From f192498885fe1f6776f9056aa4ec934418f8423b Mon Sep 17 00:00:00 2001 From: Holger Hans Peter Freyther Date: Sat, 15 May 2010 23:54:04 +0800 Subject: [nat] Parse the PAGING RESPONSE inside a CR message as well. Now we are parsing a CM Service Request, Location Updating Request and the Paging Response. For all other messages we claim to not support it and force a refuse. --- openbsc/src/nat/bsc_nat_utils.c | 30 +++++++++++++++++++++++++++++- openbsc/tests/bsc-nat/bsc_nat_test.c | 16 ++++++++++++++++ 2 files changed, 45 insertions(+), 1 deletion(-) diff --git a/openbsc/src/nat/bsc_nat_utils.c b/openbsc/src/nat/bsc_nat_utils.c index 49095007d..d30c8c6c9 100644 --- a/openbsc/src/nat/bsc_nat_utils.c +++ b/openbsc/src/nat/bsc_nat_utils.c @@ -303,6 +303,29 @@ static int _cr_check_cm_serv_req(struct bsc_connection *bsc, uint8_t *data, unsi return auth_imsi(bsc, mi_string); } +static int _cr_check_pag_resp(struct bsc_connection *bsc, uint8_t *data, unsigned int length) +{ + struct gsm48_pag_resp *resp; + char mi_string[GSM48_MI_SIZE]; + u_int8_t mi_type; + + if (length < sizeof(*resp)) { + LOGP(DNAT, LOGL_ERROR, "PAG RESP does not fit. Length was %d.\n", length); + return -1; + } + + resp = (struct gsm48_pag_resp *) data; + if (gsm48_paging_extract_mi(resp, length, mi_string, &mi_type) < 0) { + LOGP(DNAT, LOGL_ERROR, "Failed to extract the MI.\n"); + return -1; + } + + /* we need to let it pass for now */ + if (mi_type != GSM_MI_TYPE_IMSI) + return 0; + + return auth_imsi(bsc, mi_string); +} /* Filter out CR data... */ int bsc_nat_filter_sccp_cr(struct bsc_connection *bsc, struct msgb *msg, struct bsc_nat_parsed *parsed) @@ -351,8 +374,13 @@ int bsc_nat_filter_sccp_cr(struct bsc_connection *bsc, struct msgb *msg, struct } else if (hdr48->proto_discr == GSM48_PDISC_MM && hdr48->msg_type == GSM48_MT_MM_CM_SERV_REQ) { return _cr_check_cm_serv_req(bsc, &hdr48->data[0], hdr48_len - sizeof(*hdr48)); + } else if (hdr48->proto_discr == GSM48_PDISC_RR && + hdr48->msg_type == GSM48_MT_RR_PAG_RESP) { + return _cr_check_pag_resp(bsc, &hdr48->data[0], hdr48_len - sizeof(*hdr48)); } else { - return 0; + LOGP(DNAT, LOGL_ERROR, "Unknown GSM48 content: proto: %d msg: %d\n", + hdr48->proto_discr, hdr48->msg_type); + return -1; } } diff --git a/openbsc/tests/bsc-nat/bsc_nat_test.c b/openbsc/tests/bsc-nat/bsc_nat_test.c index 0d6548765..0ccd23f66 100644 --- a/openbsc/tests/bsc-nat/bsc_nat_test.c +++ b/openbsc/tests/bsc-nat/bsc_nat_test.c @@ -119,6 +119,17 @@ static const u_int8_t bss_lu[] = { 0x12, 0x03, 0x24, 0x01, 0x95, 0x00 }; +/* paging response */ +static const uint8_t pag_resp[] = { + 0x00, 0x2c, 0xfd, 0x01, 0xe5, 0x68, + 0x14, 0x02, 0x02, 0x04, 0x02, 0x42, 0xfe, 0x0f, + 0x1f, 0x00, 0x1d, 0x57, 0x05, 0x08, 0x00, 0x72, + 0xf4, 0x80, 0x20, 0x16, 0xc3, 0x50, 0x17, 0x10, + 0x06, 0x27, 0x01, 0x03, 0x30, 0x18, 0x96, 0x08, + 0x29, 0x26, 0x30, 0x32, 0x11, 0x42, 0x01, 0x19, + 0x00 +}; + struct filter_result { const u_int8_t *data; const u_int16_t length; @@ -572,6 +583,11 @@ static struct cr_filter cr_filter[] = { .length = sizeof(bss_lu), .result = 0, }, + { + .data = pag_resp, + .length = sizeof(pag_resp), + .result = 0, + }, { /* nat deny is before blank/null BSC */ .data = bss_lu, -- cgit v1.2.3