add sample configuration for freeDiameter

Makefile.am

@@ -25,10 +25,15 @@ AM_CPPFLAGS = \
     -I$(top_srcdir)/lib/core/include \
     -I$(top_srcdir)/src
 
-dist_sysconf_DATA = support/nextepc.conf
+dist_sysconf_DATA = \
+	support/nextepc.conf \
+	support/freeDiameter/mme.conf \
+	support/freeDiameter/hss.conf
 
 install-data-hook:
 	$(MKDIR_P) $(prefix)/var/log
+	cp -fpR support/freeDiameter $(sysconfdir)
+	rm -f $(sysconfdir)/freeDiameter/*.in
 
 CLEANFILES = symtbl.c
 DISTCLEANFILES = $(DIST_ARCHIVES)

configure.ac

@@ -322,6 +322,8 @@ AC_CONFIG_FILES([src/pgw/Makefile])
 AC_CONFIG_FILES([src/Makefile])
 AC_CONFIG_FILES([test/Makefile])
 AC_CONFIG_FILES([support/nextepc.conf])
+AC_CONFIG_FILES([support/freeDiameter/mme.conf])
+AC_CONFIG_FILES([support/freeDiameter/hss.conf])
 AC_CONFIG_FILES([Makefile])
 AC_OUTPUT
 

support/freeDiameter/cacert.pem

@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDATCCAmqgAwIBAgIJAKXorqEEnW0iMA0GCSqGSIb3DQEBBQUAMF8xFzAVBgNV
+BAMTDmNhLmxvY2FsZG9tYWluMQswCQYDVQQGEwJGUjEMMAoGA1UECBMDQmRSMQww
+CgYDVQQHEwNBaXgxCzAJBgNVBAoTAmZEMQ4wDAYDVQQLEwVUZXN0czAeFw0xNzA4
+MDMwNDU0MjBaFw0yNzA4MDEwNDU0MjBaMF8xFzAVBgNVBAMTDmNhLmxvY2FsZG9t
+YWluMQswCQYDVQQGEwJGUjEMMAoGA1UECBMDQmRSMQwwCgYDVQQHEwNBaXgxCzAJ
+BgNVBAoTAmZEMQ4wDAYDVQQLEwVUZXN0czCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
+gYkCgYEA4cc1063nfSJvTTmum0KgNseuYz8I/gGmiFIpEn0GoBBxLbjy2Z8L8R2v
+OGdxkM0ZTaJyav4PpIoGj2g6at09vW3H8kI8xET/4FfmLa1VqAu0RMTTLYqnWSg7
+Uu4A9do2altaAibfyKkkvXFKZ2kIEpeD4ptqIH2dJZXvI/9ZT1ECAwEAAaOBxDCB
+wTAdBgNVHQ4EFgQUX7EEV54tf4G6N0Td4qVpt9ptrMMwgZEGA1UdIwSBiTCBhoAU
+X7EEV54tf4G6N0Td4qVpt9ptrMOhY6RhMF8xFzAVBgNVBAMTDmNhLmxvY2FsZG9t
+YWluMQswCQYDVQQGEwJGUjEMMAoGA1UECBMDQmRSMQwwCgYDVQQHEwNBaXgxCzAJ
+BgNVBAoTAmZEMQ4wDAYDVQQLEwVUZXN0c4IJAKXorqEEnW0iMAwGA1UdEwQFMAMB
+Af8wDQYJKoZIhvcNAQEFBQADgYEAnkBdBq5G1bx3APZ2Ihrb5P384eU5YxzHYdFb
+ftV7BiHNVx4s6vL7tD5Dw26GLDKM6HsyuBtriTy9sGEplQkUcIpiabQcNCrIZafO
+FvLozgxPpGvUMLmQd5QSqFJHTNP8qgJNrjVg3aF9oVNUB6Q9nb9NOmylKEKFldss
+d+PaXTE=
+-----END CERTIFICATE-----

support/freeDiameter/hss.cert.pem

@@ -0,0 +1,60 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 2 (0x2)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: CN=ca.localdomain, C=FR, ST=BdR, L=Aix, O=fD, OU=Tests
+        Validity
+            Not Before: Aug  3 04:54:20 2017 GMT
+            Not After : Aug  3 04:54:20 2018 GMT
+        Subject: C=FR, ST=BdR, O=fD, OU=Tests, CN=hss.localdomain
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:bd:a9:08:9f:d5:53:42:bb:51:9e:61:98:4b:aa:
+                    f1:71:c6:6a:30:3c:a5:45:76:9c:24:e4:55:cd:2a:
+                    92:b1:97:79:00:22:12:75:14:29:4e:f1:9c:b1:a0:
+                    59:27:6c:ca:7a:10:97:79:50:b3:f8:65:ca:ec:74:
+                    b7:67:ae:99:e7:94:2a:87:1e:dd:e4:f6:37:54:bc:
+                    17:28:e9:b3:aa:58:5a:b8:54:51:cd:f0:76:8e:56:
+                    f6:90:de:c3:d4:e5:bb:66:66:ec:ca:87:65:74:d3:
+                    90:28:0c:33:60:bd:13:cc:98:51:cb:a0:1b:2b:d9:
+                    a9:b9:9b:da:cd:a4:3b:85:09
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                OpenSSL Generated Certificate
+            X509v3 Subject Key Identifier: 
+                76:9D:60:37:35:54:58:87:D5:19:1C:64:8F:97:5A:99:99:60:27:7E
+            X509v3 Authority Key Identifier: 
+                keyid:5F:B1:04:57:9E:2D:7F:81:BA:37:44:DD:E2:A5:69:B7:DA:6D:AC:C3
+
+    Signature Algorithm: sha1WithRSAEncryption
+        31:2f:96:bb:26:84:78:27:12:a4:38:69:ea:13:16:dd:87:e2:
+        76:d7:46:49:2d:2c:7a:8c:58:bb:37:de:4a:35:d9:aa:98:bf:
+        0a:39:a3:1e:9c:91:73:92:71:a3:42:a8:b4:9a:f7:27:e0:3d:
+        1c:4e:6f:b6:00:29:50:de:c5:6a:8e:6a:bf:6c:6d:19:5f:2d:
+        28:6a:e1:43:89:da:78:70:f3:6c:1f:6e:19:a4:76:0e:ea:ae:
+        c4:9f:67:9c:a1:39:f0:2b:1f:6e:8d:cd:0a:f7:8e:d1:30:59:
+        af:fa:40:ba:97:6c:50:b5:8d:48:02:59:f4:bc:0e:65:c8:ce:
+        d8:2b
+-----BEGIN CERTIFICATE-----
+MIICojCCAgugAwIBAgIBAjANBgkqhkiG9w0BAQUFADBfMRcwFQYDVQQDEw5jYS5s
+b2NhbGRvbWFpbjELMAkGA1UEBhMCRlIxDDAKBgNVBAgTA0JkUjEMMAoGA1UEBxMD
+QWl4MQswCQYDVQQKEwJmRDEOMAwGA1UECxMFVGVzdHMwHhcNMTcwODAzMDQ1NDIw
+WhcNMTgwODAzMDQ1NDIwWjBSMQswCQYDVQQGEwJGUjEMMAoGA1UECBMDQmRSMQsw
+CQYDVQQKEwJmRDEOMAwGA1UECxMFVGVzdHMxGDAWBgNVBAMTD2hzcy5sb2NhbGRv
+bWFpbjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAvakIn9VTQrtRnmGYS6rx
+ccZqMDylRXacJORVzSqSsZd5ACISdRQpTvGcsaBZJ2zKehCXeVCz+GXK7HS3Z66Z
+55Qqhx7d5PY3VLwXKOmzqlhauFRRzfB2jlb2kN7D1OW7ZmbsyodldNOQKAwzYL0T
+zJhRy6AbK9mpuZvazaQ7hQkCAwEAAaN7MHkwCQYDVR0TBAIwADAsBglghkgBhvhC
+AQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFHad
+YDc1VFiH1RkcZI+XWpmZYCd+MB8GA1UdIwQYMBaAFF+xBFeeLX+BujdE3eKlabfa
+bazDMA0GCSqGSIb3DQEBBQUAA4GBADEvlrsmhHgnEqQ4aeoTFt2H4nbXRkktLHqM
+WLs33ko12aqYvwo5ox6ckXOScaNCqLSa9yfgPRxOb7YAKVDexWqOar9sbRlfLShq
+4UOJ2nhw82wfbhmkdg7qrsSfZ5yhOfArH26NzQr3jtEwWa/6QLqXbFC1jUgCWfS8
+DmXIztgr
+-----END CERTIFICATE-----

support/freeDiameter/hss.conf.in

@@ -0,0 +1,258 @@
+# This is a sample configuration file for freeDiameter daemon.
+
+# Most of the options can be omitted, as they default to reasonable values.
+# Only TLS-related options must be configured properly in usual setups.
+
+# It is possible to use "include" keyword to import additional files
+# e.g.: include "/etc/freeDiameter.d/*.conf"
+# This is exactly equivalent as copy & paste the content of the included file(s) 
+# where the "include" keyword is found.
+
+
+##############################################################
+##  Peer identity and realm 
+
+# The Diameter Identity of this daemon.
+# This must be a valid FQDN that resolves to the local host.
+# Default: hostname's FQDN
+#Identity = "aaa.koganei.freediameter.net";
+Identity = "hss.localdomain";
+
+# The Diameter Realm of this daemon.
+# Default: the domain part of Identity (after the first dot).
+#Realm = "koganei.freediameter.net";
+Realm = "localdomain";
+
+##############################################################
+##  Transport protocol configuration
+
+# The port this peer is listening on for incoming connections (TCP and SCTP).
+# Default: 3868. Use 0 to disable.
+#Port = 3868;
+Port = 30868;
+
+# The port this peer is listening on for incoming TLS-protected connections (TCP and SCTP).
+# See TLS_old_method for more information about TLS flavours.
+# Note: we use TLS/SCTP instead of DTLS/SCTP at the moment. This will change in future version of freeDiameter.
+# Default: 5868. Use 0 to disable.
+#SecPort = 5868;
+SecPort = 30869;
+
+# Use RFC3588 method for TLS protection, where TLS is negociated after CER/CEA exchange is completed 
+# on the unsecure connection. The alternative is RFC6733 mechanism, where TLS protects also the 
+# CER/CEA exchange on a dedicated secure port.
+# This parameter only affects outgoing connections. 
+# The setting can be also defined per-peer (see Peers configuration section).
+# Default: use RFC6733 method with separate port for TLS.
+#TLS_old_method;
+
+# Disable use of TCP protocol (only listen and connect over SCTP)
+# Default : TCP enabled
+#No_TCP;
+
+# Disable use of SCTP protocol (only listen and connect over TCP)
+# Default : SCTP enabled
+#No_SCTP;
+# This option is ignored if freeDiameter is compiled with DISABLE_SCTP option.
+
+# Prefer TCP instead of SCTP for establishing new connections.
+# This setting may be overwritten per peer in peer configuration blocs.
+# Default : SCTP is attempted first.
+#Prefer_TCP;
+
+# Default number of streams per SCTP associations.
+# This setting may be overwritten per peer basis.
+# Default : 30 streams
+#SCTP_streams = 30;
+
+##############################################################
+##  Endpoint configuration
+
+# Disable use of IP addresses (only IPv6)
+# Default : IP enabled
+#No_IP;
+
+# Disable use of IPv6 addresses (only IP)
+# Default : IPv6 enabled
+#No_IPv6;
+
+# Specify local addresses the server must bind to
+# Default : listen on all addresses available.
+#ListenOn = "202.249.37.5";
+#ListenOn = "2001:200:903:2::202:1";
+#ListenOn = "fe80::21c:5ff:fe98:7d62%eth0";
+
+
+##############################################################
+##  Server configuration
+
+# How many Diameter peers are allowed to be connecting at the same time ?
+# This parameter limits the number of incoming connections from the time
+# the connection is accepted until the first CER is received.
+# Default: 5 unidentified clients in paralel.
+#ThreadsPerServer = 5;
+
+##############################################################
+##  TLS Configuration
+
+# TLS is managed by the GNUTLS library in the freeDiameter daemon.
+# You may find more information about parameters and special behaviors
+# in the relevant documentation.
+# http://www.gnu.org/software/gnutls/manual/
+
+# Credentials of the local peer
+# The X509 certificate and private key file to use for the local peer.
+# The files must contain PKCS-1 encoded RSA key, in PEM format.
+# (These parameters are passed to gnutls_certificate_set_x509_key_file function)
+# Default : NO DEFAULT
+#TLS_Cred = "<x509 certif file.PEM>" , "<x509 private key file.PEM>";
+#TLS_Cred = "/etc/ssl/certs/freeDiameter.pem", "/etc/ssl/private/freeDiameter.key";
+TLS_Cred = "@prefix@/etc/freeDiameter/hss.cert.pem", "@prefix@/etc/freeDiameter/hss.key.pem";
+
+# Certificate authority / trust anchors
+# The file containing the list of trusted Certificate Authorities (PEM list)
+# (This parameter is passed to gnutls_certificate_set_x509_trust_file function)
+# The directive can appear several times to specify several files.
+# Default : GNUTLS default behavior
+#TLS_CA = "<file.PEM>";
+TLS_CA = "@prefix@/etc/freeDiameter/cacert.pem";
+
+# Certificate Revocation List file
+# The information about revoked certificates.
+# The file contains a list of trusted CRLs in PEM format. They should have been verified before. 
+# (This parameter is passed to gnutls_certificate_set_x509_crl_file function)
+# Note: openssl CRL format might have interoperability issue with GNUTLS format.
+# Default : GNUTLS default behavior
+#TLS_CRL = "<file.PEM>";
+
+# GNU TLS Priority string
+# This string allows to configure the behavior of GNUTLS key exchanges 
+# algorithms. See gnutls_priority_init function documentation for information.
+# You should also refer to the Diameter required TLS support here:
+#   http://tools.ietf.org/html/rfc6733#section-13.1
+# Default : "NORMAL"
+# Example: TLS_Prio = "NONE:+VERS-TLS1.1:+AES-128-CBC:+RSA:+SHA1:+COMP-NULL";
+#TLS_Prio = "NORMAL";
+
+# Diffie-Hellman parameters size
+# Set the number of bits for generated DH parameters
+# Valid value should be 768, 1024, 2048, 3072 or 4096.
+# (This parameter is passed to gnutls_dh_params_generate2 function, 
+# it usually should match RSA key size)
+# Default : 1024
+#TLS_DH_Bits = 1024;
+
+# Alternatively, you can specify a file to load the PKCS#3 encoded
+# DH parameters directly from. This accelerates the daemon start 
+# but is slightly less secure. If this file is provided, the
+# TLS_DH_Bits parameters has no effect.
+# Default : no default.
+#TLS_DH_File = "<file.PEM>";
+
+
+##############################################################
+##  Timers configuration
+
+# The Tc timer of this peer.
+# It is the delay before a new attempt is made to reconnect a disconnected peer.
+# The value is expressed in seconds. The recommended value is 30 seconds.
+# Default: 30
+#TcTimer = 30;
+
+# The Tw timer of this peer.
+# It is the delay before a watchdog message is sent, as described in RFC 3539.
+# The value is expressed in seconds. The default value is 30 seconds. Value must
+# be greater or equal to 6 seconds. See details in the RFC.
+# Default: 30
+#TwTimer = 30;
+
+##############################################################
+##  Applications configuration
+
+# Disable the relaying of Diameter messages?
+# For messages not handled locally, the default behavior is to forward the
+# message to another peer if any is available, according to the routing 
+# algorithms. In addition the "0xffffff" application is advertised in CER/CEA 
+# exchanges.
+# Default: Relaying is enabled.
+#NoRelay;
+
+# Number of server threads that can handle incoming messages at the same time.
+# Default: 4
+#AppServThreads = 4;
+
+# Other applications are configured by loaded extensions.
+
+##############################################################
+##  Extensions configuration
+
+#  The freeDiameter framework merely provides support for
+# Diameter Base Protocol. The specific application behaviors,
+# as well as advanced functions, are provided
+# by loadable extensions (plug-ins).
+#  These extensions may in addition receive the name of a 
+# configuration file, the format of which is extension-specific.
+#
+# Format:
+#LoadExtension = "/path/to/extension" [ : "/optional/configuration/file" ] ;
+#
+# Examples:
+#LoadExtension = "extensions/sample.fdx";
+#LoadExtension = "extensions/sample.fdx":"conf/sample.conf";
+
+# Extensions are named as follow:
+# dict_* for extensions that add content to the dictionary definitions.
+# dbg_*  for extensions useful only to retrieve more information on the framework execution.
+# acl_*  : Access control list, to control which peers are allowed to connect.
+# rt_*   : routing extensions that impact how messages are forwarded to other peers.
+# app_*  : applications, these extensions usually register callbacks to handle specific messages.
+# test_* : dummy extensions that are useful only in testing environments.
+
+
+# The dbg_msg_dump.fdx extension allows you to tweak the way freeDiameter displays some
+# information about some events. This extension does not actually use a configuration file
+# but receives directly a parameter in the string passed to the extension. Here are some examples:
+## LoadExtension = "dbg_msg_dumps.fdx" : "0x1111"; # Removes all default hooks, very quiet even in case of errors.
+## LoadExtension = "dbg_msg_dumps.fdx" : "0x2222"; # Display all events with few details.
+## LoadExtension = "dbg_msg_dumps.fdx" : "0x0080"; # Dump complete information about sent and received messages.
+# The four digits respectively control: connections, routing decisions, sent/received messages, errors.
+# The values for each digit are:
+#  0 - default - keep the default behavior
+#  1 - quiet   - remove any specific log
+#  2 - compact - display only a summary of the information
+#  4 - full    - display the complete information on a single long line
+#  8 - tree    - display the complete information in an easier to read format spanning several lines.
+
+
+##############################################################
+##  Peers configuration
+
+#  The local server listens for incoming connections. By default,
+# all unknown connecting peers are rejected. Extensions can override this behavior (e.g., acl_wl).
+# 
+#  In addition to incoming connections, the local peer can
+# be configured to establish and maintain connections to some 
+# Diameter nodes and allow connections from these nodes.
+#  This is achieved with the ConnectPeer directive described below.
+#
+# Note that the configured Diameter Identity MUST match
+# the information received inside CEA, or the connection will be aborted.
+#
+# Format:
+#ConnectPeer = "diameterid" [ { parameter1; parameter2; ...} ] ;
+# Parameters that can be specified in the peer's parameter list:
+#  No_TCP; No_SCTP; No_IP; No_IPv6; Prefer_TCP; TLS_old_method;
+#  No_TLS;       # assume transparent security instead of TLS. DTLS is not supported yet (will change in future versions).
+#  Port = 5868;  # The port to connect to
+#  TcTimer = 30;
+#  TwTimer = 30;
+#  ConnectTo = "202.249.37.5";
+#  ConnectTo = "2001:200:903:2::202:1";
+#  TLS_Prio = "NORMAL";
+#  Realm = "realm.net"; # Reject the peer if it does not advertise this realm.
+# Examples:
+#ConnectPeer = "aaa.wide.ad.jp";
+#ConnectPeer = "old.diameter.serv" { TcTimer = 60; TLS_old_method; No_SCTP; Port=3868; } ;
+ConnectPeer = "mme.localdomain" { ConnectTo = "127.0.0.1"; No_TLS; };
+
+##############################################################

support/freeDiameter/hss.key.pem

@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQC9qQif1VNCu1GeYZhLqvFxxmowPKVFdpwk5FXNKpKxl3kAIhJ1
+FClO8ZyxoFknbMp6EJd5ULP4ZcrsdLdnrpnnlCqHHt3k9jdUvBco6bOqWFq4VFHN
+8HaOVvaQ3sPU5btmZuzKh2V005AoDDNgvRPMmFHLoBsr2am5m9rNpDuFCQIDAQAB
+AoGBAI9MoSyKtQ8NkzyUxsodTbJGVUM+/yy90np5X27WBOJT7WOxWrrFUfTIzzjS
+S6pjI5UY5ioOVPyQhMMl6NFY9gTa8DE8QJo9XIbg0rA845EUPJs9NpLdRtIwdoJH
+U6edIIIjG3dzL3a6OQNcTn9vcDUKYoFCRVi/LDgpM7OMF3S1AkEA5wRdb8mwoNE2
+NS5ZfhLRRVBwTHZvwLXZ4AYZ0dzu/7KruC9o+/uU0WwfJra8+PVClSrcEF/cSx+I
+FeK6gkMl0wJBANIruDjZLoxxyVxY93VpLZ1BSCvUkFnroOkRPRdN4N/gRefqjEVR
+6FqxX23kL0RXQuBDM6KemMlNMl53WtXvlDMCQBULTr+qLc7YgAmkKT7U0/9ubmxo
+tZFmf2xq4ds+Nv9P9ViX6QZbSpkxMj1ClEBRhzkzaEyNjvHA85Kazsai+0UCQAqR
+6FHzmkO19UqPruJYx9KA1gBeUGQ1VYJjO49Qe17HCL0BLszNscHd6c69CyOEv/hH
+aPFkyIpXN5FIr2jTA8ECQEP5tiTjOuoqAD8b3EPKWkUQeoEPy3s/wwYjP2nk2ung
+43i3TX8pZF6nC5xsxu1quK3X2Dw6QNoK7biE5xkJXEw=
+-----END RSA PRIVATE KEY-----

support/freeDiameter/mme.cert.pem

@@ -0,0 +1,60 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: CN=ca.localdomain, C=FR, ST=BdR, L=Aix, O=fD, OU=Tests
+        Validity
+            Not Before: Aug  3 04:54:20 2017 GMT
+            Not After : Aug  3 04:54:20 2018 GMT
+        Subject: C=FR, ST=BdR, O=fD, OU=Tests, CN=mme.localdomain
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:c4:63:4d:ba:fe:d3:64:d9:71:1c:b2:b0:60:57:
+                    30:e2:8c:1e:0e:e2:a2:9f:f1:f0:db:59:0b:28:16:
+                    6c:6e:c5:e3:fb:4a:7e:0b:9e:79:42:c3:67:af:3b:
+                    e5:20:6b:5f:8f:ae:46:77:14:8d:1d:ab:87:94:a2:
+                    11:83:a4:ad:5f:40:d7:e3:1e:c1:63:90:c1:96:5a:
+                    44:80:af:5c:0b:0c:25:6d:7d:6f:60:bd:31:7c:d5:
+                    60:f6:70:a6:3c:a9:e9:b1:6a:88:14:14:72:be:00:
+                    04:af:67:43:48:95:b7:71:e8:2d:0d:e2:9d:87:d7:
+                    6e:0e:9f:7d:fa:84:70:92:fb
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                OpenSSL Generated Certificate
+            X509v3 Subject Key Identifier: 
+                0A:97:EF:76:AD:81:D6:2E:52:A3:6F:6E:46:87:4B:55:A7:02:49:06
+            X509v3 Authority Key Identifier: 
+                keyid:5F:B1:04:57:9E:2D:7F:81:BA:37:44:DD:E2:A5:69:B7:DA:6D:AC:C3
+
+    Signature Algorithm: sha1WithRSAEncryption
+        be:9a:d5:ed:80:f8:03:1f:1c:eb:f9:e2:40:6c:55:4c:72:47:
+        c5:0b:a6:27:5c:74:08:90:b5:a6:a0:f1:b6:39:be:f7:d5:1d:
+        8c:a6:fe:90:12:8f:a7:26:3a:d7:7a:bb:f7:b1:ed:82:21:87:
+        20:f8:d6:cb:f6:bc:82:1e:07:63:75:98:a4:98:6e:ca:19:03:
+        34:c0:28:d7:0b:b5:23:c8:71:f6:0f:df:2f:fd:17:03:06:f6:
+        91:47:7d:3c:85:a6:92:aa:fa:18:72:96:35:91:cd:4b:77:a5:
+        71:5d:22:d2:8d:1d:23:09:9b:29:05:0a:69:ea:96:e1:5e:f5:
+        a8:3f
+-----BEGIN CERTIFICATE-----
+MIICojCCAgugAwIBAgIBATANBgkqhkiG9w0BAQUFADBfMRcwFQYDVQQDEw5jYS5s
+b2NhbGRvbWFpbjELMAkGA1UEBhMCRlIxDDAKBgNVBAgTA0JkUjEMMAoGA1UEBxMD
+QWl4MQswCQYDVQQKEwJmRDEOMAwGA1UECxMFVGVzdHMwHhcNMTcwODAzMDQ1NDIw
+WhcNMTgwODAzMDQ1NDIwWjBSMQswCQYDVQQGEwJGUjEMMAoGA1UECBMDQmRSMQsw
+CQYDVQQKEwJmRDEOMAwGA1UECxMFVGVzdHMxGDAWBgNVBAMTD21tZS5sb2NhbGRv
+bWFpbjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAxGNNuv7TZNlxHLKwYFcw
+4oweDuKin/Hw21kLKBZsbsXj+0p+C555QsNnrzvlIGtfj65GdxSNHauHlKIRg6St
+X0DX4x7BY5DBllpEgK9cCwwlbX1vYL0xfNVg9nCmPKnpsWqIFBRyvgAEr2dDSJW3
+cegtDeKdh9duDp99+oRwkvsCAwEAAaN7MHkwCQYDVR0TBAIwADAsBglghkgBhvhC
+AQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFAqX
+73atgdYuUqNvbkaHS1WnAkkGMB8GA1UdIwQYMBaAFF+xBFeeLX+BujdE3eKlabfa
+bazDMA0GCSqGSIb3DQEBBQUAA4GBAL6a1e2A+AMfHOv54kBsVUxyR8ULpidcdAiQ
+taag8bY5vvfVHYym/pASj6cmOtd6u/ex7YIhhyD41sv2vIIeB2N1mKSYbsoZAzTA
+KNcLtSPIcfYP3y/9FwMG9pFHfTyFppKq+hhyljWRzUt3pXFdItKNHSMJmykFCmnq
+luFe9ag/
+-----END CERTIFICATE-----

support/freeDiameter/mme.conf.in

@@ -0,0 +1,257 @@
+# This is a sample configuration file for freeDiameter daemon.
+
+# Most of the options can be omitted, as they default to reasonable values.
+# Only TLS-related options must be configured properly in usual setups.
+
+# It is possible to use "include" keyword to import additional files
+# e.g.: include "/etc/freeDiameter.d/*.conf"
+# This is exactly equivalent as copy & paste the content of the included file(s) 
+# where the "include" keyword is found.
+
+
+##############################################################
+##  Peer identity and realm 
+
+# The Diameter Identity of this daemon.
+# This must be a valid FQDN that resolves to the local host.
+# Default: hostname's FQDN
+#Identity = "aaa.koganei.freediameter.net";
+Identity = "mme.localdomain";
+
+# The Diameter Realm of this daemon.
+# Default: the domain part of Identity (after the first dot).
+#Realm = "koganei.freediameter.net";
+Realm = "localdomain";
+
+##############################################################
+##  Transport protocol configuration
+
+# The port this peer is listening on for incoming connections (TCP and SCTP).
+# Default: 3868. Use 0 to disable.
+#Port = 3868;
+
+# The port this peer is listening on for incoming TLS-protected connections (TCP and SCTP).
+# See TLS_old_method for more information about TLS flavours.
+# Note: we use TLS/SCTP instead of DTLS/SCTP at the moment. This will change in future version of freeDiameter.
+# Default: 5868. Use 0 to disable.
+#SecPort = 5868;
+
+# Use RFC3588 method for TLS protection, where TLS is negociated after CER/CEA exchange is completed 
+# on the unsecure connection. The alternative is RFC6733 mechanism, where TLS protects also the 
+# CER/CEA exchange on a dedicated secure port.
+# This parameter only affects outgoing connections. 
+# The setting can be also defined per-peer (see Peers configuration section).
+# Default: use RFC6733 method with separate port for TLS.
+#TLS_old_method;
+
+# Disable use of TCP protocol (only listen and connect over SCTP)
+# Default : TCP enabled
+#No_TCP;
+
+# Disable use of SCTP protocol (only listen and connect over TCP)
+# Default : SCTP enabled
+#No_SCTP;
+# This option is ignored if freeDiameter is compiled with DISABLE_SCTP option.
+
+# Prefer TCP instead of SCTP for establishing new connections.
+# This setting may be overwritten per peer in peer configuration blocs.
+# Default : SCTP is attempted first.
+#Prefer_TCP;
+
+# Default number of streams per SCTP associations.
+# This setting may be overwritten per peer basis.
+# Default : 30 streams
+#SCTP_streams = 30;
+
+##############################################################
+##  Endpoint configuration
+
+# Disable use of IP addresses (only IPv6)
+# Default : IP enabled
+#No_IP;
+
+# Disable use of IPv6 addresses (only IP)
+# Default : IPv6 enabled
+#No_IPv6;
+
+# Specify local addresses the server must bind to
+# Default : listen on all addresses available.
+#ListenOn = "202.249.37.5";
+#ListenOn = "2001:200:903:2::202:1";
+#ListenOn = "fe80::21c:5ff:fe98:7d62%eth0";
+
+
+##############################################################
+##  Server configuration
+
+# How many Diameter peers are allowed to be connecting at the same time ?
+# This parameter limits the number of incoming connections from the time
+# the connection is accepted until the first CER is received.
+# Default: 5 unidentified clients in paralel.
+#ThreadsPerServer = 5;
+
+##############################################################
+##  TLS Configuration
+
+# TLS is managed by the GNUTLS library in the freeDiameter daemon.
+# You may find more information about parameters and special behaviors
+# in the relevant documentation.
+# http://www.gnu.org/software/gnutls/manual/
+
+# Credentials of the local peer
+# The X509 certificate and private key file to use for the local peer.
+# The files must contain PKCS-1 encoded RSA key, in PEM format.
+# (These parameters are passed to gnutls_certificate_set_x509_key_file function)
+# Default : NO DEFAULT
+#TLS_Cred = "<x509 certif file.PEM>" , "<x509 private key file.PEM>";
+#TLS_Cred = "/etc/ssl/certs/freeDiameter.pem", "/etc/ssl/private/freeDiameter.key";
+TLS_Cred = "@prefix@/etc/freeDiameter/mme.cert.pem", "@prefix@/etc/freeDiameter/mme.key.pem";
+
+# Certificate authority / trust anchors
+# The file containing the list of trusted Certificate Authorities (PEM list)
+# (This parameter is passed to gnutls_certificate_set_x509_trust_file function)
+# The directive can appear several times to specify several files.
+# Default : GNUTLS default behavior
+#TLS_CA = "<file.PEM>";
+TLS_CA = "@prefix@/etc/freeDiameter/cacert.pem";
+
+# Certificate Revocation List file
+# The information about revoked certificates.
+# The file contains a list of trusted CRLs in PEM format. They should have been verified before. 
+# (This parameter is passed to gnutls_certificate_set_x509_crl_file function)
+# Note: openssl CRL format might have interoperability issue with GNUTLS format.
+# Default : GNUTLS default behavior
+#TLS_CRL = "<file.PEM>";
+
+# GNU TLS Priority string
+# This string allows to configure the behavior of GNUTLS key exchanges 
+# algorithms. See gnutls_priority_init function documentation for information.
+# You should also refer to the Diameter required TLS support here:
+#   http://tools.ietf.org/html/rfc6733#section-13.1
+# Default : "NORMAL"
+# Example: TLS_Prio = "NONE:+VERS-TLS1.1:+AES-128-CBC:+RSA:+SHA1:+COMP-NULL";
+#TLS_Prio = "NORMAL";
+
+# Diffie-Hellman parameters size
+# Set the number of bits for generated DH parameters
+# Valid value should be 768, 1024, 2048, 3072 or 4096.
+# (This parameter is passed to gnutls_dh_params_generate2 function, 
+# it usually should match RSA key size)
+# Default : 1024
+#TLS_DH_Bits = 1024;
+
+# Alternatively, you can specify a file to load the PKCS#3 encoded
+# DH parameters directly from. This accelerates the daemon start 
+# but is slightly less secure. If this file is provided, the
+# TLS_DH_Bits parameters has no effect.
+# Default : no default.
+#TLS_DH_File = "<file.PEM>";
+
+
+##############################################################
+##  Timers configuration
+
+# The Tc timer of this peer.
+# It is the delay before a new attempt is made to reconnect a disconnected peer.
+# The value is expressed in seconds. The recommended value is 30 seconds.
+# Default: 30
+#TcTimer = 30;
+
+# The Tw timer of this peer.
+# It is the delay before a watchdog message is sent, as described in RFC 3539.
+# The value is expressed in seconds. The default value is 30 seconds. Value must
+# be greater or equal to 6 seconds. See details in the RFC.
+# Default: 30
+#TwTimer = 30;
+
+##############################################################
+##  Applications configuration
+
+# Disable the relaying of Diameter messages?
+# For messages not handled locally, the default behavior is to forward the
+# message to another peer if any is available, according to the routing 
+# algorithms. In addition the "0xffffff" application is advertised in CER/CEA 
+# exchanges.
+# Default: Relaying is enabled.
+#NoRelay;
+
+# Number of server threads that can handle incoming messages at the same time.
+# Default: 4
+#AppServThreads = 4;
+
+# Other applications are configured by loaded extensions.
+
+##############################################################
+##  Extensions configuration
+
+#  The freeDiameter framework merely provides support for
+# Diameter Base Protocol. The specific application behaviors,
+# as well as advanced functions, are provided
+# by loadable extensions (plug-ins).
+#  These extensions may in addition receive the name of a 
+# configuration file, the format of which is extension-specific.
+#
+# Format:
+#LoadExtension = "/path/to/extension" [ : "/optional/configuration/file" ] ;
+#
+# Examples:
+#LoadExtension = "extensions/sample.fdx";
+#LoadExtension = "extensions/sample.fdx":"conf/sample.conf";
+
+# Extensions are named as follow:
+# dict_* for extensions that add content to the dictionary definitions.
+# dbg_*  for extensions useful only to retrieve more information on the framework execution.
+# acl_*  : Access control list, to control which peers are allowed to connect.
+# rt_*   : routing extensions that impact how messages are forwarded to other peers.
+# app_*  : applications, these extensions usually register callbacks to handle specific messages.
+# test_* : dummy extensions that are useful only in testing environments.
+
+
+# The dbg_msg_dump.fdx extension allows you to tweak the way freeDiameter displays some
+# information about some events. This extension does not actually use a configuration file
+# but receives directly a parameter in the string passed to the extension. Here are some examples:
+## LoadExtension = "dbg_msg_dumps.fdx" : "0x1111"; # Removes all default hooks, very quiet even in case of errors.
+## LoadExtension = "dbg_msg_dumps.fdx" : "0x2222"; # Display all events with few details.
+## LoadExtension = "dbg_msg_dumps.fdx" : "0x0080"; # Dump complete information about sent and received messages.
+# The four digits respectively control: connections, routing decisions, sent/received messages, errors.
+# The values for each digit are:
+#  0 - default - keep the default behavior
+#  1 - quiet   - remove any specific log
+#  2 - compact - display only a summary of the information
+#  4 - full    - display the complete information on a single long line
+#  8 - tree    - display the complete information in an easier to read format spanning several lines.
+
+
+##############################################################
+##  Peers configuration
+
+#  The local server listens for incoming connections. By default,
+# all unknown connecting peers are rejected. Extensions can override this behavior (e.g., acl_wl).
+# 
+#  In addition to incoming connections, the local peer can
+# be configured to establish and maintain connections to some 
+# Diameter nodes and allow connections from these nodes.
+#  This is achieved with the ConnectPeer directive described below.
+#
+# Note that the configured Diameter Identity MUST match
+# the information received inside CEA, or the connection will be aborted.
+#
+# Format:
+#ConnectPeer = "diameterid" [ { parameter1; parameter2; ...} ] ;
+# Parameters that can be specified in the peer's parameter list:
+#  No_TCP; No_SCTP; No_IP; No_IPv6; Prefer_TCP; TLS_old_method;
+#  No_TLS;       # assume transparent security instead of TLS. DTLS is not supported yet (will change in future versions).
+#  Port = 5868;  # The port to connect to
+#  TcTimer = 30;
+#  TwTimer = 30;
+#  ConnectTo = "202.249.37.5";
+#  ConnectTo = "2001:200:903:2::202:1";
+#  TLS_Prio = "NORMAL";
+#  Realm = "realm.net"; # Reject the peer if it does not advertise this realm.
+# Examples:
+#ConnectPeer = "aaa.wide.ad.jp";
+#ConnectPeer = "old.diameter.serv" { TcTimer = 60; TLS_old_method; No_SCTP; Port=3868; } ;
+ConnectPeer = "hss.localdomain" { ConnectTo = "127.0.0.1"; No_TLS; Port = 30868; };
+
+
+##############################################################

support/freeDiameter/mme.key.pem

@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQDEY026/tNk2XEcsrBgVzDijB4O4qKf8fDbWQsoFmxuxeP7Sn4L
+nnlCw2evO+Uga1+PrkZ3FI0dq4eUohGDpK1fQNfjHsFjkMGWWkSAr1wLDCVtfW9g
+vTF81WD2cKY8qemxaogUFHK+AASvZ0NIlbdx6C0N4p2H124On336hHCS+wIDAQAB
+AoGBAIHC965SCA2/2wxSSVYu5l8apBXDzB6Q90uH52ZCgr0ixoPY8bXtrUPe51iS
+489rAwZl6atvCdsL5pbgC2CHZAG/AFnxGXt2oblTgoPrraPo6Y2tvPuF8HaalqwC
+0Vbc+8aljxrEqS+xaJVPvl99k0xNVZL7XE13KFNSvIZmUqpJAkEA4JVvYKHS9Erd
+3ITuK9DLt16NF9y3mmlfQmZdLT7i7TxVtpBKWpcSAW3CC4VNZexrkPa3Wvj2QV+Q
++Mo082P0RQJBAN/cJfI7y+T0GVloxDCXez0Gu471LIPTESKlhh4uRhEC9rWPRtbn
+Ny9dzwjfN1P7Cpfsg9450FryCMqqMBe//j8CQBQkkwbBvN/4TwnWSl5Xrc3WhyUa
+wMTyqn6UG8tRFp1cifuD2YdigVTreTn7TMPVfphT6IIaTkvyvFf0GuexkVkCQDib
+No02SayvfOl68IFJDMS1ux+/J25+JMsaB/wBv331veTTQhp9hRrZIc0ghKEbzeX0
+zLOY8vLMWSTGPDsFNYkCQGW+bpdgKMg/KryiL/U1PT79XnntapRjUHtrmpnCyf4l
+6KelVd4tNGhSNOShZW3bNsbvQwiXcgYf1fe56S0Yuko=
+-----END RSA PRIVATE KEY-----

support/make_certs.sh

@@ -0,0 +1,31 @@
+#!/bin/sh
+
+if [ 1 -ne $# ]
+then
+    echo You must specify output directory : ./make_cert ../out
+
+    exit;
+fi
+
+rm -rf demoCA
+mkdir demoCA
+echo 01 > demoCA/serial
+touch demoCA/index.txt
+
+# CA self certificate
+openssl req  -new -batch -x509 -days 3650 -nodes -newkey rsa:1024 -out $1/cacert.pem -keyout cakey.pem -subj /CN=ca.localdomain/C=FR/ST=BdR/L=Aix/O=fD/OU=Tests
+
+#mme
+openssl genrsa -out $1/mme.key.pem 1024
+openssl req -new -batch -out mme.csr.pem -key $1/mme.key.pem -subj /CN=mme.localdomain/C=FR/ST=BdR/L=Aix/O=fD/OU=Tests
+openssl ca -cert $1/cacert.pem -keyfile cakey.pem -in mme.csr.pem -out $1/mme.cert.pem -outdir . -batch
+
+#hss
+openssl genrsa -out $1/hss.key.pem 1024
+openssl req -new -batch -out hss.csr.pem -key $1/hss.key.pem -subj /CN=hss.localdomain/C=FR/ST=BdR/L=Aix/O=fD/OU=Tests
+openssl ca -cert $1/cacert.pem -keyfile cakey.pem -in hss.csr.pem -out $1/hss.cert.pem -outdir . -batch
+
+rm -rf demoCA
+rm -f 01.pem 02.pem
+rm -f cakey.pem
+rm -f hss.csr.pem mme.csr.pem

support/nextepc.conf.in

@@ -12,7 +12,7 @@
 
   HSS :
   {
-#S6A_CONFIG_PATH : "@prefix@/etc/hss_fd.conf",
+#S6A_CONFIG_PATH : "@prefix@/etc/freeDiameter/hss.conf",
     NETWORK :
     {
       S6A_ADDR : "10.1.35.214"
@@ -21,7 +21,7 @@
 
   MME :
   {
-#S6A_CONFIG_PATH : "@prefix@/etc/mme_fd.conf",
+#S6A_CONFIG_PATH : "@prefix@/etc/freeDiameter/mme.conf",
 
     DEFAULT_PAGING_DRX : "v64",
 #RELATIVE_CAPACITY : 255,