[nat] Do not forward messages from and to BSC when it is not authenticated

* Start using the authenticated bit in the BSC connection. This means
  that currently no messages are forwarded to the MSC from unauthenticated
  BSCs.

1 files changed, 13 insertions, 0 deletions

diff --git a/openbsc/src/nat/bsc_nat.c b/openbsc/src/nat/bsc_nat.c
index 016e06eeb..aee009545 100644
--- a/openbsc/src/nat/bsc_nat.c
+++ b/openbsc/src/nat/bsc_nat.c
@@ -308,11 +308,19 @@ static int forward_sccp_to_bts(struct msgb *msg)
 	talloc_free(parsed);
 	if (!bsc)
 		return -1;
+	if (!bsc->authenticated) {
+		LOGP(DNAT, LOGL_ERRO, "Selected BSC not authenticated.\n");
+		return -1;
+	}
+
 	return write(bsc->bsc_fd.fd, msg->data, msg->len);
 
 send_to_all:
 	/* currently send this to every BSC connected */
 	llist_for_each_entry(bsc, &nat->bsc_connections, list_entry) {
+		if (!bsc->authenticated)
+			continue;
+
 		rc = write(bsc->bsc_fd.fd, msg->data, msg->len);
 
 		/* try the next one */
@@ -436,6 +444,11 @@ static int forward_sccp_to_msc(struct bsc_fd *bfd, struct msgb *msg)
 		goto exit2;
 	}
 
+	if (!bsc->authenticated) {
+		LOGP(DNAT, LOGL_ERROR, "BSC is not authenticated.\n");
+		goto exit2;
+	}
+
 	/* send the non-filtered but maybe modified msg */
 	rc = write(msc_connection.fd, msg->data, msg->len);
 	talloc_free(parsed);