osmo-bsc_nat: Implement access lists for MSC conns

Change-Id: Iedcf492ff8bb86e7ac68d8909634525e7b0648ea
Ticket: SYS#3208
Sponsored-by: On-Waves ehf.

4 files changed, 60 insertions, 1 deletions

diff --git a/openbsc/include/openbsc/bsc_nat.h b/openbsc/include/openbsc/bsc_nat.h
index dc6c05ae5..32be4d9dd 100644
--- a/openbsc/include/openbsc/bsc_nat.h
+++ b/openbsc/include/openbsc/bsc_nat.h
@@ -229,6 +229,10 @@ struct msc_config {
 	struct llist_head dests;
 	struct bsc_msc_dest *main_dest;
 	struct bsc_msc_connection *msc_con;
+
+	/* imsi white and blacklist */
+	char *acc_lst_name;
+
 	char *token;
 	int nr;
 	struct bsc_nat *nat;
@@ -346,6 +350,7 @@ int bsc_config_handles_lac(struct bsc_config *cfg, int lac);
 struct msc_config *msc_config_alloc(struct bsc_nat *nat);
 struct msc_config *msc_config_num(struct bsc_nat *nat, int num);
 struct msc_config *msc_config_by_con(struct bsc_nat *nat, struct bsc_msc_connection *msc_con);
+struct bsc_msc_connection *msc_conn_by_imsi(struct bsc_nat *nat, const char *imsi);
 void msc_config_free(struct msc_config *);
 
 struct bsc_nat *bsc_nat_alloc(void);
diff --git a/openbsc/src/osmo-bsc_nat/bsc_nat.c b/openbsc/src/osmo-bsc_nat/bsc_nat.c
index 7cb150c0e..da923a45d 100644
--- a/openbsc/src/osmo-bsc_nat/bsc_nat.c
+++ b/openbsc/src/osmo-bsc_nat/bsc_nat.c
@@ -1153,7 +1153,12 @@ static int forward_sccp_to_msc(struct bsc_connection *bsc, struct msgb *msg)
 			if (!create_sccp_src_ref(bsc, parsed))
 				goto exit2;
 			con = patch_sccp_src_ref_to_msc(msg, parsed, bsc);
-			con->msc_con = bsc->nat->msc_con;
+
+#warning Implement routing by IMSI
+			if (!imsi)
+				LOGP(DNAT, LOGL_ERROR, "No IMSI for CR\n");
+
+			con->msc_con = msc_conn_by_imsi(bsc->nat, imsi);
 			con_msc = con->msc_con;
 			con->filter_state.con_type = con_type;
 			con->filter_state.imsi_checked = filter;
diff --git a/openbsc/src/osmo-bsc_nat/bsc_nat_utils.c b/openbsc/src/osmo-bsc_nat/bsc_nat_utils.c
index 18ec1dee9..57c62a4f3 100644
--- a/openbsc/src/osmo-bsc_nat/bsc_nat_utils.c
+++ b/openbsc/src/osmo-bsc_nat/bsc_nat_utils.c
@@ -250,6 +250,26 @@ struct msc_config *msc_config_by_con(struct bsc_nat *nat, struct bsc_msc_connect
 	return NULL;
 }
 
+struct bsc_msc_connection *msc_conn_by_imsi(struct bsc_nat *nat, const char *imsi)
+{
+	struct msc_config *conf;
+
+	if (!imsi)
+		return NULL;
+
+	llist_for_each_entry(conf, &nat->msc_configs, entry) {
+		struct bsc_msg_acc_lst *acc;
+		acc = bsc_msg_acc_lst_find(&nat->access_lists, conf->acc_lst_name);
+		if (!acc)
+			continue;
+
+		if (!bsc_msg_acc_lst_check_allow(acc, imsi))
+			return conf->msc_con;
+	}
+
+	return NULL;
+}
+
 void msc_config_free(struct msc_config *cfg)
 {
 	llist_del(&cfg->entry);
diff --git a/openbsc/src/osmo-bsc_nat/bsc_nat_vty.c b/openbsc/src/osmo-bsc_nat/bsc_nat_vty.c
index c0f9b46a7..4c42791b5 100644
--- a/openbsc/src/osmo-bsc_nat/bsc_nat_vty.c
+++ b/openbsc/src/osmo-bsc_nat/bsc_nat_vty.c
@@ -1045,6 +1045,33 @@ DEFUN(cfg_msc_port,
 	return CMD_SUCCESS;
 }
 
+DEFUN(cfg_msc_acc_lst_name,
+      cfg_msc_acc_lst_name_cmd,
+      "access-list-name NAME",
+      "Set the name of the access list to use.\n"
+      "The name of the to be used access list.")
+{
+	struct msc_config *conf = vty->index;
+
+	bsc_replace_string(conf, &conf->acc_lst_name, argv[0]);
+	return CMD_SUCCESS;
+}
+
+DEFUN(cfg_msc_no_acc_lst_name,
+      cfg_msc_no_acc_lst_name_cmd,
+      "no access-list-name",
+      NO_STR "Do not use an access-list for the MSC.\n")
+{
+	struct msc_config *conf = vty->index;
+
+	if (conf->acc_lst_name) {
+		talloc_free(conf->acc_lst_name);
+		conf->acc_lst_name = NULL;
+	}
+
+	return CMD_SUCCESS;
+}
+
 DEFUN(test_regex, test_regex_cmd,
       "test regex PATTERN STRING",
       "Test utilities\n"
@@ -1305,6 +1332,8 @@ int bsc_nat_vty_init(struct bsc_nat *nat)
 	install_element(NAT_MSC_NODE, &cfg_msc_token_cmd);
 	install_element(NAT_MSC_NODE, &cfg_msc_ip_cmd);
 	install_element(NAT_MSC_NODE, &cfg_msc_port_cmd);
+	install_element(NAT_MSC_NODE, &cfg_msc_acc_lst_name_cmd);
+	install_element(NAT_MSC_NODE, &cfg_msc_no_acc_lst_name_cmd);
 
 	mgcp_vty_init();