diff options
-rw-r--r-- | openbsc/src/nat/bsc_nat_utils.c | 13 | ||||
-rw-r--r-- | openbsc/tests/bsc-nat/bsc_nat_test.c | 19 |
2 files changed, 25 insertions, 7 deletions
diff --git a/openbsc/src/nat/bsc_nat_utils.c b/openbsc/src/nat/bsc_nat_utils.c index b295f3512..c1e3c9828 100644 --- a/openbsc/src/nat/bsc_nat_utils.c +++ b/openbsc/src/nat/bsc_nat_utils.c @@ -320,8 +320,8 @@ static int auth_imsi(struct bsc_connection *bsc, const char *mi_string) { /* * Now apply blacklist/whitelist of the BSC and the NAT. - * 1.) Reject if the IMSI is not allowed at the BSC - * 2.) Allow directly if the IMSI is allowed at the BSC + * 1.) Allow directly if the IMSI is allowed at the BSC + * 2.) Reject if the IMSI is not allowed at the BSC * 3.) Reject if the IMSI not allowed at the global level. * 4.) Allow directly if the IMSI is allowed at the global level */ @@ -333,7 +333,11 @@ static int auth_imsi(struct bsc_connection *bsc, const char *mi_string) if (bsc_lst) { - /* 1. BSC deny */ + /* 1. BSC allow */ + if (lst_check_allow(bsc_lst, mi_string) == 0) + return 1; + + /* 2. BSC deny */ if (lst_check_deny(bsc_lst, mi_string) == 0) { LOGP(DNAT, LOGL_ERROR, "Filtering %s by imsi_deny on bsc nr: %d.\n", mi_string, bsc->cfg->nr); @@ -341,9 +345,6 @@ static int auth_imsi(struct bsc_connection *bsc, const char *mi_string) return -2; } - /* 2. BSC allow */ - if (lst_check_allow(bsc_lst, mi_string) == 0) - return 1; } /* 3. NAT deny */ diff --git a/openbsc/tests/bsc-nat/bsc_nat_test.c b/openbsc/tests/bsc-nat/bsc_nat_test.c index f82b4db5f..75bd80384 100644 --- a/openbsc/tests/bsc-nat/bsc_nat_test.c +++ b/openbsc/tests/bsc-nat/bsc_nat_test.c @@ -657,12 +657,29 @@ static struct cr_filter cr_filter[] = { /* filter as deny is first */ .data = bss_lu, .length = sizeof(bss_lu), - .result = -2, + .result = 1, .bsc_imsi_deny = "[0-9]*", .bsc_imsi_allow = "[0-9]*", .nat_imsi_deny = "[0-9]*", .contype = NAT_CON_TYPE_LU, }, + { + /* deny by nat rule */ + .data = bss_lu, + .length = sizeof(bss_lu), + .result = -3, + .bsc_imsi_deny = "000[0-9]*", + .nat_imsi_deny = "[0-9]*", + .contype = NAT_CON_TYPE_LU, + }, + { + /* deny by bsc rule */ + .data = bss_lu, + .length = sizeof(bss_lu), + .result = -2, + .bsc_imsi_deny = "[0-9]*", + .contype = NAT_CON_TYPE_LU, + }, }; |