diff options
| author | Holger Hans Peter Freyther <zecke@selfish.org> | 2010-05-14 03:39:56 +0800 |
|---|---|---|
| committer | Holger Hans Peter Freyther <zecke@selfish.org> | 2010-05-14 03:47:52 +0800 |
| commit | 8ff74e8c24866e888652a70c0d9a21b2f2dad18c (patch) | |
| tree | d35869c9016d9625a1f595361dd128325508795f /openbsc | |
| parent | a202342d64f383319f5cad211f3189c0420f833b (diff) | |
nat: Introduce a nat filter that is working on the CR message.
Currently there is no implementation but the refusal code is
in place and will send a refusal back to the BSC.
Diffstat (limited to 'openbsc')
| -rw-r--r-- | openbsc/include/openbsc/bsc_nat.h | 5 | ||||
| -rw-r--r-- | openbsc/src/nat/bsc_nat.c | 10 | ||||
| -rw-r--r-- | openbsc/src/nat/bsc_nat_utils.c | 7 |
3 files changed, 22 insertions, 0 deletions
diff --git a/openbsc/include/openbsc/bsc_nat.h b/openbsc/include/openbsc/bsc_nat.h index 61df38930..b3a12f5c1 100644 --- a/openbsc/include/openbsc/bsc_nat.h +++ b/openbsc/include/openbsc/bsc_nat.h @@ -258,6 +258,11 @@ int bsc_nat_vty_init(struct bsc_nat *nat); struct bsc_connection *bsc_nat_find_bsc(struct bsc_nat *nat, struct msgb *msg, int *_lac); /** + * Content filtering. + */ +int bsc_nat_filter_sccp_cr(struct bsc_connection *, struct msgb *msg, struct bsc_nat_parsed *); + +/** * SCCP patching and handling */ int create_sccp_src_ref(struct bsc_connection *bsc, struct msgb *msg, struct bsc_nat_parsed *parsed); diff --git a/openbsc/src/nat/bsc_nat.c b/openbsc/src/nat/bsc_nat.c index 6802f999d..29aa514e1 100644 --- a/openbsc/src/nat/bsc_nat.c +++ b/openbsc/src/nat/bsc_nat.c @@ -561,6 +561,7 @@ static void ipaccess_auth_bsc(struct tlv_parsed *tvp, struct bsc_connection *bsc static int forward_sccp_to_msc(struct bsc_connection *bsc, struct msgb *msg) { + struct msgb *refuse; struct sccp_connections *con; struct bsc_nat_parsed *parsed; @@ -591,6 +592,8 @@ static int forward_sccp_to_msc(struct bsc_connection *bsc, struct msgb *msg) if (parsed->ipa_proto == IPAC_PROTO_SCCP) { switch (parsed->sccp_type) { case SCCP_MSG_TYPE_CR: + if (bsc_nat_filter_sccp_cr(bsc, msg, parsed) != 0) + goto exit3; if (create_sccp_src_ref(bsc, msg, parsed) != 0) goto exit2; con = patch_sccp_src_ref_to_msc(msg, parsed, bsc); @@ -654,6 +657,13 @@ exit: goto exit2; } +exit3: + /* send a SCCP Connection Refused */ + refuse = sccp_create_refuse(parsed->src_local_ref, SCCP_REFUSAL_SCCP_FAILURE); + if (refuse) { + bsc_send_data(bsc, refuse->l2h, msgb_l2len(refuse), IPAC_PROTO_SCCP); + msgb_free(refuse); + } exit2: talloc_free(parsed); msgb_free(msg); diff --git a/openbsc/src/nat/bsc_nat_utils.c b/openbsc/src/nat/bsc_nat_utils.c index c608a7c2b..3ace03e50 100644 --- a/openbsc/src/nat/bsc_nat_utils.c +++ b/openbsc/src/nat/bsc_nat_utils.c @@ -193,3 +193,10 @@ int bsc_write(struct bsc_connection *bsc, struct msgb *msg, int proto) return 0; } +/* Filter out CM Service Requests... */ +int bsc_nat_filter_sccp_cr(struct bsc_connection *bsc, struct msgb *msg, struct bsc_nat_parsed *parsed) +{ + /* the data we want to look at is optional. We want to have it here... */ + return 0; +} + |