diff options
-rw-r--r-- | openbsc/include/openbsc/Makefile.am | 2 | ||||
-rw-r--r-- | openbsc/include/openbsc/bsc_nat.h | 33 | ||||
-rw-r--r-- | openbsc/src/Makefile.am | 2 | ||||
-rw-r--r-- | openbsc/src/nat/bsc_filter.c | 34 | ||||
-rw-r--r-- | openbsc/src/nat/bsc_nat.c | 20 |
5 files changed, 83 insertions, 8 deletions
diff --git a/openbsc/include/openbsc/Makefile.am b/openbsc/include/openbsc/Makefile.am index 0c7b36f06..f5cf63941 100644 --- a/openbsc/include/openbsc/Makefile.am +++ b/openbsc/include/openbsc/Makefile.am @@ -5,4 +5,4 @@ noinst_HEADERS = abis_nm.h abis_rsl.h debug.h db.h gsm_04_08.h gsm_data.h \ gsm_utils.h ipaccess.h rs232.h openbscdefines.h rtp_proxy.h \ bsc_rll.h mncc.h talloc.h transaction.h ussd.h gsm_04_80.h \ silent_call.h mgcp.h meas_rep.h bitvec.h rest_octets.h \ - system_information.h handover.h bssap.h bsc_msc.h + system_information.h handover.h bssap.h bsc_msc.h bsc_nat.h diff --git a/openbsc/include/openbsc/bsc_nat.h b/openbsc/include/openbsc/bsc_nat.h new file mode 100644 index 000000000..ea30cae22 --- /dev/null +++ b/openbsc/include/openbsc/bsc_nat.h @@ -0,0 +1,33 @@ +/* + * (C) 2010 by Holger Hans Peter Freyther <zecke@selfish.org> + * (C) 2010 by on-waves.com + * All Rights Reserved + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + */ + +#ifndef BSC_NAT_H +#define BSC_NAT_H + +#include <sys/types.h> +#include "msgb.h" + +/** + * filter based on IP Access header in both directions + */ +int bsc_nat_filter_ipa(struct msgb *msg); + +#endif diff --git a/openbsc/src/Makefile.am b/openbsc/src/Makefile.am index b6a8536a5..b8a631048 100644 --- a/openbsc/src/Makefile.am +++ b/openbsc/src/Makefile.am @@ -43,5 +43,5 @@ isdnsync_SOURCES = isdnsync.c bsc_mgcp_SOURCES = bsc_mgcp.c msgb.c talloc.c debug.c select.c timer.c telnet_interface.c bsc_mgcp_LDADD = libvty.a -bsc_nat_SOURCES = nat/bsc_nat.c bsc_msc.c +bsc_nat_SOURCES = nat/bsc_nat.c nat/bsc_filter.c bsc_msc.c bsc_nat_LDADD = libbsc.a libsccp.a diff --git a/openbsc/src/nat/bsc_filter.c b/openbsc/src/nat/bsc_filter.c new file mode 100644 index 000000000..5c59f39a5 --- /dev/null +++ b/openbsc/src/nat/bsc_filter.c @@ -0,0 +1,34 @@ +/* BSC Multiplexer/NAT */ + +/* + * (C) 2010 by Holger Hans Peter Freyther <zecke@selfish.org> + * (C) 2010 by on-waves.com + * All Rights Reserved + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + */ + +#include <openbsc/bsc_nat.h> +#include <openbsc/ipaccess.h> + +int bsc_nat_filter_ipa(struct msgb *msg) +{ + struct ipaccess_head *hh; + + /* handle base message handling */ + hh = (struct ipaccess_head *) msg->data; + return hh->proto == IPAC_PROTO_IPACCESS; +} diff --git a/openbsc/src/nat/bsc_nat.c b/openbsc/src/nat/bsc_nat.c index 6aed7c982..98eaa9794 100644 --- a/openbsc/src/nat/bsc_nat.c +++ b/openbsc/src/nat/bsc_nat.c @@ -38,11 +38,14 @@ #include <openbsc/debug.h> #include <openbsc/msgb.h> #include <openbsc/bsc_msc.h> +#include <openbsc/bsc_nat.h> #include <openbsc/ipaccess.h> #include <openbsc/abis_nm.h> #include <openbsc/talloc.h> #include <openbsc/linuxlist.h> +#include <sccp/sccp.h> + static const char *config_file = "openbsc.cfg"; static char *msc_address = "127.0.0.1"; static struct in_addr local_addr; @@ -65,6 +68,7 @@ struct bsc_connection { static LLIST_HEAD(bsc_connections); + /* * below are stubs we need to link */ @@ -101,6 +105,10 @@ static void forward_sccp_to_bts(struct msgb *msg) /* filter, drop, patch the message? */ + /* drop packets with the wrong IPA header */ + if (bsc_nat_filter_ipa(msg)) + return; + /* currently send this to every BSC connected */ llist_for_each_entry(bsc, &bsc_connections, list_entry) { write(bsc->bsc_fd.fd, msg->data, msg->len); @@ -160,6 +168,10 @@ static int forward_sccp_to_msc(struct msgb *msg) { /* FIXME: We need to filter out certain messages */ + /* drop packets with the wrong IPA header */ + if (bsc_nat_filter_ipa(msg)) + return 0; + /* send the non-filtered but maybe modified msg */ return write(msc_connection.fd, msg->data, msg->len); } @@ -168,7 +180,6 @@ static int ipaccess_bsc_cb(struct bsc_fd *bfd, unsigned int what) { int error; struct msgb *msg = ipaccess_read_msg(bfd, &error); - struct ipaccess_head *hh; if (!msg) { if (error == 0) { @@ -180,16 +191,13 @@ static int ipaccess_bsc_cb(struct bsc_fd *bfd, unsigned int what) return -1; } - DEBUGP(DMSC, "MSG from BSC: %s proto: %d\n", hexdump(msg->data, msg->len), msg->l2h[0]); - /* handle base message handling */ - hh = (struct ipaccess_head *) msg->data; + DEBUGP(DMSC, "MSG from BSC: %s proto: %d\n", hexdump(msg->data, msg->len), msg->l2h[0]); /* Handle messages from the BSC */ /* FIXME: Currently no PONG is sent to the BSC */ /* FIXME: Currently no ID ACK is sent to the BSC */ - if (hh->proto == IPAC_PROTO_SCCP) - forward_sccp_to_msc(msg); + forward_sccp_to_msc(msg); return 0; } |