[nat] Add a bsc_filter.c which will carry out the analysis and filtering
The first part is to analyze the IP Access Header and only forward
SCCP messages for now. In the future we might want to do MGCP
signalling through this protocol and connection as well and need to
update this then.
diff --git a/openbsc/include/openbsc/bsc_nat.h b/openbsc/include/openbsc/bsc_nat.h
new file mode 100644
index 0000000..ea30cae
--- /dev/null
+++ b/openbsc/include/openbsc/bsc_nat.h
@@ -0,0 +1,33 @@
+/*
+ * (C) 2010 by Holger Hans Peter Freyther <zecke@selfish.org>
+ * (C) 2010 by on-waves.com
+ * All Rights Reserved
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ */
+
+#ifndef BSC_NAT_H
+#define BSC_NAT_H
+
+#include <sys/types.h>
+#include "msgb.h"
+
+/**
+ * filter based on IP Access header in both directions
+ */
+int bsc_nat_filter_ipa(struct msgb *msg);
+
+#endif
diff --git a/openbsc/src/nat/bsc_filter.c b/openbsc/src/nat/bsc_filter.c
new file mode 100644
index 0000000..5c59f39
--- /dev/null
+++ b/openbsc/src/nat/bsc_filter.c
@@ -0,0 +1,34 @@
+/* BSC Multiplexer/NAT */
+
+/*
+ * (C) 2010 by Holger Hans Peter Freyther <zecke@selfish.org>
+ * (C) 2010 by on-waves.com
+ * All Rights Reserved
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ */
+
+#include <openbsc/bsc_nat.h>
+#include <openbsc/ipaccess.h>
+
+int bsc_nat_filter_ipa(struct msgb *msg)
+{
+ struct ipaccess_head *hh;
+
+ /* handle base message handling */
+ hh = (struct ipaccess_head *) msg->data;
+ return hh->proto == IPAC_PROTO_IPACCESS;
+}
diff --git a/openbsc/src/nat/bsc_nat.c b/openbsc/src/nat/bsc_nat.c
index 6aed7c9..98eaa97 100644
--- a/openbsc/src/nat/bsc_nat.c
+++ b/openbsc/src/nat/bsc_nat.c
@@ -38,11 +38,14 @@
#include <openbsc/debug.h>
#include <openbsc/msgb.h>
#include <openbsc/bsc_msc.h>
+#include <openbsc/bsc_nat.h>
#include <openbsc/ipaccess.h>
#include <openbsc/abis_nm.h>
#include <openbsc/talloc.h>
#include <openbsc/linuxlist.h>
+#include <sccp/sccp.h>
+
static const char *config_file = "openbsc.cfg";
static char *msc_address = "127.0.0.1";
static struct in_addr local_addr;
@@ -65,6 +68,7 @@
static LLIST_HEAD(bsc_connections);
+
/*
* below are stubs we need to link
*/
@@ -101,6 +105,10 @@
/* filter, drop, patch the message? */
+ /* drop packets with the wrong IPA header */
+ if (bsc_nat_filter_ipa(msg))
+ return;
+
/* currently send this to every BSC connected */
llist_for_each_entry(bsc, &bsc_connections, list_entry) {
write(bsc->bsc_fd.fd, msg->data, msg->len);
@@ -160,6 +168,10 @@
{
/* FIXME: We need to filter out certain messages */
+ /* drop packets with the wrong IPA header */
+ if (bsc_nat_filter_ipa(msg))
+ return 0;
+
/* send the non-filtered but maybe modified msg */
return write(msc_connection.fd, msg->data, msg->len);
}
@@ -168,7 +180,6 @@
{
int error;
struct msgb *msg = ipaccess_read_msg(bfd, &error);
- struct ipaccess_head *hh;
if (!msg) {
if (error == 0) {
@@ -180,16 +191,13 @@
return -1;
}
- DEBUGP(DMSC, "MSG from BSC: %s proto: %d\n", hexdump(msg->data, msg->len), msg->l2h[0]);
- /* handle base message handling */
- hh = (struct ipaccess_head *) msg->data;
+ DEBUGP(DMSC, "MSG from BSC: %s proto: %d\n", hexdump(msg->data, msg->len), msg->l2h[0]);
/* Handle messages from the BSC */
/* FIXME: Currently no PONG is sent to the BSC */
/* FIXME: Currently no ID ACK is sent to the BSC */
- if (hh->proto == IPAC_PROTO_SCCP)
- forward_sccp_to_msc(msg);
+ forward_sccp_to_msc(msg);
return 0;
}