5 files changed, 83 insertions, 8 deletions

diff --git a/openbsc/include/openbsc/Makefile.am b/openbsc/include/openbsc/Makefile.am
index 0c7b36f06..f5cf63941 100644
--- a/openbsc/include/openbsc/Makefile.am
+++ b/openbsc/include/openbsc/Makefile.am
@@ -5,4 +5,4 @@ noinst_HEADERS = abis_nm.h abis_rsl.h debug.h db.h gsm_04_08.h gsm_data.h \
 		 gsm_utils.h ipaccess.h rs232.h openbscdefines.h rtp_proxy.h \
 		 bsc_rll.h mncc.h talloc.h transaction.h ussd.h gsm_04_80.h \
 		 silent_call.h mgcp.h meas_rep.h bitvec.h rest_octets.h \
-		 system_information.h handover.h bssap.h bsc_msc.h
+		 system_information.h handover.h bssap.h bsc_msc.h bsc_nat.h
diff --git a/openbsc/include/openbsc/bsc_nat.h b/openbsc/include/openbsc/bsc_nat.h
new file mode 100644
index 000000000..ea30cae22
--- /dev/null
+++ b/openbsc/include/openbsc/bsc_nat.h
@@ -0,0 +1,33 @@
+/*
+ * (C) 2010 by Holger Hans Peter Freyther <zecke@selfish.org>
+ * (C) 2010 by on-waves.com
+ * All Rights Reserved
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ */
+
+#ifndef BSC_NAT_H
+#define BSC_NAT_H
+
+#include <sys/types.h>
+#include "msgb.h"
+
+/**
+ * filter based on IP Access header in both directions
+ */
+int bsc_nat_filter_ipa(struct msgb *msg);
+
+#endif
diff --git a/openbsc/src/Makefile.am b/openbsc/src/Makefile.am
index b6a8536a5..b8a631048 100644
--- a/openbsc/src/Makefile.am
+++ b/openbsc/src/Makefile.am
@@ -43,5 +43,5 @@ isdnsync_SOURCES = isdnsync.c
 bsc_mgcp_SOURCES = bsc_mgcp.c msgb.c talloc.c debug.c select.c timer.c telnet_interface.c
 bsc_mgcp_LDADD = libvty.a
 
-bsc_nat_SOURCES = nat/bsc_nat.c bsc_msc.c
+bsc_nat_SOURCES = nat/bsc_nat.c nat/bsc_filter.c bsc_msc.c
 bsc_nat_LDADD = libbsc.a libsccp.a
diff --git a/openbsc/src/nat/bsc_filter.c b/openbsc/src/nat/bsc_filter.c
new file mode 100644
index 000000000..5c59f39a5
--- /dev/null
+++ b/openbsc/src/nat/bsc_filter.c
@@ -0,0 +1,34 @@
+/* BSC Multiplexer/NAT */
+
+/*
+ * (C) 2010 by Holger Hans Peter Freyther <zecke@selfish.org>
+ * (C) 2010 by on-waves.com
+ * All Rights Reserved
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ */
+
+#include <openbsc/bsc_nat.h>
+#include <openbsc/ipaccess.h>
+
+int bsc_nat_filter_ipa(struct msgb *msg)
+{
+	struct ipaccess_head *hh;
+
+	/* handle base message handling */
+	hh = (struct ipaccess_head *) msg->data;
+	return hh->proto == IPAC_PROTO_IPACCESS;
+}
diff --git a/openbsc/src/nat/bsc_nat.c b/openbsc/src/nat/bsc_nat.c
index 6aed7c982..98eaa9794 100644
--- a/openbsc/src/nat/bsc_nat.c
+++ b/openbsc/src/nat/bsc_nat.c
@@ -38,11 +38,14 @@
 #include <openbsc/debug.h>
 #include <openbsc/msgb.h>
 #include <openbsc/bsc_msc.h>
+#include <openbsc/bsc_nat.h>
 #include <openbsc/ipaccess.h>
 #include <openbsc/abis_nm.h>
 #include <openbsc/talloc.h>
 #include <openbsc/linuxlist.h>
 
+#include <sccp/sccp.h>
+
 static const char *config_file = "openbsc.cfg";
 static char *msc_address = "127.0.0.1";
 static struct in_addr local_addr;
@@ -65,6 +68,7 @@ struct bsc_connection {
 
 static LLIST_HEAD(bsc_connections);
 
+
 /*
  * below are stubs we need to link
  */
@@ -101,6 +105,10 @@ static void forward_sccp_to_bts(struct msgb *msg)
 
 	/* filter, drop, patch the message? */
 
+	/* drop packets with the wrong IPA header */
+	if (bsc_nat_filter_ipa(msg))
+		return;
+
 	/* currently send this to every BSC connected */
 	llist_for_each_entry(bsc, &bsc_connections, list_entry) {
 		write(bsc->bsc_fd.fd, msg->data, msg->len);
@@ -160,6 +168,10 @@ static int forward_sccp_to_msc(struct msgb *msg)
 {
 	/* FIXME: We need to filter out certain messages */
 
+	/* drop packets with the wrong IPA header */
+	if (bsc_nat_filter_ipa(msg))
+		return 0;
+
 	/* send the non-filtered but maybe modified msg */
 	return write(msc_connection.fd, msg->data, msg->len);
 }
@@ -168,7 +180,6 @@ static int ipaccess_bsc_cb(struct bsc_fd *bfd, unsigned int what)
 {
 	int error;
 	struct msgb *msg = ipaccess_read_msg(bfd, &error);
-	struct ipaccess_head *hh;
 
 	if (!msg) {
 		if (error == 0) {
@@ -180,16 +191,13 @@ static int ipaccess_bsc_cb(struct bsc_fd *bfd, unsigned int what)
 		return -1;
 	}
 
-	DEBUGP(DMSC, "MSG from BSC: %s proto: %d\n", hexdump(msg->data, msg->len), msg->l2h[0]);
 
-	/* handle base message handling */
-	hh = (struct ipaccess_head *) msg->data;
+	DEBUGP(DMSC, "MSG from BSC: %s proto: %d\n", hexdump(msg->data, msg->len), msg->l2h[0]);
 
 	/* Handle messages from the BSC */
 	/* FIXME: Currently no PONG is sent to the BSC */
 	/* FIXME: Currently no ID ACK is sent to the BSC */
-	if (hh->proto == IPAC_PROTO_SCCP)
-		forward_sccp_to_msc(msg);
+	forward_sccp_to_msc(msg);
 
 	return 0;
 }