aboutsummaryrefslogtreecommitdiffstats
path: root/openbsc/src/nat/bsc_nat.c
diff options
context:
space:
mode:
authorHolger Hans Peter Freyther <zecke@selfish.org>2010-04-02 03:42:44 +0200
committerHolger Hans Peter Freyther <zecke@selfish.org>2010-04-02 03:47:09 +0200
commitc33701c4e557da47974f370ea93f3e7d88efb241 (patch)
tree0f1a42e4bc4657d05f6e227c2b56f1794a23e151 /openbsc/src/nat/bsc_nat.c
parent44d92b472825ae51bc349a91c04c2547f6544a0f (diff)
nat: Check the authentication bit later...
When moving it up here the code started to reject the identity responses of the bsc and we would never authenticate. Move it back down.
Diffstat (limited to 'openbsc/src/nat/bsc_nat.c')
-rw-r--r--openbsc/src/nat/bsc_nat.c18
1 files changed, 12 insertions, 6 deletions
diff --git a/openbsc/src/nat/bsc_nat.c b/openbsc/src/nat/bsc_nat.c
index b135bfec6..badbc9a53 100644
--- a/openbsc/src/nat/bsc_nat.c
+++ b/openbsc/src/nat/bsc_nat.c
@@ -385,12 +385,6 @@ static int forward_sccp_to_msc(struct bsc_connection *bsc, struct msgb *msg)
struct sccp_connections *con;
struct bsc_nat_parsed *parsed;
- if (!bsc->authenticated) {
- LOGP(DNAT, LOGL_ERROR, "BSC is not authenticated.\n");
- msgb_free(msg);
- return -1;
- }
-
/* Parse and filter messages */
parsed = bsc_nat_parse(msg);
if (!parsed) {
@@ -402,6 +396,18 @@ static int forward_sccp_to_msc(struct bsc_connection *bsc, struct msgb *msg)
if (bsc_nat_filter_ipa(DIR_MSC, msg, parsed))
goto exit;
+ /*
+ * check authentication after filtering to not reject auth
+ * responses coming from the BSC. We have to make sure that
+ * nothing from the exit path will forward things to the MSC
+ */
+ if (!bsc->authenticated) {
+ LOGP(DNAT, LOGL_ERROR, "BSC is not authenticated.\n");
+ msgb_free(msg);
+ return -1;
+ }
+
+
/* modify the SCCP entries */
if (parsed->ipa_proto == IPAC_PROTO_SCCP) {
switch (parsed->sccp_type) {