aboutsummaryrefslogtreecommitdiffstats
path: root/openbsc
diff options
context:
space:
mode:
authorHolger Hans Peter Freyther <zecke@selfish.org>2010-01-19 16:13:03 +0100
committerHolger Hans Peter Freyther <zecke@selfish.org>2010-01-21 08:52:40 +0100
commit42b0d6b4948ead0fadfd5085da689687b2fe5e9f (patch)
treed5e2c55c364bf27809e5384505ecf838580112e6 /openbsc
parent82d8b0457b888635ffeb8a1c5bb905908042cbd2 (diff)
[nat] Add a bsc_filter.c which will carry out the analysis and filtering
The first part is to analyze the IP Access Header and only forward SCCP messages for now. In the future we might want to do MGCP signalling through this protocol and connection as well and need to update this then.
Diffstat (limited to 'openbsc')
-rw-r--r--openbsc/include/openbsc/Makefile.am2
-rw-r--r--openbsc/include/openbsc/bsc_nat.h33
-rw-r--r--openbsc/src/Makefile.am2
-rw-r--r--openbsc/src/nat/bsc_filter.c34
-rw-r--r--openbsc/src/nat/bsc_nat.c20
5 files changed, 83 insertions, 8 deletions
diff --git a/openbsc/include/openbsc/Makefile.am b/openbsc/include/openbsc/Makefile.am
index 0c7b36f06..f5cf63941 100644
--- a/openbsc/include/openbsc/Makefile.am
+++ b/openbsc/include/openbsc/Makefile.am
@@ -5,4 +5,4 @@ noinst_HEADERS = abis_nm.h abis_rsl.h debug.h db.h gsm_04_08.h gsm_data.h \
gsm_utils.h ipaccess.h rs232.h openbscdefines.h rtp_proxy.h \
bsc_rll.h mncc.h talloc.h transaction.h ussd.h gsm_04_80.h \
silent_call.h mgcp.h meas_rep.h bitvec.h rest_octets.h \
- system_information.h handover.h bssap.h bsc_msc.h
+ system_information.h handover.h bssap.h bsc_msc.h bsc_nat.h
diff --git a/openbsc/include/openbsc/bsc_nat.h b/openbsc/include/openbsc/bsc_nat.h
new file mode 100644
index 000000000..ea30cae22
--- /dev/null
+++ b/openbsc/include/openbsc/bsc_nat.h
@@ -0,0 +1,33 @@
+/*
+ * (C) 2010 by Holger Hans Peter Freyther <zecke@selfish.org>
+ * (C) 2010 by on-waves.com
+ * All Rights Reserved
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ */
+
+#ifndef BSC_NAT_H
+#define BSC_NAT_H
+
+#include <sys/types.h>
+#include "msgb.h"
+
+/**
+ * filter based on IP Access header in both directions
+ */
+int bsc_nat_filter_ipa(struct msgb *msg);
+
+#endif
diff --git a/openbsc/src/Makefile.am b/openbsc/src/Makefile.am
index b6a8536a5..b8a631048 100644
--- a/openbsc/src/Makefile.am
+++ b/openbsc/src/Makefile.am
@@ -43,5 +43,5 @@ isdnsync_SOURCES = isdnsync.c
bsc_mgcp_SOURCES = bsc_mgcp.c msgb.c talloc.c debug.c select.c timer.c telnet_interface.c
bsc_mgcp_LDADD = libvty.a
-bsc_nat_SOURCES = nat/bsc_nat.c bsc_msc.c
+bsc_nat_SOURCES = nat/bsc_nat.c nat/bsc_filter.c bsc_msc.c
bsc_nat_LDADD = libbsc.a libsccp.a
diff --git a/openbsc/src/nat/bsc_filter.c b/openbsc/src/nat/bsc_filter.c
new file mode 100644
index 000000000..5c59f39a5
--- /dev/null
+++ b/openbsc/src/nat/bsc_filter.c
@@ -0,0 +1,34 @@
+/* BSC Multiplexer/NAT */
+
+/*
+ * (C) 2010 by Holger Hans Peter Freyther <zecke@selfish.org>
+ * (C) 2010 by on-waves.com
+ * All Rights Reserved
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ */
+
+#include <openbsc/bsc_nat.h>
+#include <openbsc/ipaccess.h>
+
+int bsc_nat_filter_ipa(struct msgb *msg)
+{
+ struct ipaccess_head *hh;
+
+ /* handle base message handling */
+ hh = (struct ipaccess_head *) msg->data;
+ return hh->proto == IPAC_PROTO_IPACCESS;
+}
diff --git a/openbsc/src/nat/bsc_nat.c b/openbsc/src/nat/bsc_nat.c
index 6aed7c982..98eaa9794 100644
--- a/openbsc/src/nat/bsc_nat.c
+++ b/openbsc/src/nat/bsc_nat.c
@@ -38,11 +38,14 @@
#include <openbsc/debug.h>
#include <openbsc/msgb.h>
#include <openbsc/bsc_msc.h>
+#include <openbsc/bsc_nat.h>
#include <openbsc/ipaccess.h>
#include <openbsc/abis_nm.h>
#include <openbsc/talloc.h>
#include <openbsc/linuxlist.h>
+#include <sccp/sccp.h>
+
static const char *config_file = "openbsc.cfg";
static char *msc_address = "127.0.0.1";
static struct in_addr local_addr;
@@ -65,6 +68,7 @@ struct bsc_connection {
static LLIST_HEAD(bsc_connections);
+
/*
* below are stubs we need to link
*/
@@ -101,6 +105,10 @@ static void forward_sccp_to_bts(struct msgb *msg)
/* filter, drop, patch the message? */
+ /* drop packets with the wrong IPA header */
+ if (bsc_nat_filter_ipa(msg))
+ return;
+
/* currently send this to every BSC connected */
llist_for_each_entry(bsc, &bsc_connections, list_entry) {
write(bsc->bsc_fd.fd, msg->data, msg->len);
@@ -160,6 +168,10 @@ static int forward_sccp_to_msc(struct msgb *msg)
{
/* FIXME: We need to filter out certain messages */
+ /* drop packets with the wrong IPA header */
+ if (bsc_nat_filter_ipa(msg))
+ return 0;
+
/* send the non-filtered but maybe modified msg */
return write(msc_connection.fd, msg->data, msg->len);
}
@@ -168,7 +180,6 @@ static int ipaccess_bsc_cb(struct bsc_fd *bfd, unsigned int what)
{
int error;
struct msgb *msg = ipaccess_read_msg(bfd, &error);
- struct ipaccess_head *hh;
if (!msg) {
if (error == 0) {
@@ -180,16 +191,13 @@ static int ipaccess_bsc_cb(struct bsc_fd *bfd, unsigned int what)
return -1;
}
- DEBUGP(DMSC, "MSG from BSC: %s proto: %d\n", hexdump(msg->data, msg->len), msg->l2h[0]);
- /* handle base message handling */
- hh = (struct ipaccess_head *) msg->data;
+ DEBUGP(DMSC, "MSG from BSC: %s proto: %d\n", hexdump(msg->data, msg->len), msg->l2h[0]);
/* Handle messages from the BSC */
/* FIXME: Currently no PONG is sent to the BSC */
/* FIXME: Currently no ID ACK is sent to the BSC */
- if (hh->proto == IPAC_PROTO_SCCP)
- forward_sccp_to_msc(msg);
+ forward_sccp_to_msc(msg);
return 0;
}