ngap: Fix deviation in ASN1 from TS 38.413 version 17.5.0
I originally copied the ASN1 files from https://forge.etsi.org/rep/int/5g-core/ngap.git directory ttcn/LibNGAP/lib/asn1, commit fa43d01e202379a969e991a9454d9c6c6930b5b5.
Apparently one file contained a deviation from the 3GPP content and it was also fixed in ngap.git in 47e7239dd80f2f12a4cbcdd7977ca0a32356f3be.
I found out this problem when trying to use this ASN1 file to generate new libfftranscode, which then failed to properly decode DownlinkNASTransport due to the deviation.
Remove the part about caching logic of docker containers, as most testsuites don't use docker-playground anymore. The main reason for using commits here is that we have exact commits when doing regression testing.
Replace the verbose license header with the SPDX version while at it.
This commit adds initial support to issue a successful PDU Session Establishment procedure towards the 5GC, getting a ready-to-use GTPU session with IPv4 addr + TEID + UE IP address.
commit has to our nas.git fork is updated in order to have multiple fixes and improvements needed to have everything working fine.
GTPv1U and GTPv2C are 2 different protocols, working on 2 different ports, on 2 different sockets. Hence, it makes no sense to put them together, since some tests may want to use only the control-plane, others may want to use the user-plane, etc. Morevoer, GTPv1U can be used together with both GTPv2C anf GTPv1C.
This commit also fixes the confusion where TEIC and TEID were not properly separated in GTPv2_Emulation.
GTPv1U_Emulation: support multiple client ports per GTP1U_ConnHdlr
This feature is already present in GTP1U code of GTP_Emulation. That part of the code will be removed and ported to use GTPv1U_Emulation, so we need to also support this feature here.
* Move T_Guard to MTC, there's no need to have multiple of them (one per ConnHdlr). * Call f_init_handler() internally so it doesn't need to be called by each ConnHdlr test. * Change function attribute friend to private
testenv: Dockerfile: use debian archive for deb10 libssl pkg
As Debian 10 is EOL, this debian 10 package we are still using here to make mongodb work is getting removed from the mirrors. Currently some still have it, some have deleted it already. Use the archive instead.
When building programs from source, don't look only in $install_dir/bin, but also in $install_dir/usr/bin for the binaries. osmo-s1gw installs to usr/bin with recent changes and other programs may do this too.
The current NGAP and 5G auth code is now working fine, so disable debug logging. Keep it commented out so it can be re-enabled at any time if some related topic needs to be debugged (will eventually happen).
open5gs-dbctl tool is called in batches of multiple IMSIs to speed up setup, since each call takes fractions of seconds to complete. mongosh called by open5gs-dbctl actually uses quite a lot of CPU and RAM resources, hence limit the amount of parallel runs to a fair amount (eg. running the 256 of them in parallel froze my workstation with 16GB of RAM).
NGAP_Templates: Fixes and improvements for UEContextReleaseComplete
The existing templates for UEContextReleaseComplete were completelly wrong, probably due to copy-paste when introducing them. This commit fixes all those problems and allows passing optional parameters.
* procedureCode was wrong * Criticality of several fields was wrong * Type of resource list was wrong, and marked as mandatory while it was optional.
Remove the unused limit_section argument in testenv.osmo_dev.make(). The idea was to use osmo-dev to build programs where no packages are available when using --binary-packages, but this didn't work because when using --binary-packages, we must install all package dependencies from the binary repository (so testing nightly / latest use the expected library versions). Nowadays this use case is handled by podman_install.from_source_* functions without using osmo-dev.
Pass the targets we are about to build to osmo-dev's gen_makefile script. This has two advantages:
1) Check early if a target isn't known by the current osmo-dev version, displaying a useful error to the user instead of just failing during make later on:
ERROR: filter_projects_deps_targets: can't find project osmo-new-project in projects_deps!
[testenv] gen_makefile.py from osmo-dev failed! [testenv] Your osmo-dev.git clone might be outdated, try: [testenv] $ git -C /home/user/code/osmo-dev pull
2) Parsing the generated Makefile when running "make" after generating it doesn't cause a noticable delay anymore. On my machine (with many Osmocom git repos cloned in osmo-dev's src dir) it went from several seconds to instantly.
When running tests manually I oftentimes end up with hundreds of *.log files in testsuite directories. The present patch adds a convenience target for removing them.
This patch adds testcases for the silent-call feature:
* MSC_Tests.TC_silent_call_start_stop Test starting and stopping silent call via the VTY. * MSC_Tests.TC_silent_call_active_conn Test initiating a silent call while there's an active connection. The MSC is expected to be smart and reject such an attempt.
ngap: Add template for UEContextReleaseReq without PDU Session List
That's the only optional IE in the message. Add a separate template to be able to transmit with that IE set, similar to what's already done in m_n2_InitialContextSetupRequest_withPDUSessionList().
Allow building the podman image for another distribution. This was mostly implemented already, but due to the missing --distro argument for "./testenv.py init podman" it could not be used yet.
Make sure that the value for --distro is supported early on, instead of only checking it if --binary-repo is set while trying to add the binary repository.
Add an apt-pin to ensure packages from the Osmocom repositories get preferred over Debian's packages. I just ran into this with osmo-mgw, where we have 1.4.0 in osmocom:latest and Debian 13 has 1.14.0+dfsg1-2, which counts as higher version. This results in the wrong package being selected, and also in an error later on when trying to install related debug packages from our repository:
The following packages have unmet dependencies: osmo-mgw-dbgsym : Depends: osmo-mgw (= 1.14.0) but 1.14.0+dfsg1-2 is to be installed
In debian 13, the virtio_pci kernel module is now builtin. Adjust the code paths that add kernel modules to the initramfs and load them to ignore builtin modules.
This fixes the ttcn3-ggsn-test-kernel-latest job job, which currently fails with:
+ modprobe -a --dry-run --show-depends --set-version=6.12.41+deb13-amd64 virtio_net virtio_pci + sort -u + cut -d -f 2 + local files=virtio_pci /lib/modules/6.12.41+deb13-amd64/kernel/drivers/net/net_failover.ko.xz /lib/modules/6.12.41+deb13-amd64/kernel/drivers/net/virtio_net.ko.xz /lib/modules/6.12.41+deb13-amd64/kernel/net/core/failover.ko.xz + qemu_initrd_add_file virtio_pci /lib/modules/6.12.41+deb13-amd64/kernel/drivers/net/net_failover.ko.xz /lib/modules/6.12.41+deb13-amd64/kernel/drivers/net/virtio_net.ko.xz /lib/modules/6.12.41+deb13-amd64/kernel/net/core/failover.ko.xz /usr/lib/modules/6.12.41+deb13-amd64/modules.alias + local i + local cp=cp --no-dereference --recursive --parents + cp --no-dereference --recursive --parents virtio_pci <https://jenkins.osmocom.org/jenkins/job/ttcn3-ggsn-test-kernel-latest/1665/artifact/logs/osmo_ggsn_v4_only/ggsn/_initrd> cp: cannot stat 'virtio_pci': No such file or directory
The --asan flag builds all Osmocom components with address sanitizer enabled. Use a separate install dir from the non-asan version to ensure we don't end up with using non-asan versions. (A separate make dir is already used.)
Bump make_dir_version to avoid having markers for already installed binaries / libraries in the make dir, which are invalid now for asan-builds as we switched the install dir.
Fixes: c3657172 ("testenv: add run --asan") Change-Id: Ic75452b75d4c3ee8045b68353830b5532e1ce90e
ranap: Support Tx GlobalRNC-ID during RANAP RESET (ACK)
This commit doesn't affect the behavior of any existing testsuite yet, it only updates the templates and adds a RanOps param to be able to pass a GlobalRNC-Id to RAN_Emulation.
A follow-up commit will change SGSN_Tests to append GlobalRNC-Id to RANAP Reset when sending towards SGSN, since it's mandatory for an RNC to set it according to 3GPP TS 25.413 8.26.2.2.
When building the 5gc testsuite with as many parallel jobs as CPU cores are available (the default), on at least Pau's and my system, all RAM gets consumed and the system becomes unusable. On other systems, an out-of-memory killer might kill the compiler, which is also not great. This can currently only be avoided if the user remembers to pass "-j4" to testenv, to ensure that only 4 jobs run in parallel.
Add a new max_jobs_per_gb_ram= option to 5gc/testenv.cfg. Set it to 0.3, so on e.g. systems with 15 GiB of RAM, we get 4 jobs as maximum.
It will be used in a follow-up commit in TC_stat_rnc_sctp_disconnected.
This new test infrastructure can still be used with osmo-sgsn latest since it already initialized the statsd VTY commands despite having no osmo_stats in use.
These templates include handover preperation and resource allocation for S1 handover procedure. It supports mandatory information elements only at this time.
We use our own one from the library, not the demo one.
In `asterisk/gen_links.sh` we first create a broken symlink, and then overwrite it with a valid symlink to `library/PIPEasp_Templates.ttcn`. This should not be a problem, since `gen_links.inc.sh` is calling ln with flags `-sf`, yet we saw a build failure in Jenkins:
msc: CC SETUP MT speech: verify bearer capabilities
Verify that the MSC sends the bearer capability IE from 3GPP TS 24.008 § D.1.2 for speech in the network to MS direction, instead of allowing e.g. what osmo-msc master and latest release currently do:
- Filling out radio channel requirement the same way as the MS to Network direction, which is wrong for the Network to MS direction: "Bits 6 and 7 are spare bits. The sending side (i.e. the network) shall set bit 7 to value 0 and bit 6 to value 1." (3GPP TS 24.008 Table 10.5.102)
- Sending a speech list in the Network to MS direction, which seems to be allowed in theory and MS are supposed to ignore it (end of Table 10.5.103) but causes bugs in some MS in practice. Therefore it is better to ensure that osmo-msc does not send it (OS#6656).
Implement this in f_mt_call_complete(), which gets used e.g. by TC_lu_and_mt_call.
S1GW: Add test case to test release of e-RABs during handover preperation
HANDOVER COMMAND allows e-EABs to be forwarded or to be released. The test provides two lists and expects osmo-s1gw to release only those e-RABs that are included int the "E-RABs to Release List" IE.
S1GW: Add test case to test release of failed e-RABs during handover resource allocation
HANDOVER REQUEST ACKNOWLEDGE indicates admitted and failed eRABs. The test provides two lists and expects osmo-s1gw to release only those e-RABs that are included int the "E-RABs Failed to Setup List" IE.
SGsAP_Emulation: Introduce proper support for server-mode
Prior to this commit, only initial (not really useful) SCTP server-mode support existed in SGsAP_Emulation. This is basically because MSC_Tests uses the SCTP client-mode, and MME_Tests_SGsAP were not yet in a fully working state.
In server-mode, we have a conn_id for the listening socket and a conn_id for the accepted socket; track them properly. Moreover, in server node we definetly need some sort of event to wait for the client to connect; introduce it. Based on existing work in Iuh_Emulation.
mme: Initial working state for MME_Tests_SGsAP.ttcn tests
MME_Tests_SGsAP.ttcn tests were introduced to the repository many years ago (~2019), but they were mostly WIP and were never run as part of the regular testsuite.
This commit reworks and extends previous work to get them up to date with current MME_Tests and makes most of them passing.
TC_sgsap_alert_* tests are still in WIP and will be fixed in follow-up work.
* Generate a different enb_ue_id based on imsi_suffix, and store it during startup of ConnHdlr. * Validate the MME sends the expected message to the expected enb_ue_id. * Store the mme_ue_id and validate also that MME keeps using it.
A new procedure is added to S1AP_Emulation, similar to what already exists in NGAP_Emulation, to obtain the mme_ue_id allocated by the peer. This is needed because upon rx of DL NAS Transport messages we only receive the upper layer NAS decoded in the Connhdlr, so we can't store and track the MME ID early enough.
Use the following options for stderr logging in all config, to make the output consistent and readable (e.g. no hex categories, no long paths to source files at the end of log lines). Use the same order of parameters in all files.
This allows explicitly matching what's configured in osmo-stp's "routing-key" & "point-code override dpc" VTY configs for each AS. This in turn makes the osmo-stp cfg file easy to understand by looking at the peer's (TTCN3) configuration.
There's no need to configure "point-code override opc" in the osmo-stp since by default the PC declared in the routing-key is used to apply an OPC on incoming messages over an IPA ASP.
Once we have the PC available in the TTCN3 config file, we can use it inside IPA<->M3UA test to put the value in generated M3UA messages (there's no visible changes in IPA ones because ofc the IPA signalling doesn't include the PC in the messages).
Move RAN_Configurations module parameter definition to *_Tests.default
This way we can easily tweak values, which usually involve other programs' config like osmo-stp, without needing to recompile ttcn-3. Furthermore, we avoid ending up in the situation where the .ttcn file contains invalid data which is always overridden in .default, like it happened in MSC_Tests.ttcn.
SDP_EncDec.cc is not in titan.Libraries.TCCUsefulFunctions, it is in titan.ProtocolModules.SDP. The gen_links.sh scripts had instructions to symlink both the wrong and right location of SDP_EncDec.cc, and most of the time the right location would be symlinked.
When the wrong location was symlinked, the next command regen_makefile.sh would fail with:
ttcn3_makefilegen: error: Cannot find any source file for argument `SDP_EncDec.cc'.
The file TCCOpenSecurity_Functions.hh does not exist in a fresh clone of titan.Libraries.TCCUsefulFunctions. Currently it only gets created after gen_links.sh ran, created the symlink (to the not yet existing file) and then ttcn3_compiler writes to it. Adjust the gen_links files to not create this broken symlink.
This is slightly slower than the previous approach (which did not check if the symlink target exists). But this prevents adding subtle bugs that may not trigger every time (see 520ac3ab ("*/gen_links.sh: fix wrong SDP_EncDec.cc symlink")).
Prepare to support getting core files without having systemd-coredump installed, as we plan to uninstall it from the jenkins servers to make retrieving coredumps for other jobs feasible again.
When starting daemons, set the maximum core file size to unlimited. Otherwise it might be at 0, resulting in no core files getting generated.
I have considered using resource.setrlimit() on the python process instead, but this wouldn't work when spawning the daemons inside the podman container.
Support getting core files from a typical core_pattern=core where the coredump just gets stored in the current working dir, instead of always retrieving it from coredumpctl. This is what we will use with jenkins in the future, as it makes getting core files in other jobs easier. Remove support for the custom testenv-coredump-helper code that isn't needed anymore.
library/HTTP_Adapter: do not hard-code 'Content-Type'
* Do not send `Content-Type` when request contains no body. ** This is wrong and some servers would reject such a request. * Allow passing custom `Content-Type` to ** `f_http_tx_request()` and ** `f_http_transact()`. * Use `application/json` by default.
Implemented parts conform to sgp 23 v1.13-v1.15 Certs are from https://www.gsma.com/solutions-and-impact/technologies/esim/wp-content/uploads/2021/07/SGP.26_v1.5-17-July-2025_files_v3.zip the invalid ones are generated using smdpp/generate_all_test_certificates.py
OsmoS1GW implements a custom (non-standard) REST interface, primarily intended for state introspection. The interface is specified using OpenAPI, with the specification available in osmo-s1gw.git.
Fix that manually running testsuites (as described in README.md) would unsucessfully attempt to start dumpcap for 10s before running each test:
NOTE: unable to use dumpcap due to missing permissions in /tmp Warning: Named pipe already exists: /tmp/cmderr sudo -n /usr/bin/tcpdump -U -s 1520 -n -i any -w "/tmp/smdpp_Tests.TC_rsp_complete_flow.pcap" >/tmp/smdpp_Tests.TC_rsp_complete_flow.pcap.stdout 2>/tmp/cmderr & Waiting for packet dumper to start... 0 Waiting for packet dumper to start... 1 Waiting for packet dumper to start... 2 Waiting for packet dumper to start... 3 Waiting for packet dumper to start... 4 Waiting for packet dumper to start... 5 Waiting for packet dumper to start... 6 Waiting for packet dumper to start... 7 Waiting for packet dumper to start... 8 Waiting for packet dumper to start... 9 Packet dumper didn't start filling pcap file after 10 seconds!!!
This happens because /tmp is owned by root and not by the user running ttcn3-tcpdump-start. Put the pcaps in /tmp/pcap by default instead of /tmp and create this directory as the current user if it does not exist. This also prevents cluttering /tmp.
Note that this is only relevant when manually running the testsuites and not setting TTCN3_PCAP_PATH, e.g. testenv sets this variable already.
The ttcn3-{tcpdump,dumpcap}-*.sh scripts can easily spend 5s or more for each test with: * Waiting until the pcap gets created. * Waiting until pcap size does not increase anymore after the test. * Saving the talloc report.
Add --fast to skip all this, to allow running a whole testsuite significantly faster locally to check for regressions. Developers can then still run failing tests again without --fast to get the pcap and talloc reports.
RAN_{Emulation,Adapter}: Split transport type from transport client/server mode
The RAN_Transport is used to identify the stack of protocols in use up to SCCP. The client/server mode is some extra independent information. For instance, RAN_Emulation doesn't really use it while RAN_Adapter does, since the later is the one in charge of setting up the lower layer socket connection.
RAN_Adapter has further features and goes up in the stack, while sometimes getting an SCCP SAP is enough, eg. when doing stuf with SIGTRAN on the Core Network (eg. TCAP).
Add an option to quickly install packages in the container. This is useful when making a new SUT run with osmo-ttcn3-hacks and figuring out which packages need to be installed to make the build pass (without rebuilding the whole container for each missing dependency). It can also be used to quickly install additional debugging tools (strace, valgrind, etc.). A cache for the deb files is already getting mounted inside the container.
Fix this error: Error: Error message was received from HC at 10.0.2.100 [10.0.2.100]: Error while setting parameter field 'SGSN_Tests.mp_ranap_cfg[0].sctp_addr' to '{ 23908, "127.0.0.103", 2905, "127.0.0.200" }': Non existent field name in type @RAN_Adapter.RAN_Configuration: sctp_addr
Fixes: 0cdd73a8 ("Split SCCP_Adapter out of RAN_Adapter") Change-Id: I62a1188aa3346fda3f0674296629ade51a02088f
Prepare to run PyHSS, which needs this variable to be set or else no log messages are printed. This problem exists with potentially all python scripts that testenv would run, so set the env var for all commands.
Fix an immediate disconnect from pyHSS: [ERROR] 127.0.0.1:9999: Role not found in tags. 'sgsn' or 'msc' must appear in one of there tags: TYPE, UNIT, UNITNAME. Closing connection.
Add wrappers as f_subscr_create/_delete (without _vty), and only use the VTY implementation for OsmoHLR. This is in preparation for implementing a different method for PyHSS in a follow-up patch.
Avoid passing the VTY parameter by splitting each function into a normal variant that runs on test_CT, and a _HCH variant that runs on HLR_ConnHdlr.
MME-Tests: Add tests for emergency cappability indication
When an attachment is accepted, MME indicates the capability of emergency calls, if and only if configured in MME's configuration file. The emergency numbers that are configured are also indicated.
The tests check if the indications follow the configuration and are correctly encoded.
smdpp_Tests: simplify generation of smdpp_ConnHdlrPars (NIST vs. BRP)
When we call f_init_pars() it will return a record with default parameters. However, those parameters are only a suitable default when the NIST curve is used. For the brainpool curve we will have to modify returned result.
Let's simlify this by adding a parameter to f_init_pars() that allows us to switch between the defaults for NIST and BRP as needed.
Run the PyHSS API service, and fill it with a default APN on startup. Having one APN entry in the database is required for creating subscribers.
Talk to the API service for creating and deleting subscribers. Do this with a new script pyhss_api_helper.py. Deleting subscribers requires reading JSON returned from the server (to get the AUC and subscriber ID from the IMSI). I have first attempted to do this via HTTP_Adapter instead of using a helper script, but this was a lot more complex and would have required to have the JSON structure in the TTCN3 files. The eim testsuite also runs an external script for REST requests.
With this change and additional fixes in PyHSS, more tests pass: * HLR_Tests.TC_gsup_sai * HLR_Tests.TC_gsup_sai_num_auth_vectors * HLR_Tests.TC_gsup_ul * HLR_Tests.TC_gsup_purge_cs * HLR_Tests.TC_gsup_purge_ps
smdpp_tests: extend comment with hint on CA cert locations
Let's extend the comment around mp_es2plus_server_host and mention that CA certfiicates should be made availablein /etc/ssl/certs. In case the CA certificate is not present in /etc/ssl/certs, libcurl will refuse to connect.
The ES2Plus_Tests only have minimal configuration options. Let's remove hardcoded options and replace them with module parameters. Let's also document the module parameters.
The testsuite uses a custom libcurl based sublayer that handles all the HTTP related tasks. Let's remove the HTTP_server_port related testport parameters.
ES2Plus_Tests: rename mp_es2plus_server_host to _fqdn
Let's rename the module parameter mp_es2plus_server_host to mp_es2plus_server_fqdn. The reason for this is that the suffix "host" suggests that one may use an arbitrary hostname or IP address. In this case this is in fact not true. The FQDN must match the hostname of the SSL server certificate. Apart from that GSMA SGP.22 always uses the word "FQDN" in their specs.
ES2Plus_Tests.cfg: comment out parameters in config file.
The code in ES2Plus_Tests.ttcn already provides safe defaults, so we do not have to repeat those defaults again in ES2Plus_Tests.cfg.
So let's comment out the parameters. This way we kenn keep them for illustrative purposes, so that users can use the config file as a helpful template for the most basic settings.
smdpp_Tests.cfg: comment out parameters in config file.
The code in smdpp_Tests.ttcn already provides safe defaults, so we do not have to repeat those defaults again in smdpp_Tests.cfg.
So let's comment out the parameters. This way we kenn keep them for illustrative purposes, so that users can use the config file as a helpful template for the most basic settings.
smdpp_Tests/ES2Plus_Tests: move ES2+ code to smdpp_Tests.ttcn
In smdp_Tests.ttcn, the ES9+ and ES2+ interface are intermingled. This is a problem since ES2+ and ES9+ are two independed interfaces and they may use different certificates and may even be reachable under a different FQDN from a different network interface.
To untable ES2+ and ES9+ we can move the ES2+ code from ES2Plus_Tests.ttcn to smdpp_Tests.ttcn. Since ES2Plus_Tests.ttcn inherits from smdpp_Tests.ttcn the ES2+ code will still be available to ES2Plus_Tests.ttcn.
This change will add the flexibility of ES2Plus_Tests.ttcn to smdpp_Tests.ttcn. This means we can now freely configure the FQDN and the certificates used with ES2+.
When we call the f_init_esXplus functions we always check the return code to see if the initialization went ok. However in both functions we already set the verdict and in the ES2+ variant of the functions we already stop the MTC. Let's optimize the function calls so that we only call the function without checking the return code. Let's do all the error handling and the stopping of the MTC in inside f_init_esXplus.
Move the run_in_venv.sh script that is only used by pyhss from the generic location _testenv/data/scripts/run_in_venv.sh to hlr/pyhss/run_in_venv.sh and hardcode the path /opt/venvs/pyhss/bin/activate in there when running from binary packages. This is the path used in the binary package in the Osmocom OBS, the default path from dh_virtualenv. The package doesn't install pyhss_gsup etc. to /usr/bin, as these are usually not meant to be directly started without the systemd services that have the /opt/venvs/pyhss path hardcoded.
Also put 'export PYHSS_CONFIG=config.yaml' in there, now that the script is pyhss specific.
