summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorHolger Hans Peter Freyther <holger@moiji-mobile.com>2014-01-20 10:14:05 +0100
committerHolger Hans Peter Freyther <holger@moiji-mobile.com>2014-01-20 10:14:05 +0100
commit6419018e6809924d56d764ba195cbce4c57776f2 (patch)
tree36e7820ae3a11ca432452e2c3ac37c14db6e7f5d
parent415cd2eebb5313f044612385e09d8b8af9cfe674 (diff)
nat: Make the access-list deny cause configurable
Add two optional arguments to the imsi-deny rule for the reject cause and verify that it is saved out.
-rw-r--r--openbsc/src/osmo-bsc_nat/bsc_nat_vty.c16
-rw-r--r--openbsc/tests/vty_test_runner.py38
2 files changed, 50 insertions, 4 deletions
diff --git a/openbsc/src/osmo-bsc_nat/bsc_nat_vty.c b/openbsc/src/osmo-bsc_nat/bsc_nat_vty.c
index 8dea34e64..261a194c3 100644
--- a/openbsc/src/osmo-bsc_nat/bsc_nat_vty.c
+++ b/openbsc/src/osmo-bsc_nat/bsc_nat_vty.c
@@ -78,8 +78,10 @@ static void write_acc_lst(struct vty *vty, struct bsc_nat_acc_lst *lst)
vty_out(vty, " access-list %s imsi-allow %s%s",
lst->name, entry->imsi_allow, VTY_NEWLINE);
if (entry->imsi_deny)
- vty_out(vty, " access-list %s imsi-deny %s%s",
- lst->name, entry->imsi_deny, VTY_NEWLINE);
+ vty_out(vty, " access-list %s imsi-deny %s %d %d%s",
+ lst->name, entry->imsi_deny,
+ entry->cm_reject_cause, entry->lu_reject_cause,
+ VTY_NEWLINE);
}
}
@@ -870,11 +872,13 @@ DEFUN(cfg_lst_imsi_allow,
DEFUN(cfg_lst_imsi_deny,
cfg_lst_imsi_deny_cmd,
- "access-list NAME imsi-deny [REGEXP]",
+ "access-list NAME imsi-deny [REGEXP] (<0-256>) (<0-256>)",
"Access list commands\n"
"Name of the access list\n"
"Add denied IMSI to the list\n"
- "Regexp for IMSIs\n")
+ "Regexp for IMSIs\n"
+ "CM Service Reject reason\n"
+ "LU Reject reason\n")
{
struct bsc_nat_acc_lst *acc;
struct bsc_nat_acc_lst_entry *entry;
@@ -889,6 +893,10 @@ DEFUN(cfg_lst_imsi_deny,
if (gsm_parse_reg(acc, &entry->imsi_deny_re, &entry->imsi_deny, argc - 1, &argv[1]) != 0)
return CMD_WARNING;
+ if (argc >= 3)
+ entry->cm_reject_cause = atoi(argv[2]);
+ if (argc >= 4)
+ entry->lu_reject_cause = atoi(argv[3]);
return CMD_SUCCESS;
}
diff --git a/openbsc/tests/vty_test_runner.py b/openbsc/tests/vty_test_runner.py
index 74f0fd21a..092f5ae6f 100644
--- a/openbsc/tests/vty_test_runner.py
+++ b/openbsc/tests/vty_test_runner.py
@@ -512,6 +512,44 @@ class TestVTYNAT(TestVTYGenericBSC):
res = self.vty.verify("show ussd-connection", ['The USSD side channel provider is not connected and not authorized.'])
self.assertTrue(res)
+ def testAccessList(self):
+ """
+ Verify that the imsi-deny can have a reject cause or no reject cause
+ """
+ self.vty.enable()
+ self.vty.command("configure terminal")
+ self.vty.command("nat")
+
+ # Old default
+ self.vty.command("access-list test-default imsi-deny ^123[0-9]*$")
+ res = self.vty.command("show running-config").split("\r\n")
+ asserted = False
+ for line in res:
+ if line.startswith(" access-list"):
+ self.assertEqual(line, " access-list test-default imsi-deny ^123[0-9]*$ 11 11")
+ asserted = True
+ self.assert_(asserted)
+
+ # Check the optional CM Service Reject Cause
+ self.vty.command("access-list test-cm-deny imsi-deny ^123[0-9]*$ 42").split("\r\n")
+ res = self.vty.command("show running-config").split("\r\n")
+ asserted = False
+ for line in res:
+ if line.startswith(" access-list test-cm"):
+ self.assertEqual(line, " access-list test-cm-deny imsi-deny ^123[0-9]*$ 42 11")
+ asserted = True
+ self.assert_(asserted)
+
+ # Check the optional LU Reject Cause
+ self.vty.command("access-list test-lu-deny imsi-deny ^123[0-9]*$ 23 42").split("\r\n")
+ res = self.vty.command("show running-config").split("\r\n")
+ asserted = False
+ for line in res:
+ if line.startswith(" access-list test-lu"):
+ self.assertEqual(line, " access-list test-lu-deny imsi-deny ^123[0-9]*$ 23 42")
+ asserted = True
+ self.assert_(asserted)
+
class TestVTYGbproxy(TestVTYGenericBSC):
def vty_command(self):