Implement handling of the Network Instance IEs from PFCP for tunend,
like already done for tunmap.
In 'tunend' cfg, allow indicating a local GTP address for both 'dev
create' and 'dev use'. Select a GTP device by the local address the
Network Instance IE in PFCP PDR indicates.
Related: SYS#6192
Change-Id: I376c09bfc1844df1e61d2efac17561fac614858b
This 'accept' is not an optional addition, it should always be present.
(Just saying because previous patch added a VTY command to configure
additions to the rules, and this patch is orthogonal to that.)
Related: OS#5810
Change-Id: I129133cc5d7180ce3761d5604d602d23a5ef9825
It can be useful to add 'meta nftrace set 1' to nftables rules to help
analysis / site debugging. Add the possibility to do this by cfg.
Instead of adding the fixed string of 'meta nftrace set 1', allow
appending arbitrary strings to the nftables rules, to accomodate any
other future tweaks that may be useful.
Related: SYS#6192
Change-Id: Ia1fac67108902a48b43d8d1dc184ccf541fd9ba8
Add VTY command to print out an nftables ruleset that osmo-upf produces,
with arbitrary IP addrs / TEIDs inserted. This allows tracking in *.vty
tests how the nftables rulesets are changed by patches.
future:
- Adding the 'tunmap' keyword to allow adding show commands for
different uses of nftables.
- Adding the 'example' keyword to allow adding show commands for
actual tunmap IDs / PFCP session IDs / ...
- Matches upcoming vty commands
'nft-rule tunmap append .NFT_RULE'
'no nft-rule tunmap append'
'show nft-rule tunmap append'
Add new separate nft-rule.vty -- more to come here in upcoming patch.
Change-Id: I9b57aa492c051e480c9bd819ae58f8f59a13af40
Separate string composition of the nftables ruleset from the actual
actvation of the ruleset to nftables.
For a 'show' VTY command added in upcoming patch, I'd like to be able to
vty_out() an nftables rule set. Provide API for that.
Change-Id: I0124a68ccf1ac7b90c5cc32d0cbf58d0cc219ccc
Assert that all port numbers in osmo_sockaddr parts of up_gtp_action are
zero: uncover code paths that leak port numbers into the gtp_action API.
GTP and UE addresses have no port information. Port numbers in GTP,UE
addresses stored in struct osmo_sockaddr should be zero, so that
- to-string conversion via osmo_sockaddr_to_str_c() returns only an IP
address: for nftables rules and logging.
- osmo_sockaddr_cmp() matches on identical IP addresses "only", without
the port numbers causing mismatches: for finding tunnels and devs.
Change-Id: If49f1e82e8cb92b7225e85a7c3b059e0f7f92fa3
Make sure an assigned id is not overwritten.
So far this function was guaranteed to be called only once. But I would
like to allow getting the nftables ruleset string more than once in a
future patch. Prepare that.
Change-Id: I4e8c48c01fb2f5d4cfd223fe03abbf15b1a55670
also cosmetic: put the line ending in a separate PRINTF so that adding
or removing items to the rule in future patches does not affect the line
ending.
Change-Id: I6ff6f59fb24a18596aa60848fb00ac70deb1985f
At first, this mostly improves logging of GTP actions.
Subsequently, we will use these to:
- for tunend, pick a GTP device based on the local interface.
- for tunmap, change the netfilter rules to match on the *local* GTP
address instead of the remote one.
Related: SYS#6192
Change-Id: I8488c478c4790d3882b22dcdb1f127838e23dd7b
Fix parsing of the Update FAR information so that a Session Modification
Request properly causes a GTP action to become active:
Add missing forw_params_present = true, and copy the information from
the incoming message instead of the current state.
Related: SYS#6192
Change-Id: I2a2c015d5615bb461b4d7b476a7c9830dc8e130f
Add 'netinst' config section to osmo-upf.cfg, to define Network Instance
name to local IP address mappings.
For the tunmap use case (forwarding GTP tunnels), heed the Network
Instance IEs in PFCP session creation and return IP addresses in F-TEIDs
accordingly.
Related: SYS#6192
Related: I37bebc7d6ef75c3e6ae05e81b83a1b5895839a64 (osmo-ttcn3-hacks)
Change-Id: I15ee046a1c37b83b8a83527a67a6215a30106d81
No functional change.
Rename forw_to_core to access_to_core.
Rename forw_from_core to core_to_access.
Rename add_gtp_action_endecaps to add_gtp_action_tunend.
Rename add_gtp_action_forw to add_gtp_action_tunmap.
Add assertions to clearly indicate expected PDR and reverse PDR
directions.
Tweak various comments and log messages.
Fix some comments that have Access / Core flipped.
Change-Id: Ia199bb6944476eff6af89b5ab015a9a2f8ce330e
The GTP action detection always has 'pdr' detecting on the Access side
and its reverse 'rpdr' on the Core side.
Access osmo-upf Core
|------> pdr|far ----->|
|<------ rfar|rpdr <-----|
Related: SYS#6192
Change-Id: I66babdfe4c1746bd3bf259342ce80dae2661de8c
Indicate whether a shown IP address is local or remote, by adding '-l'
or '-r' to the field names shown.
So far, osmo-upf is only tracking remote GTP addrs, but we are about to
implement choosing local GTP addrs by Network Instance IEs. Those should
also be shown and will need to be set apart from the remote addresses.
Related: I440466f1cc9689391869ac2579a4497ef6008adb (osmo-ttcn3-hacks)
Change-Id: Ic539ebe84a0853f665e5b8b8489dd587e6907287
Make the osmo-upf debian package consistent with the rpm package, by
adding osmo-pfcp-tool to it.
Related: OS#5817
Change-Id: Icf4bb566d9b627ead370174e92629a9fccde755e
Fix missing IP address in to-string of Outer Header Creation IE: Use
osmo_pfcp_ie_outer_header_creation_to_str_buf() from libosmo-pfcp
instead of re-inventing.
Depends: I4ad1570485c8081b82284e4e6b4de4d7eed414b0 (libosmo-pfcp)
Change-Id: I0d4d9edcfc94b61bdc74cfd4ff837f151d1c28ae
When there was only tunend implemented, it made sense to show on VTY
when no GTP kernel device was open. Since we now also have tunmap via
netfilter, drop the early exit.
Change-Id: I9a43a240f2ca55cf2ca237a83aa13e68a625d6ea
Rename 'show tunend' back to 'show gtp'.
Clarify the VTY doc.
While renaming 'gtp' to 'tunend', i also renamed the general 'show gtp'
VTY command by accident / by misunderstanding. This command shows all
GTP tunnel state, not just the tunend state.
Reverts a small portion of commit "VTY: rename 'gtp' to 'tunend'"
95eb2c6a89
I49ac7b1f8b5b74f586edfed1dfb29f9af55a521b
Change-Id: I8f619d4ddda3efffb62cf594878d3166cb37fe45
We're establishing 'tunend' as short name for
encapsulation/decapsulation, also do this in osmo-pfcp-tool.
Keep a hidden "session endecaps" VTY cmd as backwards compat alias.
Related: SYS#6192
Change-Id: I0b44429cd6762fe401a4dced22ae2a3fd9bbe93b
So far the config nodes were named after the implementation:
"GTP kernel module" = "gtp" and
"netfilter" = "nft"
We found that this is confusing, since both are related to handling GTP.
Rename "nft" to "tunmap"; a previous patch already renamed "gtp" to
"tunend".
Keep a hidden "nft" VTY cmd as backwards compat alias.
Related: SYS#6192
Change-Id: Ia3c5224dd3b5f5c9437bbdec997d02176818cc97
So far the config nodes were named after the implementation:
"GTP kernel module" = "gtp" and
"netfilter" = "nft"
We found that this is confusing, since both are related to handling GTP.
Rename "gtp" to "tunend"; a subsequent patch will rename "nft" to
"tunmap".
Keep a hidden "gtp" VTY cmd as backwards compat alias.
In log output, also print "tunend" instead of "endecaps"
(up_gtp_action_to_str_buf()).
Related: SYS#6192
Change-Id: I49ac7b1f8b5b74f586edfed1dfb29f9af55a521b
Heartbeat is handled in libosmo-pfcp, osmo-upf does not need to take any
action.
Related: SYS#5599
Change-Id: Id81556129b528fa3a1f11ae4d01ad8b89a9be2f9
Add section 'Configure Primary Links' with detailed explanation of the
GTP and netfilter setup.
Related: SYS#5599
Change-Id: I2378d4856b28e81dae2a85e20aaf2999768de4d9
Actually add running.adoc to osmoupf-usermanual.adoc so that the chapter
shows in the generated PDF.
Related: SYS#5599
Change-Id: I1ae668ff75882e7ac55dd5b27566a68c449bdee5
By default systemd will execute service with root directory (or home directory for user instance) which might result in
attempts to create files in unexpected place. Let's set it to 'osmocom' subdir of state directory (/var/lib for system instance) instead.
Related: OS#4821
Change-Id: I786e4a655c35617bbea523275a709e865fc86689
When placing libosmo-pfcp in a separate repository, I accidentally
duplicated the charts. Since the charts are generally valid for PFCP,
libosmo-pfcp is the proper place, not here.
Change-Id: I95f11e1525b3bc6b782e5f8aecddea672a104c99
Allow running without opening a GTP dev for encapsulation/decapsulation.
Probe and open the mnl socket for talking to the GTP kernel module only
when actual GTP devices exist in the config.
A site that is only doing tunnel proxying via netfilter hence does not
require GTP support in the kernel.
Change-Id: Ibb79b3ce1906136f77a895ff6f691d72a92c9fb9
Neels Hofmeyr
Max
Oliver Smith
Vadim Yanitskiy