diff options
-rw-r--r-- | configure.ac | 1 | ||||
-rw-r--r-- | include/osmocom/bsc/Makefile.am | 1 | ||||
-rw-r--r-- | include/osmocom/bsc/bsc_msc_data.h | 4 | ||||
-rw-r--r-- | include/osmocom/bsc/bsc_msg_filter.h | 103 | ||||
-rw-r--r-- | include/osmocom/bsc/gsm_04_08_rr.h | 2 | ||||
-rw-r--r-- | include/osmocom/bsc/gsm_data.h | 4 | ||||
-rw-r--r-- | include/osmocom/bsc/osmo_bsc.h | 3 | ||||
-rw-r--r-- | src/Makefile.am | 1 | ||||
-rw-r--r-- | src/libfilter/Makefile.am | 27 | ||||
-rw-r--r-- | src/libfilter/bsc_msg_acc.c | 136 | ||||
-rw-r--r-- | src/libfilter/bsc_msg_filter.c | 339 | ||||
-rw-r--r-- | src/libfilter/bsc_msg_vty.c | 149 | ||||
-rw-r--r-- | src/osmo-bsc/Makefile.am | 1 | ||||
-rw-r--r-- | src/osmo-bsc/gsm_08_08.c | 107 | ||||
-rw-r--r-- | src/osmo-bsc/osmo_bsc_main.c | 7 | ||||
-rw-r--r-- | src/osmo-bsc/osmo_bsc_vty.c | 66 | ||||
-rw-r--r-- | tests/handover/Makefile.am | 2 |
17 files changed, 2 insertions, 951 deletions
diff --git a/configure.ac b/configure.ac index d96dfb261..6555f875d 100644 --- a/configure.ac +++ b/configure.ac @@ -236,7 +236,6 @@ AC_OUTPUT( include/osmocom/Makefile include/osmocom/bsc/Makefile src/Makefile - src/libfilter/Makefile src/osmo-bsc/Makefile src/ipaccess/Makefile src/utils/Makefile diff --git a/include/osmocom/bsc/Makefile.am b/include/osmocom/bsc/Makefile.am index 396604eb1..509df9a64 100644 --- a/include/osmocom/bsc/Makefile.am +++ b/include/osmocom/bsc/Makefile.am @@ -6,7 +6,6 @@ noinst_HEADERS = \ acc_ramp.h \ arfcn_range_encode.h \ assignment_fsm.h \ - bsc_msg_filter.h \ bsc_rll.h \ bsc_subscriber.h \ bsc_subscr_conn_fsm.h \ diff --git a/include/osmocom/bsc/bsc_msc_data.h b/include/osmocom/bsc/bsc_msc_data.h index a97616f8a..c77c562c4 100644 --- a/include/osmocom/bsc/bsc_msc_data.h +++ b/include/osmocom/bsc/bsc_msc_data.h @@ -150,8 +150,6 @@ struct bsc_msc_data { /* ussd text when MSC has entered the grace period */ char *ussd_grace_txt; - char *acc_lst_name; - /* structures for keeping rate counters and gauge stats */ struct rate_ctr_group *msc_ctrs; struct osmo_stat_item_group *msc_statg; @@ -224,8 +222,6 @@ struct osmo_bsc_data { /* ussd text when there is no MSC available */ char *ussd_no_msc_txt; - char *acc_lst_name; - struct bsc_cbc_link *cbc; }; diff --git a/include/osmocom/bsc/bsc_msg_filter.h b/include/osmocom/bsc/bsc_msg_filter.h deleted file mode 100644 index fe8748526..000000000 --- a/include/osmocom/bsc/bsc_msg_filter.h +++ /dev/null @@ -1,103 +0,0 @@ -#pragma once - -#include <osmocom/core/msgb.h> -#include <osmocom/core/msgfile.h> -#include <osmocom/core/linuxrbtree.h> -#include <osmocom/core/linuxlist.h> - -#include <regex.h> - -struct vty; -struct gsm48_hdr; - -struct bsc_filter_reject_cause { - int lu_reject_cause; - int cm_reject_cause; -}; - -struct bsc_filter_barr_entry { - struct rb_node node; - - char *imsi; - int cm_reject_cause; - int lu_reject_cause; -}; - -enum bsc_filter_acc_ctr { - ACC_LIST_LOCAL_FILTER, - ACC_LIST_GLOBAL_FILTER, -}; - -struct bsc_msg_acc_lst { - struct llist_head list; - - /* counter */ - struct rate_ctr_group *stats; - - /* the name of the list */ - const char *name; - struct llist_head fltr_list; -}; - -struct bsc_msg_acc_lst_entry { - struct llist_head list; - - /* the filter */ - char *imsi_allow; - regex_t imsi_allow_re; - char *imsi_deny; - regex_t imsi_deny_re; - - /* reject reasons for the access lists */ - int cm_reject_cause; - int lu_reject_cause; -}; - -enum { - FLT_CON_TYPE_NONE, - FLT_CON_TYPE_LU, - FLT_CON_TYPE_CM_SERV_REQ, - FLT_CON_TYPE_PAG_RESP, - FLT_CON_TYPE_SSA, - FLT_CON_TYPE_LOCAL_REJECT, - FLT_CON_TYPE_OTHER, -}; - - -struct bsc_filter_state { - char *imsi; - int imsi_checked; - int con_type; -}; - -struct bsc_filter_request { - void *ctx; - struct rb_root *black_list; - struct llist_head *access_lists; - const char *local_lst_name; - const char *global_lst_name; - int bsc_nr; -}; - -/** - * Content filtering. - */ -int bsc_msg_filter_initial(struct gsm48_hdr *hdr, size_t size, - struct bsc_filter_request *req, - int *con_type, char **imsi, - struct bsc_filter_reject_cause *cause); -int bsc_msg_filter_data(struct gsm48_hdr *hdr, size_t size, - struct bsc_filter_request *req, - struct bsc_filter_state *state, - struct bsc_filter_reject_cause *cause); - -/* IMSI allow/deny handling */ -struct bsc_msg_acc_lst *bsc_msg_acc_lst_find(struct llist_head *lst, const char *name); -struct bsc_msg_acc_lst *bsc_msg_acc_lst_get(void *ctx, struct llist_head *lst, const char *name); -void bsc_msg_acc_lst_delete(struct bsc_msg_acc_lst *lst); - -struct bsc_msg_acc_lst_entry *bsc_msg_acc_lst_entry_create(struct bsc_msg_acc_lst *); -int bsc_msg_acc_lst_check_allow(struct bsc_msg_acc_lst *lst, const char *imsi); - -void bsc_msg_acc_lst_vty_init(void *ctx, struct llist_head *lst, int node); -void bsc_msg_acc_lst_write(struct vty *vty); diff --git a/include/osmocom/bsc/gsm_04_08_rr.h b/include/osmocom/bsc/gsm_04_08_rr.h index f0c0f4223..06cefa9de 100644 --- a/include/osmocom/bsc/gsm_04_08_rr.h +++ b/include/osmocom/bsc/gsm_04_08_rr.h @@ -1,6 +1,7 @@ #pragma once #include <stdint.h> +#include <osmocom/core/msgb.h> struct amr_mode; struct amr_multirate_conf; @@ -11,7 +12,6 @@ struct gsm_lchan; struct gsm_meas_rep; struct gsm_network; struct gsm_subscriber_connection; -struct msgb; void gsm_net_update_ctype(struct gsm_network *network); enum gsm_chan_t get_ctype_by_chreq(struct gsm_network *network, uint8_t ra); diff --git a/include/osmocom/bsc/gsm_data.h b/include/osmocom/bsc/gsm_data.h index a2e103d2e..e6a7708b0 100644 --- a/include/osmocom/bsc/gsm_data.h +++ b/include/osmocom/bsc/gsm_data.h @@ -31,7 +31,6 @@ #include <osmocom/gsm/protocol/gsm_12_21.h> #include <osmocom/abis/e1_input.h> #include <osmocom/bsc/meas_rep.h> -#include <osmocom/bsc/bsc_msg_filter.h> #include <osmocom/bsc/acc_ramp.h> #include <osmocom/bsc/neighbor_ident.h> #include <osmocom/bsc/osmux.h> @@ -265,9 +264,6 @@ struct gsm_subscriber_connection { /* state related to welcome USSD */ uint8_t new_subscriber; - /* state related to osmo_bsc_filter.c */ - struct bsc_filter_state filter_state; - /* SCCP connection associatd with this subscriber_connection */ struct { /* for advanced ping/pong */ diff --git a/include/osmocom/bsc/osmo_bsc.h b/include/osmocom/bsc/osmo_bsc.h index 163e49456..8999a2e80 100644 --- a/include/osmocom/bsc/osmo_bsc.h +++ b/include/osmocom/bsc/osmo_bsc.h @@ -2,8 +2,6 @@ #include <osmocom/gsm/protocol/gsm_04_08.h> -#include <osmocom/bsc/bsc_msg_filter.h> - #define BSS_SEND_USSD 1 enum bsc_con { @@ -13,6 +11,7 @@ enum bsc_con { BSC_CON_NO_MEM, }; +struct msgb; struct bsc_msc_data; struct gsm0808_channel_type; struct gsm0808_speech_codec_list; diff --git a/src/Makefile.am b/src/Makefile.am index 62ae4dde8..43b00b284 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -20,7 +20,6 @@ AM_LDFLAGS = \ $(NULL) SUBDIRS = \ - libfilter \ osmo-bsc \ utils \ $(NULL) diff --git a/src/libfilter/Makefile.am b/src/libfilter/Makefile.am deleted file mode 100644 index 8b0597bc6..000000000 --- a/src/libfilter/Makefile.am +++ /dev/null @@ -1,27 +0,0 @@ -AM_CPPFLAGS = \ - $(all_includes) \ - -I$(top_srcdir)/include \ - -I$(top_builddir) \ - $(NULL) - -AM_CFLAGS = \ - -Wall \ - $(LIBOSMOCORE_CFLAGS) \ - $(LIBOSMOGSM_CFLAGS) \ - $(LIBOSMOVTY_CFLAGS) \ - $(LIBOSMOABIS_CFLAGS) \ - $(LIBOSMOSIGTRAN_CFLAGS) \ - $(LIBOSMOLEGACYMGCP_CFLAGS) \ - $(COVERAGE_CFLAGS) \ - $(NULL) - -noinst_LIBRARIES = \ - libfilter.a \ - $(NULL) - -libfilter_a_SOURCES = \ - bsc_msg_filter.c \ - bsc_msg_acc.c \ - bsc_msg_vty.c \ - $(NULL) - diff --git a/src/libfilter/bsc_msg_acc.c b/src/libfilter/bsc_msg_acc.c deleted file mode 100644 index 8853dbb5c..000000000 --- a/src/libfilter/bsc_msg_acc.c +++ /dev/null @@ -1,136 +0,0 @@ -/* - * (C) 2010-2015 by Holger Hans Peter Freyther <zecke@selfish.org> - * (C) 2010-2011 by On-Waves - * All Rights Reserved - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License - * along with this program. If not, see <http://www.gnu.org/licenses/>. - * - */ - -#include <osmocom/bsc/bsc_msg_filter.h> -#include <osmocom/bsc/debug.h> - -#include <osmocom/gsm/protocol/gsm_04_08.h> - -#include <osmocom/core/rate_ctr.h> -#include <osmocom/core/stats.h> - -#include <string.h> - -static const struct rate_ctr_desc acc_list_ctr_description[] = { - [ACC_LIST_LOCAL_FILTER] = { "access-list:local-filter", "Rejected by rule for local"}, - [ACC_LIST_GLOBAL_FILTER]= { "access-list:global-filter", "Rejected by rule for global"}, -}; - -static const struct rate_ctr_group_desc bsc_cfg_acc_list_desc = { - .group_name_prefix = "nat:filter", - .group_description = "NAT Access-List Statistics", - .num_ctr = ARRAY_SIZE(acc_list_ctr_description), - .ctr_desc = acc_list_ctr_description, - .class_id = OSMO_STATS_CLASS_GLOBAL, -}; - -/*! Find an unused index for this rate counter group. - * \param[in] head List of allocated ctr groups of the same type - * \returns the largest used index number + 1, or 0 if none exist yet. */ -static unsigned int rate_ctr_get_unused_idx(struct llist_head *head) -{ - unsigned int idx = 0; - struct bsc_msg_acc_lst *lst; - - llist_for_each_entry(lst, head, list) { - if (idx <= lst->stats->idx) - idx = lst->stats->idx + 1; - } - return idx; -} - - -int bsc_msg_acc_lst_check_allow(struct bsc_msg_acc_lst *lst, const char *mi_string) -{ - struct bsc_msg_acc_lst_entry *entry; - - llist_for_each_entry(entry, &lst->fltr_list, list) { - if (!entry->imsi_allow) - continue; - if (regexec(&entry->imsi_allow_re, mi_string, 0, NULL, 0) == 0) - return 0; - } - - return 1; -} - -struct bsc_msg_acc_lst *bsc_msg_acc_lst_find(struct llist_head *head, const char *name) -{ - struct bsc_msg_acc_lst *lst; - - if (!name) - return NULL; - - llist_for_each_entry(lst, head, list) - if (strcmp(lst->name, name) == 0) - return lst; - - return NULL; -} - -struct bsc_msg_acc_lst *bsc_msg_acc_lst_get(void *ctx, struct llist_head *head, const char *name) -{ - struct bsc_msg_acc_lst *lst; - unsigned int new_idx; - - lst = bsc_msg_acc_lst_find(head, name); - if (lst) - return lst; - - lst = talloc_zero(ctx, struct bsc_msg_acc_lst); - if (!lst) { - LOGP(DFILTER, LOGL_ERROR, "Failed to allocate access list\n"); - return NULL; - } - - new_idx = rate_ctr_get_unused_idx(head); - lst->stats = rate_ctr_group_alloc(lst, &bsc_cfg_acc_list_desc, new_idx); - if (!lst->stats) { - talloc_free(lst); - return NULL; - } - - INIT_LLIST_HEAD(&lst->fltr_list); - lst->name = talloc_strdup(lst, name); - llist_add_tail(&lst->list, head); - return lst; -} - -void bsc_msg_acc_lst_delete(struct bsc_msg_acc_lst *lst) -{ - llist_del(&lst->list); - rate_ctr_group_free(lst->stats); - talloc_free(lst); -} - -struct bsc_msg_acc_lst_entry *bsc_msg_acc_lst_entry_create(struct bsc_msg_acc_lst *lst) -{ - struct bsc_msg_acc_lst_entry *entry; - - entry = talloc_zero(lst, struct bsc_msg_acc_lst_entry); - if (!entry) - return NULL; - - entry->cm_reject_cause = GSM48_REJECT_PLMN_NOT_ALLOWED; - entry->lu_reject_cause = GSM48_REJECT_PLMN_NOT_ALLOWED; - llist_add_tail(&entry->list, &lst->fltr_list); - return entry; -} - diff --git a/src/libfilter/bsc_msg_filter.c b/src/libfilter/bsc_msg_filter.c deleted file mode 100644 index 1318689fa..000000000 --- a/src/libfilter/bsc_msg_filter.c +++ /dev/null @@ -1,339 +0,0 @@ -/* - * Access filtering - */ -/* - * (C) 2010-2015 by Holger Hans Peter Freyther <zecke@selfish.org> - * (C) 2010-2012 by On-Waves - * All Rights Reserved - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License - * along with this program. If not, see <http://www.gnu.org/licenses/>. - * - */ - -#include <osmocom/bsc/bsc_msg_filter.h> - -#include <osmocom/bsc/gsm_data.h> -#include <osmocom/bsc/debug.h> -#include <osmocom/bsc/ipaccess.h> -#include <osmocom/bsc/gsm_04_08_rr.h> - -#include <osmocom/core/talloc.h> -#include <osmocom/gsm/gsm0808.h> - -#include <osmocom/gsm/protocol/gsm_08_08.h> -#include <osmocom/gsm/protocol/gsm_04_11.h> -#include <osmocom/gsm/gsm48.h> - -static int bsc_filter_barr_find(struct rb_root *root, const char *imsi, int *cm, int *lu) -{ - struct bsc_filter_barr_entry *n; - n = rb_entry(root->rb_node, struct bsc_filter_barr_entry, node); - - while (n) { - int rc = strcmp(imsi, n->imsi); - if (rc == 0) { - *cm = n->cm_reject_cause; - *lu = n->lu_reject_cause; - return 1; - } - - n = rb_entry( - (rc < 0) ? n->node.rb_left : n->node.rb_right, - struct bsc_filter_barr_entry, node); - }; - - return 0; -} - - -static int lst_check_deny(struct bsc_msg_acc_lst *lst, const char *mi_string, - int *cm_cause, int *lu_cause) -{ - struct bsc_msg_acc_lst_entry *entry; - - llist_for_each_entry(entry, &lst->fltr_list, list) { - if (!entry->imsi_deny) - continue; - if (regexec(&entry->imsi_deny_re, mi_string, 0, NULL, 0) == 0) { - *cm_cause = entry->cm_reject_cause; - *lu_cause = entry->lu_reject_cause; - return 0; - } - } - - return 1; -} - -/* apply white/black list */ -static int auth_imsi(struct bsc_filter_request *req, - const char *imsi, - struct bsc_filter_reject_cause *cause) -{ - /* - * Now apply blacklist/whitelist of the BSC and the NAT. - * 1.) Check the global IMSI barr list - * 2.) Allow directly if the IMSI is allowed at the BSC - * 3.) Reject if the IMSI is not allowed at the BSC - * 4.) Allow directly if the IMSI is allowed at the global level - * 5.) Reject if the IMSI not allowed at the global level. - */ - int cm, lu; - struct bsc_msg_acc_lst *nat_lst = NULL; - struct bsc_msg_acc_lst *bsc_lst = NULL; - - /* 1. global check for barred imsis */ - if (req->black_list && bsc_filter_barr_find(req->black_list, imsi, &cm, &lu)) { - cause->cm_reject_cause = cm; - cause->lu_reject_cause = lu; - LOGP(DFILTER, LOGL_DEBUG, - "Blocking subscriber IMSI %s with CM: %d LU: %d\n", - imsi, cm, lu); - return -4; - } - - - bsc_lst = bsc_msg_acc_lst_find(req->access_lists, req->local_lst_name); - nat_lst = bsc_msg_acc_lst_find(req->access_lists, req->global_lst_name); - - - if (bsc_lst) { - /* 2. BSC allow */ - if (bsc_msg_acc_lst_check_allow(bsc_lst, imsi) == 0) - return 1; - - /* 3. BSC deny */ - if (lst_check_deny(bsc_lst, imsi, &cm, &lu) == 0) { - LOGP(DFILTER, LOGL_ERROR, - "Filtering %s by imsi_deny on config nr: %d.\n", imsi, req->bsc_nr); - rate_ctr_inc(&bsc_lst->stats->ctr[ACC_LIST_LOCAL_FILTER]); - cause->cm_reject_cause = cm; - cause->lu_reject_cause = lu; - return -2; - } - - } - - if (nat_lst) { - /* 4. global allow */ - if (bsc_msg_acc_lst_check_allow(nat_lst, imsi) == 0) - return 1; - - /* 5. global deny */ - if (lst_check_deny(nat_lst, imsi, &cm, &lu) == 0) { - LOGP(DFILTER, LOGL_ERROR, - "Filtering %s global imsi_deny on bsc nr: %d.\n", imsi, req->bsc_nr); - rate_ctr_inc(&nat_lst->stats->ctr[ACC_LIST_GLOBAL_FILTER]); - cause->cm_reject_cause = cm; - cause->lu_reject_cause = lu; - return -3; - } - } - - return 1; -} - -static int _cr_check_loc_upd(void *ctx, - uint8_t *data, unsigned int length, - char **imsi) -{ - uint8_t mi_type; - struct gsm48_loc_upd_req *lu; - char mi_string[GSM48_MI_SIZE]; - - if (length < sizeof(*lu)) { - LOGP(DFILTER, LOGL_ERROR, - "LU does not fit. Length is %d \n", length); - return -1; - } - - lu = (struct gsm48_loc_upd_req *) data; - mi_type = lu->mi[0] & GSM_MI_TYPE_MASK; - - /* - * We can only deal with the IMSI. This will fail for a phone that - * will send the TMSI of a previous network to us. - */ - if (mi_type != GSM_MI_TYPE_IMSI) - return 0; - - gsm48_mi_to_string(mi_string, sizeof(mi_string), lu->mi, lu->mi_len); - *imsi = talloc_strdup(ctx, mi_string); - return 1; -} - -static int _cr_check_cm_serv_req(void *ctx, - uint8_t *data, unsigned int length, - int *con_type, char **imsi) -{ - static const uint32_t classmark_offset = - offsetof(struct gsm48_service_request, classmark); - - char mi_string[GSM48_MI_SIZE]; - uint8_t mi_type; - int rc; - struct gsm48_service_request *req; - - /* unfortunately in Phase1 the classmark2 length is variable */ - - if (length < sizeof(*req)) { - LOGP(DFILTER, LOGL_ERROR, - "CM Serv Req does not fit. Length is %d\n", length); - return -1; - } - - req = (struct gsm48_service_request *) data; - if (req->cm_service_type == 0x8) - *con_type = FLT_CON_TYPE_SSA; - rc = gsm48_extract_mi((uint8_t *) &req->classmark, - length - classmark_offset, mi_string, &mi_type); - if (rc < 0) { - LOGP(DFILTER, LOGL_ERROR, "Failed to parse the classmark2/mi. error: %d\n", rc); - return -1; - } - - /* we have to let the TMSI or such pass */ - if (mi_type != GSM_MI_TYPE_IMSI) - return 0; - - *imsi = talloc_strdup(ctx, mi_string); - return 1; -} - -static int _cr_check_pag_resp(void *ctx, - uint8_t *data, unsigned int length, char **imsi) -{ - struct gsm48_pag_resp *resp; - char mi_string[GSM48_MI_SIZE]; - uint8_t mi_type; - - if (length < sizeof(*resp)) { - LOGP(DFILTER, LOGL_ERROR, "PAG RESP does not fit. Length was %d.\n", length); - return -1; - } - - resp = (struct gsm48_pag_resp *) data; - if (gsm48_paging_extract_mi(resp, length, mi_string, &mi_type) < 0) { - LOGP(DFILTER, LOGL_ERROR, "Failed to extract the MI.\n"); - return -1; - } - - /* we need to let it pass for now */ - if (mi_type != GSM_MI_TYPE_IMSI) - return 0; - - *imsi = talloc_strdup(ctx, mi_string); - return 1; -} - -static int _dt_check_id_resp(struct bsc_filter_request *req, - uint8_t *data, unsigned int length, - struct bsc_filter_state *state, - struct bsc_filter_reject_cause *cause) -{ - char mi_string[GSM48_MI_SIZE]; - uint8_t mi_type; - - if (length < 2) { - LOGP(DFILTER, LOGL_ERROR, "mi does not fit.\n"); - return -1; - } - - if (data[0] < length - 1) { - LOGP(DFILTER, LOGL_ERROR, "mi length too big.\n"); - return -2; - } - - mi_type = data[1] & GSM_MI_TYPE_MASK; - gsm48_mi_to_string(mi_string, sizeof(mi_string), &data[1], data[0]); - - if (mi_type != GSM_MI_TYPE_IMSI) - return 0; - - state->imsi_checked = 1; - state->imsi = talloc_strdup(req->ctx, mi_string); - return auth_imsi(req, mi_string, cause); -} - - -/* Filter out CR data... */ -int bsc_msg_filter_initial(struct gsm48_hdr *hdr48, size_t hdr48_len, - struct bsc_filter_request *req, - int *con_type, - char **imsi, struct bsc_filter_reject_cause *cause) -{ - int ret = 0; - uint8_t msg_type, proto; - - *con_type = FLT_CON_TYPE_NONE; - cause->cm_reject_cause = GSM48_REJECT_PLMN_NOT_ALLOWED; - cause->lu_reject_cause = GSM48_REJECT_PLMN_NOT_ALLOWED; - *imsi = NULL; - - proto = gsm48_hdr_pdisc(hdr48); - msg_type = gsm48_hdr_msg_type(hdr48); - if (proto == GSM48_PDISC_MM && - msg_type == GSM48_MT_MM_LOC_UPD_REQUEST) { - *con_type = FLT_CON_TYPE_LU; - ret = _cr_check_loc_upd(req->ctx, &hdr48->data[0], - hdr48_len - sizeof(*hdr48), imsi); - } else if (proto == GSM48_PDISC_MM && - msg_type == GSM48_MT_MM_CM_SERV_REQ) { - *con_type = FLT_CON_TYPE_CM_SERV_REQ; - ret = _cr_check_cm_serv_req(req->ctx, &hdr48->data[0], - hdr48_len - sizeof(*hdr48), - con_type, imsi); - } else if (proto == GSM48_PDISC_RR && - msg_type == GSM48_MT_RR_PAG_RESP) { - *con_type = FLT_CON_TYPE_PAG_RESP; - ret = _cr_check_pag_resp(req->ctx, &hdr48->data[0], - hdr48_len - sizeof(*hdr48), imsi); - } else { - /* We only want to filter the above, let other things pass */ - *con_type = FLT_CON_TYPE_OTHER; - return 0; - } - - /* check if we are done */ - if (ret != 1) - return ret; - - /* the memory allocation failed */ - if (!*imsi) - return -1; - - /* now check the imsi */ - return auth_imsi(req, *imsi, cause); -} - -int bsc_msg_filter_data(struct gsm48_hdr *hdr48, size_t len, - struct bsc_filter_request *req, - struct bsc_filter_state *state, - struct bsc_filter_reject_cause *cause) -{ - uint8_t msg_type, proto; - - cause->cm_reject_cause = GSM48_REJECT_PLMN_NOT_ALLOWED; - cause->lu_reject_cause = GSM48_REJECT_PLMN_NOT_ALLOWED; - - if (state->imsi_checked) - return 0; - - proto = gsm48_hdr_pdisc(hdr48); - msg_type = gsm48_hdr_msg_type(hdr48); - if (proto != GSM48_PDISC_MM || msg_type != GSM48_MT_MM_ID_RESP) - return 0; - - return _dt_check_id_resp(req, &hdr48->data[0], - len - sizeof(*hdr48), state, cause); -} diff --git a/src/libfilter/bsc_msg_vty.c b/src/libfilter/bsc_msg_vty.c deleted file mode 100644 index b26f4f1a6..000000000 --- a/src/libfilter/bsc_msg_vty.c +++ /dev/null @@ -1,149 +0,0 @@ -/* (C) 2010-2015 by Holger Hans Peter Freyther - * (C) 2010-2013 by On-Waves - * All Rights Reserved - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License - * along with this program. If not, see <http://www.gnu.org/licenses/>. - * - */ - -#include <osmocom/bsc/bsc_msg_filter.h> -#include <osmocom/bsc/gsm_data.h> -#include <osmocom/bsc/vty.h> - -#include <osmocom/vty/misc.h> - -static struct llist_head *_acc_lst; -static void *_ctx; - -static void bsc_msg_acc_lst_write_one(struct vty *vty, struct bsc_msg_acc_lst *lst) -{ - struct bsc_msg_acc_lst_entry *entry; - - llist_for_each_entry(entry, &lst->fltr_list, list) { - if (entry->imsi_allow) - vty_out(vty, " access-list %s imsi-allow %s%s", - lst->name, entry->imsi_allow, VTY_NEWLINE); - if (entry->imsi_deny) - vty_out(vty, " access-list %s imsi-deny %s %d %d%s", - lst->name, entry->imsi_deny, - entry->cm_reject_cause, entry->lu_reject_cause, - VTY_NEWLINE); - } -} - -DEFUN(cfg_lst_no, - cfg_lst_no_cmd, - "no access-list NAME", - NO_STR "Remove an access-list by name\n" - "The access-list to remove\n") -{ - struct bsc_msg_acc_lst *acc; - acc = bsc_msg_acc_lst_find(_acc_lst, argv[0]); - if (!acc) - return CMD_WARNING; - - bsc_msg_acc_lst_delete(acc); - return CMD_SUCCESS; -} - -DEFUN(show_acc_lst, - show_acc_lst_cmd, - "show access-list NAME", - SHOW_STR "IMSI access list\n" "Name of the access list\n") -{ - struct bsc_msg_acc_lst *acc; - acc = bsc_msg_acc_lst_find(_acc_lst, argv[0]); - if (!acc) - return CMD_WARNING; - - vty_out(vty, "access-list %s%s", acc->name, VTY_NEWLINE); - bsc_msg_acc_lst_write_one(vty, acc); - vty_out_rate_ctr_group(vty, " ", acc->stats); - - return CMD_SUCCESS; -} - -DEFUN(cfg_lst_imsi_allow, - cfg_lst_imsi_allow_cmd, - "access-list NAME imsi-allow [REGEXP]", - "Access list commands\n" - "Name of the access list\n" - "Add allowed IMSI to the list\n" - "Regexp for IMSIs\n") -{ - struct bsc_msg_acc_lst *acc; - struct bsc_msg_acc_lst_entry *entry; - - acc = bsc_msg_acc_lst_get(_ctx, _acc_lst, argv[0]); - if (!acc) - return CMD_WARNING; - - entry = bsc_msg_acc_lst_entry_create(acc); - if (!entry) - return CMD_WARNING; - - if (gsm_parse_reg(acc, &entry->imsi_allow_re, &entry->imsi_allow, argc - 1, &argv[1]) != 0) - return CMD_WARNING; - return CMD_SUCCESS; -} - -DEFUN(cfg_lst_imsi_deny, - cfg_lst_imsi_deny_cmd, - "access-list NAME imsi-deny [REGEXP] (<0-256>) (<0-256>)", - "Access list commands\n" - "Name of the access list\n" - "Add denied IMSI to the list\n" - "Regexp for IMSIs\n" - "CM Service Reject reason\n" - "LU Reject reason\n") -{ - struct bsc_msg_acc_lst *acc; - struct bsc_msg_acc_lst_entry *entry; - - acc = bsc_msg_acc_lst_get(_ctx, _acc_lst, argv[0]); - if (!acc) - return CMD_WARNING; - - entry = bsc_msg_acc_lst_entry_create(acc); - if (!entry) - return CMD_WARNING; - - if (gsm_parse_reg(acc, &entry->imsi_deny_re, &entry->imsi_deny, argc - 1, &argv[1]) != 0) - return CMD_WARNING; - if (argc >= 3) - entry->cm_reject_cause = atoi(argv[2]); - if (argc >= 4) - entry->lu_reject_cause = atoi(argv[3]); - return CMD_SUCCESS; -} - -void bsc_msg_acc_lst_write(struct vty *vty) -{ - struct bsc_msg_acc_lst *lst; - llist_for_each_entry(lst, _acc_lst, list) { - bsc_msg_acc_lst_write_one(vty, lst); - } -} - -void bsc_msg_acc_lst_vty_init(void *ctx, struct llist_head *lst, int node) -{ - _ctx = ctx; - _acc_lst = lst; - install_element_ve(&show_acc_lst_cmd); - - /* access-list */ - install_element(node, &cfg_lst_imsi_allow_cmd); - install_element(node, &cfg_lst_imsi_deny_cmd); - install_element(node, &cfg_lst_no_cmd); -} diff --git a/src/osmo-bsc/Makefile.am b/src/osmo-bsc/Makefile.am index 51d887579..6009e1d44 100644 --- a/src/osmo-bsc/Makefile.am +++ b/src/osmo-bsc/Makefile.am @@ -94,7 +94,6 @@ osmo_bsc_SOURCES = \ $(NULL) osmo_bsc_LDADD = \ - $(top_builddir)/src/libfilter/libfilter.a \ $(LIBOSMOCORE_LIBS) \ $(LIBOSMOGSM_LIBS) \ $(LIBOSMOVTY_LIBS) \ diff --git a/src/osmo-bsc/gsm_08_08.c b/src/osmo-bsc/gsm_08_08.c index 8a4b1c5fe..030808b06 100644 --- a/src/osmo-bsc/gsm_08_08.c +++ b/src/osmo-bsc/gsm_08_08.c @@ -58,70 +58,6 @@ static bool msc_connected(struct gsm_subscriber_connection *conn) static bool complete_layer3(struct gsm_subscriber_connection *conn, struct msgb *msg, struct bsc_msc_data *msc); -static void bsc_maybe_lu_reject(struct gsm_subscriber_connection *conn, int con_type, int cause) -{ - struct msgb *msg; - - /* ignore cm service request or such */ - if (con_type != FLT_CON_TYPE_LU) - return; - - msg = gsm48_create_loc_upd_rej(cause); - if (!msg) { - LOGP(DMM, LOGL_ERROR, "Failed to create msg for LOCATION UPDATING REJECT.\n"); - return; - } - - msg->lchan = conn->lchan; - gscon_submit_rsl_dtap(conn, msg, 0, 0); -} - -static int bsc_filter_initial(struct osmo_bsc_data *bsc, - struct bsc_msc_data *msc, - struct gsm_subscriber_connection *conn, - struct msgb *msg, char **imsi, int *con_type, - int *lu_cause) -{ - struct bsc_filter_request req; - struct bsc_filter_reject_cause cause; - struct gsm48_hdr *gh = msgb_l3(msg); - int rc; - - req.ctx = conn; - req.black_list = NULL; - req.access_lists = bsc_access_lists(); - req.local_lst_name = msc->acc_lst_name; - req.global_lst_name = conn_get_bts(conn)->network->bsc_data->acc_lst_name; - req.bsc_nr = 0; - - rc = bsc_msg_filter_initial(gh, msgb_l3len(msg), &req, - con_type, imsi, &cause); - *lu_cause = cause.lu_reject_cause; - return rc; -} - -static int bsc_filter_data(struct gsm_subscriber_connection *conn, - struct msgb *msg, int *lu_cause) -{ - struct bsc_filter_request req; - struct gsm48_hdr *gh = msgb_l3(msg); - struct bsc_filter_reject_cause cause; - int rc; - - req.ctx = conn; - req.black_list = NULL; - req.access_lists = bsc_access_lists(); - req.local_lst_name = conn->sccp.msc->acc_lst_name; - req.global_lst_name = conn_get_bts(conn)->network->bsc_data->acc_lst_name; - req.bsc_nr = 0; - - rc = bsc_msg_filter_data(gh, msgb_l3len(msg), &req, - &conn->filter_state, - &cause); - *lu_cause = cause.lu_reject_cause; - return rc; -} - /*! BTS->MSC: tell MSC a SAPI was not established. */ void bsc_sapi_n_reject(struct gsm_subscriber_connection *conn, int dlci) { @@ -489,22 +425,12 @@ int bsc_scan_bts_msg(struct gsm_subscriber_connection *conn, struct msgb *msg) static bool complete_layer3(struct gsm_subscriber_connection *conn, struct msgb *msg, struct bsc_msc_data *msc) { - int con_type, rc, lu_cause; - char *imsi = NULL; struct msgb *resp; enum bsc_con ret; struct gsm0808_speech_codec_list scl; log_set_context(LOG_CTX_BSC_SUBSCR, conn->bsub); - /* Check the filter */ - rc = bsc_filter_initial(msc->network->bsc_data, msc, conn, msg, - &imsi, &con_type, &lu_cause); - if (rc < 0) { - bsc_maybe_lu_reject(conn, con_type, lu_cause); - goto early_fail; - } - /* allocate resource for a new connection */ ret = osmo_bsc_sigtran_new_conn(conn, msc); @@ -517,28 +443,6 @@ static bool complete_layer3(struct gsm_subscriber_connection *conn, goto early_fail; } - /* TODO: also extract TMSI. We get an IMSI only when an initial L3 Complete comes in that - * contains an IMSI. We filter by IMSI. A TMSI identity is never returned here, see e.g. - * _cr_check_loc_upd() and other similar functions called from bsc_msg_filter_initial(). */ - if (imsi) { - conn->filter_state.imsi = talloc_steal(conn, imsi); - if (conn->bsub) { - log_set_context(LOG_CTX_BSC_SUBSCR, conn->bsub); - /* Already a subscriber on L3 Complete? Should never happen... */ - if (conn->bsub->imsi[0] - && strcmp(conn->bsub->imsi, imsi)) - LOGP(DMSC, LOGL_ERROR, "Subscriber's IMSI changes from %s to %s\n", - conn->bsub->imsi, imsi); - bsc_subscr_set_imsi(conn->bsub, imsi); - } else { - conn->bsub = bsc_subscr_find_or_create_by_imsi(msc->network->bsc_subscribers, - imsi); - log_set_context(LOG_CTX_BSC_SUBSCR, conn->bsub); - } - gscon_update_id(conn); - } - conn->filter_state.con_type = con_type; - /* check return value, if failed check msg for and send USSD */ bsc_scan_bts_msg(conn, msg); @@ -664,8 +568,6 @@ static int handle_cc_setup(struct gsm_subscriber_connection *conn, /*! MS->BSC/MSC: Um L3 message. */ void bsc_dtap(struct gsm_subscriber_connection *conn, uint8_t link_id, struct msgb *msg) { - int lu_cause; - log_set_context(LOG_CTX_BSC_SUBSCR, conn->bsub); if (!msc_connected(conn)) @@ -680,15 +582,6 @@ void bsc_dtap(struct gsm_subscriber_connection *conn, uint8_t link_id, struct ms if (handle_cc_setup(conn, msg) >= 1) goto done; - /* Check the filter */ - if (bsc_filter_data(conn, msg, &lu_cause) < 0) { - bsc_maybe_lu_reject(conn, - conn->filter_state.con_type, - lu_cause); - bsc_clear_request(conn, 0); - goto done; - } - bsc_scan_bts_msg(conn, msg); /* Store link_id in msg->cb */ diff --git a/src/osmo-bsc/osmo_bsc_main.c b/src/osmo-bsc/osmo_bsc_main.c index ad5a3a9da..42d05b1a2 100644 --- a/src/osmo-bsc/osmo_bsc_main.c +++ b/src/osmo-bsc/osmo_bsc_main.c @@ -84,12 +84,6 @@ struct gsm_network *bsc_gsmnet = 0; static const char *config_file = "osmo-bsc.cfg"; static const char *rf_ctrl = NULL; static int daemonize = 0; -static LLIST_HEAD(access_lists); - -struct llist_head *bsc_access_lists(void) -{ - return &access_lists; -} static void print_usage() { @@ -841,7 +835,6 @@ int main(int argc, char **argv) /* This needs to precede handle_options() */ vty_init(&vty_info); bsc_vty_init(bsc_gsmnet); - bsc_msg_acc_lst_vty_init(tall_bsc_ctx, &access_lists, BSC_NODE); ctrl_vty_init(tall_bsc_ctx); logging_vty_add_deprecated_subsys(tall_bsc_ctx, "cc"); logging_vty_add_deprecated_subsys(tall_bsc_ctx, "mgcp"); diff --git a/src/osmo-bsc/osmo_bsc_vty.c b/src/osmo-bsc/osmo_bsc_vty.c index 7174de1be..cf995cc2d 100644 --- a/src/osmo-bsc/osmo_bsc_vty.c +++ b/src/osmo-bsc/osmo_bsc_vty.c @@ -25,7 +25,6 @@ #include <osmocom/bsc/vty.h> #include <osmocom/bsc/bsc_subscriber.h> #include <osmocom/bsc/debug.h> -#include <osmocom/bsc/bsc_msg_filter.h> #include <osmocom/bsc/osmux.h> #include <osmocom/core/talloc.h> @@ -161,9 +160,6 @@ static void write_msc(struct vty *vty, struct bsc_msc_data *msc) if (msc->local_pref) vty_out(vty, " local-prefix %s%s", msc->local_pref, VTY_NEWLINE); - if (msc->acc_lst_name) - vty_out(vty, " access-list-name %s%s", msc->acc_lst_name, VTY_NEWLINE); - /* write amr options */ write_msc_amr_options(vty, msc); @@ -232,10 +228,6 @@ static int config_write_bsc(struct vty *vty) vty_out(vty, " missing-msc-text %s%s", bsc->ussd_no_msc_txt, VTY_NEWLINE); else vty_out(vty, " no missing-msc-text%s", VTY_NEWLINE); - if (bsc->acc_lst_name) - vty_out(vty, " access-list-name %s%s", bsc->acc_lst_name, VTY_NEWLINE); - - bsc_msg_acc_lst_write(vty); return CMD_SUCCESS; } @@ -528,33 +520,6 @@ AMR_COMMAND(5_90) AMR_COMMAND(5_15) AMR_COMMAND(4_75) -DEFUN(cfg_msc_acc_lst_name, - cfg_msc_acc_lst_name_cmd, - "access-list-name NAME", - "Set the name of the access list to use.\n" - "The name of the to be used access list.\n") -{ - struct bsc_msc_data *msc = bsc_msc_data(vty); - - osmo_talloc_replace_string(msc, &msc->acc_lst_name, argv[0]); - return CMD_SUCCESS; -} - -DEFUN(cfg_msc_no_acc_lst_name, - cfg_msc_no_acc_lst_name_cmd, - "no access-list-name", - NO_STR "Remove the access list from the NAT.\n") -{ - struct bsc_msc_data *msc = bsc_msc_data(vty); - - if (msc->acc_lst_name) { - talloc_free(msc->acc_lst_name); - msc->acc_lst_name = NULL; - } - - return CMD_SUCCESS; -} - /* Make sure only standard SSN numbers are used. If no ssn number is * configured, silently apply the default SSN */ static void enforce_standard_ssn(struct vty *vty, struct osmo_sccp_addr *addr) @@ -781,33 +746,6 @@ DEFUN(cfg_net_no_rf_off_time, return CMD_SUCCESS; } -DEFUN(cfg_bsc_acc_lst_name, - cfg_bsc_acc_lst_name_cmd, - "access-list-name NAME", - "Set the name of the access list to use.\n" - "The name of the to be used access list.\n") -{ - struct osmo_bsc_data *bsc = osmo_bsc_data(vty); - - osmo_talloc_replace_string(bsc, &bsc->acc_lst_name, argv[0]); - return CMD_SUCCESS; -} - -DEFUN(cfg_bsc_no_acc_lst_name, - cfg_bsc_no_acc_lst_name_cmd, - "no access-list-name", - NO_STR "Remove the access list from the BSC\n") -{ - struct osmo_bsc_data *bsc = osmo_bsc_data(vty); - - if (bsc->acc_lst_name) { - talloc_free(bsc->acc_lst_name); - bsc->acc_lst_name = NULL; - } - - return CMD_SUCCESS; -} - DEFUN(show_statistics, show_statistics_cmd, "show statistics", @@ -1005,8 +943,6 @@ int bsc_vty_init_extra(void) install_element(BSC_NODE, &cfg_net_no_rf_off_time_cmd); install_element(BSC_NODE, &cfg_net_bsc_missing_msc_ussd_cmd); install_element(BSC_NODE, &cfg_net_bsc_no_missing_msc_text_cmd); - install_element(BSC_NODE, &cfg_bsc_acc_lst_name_cmd); - install_element(BSC_NODE, &cfg_bsc_no_acc_lst_name_cmd); install_node(&msc_node, config_write_msc); install_element(MSC_NODE, &cfg_net_bsc_ncc_cmd); @@ -1037,8 +973,6 @@ int bsc_vty_init_extra(void) install_element(MSC_NODE, &cfg_net_msc_amr_octet_align_cmd); install_element(MSC_NODE, &cfg_net_msc_lcls_mode_cmd); install_element(MSC_NODE, &cfg_net_msc_lcls_mismtch_cmd); - install_element(MSC_NODE, &cfg_msc_acc_lst_name_cmd); - install_element(MSC_NODE, &cfg_msc_no_acc_lst_name_cmd); install_element(MSC_NODE, &cfg_msc_cs7_bsc_addr_cmd); install_element(MSC_NODE, &cfg_msc_cs7_msc_addr_cmd); install_element(MSC_NODE, &cfg_msc_cs7_asp_proto_cmd); diff --git a/tests/handover/Makefile.am b/tests/handover/Makefile.am index 8bd001259..901d5231e 100644 --- a/tests/handover/Makefile.am +++ b/tests/handover/Makefile.am @@ -41,8 +41,6 @@ handover_test_LDFLAGS = \ $(NULL) handover_test_LDADD = \ - $(top_builddir)/src/libfilter/bsc_msg_acc.o \ - $(top_builddir)/src/libfilter/bsc_msg_vty.o \ $(top_builddir)/src/osmo-bsc/a_reset.o \ $(top_builddir)/src/osmo-bsc/abis_nm.o \ $(top_builddir)/src/osmo-bsc/abis_nm_vty.o \ |