,32 +314,37 @@ nssf:
|
|||
s_nssai:
|
||||
sst: 1
|
||||
|
||||
#
|
||||
# scp:
|
||||
#
|
||||
# <SBI Client>>
|
||||
#
|
||||
# o SBI Client(http://127.0.1.10:7777)
|
||||
# sbi:
|
||||
# client:
|
||||
# no_tls: true
|
||||
# scp:
|
||||
# sbi:
|
||||
# addr: 127.0.1.10
|
||||
# port: 7777
|
||||
#
|
||||
# o SBI Client(https://127.0.1.10:443, https://[::1]:443)
|
||||
# tls:
|
||||
# o SBI Client(https://127.0.1.10:443, https://[::1]:443) without verification
|
||||
# sbi:
|
||||
# client:
|
||||
# key: /etc/open5gs/tls/nssf.key
|
||||
# cert: /etc/open5gs/tls/nssf.crt
|
||||
# no_verify: true
|
||||
# key: /etc/open5gs/tls/amf.key
|
||||
# cert: /etc/open5gs/tls/amf.crt
|
||||
# scp:
|
||||
# sbi:
|
||||
# - addr: 127.0.1.10
|
||||
# - addr: ::1
|
||||
#
|
||||
# o SBI Client(https://scp.open5gs.org:443)
|
||||
# Use the specified certificate to verify server
|
||||
# Use the specified certificate while verifying the server
|
||||
#
|
||||
# tls:
|
||||
# sbi:
|
||||
# client:
|
||||
# cacert: /etc/open5gs/tls/ca.crt
|
||||
# key: /etc/open5gs/tls/amf.key
|
||||
# cert: /etc/open5gs/tls/amf.crt
|
||||
# scp:
|
||||
# sbi:
|
||||
# - name: scp.open5gs.org
|
||||
|
@ -284,6 +352,10 @@ nssf:
|
|||
# o SBI Client(http://[fd69:f21d:873c:fb::1]:80)
|
||||
# If prefer_ipv4 is true, http://127.0.1.10:80 is selected.
|
||||
#
|
||||
# sbi:
|
||||
# client:
|
||||
# no_tls: true
|
||||
# scp:
|
||||
# sbi:
|
||||
# addr:
|
||||
# - 127.0.1.10
|
||||
|
@ -293,6 +365,10 @@ nssf:
|
|||
# - tcp_nodelay : true
|
||||
# - so_linger.l_onoff : false
|
||||
#
|
||||
# sbi:
|
||||
# client:
|
||||
# no_tls: true
|
||||
# scp:
|
||||
# sbi:
|
||||
# addr: 127.0.1.10
|
||||
# option:
|
||||
|
@ -307,32 +383,37 @@ scp:
|
|||
- addr: 127.0.1.10
|
||||
port: 7777
|
||||
|
||||
#
|
||||
# nrf:
|
||||
#
|
||||
# <SBI Client>>
|
||||
#
|
||||
# o SBI Client(http://127.0.0.10:7777)
|
||||
# sbi:
|
||||
# client:
|
||||
# no_tls: true
|
||||
# nrf:
|
||||
# sbi:
|
||||
# addr: 127.0.0.10
|
||||
# port: 7777
|
||||
#
|
||||
# o SBI Client(https://127.0.0.10:443, https://[::1]:443)
|
||||
# tls:
|
||||
# o SBI Client(https://127.0.0.10:443, https://[::1]:443) without verification
|
||||
# sbi:
|
||||
# client:
|
||||
# key: /etc/open5gs/tls/nssf.key
|
||||
# cert: /etc/open5gs/tls/nssf.crt
|
||||
# no_verify: true
|
||||
# key: /etc/open5gs/tls/amf.key
|
||||
# cert: /etc/open5gs/tls/amf.crt
|
||||
# nrf:
|
||||
# sbi:
|
||||
# - addr: 127.0.0.10
|
||||
# - addr: ::1
|
||||
#
|
||||
# o SBI Client(https://nrf.open5gs.org:443)
|
||||
# Use the specified certificate to verify server
|
||||
# Use the specified certificate while verifying the server
|
||||
#
|
||||
# tls:
|
||||
# sbi:
|
||||
# client:
|
||||
# cacert: /etc/open5gs/tls/ca.crt
|
||||
# key: /etc/open5gs/tls/amf.key
|
||||
# cert: /etc/open5gs/tls/amf.crt
|
||||
# nrf:
|
||||
# sbi:
|
||||
# - name: nrf.open5gs.org
|
||||
|
@ -345,6 +426,22 @@ scp:
|
|||
# - 127.0.0.10
|
||||
# - fd69:f21d:873c:fa::1
|
||||
#
|
||||
# o SBI Option (Default)
|
||||
# - tcp_nodelay : true
|
||||
# - so_linger.l_onoff : false
|
||||
#
|
||||
# sbi:
|
||||
# client:
|
||||
# no_tls: true
|
||||
# nrf:
|
||||
# sbi:
|
||||
# addr: 127.0.0.10
|
||||
# option:
|
||||
# tcp_nodelay: false
|
||||
# so_linger:
|
||||
# l_onoff: true
|
||||
# l_linger: 10
|
||||
#
|
||||
#nrf:
|
||||
# sbi:
|
||||
# - addr:
|
||||
|
@ -352,55 +449,51 @@ scp:
|
|||
# - ::1
|
||||
# port: 7777
|
||||
|
||||
#
|
||||
# parameter:
|
||||
#
|
||||
# o Disable use of IPv4 addresses (only IPv6)
|
||||
# no_ipv4: true
|
||||
# parameter:
|
||||
# no_ipv4: true
|
||||
#
|
||||
# o Disable use of IPv6 addresses (only IPv4)
|
||||
# no_ipv6: true
|
||||
# parameter:
|
||||
# no_ipv6: true
|
||||
#
|
||||
# o Prefer IPv4 instead of IPv6 for estabishing new GTP connections.
|
||||
# prefer_ipv4: true
|
||||
# parameter:
|
||||
# prefer_ipv4: true
|
||||
#
|
||||
parameter:
|
||||
|
||||
#
|
||||
# max:
|
||||
#
|
||||
# o Maximum Number of UE
|
||||
# o Maximum Number of UE
|
||||
# max:
|
||||
# ue: 1024
|
||||
# o Maximum Number of Peer(S1AP/NGAP, DIAMETER, GTP, PFCP or SBI)
|
||||
#
|
||||
# o Maximum Number of Peer(S1AP/NGAP, DIAMETER, GTP, PFCP or SBI)
|
||||
# max:
|
||||
# peer: 64
|
||||
#
|
||||
max:
|
||||
|
||||
#
|
||||
# time:
|
||||
#
|
||||
# o NF Instance Heartbeat (Default : 0)
|
||||
# NFs will not send heart-beat timer in NFProfile
|
||||
# NRF will send heart-beat timer in NFProfile
|
||||
# (Default values are used, so no configuration is required)
|
||||
#
|
||||
# o NF Instance Heartbeat (20 seconds)
|
||||
# NFs will send heart-beat timer (20 seconds) in NFProfile
|
||||
# NRF can change heart-beat timer in NFProfile
|
||||
#
|
||||
# time:
|
||||
# nf_instance:
|
||||
# heartbeat: 20
|
||||
#
|
||||
# o NF Instance Heartbeat (Disabled)
|
||||
# nf_instance:
|
||||
# heartbeat: 0
|
||||
#
|
||||
# o NF Instance Heartbeat (10 seconds)
|
||||
# nf_instance:
|
||||
# heartbeat: 10
|
||||
#
|
||||
# o Message Wait Duration (Default : 10,000 ms = 10 seconds)
|
||||
# (Default values are used, so no configuration is required)
|
||||
#
|
||||
# o Message Wait Duration (3000 ms)
|
||||
# time:
|
||||
# message:
|
||||
# duration: 3000
|
||||
time:
|
||||
|
|
|
@ -1,75 +1,93 @@
|
|||
db_uri: mongodb://localhost/open5gs
|
||||
|
||||
#
|
||||
# logger:
|
||||
#
|
||||
# o Set OGS_LOG_INFO to all domain level
|
||||
# - If `level` is omitted, the default level is OGS_LOG_INFO)
|
||||
# - If `domain` is omitted, the all domain level is set from 'level'
|
||||
# (Nothing is needed)
|
||||
# (Default values are used, so no configuration is required)
|
||||
#
|
||||
# o Set OGS_LOG_ERROR to all domain level
|
||||
# - `level` can be set with none, fatal, error, warn, info, debug, trace
|
||||
# logger:
|
||||
# level: error
|
||||
#
|
||||
# o Set OGS_LOG_DEBUG to mme/emm domain level
|
||||
# logger:
|
||||
# level: debug
|
||||
# domain: mme,emm
|
||||
#
|
||||
# o Set OGS_LOG_TRACE to all domain level
|
||||
# logger:
|
||||
# level: trace
|
||||
# domain: core,sbi,pcf,event,tlv,mem,sock
|
||||
# domain: core,sbi,ausf,event,tlv,mem,sock
|
||||
#
|
||||
logger:
|
||||
file: @localstatedir@/log/open5gs/pcf.log
|
||||
|
||||
#
|
||||
# tls:
|
||||
# enabled: auto|yes|no
|
||||
# - auto: Default. Use TLS only if key/cert is available
|
||||
# - yes: Use TLS always;
|
||||
# reject if no key/cert available
|
||||
# - no: Don't use TLS if there is an key/cert available
|
||||
# o TLS enable/disable
|
||||
# sbi:
|
||||
# server|client:
|
||||
# no_tls: false|true
|
||||
# - false: (Default) Use TLS
|
||||
# - true: TLS disabled
|
||||
#
|
||||
# o Server-side Key and Certficiate
|
||||
# o Verification enable/disable
|
||||
# sbi:
|
||||
# server|client:
|
||||
# no_verify: false|true
|
||||
# - false: (Default) Verify the PEER
|
||||
# - true: Skip the verification step
|
||||
#
|
||||
# o Server-side does not use TLS
|
||||
# sbi:
|
||||
# server:
|
||||
# key: /etc/open5gs/tls/pcf.key
|
||||
# cert: /etc/open5gs/tls/pcf.crt
|
||||
# no_tls: true
|
||||
#
|
||||
# o Client-side does not use TLS
|
||||
# o Client-side skips the verification step
|
||||
# sbi:
|
||||
# client:
|
||||
# enabled: no
|
||||
# key: /etc/open5gs/tls/pcf.key
|
||||
# cert: /etc/open5gs/tls/pcf.crt
|
||||
# no_verify: true
|
||||
# key: /etc/open5gs/tls/amf.key
|
||||
# cert: /etc/open5gs/tls/amf.crt
|
||||
#
|
||||
# o Use the specified certificate to verify client
|
||||
# o Use the specified certificate while verifying the client
|
||||
# sbi:
|
||||
# server
|
||||
# cacert: /etc/open5gs/tls/ca.crt
|
||||
#
|
||||
# o Use the specified certificate to verify server
|
||||
# o Use the specified certificate while verifying the server
|
||||
# sbi:
|
||||
# client
|
||||
# cacert: /etc/open5gs/tls/ca.crt
|
||||
#
|
||||
tls:
|
||||
enabled: no
|
||||
sbi:
|
||||
server:
|
||||
no_tls: true
|
||||
cacert: @sysconfdir@/open5gs/tls/ca.crt
|
||||
key: @sysconfdir@/open5gs/tls/pcf.key
|
||||
cert: @sysconfdir@/open5gs/tls/pcf.crt
|
||||
client:
|
||||
no_tls: true
|
||||
cacert: @sysconfdir@/open5gs/tls/ca.crt
|
||||
key: @sysconfdir@/open5gs/tls/pcf.key
|
||||
cert: @sysconfdir@/open5gs/tls/pcf.crt
|
||||
|
||||
#
|
||||
# pcf:
|
||||
#
|
||||
# <SBI Server>
|
||||
#
|
||||
# o SBI Server(http://<all address available>:80)
|
||||
# sbi:
|
||||
# server:
|
||||
# no_tls: true
|
||||
# pcf:
|
||||
# sbi:
|
||||
#
|
||||
# o SBI Server(http://<any address>:7777)
|
||||
# sbi:
|
||||
# server:
|
||||
# no_tls: true
|
||||
# pcf:
|
||||
# sbi:
|
||||
# - addr:
|
||||
# - 0.0.0.0
|
||||
|
@ -77,48 +95,67 @@ tls:
|
|||
# port: 7777
|
||||
#
|
||||
# o SBI Server(https://<all address available>:443)
|
||||
# tls:
|
||||
# sbi:
|
||||
# server:
|
||||
# key: /etc/open5gs/tls/pcf.key
|
||||
# cert: /etc/open5gs/tls/pcf.crt
|
||||
# pcf:
|
||||
# sbi:
|
||||
#
|
||||
# o SBI Server(http://127.0.0.5:80, http://[::1]:80)
|
||||
# tls:
|
||||
# enabled: no
|
||||
# o SBI Server(https://127.0.0.13:443, https://[::1]:443) without verification
|
||||
# sbi:
|
||||
# server:
|
||||
# no_verify: true
|
||||
# key: /etc/open5gs/tls/pcf.key
|
||||
# cert: /etc/open5gs/tls/pcf.crt
|
||||
# pcf:
|
||||
# sbi:
|
||||
# - addr: 127.0.0.5
|
||||
# - addr: 127.0.0.13
|
||||
# - addr: ::1
|
||||
#
|
||||
# o SBI Server(https://pcf.open5gs.org:443)
|
||||
# Use the specified certificate to verify client
|
||||
# Use the specified certificate while verifying the client
|
||||
#
|
||||
# tls:
|
||||
# sbi:
|
||||
# server:
|
||||
# cacert: /etc/open5gs/tls/ca.crt
|
||||
# key: /etc/open5gs/tls/pcf.key
|
||||
# cert: /etc/open5gs/tls/pcf.crt
|
||||
# pcf:
|
||||
# sbi:
|
||||
# - name: pcf.open5gs.org
|
||||
#
|
||||
# o SBI Server(http://127.0.0.13:7777)
|
||||
# sbi:
|
||||
# server:
|
||||
# no_tls: true
|
||||
# pcf:
|
||||
# sbi:
|
||||
# - addr: 127.0.0.13
|
||||
# port: 7777
|
||||
#
|
||||
# o SBI Server(http://<eth0 IP address>:80)
|
||||
# sbi:
|
||||
# server:
|
||||
# no_tls: true
|
||||
# pcf:
|
||||
# sbi:
|
||||
# - dev: eth0
|
||||
#
|
||||
# o Provide custom SBI address to be advertised to NRF
|
||||
# sbi:
|
||||
# server:
|
||||
# no_tls: true
|
||||
# pcf:
|
||||
# sbi:
|
||||
# - dev: eth0
|
||||
# advertise: open5gs-pcf.svc.local
|
||||
#
|
||||
# o Another example of advertising on NRF
|
||||
# sbi:
|
||||
# server:
|
||||
# no_tls: true
|
||||
# pcf:
|
||||
# sbi:
|
||||
# - addr: localhost
|
||||
# advertise:
|
||||
|
@ -129,6 +166,10 @@ tls:
|
|||
# - tcp_nodelay : true
|
||||
# - so_linger.l_onoff : false
|
||||
#
|
||||
# sbi:
|
||||
# server:
|
||||
# no_tls: true
|
||||
# pcf:
|
||||
# sbi:
|
||||
# addr: 127.0.0.13
|
||||
# option:
|
||||
|
@ -140,9 +181,11 @@ tls:
|
|||
# <NF Service>
|
||||
#
|
||||
# o NF Service Name(Default : all NF services available)
|
||||
# pcf:
|
||||
# service_name:
|
||||
#
|
||||
# o NF Service Name(Only some NF services are available)
|
||||
# pcf:
|
||||
# service_name:
|
||||
# - npcf-am-policy-control
|
||||
# - npcf-smpolicycontrol
|
||||
|
@ -181,6 +224,10 @@ tls:
|
|||
#
|
||||
# o (Default) If you do not set Delegated Discovery as shown below,
|
||||
#
|
||||
# sbi:
|
||||
# server:
|
||||
# no_tls: true
|
||||
# pcf:
|
||||
# sbi:
|
||||
# - addr: 127.0.0.13
|
||||
# port: 7777
|
||||
|
@ -188,6 +235,10 @@ tls:
|
|||
# - Use SCP if SCP avaiable. Otherwise NRF is used.
|
||||
# => App fails if both NRF and SCP are unavailable.
|
||||
#
|
||||
# sbi:
|
||||
# server:
|
||||
# no_tls: true
|
||||
# pcf:
|
||||
# sbi:
|
||||
# - addr: 127.0.0.13
|
||||
# port: 7777
|
||||
|
@ -200,9 +251,11 @@ tls:
|
|||
# o Don't use SCP server => App fails if no NRF available.
|
||||
# delegated: no
|
||||
#
|
||||
#
|
||||
# <Metrics Server>
|
||||
#
|
||||
# o Metrics Server(http://<any address>:9090)
|
||||
# pcf:
|
||||
# metrics:
|
||||
# - addr: 0.0.0.0
|
||||
# port: 9090
|
||||
|
@ -324,47 +377,51 @@ scp:
|
|||
# - ::1
|
||||
# port: 7777
|
||||
|
||||
#
|
||||
# parameter:
|
||||
#
|
||||
# o Disable use of IPv4 addresses (only IPv6)
|
||||
# no_ipv4: true
|
||||
# parameter:
|
||||
# no_ipv4: true
|
||||
#
|
||||
# o Disable use of IPv6 addresses (only IPv4)
|
||||
# no_ipv6: true
|
||||
# parameter:
|
||||
# no_ipv6: true
|
||||
#
|
||||
# o Prefer IPv4 instead of IPv6 for estabishing new GTP connections.
|
||||
# prefer_ipv4: true
|
||||
# parameter:
|
||||
# prefer_ipv4: true
|
||||
#
|
||||
parameter:
|
||||
|
||||
#
|
||||
# max:
|
||||
#
|
||||
# o Maximum Number of UE
|
||||
# o Maximum Number of UE
|
||||
# max:
|
||||
# ue: 1024
|
||||
# o Maximum Number of Peer(S1AP/NGAP, DIAMETER, GTP, PFCP or SBI)
|
||||
#
|
||||
# o Maximum Number of Peer(S1AP/NGAP, DIAMETER, GTP, PFCP or SBI)
|
||||
# max:
|
||||
# peer: 64
|
||||
#
|
||||
max:
|
||||
|
||||
#
|
||||
# time:
|
||||
#
|
||||
# o NF Instance Heartbeat (Default : 0)
|
||||
# NFs will not send heart-beat timer in NFProfile
|
||||
# NRF will send heart-beat timer in NFProfile
|
||||
# (Default values are used, so no configuration is required)
|
||||
#
|
||||
# o NF Instance Heartbeat (20 seconds)
|
||||
# NFs will send heart-beat timer (20 seconds) in NFProfile
|
||||
# NRF can change heart-beat timer in NFProfile
|
||||
#
|
||||
# time:
|
||||
# nf_instance:
|
||||
# heartbeat: 20
|
||||
#
|
||||
# o Message Wait Duration (Default : 10,000 ms = 10 seconds)
|
||||
# (Default values are used, so no configuration is required)
|
||||
#
|
||||
# o Message Wait Duration (3000 ms)
|
||||
# time:
|
||||
# message:
|
||||
# duration: 3000
|
||||
time:
|
||||
|
|
|
@ -1,50 +1,54 @@
|
|||
db_uri: mongodb://localhost/open5gs
|
||||
|
||||
#
|
||||
# logger:
|
||||
#
|
||||
# o Set OGS_LOG_INFO to all domain level
|
||||
# - If `level` is omitted, the default level is OGS_LOG_INFO)
|
||||
# - If `domain` is omitted, the all domain level is set from 'level'
|
||||
# (Nothing is needed)
|
||||
# (Default values are used, so no configuration is required)
|
||||
#
|
||||
# o Set OGS_LOG_ERROR to all domain level
|
||||
# - `level` can be set with none, fatal, error, warn, info, debug, trace
|
||||
# logger:
|
||||
# level: error
|
||||
#
|
||||
# o Set OGS_LOG_DEBUG to mme/emm domain level
|
||||
# logger:
|
||||
# level: debug
|
||||
# domain: mme,emm
|
||||
#
|
||||
# o Set OGS_LOG_TRACE to all domain level
|
||||
# logger:
|
||||
# level: trace
|
||||
# domain: core,fd,pcrf,event,mem,sock
|
||||
# domain: core,sbi,ausf,event,tlv,mem,sock
|
||||
#
|
||||
logger:
|
||||
file: @localstatedir@/log/open5gs/pcrf.log
|
||||
|
||||
pcrf:
|
||||
freeDiameter: @sysconfdir@/freeDiameter/pcrf.conf
|
||||
|
||||
#
|
||||
# parameter:
|
||||
#
|
||||
# o Disable use of IPv4 addresses (only IPv6)
|
||||
# no_ipv4: true
|
||||
# parameter:
|
||||
# no_ipv4: true
|
||||
#
|
||||
# o Disable use of IPv6 addresses (only IPv4)
|
||||
# no_ipv6: true
|
||||
# parameter:
|
||||
# no_ipv6: true
|
||||
#
|
||||
# o Prefer IPv4 instead of IPv6 for estabishing new GTP connections.
|
||||
# prefer_ipv4: true
|
||||
# parameter:
|
||||
# prefer_ipv4: true
|
||||
#
|
||||
parameter:
|
||||
|
||||
#
|
||||
# max:
|
||||
#
|
||||
# o Maximum Number of UE
|
||||
# o Maximum Number of UE
|
||||
# max:
|
||||
# ue: 1024
|
||||
# o Maximum Number of Peer(S1AP/NGAP, DIAMETER, GTP, PFCP or SBI)
|
||||
#
|
||||
# o Maximum Number of Peer(S1AP/NGAP, DIAMETER, GTP, PFCP or SBI)
|
||||
# max:
|
||||
# peer: 64
|
||||
#
|
||||
max:
|
||||
|
|
|
@ -1,75 +1,93 @@
|
|||
db_uri: mongodb://localhost/open5gs
|
||||
|
||||
#
|
||||
# logger:
|
||||
#
|
||||
# o Set OGS_LOG_INFO to all domain level
|
||||
# - If `level` is omitted, the default level is OGS_LOG_INFO)
|
||||
# - If `domain` is omitted, the all domain level is set from 'level'
|
||||
# (Nothing is needed)
|
||||
# (Default values are used, so no configuration is required)
|
||||
#
|
||||
# o Set OGS_LOG_ERROR to all domain level
|
||||
# - `level` can be set with none, fatal, error, warn, info, debug, trace
|
||||
# logger:
|
||||
# level: error
|
||||
#
|
||||
# o Set OGS_LOG_DEBUG to mme/emm domain level
|
||||
# logger:
|
||||
# level: debug
|
||||
# domain: mme,emm
|
||||
#
|
||||
# o Set OGS_LOG_TRACE to all domain level
|
||||
# logger:
|
||||
# level: trace
|
||||
# domain: core,sbi,scp,event,tlv,mem,sock
|
||||
# domain: core,sbi,ausf,event,tlv,mem,sock
|
||||
#
|
||||
logger:
|
||||
file: @localstatedir@/log/open5gs/scp.log
|
||||
|
||||
#
|
||||
# tls:
|
||||
# enabled: auto|yes|no
|
||||
# - auto: Default. Use TLS only if key/cert is available
|
||||
# - yes: Use TLS always;
|
||||
# reject if no key/cert available
|
||||
# - no: Don't use TLS if there is an key/cert available
|
||||
# o TLS enable/disable
|
||||
# sbi:
|
||||
# server|client:
|
||||
# no_tls: false|true
|
||||
# - false: (Default) Use TLS
|
||||
# - true: TLS disabled
|
||||
#
|
||||
# o Server-side Key and Certficiate
|
||||
# o Verification enable/disable
|
||||
# sbi:
|
||||
# server|client:
|
||||
# no_verify: false|true
|
||||
# - false: (Default) Verify the PEER
|
||||
# - true: Skip the verification step
|
||||
#
|
||||
# o Server-side does not use TLS
|
||||
# sbi:
|
||||
# server:
|
||||
# key: /etc/open5gs/tls/scp.key
|
||||
# cert: /etc/open5gs/tls/scp.crt
|
||||
# no_tls: true
|
||||
#
|
||||
# o Client-side does not use TLS
|
||||
# o Client-side skips the verification step
|
||||
# sbi:
|
||||
# client:
|
||||
# enabled: no
|
||||
# key: /etc/open5gs/tls/scp.key
|
||||
# cert: /etc/open5gs/tls/scp.crt
|
||||
# no_verify: true
|
||||
# key: /etc/open5gs/tls/amf.key
|
||||
# cert: /etc/open5gs/tls/amf.crt
|
||||
#
|
||||
# o Use the specified certificate to verify client
|
||||
# o Use the specified certificate while verifying the client
|
||||
# sbi:
|
||||
# server
|
||||
# cacert: /etc/open5gs/tls/ca.crt
|
||||
#
|
||||
# o Use the specified certificate to verify server
|
||||
# o Use the specified certificate while verifying the server
|
||||
# sbi:
|
||||
# client
|
||||
# cacert: /etc/open5gs/tls/ca.crt
|
||||
#
|
||||
tls:
|
||||
enabled: no
|
||||
sbi:
|
||||
server:
|
||||
no_tls: true
|
||||
cacert: @sysconfdir@/open5gs/tls/ca.crt
|
||||
key: @sysconfdir@/open5gs/tls/scp.key
|
||||
cert: @sysconfdir@/open5gs/tls/scp.crt
|
||||
client:
|
||||
no_tls: true
|
||||
cacert: @sysconfdir@/open5gs/tls/ca.crt
|
||||
key: @sysconfdir@/open5gs/tls/scp.key
|
||||
cert: @sysconfdir@/open5gs/tls/scp.crt
|
||||
|
||||
#
|
||||
# scp:
|
||||
#
|
||||
# <SBI Server>
|
||||
#
|
||||
# o SBI Server(http://<all address available>:80)
|
||||
# sbi:
|
||||
# server:
|
||||
# no_tls: true
|
||||
# scp:
|
||||
# sbi:
|
||||
#
|
||||
# o SBI Server(http://<any address>:7777)
|
||||
# sbi:
|
||||
# server:
|
||||
# no_tls: true
|
||||
# scp:
|
||||
# sbi:
|
||||
# - addr:
|
||||
# - 0.0.0.0
|
||||
|
@ -77,48 +95,67 @@ tls:
|
|||
# port: 7777
|
||||
#
|
||||
# o SBI Server(https://<all address available>:443)
|
||||
# tls:
|
||||
# sbi:
|
||||
# server:
|
||||
# key: /etc/open5gs/tls/scp.key
|
||||
# cert: /etc/open5gs/tls/scp.crt
|
||||
# scp:
|
||||
# sbi:
|
||||
#
|
||||
# o SBI Server(http://127.0.0.5:80, http://[::1]:80)
|
||||
# tls:
|
||||
# enabled: no
|
||||
# o SBI Server(https://127.0.1.10:443, https://[::1]:443) without verification
|
||||
# sbi:
|
||||
# server:
|
||||
# no_verify: true
|
||||
# key: /etc/open5gs/tls/scp.key
|
||||
# cert: /etc/open5gs/tls/scp.crt
|
||||
# scp:
|
||||
# sbi:
|
||||
# - addr: 127.0.0.5
|
||||
# - addr: 127.0.1.10
|
||||
# - addr: ::1
|
||||
#
|
||||
# o SBI Server(https://scp.open5gs.org:443)
|
||||
# Use the specified certificate to verify client
|
||||
# Use the specified certificate while verifying the client
|
||||
#
|
||||
# tls:
|
||||
# sbi:
|
||||
# server:
|
||||
# cacert: /etc/open5gs/tls/ca.crt
|
||||
# key: /etc/open5gs/tls/scp.key
|
||||
# cert: /etc/open5gs/tls/scp.crt
|
||||
# scp:
|
||||
# sbi:
|
||||
# - name: scp.open5gs.org
|
||||
#
|
||||
# o SBI Server(http://127.0.1.10:7777)
|
||||
# sbi:
|
||||
# server:
|
||||
# no_tls: true
|
||||
# scp:
|
||||
# sbi:
|
||||
# - addr: 127.0.1.10
|
||||
# port: 7777
|
||||
#
|
||||
# o SBI Server(http://<eth0 IP address>:80)
|
||||
# sbi:
|
||||
# server:
|
||||
# no_tls: true
|
||||
# scp:
|
||||
# sbi:
|
||||
# - dev: eth0
|
||||
#
|
||||
# o Provide custom SBI address to be advertised to NRF
|
||||
# sbi:
|
||||
# server:
|
||||
# no_tls: true
|
||||
# scp:
|
||||
# sbi:
|
||||
# - dev: eth0
|
||||
# advertise: open5gs-scp.svc.local
|
||||
#
|
||||
# o Another example of advertising on NRF
|
||||
# sbi:
|
||||
# server:
|
||||
# no_tls: true
|
||||
# scp:
|
||||
# sbi:
|
||||
# - addr: localhost
|
||||
# advertise:
|
||||
|
@ -129,6 +166,10 @@ tls:
|
|||
# - tcp_nodelay : true
|
||||
# - so_linger.l_onoff : false
|
||||
#
|
||||
# sbi:
|
||||
# server:
|
||||
# no_tls: true
|
||||
# scp:
|
||||
# sbi:
|
||||
# addr: 127.0.1.10
|
||||
# option:
|
||||
|
@ -141,6 +182,10 @@ tls:
|
|||
#
|
||||
# o (Default) If you do not set Delegated Discovery as shown below,
|
||||
#
|
||||
# sbi:
|
||||
# server:
|
||||
# no_tls: true
|
||||
# scp:
|
||||
# sbi:
|
||||
# - addr: 127.0.1.10
|
||||
# port: 7777
|
||||
|
@ -148,6 +193,10 @@ tls:
|
|||
# - Use SCP if SCP avaiable. Otherwise NRF is used.
|
||||
# => App fails if both NRF and SCP are unavailable.
|
||||
#
|
||||
# sbi:
|
||||
# server:
|
||||
# no_tls: true
|
||||
# scp:
|
||||
# sbi:
|
||||
# - addr: 127.0.1.10
|
||||
# port: 7777
|
||||
|
@ -165,82 +214,104 @@ scp:
|
|||
- addr: 127.0.1.10
|
||||
port: 7777
|
||||
|
||||
#
|
||||
# next_scp:
|
||||
#
|
||||
# <Next hop SCP>
|
||||
#
|
||||
# o SBI Client(http://127.0.1.11:7777)
|
||||
# o SBI Client(http://127.0.1.10:7777)
|
||||
# sbi:
|
||||
# client:
|
||||
# no_tls: true
|
||||
# next_scp:
|
||||
# sbi:
|
||||
# addr: 127.0.1.11
|
||||
# addr: 127.0.1.10
|
||||
# port: 7777
|
||||
#
|
||||
# o SBI Client(https://127.0.1.11:443, https://[::1]:443)
|
||||
# tls:
|
||||
# o SBI Client(https://127.0.1.10:443, https://[::1]:443) without verification
|
||||
# sbi:
|
||||
# client:
|
||||
# key: /etc/open5gs/tls/next-scp.key
|
||||
# cert: /etc/open5gs/tls/next-scp.crt
|
||||
# scp:
|
||||
# no_verify: true
|
||||
# key: /etc/open5gs/tls/amf.key
|
||||
# cert: /etc/open5gs/tls/amf.crt
|
||||
# next_scp:
|
||||
# sbi:
|
||||
# - addr: 127.0.1.11
|
||||
# - addr: 127.0.1.10
|
||||
# - addr: ::1
|
||||
#
|
||||
# o SBI Client(http://next-scp.open5gs.org:443)
|
||||
# Use the specified certificate to verify server
|
||||
# o SBI Client(https://scp.open5gs.org:443)
|
||||
# Use the specified certificate while verifying the server
|
||||
#
|
||||
# tls:
|
||||
# sbi:
|
||||
# client:
|
||||
# cacert: /etc/open5gs/tls/ca.crt
|
||||
# scp:
|
||||
# key: /etc/open5gs/tls/amf.key
|
||||
# cert: /etc/open5gs/tls/amf.crt
|
||||
# next_scp:
|
||||
# sbi:
|
||||
# - name: scp.open5gs.org
|
||||
#
|
||||
# o SBI Client(http://[fd69:f21d:873c:fb::1]:80)
|
||||
# If prefer_ipv4 is true, http://127.0.1.11:80 is selected.
|
||||
# If prefer_ipv4 is true, http://127.0.1.10:80 is selected.
|
||||
#
|
||||
# sbi:
|
||||
# client:
|
||||
# no_tls: true
|
||||
# next_scp:
|
||||
# sbi:
|
||||
# addr:
|
||||
# - 127.0.1.11
|
||||
# - 127.0.1.10
|
||||
# - fd69:f21d:873c:fb::1
|
||||
#
|
||||
# o SBI Option (Default)
|
||||
# - tcp_nodelay : true
|
||||
# - so_linger.l_onoff : false
|
||||
#
|
||||
# sbi:
|
||||
# client:
|
||||
# no_tls: true
|
||||
# next_scp:
|
||||
# sbi:
|
||||
# addr: 127.0.1.11
|
||||
# addr: 127.0.1.10
|
||||
# option:
|
||||
# tcp_nodelay: false
|
||||
# so_linger:
|
||||
# l_onoff: true
|
||||
# l_linger: 10
|
||||
#
|
||||
|
||||
#
|
||||
# nrf:
|
||||
|
||||
#
|
||||
# <SBI Client>>
|
||||
#
|
||||
# o SBI Client(http://127.0.0.10:7777)
|
||||
# sbi:
|
||||
# client:
|
||||
# no_tls: true
|
||||
# nrf:
|
||||
# sbi:
|
||||
# addr: 127.0.0.10
|
||||
# port: 7777
|
||||
#
|
||||
# o SBI Client(https://127.0.0.10:443, http://nrf.open5gs.org:80)
|
||||
# o SBI Client(https://127.0.0.10:443, https://[::1]:443) without verification
|
||||
# sbi:
|
||||
# client:
|
||||
# no_verify: true
|
||||
# key: /etc/open5gs/tls/amf.key
|
||||
# cert: /etc/open5gs/tls/amf.crt
|
||||
# nrf:
|
||||
# sbi:
|
||||
# - addr: 127.0.0.10
|
||||
# tls:
|
||||
# key: /etc/open5gs/tls/scp.key
|
||||
# cert: /etc/open5gs/tls/scp.crt
|
||||
# - name: nrf.open5gs.org
|
||||
# - addr: ::1
|
||||
#
|
||||
# o SBI Client(https://nrf.open5gs.org:443)
|
||||
# Use the specified certificate to verify peer
|
||||
# Use the specified certificate while verifying the server
|
||||
#
|
||||
# sbi:
|
||||
# client:
|
||||
# cacert: /etc/open5gs/tls/ca.crt
|
||||
# key: /etc/open5gs/tls/amf.key
|
||||
# cert: /etc/open5gs/tls/amf.crt
|
||||
# nrf:
|
||||
# sbi:
|
||||
# - name: nrf.open5gs.org
|
||||
# tls:
|
||||
# cacert: /etc/open5gs/tls/ca.crt
|
||||
#
|
||||
# o SBI Client(http://[fd69:f21d:873c:fa::1]:80)
|
||||
# If prefer_ipv4 is true, http://127.0.0.10:80 is selected.
|
||||
|
@ -254,6 +325,10 @@ scp:
|
|||
# - tcp_nodelay : true
|
||||
# - so_linger.l_onoff : false
|
||||
#
|
||||
# sbi:
|
||||
# client:
|
||||
# no_tls: true
|
||||
# nrf:
|
||||
# sbi:
|
||||
# addr: 127.0.0.10
|
||||
# option:
|
||||
|
@ -269,47 +344,51 @@ nrf:
|
|||
- ::1
|
||||
port: 7777
|
||||
|
||||
#
|
||||
# parameter:
|
||||
#
|
||||
# o Disable use of IPv4 addresses (only IPv6)
|
||||
# no_ipv4: true
|
||||
# parameter:
|
||||
# no_ipv4: true
|
||||
#
|
||||
# o Disable use of IPv6 addresses (only IPv4)
|
||||
# no_ipv6: true
|
||||
# parameter:
|
||||
# no_ipv6: true
|
||||
#
|
||||
# o Prefer IPv4 instead of IPv6 for estabishing new GTP connections.
|
||||
# prefer_ipv4: true
|
||||
# parameter:
|
||||
# prefer_ipv4: true
|
||||
#
|
||||
parameter:
|
||||
|
||||
#
|
||||
# max:
|
||||
#
|
||||
# o Maximum Number of UE
|
||||
# o Maximum Number of UE
|
||||
# max:
|
||||
# ue: 1024
|
||||
# o Maximum Number of Peer(S1AP/NGAP, DIAMETER, GTP, PFCP or SBI)
|
||||
#
|
||||
# o Maximum Number of Peer(S1AP/NGAP, DIAMETER, GTP, PFCP or SBI)
|
||||
# max:
|
||||
# peer: 64
|
||||
#
|
||||
max:
|
||||
|
||||
#
|
||||
# time:
|
||||
#
|
||||
# o NF Instance Heartbeat (Default : 0)
|
||||
# NFs will not send heart-beat timer in NFProfile
|
||||
# NRF will send heart-beat timer in NFProfile
|
||||
# (Default values are used, so no configuration is required)
|
||||
#
|
||||
# o NF Instance Heartbeat (20 seconds)
|
||||
# NFs will send heart-beat timer (20 seconds) in NFProfile
|
||||
# NRF can change heart-beat timer in NFProfile
|
||||
#
|
||||
# time:
|
||||
# nf_instance:
|
||||
# heartbeat: 20
|
||||
#
|
||||
# o Message Wait Duration (Default : 10,000 ms = 10 seconds)
|
||||
# (Default values are used, so no configuration is required)
|
||||
#
|
||||
# o Message Wait Duration (3000 ms)
|
||||
# time:
|
||||
# message:
|
||||
# duration: 3000
|
||||
time:
|
||||
|
|
|
@ -1,32 +1,32 @@
|
|||
#
|
||||
# logger:
|
||||
#
|
||||
# o Set OGS_LOG_INFO to all domain level
|
||||
# - If `level` is omitted, the default level is OGS_LOG_INFO)
|
||||
# - If `domain` is omitted, the all domain level is set from 'level'
|
||||
# (Nothing is needed)
|
||||
# (Default values are used, so no configuration is required)
|
||||
#
|
||||
# o Set OGS_LOG_ERROR to all domain level
|
||||
# - `level` can be set with none, fatal, error, warn, info, debug, trace
|
||||
# logger:
|
||||
# level: error
|
||||
#
|
||||
# o Set OGS_LOG_DEBUG to mme/emm domain level
|
||||
# logger:
|
||||
# level: debug
|
||||
# domain: mme,emm
|
||||
#
|
||||
# o Set OGS_LOG_TRACE to all domain level
|
||||
# logger:
|
||||
# level: trace
|
||||
# domain: core,pfcp,gtp,sgwc,event,tlv,mem,sock
|
||||
# domain: core,sbi,ausf,event,tlv,mem,sock
|
||||
#
|
||||
logger:
|
||||
file: @localstatedir@/log/open5gs/sgwc.log
|
||||
|
||||
#
|
||||
# sgwc:
|
||||
#
|
||||
# <GTP-C Server>
|
||||
#
|
||||
# o GTP-C Server(127.0.0.3:2123, [fd69:f21d:873c:fa::2]:2123)
|
||||
# sgwc:
|
||||
# gtpc:
|
||||
# addr:
|
||||
# - 127.0.0.3
|
||||
|
@ -34,6 +34,7 @@ logger:
|
|||
#
|
||||
# o On SGW, Same Configuration(127.0.0.3:2123,
|
||||
# [fd69:f21d:873c:fa::2]:2123) as below.
|
||||
# sgwc:
|
||||
# gtpc:
|
||||
# - addr: 127.0.0.3
|
||||
# - addr: fd69:f21d:873c:fa::2
|
||||
|
@ -41,6 +42,7 @@ logger:
|
|||
# o GTP-C Option (Default)
|
||||
# - so_bindtodevice : NULL
|
||||
#
|
||||
# sgwc:
|
||||
# gtpc:
|
||||
# addr: 127.0.0.3
|
||||
# option:
|
||||
|
@ -49,17 +51,20 @@ logger:
|
|||
# <PFCP Server>
|
||||
#
|
||||
# o PFCP Server(127.0.0.3:8805, ::1:8805)
|
||||
# sgwc:
|
||||
# pfcp:
|
||||
# - addr: 127.0.0.3
|
||||
# - addr: ::1
|
||||
#
|
||||
# o PFCP-U Server(127.0.0.1:2152, [::1]:2152)
|
||||
# sgwc:
|
||||
# pfcp:
|
||||
# name: localhost
|
||||
#
|
||||
# o PFCP Option (Default)
|
||||
# - so_bindtodevice : NULL
|
||||
#
|
||||
# sgwc:
|
||||
# pfcp:
|
||||
# addr: 127.0.0.3
|
||||
# option:
|
||||
|
@ -71,13 +76,11 @@ sgwc:
|
|||
pfcp:
|
||||
- addr: 127.0.0.3
|
||||
|
||||
#
|
||||
# sgwu:
|
||||
#
|
||||
# <PFCP Client>>
|
||||
#
|
||||
# o PFCP Client(127.0.0.6:8805)
|
||||
#
|
||||
# sgwu:
|
||||
# pfcp:
|
||||
# addr: 127.0.0.6
|
||||
#
|
||||
|
@ -122,41 +125,46 @@ sgwu:
|
|||
pfcp:
|
||||
- addr: 127.0.0.6
|
||||
|
||||
#
|
||||
# parameter:
|
||||
#
|
||||
# o Disable use of IPv4 addresses (only IPv6)
|
||||
# no_ipv4: true
|
||||
# parameter:
|
||||
# no_ipv4: true
|
||||
#
|
||||
# o Disable use of IPv6 addresses (only IPv4)
|
||||
# no_ipv6: true
|
||||
# parameter:
|
||||
# no_ipv6: true
|
||||
#
|
||||
# o Prefer IPv4 instead of IPv6 for estabishing new GTP connections.
|
||||
# prefer_ipv4: true
|
||||
# parameter:
|
||||
# prefer_ipv4: true
|
||||
#
|
||||
# o Disable selection of SGW-U PFCP in Round-Robin manner
|
||||
# no_pfcp_rr_select: true
|
||||
# parameter:
|
||||
# no_pfcp_rr_select: true
|
||||
#
|
||||
parameter:
|
||||
|
||||
#
|
||||
# max:
|
||||
#
|
||||
# o Maximum Number of UE
|
||||
# ue: 1024
|
||||
# max:
|
||||
# ue: 1024
|
||||
#
|
||||
# o Maximum Number of Peer(S1AP/NGAP, DIAMETER, GTP, PFCP or SBI)
|
||||
# peer: 64
|
||||
# max:
|
||||
# peer: 64
|
||||
#
|
||||
# o Maximum Number of GTP peer nodes per SGWC/SMF
|
||||
# gtp_peer: 64
|
||||
# max:
|
||||
# gtp_peer: 64
|
||||
#
|
||||
max:
|
||||
|
||||
#
|
||||
# time:
|
||||
#
|
||||
# o Message Wait Duration (Default : 10,000 ms = 10 seconds)
|
||||
# (Default values are used, so no configuration is required)
|
||||
#
|
||||
# o Message Wait Duration (3000 ms)
|
||||
# time:
|
||||
# message:
|
||||
# duration: 3000
|
||||
time:
|
||||
|
|
|
@ -1,43 +1,45 @@
|
|||
#
|
||||
# logger:
|
||||
#
|
||||
# o Set OGS_LOG_INFO to all domain level
|
||||
# - If `level` is omitted, the default level is OGS_LOG_INFO)
|
||||
# - If `domain` is omitted, the all domain level is set from 'level'
|
||||
# (Nothing is needed)
|
||||
# (Default values are used, so no configuration is required)
|
||||
#
|
||||
# o Set OGS_LOG_ERROR to all domain level
|
||||
# - `level` can be set with none, fatal, error, warn, info, debug, trace
|
||||
# logger:
|
||||
# level: error
|
||||
#
|
||||
# o Set OGS_LOG_DEBUG to mme/emm domain level
|
||||
# logger:
|
||||
# level: debug
|
||||
# domain: mme,emm
|
||||
#
|
||||
# o Set OGS_LOG_TRACE to all domain level
|
||||
# logger:
|
||||
# level: trace
|
||||
# domain: core,pfcp,gtp,sgwu,event,tlv,mem,sock
|
||||
# domain: core,sbi,ausf,event,tlv,mem,sock
|
||||
#
|
||||
logger:
|
||||
file: @localstatedir@/log/open5gs/sgwu.log
|
||||
|
||||
#
|
||||
# sgwu:
|
||||
#
|
||||
# <PFCP Server>
|
||||
#
|
||||
# o PFCP Server(127.0.0.6:8805, ::1:8805)
|
||||
# sgwu:
|
||||
# pfcp:
|
||||
# - addr: 127.0.0.6
|
||||
# - addr: ::1
|
||||
#
|
||||
# o PFCP-U Server(127.0.0.1:2152, [::1]:2152)
|
||||
# sgwu:
|
||||
# pfcp:
|
||||
# - name: localhost
|
||||
#
|
||||
# o PFCP Option (Default)
|
||||
# - so_bindtodevice : NULL
|
||||
#
|
||||
# sgwu:
|
||||
# pfcp:
|
||||
# addr: 127.0.0.6
|
||||
# option:
|
||||
|
@ -51,10 +53,12 @@ logger:
|
|||
# - addr: ::1
|
||||
#
|
||||
# o GTP-U Server(127.0.0.1:2152, [::1]:2152)
|
||||
# sgwu:
|
||||
# gtpu:
|
||||
# - name: localhost
|
||||
#
|
||||
# o User Plane IP Resource information
|
||||
# sgwu:
|
||||
# gtpu:
|
||||
# - addr:
|
||||
# - 127.0.0.6
|
||||
|
@ -70,20 +74,24 @@ logger:
|
|||
# source_interface: 1
|
||||
#
|
||||
# o Provide custom SGW-U GTP-U address to be advertised inside S1AP messages
|
||||
# sgwu:
|
||||
# gtpu:
|
||||
# - addr: 10.4.128.21
|
||||
# advertise: 172.24.15.30
|
||||
#
|
||||
# sgwu:
|
||||
# gtpu:
|
||||
# - addr: 10.4.128.21
|
||||
# advertise:
|
||||
# - 127.0.0.1
|
||||
# - ::1
|
||||
#
|
||||
# sgwu:
|
||||
# gtpu:
|
||||
# - addr: 10.4.128.21
|
||||
# advertise: sgw1.epc.mnc001.mcc001.3gppnetwork.org
|
||||
#
|
||||
# sgwu:
|
||||
# gtpu:
|
||||
# - dev: ens3
|
||||
# advertise: sgw1.epc.mnc001.mcc001.3gppnetwork.org
|
||||
|
@ -91,6 +99,7 @@ logger:
|
|||
# o GTP-U Option (Default)
|
||||
# - so_bindtodevice : NULL
|
||||
#
|
||||
# sgwu:
|
||||
# gtpu:
|
||||
# addr: 127.0.0.6
|
||||
# option:
|
||||
|
@ -102,48 +111,49 @@ sgwu:
|
|||
gtpu:
|
||||
- addr: 127.0.0.6
|
||||
|
||||
#
|
||||
# sgwc:
|
||||
#
|
||||
# <PFCP Client>>
|
||||
#
|
||||
# o PFCP Client(127.0.0.3:8805)
|
||||
#
|
||||
# sgwc:
|
||||
# pfcp:
|
||||
# addr: 127.0.0.3
|
||||
#
|
||||
sgwc:
|
||||
|
||||
#
|
||||
# parameter:
|
||||
#
|
||||
# o Disable use of IPv4 addresses (only IPv6)
|
||||
# no_ipv4: true
|
||||
# parameter:
|
||||
# no_ipv4: true
|
||||
#
|
||||
# o Disable use of IPv6 addresses (only IPv4)
|
||||
# no_ipv6: true
|
||||
# parameter:
|
||||
# no_ipv6: true
|
||||
#
|
||||
# o Prefer IPv4 instead of IPv6 for estabishing new GTP connections.
|
||||
# prefer_ipv4: true
|
||||
# parameter:
|
||||
# prefer_ipv4: true
|
||||
#
|
||||
parameter:
|
||||
|
||||
#
|
||||
# max:
|
||||
#
|
||||
# o Maximum Number of UE
|
||||
# ue: 1024
|
||||
# max:
|
||||
# ue: 1024
|
||||
#
|
||||
# o Maximum Number of Peer(S1AP/NGAP, DIAMETER, GTP, PFCP or SBI)
|
||||
# peer: 64
|
||||
# max:
|
||||
# peer: 64
|
||||
#
|
||||
max:
|
||||
|
||||
#
|
||||
# time:
|
||||
#
|
||||
# o Message Wait Duration (Default : 10,000 ms = 10 seconds)
|
||||
# (Default values are used, so no configuration is required)
|
||||
#
|
||||
# o Message Wait Duration (3000 ms)
|
||||
# time:
|
||||
# message:
|
||||
# duration: 3000
|
||||
time:
|
||||
|
|
|
@ -1,73 +1,91 @@
|
|||
#
|
||||
# logger:
|
||||
#
|
||||
# o Set OGS_LOG_INFO to all domain level
|
||||
# - If `level` is omitted, the default level is OGS_LOG_INFO)
|
||||
# - If `domain` is omitted, the all domain level is set from 'level'
|
||||
# (Nothing is needed)
|
||||
# (Default values are used, so no configuration is required)
|
||||
#
|
||||
# o Set OGS_LOG_ERROR to all domain level
|
||||
# - `level` can be set with none, fatal, error, warn, info, debug, trace
|
||||
# logger:
|
||||
# level: error
|
||||
#
|
||||
# o Set OGS_LOG_DEBUG to mme/emm domain level
|
||||
# logger:
|
||||
# level: debug
|
||||
# domain: mme,emm
|
||||
#
|
||||
# o Set OGS_LOG_TRACE to all domain level
|
||||
# logger:
|
||||
# level: trace
|
||||
# domain: core,fd,pfcp,gtp,smf,event,tlv,mem,sock
|
||||
# domain: core,sbi,ausf,event,tlv,mem,sock
|
||||
#
|
||||
logger:
|
||||
file: @localstatedir@/log/open5gs/smf.log
|
||||
|
||||
#
|
||||
# tls:
|
||||
# enabled: auto|yes|no
|
||||
# - auto: Default. Use TLS only if key/cert is available
|
||||
# - yes: Use TLS always;
|
||||
# reject if no key/cert available
|
||||
# - no: Don't use TLS if there is an key/cert available
|
||||
# o TLS enable/disable
|
||||
# sbi:
|
||||
# server|client:
|
||||
# no_tls: false|true
|
||||
# - false: (Default) Use TLS
|
||||
# - true: TLS disabled
|
||||
#
|
||||
# o Server-side Key and Certficiate
|
||||
# o Verification enable/disable
|
||||
# sbi:
|
||||
# server|client:
|
||||
# no_verify: false|true
|
||||
# - false: (Default) Verify the PEER
|
||||
# - true: Skip the verification step
|
||||
#
|
||||
# o Server-side does not use TLS
|
||||
# sbi:
|
||||
# server:
|
||||
# key: /etc/open5gs/tls/smf.key
|
||||
# cert: /etc/open5gs/tls/smf.crt
|
||||
# no_tls: true
|
||||
#
|
||||
# o Client-side does not use TLS
|
||||
# o Client-side skips the verification step
|
||||
# sbi:
|
||||
# client:
|
||||
# enabled: no
|
||||
# key: /etc/open5gs/tls/smf.key
|
||||
# cert: /etc/open5gs/tls/smf.crt
|
||||
# no_verify: true
|
||||
# key: /etc/open5gs/tls/amf.key
|
||||
# cert: /etc/open5gs/tls/amf.crt
|
||||
#
|
||||
# o Use the specified certificate to verify client
|
||||
# o Use the specified certificate while verifying the client
|
||||
# sbi:
|
||||
# server
|
||||
# cacert: /etc/open5gs/tls/ca.crt
|
||||
#
|
||||
# o Use the specified certificate to verify server
|
||||
# o Use the specified certificate while verifying the server
|
||||
# sbi:
|
||||
# client
|
||||
# cacert: /etc/open5gs/tls/ca.crt
|
||||
#
|
||||
tls:
|
||||
enabled: no
|
||||
sbi:
|
||||
server:
|
||||
no_tls: true
|
||||
cacert: @sysconfdir@/open5gs/tls/ca.crt
|
||||
key: @sysconfdir@/open5gs/tls/smf.key
|
||||
cert: @sysconfdir@/open5gs/tls/smf.crt
|
||||
client:
|
||||
no_tls: true
|
||||
cacert: @sysconfdir@/open5gs/tls/ca.crt
|
||||
key: @sysconfdir@/open5gs/tls/smf.key
|
||||
cert: @sysconfdir@/open5gs/tls/smf.crt
|
||||
|
||||
#
|
||||
# smf:
|
||||
#
|
||||
# <SBI Server>
|
||||
#
|
||||
# o SBI Server(http://<all address available>:80)
|
||||
# sbi:
|
||||
# server:
|
||||
# no_tls: true
|
||||
# smf:
|
||||
# sbi:
|
||||
#
|
||||
# o SBI Server(http://<any address>:7777)
|
||||
# sbi:
|
||||
# server:
|
||||
# no_tls: true
|
||||
# smf:
|
||||
# sbi:
|
||||
# - addr:
|
||||
# - 0.0.0.0
|
||||
|
@ -75,48 +93,67 @@ tls:
|
|||
# port: 7777
|
||||
#
|
||||
# o SBI Server(https://<all address available>:443)
|
||||
# tls:
|
||||
# sbi:
|
||||
# server:
|
||||
# key: /etc/open5gs/tls/smf.key
|
||||
# cert: /etc/open5gs/tls/smf.crt
|
||||
# smf:
|
||||
# sbi:
|
||||
#
|
||||
# o SBI Server(http://127.0.0.5:80, http://[::1]:80)
|
||||
# tls:
|
||||
# enabled: no
|
||||
# o SBI Server(https://127.0.0.4:443, https://[::1]:443) without verification
|
||||
# sbi:
|
||||
# server:
|
||||
# no_verify: true
|
||||
# key: /etc/open5gs/tls/smf.key
|
||||
# cert: /etc/open5gs/tls/smf.crt
|
||||
# smf:
|
||||
# sbi:
|
||||
# - addr: 127.0.0.5
|
||||
# - addr: 127.0.0.4
|
||||
# - addr: ::1
|
||||
#
|
||||
# o SBI Server(https://smf.open5gs.org:443)
|
||||
# Use the specified certificate to verify client
|
||||
# Use the specified certificate while verifying the client
|
||||
#
|
||||
# tls:
|
||||
# sbi:
|
||||
# server:
|
||||
# cacert: /etc/open5gs/tls/ca.crt
|
||||
# key: /etc/open5gs/tls/smf.key
|
||||
# cert: /etc/open5gs/tls/smf.crt
|
||||
# smf:
|
||||
# sbi:
|
||||
# - name: smf.open5gs.org
|
||||
#
|
||||
# o SBI Server(http://127.0.0.4:7777)
|
||||
# sbi:
|
||||
# server:
|
||||
# no_tls: true
|
||||
# smf:
|
||||
# sbi:
|
||||
# - addr: 127.0.0.4
|
||||
# port: 7777
|
||||
#
|
||||
# o SBI Server(http://<eth0 IP address>:80)
|
||||
# sbi:
|
||||
# server:
|
||||
# no_tls: true
|
||||
# smf:
|
||||
# sbi:
|
||||
# - dev: eth0
|
||||
#
|
||||
# o Provide custom SBI address to be advertised to NRF
|
||||
# sbi:
|
||||
# server:
|
||||
# no_tls: true
|
||||
# smf:
|
||||
# sbi:
|
||||
# - dev: eth0
|
||||
# advertise: open5gs-smf.svc.local
|
||||
#
|
||||
# o Another example of advertising on NRF
|
||||
# sbi:
|
||||
# server:
|
||||
# no_tls: true
|
||||
# smf:
|
||||
# sbi:
|
||||
# - addr: localhost
|
||||
# advertise:
|
||||
|
@ -127,6 +164,10 @@ tls:
|
|||
# - tcp_nodelay : true
|
||||
# - so_linger.l_onoff : false
|
||||
#
|
||||
# sbi:
|
||||
# server:
|
||||
# no_tls: true
|
||||
# smf:
|
||||
# sbi:
|
||||
# addr: 127.0.0.4
|
||||
# option:
|
||||
|
@ -135,12 +176,15 @@ tls:
|
|||
# l_onoff: true
|
||||
# l_linger: 10
|
||||
#
|
||||
#
|
||||
# <NF Service>
|
||||
#
|
||||
# o NF Service Name(Default : all NF services available)
|
||||
# smf:
|
||||
# service_name:
|
||||
#
|
||||
# o NF Service Name(Only some NF services are available)
|
||||
# smf:
|
||||
# service_name:
|
||||
# - nsmf-pdusession
|
||||
#
|
||||
|
@ -148,12 +192,21 @@ tls:
|
|||
#
|
||||
# o (Default) If you do not set Query Parameter as shown below,
|
||||
#
|
||||
# sbi:
|
||||
# server:
|
||||
# no_tls: true
|
||||
# smf:
|
||||
# sbi:
|
||||
# - addr: 127.0.0.4
|
||||
# port: 7777
|
||||
#
|
||||
# - 'service-names' is included.
|
||||
#
|
||||
# o Service-Names are not included
|
||||
# sbi:
|
||||
# server:
|
||||
# no_tls: true
|
||||
# smf:
|
||||
# sbi:
|
||||
# - addr: 127.0.0.4
|
||||
# port: 7777
|
||||
|
@ -172,6 +225,10 @@ tls:
|
|||
#
|
||||
# o (Default) If you do not set Delegated Discovery as shown below,
|
||||
#
|
||||
# sbi:
|
||||
# server:
|
||||
# no_tls: true
|
||||
# smf:
|
||||
# sbi:
|
||||
# - addr: 127.0.0.4
|
||||
# port: 7777
|
||||
|
@ -179,6 +236,10 @@ tls:
|
|||
# - Use SCP if SCP avaiable. Otherwise NRF is used.
|
||||
# => App fails if both NRF and SCP are unavailable.
|
||||
#
|
||||
# sbi:
|
||||
# server:
|
||||
# no_tls: true
|
||||
# smf:
|
||||
# sbi:
|
||||
# - addr: 127.0.0.4
|
||||
# port: 7777
|
||||
|
@ -191,21 +252,23 @@ tls:
|
|||
# o Don't use SCP server => App fails if no NRF available.
|
||||
# delegated: no
|
||||
#
|
||||
#
|
||||
# <PFCP Server>
|
||||
#
|
||||
# o PFCP Server(127.0.0.4:8805, ::1:8805)
|
||||
# smf:
|
||||
# pfcp:
|
||||
# - addr: 127.0.0.4
|
||||
# - addr: ::1
|
||||
#
|
||||
# o PFCP-U Server(127.0.0.1:2152, [::1]:2152)
|
||||
# smf:
|
||||
# pfcp:
|
||||
# name: localhost
|
||||
#
|
||||
# o PFCP Option (Default)
|
||||
# - so_bindtodevice : NULL
|
||||
#
|
||||
# smf:
|
||||
# pfcp:
|
||||
# addr: 127.0.0.4
|
||||
# option:
|
||||
|
@ -214,6 +277,7 @@ tls:
|
|||
# <GTP-C Server>
|
||||
#
|
||||
# o GTP-C Server(127.0.0.4:2123, [fd69:f21d:873c:fa::3]:2123)
|
||||
# smf:
|
||||
# gtpc:
|
||||
# addr:
|
||||
# - 127.0.0.4
|
||||
|
@ -221,6 +285,7 @@ tls:
|
|||
#
|
||||
# o On SMF, Same configuration
|
||||
# (127.0.0.4:2123, [fd69:f21d:873c:fa::3]:2123).
|
||||
# smf:
|
||||
# gtpc:
|
||||
# - addr: 127.0.0.4
|
||||
# - addr: fd69:f21d:873c:fa::3
|
||||
|
@ -228,6 +293,7 @@ tls:
|
|||
# o GTP-C Option (Default)
|
||||
# - so_bindtodevice : NULL
|
||||
#
|
||||
# smf:
|
||||
# gtpc:
|
||||
# addr: 127.0.0.4
|
||||
# option:
|
||||
|
@ -236,17 +302,20 @@ tls:
|
|||
# <GTP-U Server>>
|
||||
#
|
||||
# o GTP-U Server(127.0.0.4:2152, [::1]:2152)
|
||||
# smf:
|
||||
# gtpu:
|
||||
# - addr: 127.0.0.4
|
||||
# - addr: ::1
|
||||
#
|
||||
# o GTP-U Server(127.0.0.1:2152, [::1]:2152)
|
||||
# smf:
|
||||
# gtpu:
|
||||
# name: localhost
|
||||
#
|
||||
# o GTP-U Option (Default)
|
||||
# - so_bindtodevice : NULL
|
||||
#
|
||||
# smf:
|
||||
# gtpu:
|
||||
# addr: 127.0.0.4
|
||||
# option:
|
||||
|
@ -255,6 +324,7 @@ tls:
|
|||
# <Metrics Server>
|
||||
#
|
||||
# o Metrics Server(http://<any address>:9090)
|
||||
# smf:
|
||||
# metrics:
|
||||
# - addr: 0.0.0.0
|
||||
# port: 9090
|
||||
|
@ -262,10 +332,12 @@ tls:
|
|||
# <Subnet for UE Pool>
|
||||
#
|
||||
# o IPv4 Pool
|
||||
# smf:
|
||||
# subnet:
|
||||
# addr: 10.45.0.1/16
|
||||
#
|
||||
# o IPv4/IPv6 Pool
|
||||
# smf:
|
||||
# subnet:
|
||||
# - addr: 10.45.0.1/16
|
||||
# - addr: 2001:db8:cafe::1/48
|
||||
|
@ -274,6 +346,7 @@ tls:
|
|||
# o Specific DNN/APN(e.g 'ims') uses 10.46.0.1/16, 2001:db8:babe::1/48
|
||||
# ; If the UE has unknown DNN/APN(not internet/ims), SMF/UPF will crash.
|
||||
#
|
||||
# smf:
|
||||
# subnet:
|
||||
# - addr: 10.45.0.1/16
|
||||
# dnn: internet
|
||||
|
@ -287,6 +360,7 @@ tls:
|
|||
# o Specific DNN/APN with the FALLBACK SUBNET(10.47.0.1/16)
|
||||
# ; Note that put the FALLBACK SUBNET last to avoid SMF/UPF crash.
|
||||
#
|
||||
# smf:
|
||||
# subnet:
|
||||
# - addr: 10.45.0.1/16
|
||||
# dnn: internet
|
||||
|
@ -295,22 +369,26 @@ tls:
|
|||
# - addr: 10.50.0.1/16 ## FALLBACK SUBNET
|
||||
#
|
||||
# o Pool Range Sample
|
||||
# smf:
|
||||
# subnet:
|
||||
# - addr: 10.45.0.1/24
|
||||
# range: 10.45.0.100-10.45.0.200
|
||||
#
|
||||
# smf:
|
||||
# subnet:
|
||||
# - addr: 10.45.0.1/24
|
||||
# range:
|
||||
# - 10.45.0.5-10.45.0.50
|
||||
# - 10.45.0.100-
|
||||
#
|
||||
# smf:
|
||||
# subnet:
|
||||
# - addr: 10.45.0.1/24
|
||||
# range:
|
||||
# - -10.45.0.200
|
||||
# - 10.45.0.210-10.45.0.220
|
||||
#
|
||||
# smf:
|
||||
# subnet:
|
||||
# - addr: 10.45.0.1/16
|
||||
# range:
|
||||
|
@ -325,6 +403,7 @@ tls:
|
|||
#
|
||||
# o Primary/Secondary can be configured. Others are ignored.
|
||||
#
|
||||
# smf:
|
||||
# dns:
|
||||
# - 8.8.8.8
|
||||
# - 8.8.4.4
|
||||
|
@ -343,6 +422,7 @@ tls:
|
|||
#
|
||||
# o Proxy Call Session Control Function
|
||||
#
|
||||
# smf:
|
||||
# p-cscf:
|
||||
# - 127.0.0.1
|
||||
# - ::1
|
||||
|
@ -356,6 +436,7 @@ tls:
|
|||
# reject subscribers if no OCS available among Diameter peers
|
||||
# o no: Don't use Gy interface if there is an OCS available
|
||||
#
|
||||
# smf:
|
||||
# ctf:
|
||||
# enabled: auto|yes|no
|
||||
#
|
||||
|
@ -368,6 +449,7 @@ tls:
|
|||
# Note that if there is no SmfInfo, any AMF can select this SMF.
|
||||
#
|
||||
# o S-NSSAI[SST:1] and DNN[internet] - At least 1 DNN is required in S-NSSAI
|
||||
# smf:
|
||||
# info:
|
||||
# - s_nssai:
|
||||
# - sst: 1
|
||||
|
@ -375,6 +457,7 @@ tls:
|
|||
# - internet
|
||||
#
|
||||
# o S-NSSAI[SST:1 SD:009000] and DNN[internet or ims]
|
||||
# smf:
|
||||
# info:
|
||||
# - s_nssai:
|
||||
# - sst: 1
|
||||
|
@ -384,6 +467,7 @@ tls:
|
|||
# - ims
|
||||
#
|
||||
# o S-NSSAI[SST:1] and DNN[internet] and TAI[PLMN-ID:99970 TAC:1]
|
||||
# smf:
|
||||
# info:
|
||||
# - s_nssai:
|
||||
# - sst: 1
|
||||
|
@ -400,6 +484,7 @@ tls:
|
|||
# - S-NSSAI[SST:2 SD:000080] and DNN[internet or ims]
|
||||
# - S-NSSAI[SST:4] and DNN[internet] and TAI[PLMN-ID:99970 TAC:10-20,30-40]
|
||||
#
|
||||
# smf:
|
||||
# info:
|
||||
# - s_nssai:
|
||||
# - sst: 1
|
||||
|
@ -430,6 +515,7 @@ tls:
|
|||
# - 30-40
|
||||
#
|
||||
# o Complex Example
|
||||
# smf:
|
||||
# info:
|
||||
# - s_nssai:
|
||||
# - sst: 1
|
||||
|
@ -497,6 +583,7 @@ tls:
|
|||
# If you set the security_indication in smf.yaml,
|
||||
# this information is delivered using PDU Session Resource Request Transfer IE
|
||||
#
|
||||
# smf:
|
||||
# security_indication:
|
||||
# integrity_protection_indication: required|preferred|not-needed
|
||||
# confidentiality_protection_indication: required|preferred|not-needed
|
||||
|
@ -532,35 +619,48 @@ smf:
|
|||
enabled: auto
|
||||
freeDiameter: @sysconfdir@/freeDiameter/smf.conf
|
||||
|
||||
#
|
||||
# scp:
|
||||
#
|
||||
# <SBI Client>>
|
||||
#
|
||||
# o SBI Client(http://127.0.1.10:7777)
|
||||
# sbi:
|
||||
# client:
|
||||
# no_tls: true
|
||||
# scp:
|
||||
# sbi:
|
||||
# addr: 127.0.1.10
|
||||
# port: 7777
|
||||
#
|
||||
# o SBI Client(https://127.0.1.10:443, http://scp.open5gs.org:80)
|
||||
# o SBI Client(https://127.0.1.10:443, https://[::1]:443) without verification
|
||||
# sbi:
|
||||
# client:
|
||||
# no_verify: true
|
||||
# key: /etc/open5gs/tls/amf.key
|
||||
# cert: /etc/open5gs/tls/amf.crt
|
||||
# scp:
|
||||
# sbi:
|
||||
# - addr: 127.0.1.10
|
||||
# tls:
|
||||
# key: /etc/open5gs/tls/smf.key
|
||||
# cert: /etc/open5gs/tls/smf.crt
|
||||
# - name: scp.open5gs.org
|
||||
# - addr: ::1
|
||||
#
|
||||
# o SBI Client(https://scp.open5gs.org:443)
|
||||
# Use the specified certificate to verify peer
|
||||
# Use the specified certificate while verifying the server
|
||||
#
|
||||
# sbi:
|
||||
# client:
|
||||
# cacert: /etc/open5gs/tls/ca.crt
|
||||
# key: /etc/open5gs/tls/amf.key
|
||||
# cert: /etc/open5gs/tls/amf.crt
|
||||
# scp:
|
||||
# sbi:
|
||||
# - name: scp.open5gs.org
|
||||
# tls:
|
||||
# cacert: /etc/open5gs/tls/ca.crt
|
||||
#
|
||||
# o SBI Client(http://[fd69:f21d:873c:fb::1]:80)
|
||||
# If prefer_ipv4 is true, http://127.0.1.10:80 is selected.
|
||||
#
|
||||
# sbi:
|
||||
# client:
|
||||
# no_tls: true
|
||||
# scp:
|
||||
# sbi:
|
||||
# addr:
|
||||
# - 127.0.1.10
|
||||
|
@ -570,6 +670,10 @@ smf:
|
|||
# - tcp_nodelay : true
|
||||
# - so_linger.l_onoff : false
|
||||
#
|
||||
# sbi:
|
||||
# client:
|
||||
# no_tls: true
|
||||
# scp:
|
||||
# sbi:
|
||||
# addr: 127.0.1.10
|
||||
# option:
|
||||
|
@ -584,32 +688,37 @@ scp:
|
|||
- addr: 127.0.1.10
|
||||
port: 7777
|
||||
|
||||
#
|
||||
# nrf:
|
||||
#
|
||||
# <SBI Client>>
|
||||
#
|
||||
# o SBI Client(http://127.0.0.1:7777)
|
||||
# o SBI Client(http://127.0.0.10:7777)
|
||||
# sbi:
|
||||
# client:
|
||||
# no_tls: true
|
||||
# nrf:
|
||||
# sbi:
|
||||
# addr: 127.0.0.10
|
||||
# port: 7777
|
||||
#
|
||||
# o SBI Client(https://127.0.0.10:443, https://[::1]:443)
|
||||
# tls:
|
||||
# o SBI Client(https://127.0.0.10:443, https://[::1]:443) without verification
|
||||
# sbi:
|
||||
# client:
|
||||
# key: /etc/open5gs/tls/smf.key
|
||||
# cert: /etc/open5gs/tls/smf.crt
|
||||
# no_verify: true
|
||||
# key: /etc/open5gs/tls/amf.key
|
||||
# cert: /etc/open5gs/tls/amf.crt
|
||||
# nrf:
|
||||
# sbi:
|
||||
# - addr: 127.0.0.10
|
||||
# - addr: ::1
|
||||
#
|
||||
# o SBI Client(https://nrf.open5gs.org:443)
|
||||
# Use the specified certificate to verify server
|
||||
# Use the specified certificate while verifying the server
|
||||
#
|
||||
# tls:
|
||||
# sbi:
|
||||
# client:
|
||||
# cacert: /etc/open5gs/tls/ca.crt
|
||||
# key: /etc/open5gs/tls/amf.key
|
||||
# cert: /etc/open5gs/tls/amf.crt
|
||||
# nrf:
|
||||
# sbi:
|
||||
# - name: nrf.open5gs.org
|
||||
|
@ -626,6 +735,10 @@ scp:
|
|||
# - tcp_nodelay : true
|
||||
# - so_linger.l_onoff : false
|
||||
#
|
||||
# sbi:
|
||||
# client:
|
||||
# no_tls: true
|
||||
# nrf:
|
||||
# sbi:
|
||||
# addr: 127.0.0.10
|
||||
# option:
|
||||
|
@ -641,13 +754,11 @@ scp:
|
|||
# - ::1
|
||||
# port: 7777
|
||||
|
||||
#
|
||||
# upf:
|
||||
#
|
||||
# <PFCP Client>>
|
||||
#
|
||||
# o PFCP Client(127.0.0.7:8805)
|
||||
#
|
||||
# upf:
|
||||
# pfcp:
|
||||
# addr: 127.0.0.7
|
||||
#
|
||||
|
@ -697,56 +808,63 @@ upf:
|
|||
pfcp:
|
||||
- addr: 127.0.0.7
|
||||
|
||||
#
|
||||
# parameter:
|
||||
#
|
||||
# o Disable use of IPv4 addresses (only IPv6)
|
||||
# no_ipv4: true
|
||||
# parameter:
|
||||
# no_ipv4: true
|
||||
#
|
||||
# o Disable use of IPv6 addresses (only IPv4)
|
||||
# no_ipv6: true
|
||||
# parameter:
|
||||
# no_ipv6: true
|
||||
#
|
||||
# o Prefer IPv4 instead of IPv6 for estabishing new GTP connections.
|
||||
# prefer_ipv4: true
|
||||
# parameter:
|
||||
# prefer_ipv4: true
|
||||
#
|
||||
# o Disable selection of UPF PFCP in Round-Robin manner
|
||||
# no_pfcp_rr_select: true
|
||||
# parameter:
|
||||
# no_pfcp_rr_select: true
|
||||
#
|
||||
# o Legacy support for pre-release LTE 11 devices
|
||||
# - Omits adding local address in packet filters for compatibility
|
||||
# no_ipv4v6_local_addr_in_packet_filter: true
|
||||
# parameter:
|
||||
# no_ipv4v6_local_addr_in_packet_filter: true
|
||||
#
|
||||
parameter:
|
||||
|
||||
#
|
||||
# max:
|
||||
#
|
||||
# o Maximum Number of UE
|
||||
# ue: 1024
|
||||
# max:
|
||||
# ue: 1024
|
||||
#
|
||||
# o Maximum Number of Peer(S1AP/NGAP, DIAMETER, GTP, PFCP or SBI)
|
||||
# peer: 64
|
||||
# max:
|
||||
# peer: 64
|
||||
#
|
||||
# o Maximum Number of GTP peer nodes per SGWC/SMF
|
||||
# gtp_peer: 64
|
||||
# max:
|
||||
# gtp_peer: 64
|
||||
#
|
||||
max:
|
||||
|
||||
#
|
||||
# time:
|
||||
#
|
||||
# o NF Instance Heartbeat (Default : 0)
|
||||
# NFs will not send heart-beat timer in NFProfile
|
||||
# NRF will send heart-beat timer in NFProfile
|
||||
# (Default values are used, so no configuration is required)
|
||||
#
|
||||
# o NF Instance Heartbeat (20 seconds)
|
||||
# NFs will send heart-beat timer (20 seconds) in NFProfile
|
||||
# NRF can change heart-beat timer in NFProfile
|
||||
#
|
||||
# time:
|
||||
# nf_instance:
|
||||
# heartbeat: 20
|
||||
#
|
||||
# o Message Wait Duration (Default : 10,000 ms = 10 seconds)
|
||||
# (Default values are used, so no configuration is required)
|
||||
#
|
||||
# o Message Wait Duration (3000 ms)
|
||||
# time:
|
||||
# message:
|
||||
# duration: 3000
|
||||
#
|
||||
|
@ -754,8 +872,10 @@ max:
|
|||
# Time to wait for SMF to send
|
||||
# PFCP Session Modification Request(Remove Indirect Tunnel) to the UPF
|
||||
# after sending Nsmf_PDUSession_UpdateSMContext Response(hoState:COMPLETED)
|
||||
# (Default values are used, so no configuration is required)
|
||||
#
|
||||
# o Handover Wait Duration (500ms)
|
||||
# time:
|
||||
# handover:
|
||||
# duration: 500
|
||||
time:
|
||||
|
|
|
@ -1,60 +1,72 @@
|
|||
#
|
||||
# logger:
|
||||
#
|
||||
# o Set OGS_LOG_INFO to all domain level
|
||||
# - If `level` is omitted, the default level is OGS_LOG_INFO)
|
||||
# - If `domain` is omitted, the all domain level is set from 'level'
|
||||
# (Nothing is needed)
|
||||
# (Default values are used, so no configuration is required)
|
||||
#
|
||||
# o Set OGS_LOG_ERROR to all domain level
|
||||
# - `level` can be set with none, fatal, error, warn, info, debug, trace
|
||||
# logger:
|
||||
# level: error
|
||||
#
|
||||
# o Set OGS_LOG_DEBUG to mme/emm domain level
|
||||
# logger:
|
||||
# level: debug
|
||||
# domain: mme,emm
|
||||
#
|
||||
# o Set OGS_LOG_TRACE to all domain level
|
||||
# logger:
|
||||
# level: trace
|
||||
# domain: core,sbi,udm,event,tlv,mem,sock
|
||||
# domain: core,sbi,ausf,event,tlv,mem,sock
|
||||
#
|
||||
logger:
|
||||
file: @localstatedir@/log/open5gs/udm.log
|
||||
|
||||
#
|
||||
# tls:
|
||||
# enabled: auto|yes|no
|
||||
# - auto: Default. Use TLS only if key/cert is available
|
||||
# - yes: Use TLS always;
|
||||
# reject if no key/cert available
|
||||
# - no: Don't use TLS if there is an key/cert available
|
||||
# o TLS enable/disable
|
||||
# sbi:
|
||||
# server|client:
|
||||
# no_tls: false|true
|
||||
# - false: (Default) Use TLS
|
||||
# - true: TLS disabled
|
||||
#
|
||||
# o Server-side Key and Certficiate
|
||||
# o Verification enable/disable
|
||||
# sbi:
|
||||
# server|client:
|
||||
# no_verify: false|true
|
||||
# - false: (Default) Verify the PEER
|
||||
# - true: Skip the verification step
|
||||
#
|
||||
# o Server-side does not use TLS
|
||||
# sbi:
|
||||
# server:
|
||||
# key: /etc/open5gs/tls/udm.key
|
||||
# cert: /etc/open5gs/tls/udm.crt
|
||||
# no_tls: true
|
||||
#
|
||||
# o Client-side does not use TLS
|
||||
# o Client-side skips the verification step
|
||||
# sbi:
|
||||
# client:
|
||||
# enabled: no
|
||||
# key: /etc/open5gs/tls/udm.key
|
||||
# cert: /etc/open5gs/tls/udm.crt
|
||||
# no_verify: true
|
||||
# key: /etc/open5gs/tls/amf.key
|
||||
# cert: /etc/open5gs/tls/amf.crt
|
||||
#
|
||||
# o Use the specified certificate to verify client
|
||||
# o Use the specified certificate while verifying the client
|
||||
# sbi:
|
||||
# server
|
||||
# cacert: /etc/open5gs/tls/ca.crt
|
||||
#
|
||||
# o Use the specified certificate to verify server
|
||||
# o Use the specified certificate while verifying the server
|
||||
# sbi:
|
||||
# client
|
||||
# cacert: /etc/open5gs/tls/ca.crt
|
||||
#
|
||||
tls:
|
||||
enabled: no
|
||||
sbi:
|
||||
server:
|
||||
no_tls: true
|
||||
cacert: @sysconfdir@/open5gs/tls/ca.crt
|
||||
key: @sysconfdir@/open5gs/tls/udm.key
|
||||
cert: @sysconfdir@/open5gs/tls/udm.crt
|
||||
client:
|
||||
no_tls: true
|
||||
cacert: @sysconfdir@/open5gs/tls/ca.crt
|
||||
key: @sysconfdir@/open5gs/tls/udm.key
|
||||
cert: @sysconfdir@/open5gs/tls/udm.crt
|
||||
|
@ -114,15 +126,21 @@ hnet:
|
|||
scheme: 2
|
||||
key: @sysconfdir@/open5gs/hnet/secp256r1-6.key
|
||||
|
||||
#
|
||||
# udm:
|
||||
#
|
||||
# <SBI Server>
|
||||
#
|
||||
# o SBI Server(http://<all address available>:80)
|
||||
# sbi:
|
||||
# server:
|
||||
# no_tls: true
|
||||
# udm:
|
||||
# sbi:
|
||||
#
|
||||
# o SBI Server(http://<any address>:7777)
|
||||
# sbi:
|
||||
# server:
|
||||
# no_tls: true
|
||||
# udm:
|
||||
# sbi:
|
||||
# - addr:
|
||||
# - 0.0.0.0
|
||||
|
@ -130,48 +148,67 @@ hnet:
|
|||
# port: 7777
|
||||
#
|
||||
# o SBI Server(https://<all address available>:443)
|
||||
# tls:
|
||||
# sbi:
|
||||
# server:
|
||||
# key: /etc/open5gs/tls/udm.key
|
||||
# cert: /etc/open5gs/tls/udm.crt
|
||||
# udm:
|
||||
# sbi:
|
||||
#
|
||||
# o SBI Server(http://127.0.0.5:80, http://[::1]:80)
|
||||
# tls:
|
||||
# enabled: no
|
||||
# o SBI Server(https://127.0.0.12:443, https://[::1]:443) without verification
|
||||
# sbi:
|
||||
# server:
|
||||
# no_verify: true
|
||||
# key: /etc/open5gs/tls/udm.key
|
||||
# cert: /etc/open5gs/tls/udm.crt
|
||||
# udm:
|
||||
# sbi:
|
||||
# - addr: 127.0.0.5
|
||||
# - addr: 127.0.0.12
|
||||
# - addr: ::1
|
||||
#
|
||||
# o SBI Server(https://udm.open5gs.org:443)
|
||||
# Use the specified certificate to verify client
|
||||
# Use the specified certificate while verifying the client
|
||||
#
|
||||
# tls:
|
||||
# sbi:
|
||||
# server:
|
||||
# cacert: /etc/open5gs/tls/ca.crt
|
||||
# key: /etc/open5gs/tls/udm.key
|
||||
# cert: /etc/open5gs/tls/udm.crt
|
||||
# udm:
|
||||
# sbi:
|
||||
# - name: udm.open5gs.org
|
||||
#
|
||||
# o SBI Server(http://127.0.0.12:7777)
|
||||
# sbi:
|
||||
# server:
|
||||
# no_tls: true
|
||||
# udm:
|
||||
# sbi:
|
||||
# - addr: 127.0.0.12
|
||||
# port: 7777
|
||||
#
|
||||
# o SBI Server(http://<eth0 IP address>:80)
|
||||
# sbi:
|
||||
# server:
|
||||
# no_tls: true
|
||||
# udm:
|
||||
# sbi:
|
||||
# - dev: eth0
|
||||
#
|
||||
# o Provide custom SBI address to be advertised to NRF
|
||||
# sbi:
|
||||
# server:
|
||||
# no_tls: true
|
||||
# udm:
|
||||
# sbi:
|
||||
# - dev: eth0
|
||||
# advertise: open5gs-udm.svc.local
|
||||
#
|
||||
# o Another example of advertising on NRF
|
||||
# sbi:
|
||||
# server:
|
||||
# no_tls: true
|
||||
# udm:
|
||||
# sbi:
|
||||
# - addr: localhost
|
||||
# advertise:
|
||||
|
@ -182,6 +219,10 @@ hnet:
|
|||
# - tcp_nodelay : true
|
||||
# - so_linger.l_onoff : false
|
||||
#
|
||||
# sbi:
|
||||
# server:
|
||||
# no_tls: true
|
||||
# udm:
|
||||
# sbi:
|
||||
# addr: 127.0.0.12
|
||||
# option:
|
||||
|
@ -193,9 +234,11 @@ hnet:
|
|||
# <NF Service>
|
||||
#
|
||||
# o NF Service Name(Default : all NF services available)
|
||||
# udm:
|
||||
# service_name:
|
||||
#
|
||||
# o NF Service Name(Only some NF services are available)
|
||||
# udm:
|
||||
# service_name:
|
||||
# - nudm-sdm
|
||||
# - nudm-uecm
|
||||
|
@ -205,12 +248,21 @@ hnet:
|
|||
#
|
||||
# o (Default) If you do not set Query Parameter as shown below,
|
||||
#
|
||||
# sbi:
|
||||
# server:
|
||||
# no_tls: true
|
||||
# udm:
|
||||
# sbi:
|
||||
# - addr: 127.0.0.12
|
||||
# port: 7777
|
||||
#
|
||||
# - 'service-names' is included.
|
||||
#
|
||||
# o Service-Names are not included
|
||||
# sbi:
|
||||
# server:
|
||||
# no_tls: true
|
||||
# udm:
|
||||
# sbi:
|
||||
# - addr: 127.0.0.12
|
||||
# port: 7777
|
||||
|
@ -229,6 +281,10 @@ hnet:
|
|||
#
|
||||
# o (Default) If you do not set Delegated Discovery as shown below,
|
||||
#
|
||||
# sbi:
|
||||
# server:
|
||||
# no_tls: true
|
||||
# udm:
|
||||
# sbi:
|
||||
# - addr: 127.0.0.12
|
||||
# port: 7777
|
||||
|
@ -236,6 +292,10 @@ hnet:
|
|||
# - Use SCP if SCP avaiable. Otherwise NRF is used.
|
||||
# => App fails if both NRF and SCP are unavailable.
|
||||
#
|
||||
# sbi:
|
||||
# server:
|
||||
# no_tls: true
|
||||
# udm:
|
||||
# sbi:
|
||||
# - addr: 127.0.0.12
|
||||
# port: 7777
|
||||
|
@ -253,35 +313,48 @@ udm:
|
|||
- addr: 127.0.0.12
|
||||
port: 7777
|
||||
|
||||
#
|
||||
# scp:
|
||||
#
|
||||
# <SBI Client>>
|
||||
#
|
||||
# o SBI Client(http://127.0.1.10:7777)
|
||||
# sbi:
|
||||
# client:
|
||||
# no_tls: true
|
||||
# scp:
|
||||
# sbi:
|
||||
# addr: 127.0.1.10
|
||||
# port: 7777
|
||||
#
|
||||
# o SBI Client(https://127.0.1.10:443, http://scp.open5gs.org:80)
|
||||
# o SBI Client(https://127.0.1.10:443, https://[::1]:443) without verification
|
||||
# sbi:
|
||||
# client:
|
||||
# no_verify: true
|
||||
# key: /etc/open5gs/tls/amf.key
|
||||
# cert: /etc/open5gs/tls/amf.crt
|
||||
# scp:
|
||||
# sbi:
|
||||
# - addr: 127.0.1.10
|
||||
# tls:
|
||||
# key: /etc/open5gs/tls/udm.key
|
||||
# cert: /etc/open5gs/tls/udm.crt
|
||||
# - name: scp.open5gs.org
|
||||
# - addr: ::1
|
||||
#
|
||||
# o SBI Client(https://scp.open5gs.org:443)
|
||||
# Use the specified certificate to verify peer
|
||||
# Use the specified certificate while verifying the server
|
||||
#
|
||||
# sbi:
|
||||
# client:
|
||||
# cacert: /etc/open5gs/tls/ca.crt
|
||||
# key: /etc/open5gs/tls/amf.key
|
||||
# cert: /etc/open5gs/tls/amf.crt
|
||||
# scp:
|
||||
# sbi:
|
||||
# - name: scp.open5gs.org
|
||||
# tls:
|
||||
# cacert: /etc/open5gs/tls/ca.crt
|
||||
#
|
||||
# o SBI Client(http://[fd69:f21d:873c:fb::1]:80)
|
||||
# If prefer_ipv4 is true, http://127.0.1.10:80 is selected.
|
||||
#
|
||||
# sbi:
|
||||
# client:
|
||||
# no_tls: true
|
||||
# scp:
|
||||
# sbi:
|
||||
# addr:
|
||||
# - 127.0.1.10
|
||||
|
@ -291,6 +364,10 @@ udm:
|
|||
# - tcp_nodelay : true
|
||||
# - so_linger.l_onoff : false
|
||||
#
|
||||
# sbi:
|
||||
# client:
|
||||
# no_tls: true
|
||||
# scp:
|
||||
# sbi:
|
||||
# addr: 127.0.1.10
|
||||
# option:
|
||||
|
@ -305,32 +382,37 @@ scp:
|
|||
- addr: 127.0.1.10
|
||||
port: 7777
|
||||
|
||||
#
|
||||
# nrf:
|
||||
#
|
||||
# <SBI Client>>
|
||||
#
|
||||
# o SBI Client(http://127.0.0.10:7777)
|
||||
# sbi:
|
||||
# client:
|
||||
# no_tls: true
|
||||
# nrf:
|
||||
# sbi:
|
||||
# addr: 127.0.0.10
|
||||
# port: 7777
|
||||
#
|
||||
# o SBI Client(https://127.0.0.10:443, https://[::1]:443)
|
||||
# tls:
|
||||
# o SBI Client(https://127.0.0.10:443, https://[::1]:443) without verification
|
||||
# sbi:
|
||||
# client:
|
||||
# key: /etc/open5gs/tls/udm.key
|
||||
# cert: /etc/open5gs/tls/udm.crt
|
||||
# no_verify: true
|
||||
# key: /etc/open5gs/tls/amf.key
|
||||
# cert: /etc/open5gs/tls/amf.crt
|
||||
# nrf:
|
||||
# sbi:
|
||||
# - addr: 127.0.0.10
|
||||
# - addr: ::1
|
||||
#
|
||||
# o SBI Client(https://nrf.open5gs.org:443)
|
||||
# Use the specified certificate to verify server
|
||||
# Use the specified certificate while verifying the server
|
||||
#
|
||||
# tls:
|
||||
# sbi:
|
||||
# client:
|
||||
# cacert: /etc/open5gs/tls/ca.crt
|
||||
# key: /etc/open5gs/tls/amf.key
|
||||
# cert: /etc/open5gs/tls/amf.crt
|
||||
# nrf:
|
||||
# sbi:
|
||||
# - name: nrf.open5gs.org
|
||||
|
@ -347,6 +429,10 @@ scp:
|
|||
# - tcp_nodelay : true
|
||||
# - so_linger.l_onoff : false
|
||||
#
|
||||
# sbi:
|
||||
# client:
|
||||
# no_tls: true
|
||||
# nrf:
|
||||
# sbi:
|
||||
# addr: 127.0.0.10
|
||||
# option:
|
||||
|
@ -362,47 +448,51 @@ scp:
|
|||
# - ::1
|
||||
# port: 7777
|
||||
|
||||
#
|
||||
# parameter:
|
||||
#
|
||||
# o Disable use of IPv4 addresses (only IPv6)
|
||||
# no_ipv4: true
|
||||
# parameter:
|
||||
# no_ipv4: true
|
||||
#
|
||||
# o Disable use of IPv6 addresses (only IPv4)
|
||||
# no_ipv6: true
|
||||
# parameter:
|
||||
# no_ipv6: true
|
||||
#
|
||||
# o Prefer IPv4 instead of IPv6 for estabishing new GTP connections.
|
||||
# prefer_ipv4: true
|
||||
# parameter:
|
||||
# prefer_ipv4: true
|
||||
#
|
||||
parameter:
|
||||
|
||||
#
|
||||
# max:
|
||||
#
|
||||
# o Maximum Number of UE
|
||||
# o Maximum Number of UE
|
||||
# max:
|
||||
# ue: 1024
|
||||
# o Maximum Number of Peer(S1AP/NGAP, DIAMETER, GTP, PFCP or SBI)
|
||||
#
|
||||
# o Maximum Number of Peer(S1AP/NGAP, DIAMETER, GTP, PFCP or SBI)
|
||||
# max:
|
||||
# peer: 64
|
||||
#
|
||||
max:
|
||||
|
||||
#
|
||||
# time:
|
||||
#
|
||||
# o NF Instance Heartbeat (Default : 0)
|
||||
# NFs will not send heart-beat timer in NFProfile
|
||||
# NRF will send heart-beat timer in NFProfile
|
||||
# (Default values are used, so no configuration is required)
|
||||
#
|
||||
# o NF Instance Heartbeat (20 seconds)
|
||||
# NFs will send heart-beat timer (20 seconds) in NFProfile
|
||||
# NRF can change heart-beat timer in NFProfile
|
||||
#
|
||||
# time:
|
||||
# nf_instance:
|
||||
# heartbeat: 20
|
||||
#
|
||||
# o Message Wait Duration (Default : 10,000 ms = 10 seconds)
|
||||
# (Default values are used, so no configuration is required)
|
||||
#
|
||||
# o Message Wait Duration (3000 ms)
|
||||
# time:
|
||||
# message:
|
||||
# duration: 3000
|
||||
time:
|
||||
|
|
|
@ -1,75 +1,93 @@
|
|||
db_uri: mongodb://localhost/open5gs
|
||||
|
||||
#
|
||||
# logger:
|
||||
#
|
||||
# o Set OGS_LOG_INFO to all domain level
|
||||
# - If `level` is omitted, the default level is OGS_LOG_INFO)
|
||||
# - If `domain` is omitted, the all domain level is set from 'level'
|
||||
# (Nothing is needed)
|
||||
# (Default values are used, so no configuration is required)
|
||||
#
|
||||
# o Set OGS_LOG_ERROR to all domain level
|
||||
# - `level` can be set with none, fatal, error, warn, info, debug, trace
|
||||
# logger:
|
||||
# level: error
|
||||
#
|
||||
# o Set OGS_LOG_DEBUG to mme/emm domain level
|
||||
# logger:
|
||||
# level: debug
|
||||
# domain: mme,emm
|
||||
#
|
||||
# o Set OGS_LOG_TRACE to all domain level
|
||||
# logger:
|
||||
# level: trace
|
||||
# domain: core,sbi,udr,event,tlv,mem,sock
|
||||
# domain: core,sbi,ausf,event,tlv,mem,sock
|
||||
#
|
||||
logger:
|
||||
file: @localstatedir@/log/open5gs/udr.log
|
||||
|
||||
#
|
||||
# tls:
|
||||
# enabled: auto|yes|no
|
||||
# - auto: Default. Use TLS only if key/cert is available
|
||||
# - yes: Use TLS always;
|
||||
# reject if no key/cert available
|
||||
# - no: Don't use TLS if there is an key/cert available
|
||||
# o TLS enable/disable
|
||||
# sbi:
|
||||
# server|client:
|
||||
# no_tls: false|true
|
||||
# - false: (Default) Use TLS
|
||||
# - true: TLS disabled
|
||||
#
|
||||
# o Server-side Key and Certficiate
|
||||
# o Verification enable/disable
|
||||
# sbi:
|
||||
# server|client:
|
||||
# no_verify: false|true
|
||||
# - false: (Default) Verify the PEER
|
||||
# - true: Skip the verification step
|
||||
#
|
||||
# o Server-side does not use TLS
|
||||
# sbi:
|
||||
# server:
|
||||
# key: /etc/open5gs/tls/udr.key
|
||||
# cert: /etc/open5gs/tls/udr.crt
|
||||
# no_tls: true
|
||||
#
|
||||
# o Client-side does not use TLS
|
||||
# o Client-side skips the verification step
|
||||
# sbi:
|
||||
# client:
|
||||
# enabled: no
|
||||
# key: /etc/open5gs/tls/udr.key
|
||||
# cert: /etc/open5gs/tls/udr.crt
|
||||
# no_verify: true
|
||||
# key: /etc/open5gs/tls/amf.key
|
||||
# cert: /etc/open5gs/tls/amf.crt
|
||||
#
|
||||
# o Use the specified certificate to verify client
|
||||
# o Use the specified certificate while verifying the client
|
||||
# sbi:
|
||||
# server
|
||||
# cacert: /etc/open5gs/tls/ca.crt
|
||||
#
|
||||
# o Use the specified certificate to verify server
|
||||
# o Use the specified certificate while verifying the server
|
||||
# sbi:
|
||||
# client
|
||||
# cacert: /etc/open5gs/tls/ca.crt
|
||||
#
|
||||
tls:
|
||||
enabled: no
|
||||
sbi:
|
||||
server:
|
||||
no_tls: true
|
||||
cacert: @sysconfdir@/open5gs/tls/ca.crt
|
||||
key: @sysconfdir@/open5gs/tls/udr.key
|
||||
cert: @sysconfdir@/open5gs/tls/udr.crt
|
||||
client:
|
||||
no_tls: true
|
||||
cacert: @sysconfdir@/open5gs/tls/ca.crt
|
||||
key: @sysconfdir@/open5gs/tls/udr.key
|
||||
cert: @sysconfdir@/open5gs/tls/udr.crt
|
||||
|
||||
#
|
||||
# udr:
|
||||
#
|
||||
# <SBI Server>
|
||||
#
|
||||
# o SBI Server(http://<all address available>:80)
|
||||
# sbi:
|
||||
# server:
|
||||
# no_tls: true
|
||||
# bsf:
|
||||
# sbi:
|
||||
#
|
||||
# o SBI Server(http://<any address>:7777)
|
||||
# sbi:
|
||||
# server:
|
||||
# no_tls: true
|
||||
# bsf:
|
||||
# sbi:
|
||||
# - addr:
|
||||
# - 0.0.0.0
|
||||
|
@ -77,48 +95,67 @@ tls:
|
|||
# port: 7777
|
||||
#
|
||||
# o SBI Server(https://<all address available>:443)
|
||||
# tls:
|
||||
# sbi:
|
||||
# server:
|
||||
# key: /etc/open5gs/tls/udr.key
|
||||
# cert: /etc/open5gs/tls/udr.crt
|
||||
# udr:
|
||||
# key: /etc/open5gs/tls/bsf.key
|
||||
# cert: /etc/open5gs/tls/bsf.crt
|
||||
# bsf:
|
||||
# sbi:
|
||||
#
|
||||
# o SBI Server(http://127.0.0.5:80, http://[::1]:80)
|
||||
# tls:
|
||||
# enabled: no
|
||||
# o SBI Server(https://127.0.0.15:443, https://[::1]:443) without verification
|
||||
# sbi:
|
||||
# server:
|
||||
# key: /etc/open5gs/tls/udr.key
|
||||
# cert: /etc/open5gs/tls/udr.crt
|
||||
# udr:
|
||||
# no_verify: true
|
||||
# key: /etc/open5gs/tls/bsf.key
|
||||
# cert: /etc/open5gs/tls/bsf.crt
|
||||
# bsf:
|
||||
# sbi:
|
||||
# - addr: 127.0.0.5
|
||||
# - addr: 127.0.0.15
|
||||
# - addr: ::1
|
||||
#
|
||||
# o SBI Server(https://udr.open5gs.org:443)
|
||||
# Use the specified certificate to verify client
|
||||
# o SBI Server(https://bsf.open5gs.org:443)
|
||||
# Use the specified certificate while verifying the client
|
||||
#
|
||||
# tls:
|
||||
# sbi:
|
||||
# server:
|
||||
# cacert: /etc/open5gs/tls/ca.crt
|
||||
# udr:
|
||||
# key: /etc/open5gs/tls/bsf.key
|
||||
# cert: /etc/open5gs/tls/bsf.crt
|
||||
# bsf:
|
||||
# sbi:
|
||||
# - name: udr.open5gs.org
|
||||
# - name: bsf.open5gs.org
|
||||
#
|
||||
# o SBI Server(http://127.0.0.20:7777)
|
||||
# o SBI Server(http://127.0.0.15:7777)
|
||||
# sbi:
|
||||
# server:
|
||||
# no_tls: true
|
||||
# bsf:
|
||||
# sbi:
|
||||
# - addr: 127.0.0.20
|
||||
# - addr: 127.0.0.15
|
||||
# port: 7777
|
||||
#
|
||||
# o SBI Server(http://<eth0 IP address>:80)
|
||||
# sbi:
|
||||
# server:
|
||||
# no_tls: true
|
||||
# bsf:
|
||||
# sbi:
|
||||
# - dev: eth0
|
||||
#
|
||||
# o Provide custom SBI address to be advertised to NRF
|
||||
# sbi:
|
||||
# server:
|
||||
# no_tls: true
|
||||
# bsf:
|
||||
# sbi:
|
||||
# - dev: eth0
|
||||
# advertise: open5gs-udr.svc.local
|
||||
# advertise: open5gs-bsf.svc.local
|
||||
#
|
||||
# o Another example of advertising on NRF
|
||||
# sbi:
|
||||
# server:
|
||||
# no_tls: true
|
||||
# bsf:
|
||||
# sbi:
|
||||
# - addr: localhost
|
||||
# advertise:
|
||||
|
@ -129,20 +166,27 @@ tls:
|
|||
# - tcp_nodelay : true
|
||||
# - so_linger.l_onoff : false
|
||||
#
|
||||
# sbi:
|
||||
# server:
|
||||
# no_tls: true
|
||||
# bsf:
|
||||
# sbi:
|
||||
# addr: 127.0.0.20
|
||||
# addr: 127.0.0.15
|
||||
# option:
|
||||
# tcp_nodelay: false
|
||||
# so_linger:
|
||||
# l_onoff: true
|
||||
# l_linger: 10
|
||||
#
|
||||
#
|
||||
# <NF Service>
|
||||
#
|
||||
# o NF Service Name(Default : all NF services available)
|
||||
# udr:
|
||||
# service_name:
|
||||
#
|
||||
# o NF Service Name(Only some NF services are available)
|
||||
# udr:
|
||||
# service_name:
|
||||
# - nudr-dr
|
||||
#
|
||||
|
@ -150,12 +194,21 @@ tls:
|
|||
#
|
||||
# o (Default) If you do not set Query Parameter as shown below,
|
||||
#
|
||||
# sbi:
|
||||
# server:
|
||||
# no_tls: true
|
||||
# udr:
|
||||
# sbi:
|
||||
# - addr: 127.0.0.20
|
||||
# port: 7777
|
||||
#
|
||||
# - 'service-names' is included.
|
||||
#
|
||||
# o Service-Names are not included
|
||||
# sbi:
|
||||
# server:
|
||||
# no_tls: true
|
||||
# udr:
|
||||
# sbi:
|
||||
# - addr: 127.0.0.20
|
||||
# port: 7777
|
||||
|
@ -174,6 +227,10 @@ tls:
|
|||
#
|
||||
# o (Default) If you do not set Delegated Discovery as shown below,
|
||||
#
|
||||
# sbi:
|
||||
# server:
|
||||
# no_tls: true
|
||||
# udr:
|
||||
# sbi:
|
||||
# - addr: 127.0.0.20
|
||||
# port: 7777
|
||||
|
@ -181,6 +238,10 @@ tls:
|
|||
# - Use SCP if SCP avaiable. Otherwise NRF is used.
|
||||
# => App fails if both NRF and SCP are unavailable.
|
||||
#
|
||||
# sbi:
|
||||
# server:
|
||||
# no_tls: true
|
||||
# udr:
|
||||
# sbi:
|
||||
# - addr: 127.0.0.20
|
||||
# port: 7777
|
||||
|
@ -198,35 +259,48 @@ udr:
|
|||
- addr: 127.0.0.20
|
||||
port: 7777
|
||||
|
||||
#
|
||||
# scp:
|
||||
#
|
||||
# <SBI Client>>
|
||||
#
|
||||
# o SBI Client(http://127.0.1.10:7777)
|
||||
# sbi:
|
||||
# client:
|
||||
# no_tls: true
|
||||
# scp:
|
||||
# sbi:
|
||||
# addr: 127.0.1.10
|
||||
# port: 7777
|
||||
#
|
||||
# o SBI Client(https://127.0.1.10:443, http://scp.open5gs.org:80)
|
||||
# o SBI Client(https://127.0.1.10:443, https://[::1]:443) without verification
|
||||
# sbi:
|
||||
# client:
|
||||
# no_verify: true
|
||||
# key: /etc/open5gs/tls/amf.key
|
||||
# cert: /etc/open5gs/tls/amf.crt
|
||||
# scp:
|
||||
# sbi:
|
||||
# - addr: 127.0.1.10
|
||||
# tls:
|
||||
# key: /etc/open5gs/tls/udr.key
|
||||
# cert: /etc/open5gs/tls/udr.crt
|
||||
# - name: scp.open5gs.org
|
||||
# - addr: ::1
|
||||
#
|
||||
# o SBI Client(https://scp.open5gs.org:443)
|
||||
# Use the specified certificate to verify peer
|
||||
# Use the specified certificate while verifying the server
|
||||
#
|
||||
# sbi:
|
||||
# client:
|
||||
# cacert: /etc/open5gs/tls/ca.crt
|
||||
# key: /etc/open5gs/tls/amf.key
|
||||
# cert: /etc/open5gs/tls/amf.crt
|
||||
# scp:
|
||||
# sbi:
|
||||
# - name: scp.open5gs.org
|
||||
# tls:
|
||||
# cacert: /etc/open5gs/tls/ca.crt
|
||||
#
|
||||
# o SBI Client(http://[fd69:f21d:873c:fb::1]:80)
|
||||
# If prefer_ipv4 is true, http://127.0.1.10:80 is selected.
|
||||
#
|
||||
# sbi:
|
||||
# client:
|
||||
# no_tls: true
|
||||
# scp:
|
||||
# sbi:
|
||||
# addr:
|
||||
# - 127.0.1.10
|
||||
|
@ -236,6 +310,10 @@ udr:
|
|||
# - tcp_nodelay : true
|
||||
# - so_linger.l_onoff : false
|
||||
#
|
||||
# sbi:
|
||||
# client:
|
||||
# no_tls: true
|
||||
# scp:
|
||||
# sbi:
|
||||
# addr: 127.0.1.10
|
||||
# option:
|
||||
|
@ -250,32 +328,37 @@ scp:
|
|||
- addr: 127.0.1.10
|
||||
port: 7777
|
||||
|
||||
#
|
||||
# nrf:
|
||||
#
|
||||
# <SBI Client>>
|
||||
#
|
||||
# o SBI Client(http://127.0.0.10:7777)
|
||||
# sbi:
|
||||
# client:
|
||||
# no_tls: true
|
||||
# nrf:
|
||||
# sbi:
|
||||
# addr: 127.0.0.10
|
||||
# port: 7777
|
||||
#
|
||||
# o SBI Client(https://127.0.0.10:443, https://[::1]:443)
|
||||
# tls:
|
||||
# o SBI Client(https://127.0.0.10:443, https://[::1]:443) without verification
|
||||
# sbi:
|
||||
# client:
|
||||
# key: /etc/open5gs/tls/udr.key
|
||||
# cert: /etc/open5gs/tls/udr.crt
|
||||
# no_verify: true
|
||||
# key: /etc/open5gs/tls/amf.key
|
||||
# cert: /etc/open5gs/tls/amf.crt
|
||||
# nrf:
|
||||
# sbi:
|
||||
# - addr: 127.0.0.10
|
||||
# - addr: ::1
|
||||
#
|
||||
# o SBI Client(https://nrf.open5gs.org:443)
|
||||
# Use the specified certificate to verify server
|
||||
# Use the specified certificate while verifying the server
|
||||
#
|
||||
# tls:
|
||||
# sbi:
|
||||
# client:
|
||||
# cacert: /etc/open5gs/tls/ca.crt
|
||||
# key: /etc/open5gs/tls/amf.key
|
||||
# cert: /etc/open5gs/tls/amf.crt
|
||||
# nrf:
|
||||
# sbi:
|
||||
# - name: nrf.open5gs.org
|
||||
|
@ -292,6 +375,10 @@ scp:
|
|||
# - tcp_nodelay : true
|
||||
# - so_linger.l_onoff : false
|
||||
#
|
||||
# sbi:
|
||||
# client:
|
||||
# no_tls: true
|
||||
# nrf:
|
||||
# sbi:
|
||||
# addr: 127.0.0.10
|
||||
# option:
|
||||
|
@ -307,55 +394,51 @@ scp:
|
|||
# - ::1
|
||||
# port: 7777
|
||||
|
||||
#
|
||||
# parameter:
|
||||
#
|
||||
# o Disable use of IPv4 addresses (only IPv6)
|
||||
# no_ipv4: true
|
||||
# parameter:
|
||||
# no_ipv4: true
|
||||
#
|
||||
# o Disable use of IPv6 addresses (only IPv4)
|
||||
# no_ipv6: true
|
||||
# parameter:
|
||||
# no_ipv6: true
|
||||
#
|
||||
# o Prefer IPv4 instead of IPv6 for estabishing new GTP connections.
|
||||
# prefer_ipv4: true
|
||||
# parameter:
|
||||
# prefer_ipv4: true
|
||||
#
|
||||
parameter:
|
||||
|
||||
#
|
||||
# max:
|
||||
#
|
||||
# o Maximum Number of UE
|
||||
# o Maximum Number of UE
|
||||
# max:
|
||||
# ue: 1024
|
||||
# o Maximum Number of Peer(S1AP/NGAP, DIAMETER, GTP, PFCP or SBI)
|
||||
#
|
||||
# o Maximum Number of Peer(S1AP/NGAP, DIAMETER, GTP, PFCP or SBI)
|
||||
# max:
|
||||
# peer: 64
|
||||
#
|
||||
max:
|
||||
|
||||
#
|
||||
# time:
|
||||
#
|
||||
# o NF Instance Heartbeat (Default : 0)
|
||||
# NFs will not send heart-beat timer in NFProfile
|
||||
# NRF will send heart-beat timer in NFProfile
|
||||
# (Default values are used, so no configuration is required)
|
||||
#
|
||||
# o NF Instance Heartbeat (20 seconds)
|
||||
# NFs will send heart-beat timer (20 seconds) in NFProfile
|
||||
# NRF can change heart-beat timer in NFProfile
|
||||
#
|
||||
# time:
|
||||
# nf_instance:
|
||||
# heartbeat: 20
|
||||
#
|
||||
# o NF Instance Heartbeat (Disabled)
|
||||
# nf_instance:
|
||||
# heartbeat: 0
|
||||
#
|
||||
# o NF Instance Heartbeat (10 seconds)
|
||||
# nf_instance:
|
||||
# heartbeat: 10
|
||||
#
|
||||
# o Message Wait Duration (Default : 10,000 ms = 10 seconds)
|
||||
# (Default values are used, so no configuration is required)
|
||||
#
|
||||
# o Message Wait Duration (3000 ms)
|
||||
# time:
|
||||
# message:
|
||||
# duration: 3000
|
||||
time:
|
||||
|
|
|
@ -1,43 +1,45 @@
|
|||
#
|
||||
# logger:
|
||||
#
|
||||
# o Set OGS_LOG_INFO to all domain level
|
||||
# - If `level` is omitted, the default level is OGS_LOG_INFO)
|
||||
# - If `domain` is omitted, the all domain level is set from 'level'
|
||||
# (Nothing is needed)
|
||||
# (Default values are used, so no configuration is required)
|
||||
#
|
||||
# o Set OGS_LOG_ERROR to all domain level
|
||||
# - `level` can be set with none, fatal, error, warn, info, debug, trace
|
||||
# logger:
|
||||
# level: error
|
||||
#
|
||||
# o Set OGS_LOG_DEBUG to mme/emm domain level
|
||||
# logger:
|
||||
# level: debug
|
||||
# domain: mme,emm
|
||||
#
|
||||
# o Set OGS_LOG_TRACE to all domain level
|
||||
# logger:
|
||||
# level: trace
|
||||
# domain: core,pfcp,gtp,upf,event,tlv,mem,sock
|
||||
# domain: core,sbi,ausf,event,tlv,mem,sock
|
||||
#
|
||||
logger:
|
||||
file: @localstatedir@/log/open5gs/upf.log
|
||||
|
||||
#
|
||||
# upf:
|
||||
#
|
||||
# <PFCP Server>
|
||||
#
|
||||
# o PFCP Server(127.0.0.7:8805, ::1:8805)
|
||||
# upf:
|
||||
# pfcp:
|
||||
# - addr: 127.0.0.7
|
||||
# - addr: ::1
|
||||
#
|
||||
# o PFCP-U Server(127.0.0.1:2152, [::1]:2152)
|
||||
# upf:
|
||||
# pfcp:
|
||||
# name: localhost
|
||||
#
|
||||
# o PFCP Option (Default)
|
||||
# - so_bindtodevice : NULL
|
||||
#
|
||||
# upf:
|
||||
# pfcp:
|
||||
# addr: 127.0.0.7
|
||||
# option:
|
||||
|
@ -46,15 +48,18 @@ logger:
|
|||
# <GTP-U Server>>
|
||||
#
|
||||
# o GTP-U Server(127.0.0.7:2152, [::1]:2152)
|
||||
# upf:
|
||||
# gtpu:
|
||||
# - addr: 127.0.0.7
|
||||
# - addr: ::1
|
||||
#
|
||||
# o GTP-U Server(127.0.0.1:2152, [::1]:2152)
|
||||
# upf:
|
||||
# gtpu:
|
||||
# name: localhost
|
||||
#
|
||||
# o User Plane IP Resource information
|
||||
# upf:
|
||||
# gtpu:
|
||||
# - addr:
|
||||
# - 127.0.0.7
|
||||
|
@ -70,20 +75,24 @@ logger:
|
|||
# source_interface: 1
|
||||
#
|
||||
# o Provide custom UPF GTP-U address to be advertised inside NGAP messages
|
||||
# upf:
|
||||
# gtpu:
|
||||
# - addr: 10.4.128.21
|
||||
# advertise: 172.24.15.30
|
||||
#
|
||||
# upf:
|
||||
# gtpu:
|
||||
# - addr: 10.4.128.21
|
||||
# advertise:
|
||||
# - 127.0.0.1
|
||||
# - ::1
|
||||
#
|
||||
# upf:
|
||||
# gtpu:
|
||||
# - addr: 10.4.128.21
|
||||
# advertise: upf1.5gc.mnc001.mcc001.3gppnetwork.org
|
||||
#
|
||||
# upf:
|
||||
# gtpu:
|
||||
# - dev: ens3
|
||||
# advertise: upf1.5gc.mnc001.mcc001.3gppnetwork.org
|
||||
|
@ -91,6 +100,7 @@ logger:
|
|||
# o GTP-U Option (Default)
|
||||
# - so_bindtodevice : NULL
|
||||
#
|
||||
# upf:
|
||||
# gtpu:
|
||||
# addr: 127.0.0.7
|
||||
# option:
|
||||
|
@ -104,6 +114,7 @@ logger:
|
|||
# o IPv4 Pool
|
||||
# $ sudo ip addr add 10.45.0.1/16 dev ogstun
|
||||
#
|
||||
# upf:
|
||||
# subnet:
|
||||
# addr: 10.45.0.1/16
|
||||
#
|
||||
|
@ -111,6 +122,7 @@ logger:
|
|||
# $ sudo ip addr add 10.45.0.1/16 dev ogstun
|
||||
# $ sudo ip addr add 2001:db8:cafe::1/48 dev ogstun
|
||||
#
|
||||
# upf:
|
||||
# subnet:
|
||||
# - addr: 10.45.0.1/16
|
||||
# - addr: 2001:db8:cafe::1/48
|
||||
|
@ -125,6 +137,7 @@ logger:
|
|||
#
|
||||
# ; If the UE has unknown DNN/APN(not internet/ims), SMF/UPF will crash.
|
||||
#
|
||||
# upf:
|
||||
# subnet:
|
||||
# - addr: 10.45.0.1/16
|
||||
# dnn: internet
|
||||
|
@ -138,6 +151,7 @@ logger:
|
|||
# o Specific DNN/APN with the FALLBACK SUBNET(10.47.0.1/16)
|
||||
# ; Note that put the FALLBACK SUBNET last to avoid SMF/UPF crash.
|
||||
#
|
||||
# upf:
|
||||
# subnet:
|
||||
# - addr: 10.45.0.1/16
|
||||
# dnn: internet
|
||||
|
@ -151,6 +165,7 @@ logger:
|
|||
# $ sudo ip addr add 10.46.0.1/16 dev ogstun3
|
||||
# $ sudo ip addr add 2001:db8:babe::1/48 dev ogstun3
|
||||
#
|
||||
# upf:
|
||||
# subnet:
|
||||
# - addr: 10.45.0.1/16
|
||||
# dnn: internet
|
||||
|
@ -167,6 +182,7 @@ logger:
|
|||
# <Metrics Server>
|
||||
#
|
||||
# o Metrics Server(http://<any address>:9090)
|
||||
# upf:
|
||||
# metrics:
|
||||
# - addr: 0.0.0.0
|
||||
# port: 9090
|
||||
|
@ -183,51 +199,52 @@ upf:
|
|||
- addr: 127.0.0.7
|
||||
port: 9090
|
||||
|
||||
#
|
||||
# smf:
|
||||
#
|
||||
# <PFCP Client>>
|
||||
#
|
||||
# o PFCP Client(127.0.0.4:8805)
|
||||
#
|
||||
# smf:
|
||||
# pfcp:
|
||||
# addr: 127.0.0.4
|
||||
#
|
||||
smf:
|
||||
|
||||
#
|
||||
# parameter:
|
||||
#
|
||||
# o Number of output streams per SCTP associations.
|
||||
# sctp_streams: 30
|
||||
# parameter:
|
||||
# sctp_streams: 30
|
||||
#
|
||||
# o Disable use of IPv4 addresses (only IPv6)
|
||||
# no_ipv4: true
|
||||
# parameter:
|
||||
# no_ipv4: true
|
||||
#
|
||||
# o Disable use of IPv6 addresses (only IPv4)
|
||||
# no_ipv6: true
|
||||
# parameter:
|
||||
# no_ipv6: true
|
||||
#
|
||||
# o Prefer IPv4 instead of IPv6 for estabishing new GTP connections.
|
||||
# prefer_ipv4: true
|
||||
# parameter:
|
||||
# prefer_ipv4: true
|
||||
#
|
||||
parameter:
|
||||
|
||||
#
|
||||
# max:
|
||||
#
|
||||
# o Maximum Number of UE
|
||||
# ue: 1024
|
||||
# max:
|
||||
# ue: 1024
|
||||
#
|
||||
# o Maximum Number of Peer(S1AP/NGAP, DIAMETER, GTP, PFCP or SBI)
|
||||
# peer: 64
|
||||
# max:
|
||||
# peer: 64
|
||||
#
|
||||
max:
|
||||
|
||||
#
|
||||
# time:
|
||||
#
|
||||
# o Message Wait Duration (Default : 10,000 ms = 10 seconds)
|
||||
# (Default values are used, so no configuration is required)
|
||||
#
|
||||
# o Message Wait Duration (3000 ms)
|
||||
# time:
|
||||
# message:
|
||||
# duration: 3000
|
||||
time:
|
||||
|
|
|
@ -2,13 +2,14 @@ db_uri: mongodb://localhost/open5gs
|
|||
|
||||
logger:
|
||||
|
||||
tls:
|
||||
enabled: no
|
||||
sbi:
|
||||
server:
|
||||
no_tls: true
|
||||
cacert: @build_configs_dir@/open5gs/tls/ca.crt
|
||||
key: @build_configs_dir@/open5gs/tls/testserver.key
|
||||
cert: @build_configs_dir@/open5gs/tls/testserver.crt
|
||||
client:
|
||||
no_tls: true
|
||||
cacert: @build_configs_dir@/open5gs/tls/ca.crt
|
||||
key: @build_configs_dir@/open5gs/tls/testclient.key
|
||||
cert: @build_configs_dir@/open5gs/tls/testclient.crt
|
||||
|
|
|
@ -2,13 +2,14 @@ db_uri: mongodb://localhost/open5gs
|
|||
|
||||
logger:
|
||||
|
||||
tls:
|
||||
enabled: no
|
||||
sbi:
|
||||
server:
|
||||
no_tls: true
|
||||
cacert: @build_configs_dir@/open5gs/tls/ca.crt
|
||||
key: @build_configs_dir@/open5gs/tls/testserver.key
|
||||
cert: @build_configs_dir@/open5gs/tls/testserver.crt
|
||||
client:
|
||||
no_tls: true
|
||||
cacert: @build_configs_dir@/open5gs/tls/ca.crt
|
||||
key: @build_configs_dir@/open5gs/tls/testclient.key
|
||||
cert: @build_configs_dir@/open5gs/tls/testclient.crt
|
||||
|
|
|
@ -2,13 +2,14 @@ db_uri: mongodb://localhost/open5gs
|
|||
|
||||
logger:
|
||||
|
||||
tls:
|
||||
enabled: no
|
||||
sbi:
|
||||
server:
|
||||
no_tls: true
|
||||
cacert: @build_configs_dir@/open5gs/tls/ca.crt
|
||||
key: @build_configs_dir@/open5gs/tls/testserver.key
|
||||
cert: @build_configs_dir@/open5gs/tls/testserver.crt
|
||||
client:
|
||||
no_tls: true
|
||||
cacert: @build_configs_dir@/open5gs/tls/ca.crt
|
||||
key: @build_configs_dir@/open5gs/tls/testclient.key
|
||||
cert: @build_configs_dir@/open5gs/tls/testclient.crt
|
||||
|
|
|
@ -2,13 +2,14 @@ db_uri: mongodb://localhost/open5gs
|
|||
|
||||
logger:
|
||||
|
||||
tls:
|
||||
enabled: no
|
||||
sbi:
|
||||
server:
|
||||
no_tls: true
|
||||
cacert: @build_configs_dir@/open5gs/tls/ca.crt
|
||||
key: @build_configs_dir@/open5gs/tls/testserver.key
|
||||
cert: @build_configs_dir@/open5gs/tls/testserver.crt
|
||||
client:
|
||||
no_tls: true
|
||||
cacert: @build_configs_dir@/open5gs/tls/ca.crt
|
||||
key: @build_configs_dir@/open5gs/tls/testclient.key
|
||||
cert: @build_configs_dir@/open5gs/tls/testclient.crt
|
||||
|
|
|
@ -2,13 +2,14 @@ db_uri: mongodb://localhost/open5gs
|
|||
|
||||
logger:
|
||||
|
||||
tls:
|
||||
enabled: no
|
||||
sbi:
|
||||
server:
|
||||
no_tls: true
|
||||
cacert: @build_configs_dir@/open5gs/tls/ca.crt
|
||||
key: @build_configs_dir@/open5gs/tls/testserver.key
|
||||
cert: @build_configs_dir@/open5gs/tls/testserver.crt
|
||||
client:
|
||||
no_tls: true
|
||||
cacert: @build_configs_dir@/open5gs/tls/ca.crt
|
||||
key: @build_configs_dir@/open5gs/tls/testclient.key
|
||||
cert: @build_configs_dir@/open5gs/tls/testclient.crt
|
||||
|
|
|
@ -532,6 +532,67 @@ int ogs_app_context_parse_config(void)
|
|||
} else
|
||||
ogs_warn("unknown key `%s`", time_key);
|
||||
}
|
||||
} else if (!strcmp(root_key, "sbi")) {
|
||||
ogs_yaml_iter_t tls_iter;
|
||||
ogs_yaml_iter_recurse(&root_iter, &tls_iter);
|
||||
while (ogs_yaml_iter_next(&tls_iter)) {
|
||||
const char *tls_key = ogs_yaml_iter_key(&tls_iter);
|
||||
ogs_assert(tls_key);
|
||||
if (!strcmp(tls_key, "server")) {
|
||||
ogs_yaml_iter_t server_iter;
|
||||
ogs_yaml_iter_recurse(&tls_iter, &server_iter);
|
||||
|
||||
while (ogs_yaml_iter_next(&server_iter)) {
|
||||
const char *server_key =
|
||||
ogs_yaml_iter_key(&server_iter);
|
||||
ogs_assert(server_key);
|
||||
if (!strcmp(server_key, "no_tls")) {
|
||||
self.sbi.server.no_tls =
|
||||
ogs_yaml_iter_bool(&server_iter);
|
||||
} else if (!strcmp(server_key, "no_verify")) {
|
||||
self.sbi.server.no_verify =
|
||||
ogs_yaml_iter_bool(&server_iter);
|
||||
} else if (!strcmp(server_key, "cacert")) {
|
||||
self.sbi.server.cacert =
|
||||
ogs_yaml_iter_value(&server_iter);
|
||||
} else if (!strcmp(server_key, "cert")) {
|
||||
self.sbi.server.cert =
|
||||
ogs_yaml_iter_value(&server_iter);
|
||||
} else if (!strcmp(server_key, "key")) {
|
||||
self.sbi.server.key =
|
||||
ogs_yaml_iter_value(&server_iter);
|
||||
} else
|
||||
ogs_warn("unknown key `%s`", server_key);
|
||||
}
|
||||
} else if (!strcmp(tls_key, "client")) {
|
||||
ogs_yaml_iter_t client_iter;
|
||||
ogs_yaml_iter_recurse(&tls_iter, &client_iter);
|
||||
|
||||
while (ogs_yaml_iter_next(&client_iter)) {
|
||||
const char *client_key =
|
||||
ogs_yaml_iter_key(&client_iter);
|
||||
ogs_assert(client_key);
|
||||
if (!strcmp(client_key, "no_tls")) {
|
||||
self.sbi.client.no_tls =
|
||||
ogs_yaml_iter_bool(&client_iter);
|
||||
} else if (!strcmp(client_key, "no_verify")) {
|
||||
self.sbi.client.no_verify =
|
||||
ogs_yaml_iter_bool(&client_iter);
|
||||
} else if (!strcmp(client_key, "cacert")) {
|
||||
self.sbi.client.cacert =
|
||||
ogs_yaml_iter_value(&client_iter);
|
||||
} else if (!strcmp(client_key, "cert")) {
|
||||
self.sbi.client.cert =
|
||||
ogs_yaml_iter_value(&client_iter);
|
||||
} else if (!strcmp(client_key, "key")) {
|
||||
self.sbi.client.key =
|
||||
ogs_yaml_iter_value(&client_iter);
|
||||
} else
|
||||
ogs_warn("unknown key `%s`", client_key);
|
||||
}
|
||||
} else
|
||||
ogs_warn("unknown key `%s`", tls_key);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -28,6 +28,12 @@
|
|||
extern "C" {
|
||||
#endif
|
||||
|
||||
typedef enum {
|
||||
OGS_SBI_TLS_ENABLED_AUTO = 0,
|
||||
OGS_SBI_TLS_ENABLED_YES,
|
||||
OGS_SBI_TLS_ENABLED_NO,
|
||||
} ogs_sbi_tls_enabled_mode_e;
|
||||
|
||||
typedef struct ogs_app_context_s {
|
||||
const char *version;
|
||||
|
||||
|
@ -171,15 +177,23 @@ typedef struct ogs_app_context_s {
|
|||
struct metrics {
|
||||
uint64_t max_specs;
|
||||
} metrics;
|
||||
|
||||
struct {
|
||||
struct {
|
||||
bool no_tls;
|
||||
bool no_verify;
|
||||
const char *cacert;
|
||||
const char *cert;
|
||||
const char *key;
|
||||
} server, client;
|
||||
} sbi;
|
||||
|
||||
} ogs_app_context_t;
|
||||
|
||||
int ogs_app_context_init(void);
|
||||
void ogs_app_context_final(void);
|
||||
ogs_app_context_t *ogs_app(void);
|
||||
|
||||
bool ogs_app_tls_server_enabled(void);
|
||||
bool ogs_app_tls_client_enabled(void);
|
||||
|
||||
int ogs_app_context_parse_config(void);
|
||||
|
||||
#ifdef __cplusplus
|
||||
|
|
|
@ -384,8 +384,24 @@ static connection_t *connection_add(
|
|||
|
||||
curl_easy_setopt(conn->easy, CURLOPT_BUFFERSIZE, OGS_MAX_SDU_LEN);
|
||||
|
||||
curl_easy_setopt(conn->easy, CURLOPT_SSL_VERIFYPEER, 0);
|
||||
curl_easy_setopt(conn->easy, CURLOPT_SSL_VERIFYHOST, 0);
|
||||
if (ogs_app()->sbi.client.no_tls == false) {
|
||||
ogs_assert(ogs_app()->sbi.client.key);
|
||||
ogs_assert(ogs_app()->sbi.client.cert);
|
||||
curl_easy_setopt(conn->easy, CURLOPT_SSLKEY,
|
||||
ogs_app()->sbi.client.key);
|
||||
curl_easy_setopt(conn->easy, CURLOPT_SSLCERT,
|
||||
ogs_app()->sbi.client.cert);
|
||||
|
||||
if (ogs_app()->sbi.client.no_verify == false) {
|
||||
if (ogs_app()->sbi.client.cacert) {
|
||||
curl_easy_setopt(conn->easy, CURLOPT_CAINFO,
|
||||
ogs_app()->sbi.client.cacert);
|
||||
}
|
||||
} else {
|
||||
curl_easy_setopt(conn->easy, CURLOPT_SSL_VERIFYPEER, 0);
|
||||
curl_easy_setopt(conn->easy, CURLOPT_SSL_VERIFYHOST, 0);
|
||||
}
|
||||
}
|
||||
|
||||
/* HTTP Method */
|
||||
if (strcmp(request->h.method, OGS_SBI_HTTP_METHOD_PUT) == 0 ||
|
||||
|
|
|
@ -120,44 +120,6 @@ ogs_sbi_context_t *ogs_sbi_self(void)
|
|||
return &self;
|
||||
}
|
||||
|
||||
bool ogs_app_tls_server_enabled(void)
|
||||
{
|
||||
if (self.tls.enabled == OGS_SBI_TLS_ENABLED_AUTO) {
|
||||
if (self.tls.server.key && self.tls.server.cert)
|
||||
return true;
|
||||
else
|
||||
return false;
|
||||
} else if (self.tls.enabled == OGS_SBI_TLS_ENABLED_YES) {
|
||||
ogs_assert(self.tls.server.key);
|
||||
ogs_assert(self.tls.server.cert);
|
||||
return true;
|
||||
} else if (self.tls.enabled == OGS_SBI_TLS_ENABLED_NO) {
|
||||
return false;
|
||||
} else {
|
||||
ogs_error("Unknown TLS enabled mode [%d]", self.tls.enabled);
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
bool ogs_app_tls_client_enabled(void)
|
||||
{
|
||||
if (self.tls.enabled == OGS_SBI_TLS_ENABLED_AUTO) {
|
||||
if (self.tls.client.key && self.tls.client.cert)
|
||||
return true;
|
||||
else
|
||||
return false;
|
||||
} else if (self.tls.enabled == OGS_SBI_TLS_ENABLED_YES) {
|
||||
ogs_assert(self.tls.client.key);
|
||||
ogs_assert(self.tls.client.cert);
|
||||
return true;
|
||||
} else if (self.tls.enabled == OGS_SBI_TLS_ENABLED_NO) {
|
||||
return false;
|
||||
} else {
|
||||
ogs_error("Unknown TLS enabled mode [%d]", self.tls.enabled);
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
static int ogs_sbi_context_prepare(void)
|
||||
{
|
||||
self.sbi_port = OGS_SBI_HTTP_PORT;
|
||||
|
@ -166,8 +128,6 @@ static int ogs_sbi_context_prepare(void)
|
|||
self.content_encoding = "gzip";
|
||||
#endif
|
||||
|
||||
self.tls.enabled = OGS_SBI_TLS_ENABLED_AUTO;
|
||||
|
||||
return OGS_OK;
|
||||
}
|
||||
|
||||
|
@ -221,27 +181,29 @@ static int ogs_sbi_context_validation(
|
|||
ogs_assert_if_reached();
|
||||
}
|
||||
|
||||
if (self.tls.enabled == OGS_SBI_TLS_ENABLED_YES) {
|
||||
|
||||
if (!self.tls.server.key) {
|
||||
ogs_error("No Server Key");
|
||||
if (ogs_app()->sbi.server.no_tls == false) {
|
||||
if (!ogs_app()->sbi.server.key) {
|
||||
ogs_error("TLS enabled but no server key");
|
||||
return OGS_ERROR;
|
||||
}
|
||||
if (!self.tls.server.cert) {
|
||||
ogs_error("No Server Certificate");
|
||||
return OGS_ERROR;
|
||||
}
|
||||
|
||||
if (!self.tls.client.key) {
|
||||
ogs_error("No Client Key");
|
||||
return OGS_ERROR;
|
||||
}
|
||||
if (!self.tls.client.cert) {
|
||||
ogs_error("No Client Certificate");
|
||||
if (!ogs_app()->sbi.server.cert) {
|
||||
ogs_error("TLS enabled but no server certificate");
|
||||
return OGS_ERROR;
|
||||
}
|
||||
}
|
||||
|
||||
if (ogs_app()->sbi.client.no_tls == false) {
|
||||
if (!ogs_app()->sbi.client.key) {
|
||||
ogs_error("TLS enabled but no client key");
|
||||
return OGS_ERROR;
|
||||
}
|
||||
if (!ogs_app()->sbi.client.cert) {
|
||||
ogs_error("TLS enabled but no client certificate");
|
||||
return OGS_ERROR;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
return OGS_OK;
|
||||
}
|
||||
|
||||
|
@ -622,7 +584,7 @@ int ogs_sbi_context_parse_config(
|
|||
if (addr == NULL) continue;
|
||||
|
||||
client = ogs_sbi_client_add(
|
||||
ogs_app_tls_client_enabled() == true ?
|
||||
ogs_app()->sbi.client.no_tls == false ?
|
||||
OpenAPI_uri_scheme_https :
|
||||
OpenAPI_uri_scheme_http,
|
||||
addr);
|
||||
|
@ -728,7 +690,7 @@ int ogs_sbi_context_parse_config(
|
|||
if (addr == NULL) continue;
|
||||
|
||||
client = ogs_sbi_client_add(
|
||||
ogs_app_tls_client_enabled() == true ?
|
||||
ogs_app()->sbi.client.no_tls == false ?
|
||||
OpenAPI_uri_scheme_https :
|
||||
OpenAPI_uri_scheme_http,
|
||||
addr);
|
||||
|
@ -741,65 +703,6 @@ int ogs_sbi_context_parse_config(
|
|||
YAML_SEQUENCE_NODE);
|
||||
}
|
||||
}
|
||||
} else if (!strcmp(root_key, "tls")) {
|
||||
ogs_yaml_iter_t tls_iter;
|
||||
ogs_yaml_iter_recurse(&root_iter, &tls_iter);
|
||||
while (ogs_yaml_iter_next(&tls_iter)) {
|
||||
const char *tls_key = ogs_yaml_iter_key(&tls_iter);
|
||||
ogs_assert(tls_key);
|
||||
if (!strcmp(tls_key, "enabled")) {
|
||||
const char *v = ogs_yaml_iter_value(&tls_iter);
|
||||
if (!strcmp(v, "auto"))
|
||||
self.tls.enabled = OGS_SBI_TLS_ENABLED_AUTO;
|
||||
else if (!strcmp(v, "yes"))
|
||||
self.tls.enabled = OGS_SBI_TLS_ENABLED_YES;
|
||||
else if (!strcmp(v, "no"))
|
||||
self.tls.enabled = OGS_SBI_TLS_ENABLED_NO;
|
||||
else
|
||||
ogs_warn("unknown 'tls.enabled' value `%s`", v);
|
||||
} else if (!strcmp(tls_key, "server")) {
|
||||
ogs_yaml_iter_t server_iter;
|
||||
ogs_yaml_iter_recurse(&tls_iter, &server_iter);
|
||||
|
||||
while (ogs_yaml_iter_next(&server_iter)) {
|
||||
const char *server_key =
|
||||
ogs_yaml_iter_key(&server_iter);
|
||||
ogs_assert(server_key);
|
||||
if (!strcmp(server_key, "cacert")) {
|
||||
self.tls.server.cacert =
|
||||
ogs_yaml_iter_value(&server_iter);
|
||||
} else if (!strcmp(server_key, "cert")) {
|
||||
self.tls.server.cert =
|
||||
ogs_yaml_iter_value(&server_iter);
|
||||
} else if (!strcmp(server_key, "key")) {
|
||||
self.tls.server.key =
|
||||
ogs_yaml_iter_value(&server_iter);
|
||||
} else
|
||||
ogs_warn("unknown key `%s`", server_key);
|
||||
}
|
||||
} else if (!strcmp(tls_key, "client")) {
|
||||
ogs_yaml_iter_t client_iter;
|
||||
ogs_yaml_iter_recurse(&tls_iter, &client_iter);
|
||||
|
||||
while (ogs_yaml_iter_next(&client_iter)) {
|
||||
const char *client_key =
|
||||
ogs_yaml_iter_key(&client_iter);
|
||||
ogs_assert(client_key);
|
||||
if (!strcmp(client_key, "cacert")) {
|
||||
self.tls.client.cacert =
|
||||
ogs_yaml_iter_value(&client_iter);
|
||||
} else if (!strcmp(client_key, "cert")) {
|
||||
self.tls.client.cert =
|
||||
ogs_yaml_iter_value(&client_iter);
|
||||
} else if (!strcmp(client_key, "key")) {
|
||||
self.tls.client.key =
|
||||
ogs_yaml_iter_value(&client_iter);
|
||||
} else
|
||||
ogs_warn("unknown key `%s`", client_key);
|
||||
}
|
||||
} else
|
||||
ogs_warn("unknown key `%s`", tls_key);
|
||||
}
|
||||
} else if (!strcmp(root_key, "hnet")) {
|
||||
ogs_yaml_iter_t hnet_array, hnet_iter;
|
||||
ogs_yaml_iter_recurse(&root_iter, &hnet_array);
|
||||
|
@ -1480,7 +1383,7 @@ ogs_sbi_nf_service_t *ogs_sbi_nf_service_build_default(
|
|||
ogs_uuid_format(id, &uuid);
|
||||
|
||||
nf_service = ogs_sbi_nf_service_add(nf_instance, id, name,
|
||||
ogs_app_tls_server_enabled() == true ?
|
||||
ogs_app()->sbi.server.no_tls == false ?
|
||||
OpenAPI_uri_scheme_https :
|
||||
OpenAPI_uri_scheme_http);
|
||||
ogs_assert(nf_service);
|
||||
|
@ -1571,7 +1474,7 @@ static ogs_sbi_client_t *nf_instance_find_client(
|
|||
ogs_sockaddr_t *addr = NULL;
|
||||
OpenAPI_uri_scheme_e scheme = OpenAPI_uri_scheme_NULL;
|
||||
|
||||
scheme = ogs_app_tls_client_enabled() == true ?
|
||||
scheme = ogs_app()->sbi.client.no_tls == false ?
|
||||
OpenAPI_uri_scheme_https : OpenAPI_uri_scheme_http;
|
||||
|
||||
if (nf_instance->fqdn)
|
||||
|
|
|
@ -46,24 +46,9 @@ typedef struct ogs_sbi_discovery_config_s {
|
|||
bool prefer_requester_nf_instance_id;
|
||||
} ogs_sbi_discovery_config_t;
|
||||
|
||||
typedef enum {
|
||||
OGS_SBI_TLS_ENABLED_AUTO = 0,
|
||||
OGS_SBI_TLS_ENABLED_YES,
|
||||
OGS_SBI_TLS_ENABLED_NO,
|
||||
} ogs_sbi_tls_enabled_mode_e;
|
||||
|
||||
typedef struct ogs_sbi_context_s {
|
||||
ogs_sbi_discovery_config_t discovery_config; /* SCP Discovery Delegated */
|
||||
|
||||
struct {
|
||||
ogs_sbi_tls_enabled_mode_e enabled;
|
||||
struct {
|
||||
const char *cacert;
|
||||
const char *cert;
|
||||
const char *key;
|
||||
} server, client;
|
||||
} tls;
|
||||
|
||||
#define OGS_HOME_NETWORK_PKI_VALUE_MIN 1
|
||||
#define OGS_HOME_NETWORK_PKI_VALUE_MAX 254
|
||||
|
||||
|
|
|
@ -340,7 +340,7 @@ char *ogs_sbi_server_uri(ogs_sbi_server_t *server, ogs_sbi_header_t *h)
|
|||
advertise = server->node.addr;
|
||||
ogs_assert(advertise);
|
||||
|
||||
return ogs_uridup(ogs_app_tls_server_enabled() == true, advertise, h);
|
||||
return ogs_uridup(ogs_app()->sbi.server.no_tls == false, advertise, h);
|
||||
}
|
||||
|
||||
char *ogs_sbi_client_uri(ogs_sbi_client_t *client, ogs_sbi_header_t *h)
|
||||
|
@ -348,7 +348,7 @@ char *ogs_sbi_client_uri(ogs_sbi_client_t *client, ogs_sbi_header_t *h)
|
|||
ogs_assert(client);
|
||||
|
||||
return ogs_uridup(
|
||||
ogs_app_tls_client_enabled() == true &&
|
||||
ogs_app()->sbi.client.no_tls == false &&
|
||||
client->scheme == OpenAPI_uri_scheme_https,
|
||||
client->node.addr, h);
|
||||
}
|
||||
|
|
|
@ -119,7 +119,8 @@ static void server_final(void)
|
|||
|
||||
#ifndef OPENSSL_NO_NEXTPROTONEG
|
||||
static int next_proto_cb(SSL *ssl, const unsigned char **data,
|
||||
unsigned int *len, void *arg) {
|
||||
unsigned int *len, void *arg)
|
||||
{
|
||||
static unsigned char next_proto_list[256];
|
||||
(void)ssl;
|
||||
(void)arg;
|
||||
|
@ -136,7 +137,8 @@ static int next_proto_cb(SSL *ssl, const unsigned char **data,
|
|||
#if OPENSSL_VERSION_NUMBER >= 0x10002000L
|
||||
static int alpn_select_proto_cb(SSL *ssl, const unsigned char **out,
|
||||
unsigned char *outlen, const unsigned char *in,
|
||||
unsigned int inlen, void *arg) {
|
||||
unsigned int inlen, void *arg)
|
||||
{
|
||||
int rv;
|
||||
(void)ssl;
|
||||
(void)arg;
|
||||
|
@ -150,18 +152,75 @@ static int alpn_select_proto_cb(SSL *ssl, const unsigned char **out,
|
|||
}
|
||||
#endif /* OPENSSL_VERSION_NUMBER >= 0x10002000L */
|
||||
|
||||
static SSL_CTX *create_ssl_ctx(const char *key_file, const char *cert_file) {
|
||||
static int ssl_ctx_set_proto_versions(SSL_CTX *ssl_ctx, int min, int max)
|
||||
{
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x1010000fL
|
||||
if (SSL_CTX_set_min_proto_version(ssl_ctx, min) != 1 ||
|
||||
SSL_CTX_set_max_proto_version(ssl_ctx, max) != 1) {
|
||||
return -1;
|
||||
}
|
||||
return 0;
|
||||
#else /* !(OPENSSL_VERSION_NUMBER >= 0x1010000fL) */
|
||||
long int opts = 0;
|
||||
|
||||
// TODO We depends on the ordering of protocol version macro in
|
||||
// OpenSSL.
|
||||
if (min > TLS1_VERSION) {
|
||||
opts |= SSL_OP_NO_TLSv1;
|
||||
}
|
||||
if (min > TLS1_1_VERSION) {
|
||||
opts |= SSL_OP_NO_TLSv1_1;
|
||||
}
|
||||
if (min > TLS1_2_VERSION) {
|
||||
opts |= SSL_OP_NO_TLSv1_2;
|
||||
}
|
||||
|
||||
if (max < TLS1_2_VERSION) {
|
||||
opts |= SSL_OP_NO_TLSv1_2;
|
||||
}
|
||||
if (max < TLS1_1_VERSION) {
|
||||
opts |= SSL_OP_NO_TLSv1_1;
|
||||
}
|
||||
|
||||
SSL_CTX_set_options(ssl_ctx, opts);
|
||||
|
||||
return 0;
|
||||
#endif /* OPENSSL_VERSION_NUMBER >= 0x1010000fL */
|
||||
}
|
||||
|
||||
static SSL_CTX *create_ssl_ctx(const char *key_file, const char *cert_file)
|
||||
{
|
||||
SSL_CTX *ssl_ctx;
|
||||
uint64_t ssl_opts;
|
||||
|
||||
ogs_assert(key_file);
|
||||
ogs_assert(cert_file);
|
||||
|
||||
ssl_ctx = SSL_CTX_new(TLS_server_method());
|
||||
if (!ssl_ctx) {
|
||||
ogs_error("Could not create SSL/TLS context: %s", ERR_error_string(ERR_get_error(), NULL));
|
||||
return NULL;
|
||||
}
|
||||
SSL_CTX_set_options(ssl_ctx,
|
||||
SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 |
|
||||
SSL_OP_NO_COMPRESSION |
|
||||
SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION);
|
||||
|
||||
ssl_opts = (SSL_OP_ALL & ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS) |
|
||||
SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_COMPRESSION |
|
||||
SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION |
|
||||
SSL_OP_SINGLE_ECDH_USE | SSL_OP_SINGLE_DH_USE |
|
||||
SSL_OP_CIPHER_SERVER_PREFERENCE
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x10101000L
|
||||
// The reason for disabling built-in anti-replay in
|
||||
// OpenSSL is that it only works if client gets back
|
||||
// to the same server. The freshness check
|
||||
// described in
|
||||
// https://tools.ietf.org/html/rfc8446#section-8.3
|
||||
// is still performed.
|
||||
| SSL_OP_NO_ANTI_REPLAY
|
||||
#endif /* OPENSSL_VERSION_NUMBER >= 0x10101000L */
|
||||
;
|
||||
|
||||
|
||||
SSL_CTX_set_options(ssl_ctx, ssl_opts);
|
||||
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
|
||||
if (SSL_CTX_set1_curves_list(ssl_ctx, "P-256") != 1) {
|
||||
ogs_error("SSL_CTX_set1_curves_list failed: %s", ERR_error_string(ERR_get_error(), NULL));
|
||||
|
@ -169,6 +228,37 @@ static SSL_CTX *create_ssl_ctx(const char *key_file, const char *cert_file) {
|
|||
}
|
||||
#endif /* !(OPENSSL_VERSION_NUMBER >= 0x30000000L) */
|
||||
|
||||
SSL_CTX_set_mode(ssl_ctx, SSL_MODE_AUTO_RETRY);
|
||||
SSL_CTX_set_mode(ssl_ctx, SSL_MODE_RELEASE_BUFFERS);
|
||||
|
||||
if (SSL_CTX_set_default_verify_paths(ssl_ctx) != 1) {
|
||||
ogs_warn("Could not load system trusted ca certificates: %s",
|
||||
ERR_error_string(ERR_get_error(), NULL));
|
||||
}
|
||||
|
||||
#define OGS_TLS_MIN_VERSION TLS1_VERSION
|
||||
#ifdef TLS1_3_VERSION
|
||||
#define OGS_TLS_MAX_VERSION TLS1_3_VERSION
|
||||
#else /* !TLS1_3_VERSION */
|
||||
#define OGS_TLS_MAX_VERSION TLS1_2_VERSION
|
||||
#endif /* TLS1_3_VERSION */
|
||||
if (ssl_ctx_set_proto_versions(
|
||||
ssl_ctx, OGS_TLS_MIN_VERSION, OGS_TLS_MAX_VERSION) != 0) {
|
||||
ogs_error("Could not set TLS versions [%d:%d]",
|
||||
OGS_TLS_MIN_VERSION, OGS_TLS_MAX_VERSION);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
#define DEFAULT_CIPHER_LIST \
|
||||
"ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-" \
|
||||
"AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-" \
|
||||
"POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-" \
|
||||
"AES256-GCM-SHA384"
|
||||
if (SSL_CTX_set_cipher_list(ssl_ctx, DEFAULT_CIPHER_LIST) == 0) {
|
||||
ogs_error("%s", ERR_error_string(ERR_get_error(), NULL));
|
||||
return NULL;
|
||||
}
|
||||
|
||||
if (SSL_CTX_use_PrivateKey_file(ssl_ctx, key_file, SSL_FILETYPE_PEM) != 1) {
|
||||
ogs_error("Could not read private key file - key_file=%s", key_file);
|
||||
return NULL;
|
||||
|
@ -177,6 +267,11 @@ static SSL_CTX *create_ssl_ctx(const char *key_file, const char *cert_file) {
|
|||
ogs_error("Could not read certificate file - cert_file=%s ", cert_file);
|
||||
return NULL;
|
||||
}
|
||||
if (SSL_CTX_check_private_key(ssl_ctx) != 1) {
|
||||
ogs_error("SSL_CTX_check_private_key failed: %s",
|
||||
ERR_error_string(ERR_get_error(), NULL));
|
||||
return NULL;
|
||||
}
|
||||
|
||||
#ifndef OPENSSL_NO_NEXTPROTONEG
|
||||
SSL_CTX_set_next_protos_advertised_cb(ssl_ctx, next_proto_cb, NULL);
|
||||
|
@ -189,6 +284,22 @@ static SSL_CTX *create_ssl_ctx(const char *key_file, const char *cert_file) {
|
|||
return ssl_ctx;
|
||||
}
|
||||
|
||||
static int verify_callback(int preverify_ok, X509_STORE_CTX *ctx)
|
||||
{
|
||||
if (!preverify_ok) {
|
||||
int err = X509_STORE_CTX_get_error(ctx);
|
||||
int depth = X509_STORE_CTX_get_error_depth(ctx);
|
||||
if (err == X509_V_ERR_CERT_HAS_EXPIRED && depth == 0) {
|
||||
ogs_error("The client certificate has expired, but is accepted by "
|
||||
"configuration");
|
||||
return 1;
|
||||
}
|
||||
ogs_error("client certificate verify error:num=%d:%s:depth=%d",
|
||||
err, X509_verify_cert_error_string(err), depth);
|
||||
}
|
||||
return preverify_ok;
|
||||
}
|
||||
|
||||
static int server_start(ogs_sbi_server_t *server,
|
||||
int (*cb)(ogs_sbi_request_t *request, void *data))
|
||||
{
|
||||
|
@ -201,21 +312,67 @@ static int server_start(ogs_sbi_server_t *server,
|
|||
ogs_assert(addr);
|
||||
|
||||
/* Create SSL CTX */
|
||||
if (ogs_app_tls_server_enabled() == true) {
|
||||
ogs_assert(ogs_sbi_self()->tls.server.key);
|
||||
ogs_assert(ogs_sbi_self()->tls.server.cert);
|
||||
if (ogs_app()->sbi.server.no_tls == false) {
|
||||
|
||||
server->ssl_ctx = create_ssl_ctx(
|
||||
ogs_sbi_self()->tls.server.key,
|
||||
ogs_sbi_self()->tls.server.cert);
|
||||
ogs_app()->sbi.server.key,
|
||||
ogs_app()->sbi.server.cert);
|
||||
if (!server->ssl_ctx) {
|
||||
ogs_error("Cannot create SSL CTX");
|
||||
return OGS_ERROR;
|
||||
}
|
||||
|
||||
if (ogs_app()->sbi.server.no_verify == false) {
|
||||
if (ogs_app()->sbi.server.cacert) {
|
||||
STACK_OF(X509_NAME) *cert_names = NULL;
|
||||
|
||||
if (SSL_CTX_load_verify_locations(server->ssl_ctx,
|
||||
ogs_app()->sbi.server.cacert, NULL) != 1) {
|
||||
ogs_error("Could not load trusted ca certificates "
|
||||
"from %s:%s", ogs_app()->sbi.server.cacert,
|
||||
ERR_error_string(ERR_get_error(), NULL));
|
||||
|
||||
if (server->ssl_ctx)
|
||||
SSL_CTX_free(server->ssl_ctx);
|
||||
|
||||
return OGS_ERROR;
|
||||
}
|
||||
|
||||
/*
|
||||
* It is heard that SSL_CTX_load_verify_locations() may leave
|
||||
* error even though it returns success. See
|
||||
* http://forum.nginx.org/read.php?29,242540
|
||||
*/
|
||||
cert_names = SSL_load_client_CA_file(
|
||||
ogs_app()->sbi.server.cacert);
|
||||
if (!cert_names) {
|
||||
ogs_error("Could not load ca certificates from %s:%s",
|
||||
ogs_app()->sbi.server.cacert,
|
||||
ERR_error_string(ERR_get_error(), NULL));
|
||||
|
||||
if (server->ssl_ctx)
|
||||
SSL_CTX_free(server->ssl_ctx);
|
||||
|
||||
return OGS_ERROR;
|
||||
}
|
||||
SSL_CTX_set_client_CA_list(server->ssl_ctx, cert_names);
|
||||
}
|
||||
|
||||
SSL_CTX_set_verify(
|
||||
server->ssl_ctx,
|
||||
SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE |
|
||||
SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
|
||||
verify_callback);
|
||||
}
|
||||
}
|
||||
|
||||
sock = ogs_tcp_server(addr, server->node.option);
|
||||
if (!sock) {
|
||||
ogs_error("Cannot start SBI server");
|
||||
|
||||
if (server->ssl_ctx)
|
||||
SSL_CTX_free(server->ssl_ctx);
|
||||
|
||||
return OGS_ERROR;
|
||||
}
|
||||
|
||||
|
|
|
@ -344,7 +344,7 @@ char *nssf_nsi_nrf_uri(nssf_nsi_t *nsi)
|
|||
h.api.version = (char *)OGS_SBI_API_V1;
|
||||
h.resource.component[0] = (char *)OGS_SBI_RESOURCE_NAME_NF_INSTANCES;
|
||||
|
||||
return ogs_uridup(ogs_app_tls_server_enabled() == true, nsi->addr, &h);
|
||||
return ogs_uridup(ogs_app()->sbi.server.no_tls == false, nsi->addr, &h);
|
||||
}
|
||||
|
||||
int get_nsi_load()
|
||||
|
|
|
@ -302,7 +302,7 @@ void af_sess_associate_pcf_client(af_sess_t *sess)
|
|||
|
||||
ogs_assert(sess);
|
||||
|
||||
scheme = ogs_app_tls_client_enabled() == true ?
|
||||
scheme = ogs_app()->sbi.client.no_tls == false ?
|
||||
OpenAPI_uri_scheme_https : OpenAPI_uri_scheme_http;
|
||||
|
||||
if (sess->pcf.fqdn && strlen(sess->pcf.fqdn))
|
||||
|
|
Loading…
Reference in New Issue