From 1fd60631f7ef329cc18df07dab0171f2ae23b677 Mon Sep 17 00:00:00 2001 From: Holger Hans Peter Freyther Date: Tue, 19 Oct 2010 20:55:33 +0200 Subject: nat: Change the order of the DENY/ALLOW rule for the BSC. Currently it is not is not easily possible to disable everyone and then only allow certain SIMs. By changing the order we can do: access-list imsi-deny only-something ^[0-9]*$ access-list imsi-allow only-something ^123[0-9]*$ and still keep the usecase of only forbidding certain SIMs on certain LACs. Adjust test case, test that the other cases are still functional. --- openbsc/src/nat/bsc_nat_utils.c | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) (limited to 'openbsc/src') diff --git a/openbsc/src/nat/bsc_nat_utils.c b/openbsc/src/nat/bsc_nat_utils.c index b295f3512..c1e3c9828 100644 --- a/openbsc/src/nat/bsc_nat_utils.c +++ b/openbsc/src/nat/bsc_nat_utils.c @@ -320,8 +320,8 @@ static int auth_imsi(struct bsc_connection *bsc, const char *mi_string) { /* * Now apply blacklist/whitelist of the BSC and the NAT. - * 1.) Reject if the IMSI is not allowed at the BSC - * 2.) Allow directly if the IMSI is allowed at the BSC + * 1.) Allow directly if the IMSI is allowed at the BSC + * 2.) Reject if the IMSI is not allowed at the BSC * 3.) Reject if the IMSI not allowed at the global level. * 4.) Allow directly if the IMSI is allowed at the global level */ @@ -333,7 +333,11 @@ static int auth_imsi(struct bsc_connection *bsc, const char *mi_string) if (bsc_lst) { - /* 1. BSC deny */ + /* 1. BSC allow */ + if (lst_check_allow(bsc_lst, mi_string) == 0) + return 1; + + /* 2. BSC deny */ if (lst_check_deny(bsc_lst, mi_string) == 0) { LOGP(DNAT, LOGL_ERROR, "Filtering %s by imsi_deny on bsc nr: %d.\n", mi_string, bsc->cfg->nr); @@ -341,9 +345,6 @@ static int auth_imsi(struct bsc_connection *bsc, const char *mi_string) return -2; } - /* 2. BSC allow */ - if (lst_check_allow(bsc_lst, mi_string) == 0) - return 1; } /* 3. NAT deny */ -- cgit v1.2.3