Update to

config.yaml

@@ -93,6 +93,51 @@ hss:
     bind_ip: "0.0.0.0"
     bind_port: 4222
 
+  # IFC Template Configuration
+  # Controls how Initial Filter Criteria (IFC) templates are loaded and cached
+  ifc_templates:
+    # Whether to use database-stored templates (True) or file-based templates (False)
+    # Default: False (file-based) for backward compatibility
+    use_database: False
+    # Whether to cache compiled Jinja2 templates in memory (recommended for production)
+    # Works for both database and file-based modes
+    cache_enabled: True
+    # Default template path when subscriber has no ifc_path or ifc_template_id set
+    default_template_path: 'default_ifc.xml'
+
+  # Enable Zn Interface for GBA (Generic Bootstrapping Architecture)
+  # Zn-Interface connects BSF (Bootstrapping Server Function) to HSS
+  # According to 3GPP TS 29.109
+  Zn_enabled: True
+
+  # BSF (Bootstrapping Server Function) Parameters
+  bsf:
+    # BSF Hostname for GBA Authentication
+    bsf_hostname: "bsf.epc.mnc001.mcc001.3gppnetwork.org"
+
+    # GAA (Generic Authentication Architecture) Key lifetime in seconds
+    # Default: 3600 seconds (1 hour)
+    gaa_key_lifetime: 3600
+
+    # Supported NAF (Network Application Function) Groups
+    # NAFs that are allowed to use GBA credentials
+    naf_groups:
+      - name: "default_naf_group"
+        naf_hostnames:
+          - "naf1.epc.mnc001.mcc001.3gppnetwork.org"
+          - "naf2.epc.mnc001.mcc001.3gppnetwork.org"
+
+    # B-TID (Bootstrapping Transaction Identifier) format
+    # Format: base64(RAND)@bsf_hostname
+    btid_format: "base64"
+
+    # Ks_NAF key derivation algorithm
+    # Options: "milenage", "tuak"
+    key_derivation_algorithm: "milenage"
+
+    # Enable Ks_ext_NAF (extended NAF key) support for 2G/3G
+    ks_ext_naf_enabled: True    
+
 api:
   page_size: 200
   # Whether or not to return key-based data when querying the AUC. Disable in production systems.
@@ -162,10 +207,39 @@ ocs:
 geored:
   enabled: False
   sync_actions: ['HSS', 'IMS', 'PCRF', 'EIR']    #What event actions should be synced
+  update_file: '/etc/pyhss/geored_last_update'   #File to store latest geored endpoints
   endpoints:                         #List of PyHSS API Endpoints to update
     - 'http://hss01.mnc001.mcc001.3gppnetwork.org:8080'
     - 'http://hss02.mnc001.mcc001.3gppnetwork.org:8080'
 
+## ENUM Management Parameters (RFC 6116)
+# Manages NAPTR records in PowerDNS for E.164 Number Mapping (ENUM)
+# Used to map MSISDNs to SIP URIs for IMS subscribers
+enum:
+  enabled: False
+  # If true, fail IMS subscriber operations when ENUM updates fail
+  # If false, log errors but allow subscriber operations to succeed
+  strict_mode: False
+  # NAPTR record parameters
+  naptr_order: 10
+  naptr_preference: 10
+  naptr_ttl: 3600
+  # PowerDNS API endpoints - each can have multiple domains
+  # endpoints:
+  #   - name: "primary-pdns"
+  #     url: "http://pdns1.example.com:8081"
+  #     api_key: "changeme"
+  #     sip_domain: "ims.mnc001.mcc001.3gppnetwork.org"
+  #     domains:
+  #       - "e164.arpa"
+  #       - "e164.example.com"
+  #   - name: "secondary-pdns"
+  #     url: "http://pdns2.example.com:8081"
+  #     api_key: "changeme"
+  #     sip_domain: "ims.mnc001.mcc001.3gppnetwork.org"
+  #     domains:
+  #       - "e164.arpa"
+
 #Redis is required to run PyHSS. An instance running on a local network is recommended for production.
 redis:
   # Which connection type to attempt. Valid options are: tcp, unix, sentinel

docker/.env

@@ -31,6 +31,10 @@ HSS_SCTP_RTO_MIN=500
 HSS_SCTP_RTO_INITIAL=1000
 HSS_GSUP_BIND_IP=0.0.0.0
 HSS_GSUP_BIND_PORT=4222
+# IFC Template Configuration (backward compatible)
+HSS_IFC_TEMPLATES_USE_DATABASE=False
+HSS_IFC_TEMPLATES_CACHE_ENABLED=True
+HSS_IFC_TEMPLATES_DEFAULT_TEMPLATE_PATH=default_ifc.xml
 API_PAGE_SIZE=200
 API_ENABLE_INSECURE_AUC=False
 BENCHMARKING_ENABLED=True

docker/config.yaml

@@ -93,6 +93,15 @@ hss:
     bind_ip: "${HSS_GSUP_BIND_IP:-0.0.0.0}"
     bind_port: ${HSS_GSUP_BIND_PORT:-4222}
 
+  # IFC Template Configuration (backward compatible)
+  ifc_templates:
+    # Whether to use database-stored templates (True) or file-based templates (False/default)
+    use_database: ${HSS_IFC_TEMPLATES_USE_DATABASE:-False}
+    # Whether to cache compiled Jinja2 templates (works for both modes)
+    cache_enabled: ${HSS_IFC_TEMPLATES_CACHE_ENABLED:-True}
+    # Default template path when ifc_path/ifc_template_id is not set
+    default_template_path: "${HSS_IFC_TEMPLATES_DEFAULT_TEMPLATE_PATH:-default_ifc.xml}"
+
 api:
   page_size: ${API_PAGE_SIZE:-200}
   # Whether or not to return key-based data when querying the AUC. Disable in production systems.
@@ -155,6 +164,28 @@ geored:
     - "${GEORED_ENDPOINT_1:-http://hss01.mnc001.mcc001.3gppnetwork.org:8080}"
     - "${GEORED_ENDPOINT_2:-http://hss02.mnc001.mcc001.3gppnetwork.org:8080}"
 
+## ENUM Management Parameters (RFC 6116)
+# Manages NAPTR records in PowerDNS for E.164 Number Mapping (ENUM)
+# Used to map MSISDNs to SIP URIs for IMS subscribers
+enum:
+  enabled: ${ENUM_ENABLED:-False}
+  # If true, fail IMS subscriber operations when ENUM updates fail
+  # If false, log errors but allow subscriber operations to succeed
+  strict_mode: ${ENUM_STRICT_MODE:-False}
+  # NAPTR record parameters
+  naptr_order: ${ENUM_NAPTR_ORDER:-10}
+  naptr_preference: ${ENUM_NAPTR_PREFERENCE:-10}
+  naptr_ttl: ${ENUM_NAPTR_TTL:-3600}
+  # PowerDNS API endpoints - each can have multiple domains
+  # Configure via environment variables or override this section
+  # endpoints:
+  #   - name: "primary-pdns"
+  #     url: "http://pdns1.example.com:8081"
+  #     api_key: "changeme"
+  #     sip_domain: "ims.mnc001.mcc001.3gppnetwork.org"
+  #     domains:
+  #       - "e164.arpa"
+
 #Redis is required to run PyHSS. An instance running on a local network is recommended for production.
 redis:
   # Which connection type to attempt. Valid options are: tcp, unix, sentinel