From 1fd60631f7ef329cc18df07dab0171f2ae23b677 Mon Sep 17 00:00:00 2001 From: Holger Hans Peter Freyther Date: Tue, 19 Oct 2010 20:55:33 +0200 Subject: nat: Change the order of the DENY/ALLOW rule for the BSC. Currently it is not is not easily possible to disable everyone and then only allow certain SIMs. By changing the order we can do: access-list imsi-deny only-something ^[0-9]*$ access-list imsi-allow only-something ^123[0-9]*$ and still keep the usecase of only forbidding certain SIMs on certain LACs. Adjust test case, test that the other cases are still functional. --- openbsc/tests/bsc-nat/bsc_nat_test.c | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) (limited to 'openbsc/tests/bsc-nat') diff --git a/openbsc/tests/bsc-nat/bsc_nat_test.c b/openbsc/tests/bsc-nat/bsc_nat_test.c index f82b4db5f..75bd80384 100644 --- a/openbsc/tests/bsc-nat/bsc_nat_test.c +++ b/openbsc/tests/bsc-nat/bsc_nat_test.c @@ -657,12 +657,29 @@ static struct cr_filter cr_filter[] = { /* filter as deny is first */ .data = bss_lu, .length = sizeof(bss_lu), - .result = -2, + .result = 1, .bsc_imsi_deny = "[0-9]*", .bsc_imsi_allow = "[0-9]*", .nat_imsi_deny = "[0-9]*", .contype = NAT_CON_TYPE_LU, }, + { + /* deny by nat rule */ + .data = bss_lu, + .length = sizeof(bss_lu), + .result = -3, + .bsc_imsi_deny = "000[0-9]*", + .nat_imsi_deny = "[0-9]*", + .contype = NAT_CON_TYPE_LU, + }, + { + /* deny by bsc rule */ + .data = bss_lu, + .length = sizeof(bss_lu), + .result = -2, + .bsc_imsi_deny = "[0-9]*", + .contype = NAT_CON_TYPE_LU, + }, }; -- cgit v1.2.3