diff options
author | Holger Hans Peter Freyther <zecke@selfish.org> | 2010-04-02 03:42:44 +0200 |
---|---|---|
committer | Holger Hans Peter Freyther <zecke@selfish.org> | 2010-04-02 03:47:09 +0200 |
commit | c33701c4e557da47974f370ea93f3e7d88efb241 (patch) | |
tree | 0f1a42e4bc4657d05f6e227c2b56f1794a23e151 /openbsc/src/nat | |
parent | 44d92b472825ae51bc349a91c04c2547f6544a0f (diff) |
nat: Check the authentication bit later...
When moving it up here the code started to reject
the identity responses of the bsc and we would
never authenticate. Move it back down.
Diffstat (limited to 'openbsc/src/nat')
-rw-r--r-- | openbsc/src/nat/bsc_nat.c | 18 |
1 files changed, 12 insertions, 6 deletions
diff --git a/openbsc/src/nat/bsc_nat.c b/openbsc/src/nat/bsc_nat.c index b135bfec6..badbc9a53 100644 --- a/openbsc/src/nat/bsc_nat.c +++ b/openbsc/src/nat/bsc_nat.c @@ -385,12 +385,6 @@ static int forward_sccp_to_msc(struct bsc_connection *bsc, struct msgb *msg) struct sccp_connections *con; struct bsc_nat_parsed *parsed; - if (!bsc->authenticated) { - LOGP(DNAT, LOGL_ERROR, "BSC is not authenticated.\n"); - msgb_free(msg); - return -1; - } - /* Parse and filter messages */ parsed = bsc_nat_parse(msg); if (!parsed) { @@ -402,6 +396,18 @@ static int forward_sccp_to_msc(struct bsc_connection *bsc, struct msgb *msg) if (bsc_nat_filter_ipa(DIR_MSC, msg, parsed)) goto exit; + /* + * check authentication after filtering to not reject auth + * responses coming from the BSC. We have to make sure that + * nothing from the exit path will forward things to the MSC + */ + if (!bsc->authenticated) { + LOGP(DNAT, LOGL_ERROR, "BSC is not authenticated.\n"); + msgb_free(msg); + return -1; + } + + /* modify the SCCP entries */ if (parsed->ipa_proto == IPAC_PROTO_SCCP) { switch (parsed->sccp_type) { |