Skip to content

openpacketcore/openpacketcore-sdk

BranchesTags

Repository files navigation

OpenPacketCore SDK

CI

A robust, polyglot software development kit for building resilient, cloud-native 5G packet core network functions (CNFs). This SDK provides the standardized runtime chassis, quorum-replicated session storage, encrypted config persistence, data-governance/redaction boundary enforcement, and release-assurance evidence pipelines for packet core software with high-assurance deployment requirements.

The GTP-U user-plane codec is also applicable to LTE/EPC user plane. No EPC control-plane protocols (GTP-C, Diameter, S1AP) are provided.

Important

Production Readiness & Reference Boundaries

  • Rust SDK Core: The core Rust libraries have passed the current P0 SDK release-readiness gates. Downstream CNFs still need product-specific integration, deployment, and carrier acceptance validation.
  • Go Reference Operator: The Go operator located under operators/sdk-reference-operator/ is a reference harness and development utility only. It is explicitly not a production-grade controller. Downstream product teams are responsible for implementing product-specific Kubernetes operators.
  • Rust Reference SMF: The examples/smf-reference/ workspace is a reference consumer and API acid test, not a product-grade SMF. It has no N7/PCF, charging, NAS, or real UPF selection.
  • No Unconditional Claims: Standard deployments require integration with your local platform security policies, hardware topologies, and external KMS/SPIFFE infrastructure.

Getting started

See docs/quickstart.md for a guided first build and a minimal CNF example.

Workspace Layout & SDK Boundaries

The SDK is organized into a clean multi-crate Rust workspace and a Go reference operator directory:

Core Runtime & Platform (crates/)

Crate Purpose Reference
opc-sdk Facade crate: feature-gated re-exports of the core composition surface, a prelude, and the minimal_cnf end-to-end example. Quickstart
opc-runtime CNF runtime chassis: process startup phases, task supervision, health probes, and graceful SIGTERM drains. RFC 008
opc-protocol Zero-copy protocol codec framework: traits, context, errors, and fuzzing contracts. RFC 005
opc-proto-gtpu GTP-U protocol codec for the user-plane data path.
opc-proto-pfcp PFCP codec (TS 29.244): message layer, raw TLV preservation, and typed session-management IEs (experimental).
opc-proto-nas NAS-5GS (TS 24.501) codec: headers, security-envelope recognition, mobile identity, BCD unpacking, Registration Request/Accept IEs (experimental).
opc-proto-ngap NGAP (TS 38.413) v0 decoder via rasn APER: PDU framing, fixture-proven NGSetupRequest, raw-preserving re-encode (experimental v0). ADR 0013
opc-node-resources Validates ResourceProfile compatibility against observed NodeCapabilityReport. RFC 011

Config & Management (crates/)

Crate Purpose Reference
opc-config-bus Transactional config bus supporting schema validation, tenant segregation, AAD-bound envelope encryption, and admission control. RFC 001
opc-config-model Shared config-model request, result, identity, and error types. RFC 001
opc-persist Tamper-evident SQLite datastores, consensus config store membership, and fail-closed storage fault injection hooks. RFC 001
opc-nacm Normalized YANG path parsing and NACM authorization evaluation. RFC 001
opc-yanggen YANG-to-Rust type projection, RFC 7951 JSON serde, iterative semantic constraint validation, and patch applicator. RFC 002

Security & Identity (crates/)

Crate Purpose Reference
opc-identity SPIFFE Workload Identity and SVID reload support. RFC 003
opc-key Key-provider traits, in-memory adapters, and tenant-bound AEAD payload helpers. RFC 003
opc-crypto AEAD envelope encoding, decoding, and provider-driven encryption. RFC 003
opc-tls Reloadable SPIFFE-aware mTLS client and server support. RFC 003
opc-key-vault HashiCorp Vault Transit KeyProvider adapter using the wrapped-data-key envelope pattern (experimental). RFC 003

Session & State (crates/)

Crate Purpose Reference
opc-session-store Quorum-replicated session database supporting lease management, CAS operations, and change-stream watches. Quorum semantics (fencing, leases, CAS, read-repair) are production-grade within a process; networked replication is experimental and provided by opc-session-net. RFC 004
opc-session-cache Production-grade session cache with key-scoped invalidation, sequence tracking, and resume recovery. RFC 004
opc-session-net Networked session replication transport: mTLS length-prefixed wire protocol, replication server, and remote backend client (experimental). RFC 004

Alarms & Observability (crates/)

Crate Purpose Reference
opc-alarm Alarm model, severity taxonomy, dedup/update/clear manager, and in-memory store. RFC 013
opc-alarm-k8s Kubernetes condition and event mappings for OpenPacketCore alarms. RFC 013
opc-alarm-yang YANG schema and operational projections for OpenPacketCore alarms. RFC 013

Data Governance & Privacy (crates/)

Crate Purpose Reference
opc-redaction Support-bundle redactor scrubbing SUPIs, GPSIs, IPs, paths, and private keys. RFC 010
opc-data-governance Data classification, tenant boundary isolation, retention policies, and legal holds. RFC 010
opc-privacy Client-side privacy: cohort binning and k-anonymity validation. RFC 010
opc-export Metadata-preserving schema/payload export validation for backup and restore. RFC 010

Service-Based Interface (crates/)

Crate Purpose Reference
opc-sbi Shared SBI client/server, auth, NRF, retry, and testkit primitives. RFC 007
opc-api-nnrf Generated Rust types for 3GPP TS 29.510 NRF NfProfile / NfService (experimental). Design note

Release Assurance (crates/)

Crate Purpose Reference
opc-evidence Release assurance pipeline: SBOM generation, VEX scanning, and gate policy enforcement. RFC 006

Operator Lifecycle (crates/)

Crate Purpose Reference
operator-lifecycle Kubernetes production-readiness lifecycle foundation, config-apply, admission, and drain/upgrade planning. RFC 009
operator-controller Kubernetes operator controller execution layer (internal, not published).
operator-lifecycle-cli CLI interface exposing Rust SDK lifecycle contracts to Go controller-runtime operators via JSON (internal, not published).

Testing & Integration (crates/)

Crate Purpose Reference
opc-testbed Scenario DSL, virtual time, assertions, fixture provenance, and simulator framework. RFC 012
opc-sdk-integration Integration crate wiring runtime, config bus, alarms, and testbed evidence (internal, not published).
opc-config-fixture Generated-like config fixture for integration testing (internal, not published).
opc-amf-lite Realistic AMF-lite control-plane vertical slice integration proving SDK seams (internal, not published). ADR 0011

Internal Testkits (crates/)

Crate Purpose
opc-alarm-testkit Deterministic testing and assertions for alarms (internal).
opc-security-testkit Fake fixtures and fault injection for security validation (internal).
opc-session-testkit Chaos and failure testing for session replication (internal).
opc-amf-lite-testkit Reusable test fixtures and builders for opc-amf-lite (internal).

Shared Types (crates/)

Crate Purpose
opc-types Shared identifier, version, time, and redaction types.
opc-schema-validate Lightweight JSON Schema validation engine (subset used by testbed/evidence schemas).

Kubernetes Operators (operators/)

  • sdk-reference-operator: A minimal Kubernetes controller-runtime operator in Go that consumes Rust SDK policy decisions (admission validation, conversion, and migration planning) through a schema-driven CLI boundary.
  • operator-sdk-go: Reusable Go packages (conditions, bridge, drain, workload, opmetrics, testing) for building CNF operators.

Reference Consumers (examples/)

  • smf-reference: A deliberately bounded reference SMF that consumes the Rust SDK from outside the workspace (its own Cargo.toml and lockfile). It proves runtime startup, NRF registration, real PFCP/N4 bytes over UDP, and session-state tracking. Not a product-grade SMF.

Verification & Validation Gates

To ensure release stability, the repository enforces several validation gates. These must all pass before a release candidate is pushed.

1. Code Formatting

Ensure all workspace Rust code complies with formatting rules:

cargo fmt --all --check

2. Git Cleanliness Check

Ensure there are no whitespace errors or trailing diff anomalies:

git diff --check

3. Rust Clippy Linters

Ensure the workspace is warning-free across all compilation targets and feature sets:

cargo clippy --workspace --all-targets --all-features -- -D warnings

4. Workspace Test Suite

Run all unit, integration, and chaos test suites:

cargo test --workspace --all-features --quiet -- --test-threads=4

5. Go Operator Tests

Run reference operator unit and mock-client integration tests:

cd operators/sdk-reference-operator
go test ./...

6. Kubernetes Manifest Validation

Compile and validate Kustomize reference manifests:

kubectl kustomize operators/sdk-reference-operator/config/default

Community

  • Contributing — development setup, validation gates, and commit conventions.
  • Code of Conduct — Contributor Covenant v2.1.
  • Security — vulnerability reporting and disclosure policy.
  • Governance — decision process and maintainer criteria.

License

This project is licensed under the Apache License, Version 2.0.

See LICENSE.

About

Rust SDK for building cloud-native 5G packet core network functions: runtime chassis, 3GPP protocol codecs (GTP-U, PFCP, NAS-5GS), SBI framework, quorum session store, and Kubernetes operator tooling

Topics

kubernetes rust golang sdk telecom cloud-native nfv cnf kubernetes-operator gtpu 3gpp sbi 5g spiffe pfcp 5g-core packet-core

Resources

Readme

License

Apache-2.0 license

Code of conduct

Code of conduct

Contributing

Contributing

Security policy

Security policy
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

1 tags

Packages

 
 
 

Contributors

Languages