diff --git a/4g-volte-opensips-ims-deploy.yaml b/4g-volte-opensips-ims-deploy.yaml new file mode 100644 index 0000000..e7f5895 --- /dev/null +++ b/4g-volte-opensips-ims-deploy.yaml @@ -0,0 +1,494 @@ +services: + mongo: + image: mongo:6.0 + container_name: mongo + command: --bind_ip 0.0.0.0 + env_file: + - .env + volumes: + - mongodbdata:/data/db + - mongodbdata:/data/configdb + - /etc/timezone:/etc/timezone:ro + - /etc/localtime:/etc/localtime:ro + expose: + - "27017/udp" + - "27017/tcp" + networks: + default: + ipv4_address: ${MONGO_IP} + webui: + image: docker_open5gs + container_name: webui + depends_on: + - mongo + env_file: + - .env + environment: + - COMPONENT_NAME=webui + volumes: + - ./webui:/mnt/webui + - /etc/timezone:/etc/timezone:ro + - /etc/localtime:/etc/localtime:ro + expose: + - "9999/tcp" + ports: + - "9999:9999/tcp" + networks: + default: + ipv4_address: ${WEBUI_IP} + hss: + image: docker_open5gs + container_name: hss + env_file: + - .env + environment: + - COMPONENT_NAME=hss-1 + volumes: + - ./hss:/mnt/hss + - ./log:/open5gs/install/var/log/open5gs + - /etc/timezone:/etc/timezone:ro + - /etc/localtime:/etc/localtime:ro + depends_on: + - mongo + expose: + - "3868/udp" + - "3868/tcp" + - "3868/sctp" + - "5868/udp" + - "5868/tcp" + - "5868/sctp" + networks: + default: + ipv4_address: ${HSS_IP} + sgwc: + image: docker_open5gs + depends_on: + - smf + - upf + container_name: sgwc + env_file: + - .env + environment: + - COMPONENT_NAME=sgwc-1 + volumes: + - ./sgwc:/mnt/sgwc + - ./log:/open5gs/install/var/log/open5gs + - /etc/timezone:/etc/timezone:ro + - /etc/localtime:/etc/localtime:ro + expose: + - "2123/udp" + - "8805/udp" + networks: + default: + ipv4_address: ${SGWC_IP} + sgwu: + image: docker_open5gs + depends_on: + - smf + - upf + container_name: sgwu + env_file: + - .env + environment: + - COMPONENT_NAME=sgwu-1 + volumes: + - ./sgwu:/mnt/sgwu + - ./log:/open5gs/install/var/log/open5gs + - /etc/timezone:/etc/timezone:ro + - /etc/localtime:/etc/localtime:ro + expose: + - "8805/udp" + - "2152/udp" + # ports: + # - "2152:2152/udp" + networks: + default: + ipv4_address: ${SGWU_IP} + smf: + image: docker_open5gs + container_name: smf + env_file: + - .env + environment: + - COMPONENT_NAME=smf-1 + - DEPLOY_MODE=4G + volumes: + - ./smf:/mnt/smf + - ./log:/open5gs/install/var/log/open5gs + - /etc/timezone:/etc/timezone:ro + - /etc/localtime:/etc/localtime:ro + expose: + - "3868/udp" + - "3868/tcp" + - "3868/sctp" + - "5868/udp" + - "5868/tcp" + - "5868/sctp" + - "8805/udp" + - "2123/udp" + - "7777/tcp" + - "9091/tcp" + networks: + default: + ipv4_address: ${SMF_IP} + upf: + image: docker_open5gs + depends_on: + - smf + container_name: upf + env_file: + - .env + environment: + - COMPONENT_NAME=upf-1 + volumes: + - ./upf:/mnt/upf + - ./log:/open5gs/install/var/log/open5gs + - /etc/timezone:/etc/timezone:ro + - /etc/localtime:/etc/localtime:ro + expose: + - "2152/udp" + - "8805/udp" + - "9091/tcp" + cap_add: + - NET_ADMIN + privileged: true + sysctls: + - net.ipv4.ip_forward=1 + networks: + default: + ipv4_address: ${UPF_IP} + mme: + image: docker_open5gs + depends_on: + - hss + - sgwc + - sgwu + - smf + - upf + - osmomsc + container_name: mme + env_file: + - .env + environment: + - COMPONENT_NAME=mme-1 + volumes: + - ./mme:/mnt/mme + - ./log:/open5gs/install/var/log/open5gs + - /etc/timezone:/etc/timezone:ro + - /etc/localtime:/etc/localtime:ro + expose: + - "3868/udp" + - "3868/tcp" + - "3868/sctp" + - "5868/udp" + - "5868/tcp" + - "5868/sctp" + - "36412/sctp" + - "2123/udp" + - "9091/tcp" + # ports: + # - "36412:36412/sctp" + networks: + default: + ipv4_address: ${MME_IP} + pcrf: + image: docker_open5gs + container_name: pcrf + env_file: + - .env + environment: + - COMPONENT_NAME=pcrf-1 + depends_on: + - mongo + volumes: + - ./pcrf:/mnt/pcrf + - ./log:/open5gs/install/var/log/open5gs + - /etc/timezone:/etc/timezone:ro + - /etc/localtime:/etc/localtime:ro + expose: + - "3868/udp" + - "3868/tcp" + - "3868/sctp" + - "5868/udp" + - "5868/tcp" + - "5868/sctp" + networks: + default: + ipv4_address: ${PCRF_IP} + dns: + build: ./dns + image: docker_dns + container_name: dns + env_file: + - .env + volumes: + - ./dns:/mnt/dns + - /etc/timezone:/etc/timezone:ro + - /etc/localtime:/etc/localtime:ro + expose: + - "53/udp" + networks: + default: + ipv4_address: ${DNS_IP} + rtpengine: + build: ./rtpengine + image: docker_rtpengine + container_name: rtpengine + privileged: true + env_file: + - .env + volumes: + - ./rtpengine:/mnt/rtpengine + - /etc/timezone:/etc/timezone:ro + - /etc/localtime:/etc/localtime:ro + cap_add: + - NET_ADMIN + environment: + - TABLE=0 + - INTERFACE=${RTPENGINE_IP} + - LISTEN_NG=${RTPENGINE_IP}:2223 + - PIDFILE=/run/ngcp-rtpengine-daemon.pid + - PORT_MAX=50000 + - PORT_MIN=49000 + - NO_FALLBACK=no + - TOS=184 + expose: + - "2223/udp" + - "49000-50000/udp" + networks: + default: + ipv4_address: ${RTPENGINE_IP} + mysql: + build: ./mysql + image: docker_mysql + container_name: mysql + env_file: + - .env + volumes: + - dbdata:/var/lib/mysql + - /etc/timezone:/etc/timezone:ro + - /etc/localtime:/etc/localtime:ro + expose: + - "3306/tcp" + networks: + default: + ipv4_address: ${MYSQL_IP} + pyhss: + build: ./pyhss + image: docker_pyhss + container_name: pyhss + dns: ${DNS_IP} + volumes: + - ./pyhss:/mnt/pyhss + - ./pyhss/logs:/pyhss/log/ + - /etc/timezone:/etc/timezone:ro + - /etc/localtime:/etc/localtime:ro + env_file: + - .env + depends_on: + - dns + - mysql + expose: + - "3868/udp" + - "3868/tcp" + - "8080/tcp" + ports: + - "8080:8080/tcp" + networks: + default: + ipv4_address: ${PYHSS_IP} + icscf: + image: opensips/opensips:ims-ce + container_name: icscf + dns: ${DNS_IP} + volumes: + - ./opensips_ims_icscf:/mnt/icscf + - /etc/timezone:/etc/timezone:ro + - /etc/localtime:/etc/localtime:ro + env_file: + - .env + environment: + - COMPONENT_NAME=icscf-1 + entrypoint: /mnt/icscf/icscf_init.sh + depends_on: + - dns + - mysql + - pyhss + expose: + - "3869/udp" + - "3869/tcp" + - "4060/udp" + - "4060/tcp" + networks: + default: + ipv4_address: ${ICSCF_IP} + scscf: + image: opensips/opensips:ims-ce + container_name: scscf + dns: ${DNS_IP} + volumes: + - ./opensips_ims_scscf:/mnt/scscf + - /etc/timezone:/etc/timezone:ro + - /etc/localtime:/etc/localtime:ro + env_file: + - .env + environment: + - COMPONENT_NAME=scscf-1 + entrypoint: /mnt/scscf/scscf_init.sh + depends_on: + - dns + - mysql + - pyhss + expose: + - "3870/udp" + - "3870/tcp" + - "6060/udp" + - "6060/tcp" + networks: + default: + ipv4_address: ${SCSCF_IP} + pcscf: + image: opensips/opensips:ims-ce + container_name: pcscf + dns: ${DNS_IP} + privileged: true + cap_add: + - NET_ADMIN + volumes: + - ./opensips_ims_pcscf:/mnt/pcscf + - /etc/timezone:/etc/timezone:ro + - /etc/localtime:/etc/localtime:ro + env_file: + - .env + environment: + - COMPONENT_NAME=pcscf-1 + - DEPLOY_MODE=4G + entrypoint: /mnt/pcscf/pcscf_init.sh + depends_on: + - dns + - mysql + - rtpengine + - icscf + - scscf + expose: + - "3871/udp" + - "3871/tcp" + - "5060/tcp" + - "5060/udp" + - "5100-5120/tcp" + - "5100-5120/udp" + - "6100-6120/tcp" + - "6100-6120/udp" + networks: + default: + ipv4_address: ${PCSCF_IP} + smsc: + image: docker_kamailio + container_name: smsc + dns: ${DNS_IP} + volumes: + - ./smsc:/mnt/smsc + - /etc/timezone:/etc/timezone:ro + - /etc/localtime:/etc/localtime:ro + env_file: + - .env + environment: + - COMPONENT_NAME=smsc-1 + depends_on: + - dns + - mysql + expose: + - "7090/udp" + - "7090/tcp" + networks: + default: + ipv4_address: ${SMSC_IP} + osmomsc: + build: ./osmomsc + image: docker_osmomsc + container_name: osmomsc + volumes: + - ./osmomsc:/mnt/osmomsc + - /etc/timezone:/etc/timezone:ro + - /etc/localtime:/etc/localtime:ro + env_file: + - .env + environment: + - COMPONENT_NAME=osmomsc-1 + depends_on: + - osmohlr + expose: + - "29118/sctp" + - "2775/tcp" + networks: + default: + ipv4_address: ${OSMOMSC_IP} + osmohlr: + build: ./osmohlr + image: docker_osmohlr + container_name: osmohlr + volumes: + - ./osmohlr:/mnt/osmohlr + - /etc/timezone:/etc/timezone:ro + - /etc/localtime:/etc/localtime:ro + env_file: + - .env + environment: + - COMPONENT_NAME=osmohlr-1 + expose: + - "4222/tcp" + networks: + default: + ipv4_address: ${OSMOHLR_IP} + metrics: + build: ./metrics + image: docker_metrics + container_name: metrics + env_file: + - .env + volumes: + - ./metrics:/mnt/metrics + - /etc/timezone:/etc/timezone:ro + - /etc/localtime:/etc/localtime:ro + expose: + - "9090/tcp" + ports: + - "9090:9090/tcp" + networks: + default: + ipv4_address: ${METRICS_IP} + grafana: + image: grafana/grafana:11.3.0 + container_name: grafana + env_file: + - .env + volumes: + - grafana_data:/var/lib/grafana + - ./grafana/:/etc/grafana/provisioning/ + - ./grafana:/mnt/grafana + - /etc/timezone:/etc/timezone:ro + - /etc/localtime:/etc/localtime:ro + environment: + - GF_SECURITY_ADMIN_USER=${GRAFANA_USERNAME} + - GF_SECURITY_ADMIN_PASSWORD=${GRAFANA_PASSWORD} + #- GF_INSTALL_PLUGINS=${GRAFANA_INSTALL_PLUGINS} + - GF_PATHS_PROVISIONING=/etc/grafana/provisioning + - GF_PATHS_DATA=/var/lib/grafana + - METRICS_IP=${METRICS_IP} + expose: + - "3000/tcp" + ports: + - "3000:3000/tcp" + networks: + default: + ipv4_address: ${GRAFANA_IP} +networks: + default: + ipam: + config: + - subnet: ${TEST_NETWORK} +volumes: + grafana_data: + name: grafana_data + mongodbdata: {} + dbdata: {} diff --git a/opensips_ims_icscf/freeDiameter.conf b/opensips_ims_icscf/freeDiameter.conf new file mode 100644 index 0000000..9ccbb5a --- /dev/null +++ b/opensips_ims_icscf/freeDiameter.conf @@ -0,0 +1,13 @@ +Identity = "icscf.IMS_DOMAIN"; +Realm = "IMS_DOMAIN"; +Port = ICSCF_BIND_PORT; +ListenOn = "ICSCF_IP"; +SecPort = 0; +No_SCTP; +NoRelay; + +ConnectPeer = "hss.IMS_DOMAIN" { + No_TLS; + ConnectTo = "PYHSS_IP"; + port = PYHSS_BIND_PORT; +}; diff --git a/opensips_ims_icscf/icscf.dictionary b/opensips_ims_icscf/icscf.dictionary new file mode 100644 index 0000000..a6e9f04 --- /dev/null +++ b/opensips_ims_icscf/icscf.dictionary @@ -0,0 +1,32 @@ +VENDOR 10415 TGPP + +ATTRIBUTE Visited-Network-Identifier 600 string 10415 +ATTRIBUTE Public-Identity 601 string 10415 +ATTRIBUTE Server-Name 602 string 10415 + +APPLICATION-AUTH 16777216/10415 3GPP Cx + +REQUEST 300 User-Authorization Request +{ + Session-Id | REQUIRED | 1 + Origin-Host | REQUIRED | 1 + Origin-Realm | REQUIRED | 1 + Destination-Realm | REQUIRED | 1 + Vendor-Specific-Application-Id | REQUIRED | 1 + Auth-Session-State | REQUIRED | 1 + User-Name | REQUIRED | 1 + Public-Identity | REQUIRED | 1 + Visited-Network-Identifier | REQUIRED | 1 +} + +ANSWER 300 User-Authorization Answer +{ + Session-Id | REQUIRED | 1 + Origin-Host | REQUIRED | 1 + Origin-Realm | REQUIRED | 1 + Destination-Host | OPTIONAL | 1 + Destination-Realm | OPTIONAL | 1 + Vendor-Specific-Application-Id | REQUIRED | 1 + Auth-Session-State | REQUIRED | 1 + Experimental-Result | REQUIRED | 1 +} diff --git a/opensips_ims_icscf/icscf_init.sh b/opensips_ims_icscf/icscf_init.sh new file mode 100755 index 0000000..ac53cf7 --- /dev/null +++ b/opensips_ims_icscf/icscf_init.sh @@ -0,0 +1,48 @@ +#!/bin/bash + +# BSD 2-Clause License + +# Copyright (c) 2020, Supreeth Herle +# All rights reserved. + +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are met: + +# 1. Redistributions of source code must retain the above copyright notice, this +# list of conditions and the following disclaimer. + +# 2. Redistributions in binary form must reproduce the above copyright notice, +# this list of conditions and the following disclaimer in the documentation +# and/or other materials provided with the distribution. + +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" +# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +[ ${#MNC} == 3 ] && IMS_DOMAIN="ims.mnc${MNC}.mcc${MCC}.3gppnetwork.org" || IMS_DOMAIN="ims.mnc0${MNC}.mcc${MCC}.3gppnetwork.org" + +mkdir -p /etc/opensips +cp /mnt/icscf/freeDiameter.conf /etc/opensips +cp /mnt/icscf/icscf.dictionary /etc/opensips +cp /mnt/icscf/opensips.cfg /etc/opensips + +sed -i 's|ICSCF_IP|'$ICSCF_IP'|g' /etc/opensips/freeDiameter.conf +sed -i 's|PYHSS_IP|'$PYHSS_IP'|g' /etc/opensips/freeDiameter.conf +sed -i 's|IMS_DOMAIN|'$IMS_DOMAIN'|g' /etc/opensips/freeDiameter.conf +sed -i 's|PYHSS_BIND_PORT|'$PYHSS_BIND_PORT'|g' /etc/opensips/freeDiameter.conf +sed -i 's|ICSCF_BIND_PORT|'$ICSCF_BIND_PORT'|g' /etc/opensips/freeDiameter.conf + +sed -i 's|ICSCF_IP|'$ICSCF_IP'|g' /etc/opensips/opensips.cfg +sed -i 's|IMS_DOMAIN|'$IMS_DOMAIN'|g' /etc/opensips/opensips.cfg + +# Sync docker time +#ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone + +exec /usr/sbin/opensips -F $@ diff --git a/opensips_ims_icscf/opensips.cfg b/opensips_ims_icscf/opensips.cfg new file mode 100644 index 0000000..594d9ba --- /dev/null +++ b/opensips_ims_icscf/opensips.cfg @@ -0,0 +1,227 @@ +# +# OpenSIPS residential configuration script +# by OpenSIPS Solutions +# +# This script was generated via "make menuconfig", from +# the "Residential" scenario. +# You can enable / disable more features / functionalities by +# re-generating the scenario with different options.# +# +# Please refer to the Core CookBook at: +# https://opensips.org/Resources/DocsCookbooks +# for a explanation of possible statements, functions and parameters. +# + + +####### Global Parameters ######### + +/* uncomment the following lines to enable debugging */ +#debug_mode=yes + +log_level=3 +xlog_level=3 +log_stderror=yes +log_stdout=yes +log_facility=LOG_LOCAL0 + +udp_workers=4 + +/* uncomment the next line to enable the auto temporary blacklisting of + not available destinations (default disabled) */ +#disable_dns_blacklist=no + +/* uncomment the next line to enable IPv6 lookup after IPv4 dns + lookup failures (default disabled) */ +#dns_try_ipv6=yes + + +socket=udp:ICSCF_IP:4060 +socket=tcp:ICSCF_IP:4060 + +alias="icscf.IMS_DOMAIN" + +#set module path +mpath="/usr/lib/x86_64-linux-gnu/opensips/modules" + +####### Modules Section ######## +####### http module ###### +loadmodule "httpd.so" + +modparam("httpd", "ip", "ICSCF_IP") +modparam("httpd", "port", 8080) + + +#### SIGNALING module +loadmodule "signaling.so" + +#### StateLess module +loadmodule "sl.so" + +#### Transaction Module +loadmodule "tm.so" +modparam("tm", "fr_timeout", 5) +modparam("tm", "fr_inv_timeout", 30) +modparam("tm", "restart_fr_on_each_reply", 0) +modparam("tm", "onreply_avp_mode", 1) + +#### Record Route Module +loadmodule "rr.so" +/* do not append from tag to the RR (no need for this script) */ +modparam("rr", "append_fromtag", 0) + +#### MAX ForWarD module +loadmodule "maxfwd.so" + +#### SIP MSG OPerationS module +loadmodule "sipmsgops.so" + +#### FIFO Management Interface +loadmodule "mi_fifo.so" +modparam("mi_fifo", "fifo_name", "/run/opensips/opensips_fifo") +modparam("mi_fifo", "fifo_mode", 0666) + +#### USeR LOCation module +loadmodule "usrloc.so" +modparam("usrloc", "nat_bflag", "NAT") +modparam("usrloc", "working_mode_preset", "single-instance-no-db") + +#### REGISTRAR module +loadmodule "registrar.so" +modparam("registrar", "tcp_persistent_flag", "TCP_PERSISTENT") +/* uncomment the next line not to allow more than 10 contacts per AOR */ +#modparam("registrar", "max_contacts", 10) + +#### ACCounting module +loadmodule "acc.so" +/* what special events should be accounted ? */ +modparam("acc", "early_media", 0) +modparam("acc", "report_cancels", 0) +/* by default we do not adjust the direct of the sequential requests. + if you enable this parameter, be sure to enable "append_fromtag" + in "rr" module */ +modparam("acc", "detect_direction", 0) + +loadmodule "proto_udp.so" +loadmodule "proto_tcp.so" + +#### aaa_diameter module +loadmodule "aaa_diameter.so" +modparam("aaa_diameter", "fd_log_level", 1) # max amount of logging, quite annoying +modparam("aaa_diameter", "realm", "IMS_DOMAIN") +modparam("aaa_diameter", "peer_identity", "hss") +modparam("aaa_diameter", "aaa_url", + "diameter:/etc/opensips/freeDiameter.conf;extra-avps-file:/etc/opensips/icscf.dictionary") + +#### JSON module +loadmodule "json.so" + + + +####### Routing Logic ######## + +# main request routing logic + +route{ + xlog("L_INFO", "[$ci] Start route time [$Tf] method ($rm) r-uri ($ru) \n"); + + if (!mf_process_maxfwd_header(10)) { + send_reply(483,"Too Many Hops"); + exit; + } + + if (has_totag()) { + + # handle hop-by-hop ACK (no routing required) + if ( is_method("ACK") && t_check_trans() ) { + t_relay(); + exit; + } + + # sequential request within a dialog should + # take the path determined by record-routing + if ( !loose_route() ) { + # we do record-routing for all our traffic, so we should not + # receive any sequential requests without Route hdr. + send_reply(404,"Not here"); + exit; + } + + if (is_method("BYE")) { + # do accounting even if the transaction fails + do_accounting("log","failed"); + } + + # route it out to whatever destination was set by loose_route() + # in $du (destination URI). + route(relay); + exit; + } + + # CANCEL processing + if (is_method("CANCEL")) { + if (t_check_trans()) + t_relay(); + exit; + } + + # absorb retransmissions, but do not create transaction + t_check_trans(); + + if (is_method("REGISTER")) { + xlog("L_INFO", "[$ci] Received REGISTER for $tu - doing UAR\n"); + + $var(payload) = "[ + { \"Session-Id\": \"icscf.IMS_DOMAIN;"+$Ts+"."+$Tsm+";"+$pp+"\" }, + { \"Origin-Host\": \"icscf.IMS_DOMAIN\" }, + { \"Origin-Realm\": \"IMS_DOMAIN\" }, + { \"Destination-Realm\": \"IMS_DOMAIN\" }, + { \"Vendor-Specific-Application-Id\": [{\"Vendor-Id\": 10415}, + {\"Auth-Application-Id\": 16777216}]}, + { \"Auth-Session-State\": 1 }, + { \"User-Name\": \""+$fU+"@"+$fd+"\" }, + { \"Public-Identity\": \""+$fu+"\" }, + { \"Visited-Network-Identifier\": \"IMS_DOMAIN\" } + ]"; + + $var(rc) = dm_send_request(16777216, 300, $var(payload), $var(rpl_avps)); + xlog("[$ci] UAA rc: $var(rc), UAA AVPs: $var(rpl_avps)\n"); + + $var(server_name) = NULL; + $json(rpl_avps) := $var(rpl_avps); + for ($var(item) in $(json(rpl_avps)[*])) { + $json(item) := $var(item); + for ($var(key) in $(json(item.keys)[*])) { + if ($var(key) == "Server-Name") { + $var(server_name) = $json(item/$var(key)); + break; + } + } + if ($var(server_name) != NULL) + break; + } + + if ($var(server_name) == NULL) { + xlog("L_ERR", "[$ci] No server available!\n"); + send_reply(503,"Not available"); + exit; + } + + # relay to S-CSCF + xlog("L_INFO", "[$ci] using S-CSCF $var(server_name)\n"); + $ru = $var(server_name); + + route(relay); + exit; + } + + send_reply(503,"Not Implemented"); + exit; +} + + +route[relay] { + if (!t_relay()) { + send_reply(500,"Internal Error"); + } + exit; +} diff --git a/opensips_ims_pcscf/db/dispatcher b/opensips_ims_pcscf/db/dispatcher new file mode 100644 index 0000000..7d833c5 --- /dev/null +++ b/opensips_ims_pcscf/db/dispatcher @@ -0,0 +1,2 @@ +id(int,auto) setid(int) destination(string) socket(string,null) state(int) probe_mode(int) weight(string) priority(int) attrs(string) description(string) +1:1:sip\:172.22.0.41\:5060:null:0:1:1:1:'carrier':'icscf' diff --git a/opensips_ims_pcscf/db/version b/opensips_ims_pcscf/db/version new file mode 100644 index 0000000..70753cc --- /dev/null +++ b/opensips_ims_pcscf/db/version @@ -0,0 +1,2 @@ +table_name(string) table_version(int) +dispatcher:9 diff --git a/opensips_ims_pcscf/freeDiameter.conf b/opensips_ims_pcscf/freeDiameter.conf new file mode 100644 index 0000000..8c554f1 --- /dev/null +++ b/opensips_ims_pcscf/freeDiameter.conf @@ -0,0 +1,13 @@ +Identity = "pcscf.IMS_DOMAIN"; +Realm = "IMS_DOMAIN"; +Port = PCSCF_BIND_PORT; +ListenOn = "PCSCF_IP"; +SecPort = 0; +No_SCTP; +NoRelay; + +ConnectPeer = "pcrf.EPC_DOMAIN" { + No_TLS; + ConnectTo = "PCRF_IP"; + port = PCRF_BIND_PORT; +}; diff --git a/opensips_ims_pcscf/opensips.cfg b/opensips_ims_pcscf/opensips.cfg new file mode 100644 index 0000000..77bfc85 --- /dev/null +++ b/opensips_ims_pcscf/opensips.cfg @@ -0,0 +1,438 @@ +# +# OpenSIPS residential configuration script +# by OpenSIPS Solutions +# +# This script was generated via "make menuconfig", from +# the "Residential" scenario. +# You can enable / disable more features / functionalities by +# re-generating the scenario with different options.# +# +# Please refer to the Core CookBook at: +# https://opensips.org/Resources/DocsCookbooks +# for a explanation of possible statements, functions and parameters. +# + + +####### Global Parameters ######### + +/* uncomment the following lines to enable debugging */ +#debug_mode=yes + +log_level=6 +xlog_level=3 +#mem_log=6 +log_stderror=yes +log_stdout=yes +log_facility=LOG_LOCAL0 + +udp_workers=4 + +/* uncomment the next line to enable the auto temporary blacklisting of + not available destinations (default disabled) */ +#disable_dns_blacklist=no + +/* uncomment the next line to enable IPv6 lookup after IPv4 dns + lookup failures (default disabled) */ +#dns_try_ipv6=yes + +dns=no + +socket=udp:PCSCF_IP:5060 +socket=tcp:PCSCF_IP:5060 +socket=ipsec:PCSCF_IP:6100,5100 + +alias="pcscf.IMS_DOMAIN" + + +#set module path +mpath="/usr/lib/x86_64-linux-gnu/opensips/modules" + +####### Modules Section ######## + +#### SIGNALING module +loadmodule "signaling.so" + +#### StateLess module +loadmodule "sl.so" + +#### Transaction Module +loadmodule "tm.so" +modparam("tm", "fr_timeout", 5) +modparam("tm", "fr_inv_timeout", 30) +modparam("tm", "restart_fr_on_each_reply", 0) +modparam("tm", "onreply_avp_mode", 1) + +#### Record Route Module +loadmodule "rr.so" +/* do not append from tag to the RR (no need for this script) */ +modparam("rr", "append_fromtag", 0) + +#### MAX ForWarD module +loadmodule "maxfwd.so" + +#### NATHELPER module +loadmodule "nathelper.so" + +#### SIP MSG OPerationS module +loadmodule "sipmsgops.so" + +#### FIFO Management Interface +loadmodule "mi_fifo.so" +modparam("mi_fifo", "fifo_name", "/run/opensips/opensips_fifo") +modparam("mi_fifo", "fifo_mode", 0666) + +#### USeR LOCation module +loadmodule "usrloc.so" +modparam("usrloc", "nat_bflag", "NAT") +modparam("usrloc", "mi_dump_kv_store", 1) +modparam("usrloc", "working_mode_preset", "single-instance-no-db") + +#### REGISTRAR module +loadmodule "registrar.so" +modparam("registrar", "tcp_persistent_flag", "TCP_PERSISTENT") +/* uncomment the next line not to allow more than 10 contacts per AOR */ +#modparam("registrar", "max_contacts", 10) + +#### ACCounting module +loadmodule "acc.so" +/* what special events should be accounted ? */ +modparam("acc", "early_media", 0) +modparam("acc", "report_cancels", 0) +/* by default we do not adjust the direct of the sequential requests. + if you enable this parameter, be sure to enable "append_fromtag" + in "rr" module */ +modparam("acc", "detect_direction", 0) + +#### proto_udp module +loadmodule "dispatcher.so" + +loadmodule "proto_udp.so" +loadmodule "proto_tcp.so" +loadmodule "proto_ipsec.so" +loadmodule "dialog.so" + +#### dbtext module +loadmodule "db_text.so" +modparam("dispatcher", "db_url", "text:///etc/opensips/db") + +#### aaa_diameter module +loadmodule "aaa_diameter.so" +modparam("aaa_diameter", "fd_log_level", 0) # max amount of logging, quite annoying +modparam("aaa_diameter", "realm", "IMS_DOMAIN") +modparam("aaa_diameter", "peer_identity", "hss") +modparam("aaa_diameter", "aaa_url", + "diameter:/etc/opensips/freeDiameter.conf;extra-avps-file:/etc/opensips/pcscf.dictionary") + +modparam("proto_ipsec", "min_spi", 10000) +modparam("proto_ipsec", "max_spi", 10100) +#modparam("proto_ipsec", "allowed_algorithms", "hmac-sha-1-96=null") + +#### RTPENGINE module +loadmodule "rtpengine.so" +modparam("rtpengine", "rtpengine_sock", "udp:RTPENGINE_IP:2223") + + +loadmodule "event_route.so" +loadmodule "json.so" + + + +####### Routing Logic ######## + +# main request routing logic + +route{ + xlog("L_INFO", "[$ci] Start route time [$Tf] method ($rm) r-uri ($ru) \n"); + set_via_handling("force-rport"); + + if (!mf_process_maxfwd_header(10)) { + send_reply(483,"Too Many Hops"); + exit; + } + + if (has_totag()) { + + # handle hop-by-hop ACK (no routing required) + if ( is_method("ACK") && t_check_trans() ) { + t_relay(); + exit; + } + + # sequential request within a dialog should + # take the path determined by record-routing + if ( !loose_route() ) { + # we do record-routing for all our traffic, so we should not + # receive any sequential requests without Route hdr. + send_reply(404,"Not here"); + exit; + } + + if (is_method("BYE")) { + # do accounting even if the transaction fails + do_accounting("log","failed"); + route(session_termination); + } + + if (is_method("UPDATE")) { + if ($si != "SCSCF_IP") + rtpengine_offer("replace-origin"); + else + t_on_reply("rtpengine_answer"); + } + + # route it out to whatever destination was set by loose_route() + # in $du (destination URI). + route(relay); + exit; + } + + # CANCEL processing + if (is_method("CANCEL")) { + if (t_check_trans()) + t_relay(); + exit; + } + + # absorb retransmissions, but do not create transaction + t_check_trans(); + + if (is_method("REGISTER")) { + xlog("L_INFO", "[$ci] Received REGISTER for $tu - relaying to I-CSCF\n"); + append_hf("Path: \r\n"); + + if ($hdr(Security-Client)) { + setflag("SEC_AGREE"); + append_hf("P-Visited-Network-ID: IMS_DOMAIN\r\n"); + } + + t_on_reply("register_reply"); + route(relay); + exit; + } else if (is_method("INVITE")) { + if (loose_route()) { + xlog("L_INFO", "[$ci] Received INVITE for $tu - relaying to S-CSCF ($ru/$du)\n"); + remove_hf("Security-Verify"); + if (list_hdr_has_option("Require", "sec-agree")) + list_hdr_remove_option("Require", "sec-agree"); + if (list_hdr_has_option("Proxy-Require", "sec-agree")) + list_hdr_remove_option("Proxy-Require", "sec-agree"); + append_hf("P-Visited-Network-ID: IMS_DOMAIN\r\n"); + $socket_out = "tcp:PCSCF_IP:5060"; + $avp(si) = $si; + rtpengine_offer("replace-origin"); + } else { + xlog("L_INFO", "[$ci] Received INVITE for $tu - looking up from S-CSCF ($ru/$du/$tu)\n"); + $rU = $(tU{s.select,0,;}); + if (!lookup("location")) { + xlog("L_ERR", "[$ci] user $rU not found\n"); + t_reply(404, "Not here"); + exit; + } + } + route(extract_ip_port); + $avp(ip) = $var(ip); + $avp(port) = $var(port); + $avp(rtcp) = $var(rtcp); + $avp(stream) = $(rb{sdp.stream,0}); + t_on_reply("invite_reply"); + if (!record_route()) { + xlog("L_ERR", "[$ci] Cannot do record_route()\n"); + t_reply(503, "Internal Error"); + exit; + } + if (!create_dialog()) { + xlog("L_ERR", "[$ci] Cannot create_dialog()\n"); + t_reply(503, "Internal Error"); + exit; + } + + if (!t_relay()) { + xlog("L_ERR", "[$ci] Cannot relay to $ru/$du\n"); + t_reply(503, "Internal Error"); + exit; + } + exit; + } + + send_reply(405,"Method Not Allowed"); + exit; +} + + +route[relay] { + if (!t_relay()) { + send_reply(500,"Internal Error"); + } + exit; +} + +onreply_route[register_reply] { + xlog("L_INFO","[$ci] Received REGISTER reply $rs from $si for $tu\n"); + if (isflagset("SEC_AGREE")) { + if ($T_reply_code == 401) { + if (ipsec_create()) + route(dm_send_aar, "control"); + } else if ($T_reply_code == 200) { + if (!save("location", "no-reply, path-off")) + xlog("L_ERR", "[$ci] could not save\n"); + } + + } +} + +onreply_route[invite_reply] { + + if (!has_body_part("application/sdp")) { + xlog("L_INFO","[$ci] Received INVITE reply $rs from $si for $tu - without SDP\n"); + return; + } else if (isflagset("INVITE_AAA")) { + xlog("L_INFO","[$ci] Received INVITE reply $rs from $si for $tu - AAA done\n"); + return; + } + xlog("L_INFO","[$ci] Received INVITE reply $rs from $si for $tu - doing AAR\n"); + route(extract_ip_port); + if ($avp(si) == NULL) { + rtpengine_answer("replace-origin"); + $avp(si) = $si; + $var(tmp_ip) = $avp(ip); + $var(tmp_port) = $avp(port); + $avp(ip) := $var(ip); + $avp(port) := $var(port); + $var(ip) = $var(tmp_ip); + $var(port) = $var(tmp_port); + } + route(dm_send_aar, "audio"); + setflag("INVITE_AAA"); +} + +onreply_route[rtpengine_answer] { + if (!has_body_part("application/sdp")) + return; + rtpengine_answer("replace-origin"); +} + + +route[dm_send_aar] { + + switch ($param(1)) { + + case "control": + if ($ipsec(ip) != NULL) { + $var(src_ip) = $ipsec_ue(ip); + $var(src_port) = $ipsec_ue(port-c); + $var(dst_ip) = $ipsec(ip); + $var(dst_port) = $ipsec(port-s); + $var(sess_port) = $ipsec_ue(port-s); + } else { + $var(src_ip) = $si; + $var(src_port) = $sp; + $var(dst_ip) = $socket_in(ip); + $var(dst_port) = $socket_in(port); + $var(sess_port) = $sp; + } + $var(media_component) = "[{\"Media-Component-Number\": 1}, + {\"Media-Sub-Component\": [{\"Flow-Number\": 1}, + {\"Flow-Description\": \"permit in ip from "+$var(src_ip)+" "+$var(src_port)+" to "+$var(dst_ip)+" "+$var(dst_port)+"\"}, + {\"Flow-Description\": \"permit out ip from "+$var(dst_ip)+" "+$var(dst_port)+" to "+$var(src_ip)+" "+$var(src_port)+"\"}, + {\"Flow-Usage\": 2}]}, + {\"Media-Type\": 4}, + {\"Codec-Data\": \"uplink\noffer\n\"}, + {\"Codec-Data\": \"downlink\nanswer\n\"}, + {\"Flow-Status\": 2}]"; + $avp(si) = $var(src_ip); + $var(session_id) = $var(src_ip) + ";" + $var(sess_port) + ";pcscf.IMS_DOMAIN;"+$Ts+"."+$Tsm+";"+$pp; + break; + case "audio": + $var(session_id) = "pcscf.IMS_DOMAIN;"+$Ts+"."+$Tsm+";"+$pp; + $var(media_component) = "[{\"Media-Component-Number\": 1}, + {\"Media-Sub-Component\": [{\"Flow-Number\": 1}, + {\"Flow-Description\": \"permit in 17 from "+$avp(ip)+" "+$avp(port)+" to "+$var(ip)+" "+$var(port)+"\"}, + {\"Flow-Description\": \"permit out 17 from "+$var(ip)+" "+$var(port)+" to "+$avp(ip)+" "+$avp(port)+"\"}, + {\"Flow-Description\": \"permit in 17 from "+$avp(ip)+" "+$avp(rtcp)+" to "+$var(ip)+" "+$var(rtcp)+"\"}, + {\"Flow-Description\": \"permit out 17 from "+$var(ip)+" "+$var(rtcp)+" to "+$avp(ip)+" "+$avp(rtcp)+"\"}, + {\"Flow-Usage\": 0}]}, + {\"Media-Type\": 0}, + {\"Max-Requested-Bandwidth-DL\": 41000}, + {\"Max-Requested-Bandwidth-UL\": 41000}, + {\"Codec-Data\": \"uplink\noffer\n"+$avp(stream)+"\"}, + {\"Codec-Data\": \"downlink\nanswer\n"+$(rb{sdp.stream,0})+"\"}, + {\"Flow-Status\": 2}]"; + $dlg_val(session_id) = $var(session_id); + break; + } + $var(payload) = "[ + { \"Session-Id\": \""+$var(session_id)+"\" }, + { \"Auth-Application-Id\": 16777236 }, + { \"Origin-Host\": \"pcscf.IMS_DOMAIN\" }, + { \"Origin-Realm\": \"IMS_DOMAIN\" }, + { \"Destination-Realm\": \"EPC_DOMAIN\" }, + { \"Vendor-Specific-Application-Id\": [{\"Vendor-Id\": 10415}, + {\"Auth-Application-Id\": 16777236}]}, + { \"AF-Application-Identifier\": \"IMS Services\" }, + { \"Authorization-Lifetime\": 3600 }, + { \"Subscription-ID\": [{\"Subscription-Id-Type\": 2}, + {\"Subscription-Id-Data\": \""+$fu+"\"}]}, + { \"Reservation-Priority\": 0 }, + { \"Media-Component-Description\": "+$var(media_component)+"}, + { \"Frame-IP-Address\": \""+$avp(si)+"\" }, + { \"Specific-Action\": 1 }, + { \"Specific-Action\": 2 }, + { \"Specific-Action\": 3 }, + { \"Specific-Action\": 4 }, + { \"Specific-Action\": 5 }, + { \"Specific-Action\": 6 }, + { \"Specific-Action\": 12 }, + { \"Auth-Grace-Period\": 0 }, + { \"Session-Timeout\": 3600 } + ]"; + + $var(rc) = dm_send_request(16777236, 265, $var(payload), $var(rpl_avps)); + xlog("[$ci] AAA rc: $var(rc), AAA AVPs: $var(rpl_avps)\n"); +} + +route[session_termination] { + if ($si != "SCSCF_IP") + rtpengine_delete(); + + xlog("L_INFO","[$ci] Received BYE from $si for $tu - doing STR\n"); + + $var(payload) = "[ + { \"Session-Id\": \""+$dlg_val(session_id)+"\" }, + { \"Auth-Application-Id\": 16777236 }, + { \"Origin-Host\": \"pcscf.IMS_DOMAIN\" }, + { \"Origin-Realm\": \"IMS_DOMAIN\" }, + { \"Destination-Realm\": \"EPC_DOMAIN\" }, + { \"Vendor-Specific-Application-Id\": [{\"Vendor-Id\": 10415}, + {\"Auth-Application-Id\": 16777236}]}, + { \"AF-Application-Identifier\": \"IMS Services\" }, + { \"Termination-Cause\": 1 } + ]"; + + $var(rc) = dm_send_request(16777236, 275, $var(payload), $var(rpl_avps)); + xlog("[$ci] STA rc: $var(rc), STA AVPs: $var(rpl_avps)\n"); +} + +route[extract_ip_port] { + $var(ip) = $(rb{sdp.line,c}{s.select,2, }); + $var(port) = $(rb{sdp.line,m}{s.select,1, }); + $var(rtcp) = $(var(port){s.int}) + 1; +} + +event_route[E_DM_REQUEST] { + if ($param(app_id) == 16777236 && $param(cmd_code) == 274) { + $var(ip) = $(param(sess_id){s.select,0,;}); + $var(port) = $(param(sess_id){s.select,1,;}{s.int}); + xlog("[diameter] removing $var(ip):$var(port) contact\n"); + remove_ip_port($var(ip), $var(port), "location"); + $var(payload) = "[ + { \"Vendor-Specific-Application-Id\": [{\"Vendor-Id\": 10415}, + {\"Auth-Application-Id\": 16777236}]}, + { \"Result-Code\": 2001 }, + { \"Auth-Session-State\": 0 }, + { \"Origin-Host\": \"pcscf.IMS_DOMAIN\" }, + { \"Origin-Realm\": \"IMS_DOMAIN\" } + ]"; + dm_send_answer($var(payload)); + + } +} diff --git a/opensips_ims_pcscf/pcscf.dictionary b/opensips_ims_pcscf/pcscf.dictionary new file mode 100644 index 0000000..f6406d5 --- /dev/null +++ b/opensips_ims_pcscf/pcscf.dictionary @@ -0,0 +1,78 @@ +VENDOR 10415 TGPP +VENDOR 13019 ETSI + +ATTRIBUTE Abort-Cause 500 unsigned32 10415 +ATTRIBUTE AF-Application-Identifier 504 string 10415 +ATTRIBUTE Flow-Description 507 string 10415 +ATTRIBUTE Flow-Number 509 unsigned32 10415 +ATTRIBUTE Flow-Status 511 unsigned32 10415 +ATTRIBUTE Flow-Usage 512 unsigned32 10415 +ATTRIBUTE Specific-Action 513 unsigned32 10415 +ATTRIBUTE Max-Requested-Bandwidth-DL 515 unsigned32 10415 +ATTRIBUTE Max-Requested-Bandwidth-UL 516 unsigned32 10415 +ATTRIBUTE Media-Component-Number 518 unsigned32 10415 +ATTRIBUTE Media-Type 520 unsigned32 10415 +ATTRIBUTE Codec-Data 524 string 10415 +ATTRIBUTE Media-Sub-Component 519 grouped 10415 +{ + Flow-Number | REQUIRED | 1 + Flow-Usage | REQUIRED | 1 + Flow-Description | REQUIRED | 9 +} + +ATTRIBUTE Media-Component-Description 517 grouped 10415 +{ + Media-Component-Number | REQUIRED | 1 + Media-Sub-Component | REQUIRED | 1 + Media-Type | REQUIRED | 1 + Max-Requested-Bandwidth-DL | REQUIRED | 1 + Max-Requested-Bandwidth-UL | REQUIRED | 1 + Flow-Status | REQUIRED | 1 +} +ATTRIBUTE IP-CAN-Type 1027 unsigned32 10415 +ATTRIBUTE RAT-Type 1032 unsigned32 10415 + +ATTRIBUTE Subscription-Id-Type 450 unsigned32 +ATTRIBUTE Subscription-Id-Data 444 string +ATTRIBUTE Subscription-ID 443 grouped +{ + Subscription-Id-Type | REQUIRED | 1 + Subscription-Id-Data | REQUIRED | 1 +} +ATTRIBUTE Frame-IP-Address 8 ip +ATTRIBUTE Reservation-Priority 458 unsigned32 13019 + +APPLICATION-AUTH 16777236/10415 3GPP Rx + +REQUEST 265 AA Request +{ + Session-Id | REQUIRED | 1 + Auth-Application-Id | REQUIRED | 1 + Origin-Host | REQUIRED | 1 + Origin-Realm | REQUIRED | 1 + Destination-Realm | REQUIRED | 1 + AF-Application-Identifier | REQUIRED | 1 + Authorization-Lifetime | REQUIRED | 1 + Subscription-ID | REQUIRED | 1 + Specific-Action | REQUIRED | 9 + Frame-IP-Address | REQUIRED | 1 + Reservation-Priority | REQUIRED | 1 + Session-Timeout | OPTIONAL | 1 + Auth-Grace-Period | OPTIONAL | 1 +} +# Vendor-Specific-Application-Id | REQUIRED | 1 +# Media-Component-Description | REQUIRED | 1 + +ANSWER 265 AA Answer +{ + Session-Id | REQUIRED | 1 + Auth-Application-Id | REQUIRED | 1 + Origin-Host | REQUIRED | 1 + Origin-Realm | REQUIRED | 1 + Destination-Host | OPTIONAL | 1 + Destination-Realm | OPTIONAL | 1 + Result-Code | OPTIONAL | 1 + Experimental-Result | OPTIONAL | 1 + IP-CAN-Type | OPTIONAL | 1 + RAT-Type | OPTIONAL | 1 +} diff --git a/opensips_ims_pcscf/pcscf_init.sh b/opensips_ims_pcscf/pcscf_init.sh new file mode 100755 index 0000000..6f7e17c --- /dev/null +++ b/opensips_ims_pcscf/pcscf_init.sh @@ -0,0 +1,60 @@ +#!/bin/bash + +# BSD 2-Clause License + +# Copyright (c) 2020, Supreeth Herle +# All rights reserved. + +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are met: + +# 1. Redistributions of source code must retain the above copyright notice, this +# list of conditions and the following disclaimer. + +# 2. Redistributions in binary form must reproduce the above copyright notice, +# this list of conditions and the following disclaimer in the documentation +# and/or other materials provided with the distribution. + +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" +# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +sh -c "echo 1 > /proc/sys/net/ipv4/ip_nonlocal_bind" +sh -c "echo 1 > /proc/sys/net/ipv6/ip_nonlocal_bind" + +[ ${#MNC} == 3 ] && EPC_DOMAIN="epc.mnc${MNC}.mcc${MCC}.3gppnetwork.org" || EPC_DOMAIN="epc.mnc0${MNC}.mcc${MCC}.3gppnetwork.org" +[ ${#MNC} == 3 ] && IMS_DOMAIN="ims.mnc${MNC}.mcc${MCC}.3gppnetwork.org" || IMS_DOMAIN="ims.mnc0${MNC}.mcc${MCC}.3gppnetwork.org" + +mkdir -p /etc/opensips +cp /mnt/pcscf/freeDiameter.conf /etc/opensips +cp /mnt/pcscf/pcscf.dictionary /etc/opensips +cp /mnt/pcscf/opensips.cfg /etc/opensips +cp -r /mnt/pcscf/db /etc/opensips + +sed -i 's|PCSCF_IP|'$PCSCF_IP'|g' /etc/opensips/opensips.cfg +sed -i 's|IMS_DOMAIN|'$IMS_DOMAIN'|g' /etc/opensips/opensips.cfg +sed -i 's|EPC_DOMAIN|'$EPC_DOMAIN'|g' /etc/opensips/opensips.cfg +sed -i 's|SCSCF_IP|'$SCSCF_IP'|g' /etc/opensips/opensips.cfg +sed -i 's|RTPENGINE_IP|'$RTPENGINE_IP'|g' /etc/opensips/opensips.cfg + +sed -i 's|PCRF_BIND_PORT|'$PCRF_BIND_PORT'|g' /etc/opensips/freeDiameter.conf +sed -i 's|PCSCF_BIND_PORT|'$PCSCF_BIND_PORT'|g' /etc/opensips/freeDiameter.conf +sed -i 's|IMS_DOMAIN|'$IMS_DOMAIN'|g' /etc/opensips/freeDiameter.conf +sed -i 's|EPC_DOMAIN|'$EPC_DOMAIN'|g' /etc/opensips/freeDiameter.conf +sed -i 's|PCRF_IP|'$PCRF_IP'|g' /etc/opensips/freeDiameter.conf +sed -i 's|PCSCF_IP|'$PCSCF_IP'|g' /etc/opensips/freeDiameter.conf + +# Add static route to route traffic back to UE as there is not NATing +ip r add ${UE_IPV4_IMS} via ${UPF_IP} + +# Sync docker time +#ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone + +exec /usr/sbin/opensips -F $@ diff --git a/opensips_ims_scscf/entrypoint.sh b/opensips_ims_scscf/entrypoint.sh new file mode 100755 index 0000000..9b3744b --- /dev/null +++ b/opensips_ims_scscf/entrypoint.sh @@ -0,0 +1,53 @@ +#!/bin/bash + +# BSD 2-Clause License + +# Copyright (c) 2020, Supreeth Herle +# All rights reserved. + +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are met: + +# 1. Redistributions of source code must retain the above copyright notice, this +# list of conditions and the following disclaimer. + +# 2. Redistributions in binary form must reproduce the above copyright notice, +# this list of conditions and the following disclaimer in the documentation +# and/or other materials provided with the distribution. + +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" +# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +while ! mysqladmin ping -h ${MYSQL_IP} --silent; do + sleep 5; +done + +# Sleep until permissions are set +sleep 10; + +# Create SCSCF database, populate tables and grant privileges +if [[ -z "`mysql -u root -h ${MYSQL_IP} -qfsBe "SELECT SCHEMA_NAME FROM INFORMATION_SCHEMA.SCHEMATA WHERE SCHEMA_NAME='scscf'" 2>&1`" ]]; +then + mysql -u root -h ${MYSQL_IP} -e "create database scscf;" + mysql -u root -h ${MYSQL_IP} scscf < /usr/share/opensips/mysql/standard-create.sql + mysql -u root -h ${MYSQL_IP} scscf < /usr/share/opensips/mysql/dialplan-create.sql + SCSCF_USER_EXISTS=`mysql -u root -h ${MYSQL_IP} -s -N -e "SELECT EXISTS(SELECT 1 FROM mysql.user WHERE User = 'scscf' AND Host = '%')"` + if [[ "$SCSCF_USER_EXISTS" == 0 ]] + then + mysql -u root -h ${MYSQL_IP} -e "CREATE USER 'scscf'@'%' IDENTIFIED WITH mysql_native_password BY 'heslo'"; + mysql -u root -h ${MYSQL_IP} -e "CREATE USER 'scscf'@'$SCSCF_IP' IDENTIFIED WITH mysql_native_password BY 'heslo'"; + mysql -u root -h ${MYSQL_IP} -e "GRANT ALL ON scscf.* TO 'scscf'@'%'"; + mysql -u root -h ${MYSQL_IP} -e "GRANT ALL ON scscf.* TO 'scscf'@'$SCSCF_IP'"; + mysql -u root -h ${MYSQL_IP} -e "FLUSH PRIVILEGES;" + fi +fi + +exec /usr/sbin/opensips -F $@ diff --git a/opensips_ims_scscf/freeDiameter.conf b/opensips_ims_scscf/freeDiameter.conf new file mode 100644 index 0000000..fbeae7f --- /dev/null +++ b/opensips_ims_scscf/freeDiameter.conf @@ -0,0 +1,13 @@ +Identity = "scscf.IMS_DOMAIN"; +Realm = "IMS_DOMAIN"; +Port = SCSCF_BIND_PORT; +ListenOn = "SCSCF_IP"; +SecPort = 0; +No_SCTP; +NoRelay; + +ConnectPeer = "hss.IMS_DOMAIN" { + No_TLS; + ConnectTo = "PYHSS_IP"; + port = PYHSS_BIND_PORT; +}; diff --git a/opensips_ims_scscf/opensips.cfg b/opensips_ims_scscf/opensips.cfg new file mode 100644 index 0000000..cf5875b --- /dev/null +++ b/opensips_ims_scscf/opensips.cfg @@ -0,0 +1,281 @@ +# +# OpenSIPS residential configuration script +# by OpenSIPS Solutions +# +# This script was generated via "make menuconfig", from +# the "Residential" scenario. +# You can enable / disable more features / functionalities by +# re-generating the scenario with different options.# +# +# Please refer to the Core CookBook at: +# https://opensips.org/Resources/DocsCookbooks +# for a explanation of possible statements, functions and parameters. +# + + +####### Global Parameters ######### + +/* uncomment the following lines to enable debugging */ +#debug_mode=yes + +log_level=3 +xlog_level=3 +log_stderror=yes +log_stdout=yes +log_facility=LOG_LOCAL0 + +udp_workers=4 + +/* uncomment the next line to enable the auto temporary blacklisting of + not available destinations (default disabled) */ +#disable_dns_blacklist=no + +/* uncomment the next line to enable IPv6 lookup after IPv4 dns + lookup failures (default disabled) */ +#dns_try_ipv6=yes + + +socket=udp:SCSCF_IP:6060 +socket=tcp:SCSCF_IP:6060 + +alias="scscf.IMS_DOMAIN" + +#set module path +mpath="/usr/lib/x86_64-linux-gnu/opensips/modules" + +####### Modules Section ######## + +#### MYSQL module +loadmodule "db_mysql.so" + +#### SIGNALING module +loadmodule "signaling.so" + +#### StateLess module +loadmodule "sl.so" + +#### Transaction Module +loadmodule "tm.so" +modparam("tm", "fr_timeout", 5) +modparam("tm", "fr_inv_timeout", 30) +modparam("tm", "restart_fr_on_each_reply", 0) +modparam("tm", "onreply_avp_mode", 1) + +#### Record Route Module +loadmodule "rr.so" +/* do not append from tag to the RR (no need for this script) */ +modparam("rr", "append_fromtag", 0) + +#### MAX ForWarD module +loadmodule "maxfwd.so" + +#### SIP MSG OPerationS module +loadmodule "sipmsgops.so" + +#### FIFO Management Interface +loadmodule "mi_fifo.so" +modparam("mi_fifo", "fifo_name", "/run/opensips/opensips_fifo") +modparam("mi_fifo", "fifo_mode", 0666) + +#### USeR LOCation module +loadmodule "usrloc.so" +modparam("usrloc", "nat_bflag", "NAT") +modparam("usrloc", "working_mode_preset", "single-instance-no-db") + +#### REGISTRAR module +loadmodule "registrar.so" +modparam("registrar", "tcp_persistent_flag", "TCP_PERSISTENT") +modparam("registrar", "attr_avp", "$avp(attr)") +/* uncomment the next line not to allow more than 10 contacts per AOR */ +#modparam("registrar", "max_contacts", 10) + +#### ACCounting module +loadmodule "acc.so" +/* what special events should be accounted ? */ +modparam("acc", "early_media", 0) +modparam("acc", "report_cancels", 0) +/* by default we do not adjust the direct of the sequential requests. + if you enable this parameter, be sure to enable "append_fromtag" + in "rr" module */ +modparam("acc", "detect_direction", 0) + +loadmodule "proto_udp.so" +loadmodule "proto_tcp.so" + +#### aaa_diameter module +loadmodule "aaa_diameter.so" +modparam("aaa_diameter", "fd_log_level", 1) # max amount of logging, quite annoying +modparam("aaa_diameter", "realm", "IMS_DOMAIN") +modparam("aaa_diameter", "peer_identity", "hss") +modparam("aaa_diameter", "aaa_url", + "diameter:/etc/opensips/freeDiameter.conf;extra-avps-file:/etc/opensips/scscf.dictionary") +loadmodule "auth_aka.so" +modparam("auth_aka", "default_av_mgm", "diameter") +modparam("auth_aka", "default_qop", "auth,auth-int") +loadmodule "aka_av_diameter.so" +modparam("aka_av_diameter", "realm", + "scscf.IMS_DOMAIN") +modparam("aka_av_diameter", "aaa_url", + "diameter:/etc/opensips/freeDiameter.conf;extra-avps-file:/etc/opensips/scscf.dictionary") + +#### dialplan module +loadmodule "dialplan.so" +modparam("dialplan","db_url", "mysql://scscf:heslo@MYSQL_IP/opensips_scscf") + + +#### auth module +loadmodule "auth.so" + + + +####### Routing Logic ######## + +# main request routing logic + +route{ + xlog("L_INFO", "[$ci] Start route time [$Tf] method ($rm) r-uri ($ru) \n"); + + if (!mf_process_maxfwd_header(10)) { + send_reply(483,"Too Many Hops"); + exit; + } + + if (has_totag()) { + + # handle hop-by-hop ACK (no routing required) + if ( is_method("ACK") && t_check_trans() ) { + t_relay(); + exit; + } + + # sequential request within a dialog should + # take the path determined by record-routing + if ( !loose_route() ) { + # we do record-routing for all our traffic, so we should not + # receive any sequential requests without Route hdr. + send_reply(404,"Not here"); + exit; + } + + if (is_method("BYE")) { + # do accounting even if the transaction fails + do_accounting("log","failed"); + } + + # route it out to whatever destination was set by loose_route() + # in $du (destination URI). + route(relay); + exit; + } + + # CANCEL processing + if (is_method("CANCEL")) { + if (t_check_trans()) + t_relay(); + exit; + } + + # absorb retransmissions, but do not create transaction + t_check_trans(); + + if (is_method("REGISTER")) { + xlog("L_INFO", "[$ci] Received REGISTER for $tu - doing authorization\n"); + if (!aka_www_authorize()) { + if (!async(aka_www_challenge(), aka_resume_mar)) + t_reply(500, "Internal Error"); + exit; + } + xlog("L_INFO", "[$ci] Received REGISTER for $tu - authorized, doing SAR\n"); + $var(payload) = "[ + { \"Session-Id\": \"scscf.IMS_DOMAIN;"+$Ts+"."+$Tsm+";"+$pp+"\" }, + { \"Origin-Host\": \"scscf.IMS_DOMAIN\" }, + { \"Origin-Realm\": \"IMS_DOMAIN\" }, + { \"Destination-Realm\": \"IMS_DOMAIN\" }, + { \"Vendor-Specific-Application-Id\": [{\"Vendor-Id\": 10415}, + {\"Auth-Application-Id\": 16777216}]}, + { \"Auth-Session-State\": 1 }, + { \"User-Name\": \""+$fU+"@"+$fd+"\" }, + { \"Public-Identity\": \""+$fu+"\" }, + { \"Server-Assignment-Type\": 1 }, + { \"User-Data-Already-Available\": 0}, + { \"Server-Name\": \"sip:scscf.IMS_DOMAIN:6060\" } + ]"; + + if (!async(dm_send_request(16777216, 301, $var(payload), $var(rpl_avps)), aka_resume_sar)) { + t_reply(500, "Internal Error"); + exit; + } + exit; + } else if (is_method("INVITE")) { + + xlog("L_INFO", "[$ci] Received INVITE for $tu/$ru - checking dialplan\n"); + loose_route(); # consume preloaded routes + if (!record_route()) { + xlog("L_ERR", "[$ci] Cannot do record_route()\n"); + t_reply(503, "Internal Error"); + exit; + } + if ($ru =~ "^tel:") { + $var(tel_user) = $rU; + $var(tel_domain) = $(ru{uri.param,phone-context}); + $ru = "sip:" + $var(tel_user) + "@" + $var(tel_domain); + } else { + $rU = $(rU{s.select,0,;}); + } + if (!dp_translate(1, $rU, $var(dialplan))) { + xlog("L_ERR", "[$ci] dial $rU not in dialplan\n"); + t_reply(404, "Unknown user"); + exit; + } + xlog("L_INFO", "[$ci] Dial $rU is a $var(dialplan) dialplan\n"); + switch ($var(dialplan)) { + case "USER": + xlog("L_INFO", "[$ci] lookup user $rU/$(oU{s.select,0,;})\n"); + if (!lookup("location")) { + xlog("L_ERR", "[$ci] Received INVITE for $tu/$ru not registered - sending to service\n"); + t_reply(404, "User not found"); + exit; + } + break; + case "SERVICE": + # TODO: handle service + case "APPLICATION": + # TODO: handle application server + default: + xlog("L_ERR", "[$ci] unknown $var(dialplan) dialplan\n"); + t_reply(503, "Unknown dialplan"); + exit; + } + if (!t_relay()) { + xlog("L_ERR", "[$ci] Cannot relay to $ru\n"); + t_reply(503, "Internal Error"); + } + exit; + } + + send_reply(503,"Not Implemented"); + exit; +} + + +route[relay] { + if (!t_relay()) { + send_reply(500,"Internal Error"); + } + exit; +} + +route[aka_resume_mar] { + xlog("L_DBG", "[$ci] MAA rc: $rc\n"); +} + +route[aka_resume_sar] { + xlog("[$ci] SAA rc: $var(rc), SAA AVPs: $var(rpl_avps)\n"); + $avp(attr) = $ct.fields(params); + append_to_reply("Service-Route: \r\n"); + append_to_reply("P-Associated-URI: <$fu>\r\n"); + if (!save("location", "path-lazy")) { + t_reply(503, "Internal Error"); + exit; + } +} diff --git a/opensips_ims_scscf/scscf.dictionary b/opensips_ims_scscf/scscf.dictionary new file mode 100644 index 0000000..8ae2a37 --- /dev/null +++ b/opensips_ims_scscf/scscf.dictionary @@ -0,0 +1,105 @@ +VENDOR 10415 TGPP + +ATTRIBUTE Visited-Network-Identifier 600 string 10415 +ATTRIBUTE Public-Identity 601 string 10415 +ATTRIBUTE Server-Name 602 string 10415 +ATTRIBUTE Mandatory-Capability 604 unsigned32 10415 +ATTRIBUTE Optional-Capability 605 unsigned32 10415 +ATTRIBUTE Cx-User-Data 606 string 10415 +ATTRIBUTE 3GPP-SIP-Number-Auth-Items 607 unsigned32 10415 +ATTRIBUTE 3GPP-SIP-Authentication-Scheme 608 utf8string 10415 +ATTRIBUTE 3GPP-SIP-Authenticate 609 hexstring 10415 +ATTRIBUTE 3GPP-SIP-Authorization 610 hexstring 10415 +ATTRIBUTE 3GPP-SIP-Authentication-Context 611 string 10415 +ATTRIBUTE 3GPP-SIP-Item-Number 613 unsigned32 10415 +ATTRIBUTE Server-Assignment-Type 614 unsigned32 10415 +ATTRIBUTE User-Data-Already-Available 624 unsigned32 10415 +ATTRIBUTE Confidentiality-Key 625 hexstring 10415 +ATTRIBUTE Integrity-Key 626 hexstring 10415 + +ATTRIBUTE Primary-Event-Charging-Function-Name 619 string 10415 +ATTRIBUTE Secondary-Event-Charging-Function-Name 620 string 10415 +ATTRIBUTE Primary-Charging-Collection-Function-Name 621 string 10415 +ATTRIBUTE Secondary-Charging-Collection-Function-Name 622 string 10415 + +ATTRIBUTE 3GPP-SIP-Auth-Data-Item 612 grouped 10415 +{ + 3GPP-SIP-Item-Number | OPTIONAL | 1 + 3GPP-SIP-Authentication-Scheme | OPTIONAL | 1 + 3GPP-SIP-Authenticate | OPTIONAL | 1 + 3GPP-SIP-Authorization | OPTIONAL | 1 + 3GPP-SIP-Authentication-Context | OPTIONAL | 1 + Confidentiality-Key | OPTIONAL | 1 + Integrity-Key | OPTIONAL | 1 +} + +ATTRIBUTE Charging-Information 618 grouped 10415 +{ + Primary-Event-Charging-Function-Name | OPTIONAL | 1 + Secondary-Event-Charging-Function-Name | OPTIONAL | 1 + Primary-Charging-Collection-Function-Name | OPTIONAL | 1 + Secondary-Charging-Collection-Function-Name | OPTIONAL | 1 +} + + +APPLICATION-AUTH 16777216/10415 3GPP Cx + +REQUEST 301 Server-Assignment Request +{ + Session-Id | REQUIRED | 1 + Origin-Host | REQUIRED | 1 + Origin-Realm | REQUIRED | 1 + Destination-Realm | REQUIRED | 1 + Vendor-Specific-Application-Id | REQUIRED | 1 + Auth-Session-State | REQUIRED | 1 + Public-Identity | REQUIRED | 1 + Server-Name | REQUIRED | 1 + User-Name | REQUIRED | 1 + Server-Assignment-Type | REQUIRED | 1 + User-Data-Already-Available | REQUIRED | 1 +} + +ANSWER 301 Server-Assignment Answer +{ + Session-Id | REQUIRED | 1 + Origin-Host | REQUIRED | 1 + Origin-Realm | REQUIRED | 1 + Destination-Host | OPTIONAL | 1 + Destination-Realm | OPTIONAL | 1 + Vendor-Specific-Application-Id | REQUIRED | 1 + Auth-Session-State | REQUIRED | 1 + User-Name | REQUIRED | 1 + Cx-User-Data | REQUIRED | 1 + Charging-Information | OPTIONAL | 1 + Result-Code | REQUIRED | 1 +} + +REQUEST 303 Multimedia-Auth Request +{ + Session-Id | REQUIRED | 1 + Origin-Host | REQUIRED | 1 + Origin-Realm | REQUIRED | 1 + Destination-Realm | REQUIRED | 1 + Vendor-Specific-Application-Id | REQUIRED | 1 + Auth-Session-State | REQUIRED | 1 + Public-Identity | REQUIRED | 1 + 3GPP-SIP-Number-Auth-Items | REQUIRED | 1 + 3GPP-SIP-Auth-Data-Item | REQUIRED | 1 + Server-Name | REQUIRED | 1 +} + +ANSWER 303 Multimedia-Auth Answer +{ + Session-Id | REQUIRED | 1 + Origin-Host | REQUIRED | 1 + Origin-Realm | REQUIRED | 1 + Destination-Host | OPTIONAL | 1 + Destination-Realm | OPTIONAL | 1 + Vendor-Specific-Application-Id | REQUIRED | 1 + Auth-Session-State | REQUIRED | 1 + Public-Identity | REQUIRED | 1 + 3GPP-SIP-Number-Auth-Items | REQUIRED | 1 + 3GPP-SIP-Auth-Data-Item | REQUIRED | 1 + User-Name | REQUIRED | 1 + Result-Code | REQUIRED | 1 +} diff --git a/opensips_ims_scscf/scscf_init.sh b/opensips_ims_scscf/scscf_init.sh new file mode 100755 index 0000000..dcc5846 --- /dev/null +++ b/opensips_ims_scscf/scscf_init.sh @@ -0,0 +1,71 @@ +#!/bin/bash + +# BSD 2-Clause License + +# Copyright (c) 2020, Supreeth Herle +# All rights reserved. + +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are met: + +# 1. Redistributions of source code must retain the above copyright notice, this +# list of conditions and the following disclaimer. + +# 2. Redistributions in binary form must reproduce the above copyright notice, +# this list of conditions and the following disclaimer in the documentation +# and/or other materials provided with the distribution. + +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" +# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +[ ${#MNC} == 3 ] && IMS_DOMAIN="ims.mnc${MNC}.mcc${MCC}.3gppnetwork.org" || IMS_DOMAIN="ims.mnc0${MNC}.mcc${MCC}.3gppnetwork.org" + +mkdir -p /etc/opensips +cp /mnt/scscf/freeDiameter.conf /etc/opensips +cp /mnt/scscf/scscf.dictionary /etc/opensips +cp /mnt/scscf/opensips.cfg /etc/opensips + +while ! mysqladmin ping -h ${MYSQL_IP} --silent; do + sleep 5; +done + +# Sleep until permissions are set +sleep 10; + +# Create SCSCF database, populate tables and grant privileges +if [[ -z "`mysql -u root -h ${MYSQL_IP} -qfsBe "SELECT SCHEMA_NAME FROM INFORMATION_SCHEMA.SCHEMATA WHERE SCHEMA_NAME='opensips_scscf'" 2>&1`" ]]; +then + mysql -u root -h ${MYSQL_IP} -e "create database opensips_scscf;" + SCSCF_USER_EXISTS=`mysql -u root -h ${MYSQL_IP} -s -N -e "SELECT EXISTS(SELECT 1 FROM mysql.user WHERE User = 'opensips_scscf' AND Host = '%')"` + if [[ "$SCSCF_USER_EXISTS" == 0 ]] + then + mysql -u root -h ${MYSQL_IP} -e "CREATE USER 'opensips_scscf'@'%' IDENTIFIED WITH mysql_native_password BY 'heslo'"; + mysql -u root -h ${MYSQL_IP} -e "CREATE USER 'opensips_scscf'@'$SCSCF_IP' IDENTIFIED WITH mysql_native_password BY 'heslo'"; + mysql -u root -h ${MYSQL_IP} -e "GRANT ALL ON opensips_scscf.* TO 'opensips_scscf'@'%'"; + mysql -u root -h ${MYSQL_IP} -e "GRANT ALL ON opensips_scscf.* TO 'opensips_scscf'@'$SCSCF_IP'"; + mysql -u root -h ${MYSQL_IP} -e "FLUSH PRIVILEGES;" + fi +fi + +sed -i 's|SCSCF_IP|'$SCSCF_IP'|g' /etc/opensips/freeDiameter.conf +sed -i 's|PYHSS_IP|'$PYHSS_IP'|g' /etc/opensips/freeDiameter.conf +sed -i 's|IMS_DOMAIN|'$IMS_DOMAIN'|g' /etc/opensips/freeDiameter.conf +sed -i 's|PYHSS_BIND_PORT|'$PYHSS_BIND_PORT'|g' /etc/opensips/freeDiameter.conf +sed -i 's|SCSCF_BIND_PORT|'$SCSCF_BIND_PORT'|g' /etc/opensips/freeDiameter.conf + +sed -i 's|SCSCF_IP|'$SCSCF_IP'|g' /etc/opensips/opensips.cfg +sed -i 's|IMS_DOMAIN|'$IMS_DOMAIN'|g' /etc/opensips/opensips.cfg +sed -i 's|MYSQL_IP|'$MYSQL_IP'|g' /etc/opensips/opensips.cfg + +# Sync docker time +#ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone + +exec /usr/sbin/opensips -F $@