diff options
| author | Holger Hans Peter Freyther <holger@moiji-mobile.com> | 2015-04-05 20:53:42 +0200 |
|---|---|---|
| committer | Holger Hans Peter Freyther <holger@moiji-mobile.com> | 2015-05-03 22:33:35 +0200 |
| commit | ec0cb7c64d5d42e8d0d599b209a3eabacfceba60 (patch) | |
| tree | 4f31fc47e9f723dad6c77e732a88592b98a06fa9 | |
| parent | d6332809d8313903c65ccd28646f41b7c1aa6b99 (diff) | |
bsc: Add access list filtering to the BSC
| -rw-r--r-- | openbsc/include/openbsc/osmo_bsc.h | 2 | ||||
| -rw-r--r-- | openbsc/src/libfilter/bsc_msg_filter.c | 2 | ||||
| -rw-r--r-- | openbsc/src/osmo-bsc/osmo_bsc_api.c | 56 | ||||
| -rw-r--r-- | openbsc/src/osmo-bsc/osmo_bsc_main.c | 7 |
4 files changed, 63 insertions, 4 deletions
diff --git a/openbsc/include/openbsc/osmo_bsc.h b/openbsc/include/openbsc/osmo_bsc.h index 7df16cc92..fd5303dc6 100644 --- a/openbsc/include/openbsc/osmo_bsc.h +++ b/openbsc/include/openbsc/osmo_bsc.h @@ -66,4 +66,6 @@ int bsc_ctrl_cmds_install(); void bsc_gen_location_state_trap(struct gsm_bts *bts); +struct llist_head *bsc_access_lists(void); + #endif diff --git a/openbsc/src/libfilter/bsc_msg_filter.c b/openbsc/src/libfilter/bsc_msg_filter.c index 2bbfa078e..be518a478 100644 --- a/openbsc/src/libfilter/bsc_msg_filter.c +++ b/openbsc/src/libfilter/bsc_msg_filter.c @@ -159,7 +159,7 @@ static int auth_imsi(struct bsc_filter_request *req, struct bsc_msg_acc_lst *bsc_lst = NULL; /* 1. global check for barred imsis */ - if (bsc_filter_barr_find(req->black_list, imsi, &cm, &lu)) { + if (req->black_list && bsc_filter_barr_find(req->black_list, imsi, &cm, &lu)) { cause->cm_reject_cause = cm; cause->lu_reject_cause = lu; LOGP(DFILTER, LOGL_DEBUG, diff --git a/openbsc/src/osmo-bsc/osmo_bsc_api.c b/openbsc/src/osmo-bsc/osmo_bsc_api.c index a90ad1689..17026af53 100644 --- a/openbsc/src/osmo-bsc/osmo_bsc_api.c +++ b/openbsc/src/osmo-bsc/osmo_bsc_api.c @@ -1,4 +1,4 @@ -/* (C) 2009-2011 by Holger Hans Peter Freyther <zecke@selfish.org> +/* (C) 2009-2015 by Holger Hans Peter Freyther <zecke@selfish.org> * (C) 2009-2011 by On-Waves * All Rights Reserved * @@ -79,6 +79,45 @@ static uint16_t get_ci_for_msc(struct osmo_msc_data *msc, struct gsm_bts *bts) return bts->cell_identity; } +static int bsc_filter_initial(struct osmo_bsc_data *bsc, + struct osmo_msc_data *msc, + struct gsm_subscriber_connection *conn, + struct msgb *msg, char **imsi) +{ + int con_type; + struct bsc_filter_request req; + struct bsc_filter_reject_cause cause; + struct gsm48_hdr *gh = msgb_l3(msg); + + req.ctx = conn; + req.black_list = NULL; + req.access_lists = bsc_access_lists(); + req.local_lst_name = msc->acc_lst_name; + req.global_lst_name = conn->bts->network->bsc_data->acc_lst_name; + req.bsc_nr = 0; + + return bsc_msg_filter_initial(gh, msgb_l3len(msg), &req, + &con_type, imsi, &cause); +} + +static int bsc_filter_data(struct gsm_subscriber_connection *conn, + struct msgb *msg) +{ + struct bsc_filter_request req; + struct gsm48_hdr *gh = msgb_l3(msg); + struct bsc_filter_reject_cause cause; + + req.ctx = conn; + req.black_list = NULL; + req.access_lists = bsc_access_lists(); + req.local_lst_name = conn->sccp_con->msc->acc_lst_name; + req.global_lst_name = conn->bts->network->bsc_data->acc_lst_name; + req.bsc_nr = 0; + + return bsc_msg_filter_data(gh, msgb_l3len(msg), &req, + &conn->sccp_con->filter_state, + &cause); +} static void bsc_sapi_n_reject(struct gsm_subscriber_connection *conn, int dlci) { @@ -172,6 +211,7 @@ static int bsc_compl_l3(struct gsm_subscriber_connection *conn, struct msgb *msg static int complete_layer3(struct gsm_subscriber_connection *conn, struct msgb *msg, struct osmo_msc_data *msc) { + char *imsi = NULL; struct timeval tv; struct msgb *resp; uint16_t network_code; @@ -189,6 +229,10 @@ static int complete_layer3(struct gsm_subscriber_connection *conn, if (send_ping && osmo_timer_remaining(&msc->ping_timer, NULL, &tv) == -1) send_ping = 0; + /* Check the filter */ + if (bsc_filter_initial(msc->network->bsc_data, msc, conn, msg, &imsi) < 0) + return BSC_API_CONN_POL_REJECT; + /* allocate resource for a new connection */ ret = bsc_create_new_connection(conn, msc, send_ping); @@ -202,6 +246,9 @@ static int complete_layer3(struct gsm_subscriber_connection *conn, return BSC_API_CONN_POL_REJECT; } + if (imsi) + conn->sccp_con->filter_state.imsi = talloc_steal(conn, imsi); + /* check return value, if failed check msg for and send USSD */ network_code = get_network_code_for_msc(conn->sccp_con->msc); @@ -333,8 +380,13 @@ static void bsc_dtap(struct gsm_subscriber_connection *conn, uint8_t link_id, st if (handle_cc_setup(conn, msg) >= 1) return; - bsc_scan_bts_msg(conn, msg); + /* Check the filter */ + if (bsc_filter_data(conn, msg) < 0) { + bsc_clear_request(conn, 0); + return; + } + bsc_scan_bts_msg(conn, msg); resp = gsm0808_create_dtap(msg, link_id); queue_msg_or_return(resp); diff --git a/openbsc/src/osmo-bsc/osmo_bsc_main.c b/openbsc/src/osmo-bsc/osmo_bsc_main.c index 77c9bf92b..ee86cb647 100644 --- a/openbsc/src/osmo-bsc/osmo_bsc_main.c +++ b/openbsc/src/osmo-bsc/osmo_bsc_main.c @@ -59,6 +59,12 @@ static const char *config_file = "openbsc.cfg"; static const char *rf_ctrl = NULL; extern const char *openbsc_copyright; static int daemonize = 0; +static struct llist_head access_lists; + +struct llist_head *bsc_access_lists(void) +{ + return &access_lists; +} static void print_usage() { @@ -179,7 +185,6 @@ static void signal_handler(int signal) int main(int argc, char **argv) { - struct llist_head access_lists; struct osmo_msc_data *msc; struct osmo_bsc_data *data; int rc; |