diff options
author | Holger Hans Peter Freyther <zecke@selfish.org> | 2010-05-14 19:49:35 +0800 |
---|---|---|
committer | Holger Hans Peter Freyther <zecke@selfish.org> | 2010-05-14 19:49:35 +0800 |
commit | fdc4a9386f64462511b044fa68a2c3901d936b12 (patch) | |
tree | 7177f8ee7c88f5f919719ff1466d6826cda48c61 /openbsc/src/nat/bsc_nat_utils.c | |
parent | 023ac9337739a7937757d6cbc7f234eba655d4f6 (diff) |
[nat] Implement IMSI filtering...
Diffstat (limited to 'openbsc/src/nat/bsc_nat_utils.c')
-rw-r--r-- | openbsc/src/nat/bsc_nat_utils.c | 55 |
1 files changed, 49 insertions, 6 deletions
diff --git a/openbsc/src/nat/bsc_nat_utils.c b/openbsc/src/nat/bsc_nat_utils.c index c987b69bc..43b4fb0d0 100644 --- a/openbsc/src/nat/bsc_nat_utils.c +++ b/openbsc/src/nat/bsc_nat_utils.c @@ -193,6 +193,54 @@ int bsc_write(struct bsc_connection *bsc, struct msgb *msg, int proto) return 0; } +/* apply white/black list */ +static int auth_imsi(struct bsc_connection *bsc, const char *mi_string) +{ + regmatch_t match[1]; + + /* + * Now apply blacklist/whitelist of the BSC and the NAT. + * 1.) Reject if the IMSI is not allowed at the BSC + * 2.) Allow directly if the IMSI is allowed at the BSC + * 3.) Reject if the IMSI not allowed at the global level. + * 4.) Allow directly if the IMSI is allowed at the global level + */ + + /* 1. BSC deny */ + if (bsc->cfg->imsi_deny) { + if (regexec(&bsc->cfg->imsi_deny_re, mi_string, 1, match, 0) == 0) { + LOGP(DNAT, LOGL_ERROR, + "Filtering %s by imsi_deny.\n", mi_string); + return -2; + } + } + + /* 2. BSC allow */ + if (bsc->cfg->imsi_allow) { + if (regexec(&bsc->cfg->imsi_allow_re, mi_string, 1, match, 0) == 0) + return 0; + } + + /* 3. NAT deny */ + if (bsc->nat->imsi_deny) { + if (regexec(&bsc->nat->imsi_deny_re, mi_string, 1, match, 0) == 0) { + LOGP(DNAT, LOGL_ERROR, + "Filtering %s by nat imsi_deny.\n", mi_string); + return -3; + } + } + + /* 4. NAT allow */ + if (bsc->nat->imsi_allow) { + if (regexec(&bsc->nat->imsi_allow_re, mi_string, 0, NULL, 0) == 0) + return 0; + } else { + return 0; + } + + /* unmatched */ + return -3; +} static int _cr_check_loc_upd(struct bsc_connection *bsc, uint8_t *data, unsigned int length) { @@ -217,12 +265,7 @@ static int _cr_check_loc_upd(struct bsc_connection *bsc, uint8_t *data, unsigned return 0; gsm48_mi_to_string(mi_string, sizeof(mi_string), lu->mi, lu->mi_len); - - /* - * Now apply blacklist/whitelist - */ - - return 0; + return auth_imsi(bsc, mi_string); } |