This document explains how to debug network functions in my5G-core and presents tips to capture network traffic using filters based in the reference points targeted.
-
To start debugging some component since the beginning, you must set a breakpoint on the main function in the main package of the component.
- For instance, to start debugging the NRF, set a breakpoint in the first line of code of the main function of the
my5G-core/src/nrf/nrf.gofile.
~/my5G-core/src/amf/factory/factory.go- package main
- Entry point for the application (main function).
- Function action is invoked in main.
- For instance, to start debugging the NRF, set a breakpoint in the first line of code of the main function of the
-
On the Project View on the left, navigate through the component you want to run
-
Right click on the component (*.go) and choose Debug
- Optional: Use the CTRL + SHIFT + F10 (shortcut)
-
After this, the run window will show
-
Now the “command” will be available on the toolbar
-
Next time just choose the command in the toolbar and run or debug clicking on the buttons
-
To stop a running or debugging component click the Stop button on the toolbar
Obs: Do the same for the other NF components. All the components are in ~/my5G-core/src/{component}/{component}.go. For example, for SMF it's in ~/my5G-core/src/smf/smf.go.
-
Execute Wireshark
wireshark
-
Filters to use in Wireshark
# monitor traffic going through UPF gtp # monitor traffic in NWu isakmp or gre or nas-5gs or esp # monitor traffic in N4 pfcp # monitor traffic in N2 ngap
Here there is an overview of the most important protocols in service-based interfaces and reference points.
-
Sample: monitoring PFCP traffic in N4 reference point.
# stop all running NFs cd ~/my5G-core # fix wireshark permission sudo groupadd wireshark sudo usermod -a -G wireshark $USER sudo chmod +x /usr/bin/dumpcap # start wireshark wireshark -kni any --display-filter pfcp & # run my5G-core ./run.sh
- Establishing a PFCP Association between SMF and UPF. SMF will use this association to send rules to UPF, instructing how to process incomming packets.
SMF uses the PFCP protocol to send rules to UPF and these rules instruct how UPF should process incomming packets.
-
Download and installing libgtp5gnl
git clone https://github.com/PrinzOwO/libgtp5gnl.git ~/libgtp5gnl cd ~/libgtp5gnl autoreconf -iv ./configure --prefix=`pwd` make
-
Listing packet processing rules
cd ~/libgtp5gnl # monitoring Packet Detection Rule (PDR) tunnels sudo ./tools/gtp5g-tunnel list pdr # monitoring Forwarding Action Rule (FAR) rules sudo ./tools/gtp5g-tunnel list far
Images above were retrieved from the book 5G Core Networks.
-
Testing and monitoring packet processing rules
# stop my5G-core if it's running (CTRL+C) # start wireshark sniffing for PFCP traffic (Split terminal) wireshark -kni any --display-filter pfcp & # the test will run UPF in another network namespace cd ~/libgtp5gnl # monitoring Packet Detection Rule (PDR) rules (Split terminal) sudo watch -d -n 1 ip netns exec UPFns ./tools/gtp5g-tunnel list pdr # monitoring Forwarding Action Rule (FAR) rules (Split terminal) sudo watch -d -n 1 ip netns exec UPFns ./tools/gtp5g-tunnel list far # change the sleep time in ~/my5G-core/test.sh line 125 to 120 this will give you time to analyse the rules before the UPF is terminated. # execute TestNon3GPP cd ~/my5G-core ./test.sh TestNon3GPP # observe the rules being created in UPF # Tip: You can combine the wireshark monitoring (pfcp) and inspect the packets to see how SMF sends the rules for packet processing to UPF
- SMF instructs the UPF to create rules for packet detection and forwarding.
- Indicates the creation of a PDR.
- Specifies the rule ID.
- Tunnel Endpoint ID and IP address.
- UE IPv4 address.
- Information about how to desencapsulate incomming packet.
OBS.: Check conf/uerouting.yaml file to see routing information for UE.
- Information to allow UPF to identify these packets
- The detection rule references a forwarding rule action to be executed when a packet matches this rule.
- Action = 2 means forward the packet. Other possible actions could be drop, duplicate or buffer.
- The detection rule that triggers this forwarding action.
