diff options
| author | Holger Hans Peter Freyther <zecke@selfish.org> | 2010-01-30 11:53:30 +0100 |
|---|---|---|
| committer | Holger Hans Peter Freyther <zecke@selfish.org> | 2010-06-15 20:24:06 +0800 |
| commit | 1d6fb18b57f5c04f768262a4f7dfabdadf7a54b1 (patch) | |
| tree | 2cbb09e2516ea9c6e9d084de6032e88712140f1d /openbsc/src/nat/bsc_filter.c | |
| parent | 0b8f69d83957924ac9150693140c31a77a21476a (diff) | |
[nat] Specify the direction of the message
Do not run into the situation where we need to filter in one
direction but it should not be filtered..
Diffstat (limited to 'openbsc/src/nat/bsc_filter.c')
| -rw-r--r-- | openbsc/src/nat/bsc_filter.c | 29 |
1 files changed, 22 insertions, 7 deletions
diff --git a/openbsc/src/nat/bsc_filter.c b/openbsc/src/nat/bsc_filter.c index 0727b33e6..ad2f6138f 100644 --- a/openbsc/src/nat/bsc_filter.c +++ b/openbsc/src/nat/bsc_filter.c @@ -39,6 +39,11 @@ #define ALLOW_ANY -1 +#define FILTER_TO_BSC 1 +#define FILTER_TO_MSC 2 +#define FILTER_TO_BOTH 3 + + struct bsc_pkt_filter { int ipa_proto; int dest_ssn; @@ -60,7 +65,7 @@ static struct bsc_pkt_filter black_list[] = { static struct bsc_pkt_filter white_list[] = { /* allow IPAC_PROTO_SCCP messages to both sides */ - { IPAC_PROTO_SCCP, ALLOW_ANY, ALLOW_ANY, ALLOW_ANY, FILTER_NONE }, + { IPAC_PROTO_SCCP, ALLOW_ANY, ALLOW_ANY, ALLOW_ANY, FILTER_TO_BOTH }, }; struct bsc_nat_parsed* bsc_nat_parse(struct msgb *msg) @@ -117,12 +122,17 @@ struct bsc_nat_parsed* bsc_nat_parse(struct msgb *msg) return parsed; } -int bsc_nat_filter_ipa(struct msgb *msg, struct bsc_nat_parsed *parsed) +int bsc_nat_filter_ipa(int dir, struct msgb *msg, struct bsc_nat_parsed *parsed) { int i; /* go through the blacklist now */ for (i = 0; i < ARRAY_SIZE(black_list); ++i) { + /* ignore the rule? */ + if (black_list[i].filter_dir != FILTER_TO_BOTH + && black_list[i].filter_dir != dir) + continue; + /* the proto is not blacklisted */ if (black_list[i].ipa_proto != ALLOW_ANY && black_list[i].ipa_proto != parsed->ipa_proto) @@ -146,16 +156,21 @@ int bsc_nat_filter_ipa(struct msgb *msg, struct bsc_nat_parsed *parsed) /* blacklisted */ LOGP(DNAT, LOGL_NOTICE, "Blacklisted with rule %d\n", i); - return black_list[i].filter_dir; + return 1; } else { /* blacklisted, we have no content sniffing yet */ LOGP(DNAT, LOGL_NOTICE, "Blacklisted with rule %d\n", i); - return black_list[i].filter_dir; + return 1; } } /* go through the whitelust now */ for (i = 0; i < ARRAY_SIZE(white_list); ++i) { + /* ignore the rule? */ + if (white_list[i].filter_dir != FILTER_TO_BOTH + && white_list[i].filter_dir != dir) + continue; + /* the proto is not whitelisted */ if (white_list[i].ipa_proto != ALLOW_ANY && white_list[i].ipa_proto != parsed->ipa_proto) @@ -179,12 +194,12 @@ int bsc_nat_filter_ipa(struct msgb *msg, struct bsc_nat_parsed *parsed) /* whitelisted */ LOGP(DNAT, LOGL_NOTICE, "Whitelisted with rule %d\n", i); - return FILTER_NONE; + return 0; } else { /* whitelisted */ - return FILTER_NONE; + return 0; } } - return FILTER_TO_BOTH; + return 1; } |