7 files changed, 130 insertions, 78 deletions

diff --git a/openbsc/include/openbsc/Makefile.am b/openbsc/include/openbsc/Makefile.am
index d2b30de79..254f43dbe 100644
--- a/openbsc/include/openbsc/Makefile.am
+++ b/openbsc/include/openbsc/Makefile.am
@@ -16,7 +16,7 @@ noinst_HEADERS = abis_nm.h abis_rsl.h db.h gsm_04_08.h gsm_data.h \
 		arfcn_range_encode.h nat_rewrite_trie.h bsc_nat_callstats.h \
 		osmux.h mgcp_transcode.h gprs_utils.h \
 		 gprs_gb_parse.h smpp.h meas_feed.h gprs_gsup_messages.h \
-		 gprs_gsup_client.h
+		 gprs_gsup_client.h bsc_msg_filter.h
 
 openbsc_HEADERS = gsm_04_08.h meas_rep.h bsc_api.h
 openbscdir = $(includedir)/openbsc
diff --git a/openbsc/include/openbsc/bsc_msg_filter.h b/openbsc/include/openbsc/bsc_msg_filter.h
new file mode 100644
index 000000000..a9dedf43c
--- /dev/null
+++ b/openbsc/include/openbsc/bsc_msg_filter.h
@@ -0,0 +1,107 @@
+#pragma once
+
+#include <osmocom/core/msgb.h>
+#include <osmocom/core/msgfile.h>
+#include <osmocom/core/linuxrbtree.h>
+#include <osmocom/core/linuxlist.h>
+
+#include <regex.h>
+
+struct vty;
+struct gsm48_hdr;
+
+struct bsc_filter_reject_cause {
+	int lu_reject_cause;
+	int cm_reject_cause;
+};
+
+struct bsc_filter_barr_entry {
+	struct rb_node node;
+
+	char *imsi;
+	int cm_reject_cause;
+	int lu_reject_cause;
+};
+
+enum bsc_filter_acc_ctr {
+	ACC_LIST_LOCAL_FILTER,
+	ACC_LIST_GLOBAL_FILTER,
+};
+
+struct bsc_msg_acc_lst {
+	struct llist_head list;
+
+	/* counter */
+	struct rate_ctr_group *stats;
+
+	/* the name of the list */
+	const char *name;
+	struct llist_head fltr_list;
+};
+
+struct bsc_msg_acc_lst_entry {
+	struct llist_head list;
+
+	/* the filter */
+	char *imsi_allow;
+	regex_t imsi_allow_re;
+	char *imsi_deny;
+	regex_t imsi_deny_re;
+
+	/* reject reasons for the access lists */
+	int cm_reject_cause;
+	int lu_reject_cause;
+};
+
+enum {
+	FLT_CON_TYPE_NONE,
+	FLT_CON_TYPE_LU,
+	FLT_CON_TYPE_CM_SERV_REQ,
+	FLT_CON_TYPE_PAG_RESP,
+	FLT_CON_TYPE_SSA,
+	FLT_CON_TYPE_LOCAL_REJECT,
+	FLT_CON_TYPE_OTHER,
+};
+
+
+struct bsc_filter_state {
+	char *imsi;
+	int imsi_checked;
+	int con_type;
+};
+
+struct bsc_filter_request {
+	void *ctx;
+	struct rb_root *black_list;
+	struct llist_head *access_lists;
+	const char *local_lst_name;
+	const char *global_lst_name;
+	int bsc_nr;
+};
+
+
+int bsc_filter_barr_adapt(void *ctx, struct rb_root *rbtree, const struct osmo_config_list *);
+int bsc_filter_barr_find(struct rb_root *root, const char *imsi, int *cm, int *lu);
+
+/**
+ * Content filtering.
+ */
+int bsc_msg_filter_initial(struct gsm48_hdr *hdr, size_t size,
+			struct bsc_filter_request *req,
+			int *con_type, char **imsi,
+			struct bsc_filter_reject_cause *cause);
+int bsc_msg_filter_data(struct gsm48_hdr *hdr, size_t size,
+			struct bsc_filter_request *req,
+			struct bsc_filter_state *state,
+			struct bsc_filter_reject_cause *cause);
+
+/* IMSI allow/deny handling */
+struct bsc_msg_acc_lst *bsc_msg_acc_lst_find(struct llist_head *lst, const char *name);
+struct bsc_msg_acc_lst *bsc_msg_acc_lst_get(void *ctx, struct llist_head *lst, const char *name);
+void bsc_msg_acc_lst_delete(struct bsc_msg_acc_lst *lst);
+
+struct bsc_msg_acc_lst_entry *bsc_msg_acc_lst_entry_create(struct bsc_msg_acc_lst *);
+int bsc_msg_acc_lst_check_allow(struct bsc_msg_acc_lst *lst, const char *imsi);
+
+void bsc_msg_lst_vty_init(void *ctx, struct llist_head *lst, int node);
+void bsc_msg_acc_lst_write(struct vty *vty, struct bsc_msg_acc_lst *lst);
diff --git a/openbsc/include/openbsc/bsc_nat.h b/openbsc/include/openbsc/bsc_nat.h
index 19144e3dd..ae940b390 100644
--- a/openbsc/include/openbsc/bsc_nat.h
+++ b/openbsc/include/openbsc/bsc_nat.h
@@ -22,6 +22,7 @@
 #define BSC_NAT_H
 
 #include "mgcp.h"
+#include "bsc_msg_filter.h"
 
 
 #include <osmocom/core/select.h>
@@ -47,16 +48,6 @@ struct bsc_nat;
 struct bsc_nat_ussd_con;
 struct nat_rewrite_rule;
 
-enum {
-	NAT_CON_TYPE_NONE,
-	NAT_CON_TYPE_LU,
-	NAT_CON_TYPE_CM_SERV_REQ,
-	NAT_CON_TYPE_PAG_RESP,
-	NAT_CON_TYPE_SSA,
-	NAT_CON_TYPE_LOCAL_REJECT,
-	NAT_CON_TYPE_OTHER,
-};
-
 /*
  * Is this terminated to the MSC, to the local machine (release
  * handling for IMSI filtering) or to a USSD provider?
@@ -229,36 +220,6 @@ struct bsc_nat_statistics {
 	} ussd;
 };
 
-enum bsc_nat_acc_ctr {
-	ACC_LIST_BSC_FILTER,
-	ACC_LIST_NAT_FILTER,
-};
-
-struct bsc_nat_acc_lst {
-	struct llist_head list;
-
-	/* counter */
-	struct rate_ctr_group *stats;
-
-	/* the name of the list */
-	const char *name;
-	struct llist_head fltr_list;
-};
-
-struct bsc_nat_acc_lst_entry {
-	struct llist_head list;
-
-	/* the filter */
-	char *imsi_allow;
-	regex_t imsi_allow_re;
-	char *imsi_deny;
-	regex_t imsi_deny_re;
-
-	/* reject reasons for the access lists */
-	int cm_reject_cause;
-	int lu_reject_cause;
-};
-
 /**
  * the structure of the "nat" network
  */
@@ -355,11 +316,6 @@ struct bsc_nat_ussd_con {
 	struct osmo_timer_list auth_timeout;
 };
 
-struct bsc_nat_reject_cause {
-	int lu_reject_cause;
-	int cm_reject_cause;
-};
-
 /* create and init the structures */
 struct bsc_config *bsc_config_alloc(struct bsc_nat *nat, const char *token);
 struct bsc_config *bsc_config_num(struct bsc_nat *nat, int num);
@@ -390,16 +346,6 @@ int bsc_nat_vty_init(struct bsc_nat *nat);
 int bsc_nat_find_paging(struct msgb *msg, const uint8_t **,int *len);
 
 /**
- * Content filtering.
- */
-int bsc_nat_filter_sccp_cr(struct bsc_connection *bsc, struct msgb *msg,
-			struct bsc_nat_parsed *, int *con_type, char **imsi,
-			struct bsc_nat_reject_cause *cause);
-int bsc_nat_filter_dt(struct bsc_connection *bsc, struct msgb *msg,
-			struct nat_sccp_connection *con, struct bsc_nat_parsed *parsed,
-			struct bsc_nat_reject_cause *cause);
-
-/**
  * SCCP patching and handling
  */
 struct nat_sccp_connection *create_sccp_src_ref(struct bsc_connection *bsc, struct bsc_nat_parsed *parsed);
@@ -435,14 +381,6 @@ int bsc_do_write(struct osmo_wqueue *queue, struct msgb *msg, int id);
 int bsc_write_msg(struct osmo_wqueue *queue, struct msgb *msg);
 int bsc_write_cb(struct osmo_fd *bfd, struct msgb *msg);
 
-/* IMSI allow/deny handling */
-struct bsc_nat_acc_lst *bsc_nat_acc_lst_find(struct bsc_nat *nat, const char *name);
-struct bsc_nat_acc_lst *bsc_nat_acc_lst_get(struct bsc_nat *nat, const char *name);
-void bsc_nat_acc_lst_delete(struct bsc_nat_acc_lst *lst);
-
-struct bsc_nat_acc_lst_entry *bsc_nat_acc_lst_entry_create(struct bsc_nat_acc_lst *);
-int bsc_nat_lst_check_allow(struct bsc_nat_acc_lst *lst, const char *imsi);
-
 int bsc_nat_msc_is_connected(struct bsc_nat *nat);
 
 int bsc_conn_type_to_ctr(struct nat_sccp_connection *conn);
@@ -478,17 +416,6 @@ struct bsc_nat_num_rewr_entry {
 
 void bsc_nat_num_rewr_entry_adapt(void *ctx, struct llist_head *head, const struct osmo_config_list *);
 
-struct bsc_nat_barr_entry {
-	struct rb_node node;
-
-	char *imsi;
-	int cm_reject_cause;
-	int lu_reject_cause;
-};
-
-int bsc_nat_barr_adapt(void *ctx, struct rb_root *rbtree, const struct osmo_config_list *);
-int bsc_nat_barr_find(struct rb_root *root, const char *imsi, int *cm, int *lu);
-
 void bsc_nat_send_mgcp_to_msc(struct bsc_nat *bsc_nat, struct msgb *msg);
 void bsc_nat_handle_mgcp(struct bsc_nat *bsc, struct msgb *msg);
 
@@ -499,6 +426,13 @@ int bsc_nat_handle_ctrlif_msg(struct bsc_connection *bsc, struct msgb *msg);
 int bsc_nat_extract_lac(struct bsc_connection *bsc, struct nat_sccp_connection *con,
 				struct bsc_nat_parsed *parsed, struct msgb *msg);
 
+int bsc_nat_filter_sccp_cr(struct bsc_connection *bsc, struct msgb *msg,
+			struct bsc_nat_parsed *, int *con_type, char **imsi,
+			struct bsc_filter_reject_cause *cause);
+int bsc_nat_filter_dt(struct bsc_connection *bsc, struct msgb *msg,
+			struct nat_sccp_connection *con, struct bsc_nat_parsed *parsed,
+			struct bsc_filter_reject_cause *cause);
+
 /**
  * CTRL interface helper
  */
diff --git a/openbsc/include/openbsc/bsc_nat_sccp.h b/openbsc/include/openbsc/bsc_nat_sccp.h
index 0561df1f4..082466408 100644
--- a/openbsc/include/openbsc/bsc_nat_sccp.h
+++ b/openbsc/include/openbsc/bsc_nat_sccp.h
@@ -22,6 +22,8 @@
 #ifndef BSC_NAT_SCCP_H
 #define BSC_NAT_SCCP_H
 
+#include "bsc_msg_filter.h"
+
 #include <osmocom/sccp/sccp_types.h>
 
 /*
@@ -77,11 +79,10 @@ struct nat_sccp_connection {
 	int has_remote_ref;
 
 	/* status */
-	int con_type;
 	int con_local;
 	int authorized;
-	int imsi_checked;
-	char *imsi;
+
+	struct bsc_filter_state filter_state;
 
 	uint16_t lac;
 	uint16_t ci;
diff --git a/openbsc/include/openbsc/debug.h b/openbsc/include/openbsc/debug.h
index bbb3ee618..19d8fc2de 100644
--- a/openbsc/include/openbsc/debug.h
+++ b/openbsc/include/openbsc/debug.h
@@ -32,6 +32,7 @@ enum {
 	DNAT,
 	DCTRL,
 	DSMPP,
+	DFILTER,
 	Debug_LastEntry,
 };
 
diff --git a/openbsc/include/openbsc/osmo_bsc.h b/openbsc/include/openbsc/osmo_bsc.h
index 19b879f56..fd5303dc6 100644
--- a/openbsc/include/openbsc/osmo_bsc.h
+++ b/openbsc/include/openbsc/osmo_bsc.h
@@ -4,6 +4,7 @@
 #define OSMO_BSC_H
 
 #include "bsc_api.h"
+#include "bsc_msg_filter.h"
 
 #define BSS_SEND_USSD 1
 
@@ -41,6 +42,8 @@ struct osmo_bsc_sccp_con {
 
 	struct gsm_subscriber_connection *conn;
 	uint8_t new_subscriber;
+
+	struct bsc_filter_state filter_state;
 };
 
 struct bsc_api *osmo_bsc_api();
@@ -63,4 +66,6 @@ int bsc_ctrl_cmds_install();
 
 void bsc_gen_location_state_trap(struct gsm_bts *bts);
 
+struct llist_head *bsc_access_lists(void);
+
 #endif
diff --git a/openbsc/include/openbsc/osmo_msc_data.h b/openbsc/include/openbsc/osmo_msc_data.h
index bdc762aaf..2d863aa32 100644
--- a/openbsc/include/openbsc/osmo_msc_data.h
+++ b/openbsc/include/openbsc/osmo_msc_data.h
@@ -92,6 +92,8 @@ struct osmo_msc_data {
 
 	/* ussd text when MSC has entered the grace period */
 	char *ussd_grace_txt;
+
+	char *acc_lst_name;
 };
 
 /*
@@ -112,6 +114,8 @@ struct osmo_bsc_data {
 
 	/* ussd text when there is no MSC available */
 	char *ussd_no_msc_txt;
+
+	char *acc_lst_name;
 };