Merge branch 'on-waves/merge-nat'
diff --git a/openbsc/configure.in b/openbsc/configure.in
index d2fd67a..ef95920 100644
--- a/openbsc/configure.in
+++ b/openbsc/configure.in
@@ -54,10 +54,12 @@
src/Makefile
src/ipaccess/Makefile
src/gprs/Makefile
+ src/nat/Makefile
tests/Makefile
tests/debug/Makefile
tests/gsm0408/Makefile
tests/db/Makefile
tests/channel/Makefile
tests/sccp/Makefile
+ tests/bsc-nat/Makefile
Makefile)
diff --git a/openbsc/include/openbsc/Makefile.am b/openbsc/include/openbsc/Makefile.am
index 5957d71..465b21a 100644
--- a/openbsc/include/openbsc/Makefile.am
+++ b/openbsc/include/openbsc/Makefile.am
@@ -9,7 +9,7 @@
vty.h socket.h \
crc24.h gprs_bssgp.h gprs_llc.h gprs_ns.h gprs_gmm.h \
gb_proxy.h gprs_sgsn.h gsm_04_08_gprs.h sgsn.h \
- gprs_ns_frgre.h auth.h osmo_msc.h
+ gprs_ns_frgre.h auth.h osmo_msc.h bsc_msc.h bsc_nat.h
openbsc_HEADERS = gsm_04_08.h meas_rep.h bsc_api.h
openbscdir = $(includedir)/openbsc
diff --git a/openbsc/include/openbsc/bsc_msc.h b/openbsc/include/openbsc/bsc_msc.h
new file mode 100644
index 0000000..faf6faa
--- /dev/null
+++ b/openbsc/include/openbsc/bsc_msc.h
@@ -0,0 +1,51 @@
+/* Routines to talk to the MSC using the IPA Protocol */
+/*
+ * (C) 2010 by Holger Hans Peter Freyther <zecke@selfish.org>
+ * (C) 2010 by On-Waves
+ * All Rights Reserved
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ */
+
+#ifndef BSC_MSC_H
+#define BSC_MSC_H
+
+#include <osmocore/write_queue.h>
+#include <osmocore/timer.h>
+
+struct bsc_msc_connection {
+ struct write_queue write_queue;
+ int is_connected;
+ int is_authenticated;
+ const char *ip;
+ int port;
+ int prio;
+
+ void (*connection_loss) (struct bsc_msc_connection *);
+ void (*connected) (struct bsc_msc_connection *);
+ struct timer_list reconnect_timer;
+ struct timer_list timeout_timer;
+};
+
+struct bsc_msc_connection *bsc_msc_create(const char *ip, int port, int prio);
+int bsc_msc_connect(struct bsc_msc_connection *);
+void bsc_msc_schedule_connect(struct bsc_msc_connection *);
+
+void bsc_msc_lost(struct bsc_msc_connection *);
+
+struct msgb *bsc_msc_id_get_resp(const char *token);
+
+#endif
diff --git a/openbsc/include/openbsc/bsc_nat.h b/openbsc/include/openbsc/bsc_nat.h
new file mode 100644
index 0000000..cb0f761
--- /dev/null
+++ b/openbsc/include/openbsc/bsc_nat.h
@@ -0,0 +1,338 @@
+/*
+ * (C) 2010 by Holger Hans Peter Freyther <zecke@selfish.org>
+ * (C) 2010 by On-Waves
+ * All Rights Reserved
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ */
+
+#ifndef BSC_NAT_H
+#define BSC_NAT_H
+
+#include "mgcp.h"
+
+#include <sys/types.h>
+#include <sccp/sccp_types.h>
+
+#include <osmocore/select.h>
+#include <osmocore/msgb.h>
+#include <osmocore/timer.h>
+#include <osmocore/write_queue.h>
+#include <osmocore/statistics.h>
+
+#include <regex.h>
+
+#define DIR_BSC 1
+#define DIR_MSC 2
+
+#define NAT_IPAC_PROTO_MGCP 0xfc
+
+struct bsc_nat;
+
+enum {
+ NAT_CON_TYPE_NONE,
+ NAT_CON_TYPE_LU,
+ NAT_CON_TYPE_CM_SERV_REQ,
+ NAT_CON_TYPE_PAG_RESP,
+ NAT_CON_TYPE_LOCAL_REJECT,
+ NAT_CON_TYPE_OTHER,
+};
+
+/*
+ * For the NAT we will need to analyze and later patch
+ * the received message. This would require us to parse
+ * the IPA and SCCP header twice. Instead of doing this
+ * we will have one analyze structure and have the patching
+ * and filter operate on the same structure.
+ */
+struct bsc_nat_parsed {
+ /* ip access prototype */
+ int ipa_proto;
+
+ /* source local reference */
+ struct sccp_source_reference *src_local_ref;
+
+ /* destination local reference */
+ struct sccp_source_reference *dest_local_ref;
+
+ /* called ssn number */
+ int called_ssn;
+
+ /* calling ssn number */
+ int calling_ssn;
+
+ /* sccp message type */
+ int sccp_type;
+
+ /* bssap type, e.g. 0 for BSS Management */
+ int bssap;
+
+ /* the gsm0808 message type */
+ int gsm_type;
+};
+
+/*
+ * Per BSC data structure
+ */
+struct bsc_connection {
+ struct llist_head list_entry;
+
+ /* do we know anything about this BSC? */
+ int authenticated;
+
+ /* the fd we use to communicate */
+ struct write_queue write_queue;
+
+ /* the BSS associated */
+ struct bsc_config *cfg;
+
+ /* a timeout node */
+ struct timer_list id_timeout;
+
+ /* pong timeout */
+ struct timer_list ping_timeout;
+ struct timer_list pong_timeout;
+
+ /* a back pointer */
+ struct bsc_nat *nat;
+};
+
+/*
+ * Per SCCP source local reference patch table. It needs to
+ * be updated on new SCCP connections, connection confirm and reject,
+ * and on the loss of the BSC connection.
+ */
+struct sccp_connections {
+ struct llist_head list_entry;
+
+ struct bsc_connection *bsc;
+
+ struct sccp_source_reference real_ref;
+ struct sccp_source_reference patched_ref;
+ struct sccp_source_reference remote_ref;
+ int has_remote_ref;
+
+ /* status */
+ int con_type;
+ int con_local;
+
+ /* GSM audio handling. That is 32 * multiplex + ts */
+ int crcx;
+ int msc_timeslot;
+ int bsc_timeslot;
+
+ /* timeout handling */
+ struct timespec creation_time;
+};
+
+/**
+ * Stats per BSC
+ */
+struct bsc_config_stats {
+ struct {
+ struct counter *conn;
+ struct counter *calls;
+ } sccp;
+
+ struct {
+ struct counter *reconn;
+ } net;
+};
+
+/**
+ * One BSC entry in the config
+ */
+struct bsc_config {
+ struct llist_head entry;
+
+ char *token;
+ unsigned int lac;
+ int nr;
+
+ char *description;
+
+ /* imsi white and blacklist */
+ char *acc_lst_name;
+
+ int forbid_paging;
+
+ /* backpointer */
+ struct bsc_nat *nat;
+
+ struct bsc_config_stats stats;
+};
+
+/**
+ * BSCs point of view of endpoints
+ */
+struct bsc_endpoint {
+ /* the pending transaction id */
+ char *transaction_id;
+ /* the bsc we are talking to */
+ struct bsc_connection *bsc;
+};
+
+/**
+ * Statistic for the nat.
+ */
+struct bsc_nat_statistics {
+ struct {
+ struct counter *conn;
+ struct counter *calls;
+ } sccp;
+
+ struct {
+ struct counter *reconn;
+ struct counter *auth_fail;
+ } bsc;
+
+ struct {
+ struct counter *reconn;
+ } msc;
+};
+
+struct bsc_nat_acc_lst {
+ struct llist_head list;
+
+ /* the name of the list */
+ const char *name;
+ struct llist_head fltr_list;
+};
+
+struct bsc_nat_acc_lst_entry {
+ struct llist_head list;
+
+ /* the filter */
+ char *imsi_allow;
+ regex_t imsi_allow_re;
+ char *imsi_deny;
+ regex_t imsi_deny_re;
+};
+
+/**
+ * the structure of the "nat" network
+ */
+struct bsc_nat {
+ /* active SCCP connections that need patching */
+ struct llist_head sccp_connections;
+
+ /* active BSC connections that need patching */
+ struct llist_head bsc_connections;
+
+ /* access lists */
+ struct llist_head access_lists;
+
+ /* known BSC's */
+ struct llist_head bsc_configs;
+ int num_bsc;
+ int bsc_ip_tos;
+
+ /* MGCP config */
+ struct mgcp_config *mgcp_cfg;
+ struct write_queue mgcp_queue;
+ u_int8_t mgcp_msg[4096];
+ int mgcp_length;
+
+ /* msc things */
+ char *msc_ip;
+ int msc_port;
+ int first_contact;
+ struct bsc_msc_connection *msc_con;
+ char *token;
+
+ /* timeouts */
+ int auth_timeout;
+ int ping_timeout;
+ int pong_timeout;
+
+ struct bsc_endpoint *bsc_endpoints;
+
+ /* filter */
+ char *acc_lst_name;
+
+ /* statistics */
+ struct bsc_nat_statistics stats;
+};
+
+/* create and init the structures */
+struct bsc_config *bsc_config_alloc(struct bsc_nat *nat, const char *token, unsigned int lac);
+struct bsc_config *bsc_config_num(struct bsc_nat *nat, int num);
+struct bsc_nat *bsc_nat_alloc(void);
+struct bsc_connection *bsc_connection_alloc(struct bsc_nat *nat);
+void bsc_nat_set_msc_ip(struct bsc_nat *bsc, const char *ip);
+
+void sccp_connection_destroy(struct sccp_connections *);
+void bsc_close_connection(struct bsc_connection *);
+
+const char *bsc_con_type_to_string(int type);
+
+/**
+ * parse the given message into the above structure
+ */
+struct bsc_nat_parsed *bsc_nat_parse(struct msgb *msg);
+
+/**
+ * filter based on IP Access header in both directions
+ */
+int bsc_nat_filter_ipa(int direction, struct msgb *msg, struct bsc_nat_parsed *parsed);
+int bsc_nat_vty_init(struct bsc_nat *nat);
+struct bsc_connection *bsc_nat_find_bsc(struct bsc_nat *nat, struct msgb *msg, int *_lac);
+
+/**
+ * Content filtering.
+ */
+int bsc_nat_filter_sccp_cr(struct bsc_connection *bsc, struct msgb *msg,
+ struct bsc_nat_parsed *, int *con_type);
+
+/**
+ * SCCP patching and handling
+ */
+struct sccp_connections *create_sccp_src_ref(struct bsc_connection *bsc, struct bsc_nat_parsed *parsed);
+int update_sccp_src_ref(struct sccp_connections *sccp, struct bsc_nat_parsed *parsed);
+void remove_sccp_src_ref(struct bsc_connection *bsc, struct msgb *msg, struct bsc_nat_parsed *parsed);
+struct sccp_connections *patch_sccp_src_ref_to_bsc(struct msgb *, struct bsc_nat_parsed *, struct bsc_nat *);
+struct sccp_connections *patch_sccp_src_ref_to_msc(struct msgb *, struct bsc_nat_parsed *, struct bsc_connection *);
+
+/**
+ * MGCP/Audio handling
+ */
+int bsc_write_mgcp(struct bsc_connection *bsc, const u_int8_t *data, unsigned int length);
+int bsc_mgcp_assign(struct sccp_connections *, struct msgb *msg);
+void bsc_mgcp_init(struct sccp_connections *);
+void bsc_mgcp_dlcx(struct sccp_connections *);
+void bsc_mgcp_free_endpoints(struct bsc_nat *nat);
+int bsc_mgcp_nat_init(struct bsc_nat *nat);
+
+struct sccp_connections *bsc_mgcp_find_con(struct bsc_nat *, int endpoint_number);
+struct msgb *bsc_mgcp_rewrite(char *input, int length, const char *ip, int port);
+void bsc_mgcp_forward(struct bsc_connection *bsc, struct msgb *msg);
+
+void bsc_mgcp_clear_endpoints_for(struct bsc_connection *bsc);
+int bsc_mgcp_parse_response(const char *str, int *code, char transaction[60]);
+int bsc_mgcp_extract_ci(const char *resp);
+
+
+int bsc_write(struct bsc_connection *bsc, struct msgb *msg, int id);
+
+/* IMSI allow/deny handling */
+void bsc_parse_reg(void *ctx, regex_t *reg, char **imsi, int argc, const char **argv);
+struct bsc_nat_acc_lst *bsc_nat_acc_lst_find(struct bsc_nat *nat, const char *name);
+struct bsc_nat_acc_lst *bsc_nat_acc_lst_get(struct bsc_nat *nat, const char *name);
+void bsc_nat_acc_lst_delete(struct bsc_nat_acc_lst *lst);
+
+struct bsc_nat_acc_lst_entry *bsc_nat_acc_lst_entry_create(struct bsc_nat_acc_lst *);
+
+#endif
diff --git a/openbsc/include/openbsc/debug.h b/openbsc/include/openbsc/debug.h
index 203aedb..eb290e4 100644
--- a/openbsc/include/openbsc/debug.h
+++ b/openbsc/include/openbsc/debug.h
@@ -34,6 +34,7 @@
DBSSGP,
DLLC,
DSNDCP,
+ DNAT,
Debug_LastEntry,
};
diff --git a/openbsc/include/openbsc/gsm_data.h b/openbsc/include/openbsc/gsm_data.h
index 4292bb1..f3f4ed3 100644
--- a/openbsc/include/openbsc/gsm_data.h
+++ b/openbsc/include/openbsc/gsm_data.h
@@ -677,6 +677,7 @@
struct {
enum rrlp_mode mode;
} rrlp;
+ int msc_prio;
};
#define SMS_HDR_SIZE 128
diff --git a/openbsc/include/openbsc/vty.h b/openbsc/include/openbsc/vty.h
index ed21e88..3346a2c 100644
--- a/openbsc/include/openbsc/vty.h
+++ b/openbsc/include/openbsc/vty.h
@@ -30,6 +30,8 @@
NS_NODE,
BSSGP_NODE,
OML_NODE,
+ NAT_NODE,
+ BSC_NODE,
};
#endif
diff --git a/openbsc/src/Makefile.am b/openbsc/src/Makefile.am
index 87cd0ea..2c92a86 100644
--- a/openbsc/src/Makefile.am
+++ b/openbsc/src/Makefile.am
@@ -3,10 +3,10 @@
AM_LDFLAGS = $(LIBOSMOCORE_LIBS)
# build current directory before building gprs
-SUBDIRS = . ipaccess gprs
+SUBDIRS = . ipaccess gprs nat
sbin_PROGRAMS = bsc_hack bs11_config isdnsync bsc_mgcp
-noinst_LIBRARIES = libbsc.a libmsc.a libvty.a libsccp.a
+noinst_LIBRARIES = libbsc.a libmsc.a libvty.a libsccp.a libmgcp.a
bscdir = $(libdir)
bsc_LIBRARIES = libsccp.a
@@ -30,6 +30,8 @@
libsccp_a_SOURCES = sccp/sccp.c
+libmgcp_a_SOURCES = mgcp/mgcp_protocol.c mgcp/mgcp_network.c mgcp/mgcp_vty.c
+
bsc_hack_SOURCES = bsc_hack.c bsc_init.c bsc_vty.c vty_interface_layer3.c
bsc_hack_LDADD = libmsc.a libbsc.a libvty.a libmsc.a \
-ldl -ldbi $(LIBCRYPT) $(LIBOSMOVTY_LIBS)
@@ -39,6 +41,5 @@
isdnsync_SOURCES = isdnsync.c
-bsc_mgcp_SOURCES = mgcp/mgcp_main.c mgcp/mgcp_protocol.c mgcp/mgcp_network.c mgcp/mgcp_vty.c \
- debug.c
-bsc_mgcp_LDADD = libvty.a $(LIBOSMOVTY_LIBS)
+bsc_mgcp_SOURCES = mgcp/mgcp_main.c debug.c
+bsc_mgcp_LDADD = libvty.a libmgcp.a $(LIBOSMOVTY_LIBS)
diff --git a/openbsc/src/bsc_msc.c b/openbsc/src/bsc_msc.c
new file mode 100644
index 0000000..42b4c20
--- /dev/null
+++ b/openbsc/src/bsc_msc.c
@@ -0,0 +1,270 @@
+/* Routines to talk to the MSC using the IPA Protocol */
+/*
+ * (C) 2010 by Holger Hans Peter Freyther <zecke@selfish.org>
+ * (C) 2010 by On-Waves
+ * All Rights Reserved
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ */
+
+#include <openbsc/bsc_msc.h>
+#include <openbsc/debug.h>
+#include <openbsc/ipaccess.h>
+
+#include <osmocore/write_queue.h>
+#include <osmocore/talloc.h>
+
+#include <arpa/inet.h>
+#include <sys/socket.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <stdio.h>
+#include <string.h>
+#include <unistd.h>
+
+static void connection_loss(struct bsc_msc_connection *con)
+{
+ struct bsc_fd *fd;
+
+ fd = &con->write_queue.bfd;
+
+ close(fd->fd);
+ fd->fd = -1;
+ fd->cb = write_queue_bfd_cb;
+ fd->when = 0;
+
+ con->is_connected = 0;
+ con->connection_loss(con);
+}
+
+static void msc_con_timeout(void *_con)
+{
+ struct bsc_msc_connection *con = _con;
+
+ LOGP(DMSC, LOGL_ERROR, "MSC Connection timeout.\n");
+ bsc_msc_lost(con);
+}
+
+static int bsc_msc_except(struct bsc_fd *bfd)
+{
+ struct write_queue *wrt;
+ struct bsc_msc_connection *con;
+
+ LOGP(DMSC, LOGL_ERROR, "Exception on the BFD. Closing down.\n");
+
+ wrt = container_of(bfd, struct write_queue, bfd);
+ con = container_of(wrt, struct bsc_msc_connection, write_queue);
+
+ connection_loss(con);
+ return 0;
+}
+
+/* called in the case of a non blocking connect */
+static int msc_connection_connect(struct bsc_fd *fd, unsigned int what)
+{
+ int rc;
+ int val;
+ struct bsc_msc_connection *con;
+ struct write_queue *queue;
+
+ socklen_t len = sizeof(val);
+
+ if ((what & BSC_FD_WRITE) == 0) {
+ LOGP(DMSC, LOGL_ERROR, "Callback but not readable.\n");
+ return -1;
+ }
+
+ queue = container_of(fd, struct write_queue, bfd);
+ con = container_of(queue, struct bsc_msc_connection, write_queue);
+
+ /* check the socket state */
+ rc = getsockopt(fd->fd, SOL_SOCKET, SO_ERROR, &val, &len);
+ if (rc != 0) {
+ LOGP(DMSC, LOGL_ERROR, "getsockopt for the MSC socket failed.\n");
+ goto error;
+ }
+ if (val != 0) {
+ LOGP(DMSC, LOGL_ERROR, "Not connected to the MSC: %d\n", val);
+ goto error;
+ }
+
+
+ /* go to full operation */
+ fd->cb = write_queue_bfd_cb;
+ fd->when = BSC_FD_READ | BSC_FD_EXCEPT;
+
+ con->is_connected = 1;
+ bsc_del_timer(&con->timeout_timer);
+ LOGP(DMSC, LOGL_NOTICE, "(Re)Connected to the MSC.\n");
+ if (con->connected)
+ con->connected(con);
+ return 0;
+
+error:
+ bsc_unregister_fd(fd);
+ connection_loss(con);
+ return -1;
+}
+static void setnonblocking(struct bsc_fd *fd)
+{
+ int flags;
+
+ flags = fcntl(fd->fd, F_GETFL);
+ if (flags < 0) {
+ perror("fcntl get failed");
+ close(fd->fd);
+ fd->fd = -1;
+ return;
+ }
+
+ flags |= O_NONBLOCK;
+ flags = fcntl(fd->fd, F_SETFL, flags);
+ if (flags < 0) {
+ perror("fcntl get failed");
+ close(fd->fd);
+ fd->fd = -1;
+ return;
+ }
+}
+
+int bsc_msc_connect(struct bsc_msc_connection *con)
+{
+ struct bsc_fd *fd;
+ struct sockaddr_in sin;
+ int on = 1, ret;
+
+ LOGP(DMSC, LOGL_NOTICE, "Attempting to connect MSC at %s:%d\n", con->ip, con->port);
+
+ con->is_connected = 0;
+
+ fd = &con->write_queue.bfd;
+ fd->fd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
+ fd->data = NULL;
+ fd->priv_nr = 1;
+
+ if (fd->fd < 0) {
+ perror("Creating TCP socket failed");
+ return fd->fd;
+ }
+
+ /* make it non blocking */
+ setnonblocking(fd);
+
+ /* set the socket priority */
+ ret = setsockopt(fd->fd, IPPROTO_IP, IP_TOS,
+ &con->prio, sizeof(con->prio));
+ if (ret != 0)
+ LOGP(DMSC, LOGL_ERROR, "Failed to set prio to %d. %s\n",
+ con->prio, strerror(errno));
+
+ memset(&sin, 0, sizeof(sin));
+ sin.sin_family = AF_INET;
+ sin.sin_port = htons(con->port);
+ inet_aton(con->ip, &sin.sin_addr);
+
+ setsockopt(fd->fd, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on));
+ ret = connect(fd->fd, (struct sockaddr *) &sin, sizeof(sin));
+
+ if (ret == -1 && errno == EINPROGRESS) {
+ LOGP(DMSC, LOGL_ERROR, "MSC Connection in progress\n");
+ fd->when = BSC_FD_WRITE;
+ fd->cb = msc_connection_connect;
+ con->timeout_timer.cb = msc_con_timeout;
+ con->timeout_timer.data = con;
+ bsc_schedule_timer(&con->timeout_timer, 20, 0);
+ } else if (ret < 0) {
+ perror("Connection failed");
+ connection_loss(con);
+ return ret;
+ } else {
+ fd->when = BSC_FD_READ | BSC_FD_EXCEPT;
+ fd->cb = write_queue_bfd_cb;
+ con->is_connected = 1;
+ if (con->connected)
+ con->connected(con);
+ }
+
+ ret = bsc_register_fd(fd);
+ if (ret < 0) {
+ perror("Registering the fd failed");
+ close(fd->fd);
+ return ret;
+ }
+
+ return ret;
+}
+
+struct bsc_msc_connection *bsc_msc_create(const char *ip, int port, int prio)
+{
+ struct bsc_msc_connection *con;
+
+ con = talloc_zero(NULL, struct bsc_msc_connection);
+ if (!con) {
+ LOGP(DMSC, LOGL_FATAL, "Failed to create the MSC connection.\n");
+ return NULL;
+ }
+
+ con->ip = ip;
+ con->port = port;
+ con->prio = prio;
+ write_queue_init(&con->write_queue, 100);
+ con->write_queue.except_cb = bsc_msc_except;
+ return con;
+}
+
+void bsc_msc_lost(struct bsc_msc_connection *con)
+{
+ write_queue_clear(&con->write_queue);
+ bsc_unregister_fd(&con->write_queue.bfd);
+ connection_loss(con);
+}
+
+static void reconnect_msc(void *_msc)
+{
+ struct bsc_msc_connection *con = _msc;
+
+ LOGP(DMSC, LOGL_NOTICE, "Attempting to reconnect to the MSC.\n");
+ bsc_msc_connect(con);
+}
+
+void bsc_msc_schedule_connect(struct bsc_msc_connection *con)
+{
+ LOGP(DMSC, LOGL_NOTICE, "Attempting to reconnect to the MSC.\n");
+ con->reconnect_timer.cb = reconnect_msc;
+ con->reconnect_timer.data = con;
+ bsc_schedule_timer(&con->reconnect_timer, 5, 0);
+}
+
+struct msgb *bsc_msc_id_get_resp(const char *token)
+{
+ struct msgb *msg;
+
+ if (!token) {
+ LOGP(DMSC, LOGL_ERROR, "No token specified.\n");
+ return NULL;
+ }
+
+ msg = msgb_alloc_headroom(4096, 128, "id resp");
+ if (!msg) {
+ LOGP(DMSC, LOGL_ERROR, "Failed to create the message.\n");
+ return NULL;
+ }
+
+ msg->l2h = msgb_v_put(msg, IPAC_MSGT_ID_RESP);
+ msgb_l16tv_put(msg, strlen(token) + 1,
+ IPAC_IDTAG_UNITNAME, (u_int8_t *) token);
+ return msg;
+}
\ No newline at end of file
diff --git a/openbsc/src/common_vty.c b/openbsc/src/common_vty.c
index 16d6815..ffa676d 100644
--- a/openbsc/src/common_vty.c
+++ b/openbsc/src/common_vty.c
@@ -28,6 +28,7 @@
#include <openbsc/gsm_data.h>
#include <openbsc/debug.h>
#include <openbsc/gsm_subscriber.h>
+#include <openbsc/bsc_nat.h>
#include <osmocom/vty/telnet_interface.h>
#include <osmocom/vty/command.h>
@@ -71,6 +72,17 @@
talloc_free(vty->index);
vty->index = NULL;
break;
+ case NAT_NODE:
+ vty->node = CONFIG_NODE;
+ vty->index = NULL;
+ break;
+ case BSC_NODE:
+ vty->node = NAT_NODE;
+ {
+ struct bsc_config *bsc_config = vty->index;
+ vty->index = bsc_config->nat;
+ }
+ break;
default:
vty->node = CONFIG_NODE;
}
@@ -114,11 +126,19 @@
vty->index_sub = &ts->trx->description;
}
break;
+ case BSC_NODE:
+ vty->node = NAT_NODE;
+ {
+ struct bsc_config *bsc_config = vty->index;
+ vty->index = bsc_config->nat;
+ }
+ break;
case MGCP_NODE:
case GBPROXY_NODE:
case SGSN_NODE:
case NS_NODE:
case BSSGP_NODE:
+ case NAT_NODE:
vty->node = CONFIG_NODE;
vty->index = NULL;
break;
diff --git a/openbsc/src/debug.c b/openbsc/src/debug.c
index 512935a..c701f50 100644
--- a/openbsc/src/debug.c
+++ b/openbsc/src/debug.c
@@ -171,6 +171,11 @@
.description = "GPRS Sub-Network Dependent Control Protocol (SNDCP)",
.enabled = 1, .loglevel = LOGL_DEBUG,
},
+ [DNAT] = {
+ .name = "DNAT",
+ .description = "GSM 08.08 NAT/Multipkexer",
+ .enabled = 1, .loglevel = LOGL_NOTICE,
+ },
};
enum log_filter {
diff --git a/openbsc/src/nat/Makefile.am b/openbsc/src/nat/Makefile.am
new file mode 100644
index 0000000..0ca3bdf
--- /dev/null
+++ b/openbsc/src/nat/Makefile.am
@@ -0,0 +1,13 @@
+INCLUDES = $(all_includes) -I$(top_srcdir)/include -I$(top_builddir)
+AM_CFLAGS=-Wall $(LIBOSMOCORE_CFLAGS) $(LIBOSMOVTY_CFLAGS)
+AM_LDFLAGS = $(LIBOSMOCORE_LIBS) $(LIBOSMOVTY_LIBS)
+
+bin_PROGRAMS = bsc_nat
+
+
+bsc_nat_SOURCES = bsc_filter.c bsc_mgcp_utils.c bsc_nat.c bsc_nat_utils.c \
+ bsc_nat_vty.c bsc_sccp.c \
+ $(top_srcdir)/src/debug.c $(top_srcdir)/src/bsc_msc.c
+bsc_nat_LDADD = $(top_builddir)/src/libvty.a $(top_builddir)/src/libsccp.a \
+ $(top_builddir)/src/libmgcp.a $(top_builddir)/src/libbsc.a \
+ -lrt
diff --git a/openbsc/src/nat/bsc_filter.c b/openbsc/src/nat/bsc_filter.c
new file mode 100644
index 0000000..8f79f00
--- /dev/null
+++ b/openbsc/src/nat/bsc_filter.c
@@ -0,0 +1,216 @@
+/* BSC Multiplexer/NAT */
+
+/*
+ * (C) 2010 by Holger Hans Peter Freyther <zecke@selfish.org>
+ * (C) 2010 by On-Waves
+ * All Rights Reserved
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ */
+
+#include <openbsc/bsc_nat.h>
+#include <openbsc/ipaccess.h>
+#include <openbsc/debug.h>
+
+#include <osmocore/talloc.h>
+#include <osmocore/protocol/gsm_08_08.h>
+
+#include <sccp/sccp.h>
+
+/*
+ * The idea is to have a simple struct describing a IPA packet with
+ * SCCP SSN and the GSM 08.08 payload and decide. We will both have
+ * a white and a blacklist of packets we want to handle.
+ *
+ * TODO: Implement a "NOT" in the filter language.
+ */
+
+#define ALLOW_ANY -1
+
+#define FILTER_TO_BSC 1
+#define FILTER_TO_MSC 2
+#define FILTER_TO_BOTH 3
+
+
+struct bsc_pkt_filter {
+ int ipa_proto;
+ int dest_ssn;
+ int bssap;
+ int gsm;
+ int filter_dir;
+};
+
+static struct bsc_pkt_filter black_list[] = {
+ /* filter reset messages to the MSC */
+ { IPAC_PROTO_SCCP, SCCP_SSN_BSSAP, 0, BSS_MAP_MSG_RESET, FILTER_TO_MSC },
+
+ /* filter reset ack messages to the BSC */
+ { IPAC_PROTO_SCCP, SCCP_SSN_BSSAP, 0, BSS_MAP_MSG_RESET_ACKNOWLEDGE, FILTER_TO_BSC },
+
+ /* filter ip access */
+ { IPAC_PROTO_IPACCESS, ALLOW_ANY, ALLOW_ANY, ALLOW_ANY, FILTER_TO_MSC },
+};
+
+static struct bsc_pkt_filter white_list[] = {
+ /* allow IPAC_PROTO_SCCP messages to both sides */
+ { IPAC_PROTO_SCCP, ALLOW_ANY, ALLOW_ANY, ALLOW_ANY, FILTER_TO_BOTH },
+
+ /* allow MGCP messages to both sides */
+ { NAT_IPAC_PROTO_MGCP, ALLOW_ANY, ALLOW_ANY, ALLOW_ANY, FILTER_TO_BOTH },
+};
+
+struct bsc_nat_parsed* bsc_nat_parse(struct msgb *msg)
+{
+ struct sccp_parse_result result;
+ struct bsc_nat_parsed *parsed;
+ struct ipaccess_head *hh;
+
+ /* quick fail */
+ if (msg->len < 4)
+ return NULL;
+
+ parsed = talloc_zero(msg, struct bsc_nat_parsed);
+ if (!parsed)
+ return NULL;
+
+ /* more init */
+ parsed->ipa_proto = parsed->called_ssn = parsed->calling_ssn = -1;
+ parsed->sccp_type = parsed->bssap = parsed->gsm_type = -1;
+
+ /* start parsing */
+ hh = (struct ipaccess_head *) msg->data;
+ parsed->ipa_proto = hh->proto;
+
+ msg->l2h = &hh->data[0];
+
+ /* do a size check on the input */
+ if (ntohs(hh->len) != msgb_l2len(msg)) {
+ LOGP(DINP, LOGL_ERROR, "Wrong input length?\n");
+ talloc_free(parsed);
+ return NULL;
+ }
+
+ /* analyze sccp down here */
+ if (parsed->ipa_proto == IPAC_PROTO_SCCP) {
+ memset(&result, 0, sizeof(result));
+ if (sccp_parse_header(msg, &result) != 0) {
+ talloc_free(parsed);
+ return 0;
+ }
+
+ if (msg->l3h && msgb_l3len(msg) < 3) {
+ LOGP(DNAT, LOGL_ERROR, "Not enough space or GSM payload\n");
+ talloc_free(parsed);
+ return 0;
+ }
+
+ parsed->sccp_type = sccp_determine_msg_type(msg);
+ parsed->src_local_ref = result.source_local_reference;
+ parsed->dest_local_ref = result.destination_local_reference;
+ parsed->called_ssn = result.called.ssn;
+ parsed->calling_ssn = result.calling.ssn;
+
+ /* in case of connection confirm we have no payload */
+ if (msg->l3h) {
+ parsed->bssap = msg->l3h[0];
+ parsed->gsm_type = msg->l3h[2];
+ }
+ }
+
+ return parsed;
+}
+
+int bsc_nat_filter_ipa(int dir, struct msgb *msg, struct bsc_nat_parsed *parsed)
+{
+ int i;
+
+ /* go through the blacklist now */
+ for (i = 0; i < ARRAY_SIZE(black_list); ++i) {
+ /* ignore the rule? */
+ if (black_list[i].filter_dir != FILTER_TO_BOTH
+ && black_list[i].filter_dir != dir)
+ continue;
+
+ /* the proto is not blacklisted */
+ if (black_list[i].ipa_proto != ALLOW_ANY
+ && black_list[i].ipa_proto != parsed->ipa_proto)
+ continue;
+
+ if (parsed->ipa_proto == IPAC_PROTO_SCCP) {
+ /* the SSN is not blacklisted */
+ if (black_list[i].dest_ssn != ALLOW_ANY
+ && black_list[i].dest_ssn != parsed->called_ssn)
+ continue;
+
+ /* bssap */
+ if (black_list[i].bssap != ALLOW_ANY
+ && black_list[i].bssap != parsed->bssap)
+ continue;
+
+ /* gsm */
+ if (black_list[i].gsm != ALLOW_ANY
+ && black_list[i].gsm != parsed->gsm_type)
+ continue;
+
+ /* blacklisted */
+ LOGP(DNAT, LOGL_INFO, "Blacklisted with rule %d\n", i);
+ return 1;
+ } else {
+ /* blacklisted, we have no content sniffing yet */
+ LOGP(DNAT, LOGL_INFO, "Blacklisted with rule %d\n", i);
+ return 1;
+ }
+ }
+
+ /* go through the whitelust now */
+ for (i = 0; i < ARRAY_SIZE(white_list); ++i) {
+ /* ignore the rule? */
+ if (white_list[i].filter_dir != FILTER_TO_BOTH
+ && white_list[i].filter_dir != dir)
+ continue;
+
+ /* the proto is not whitelisted */
+ if (white_list[i].ipa_proto != ALLOW_ANY
+ && white_list[i].ipa_proto != parsed->ipa_proto)
+ continue;
+
+ if (parsed->ipa_proto == IPAC_PROTO_SCCP) {
+ /* the SSN is not whitelisted */
+ if (white_list[i].dest_ssn != ALLOW_ANY
+ && white_list[i].dest_ssn != parsed->called_ssn)
+ continue;
+
+ /* bssap */
+ if (white_list[i].bssap != ALLOW_ANY
+ && white_list[i].bssap != parsed->bssap)
+ continue;
+
+ /* gsm */
+ if (white_list[i].gsm != ALLOW_ANY
+ && white_list[i].gsm != parsed->gsm_type)
+ continue;
+
+ /* whitelisted */
+ LOGP(DNAT, LOGL_INFO, "Whitelisted with rule %d\n", i);
+ return 0;
+ } else {
+ /* whitelisted */
+ return 0;
+ }
+ }
+
+ return 1;
+}
diff --git a/openbsc/src/nat/bsc_mgcp_utils.c b/openbsc/src/nat/bsc_mgcp_utils.c
new file mode 100644
index 0000000..5d24acf
--- /dev/null
+++ b/openbsc/src/nat/bsc_mgcp_utils.c
@@ -0,0 +1,559 @@
+/*
+ * (C) 2010 by Holger Hans Peter Freyther <zecke@selfish.org>
+ * (C) 2010 by On-Waves
+ * All Rights Reserved
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ */
+
+#include <openbsc/bsc_nat.h>
+#include <openbsc/gsm_data.h>
+#include <openbsc/debug.h>
+#include <openbsc/mgcp.h>
+#include <openbsc/mgcp_internal.h>
+
+#include <sccp/sccp.h>
+
+#include <osmocore/talloc.h>
+#include <osmocore/gsm0808.h>
+#include <osmocore/protocol/gsm_08_08.h>
+
+#include <netinet/in.h>
+#include <arpa/inet.h>
+
+#include <errno.h>
+#include <unistd.h>
+
+int bsc_mgcp_assign(struct sccp_connections *con, struct msgb *msg)
+{
+ struct sccp_connections *mcon;
+ struct tlv_parsed tp;
+ u_int16_t cic;
+ u_int8_t timeslot;
+ u_int8_t multiplex;
+ int combined;
+
+ if (!msg->l3h) {
+ LOGP(DNAT, LOGL_ERROR, "Assignment message should have l3h pointer.\n");
+ return -1;
+ }
+
+ if (msgb_l3len(msg) < 3) {
+ LOGP(DNAT, LOGL_ERROR, "Assignment message has not enough space for GSM0808.\n");
+ return -1;
+ }
+
+ tlv_parse(&tp, gsm0808_att_tlvdef(), msg->l3h + 3, msgb_l3len(msg) - 3, 0, 0);
+ if (!TLVP_PRESENT(&tp, GSM0808_IE_CIRCUIT_IDENTITY_CODE)) {
+ LOGP(DNAT, LOGL_ERROR, "Circuit identity code not found in assignment message.\n");
+ return -1;
+ }
+
+ cic = ntohs(*(u_int16_t *)TLVP_VAL(&tp, GSM0808_IE_CIRCUIT_IDENTITY_CODE));
+ timeslot = cic & 0x1f;
+ multiplex = (cic & ~0x1f) >> 5;
+
+
+ combined = (32 * multiplex) + timeslot;
+
+ /* find stale connections using that endpoint */
+ llist_for_each_entry(mcon, &con->bsc->nat->sccp_connections, list_entry) {
+ if (mcon->msc_timeslot == combined) {
+ LOGP(DNAT, LOGL_ERROR,
+ "Timeslot %d was assigned to 0x%x and now 0x%x\n",
+ combined,
+ sccp_src_ref_to_int(&mcon->patched_ref),
+ sccp_src_ref_to_int(&con->patched_ref));
+ bsc_mgcp_dlcx(mcon);
+ }
+ }
+
+ con->msc_timeslot = combined;
+ con->bsc_timeslot = con->msc_timeslot;
+ return 0;
+}
+
+static void bsc_mgcp_free_endpoint(struct bsc_nat *nat, int i)
+{
+ if (nat->bsc_endpoints[i].transaction_id) {
+ talloc_free(nat->bsc_endpoints[i].transaction_id);
+ nat->bsc_endpoints[i].transaction_id = NULL;
+ }
+
+ nat->bsc_endpoints[i].bsc = NULL;
+}
+
+void bsc_mgcp_free_endpoints(struct bsc_nat *nat)
+{
+ int i;
+
+ for (i = 1; i < nat->mgcp_cfg->number_endpoints; ++i){
+ bsc_mgcp_free_endpoint(nat, i);
+ mgcp_free_endp(&nat->mgcp_cfg->endpoints[i]);
+ }
+}
+
+/* send a MDCX where we do not want a response */
+static void bsc_mgcp_send_mdcx(struct bsc_connection *bsc, struct mgcp_endpoint *endp)
+{
+ char buf[2096];
+ int len;
+
+ len = snprintf(buf, sizeof(buf),
+ "MDCX 23 %x@mgw MGCP 1.0\r\n"
+ "Z: noanswer\r\n"
+ "\r\n"
+ "c=IN IP4 %s\r\n"
+ "m=audio %d RTP/AVP 255\r\n",
+ ENDPOINT_NUMBER(endp),
+ bsc->nat->mgcp_cfg->source_addr,
+ endp->rtp_port);
+ if (len < 0) {
+ LOGP(DMGCP, LOGL_ERROR, "snprintf for DLCX failed.\n");
+ return;
+ }
+}
+
+static void bsc_mgcp_send_dlcx(struct bsc_connection *bsc, int endpoint)
+{
+ char buf[2096];
+ int len;
+
+ len = snprintf(buf, sizeof(buf),
+ "DLCX 23 %x@mgw MGCP 1.0\r\n"
+ "Z: noanswer\r\n", endpoint);
+ if (len < 0) {
+ LOGP(DMGCP, LOGL_ERROR, "snprintf for DLCX failed.\n");
+ return;
+ }
+
+ bsc_write_mgcp(bsc, (u_int8_t *) buf, len);
+}
+
+void bsc_mgcp_init(struct sccp_connections *con)
+{
+ con->msc_timeslot = -1;
+ con->bsc_timeslot = -1;
+ con->crcx = 0;
+}
+
+void bsc_mgcp_dlcx(struct sccp_connections *con)
+{
+ /* send a DLCX down the stream */
+ if (con->bsc_timeslot != -1 && con->crcx) {
+ int endp = mgcp_timeslot_to_endpoint(0, con->msc_timeslot);
+ bsc_mgcp_send_dlcx(con->bsc, endp);
+ bsc_mgcp_free_endpoint(con->bsc->nat, endp);
+ }
+
+ bsc_mgcp_init(con);
+}
+
+
+struct sccp_connections *bsc_mgcp_find_con(struct bsc_nat *nat, int endpoint)
+{
+ struct sccp_connections *con = NULL;
+ struct sccp_connections *sccp;
+
+ llist_for_each_entry(sccp, &nat->sccp_connections, list_entry) {
+ if (sccp->msc_timeslot == -1)
+ continue;
+ if (mgcp_timeslot_to_endpoint(0, sccp->msc_timeslot) != endpoint)
+ continue;
+
+ con = sccp;
+ }
+
+ if (con)
+ return con;
+
+ LOGP(DMGCP, LOGL_ERROR, "Failed to find the connection.\n");
+ return NULL;
+}
+
+int bsc_mgcp_policy_cb(struct mgcp_config *cfg, int endpoint, int state, const char *transaction_id)
+{
+ struct bsc_nat *nat;
+ struct bsc_endpoint *bsc_endp;
+ struct sccp_connections *sccp;
+ struct mgcp_endpoint *mgcp_endp;
+ struct msgb *bsc_msg;
+
+ nat = cfg->data;
+ bsc_endp = &nat->bsc_endpoints[endpoint];
+ mgcp_endp = &nat->mgcp_cfg->endpoints[endpoint];
+
+ if (bsc_endp->transaction_id) {
+ LOGP(DMGCP, LOGL_ERROR, "Endpoint 0x%x had pending transaction: '%s'\n",
+ endpoint, bsc_endp->transaction_id);
+ talloc_free(bsc_endp->transaction_id);
+ bsc_endp->transaction_id = NULL;
+ }
+ bsc_endp->bsc = NULL;
+
+ sccp = bsc_mgcp_find_con(nat, endpoint);
+
+ if (!sccp) {
+ LOGP(DMGCP, LOGL_ERROR, "Did not find BSC for change on endpoint: 0x%x state: %d\n", endpoint, state);
+
+ switch (state) {
+ case MGCP_ENDP_CRCX:
+ return MGCP_POLICY_REJECT;
+ break;
+ case MGCP_ENDP_DLCX:
+ return MGCP_POLICY_CONT;
+ break;
+ case MGCP_ENDP_MDCX:
+ return MGCP_POLICY_CONT;
+ break;
+ default:
+ LOGP(DMGCP, LOGL_FATAL, "Unhandled state: %d\n", state);
+ return MGCP_POLICY_CONT;
+ break;
+ }
+ }
+
+ /* we need to generate a new and patched message */
+ bsc_msg = bsc_mgcp_rewrite((char *) nat->mgcp_msg, nat->mgcp_length,
+ nat->mgcp_cfg->source_addr, mgcp_endp->rtp_port);
+ if (!bsc_msg) {
+ LOGP(DMGCP, LOGL_ERROR, "Failed to patch the msg.\n");
+ return MGCP_POLICY_CONT;
+ }
+
+
+ bsc_endp->transaction_id = talloc_strdup(nat, transaction_id);
+ bsc_endp->bsc = sccp->bsc;
+
+ /* we need to update some bits */
+ if (state == MGCP_ENDP_CRCX) {
+ struct sockaddr_in sock;
+ socklen_t len = sizeof(sock);
+ if (getpeername(sccp->bsc->write_queue.bfd.fd, (struct sockaddr *) &sock, &len) != 0) {
+ LOGP(DMGCP, LOGL_ERROR, "Can not get the peername...%d/%s\n",
+ errno, strerror(errno));
+ } else {
+ mgcp_endp->bts = sock.sin_addr;
+ }
+
+ /* send the message and a fake MDCX for force sending of a dummy packet */
+ sccp->crcx = 1;
+ bsc_write(sccp->bsc, bsc_msg, NAT_IPAC_PROTO_MGCP);
+ bsc_mgcp_send_mdcx(sccp->bsc, mgcp_endp);
+ return MGCP_POLICY_DEFER;
+ } else if (state == MGCP_ENDP_DLCX) {
+ /* we will free the endpoint now and send a DLCX to the BSC */
+ msgb_free(bsc_msg);
+ bsc_mgcp_dlcx(sccp);
+ return MGCP_POLICY_CONT;
+ } else {
+ bsc_write(sccp->bsc, bsc_msg, NAT_IPAC_PROTO_MGCP);
+ return MGCP_POLICY_DEFER;
+ }
+}
+
+/*
+ * We have received a msg from the BSC. We will see if we know
+ * this transaction and if it belongs to the BSC. Then we will
+ * need to patch the content to point to the local network and we
+ * need to update the I: that was assigned by the BSS.
+ */
+void bsc_mgcp_forward(struct bsc_connection *bsc, struct msgb *msg)
+{
+ struct msgb *output;
+ struct bsc_endpoint *bsc_endp = NULL;
+ struct mgcp_endpoint *endp = NULL;
+ int i, code;
+ char transaction_id[60];
+
+ /* Some assumption that our buffer is big enough.. and null terminate */
+ if (msgb_l2len(msg) > 2000) {
+ LOGP(DMGCP, LOGL_ERROR, "MGCP message too long.\n");
+ return;
+ }
+
+ msg->l2h[msgb_l2len(msg)] = '\0';
+
+ if (bsc_mgcp_parse_response((const char *) msg->l2h, &code, transaction_id) != 0) {
+ LOGP(DMGCP, LOGL_ERROR, "Failed to parse response code.\n");
+ return;
+ }
+
+ for (i = 1; i < bsc->nat->mgcp_cfg->number_endpoints; ++i) {
+ if (bsc->nat->bsc_endpoints[i].bsc != bsc)
+ continue;
+ /* no one listening? a bug? */
+ if (!bsc->nat->bsc_endpoints[i].transaction_id)
+ continue;
+ if (strcmp(transaction_id, bsc->nat->bsc_endpoints[i].transaction_id) != 0)
+ continue;
+
+ endp = &bsc->nat->mgcp_cfg->endpoints[i];
+ bsc_endp = &bsc->nat->bsc_endpoints[i];
+ break;
+ }
+
+ if (!bsc_endp) {
+ LOGP(DMGCP, LOGL_ERROR, "Could not find active endpoint: %s for msg: '%s'\n",
+ transaction_id, (const char *) msg->l2h);
+ return;
+ }
+
+ endp->ci = bsc_mgcp_extract_ci((const char *) msg->l2h);
+
+ /* free some stuff */
+ talloc_free(bsc_endp->transaction_id);
+ bsc_endp->transaction_id = NULL;
+
+ /*
+ * rewrite the information. In case the endpoint was deleted
+ * there should be nothing for us to rewrite so putting endp->rtp_port
+ * with the value of 0 should be no problem.
+ */
+ output = bsc_mgcp_rewrite((char * ) msg->l2h, msgb_l2len(msg),
+ bsc->nat->mgcp_cfg->source_addr, endp->rtp_port);
+
+ if (!output) {
+ LOGP(DMGCP, LOGL_ERROR, "Failed to rewrite MGCP msg.\n");
+ return;
+ }
+
+ if (write_queue_enqueue(&bsc->nat->mgcp_queue, output) != 0) {
+ LOGP(DMGCP, LOGL_ERROR, "Failed to queue MGCP msg.\n");
+ msgb_free(output);
+ }
+}
+
+int bsc_mgcp_parse_response(const char *str, int *code, char transaction[60])
+{
+ /* we want to parse two strings */
+ return sscanf(str, "%3d %59s\n", code, transaction) != 2;
+}
+
+int bsc_mgcp_extract_ci(const char *str)
+{
+ int ci;
+ char *res = strstr(str, "I: ");
+ if (!res)
+ return CI_UNUSED;
+
+ if (sscanf(res, "I: %d", &ci) != 1)
+ return CI_UNUSED;
+ return ci;
+}
+
+/* we need to replace some strings... */
+struct msgb *bsc_mgcp_rewrite(char *input, int length, const char *ip, int port)
+{
+ static const char *ip_str = "c=IN IP4 ";
+ static const char *aud_str = "m=audio ";
+
+ char buf[128];
+ char *running, *token;
+ struct msgb *output;
+
+ if (length > 4096 - 128) {
+ LOGP(DMGCP, LOGL_ERROR, "Input is too long.\n");
+ return NULL;
+ }
+
+ output = msgb_alloc_headroom(4096, 128, "MGCP rewritten");
+ if (!output) {
+ LOGP(DMGCP, LOGL_ERROR, "Failed to allocate new MGCP msg.\n");
+ return NULL;
+ }
+
+ running = input;
+ output->l2h = output->data;
+ for (token = strsep(&running, "\n"); running; token = strsep(&running, "\n")) {
+ int len = strlen(token);
+ int cr = len > 0 && token[len - 1] == '\r';
+
+ if (strncmp(ip_str, token, (sizeof ip_str) - 1) == 0) {
+ output->l3h = msgb_put(output, strlen(ip_str));
+ memcpy(output->l3h, ip_str, strlen(ip_str));
+ output->l3h = msgb_put(output, strlen(ip));
+ memcpy(output->l3h, ip, strlen(ip));
+
+ if (cr) {
+ output->l3h = msgb_put(output, 2);
+ output->l3h[0] = '\r';
+ output->l3h[1] = '\n';
+ } else {
+ output->l3h = msgb_put(output, 1);
+ output->l3h[0] = '\n';
+ }
+ } else if (strncmp(aud_str, token, (sizeof aud_str) - 1) == 0) {
+ int payload;
+ if (sscanf(token, "m=audio %*d RTP/AVP %d", &payload) != 1) {
+ LOGP(DMGCP, LOGL_ERROR, "Could not parsed audio line.\n");
+ msgb_free(output);
+ return NULL;
+ }
+
+ snprintf(buf, sizeof(buf)-1, "m=audio %d RTP/AVP %d%s",
+ port, payload, cr ? "\r\n" : "\n");
+ buf[sizeof(buf)-1] = '\0';
+
+ output->l3h = msgb_put(output, strlen(buf));
+ memcpy(output->l3h, buf, strlen(buf));
+ } else {
+ output->l3h = msgb_put(output, len + 1);
+ memcpy(output->l3h, token, len);
+ output->l3h[len] = '\n';
+ }
+ }
+
+ return output;
+}
+
+static int mgcp_do_read(struct bsc_fd *fd)
+{
+ struct bsc_nat *nat;
+ struct msgb *msg, *resp;
+ int rc;
+
+ nat = fd->data;
+
+ rc = read(fd->fd, nat->mgcp_msg, sizeof(nat->mgcp_msg) - 1);
+ if (rc <= 0) {
+ LOGP(DMGCP, LOGL_ERROR, "Failed to read errno: %d\n", errno);
+ return -1;
+ }
+
+ nat->mgcp_msg[rc] = '\0';
+ nat->mgcp_length = rc;
+
+ msg = msgb_alloc(sizeof(nat->mgcp_msg), "MGCP GW Read");
+ if (!msg) {
+ LOGP(DMGCP, LOGL_ERROR, "Failed to create buffer.\n");
+ return -1;
+ }
+
+ msg->l2h = msgb_put(msg, rc);
+ memcpy(msg->l2h, nat->mgcp_msg, msgb_l2len(msg));
+ resp = mgcp_handle_message(nat->mgcp_cfg, msg);
+ msgb_free(msg);
+
+ /* we do have a direct answer... e.g. AUEP */
+ if (resp) {
+ if (write_queue_enqueue(&nat->mgcp_queue, resp) != 0) {
+ LOGP(DMGCP, LOGL_ERROR, "Failed to enqueue msg.\n");
+ msgb_free(resp);
+ }
+ }
+
+ return 0;
+}
+
+static int mgcp_do_write(struct bsc_fd *bfd, struct msgb *msg)
+{
+ int rc;
+
+ rc = write(bfd->fd, msg->data, msg->len);
+
+ if (rc != msg->len) {
+ LOGP(DMGCP, LOGL_ERROR, "Failed to write msg to MGCP CallAgent.\n");
+ return -1;
+ }
+
+ return rc;
+}
+
+int bsc_mgcp_nat_init(struct bsc_nat *nat)
+{
+ int on;
+ struct sockaddr_in addr;
+
+ if (!nat->mgcp_cfg->call_agent_addr) {
+ LOGP(DMGCP, LOGL_ERROR, "The BSC nat requires the call agent ip to be set.\n");
+ return -1;
+ }
+
+ if (nat->mgcp_cfg->bts_ip) {
+ LOGP(DMGCP, LOGL_ERROR, "Do not set the BTS ip for the nat.\n");
+ return -1;
+ }
+
+ nat->mgcp_queue.bfd.fd = socket(AF_INET, SOCK_DGRAM, 0);
+ if (nat->mgcp_queue.bfd.fd < 0) {
+ LOGP(DMGCP, LOGL_ERROR, "Failed to create MGCP socket. errno: %d\n", errno);
+ return -1;
+ }
+
+ on = 1;
+ setsockopt(nat->mgcp_queue.bfd.fd, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on));
+
+ addr.sin_family = AF_INET;
+ addr.sin_port = htons(nat->mgcp_cfg->source_port);
+ inet_aton(nat->mgcp_cfg->source_addr, &addr.sin_addr);
+
+ if (bind(nat->mgcp_queue.bfd.fd, (struct sockaddr *) &addr, sizeof(addr)) < 0) {
+ LOGP(DMGCP, LOGL_ERROR, "Failed to bind. errno: %d\n", errno);
+ close(nat->mgcp_queue.bfd.fd);
+ nat->mgcp_queue.bfd.fd = -1;
+ return -1;
+ }
+
+ addr.sin_port = htons(2727);
+ inet_aton(nat->mgcp_cfg->call_agent_addr, &addr.sin_addr);
+ if (connect(nat->mgcp_queue.bfd.fd, (struct sockaddr *) &addr, sizeof(addr)) < 0) {
+ LOGP(DMGCP, LOGL_ERROR, "Failed to connect to: '%s'. errno: %d\n",
+ nat->mgcp_cfg->call_agent_addr, errno);
+ close(nat->mgcp_queue.bfd.fd);
+ nat->mgcp_queue.bfd.fd = -1;
+ return -1;
+ }
+
+ write_queue_init(&nat->mgcp_queue, 10);
+ nat->mgcp_queue.bfd.when = BSC_FD_READ;
+ nat->mgcp_queue.bfd.data = nat;
+ nat->mgcp_queue.read_cb = mgcp_do_read;
+ nat->mgcp_queue.write_cb = mgcp_do_write;
+
+ if (bsc_register_fd(&nat->mgcp_queue.bfd) != 0) {
+ LOGP(DMGCP, LOGL_ERROR, "Failed to register MGCP fd.\n");
+ close(nat->mgcp_queue.bfd.fd);
+ nat->mgcp_queue.bfd.fd = -1;
+ return -1;
+ }
+
+ /* some more MGCP config handling */
+ nat->mgcp_cfg->audio_payload = -1;
+ nat->mgcp_cfg->data = nat;
+ nat->mgcp_cfg->policy_cb = bsc_mgcp_policy_cb;
+ nat->mgcp_cfg->force_realloc = 1;
+ nat->mgcp_cfg->bts_ip = "";
+ nat->bsc_endpoints = talloc_zero_array(nat,
+ struct bsc_endpoint,
+ nat->mgcp_cfg->number_endpoints + 1);
+
+ return 0;
+}
+
+void bsc_mgcp_clear_endpoints_for(struct bsc_connection *bsc)
+{
+ int i;
+ for (i = 1; i < bsc->nat->mgcp_cfg->number_endpoints; ++i) {
+ struct bsc_endpoint *bsc_endp = &bsc->nat->bsc_endpoints[i];
+
+ if (bsc_endp->bsc != bsc)
+ continue;
+
+ bsc_mgcp_free_endpoint(bsc->nat, i);
+ mgcp_free_endp(&bsc->nat->mgcp_cfg->endpoints[i]);
+ }
+}
diff --git a/openbsc/src/nat/bsc_nat.c b/openbsc/src/nat/bsc_nat.c
new file mode 100644
index 0000000..2e8a00d
--- /dev/null
+++ b/openbsc/src/nat/bsc_nat.c
@@ -0,0 +1,1171 @@
+/* BSC Multiplexer/NAT */
+
+/*
+ * (C) 2010 by Holger Hans Peter Freyther <zecke@selfish.org>
+ * (C) 2010 by On-Waves
+ * (C) 2009 by Harald Welte <laforge@gnumonks.org>
+ * All Rights Reserved
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ */
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <netinet/tcp.h>
+#include <arpa/inet.h>
+
+#include <errno.h>
+#include <signal.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <time.h>
+#include <unistd.h>
+
+#define _GNU_SOURCE
+#include <getopt.h>
+
+#include <openbsc/debug.h>
+#include <openbsc/bsc_msc.h>
+#include <openbsc/bsc_nat.h>
+#include <openbsc/ipaccess.h>
+#include <openbsc/abis_nm.h>
+#include <openbsc/vty.h>
+
+#include <osmocore/gsm0808.h>
+#include <osmocore/talloc.h>
+
+#include <osmocore/protocol/gsm_08_08.h>
+
+#include <osmocom/vty/telnet_interface.h>
+#include <osmocom/vty/vty.h>
+
+#include <sccp/sccp.h>
+
+#include "../../bscconfig.h"
+
+#define SCCP_CLOSE_TIME 20
+#define SCCP_CLOSE_TIME_TIMEOUT 19
+
+struct log_target *stderr_target;
+static const char *config_file = "bsc-nat.cfg";
+static struct in_addr local_addr;
+static struct bsc_fd bsc_listen;
+static const char *msc_ip = NULL;
+static struct timer_list sccp_close;
+
+const char *openbsc_copyright =
+ "Copyright (C) 2010 Holger Hans Peter Freyther and On-Waves\n"
+ "License GPLv2+: GNU GPL version 2 or later <http://gnu.org/licenses/gpl.html>\n"
+ "This is free software: you are free to change and redistribute it.\n"
+ "There is NO WARRANTY, to the extent permitted by law.\n";
+
+static struct bsc_nat *nat;
+static void bsc_send_data(struct bsc_connection *bsc, const u_int8_t *data, unsigned int length, int);
+static void msc_send_reset(struct bsc_msc_connection *con);
+
+struct bsc_config *bsc_config_num(struct bsc_nat *nat, int num)
+{
+ struct bsc_config *conf;
+
+ llist_for_each_entry(conf, &nat->bsc_configs, entry)
+ if (conf->nr == num)
+ return conf;
+
+ return NULL;
+}
+
+/*
+ * below are stubs we need to link
+ */
+int nm_state_event(enum nm_evt evt, u_int8_t obj_class, void *obj,
+ struct gsm_nm_state *old_state, struct gsm_nm_state *new_state,
+ struct abis_om_obj_inst *obj_ins)
+{
+ return -1;
+}
+
+void input_event(int event, enum e1inp_sign_type type, struct gsm_bts_trx *trx)
+{}
+
+int gsm0408_rcvmsg(struct msgb *msg, u_int8_t link_id)
+{
+ return -1;
+}
+
+static void queue_for_msc(struct bsc_msc_connection *con, struct msgb *msg)
+{
+ if (write_queue_enqueue(&nat->msc_con->write_queue, msg) != 0) {
+ LOGP(DINP, LOGL_ERROR, "Failed to enqueue the write.\n");
+ msgb_free(msg);
+ }
+}
+
+static void send_reset_ack(struct bsc_connection *bsc)
+{
+ static const u_int8_t gsm_reset_ack[] = {
+ 0x09, 0x00, 0x03, 0x07, 0x0b, 0x04, 0x43, 0x01,
+ 0x00, 0xfe, 0x04, 0x43, 0x5c, 0x00, 0xfe, 0x03,
+ 0x00, 0x01, 0x31,
+ };
+
+ bsc_send_data(bsc, gsm_reset_ack, sizeof(gsm_reset_ack), IPAC_PROTO_SCCP);
+}
+
+static void send_ping(struct bsc_connection *bsc)
+{
+ static const u_int8_t id_ping[] = {
+ IPAC_MSGT_PING,
+ };
+
+ bsc_send_data(bsc, id_ping, sizeof(id_ping), IPAC_PROTO_IPACCESS);
+}
+
+static void send_pong(struct bsc_connection *bsc)
+{
+ static const u_int8_t id_pong[] = {
+ IPAC_MSGT_PONG,
+ };
+
+ bsc_send_data(bsc, id_pong, sizeof(id_pong), IPAC_PROTO_IPACCESS);
+}
+
+static void bsc_pong_timeout(void *_bsc)
+{
+ struct bsc_connection *bsc = _bsc;
+
+ LOGP(DNAT, LOGL_ERROR, "BSC Nr: %d PONG timeout.\n", bsc->cfg->nr);
+ bsc_close_connection(bsc);
+}
+
+static void bsc_ping_timeout(void *_bsc)
+{
+ struct bsc_connection *bsc = _bsc;
+
+ if (bsc->nat->ping_timeout < 0)
+ return;
+
+ send_ping(bsc);
+
+ /* send another ping in 20 seconds */
+ bsc_schedule_timer(&bsc->ping_timeout, bsc->nat->ping_timeout, 0);
+
+ /* also start a pong timer */
+ bsc_schedule_timer(&bsc->pong_timeout, bsc->nat->pong_timeout, 0);
+}
+
+static void start_ping_pong(struct bsc_connection *bsc)
+{
+ bsc->pong_timeout.data = bsc;
+ bsc->pong_timeout.cb = bsc_pong_timeout;
+ bsc->ping_timeout.data = bsc;
+ bsc->ping_timeout.cb = bsc_ping_timeout;
+
+ bsc_ping_timeout(bsc);
+}
+
+static void send_id_ack(struct bsc_connection *bsc)
+{
+ static const u_int8_t id_ack[] = {
+ IPAC_MSGT_ID_ACK
+ };
+
+ bsc_send_data(bsc, id_ack, sizeof(id_ack), IPAC_PROTO_IPACCESS);
+}
+
+static void send_id_req(struct bsc_connection *bsc)
+{
+ static const u_int8_t id_req[] = {
+ IPAC_MSGT_ID_GET,
+ 0x01, IPAC_IDTAG_UNIT,
+ 0x01, IPAC_IDTAG_MACADDR,
+ 0x01, IPAC_IDTAG_LOCATION1,
+ 0x01, IPAC_IDTAG_LOCATION2,
+ 0x01, IPAC_IDTAG_EQUIPVERS,
+ 0x01, IPAC_IDTAG_SWVERSION,
+ 0x01, IPAC_IDTAG_UNITNAME,
+ 0x01, IPAC_IDTAG_SERNR,
+ };
+
+ bsc_send_data(bsc, id_req, sizeof(id_req), IPAC_PROTO_IPACCESS);
+}
+
+static void nat_send_rlsd(struct sccp_connections *conn)
+{
+ struct sccp_connection_released *rel;
+ struct msgb *msg;
+
+ msg = msgb_alloc_headroom(4096, 128, "rlsd");
+ if (!msg) {
+ LOGP(DNAT, LOGL_ERROR, "Failed to allocate clear command.\n");
+ return;
+ }
+
+ msg->l2h = msgb_put(msg, sizeof(*rel));
+ rel = (struct sccp_connection_released *) msg->l2h;
+ rel->type = SCCP_MSG_TYPE_RLSD;
+ rel->release_cause = SCCP_RELEASE_CAUSE_SCCP_FAILURE;
+ rel->destination_local_reference = conn->remote_ref;
+ rel->source_local_reference = conn->patched_ref;
+
+ ipaccess_prepend_header(msg, IPAC_PROTO_SCCP);
+
+ queue_for_msc(nat->msc_con, msg);
+}
+
+static void nat_send_rlc(struct sccp_source_reference *src,
+ struct sccp_source_reference *dst)
+{
+ struct sccp_connection_release_complete *rlc;
+ struct msgb *msg;
+
+ msg = msgb_alloc_headroom(4096, 128, "rlc");
+ if (!msg) {
+ LOGP(DNAT, LOGL_ERROR, "Failed to allocate clear command.\n");
+ return;
+ }
+
+ msg->l2h = msgb_put(msg, sizeof(*rlc));
+ rlc = (struct sccp_connection_release_complete *) msg->l2h;
+ rlc->type = SCCP_MSG_TYPE_RLC;
+ rlc->destination_local_reference = *dst;
+ rlc->source_local_reference = *src;
+
+ ipaccess_prepend_header(msg, IPAC_PROTO_SCCP);
+
+ queue_for_msc(nat->msc_con, msg);
+}
+
+static void send_mgcp_reset(struct bsc_connection *bsc)
+{
+ static const u_int8_t mgcp_reset[] = {
+ "RSIP 1 13@mgw MGCP 1.0\r\n"
+ };
+
+ bsc_write_mgcp(bsc, mgcp_reset, sizeof mgcp_reset - 1);
+}
+
+/*
+ * Below is the handling of messages coming
+ * from the MSC and need to be forwarded to
+ * a real BSC.
+ */
+static void initialize_msc_if_needed()
+{
+ if (nat->first_contact)
+ return;
+
+ nat->first_contact = 1;
+ msc_send_reset(nat->msc_con);
+}
+
+static void send_id_get_response()
+{
+ struct msgb *msg = bsc_msc_id_get_resp(nat->token);
+ if (!msg)
+ return;
+
+ ipaccess_prepend_header(msg, IPAC_PROTO_IPACCESS);
+ queue_for_msc(nat->msc_con, msg);
+}
+
+/*
+ * Currently we are lacking refcounting so we need to copy each message.
+ */
+static void bsc_send_data(struct bsc_connection *bsc, const u_int8_t *data, unsigned int length, int proto)
+{
+ struct msgb *msg;
+
+ if (length > 4096 - 128) {
+ LOGP(DINP, LOGL_ERROR, "Can not send message of that size.\n");
+ return;
+ }
+
+ msg = msgb_alloc_headroom(4096, 128, "to-bsc");
+ if (!msg) {
+ LOGP(DINP, LOGL_ERROR, "Failed to allocate memory for BSC msg.\n");
+ return;
+ }
+
+ msg->l2h = msgb_put(msg, length);
+ memcpy(msg->data, data, length);
+
+ bsc_write(bsc, msg, proto);
+}
+
+static void bsc_send_con_refuse(struct bsc_connection *bsc,
+ struct bsc_nat_parsed *parsed, int con_type)
+{
+ struct msgb *payload;
+ struct msgb *refuse;
+
+ if (con_type == NAT_CON_TYPE_LU)
+ payload = gsm48_create_loc_upd_rej(GSM48_REJECT_PLMN_NOT_ALLOWED);
+ else if (con_type == NAT_CON_TYPE_CM_SERV_REQ)
+ payload = gsm48_create_mm_serv_rej(GSM48_REJECT_PLMN_NOT_ALLOWED);
+
+ /*
+ * Some BSCs do not handle the payload inside a SCCP CREF msg
+ * so we will need to:
+ * 1.) Allocate a local connection and mark it as local..
+ * 2.) queue data for downstream.. and the RLC should delete everything
+ */
+ if (payload) {
+ struct msgb *cc, *udt, *rlsd;
+ struct sccp_connections *con;
+ con = create_sccp_src_ref(bsc, parsed);
+ if (!con)
+ goto send_refuse;
+
+ /* declare it local and assign a unique remote_ref */
+ con->con_type = NAT_CON_TYPE_LOCAL_REJECT;
+ con->con_local = 1;
+ con->has_remote_ref = 1;
+ con->remote_ref = con->patched_ref;
+
+ /* 1. create a confirmation */
+ cc = sccp_create_cc(&con->remote_ref, &con->real_ref);
+ if (!cc)
+ goto send_refuse;
+
+ /* 2. create the DT1 */
+ gsm0808_prepend_dtap_header(payload, 0);
+ udt = sccp_create_dt1(&con->real_ref, payload->data, payload->len);
+ if (!udt) {
+ msgb_free(cc);
+ goto send_refuse;
+ }
+
+ /* 3. send a RLSD */
+ rlsd = sccp_create_rlsd(&con->remote_ref, &con->real_ref,
+ SCCP_RELEASE_CAUSE_END_USER_ORIGINATED);
+ if (!rlsd) {
+ msgb_free(cc);
+ msgb_free(udt);
+ goto send_refuse;
+ }
+
+ bsc_write(bsc, cc, IPAC_PROTO_SCCP);
+ bsc_write(bsc, udt, IPAC_PROTO_SCCP);
+ bsc_write(bsc, rlsd, IPAC_PROTO_SCCP);
+ msgb_free(payload);
+ return;
+ }
+
+
+send_refuse:
+ if (payload)
+ msgb_free(payload);
+
+ refuse = sccp_create_refuse(parsed->src_local_ref,
+ SCCP_REFUSAL_SCCP_FAILURE, NULL, 0);
+ if (!refuse) {
+ LOGP(DNAT, LOGL_ERROR,
+ "Creating refuse msg failed for SCCP 0x%x on BSC Nr: %d.\n",
+ sccp_src_ref_to_int(parsed->src_local_ref), bsc->cfg->nr);
+ return;
+ }
+
+ bsc_write(bsc, refuse, IPAC_PROTO_SCCP);
+}
+
+
+static int forward_sccp_to_bts(struct msgb *msg)
+{
+ struct sccp_connections *con;
+ struct bsc_connection *bsc;
+ struct bsc_nat_parsed *parsed;
+ int proto;
+
+ /* filter, drop, patch the message? */
+ parsed = bsc_nat_parse(msg);
+ if (!parsed) {
+ LOGP(DNAT, LOGL_ERROR, "Can not parse msg from BSC.\n");
+ return -1;
+ }
+
+ if (bsc_nat_filter_ipa(DIR_BSC, msg, parsed))
+ goto exit;
+
+ proto = parsed->ipa_proto;
+
+ /* Route and modify the SCCP packet */
+ if (proto == IPAC_PROTO_SCCP) {
+ switch (parsed->sccp_type) {
+ case SCCP_MSG_TYPE_UDT:
+ /* forward UDT messages to every BSC */
+ goto send_to_all;
+ break;
+ case SCCP_MSG_TYPE_RLSD:
+ case SCCP_MSG_TYPE_CREF:
+ case SCCP_MSG_TYPE_DT1:
+ case SCCP_MSG_TYPE_IT:
+ con = patch_sccp_src_ref_to_bsc(msg, parsed, nat);
+ if (parsed->gsm_type == BSS_MAP_MSG_ASSIGMENT_RQST) {
+ counter_inc(nat->stats.sccp.calls);
+
+ if (con) {
+ counter_inc(con->bsc->cfg->stats.sccp.calls);
+ if (bsc_mgcp_assign(con, msg) != 0)
+ LOGP(DNAT, LOGL_ERROR, "Failed to assign...\n");
+ } else
+ LOGP(DNAT, LOGL_ERROR, "Assignment command but no BSC.\n");
+ }
+ break;
+ case SCCP_MSG_TYPE_CC:
+ con = patch_sccp_src_ref_to_bsc(msg, parsed, nat);
+ if (!con || update_sccp_src_ref(con, parsed) != 0)
+ goto exit;
+ break;
+ case SCCP_MSG_TYPE_RLC:
+ LOGP(DNAT, LOGL_ERROR, "Unexpected release complete from MSC.\n");
+ goto exit;
+ break;
+ case SCCP_MSG_TYPE_CR:
+ /* MSC never opens a SCCP connection, fall through */
+ default:
+ goto exit;
+ }
+
+ if (!con && parsed->sccp_type == SCCP_MSG_TYPE_RLSD) {
+ LOGP(DNAT, LOGL_NOTICE, "Sending fake RLC on RLSD message to network.\n");
+ /* Exchange src/dest for the reply */
+ nat_send_rlc(parsed->dest_local_ref, parsed->src_local_ref);
+ } else if (!con)
+ LOGP(DNAT, LOGL_ERROR, "Unknown connection for msg type: 0x%x from the MSC.\n", parsed->sccp_type);
+ }
+
+ talloc_free(parsed);
+ if (!con)
+ return -1;
+ if (!con->bsc->authenticated) {
+ LOGP(DNAT, LOGL_ERROR, "Selected BSC not authenticated.\n");
+ return -1;
+ }
+
+ bsc_send_data(con->bsc, msg->l2h, msgb_l2len(msg), proto);
+ return 0;
+
+send_to_all:
+ /*
+ * Filter Paging from the network. We do not want to send a PAGING
+ * Command to every BSC in our network. We will analys the PAGING
+ * message and then send it to the authenticated messages...
+ */
+ if (parsed->ipa_proto == IPAC_PROTO_SCCP && parsed->gsm_type == BSS_MAP_MSG_PAGING) {
+ int lac;
+ bsc = bsc_nat_find_bsc(nat, msg, &lac);
+ if (bsc && bsc->cfg->forbid_paging)
+ LOGP(DNAT, LOGL_DEBUG, "Paging forbidden for BTS: %d\n", bsc->cfg->nr);
+ else if (bsc)
+ bsc_send_data(bsc, msg->l2h, msgb_l2len(msg), parsed->ipa_proto);
+ else
+ LOGP(DNAT, LOGL_ERROR, "Could not determine BSC for paging on lac: %d/0x%x\n",
+ lac, lac);
+
+ goto exit;
+ }
+ /* currently send this to every BSC connected */
+ llist_for_each_entry(bsc, &nat->bsc_connections, list_entry) {
+ if (!bsc->authenticated)
+ continue;
+
+ bsc_send_data(bsc, msg->l2h, msgb_l2len(msg), parsed->ipa_proto);
+ }
+
+exit:
+ talloc_free(parsed);
+ return 0;
+}
+
+static void msc_connection_was_lost(struct bsc_msc_connection *con)
+{
+ struct bsc_connection *bsc, *tmp;
+
+ counter_inc(nat->stats.msc.reconn);
+
+ LOGP(DMSC, LOGL_ERROR, "Closing all connections downstream.\n");
+ llist_for_each_entry_safe(bsc, tmp, &nat->bsc_connections, list_entry)
+ bsc_close_connection(bsc);
+
+ nat->first_contact = 0;
+ bsc_mgcp_free_endpoints(nat);
+ bsc_msc_schedule_connect(con);
+}
+
+static void msc_send_reset(struct bsc_msc_connection *msc_con)
+{
+ static const u_int8_t reset[] = {
+ 0x00, 0x12, 0xfd,
+ 0x09, 0x00, 0x03, 0x05, 0x07, 0x02, 0x42, 0xfe,
+ 0x02, 0x42, 0xfe, 0x06, 0x00, 0x04, 0x30, 0x04,
+ 0x01, 0x20
+ };
+
+ struct msgb *msg;
+
+ msg = msgb_alloc_headroom(4096, 128, "08.08 reset");
+ if (!msg) {
+ LOGP(DMSC, LOGL_ERROR, "Failed to allocate reset msg.\n");
+ return;
+ }
+
+ msg->l2h = msgb_put(msg, sizeof(reset));
+ memcpy(msg->l2h, reset, msgb_l2len(msg));
+
+ queue_for_msc(nat->msc_con, msg);
+
+ LOGP(DMSC, LOGL_NOTICE, "Scheduled GSM0808 reset msg for the MSC.\n");
+}
+
+static int ipaccess_msc_read_cb(struct bsc_fd *bfd)
+{
+ int error;
+ struct msgb *msg = ipaccess_read_msg(bfd, &error);
+ struct ipaccess_head *hh;
+
+ if (!msg) {
+ if (error == 0)
+ LOGP(DNAT, LOGL_FATAL, "The connection the MSC was lost, exiting\n");
+ else
+ LOGP(DNAT, LOGL_ERROR, "Failed to parse ip access message: %d\n", error);
+
+ bsc_msc_lost(nat->msc_con);
+ return -1;
+ }
+
+ LOGP(DNAT, LOGL_DEBUG, "MSG from MSC: %s proto: %d\n", hexdump(msg->data, msg->len), msg->l2h[0]);
+
+ /* handle base message handling */
+ hh = (struct ipaccess_head *) msg->data;
+ ipaccess_rcvmsg_base(msg, bfd);
+
+ /* initialize the networking. This includes sending a GSM08.08 message */
+ if (hh->proto == IPAC_PROTO_IPACCESS) {
+ if (msg->l2h[0] == IPAC_MSGT_ID_ACK)
+ initialize_msc_if_needed();
+ else if (msg->l2h[0] == IPAC_MSGT_ID_GET)
+ send_id_get_response();
+ } else if (hh->proto == IPAC_PROTO_SCCP)
+ forward_sccp_to_bts(msg);
+
+ msgb_free(msg);
+ return 0;
+}
+
+static int ipaccess_msc_write_cb(struct bsc_fd *bfd, struct msgb *msg)
+{
+ int rc;
+ rc = write(bfd->fd, msg->data, msg->len);
+
+ if (rc != msg->len) {
+ LOGP(DNAT, LOGL_ERROR, "Failed to write MSG to MSC.\n");
+ return -1;
+ }
+
+ return rc;
+}
+
+/*
+ * Below is the handling of messages coming
+ * from the BSC and need to be forwarded to
+ * a real BSC.
+ */
+
+/*
+ * Remove the connection from the connections list,
+ * remove it from the patching of SCCP header lists
+ * as well. Maybe in the future even close connection..
+ */
+void bsc_close_connection(struct bsc_connection *connection)
+{
+ struct sccp_connections *sccp_patch, *tmp;
+
+ /* stop the timeout timer */
+ bsc_del_timer(&connection->id_timeout);
+ bsc_del_timer(&connection->ping_timeout);
+ bsc_del_timer(&connection->pong_timeout);
+
+ /* remove all SCCP connections */
+ llist_for_each_entry_safe(sccp_patch, tmp, &nat->sccp_connections, list_entry) {
+ if (sccp_patch->bsc != connection)
+ continue;
+
+ if (sccp_patch->has_remote_ref)
+ nat_send_rlsd(sccp_patch);
+ sccp_connection_destroy(sccp_patch);
+ }
+
+ /* close endpoints allocated by this BSC */
+ bsc_mgcp_clear_endpoints_for(connection);
+
+ bsc_unregister_fd(&connection->write_queue.bfd);
+ close(connection->write_queue.bfd.fd);
+ write_queue_clear(&connection->write_queue);
+ llist_del(&connection->list_entry);
+
+ talloc_free(connection);
+}
+
+static void ipaccess_close_bsc(void *data)
+{
+ struct sockaddr_in sock;
+ socklen_t len = sizeof(sock);
+ struct bsc_connection *conn = data;
+
+
+ getpeername(conn->write_queue.bfd.fd, (struct sockaddr *) &sock, &len);
+ LOGP(DNAT, LOGL_ERROR, "BSC on %s didn't respond to identity request. Closing.\n",
+ inet_ntoa(sock.sin_addr));
+ bsc_close_connection(conn);
+}
+
+static void ipaccess_auth_bsc(struct tlv_parsed *tvp, struct bsc_connection *bsc)
+{
+ struct bsc_config *conf;
+ const char* token = (const char *) TLVP_VAL(tvp, IPAC_IDTAG_UNITNAME);
+
+ if (bsc->cfg) {
+ LOGP(DNAT, LOGL_ERROR, "Reauth on fd %d bsc nr %d\n",
+ bsc->write_queue.bfd.fd, bsc->cfg->nr);
+ return;
+ }
+
+ llist_for_each_entry(conf, &bsc->nat->bsc_configs, entry) {
+ if (strcmp(conf->token, token) == 0) {
+ counter_inc(conf->stats.net.reconn);
+ bsc->authenticated = 1;
+ bsc->cfg = conf;
+ bsc_del_timer(&bsc->id_timeout);
+ LOGP(DNAT, LOGL_NOTICE, "Authenticated bsc nr: %d lac: %d on fd %d\n",
+ conf->nr, conf->lac, bsc->write_queue.bfd.fd);
+ start_ping_pong(bsc);
+ return;
+ }
+ }
+
+ LOGP(DNAT, LOGL_ERROR, "No bsc found for token %s on fd: %d.\n", token,
+ bsc->write_queue.bfd.fd);
+}
+
+static int forward_sccp_to_msc(struct bsc_connection *bsc, struct msgb *msg)
+{
+ int con_found = 0;
+ int con_filter = 0;
+ struct bsc_connection *con_bsc = NULL;
+ int con_type;
+ struct bsc_nat_parsed *parsed;
+
+ /* Parse and filter messages */
+ parsed = bsc_nat_parse(msg);
+ if (!parsed) {
+ LOGP(DNAT, LOGL_ERROR, "Can not parse msg from BSC.\n");
+ msgb_free(msg);
+ return -1;
+ }
+
+ if (bsc_nat_filter_ipa(DIR_MSC, msg, parsed))
+ goto exit;
+
+ /*
+ * check authentication after filtering to not reject auth
+ * responses coming from the BSC. We have to make sure that
+ * nothing from the exit path will forward things to the MSC
+ */
+ if (!bsc->authenticated) {
+ LOGP(DNAT, LOGL_ERROR, "BSC is not authenticated.\n");
+ msgb_free(msg);
+ return -1;
+ }
+
+
+ /* modify the SCCP entries */
+ if (parsed->ipa_proto == IPAC_PROTO_SCCP) {
+ struct sccp_connections *con;
+ switch (parsed->sccp_type) {
+ case SCCP_MSG_TYPE_CR:
+ if (bsc_nat_filter_sccp_cr(bsc, msg, parsed, &con_type) != 0)
+ goto exit3;
+ if (!create_sccp_src_ref(bsc, parsed))
+ goto exit2;
+ con = patch_sccp_src_ref_to_msc(msg, parsed, bsc);
+ con->con_type = con_type;
+ con_found = 1;
+ con_bsc = con->bsc;
+ break;
+ case SCCP_MSG_TYPE_RLSD:
+ case SCCP_MSG_TYPE_CREF:
+ case SCCP_MSG_TYPE_DT1:
+ case SCCP_MSG_TYPE_CC:
+ case SCCP_MSG_TYPE_IT:
+ con = patch_sccp_src_ref_to_msc(msg, parsed, bsc);
+ if (con) {
+ con_found = 1;
+ con_bsc = con->bsc;
+ con_filter = con->con_local;
+ }
+ break;
+ case SCCP_MSG_TYPE_RLC:
+ con = patch_sccp_src_ref_to_msc(msg, parsed, bsc);
+ if (con) {
+ con_found = 1;
+ con_bsc = con->bsc;
+ con_filter = con->con_local;
+ }
+ remove_sccp_src_ref(bsc, msg, parsed);
+ break;
+ case SCCP_MSG_TYPE_UDT:
+ /* simply forward everything */
+ con = NULL;
+ break;
+ default:
+ LOGP(DNAT, LOGL_ERROR, "Not forwarding to msc sccp type: 0x%x\n", parsed->sccp_type);
+ con = NULL;
+ goto exit2;
+ break;
+ }
+ } else if (parsed->ipa_proto == NAT_IPAC_PROTO_MGCP) {
+ bsc_mgcp_forward(bsc, msg);
+ goto exit2;
+ } else {
+ LOGP(DNAT, LOGL_ERROR, "Not forwarding unknown stream id: 0x%x\n", parsed->ipa_proto);
+ goto exit2;
+ }
+
+ if (con_found && con_bsc != bsc) {
+ LOGP(DNAT, LOGL_ERROR, "The connection belongs to a different BTS: input: %d con: %d\n",
+ bsc->cfg->nr, con_bsc->cfg->nr);
+ goto exit2;
+ }
+
+ /* do not forward messages to the MSC */
+ if (con_filter)
+ goto exit2;
+
+ /* send the non-filtered but maybe modified msg */
+ queue_for_msc(nat->msc_con, msg);
+ talloc_free(parsed);
+ return 0;
+
+exit:
+ /* if we filter out the reset send an ack to the BSC */
+ if (parsed->bssap == 0 && parsed->gsm_type == BSS_MAP_MSG_RESET) {
+ send_reset_ack(bsc);
+ send_reset_ack(bsc);
+ } else if (parsed->ipa_proto == IPAC_PROTO_IPACCESS) {
+ /* do we know who is handling this? */
+ if (msg->l2h[0] == IPAC_MSGT_ID_RESP) {
+ struct tlv_parsed tvp;
+ ipaccess_idtag_parse(&tvp,
+ (unsigned char *) msg->l2h + 2,
+ msgb_l2len(msg) - 2);
+ if (TLVP_PRESENT(&tvp, IPAC_IDTAG_UNITNAME))
+ ipaccess_auth_bsc(&tvp, bsc);
+ }
+
+ goto exit2;
+ }
+
+exit2:
+ talloc_free(parsed);
+ msgb_free(msg);
+ return -1;
+
+exit3:
+ /* send a SCCP Connection Refused */
+ bsc_send_con_refuse(bsc, parsed, con_type);
+ talloc_free(parsed);
+ msgb_free(msg);
+ return -1;
+}
+
+static int ipaccess_bsc_read_cb(struct bsc_fd *bfd)
+{
+ int error;
+ struct bsc_connection *bsc = bfd->data;
+ struct msgb *msg = ipaccess_read_msg(bfd, &error);
+ struct ipaccess_head *hh;
+
+ if (!msg) {
+ if (error == 0)
+ LOGP(DNAT, LOGL_ERROR,
+ "The connection to the BSC Nr: %d was lost. Cleaning it\n",
+ bsc->cfg ? bsc->cfg->nr : -1);
+ else
+ LOGP(DNAT, LOGL_ERROR,
+ "Stream error on BSC Nr: %d. Failed to parse ip access message: %d\n",
+ bsc->cfg ? bsc->cfg->nr : -1, error);
+
+ bsc_close_connection(bsc);
+ return -1;
+ }
+
+
+ LOGP(DNAT, LOGL_DEBUG, "MSG from BSC: %s proto: %d\n", hexdump(msg->data, msg->len), msg->l2h[0]);
+
+ /* Handle messages from the BSC */
+ hh = (struct ipaccess_head *) msg->data;
+
+ /* stop the pong timeout */
+ if (hh->proto == IPAC_PROTO_IPACCESS) {
+ if (msg->l2h[0] == IPAC_MSGT_PONG) {
+ bsc_del_timer(&bsc->pong_timeout);
+ msgb_free(msg);
+ return 0;
+ } else if (msg->l2h[0] == IPAC_MSGT_PING) {
+ send_pong(bsc);
+ msgb_free(msg);
+ return 0;
+ }
+ }
+
+ /* FIXME: Currently no PONG is sent to the BSC */
+ /* FIXME: Currently no ID ACK is sent to the BSC */
+ forward_sccp_to_msc(bsc, msg);
+
+ return 0;
+}
+
+static int ipaccess_bsc_write_cb(struct bsc_fd *bfd, struct msgb *msg)
+{
+ int rc;
+
+ rc = write(bfd->fd, msg->data, msg->len);
+ if (rc != msg->len)
+ LOGP(DNAT, LOGL_ERROR, "Failed to write message to the BSC.\n");
+
+ return rc;
+}
+
+static int ipaccess_listen_bsc_cb(struct bsc_fd *bfd, unsigned int what)
+{
+ struct bsc_connection *bsc;
+ int fd, rc, on;
+ struct sockaddr_in sa;
+ socklen_t sa_len = sizeof(sa);
+
+ if (!(what & BSC_FD_READ))
+ return 0;
+
+ fd = accept(bfd->fd, (struct sockaddr *) &sa, &sa_len);
+ if (fd < 0) {
+ perror("accept");
+ return fd;
+ }
+
+ /* count the reconnect */
+ counter_inc(nat->stats.bsc.reconn);
+
+ /*
+ * if we are not connected to a msc... just close the socket
+ */
+ if (!nat->msc_con->is_connected) {
+ LOGP(DNAT, LOGL_NOTICE, "Disconnecting BSC due lack of MSC connection.\n");
+ close(fd);
+ return 0;
+ }
+
+ on = 1;
+ rc = setsockopt(fd, IPPROTO_TCP, TCP_NODELAY, &on, sizeof(on));
+ if (rc != 0)
+ LOGP(DNAT, LOGL_ERROR, "Failed to set TCP_NODELAY: %s\n", strerror(errno));
+
+ rc = setsockopt(fd, IPPROTO_IP, IP_TOS,
+ &nat->bsc_ip_tos, sizeof(nat->bsc_ip_tos));
+ if (rc != 0)
+ LOGP(DNAT, LOGL_ERROR, "Failed to set IP_TOS: %s\n", strerror(errno));
+
+ /* todo... do something with the connection */
+ /* todo... use GNUtls to see if we want to trust this as a BTS */
+
+ /*
+ *
+ */
+ bsc = bsc_connection_alloc(nat);
+ if (!bsc) {
+ LOGP(DNAT, LOGL_ERROR, "Failed to allocate BSC struct.\n");
+ close(fd);
+ return -1;
+ }
+
+ bsc->write_queue.bfd.data = bsc;
+ bsc->write_queue.bfd.fd = fd;
+ bsc->write_queue.read_cb = ipaccess_bsc_read_cb;
+ bsc->write_queue.write_cb = ipaccess_bsc_write_cb;
+ bsc->write_queue.bfd.when = BSC_FD_READ;
+ if (bsc_register_fd(&bsc->write_queue.bfd) < 0) {
+ LOGP(DNAT, LOGL_ERROR, "Failed to register BSC fd.\n");
+ close(fd);
+ talloc_free(bsc);
+ return -2;
+ }
+
+ LOGP(DNAT, LOGL_NOTICE, "BSC connection on %d with IP: %s\n",
+ fd, inet_ntoa(sa.sin_addr));
+ llist_add(&bsc->list_entry, &nat->bsc_connections);
+ send_id_ack(bsc);
+ send_id_req(bsc);
+ send_mgcp_reset(bsc);
+
+ /*
+ * start the hangup timer
+ */
+ bsc->id_timeout.data = bsc;
+ bsc->id_timeout.cb = ipaccess_close_bsc;
+ bsc_schedule_timer(&bsc->id_timeout, nat->auth_timeout, 0);
+ return 0;
+}
+
+static int listen_for_bsc(struct bsc_fd *bfd, struct in_addr *in_addr, int port)
+{
+ struct sockaddr_in addr;
+ int ret, on = 1;
+
+ bfd->fd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
+ bfd->cb = ipaccess_listen_bsc_cb;
+ bfd->when = BSC_FD_READ;
+
+ memset(&addr, 0, sizeof(addr));
+ addr.sin_family = AF_INET;
+ addr.sin_port = htons(port);
+ addr.sin_addr.s_addr = in_addr->s_addr;
+
+ setsockopt(bfd->fd, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on));
+
+ ret = bind(bfd->fd, (struct sockaddr *) &addr, sizeof(addr));
+ if (ret < 0) {
+ fprintf(stderr, "Could not bind the BSC socket %s\n",
+ strerror(errno));
+ return -EIO;
+ }
+
+ ret = listen(bfd->fd, 1);
+ if (ret < 0) {
+ perror("listen");
+ return ret;
+ }
+
+ ret = bsc_register_fd(bfd);
+ if (ret < 0) {
+ perror("register_listen_fd");
+ return ret;
+ }
+ return 0;
+}
+
+static void print_usage()
+{
+ printf("Usage: bsc_nat\n");
+}
+
+static void print_help()
+{
+ printf(" Some useful help...\n");
+ printf(" -h --help this text\n");
+ printf(" -d option --debug=DRLL:DCC:DMM:DRR:DRSL:DNM enable debugging\n");
+ printf(" -s --disable-color\n");
+ printf(" -c --config-file filename The config file to use.\n");
+ printf(" -m --msc=IP. The address of the MSC.\n");
+ printf(" -l --local=IP. The local address of this BSC.\n");
+}
+
+static void handle_options(int argc, char** argv)
+{
+ while (1) {
+ int option_index = 0, c;
+ static struct option long_options[] = {
+ {"help", 0, 0, 'h'},
+ {"debug", 1, 0, 'd'},
+ {"config-file", 1, 0, 'c'},
+ {"disable-color", 0, 0, 's'},
+ {"timestamp", 0, 0, 'T'},
+ {"msc", 1, 0, 'm'},
+ {"local", 1, 0, 'l'},
+ {0, 0, 0, 0}
+ };
+
+ c = getopt_long(argc, argv, "hd:sTPc:m:l:",
+ long_options, &option_index);
+ if (c == -1)
+ break;
+
+ switch (c) {
+ case 'h':
+ print_usage();
+ print_help();
+ exit(0);
+ case 's':
+ log_set_use_color(stderr_target, 0);
+ break;
+ case 'd':
+ log_parse_category_mask(stderr_target, optarg);
+ break;
+ case 'c':
+ config_file = strdup(optarg);
+ break;
+ case 'T':
+ log_set_print_timestamp(stderr_target, 1);
+ break;
+ case 'm':
+ msc_ip = optarg;
+ break;
+ case 'l':
+ inet_aton(optarg, &local_addr);
+ break;
+ default:
+ /* ignore */
+ break;
+ }
+ }
+}
+
+static void signal_handler(int signal)
+{
+ switch (signal) {
+ case SIGABRT:
+ /* in case of abort, we want to obtain a talloc report
+ * and then return to the caller, who will abort the process */
+ case SIGUSR1:
+ talloc_report_full(tall_bsc_ctx, stderr);
+ break;
+ default:
+ break;
+ }
+}
+
+static void sccp_close_unconfirmed(void *_data)
+{
+ struct sccp_connections *conn, *tmp1;
+ struct timespec now;
+ clock_gettime(CLOCK_MONOTONIC, &now);
+
+ llist_for_each_entry_safe(conn, tmp1, &nat->sccp_connections, list_entry) {
+ if (conn->has_remote_ref)
+ continue;
+
+ int diff = (now.tv_sec - conn->creation_time.tv_sec) / 60;
+ if (diff < SCCP_CLOSE_TIME_TIMEOUT)
+ continue;
+
+ LOGP(DNAT, LOGL_ERROR, "SCCP connection 0x%x/0x%x was never confirmed.\n",
+ sccp_src_ref_to_int(&conn->real_ref),
+ sccp_src_ref_to_int(&conn->patched_ref));
+ sccp_connection_destroy(conn);
+ }
+
+ bsc_schedule_timer(&sccp_close, SCCP_CLOSE_TIME, 0);
+}
+
+extern void *tall_msgb_ctx;
+extern void *tall_ctr_ctx;
+static void talloc_init_ctx()
+{
+ tall_bsc_ctx = talloc_named_const(NULL, 0, "nat");
+ tall_msgb_ctx = talloc_named_const(tall_bsc_ctx, 0, "msgb");
+ tall_ctr_ctx = talloc_named_const(tall_bsc_ctx, 0, "counter");
+}
+
+extern enum node_type bsc_vty_go_parent(struct vty *vty);
+
+static struct vty_app_info vty_info = {
+ .name = "BSC NAT",
+ .version = PACKAGE_VERSION,
+ .go_parent_cb = bsc_vty_go_parent,
+};
+
+int main(int argc, char** argv)
+{
+ talloc_init_ctx();
+
+
+ log_init(&log_info);
+ stderr_target = log_target_create_stderr();
+ log_add_target(stderr_target);
+ log_set_all_filter(stderr_target, 1);
+
+ nat = bsc_nat_alloc();
+ if (!nat) {
+ fprintf(stderr, "Failed to allocate the BSC nat.\n");
+ return -4;
+ }
+
+ nat->mgcp_cfg = talloc_zero(nat, struct mgcp_config);
+ if (!nat->mgcp_cfg) {
+ fprintf(stderr, "Failed to allocate MGCP cfg.\n");
+ return -5;
+ }
+
+ vty_info.copyright = openbsc_copyright;
+ vty_init(&vty_info);
+ logging_vty_add_cmds();
+ bsc_nat_vty_init(nat);
+
+
+ /* parse options */
+ local_addr.s_addr = INADDR_ANY;
+ handle_options(argc, argv);
+
+ /* init vty and parse */
+ telnet_init(tall_bsc_ctx, NULL, 4244);
+ if (mgcp_parse_config(config_file, nat->mgcp_cfg) < 0) {
+ fprintf(stderr, "Failed to parse the config file: '%s'\n", config_file);
+ return -3;
+ }
+
+ /* over rule the VTY config */
+ if (msc_ip)
+ bsc_nat_set_msc_ip(nat, msc_ip);
+
+ /* seed the PRNG */
+ srand(time(NULL));
+
+ /*
+ * Setup the MGCP code..
+ */
+ if (bsc_mgcp_nat_init(nat) != 0)
+ return -4;
+
+ /* connect to the MSC */
+ nat->msc_con = bsc_msc_create(nat->msc_ip, nat->msc_port, 0);
+ if (!nat->msc_con) {
+ fprintf(stderr, "Creating a bsc_msc_connection failed.\n");
+ exit(1);
+ }
+
+ nat->msc_con->connection_loss = msc_connection_was_lost;
+ nat->msc_con->write_queue.read_cb = ipaccess_msc_read_cb;
+ nat->msc_con->write_queue.write_cb = ipaccess_msc_write_cb;;
+ bsc_msc_connect(nat->msc_con);
+
+ /* wait for the BSC */
+ if (listen_for_bsc(&bsc_listen, &local_addr, 5000) < 0) {
+ fprintf(stderr, "Failed to listen for BSC.\n");
+ exit(1);
+ }
+
+ signal(SIGABRT, &signal_handler);
+ signal(SIGUSR1, &signal_handler);
+ signal(SIGPIPE, SIG_IGN);
+
+ /* recycle timer */
+ sccp_close.cb = sccp_close_unconfirmed;
+ sccp_close.data = NULL;
+ bsc_schedule_timer(&sccp_close, SCCP_CLOSE_TIME, 0);
+
+ while (1) {
+ bsc_select_main(0);
+ }
+
+ return 0;
+}
diff --git a/openbsc/src/nat/bsc_nat_utils.c b/openbsc/src/nat/bsc_nat_utils.c
new file mode 100644
index 0000000..eed7f3a
--- /dev/null
+++ b/openbsc/src/nat/bsc_nat_utils.c
@@ -0,0 +1,492 @@
+
+/* BSC Multiplexer/NAT Utilities */
+
+/*
+ * (C) 2010 by Holger Hans Peter Freyther <zecke@selfish.org>
+ * (C) 2010 by On-Waves
+ * All Rights Reserved
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ */
+
+#include <openbsc/bsc_nat.h>
+#include <openbsc/gsm_data.h>
+#include <openbsc/debug.h>
+#include <openbsc/ipaccess.h>
+
+#include <osmocore/linuxlist.h>
+#include <osmocore/talloc.h>
+#include <osmocore/gsm0808.h>
+
+#include <osmocore/protocol/gsm_08_08.h>
+
+#include <sccp/sccp.h>
+
+#include <netinet/in.h>
+#include <arpa/inet.h>
+
+struct bsc_nat *bsc_nat_alloc(void)
+{
+ struct bsc_nat *nat = talloc_zero(tall_bsc_ctx, struct bsc_nat);
+ if (!nat)
+ return NULL;
+
+ INIT_LLIST_HEAD(&nat->sccp_connections);
+ INIT_LLIST_HEAD(&nat->bsc_connections);
+ INIT_LLIST_HEAD(&nat->bsc_configs);
+ INIT_LLIST_HEAD(&nat->access_lists);
+
+ nat->stats.sccp.conn = counter_alloc("nat.sccp.conn");
+ nat->stats.sccp.calls = counter_alloc("nat.sccp.calls");
+ nat->stats.bsc.reconn = counter_alloc("nat.bsc.conn");
+ nat->stats.bsc.auth_fail = counter_alloc("nat.bsc.auth_fail");
+ nat->stats.msc.reconn = counter_alloc("nat.msc.conn");
+ nat->msc_ip = talloc_strdup(nat, "127.0.0.1");
+ nat->msc_port = 5000;
+ nat->auth_timeout = 2;
+ nat->ping_timeout = 20;
+ nat->pong_timeout = 5;
+ return nat;
+}
+
+void bsc_nat_set_msc_ip(struct bsc_nat *nat, const char *ip)
+{
+ if (nat->msc_ip)
+ talloc_free(nat->msc_ip);
+ nat->msc_ip = talloc_strdup(nat, ip);
+}
+
+struct bsc_connection *bsc_connection_alloc(struct bsc_nat *nat)
+{
+ struct bsc_connection *con = talloc_zero(nat, struct bsc_connection);
+ if (!con)
+ return NULL;
+
+ con->nat = nat;
+ write_queue_init(&con->write_queue, 100);
+ return con;
+}
+
+struct bsc_config *bsc_config_alloc(struct bsc_nat *nat, const char *token, unsigned int lac)
+{
+ struct bsc_config *conf = talloc_zero(nat, struct bsc_config);
+ if (!conf)
+ return NULL;
+
+ conf->token = talloc_strdup(conf, token);
+ conf->lac = lac;
+ conf->nr = nat->num_bsc;
+ conf->nat = nat;
+
+ llist_add_tail(&conf->entry, &nat->bsc_configs);
+ ++nat->num_bsc;
+
+ conf->stats.sccp.conn = counter_alloc("nat.bsc.sccp.conn");
+ conf->stats.sccp.calls = counter_alloc("nat.bsc.sccp.calls");
+ conf->stats.net.reconn = counter_alloc("nat.bsc.net.reconnects");
+
+ return conf;
+}
+
+void sccp_connection_destroy(struct sccp_connections *conn)
+{
+ LOGP(DNAT, LOGL_DEBUG, "Destroy 0x%x <-> 0x%x mapping for con %p\n",
+ sccp_src_ref_to_int(&conn->real_ref),
+ sccp_src_ref_to_int(&conn->patched_ref), conn->bsc);
+ bsc_mgcp_dlcx(conn);
+ llist_del(&conn->list_entry);
+ talloc_free(conn);
+}
+
+struct bsc_connection *bsc_nat_find_bsc(struct bsc_nat *nat, struct msgb *msg, int *lac_out)
+{
+ struct bsc_connection *bsc;
+ int data_length;
+ const u_int8_t *data;
+ struct tlv_parsed tp;
+ int i = 0;
+
+ *lac_out = -1;
+
+ if (!msg->l3h || msgb_l3len(msg) < 3) {
+ LOGP(DNAT, LOGL_ERROR, "Paging message is too short.\n");
+ return NULL;
+ }
+
+ tlv_parse(&tp, gsm0808_att_tlvdef(), msg->l3h + 3, msgb_l3len(msg) - 3, 0, 0);
+ if (!TLVP_PRESENT(&tp, GSM0808_IE_CELL_IDENTIFIER_LIST)) {
+ LOGP(DNAT, LOGL_ERROR, "No CellIdentifier List inside paging msg.\n");
+ return NULL;
+ }
+
+ data_length = TLVP_LEN(&tp, GSM0808_IE_CELL_IDENTIFIER_LIST);
+ data = TLVP_VAL(&tp, GSM0808_IE_CELL_IDENTIFIER_LIST);
+
+ /* No need to try a different BSS */
+ if (data[0] == CELL_IDENT_BSS) {
+ return NULL;
+ } else if (data[0] != CELL_IDENT_LAC) {
+ LOGP(DNAT, LOGL_ERROR, "Unhandled cell ident discrminator: %d\n", data[0]);
+ return NULL;
+ }
+
+ /* Currently we only handle one BSC */
+ for (i = 1; i < data_length - 1; i += 2) {
+ unsigned int _lac = ntohs(*(unsigned int *) &data[i]);
+ *lac_out = _lac;
+ llist_for_each_entry(bsc, &nat->bsc_connections, list_entry) {
+ if (!bsc->cfg)
+ continue;
+ if (!bsc->authenticated || _lac != bsc->cfg->lac)
+ continue;
+
+ return bsc;
+ }
+ }
+
+ return NULL;
+}
+
+int bsc_write_mgcp(struct bsc_connection *bsc, const u_int8_t *data, unsigned int length)
+{
+ struct msgb *msg;
+
+ if (length > 4096 - 128) {
+ LOGP(DINP, LOGL_ERROR, "Can not send message of that size.\n");
+ return -1;
+ }
+
+ msg = msgb_alloc_headroom(4096, 128, "to-bsc");
+ if (!msg) {
+ LOGP(DINP, LOGL_ERROR, "Failed to allocate memory for BSC msg.\n");
+ return -1;
+ }
+
+ /* copy the data */
+ msg->l3h = msgb_put(msg, length);
+ memcpy(msg->l3h, data, length);
+
+ return bsc_write(bsc, msg, NAT_IPAC_PROTO_MGCP);
+}
+
+int bsc_write(struct bsc_connection *bsc, struct msgb *msg, int proto)
+{
+ /* prepend the header */
+ ipaccess_prepend_header(msg, proto);
+
+ if (write_queue_enqueue(&bsc->write_queue, msg) != 0) {
+ LOGP(DINP, LOGL_ERROR, "Failed to enqueue the write.\n");
+ msgb_free(msg);
+ return -1;
+ }
+
+ return 0;
+}
+
+static int lst_check_allow(struct bsc_nat_acc_lst *lst, const char *mi_string)
+{
+ struct bsc_nat_acc_lst_entry *entry;
+
+ llist_for_each_entry(entry, &lst->fltr_list, list) {
+ if (!entry->imsi_allow)
+ continue;
+ if (regexec(&entry->imsi_allow_re, mi_string, 0, NULL, 0) == 0)
+ return 0;
+ }
+
+ return 1;
+}
+
+static int lst_check_deny(struct bsc_nat_acc_lst *lst, const char *mi_string)
+{
+ struct bsc_nat_acc_lst_entry *entry;
+
+ llist_for_each_entry(entry, &lst->fltr_list, list) {
+ if (!entry->imsi_deny)
+ continue;
+ if (regexec(&entry->imsi_deny_re, mi_string, 0, NULL, 0) == 0)
+ return 0;
+ }
+
+ return 1;
+}
+
+/* apply white/black list */
+static int auth_imsi(struct bsc_connection *bsc, const char *mi_string)
+{
+ /*
+ * Now apply blacklist/whitelist of the BSC and the NAT.
+ * 1.) Reject if the IMSI is not allowed at the BSC
+ * 2.) Allow directly if the IMSI is allowed at the BSC
+ * 3.) Reject if the IMSI not allowed at the global level.
+ * 4.) Allow directly if the IMSI is allowed at the global level
+ */
+ struct bsc_nat_acc_lst *nat_lst = NULL;
+ struct bsc_nat_acc_lst *bsc_lst = NULL;
+
+ bsc_lst = bsc_nat_acc_lst_find(bsc->nat, bsc->cfg->acc_lst_name);
+ nat_lst = bsc_nat_acc_lst_find(bsc->nat, bsc->nat->acc_lst_name);
+
+
+ if (bsc_lst) {
+ /* 1. BSC deny */
+ if (lst_check_deny(bsc_lst, mi_string) == 0) {
+ LOGP(DNAT, LOGL_ERROR,
+ "Filtering %s by imsi_deny on bsc nr: %d.\n", mi_string, bsc->cfg->nr);
+ return -2;
+ }
+
+ /* 2. BSC allow */
+ if (lst_check_allow(bsc_lst, mi_string) == 0)
+ return 0;
+ }
+
+ /* 3. NAT deny */
+ if (nat_lst) {
+ if (lst_check_deny(nat_lst, mi_string) == 0) {
+ LOGP(DNAT, LOGL_ERROR,
+ "Filtering %s by nat imsi_deny on bsc nr: %d.\n", mi_string, bsc->cfg->nr);
+ return -3;
+ }
+ }
+
+ return 0;
+}
+
+static int _cr_check_loc_upd(struct bsc_connection *bsc, uint8_t *data, unsigned int length)
+{
+ u_int8_t mi_type;
+ struct gsm48_loc_upd_req *lu;
+ char mi_string[GSM48_MI_SIZE];
+
+ if (length < sizeof(*lu)) {
+ LOGP(DNAT, LOGL_ERROR,
+ "LU does not fit. Length is %d \n", length);
+ return -1;
+ }
+
+ lu = (struct gsm48_loc_upd_req *) data;
+ mi_type = lu->mi[0] & GSM_MI_TYPE_MASK;
+
+ /*
+ * We can only deal with the IMSI. This will fail for a phone that
+ * will send the TMSI of a previous network to us.
+ */
+ if (mi_type != GSM_MI_TYPE_IMSI)
+ return 0;
+
+ gsm48_mi_to_string(mi_string, sizeof(mi_string), lu->mi, lu->mi_len);
+ return auth_imsi(bsc, mi_string);
+}
+
+static int _cr_check_cm_serv_req(struct bsc_connection *bsc, uint8_t *data, unsigned int length)
+{
+ static const uint32_t classmark_offset =
+ offsetof(struct gsm48_service_request, classmark);
+
+ char mi_string[GSM48_MI_SIZE];
+ uint8_t mi_type;
+ int rc;
+ struct gsm48_service_request *req;
+
+ /* unfortunately in Phase1 the classmark2 length is variable */
+
+ if (length < sizeof(*req)) {
+ LOGP(DNAT, LOGL_ERROR,
+ "CM Serv Req does not fit. Length is %d\n", length);
+ return -1;
+ }
+
+ req = (struct gsm48_service_request *) data;
+ rc = gsm48_extract_mi((uint8_t *) &req->classmark,
+ length - classmark_offset, mi_string, &mi_type);
+ if (rc < 0) {
+ LOGP(DNAT, LOGL_ERROR, "Failed to parse the classmark2/mi. error: %d\n", rc);
+ return -1;
+ }
+
+ /* we have to let the TMSI or such pass */
+ if (mi_type != GSM_MI_TYPE_IMSI)
+ return 0;
+
+ return auth_imsi(bsc, mi_string);
+}
+
+static int _cr_check_pag_resp(struct bsc_connection *bsc, uint8_t *data, unsigned int length)
+{
+ struct gsm48_pag_resp *resp;
+ char mi_string[GSM48_MI_SIZE];
+ u_int8_t mi_type;
+
+ if (length < sizeof(*resp)) {
+ LOGP(DNAT, LOGL_ERROR, "PAG RESP does not fit. Length was %d.\n", length);
+ return -1;
+ }
+
+ resp = (struct gsm48_pag_resp *) data;
+ if (gsm48_paging_extract_mi(resp, length, mi_string, &mi_type) < 0) {
+ LOGP(DNAT, LOGL_ERROR, "Failed to extract the MI.\n");
+ return -1;
+ }
+
+ /* we need to let it pass for now */
+ if (mi_type != GSM_MI_TYPE_IMSI)
+ return 0;
+
+ return auth_imsi(bsc, mi_string);
+}
+
+/* Filter out CR data... */
+int bsc_nat_filter_sccp_cr(struct bsc_connection *bsc, struct msgb *msg, struct bsc_nat_parsed *parsed, int *con_type)
+{
+ struct tlv_parsed tp;
+ struct gsm48_hdr *hdr48;
+ int hdr48_len;
+ int len;
+
+ *con_type = NAT_CON_TYPE_NONE;
+
+ if (parsed->gsm_type != BSS_MAP_MSG_COMPLETE_LAYER_3) {
+ LOGP(DNAT, LOGL_ERROR,
+ "Rejecting CR message due wrong GSM Type %d\n", parsed->gsm_type);
+ return -1;
+ }
+
+ /* the parsed has had some basic l3 length check */
+ len = msg->l3h[1];
+ if (msgb_l3len(msg) - 3 < len) {
+ LOGP(DNAT, LOGL_ERROR,
+ "The CR Data has not enough space...\n");
+ return -1;
+ }
+
+ msg->l4h = &msg->l3h[3];
+ len -= 1;
+
+ tlv_parse(&tp, gsm0808_att_tlvdef(), msg->l4h, len, 0, 0);
+
+ if (!TLVP_PRESENT(&tp, GSM0808_IE_LAYER_3_INFORMATION)) {
+ LOGP(DNAT, LOGL_ERROR, "CR Data does not contain layer3 information.\n");
+ return -1;
+ }
+
+ hdr48_len = TLVP_LEN(&tp, GSM0808_IE_LAYER_3_INFORMATION);
+
+ if (hdr48_len < sizeof(*hdr48)) {
+ LOGP(DNAT, LOGL_ERROR, "GSM48 header does not fit.\n");
+ return -1;
+ }
+
+ hdr48 = (struct gsm48_hdr *) TLVP_VAL(&tp, GSM0808_IE_LAYER_3_INFORMATION);
+
+ if (hdr48->proto_discr == GSM48_PDISC_MM &&
+ hdr48->msg_type == GSM48_MT_MM_LOC_UPD_REQUEST) {
+ *con_type = NAT_CON_TYPE_LU;
+ return _cr_check_loc_upd(bsc, &hdr48->data[0], hdr48_len - sizeof(*hdr48));
+ } else if (hdr48->proto_discr == GSM48_PDISC_MM &&
+ hdr48->msg_type == GSM48_MT_MM_CM_SERV_REQ) {
+ *con_type = NAT_CON_TYPE_CM_SERV_REQ;
+ return _cr_check_cm_serv_req(bsc, &hdr48->data[0], hdr48_len - sizeof(*hdr48));
+ } else if (hdr48->proto_discr == GSM48_PDISC_RR &&
+ hdr48->msg_type == GSM48_MT_RR_PAG_RESP) {
+ *con_type = NAT_CON_TYPE_PAG_RESP;
+ return _cr_check_pag_resp(bsc, &hdr48->data[0], hdr48_len - sizeof(*hdr48));
+ } else {
+ /* We only want to filter the above, let other things pass */
+ *con_type = NAT_CON_TYPE_OTHER;
+ return 0;
+ }
+}
+
+void bsc_parse_reg(void *ctx, regex_t *reg, char **imsi, int argc, const char **argv)
+{
+ if (*imsi) {
+ talloc_free(*imsi);
+ *imsi = NULL;
+ }
+ regfree(reg);
+
+ if (argc > 0) {
+ *imsi = talloc_strdup(ctx, argv[0]);
+ regcomp(reg, argv[0], 0);
+ }
+}
+
+static const char *con_types [] = {
+ [NAT_CON_TYPE_NONE] = "n/a",
+ [NAT_CON_TYPE_LU] = "Location Update",
+ [NAT_CON_TYPE_CM_SERV_REQ] = "CM Serv Req",
+ [NAT_CON_TYPE_PAG_RESP] = "Paging Response",
+ [NAT_CON_TYPE_LOCAL_REJECT] = "Local Reject",
+ [NAT_CON_TYPE_OTHER] = "Other",
+};
+
+const char *bsc_con_type_to_string(int type)
+{
+ return con_types[type];
+}
+
+struct bsc_nat_acc_lst *bsc_nat_acc_lst_find(struct bsc_nat *nat, const char *name)
+{
+ struct bsc_nat_acc_lst *lst;
+
+ if (!name)
+ return NULL;
+
+ llist_for_each_entry(lst, &nat->access_lists, list)
+ if (strcmp(lst->name, name) == 0)
+ return lst;
+
+ return NULL;
+}
+
+struct bsc_nat_acc_lst *bsc_nat_acc_lst_get(struct bsc_nat *nat, const char *name)
+{
+ struct bsc_nat_acc_lst *lst;
+
+ lst = bsc_nat_acc_lst_find(nat, name);
+ if (lst)
+ return lst;
+
+ lst = talloc_zero(nat, struct bsc_nat_acc_lst);
+ if (!lst) {
+ LOGP(DNAT, LOGL_ERROR, "Failed to allocate access list");
+ return NULL;
+ }
+
+ INIT_LLIST_HEAD(&lst->fltr_list);
+ lst->name = talloc_strdup(lst, name);
+ llist_add_tail(&lst->list, &nat->access_lists);
+ return lst;
+}
+
+void bsc_nat_acc_lst_delete(struct bsc_nat_acc_lst *lst)
+{
+ llist_del(&lst->list);
+ talloc_free(lst);
+}
+
+struct bsc_nat_acc_lst_entry *bsc_nat_acc_lst_entry_create(struct bsc_nat_acc_lst *lst)
+{
+ struct bsc_nat_acc_lst_entry *entry;
+
+ entry = talloc_zero(lst, struct bsc_nat_acc_lst_entry);
+ if (!entry)
+ return NULL;
+
+ llist_add_tail(&entry->list, &lst->fltr_list);
+ return entry;
+}
\ No newline at end of file
diff --git a/openbsc/src/nat/bsc_nat_vty.c b/openbsc/src/nat/bsc_nat_vty.c
new file mode 100644
index 0000000..ea168a4
--- /dev/null
+++ b/openbsc/src/nat/bsc_nat_vty.c
@@ -0,0 +1,557 @@
+/* OpenBSC NAT interface to quagga VTY */
+/* (C) 2010 by Holger Hans Peter Freyther
+ * (C) 2010 by On-Waves
+ * All Rights Reserved
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ */
+
+#include <openbsc/vty.h>
+#include <openbsc/bsc_nat.h>
+#include <openbsc/bsc_msc.h>
+#include <openbsc/gsm_04_08.h>
+#include <openbsc/mgcp.h>
+#include <openbsc/vty.h>
+
+#include <osmocore/talloc.h>
+
+#include <sccp/sccp.h>
+
+#include <stdlib.h>
+
+static struct bsc_nat *_nat;
+
+static struct cmd_node nat_node = {
+ NAT_NODE,
+ "%s(nat)#",
+ 1,
+};
+
+static struct cmd_node bsc_node = {
+ BSC_NODE,
+ "%s(bsc)#",
+ 1,
+};
+
+static void write_acc_lst(struct vty *vty, struct bsc_nat_acc_lst *lst)
+{
+ struct bsc_nat_acc_lst_entry *entry;
+
+ llist_for_each_entry(entry, &lst->fltr_list, list) {
+ if (entry->imsi_allow)
+ vty_out(vty, " access-list %s imsi-allow %s%s",
+ lst->name, entry->imsi_allow, VTY_NEWLINE);
+ if (entry->imsi_deny)
+ vty_out(vty, " access-list %s imsi-deny %s%s",
+ lst->name, entry->imsi_deny, VTY_NEWLINE);
+ }
+}
+
+static int config_write_nat(struct vty *vty)
+{
+ struct bsc_nat_acc_lst *lst;
+
+ vty_out(vty, "nat%s", VTY_NEWLINE);
+ vty_out(vty, " msc ip %s%s", _nat->msc_ip, VTY_NEWLINE);
+ vty_out(vty, " msc port %d%s", _nat->msc_port, VTY_NEWLINE);
+ vty_out(vty, " timeout auth %d%s", _nat->auth_timeout, VTY_NEWLINE);
+ vty_out(vty, " timeout ping %d%s", _nat->ping_timeout, VTY_NEWLINE);
+ vty_out(vty, " timeout pong %d%s", _nat->pong_timeout, VTY_NEWLINE);
+ if (_nat->token)
+ vty_out(vty, " token %s%s", _nat->token, VTY_NEWLINE);
+ vty_out(vty, " ip-tos %d%s", _nat->bsc_ip_tos, VTY_NEWLINE);
+ if (_nat->acc_lst_name)
+ vty_out(vty, " access-list-name %s%s", _nat->acc_lst_name, VTY_NEWLINE);
+
+ llist_for_each_entry(lst, &_nat->access_lists, list) {
+ write_acc_lst(vty, lst);
+ }
+
+ return CMD_SUCCESS;
+}
+
+static void config_write_bsc_single(struct vty *vty, struct bsc_config *bsc)
+{
+ vty_out(vty, " bsc %u%s", bsc->nr, VTY_NEWLINE);
+ vty_out(vty, " token %s%s", bsc->token, VTY_NEWLINE);
+ vty_out(vty, " location_area_code %u%s", bsc->lac, VTY_NEWLINE);
+ vty_out(vty, " paging forbidden %d%s", bsc->forbid_paging, VTY_NEWLINE);
+ if (bsc->description)
+ vty_out(vty, " description %s%s", bsc->description, VTY_NEWLINE);
+ if (bsc->acc_lst_name)
+ vty_out(vty, " access-list-name %s%s", bsc->acc_lst_name, VTY_NEWLINE);
+}
+
+static int config_write_bsc(struct vty *vty)
+{
+ struct bsc_config *bsc;
+
+ llist_for_each_entry(bsc, &_nat->bsc_configs, entry)
+ config_write_bsc_single(vty, bsc);
+ return CMD_SUCCESS;
+}
+
+
+DEFUN(show_sccp, show_sccp_cmd, "show sccp connections",
+ SHOW_STR "Display information about current SCCP connections")
+{
+ struct sccp_connections *con;
+ vty_out(vty, "Listing all opening SCCP connections%s", VTY_NEWLINE);
+
+ llist_for_each_entry(con, &_nat->sccp_connections, list_entry) {
+ vty_out(vty, "For BSC Nr: %d lac: %d; BSC ref: 0x%x; MUX ref: 0x%x; Network has ref: %d ref: 0x%x MSC/BSC mux: 0x%x/0x%x type: %s%s",
+ con->bsc->cfg ? con->bsc->cfg->nr : -1,
+ con->bsc->cfg ? con->bsc->cfg->lac : -1,
+ sccp_src_ref_to_int(&con->real_ref),
+ sccp_src_ref_to_int(&con->patched_ref),
+ con->has_remote_ref,
+ sccp_src_ref_to_int(&con->remote_ref),
+ con->msc_timeslot, con->bsc_timeslot,
+ bsc_con_type_to_string(con->con_type),
+ VTY_NEWLINE);
+ }
+
+ return CMD_SUCCESS;
+}
+
+DEFUN(show_bsc, show_bsc_cmd, "show bsc connections",
+ SHOW_STR "Display information about current BSCs")
+{
+ struct bsc_connection *con;
+ struct sockaddr_in sock;
+ socklen_t len = sizeof(sock);
+
+ llist_for_each_entry(con, &_nat->bsc_connections, list_entry) {
+ getpeername(con->write_queue.bfd.fd, (struct sockaddr *) &sock, &len);
+ vty_out(vty, "BSC nr: %d lac: %d auth: %d fd: %d peername: %s%s",
+ con->cfg ? con->cfg->nr : -1,
+ con->cfg ? con->cfg->lac : -1,
+ con->authenticated, con->write_queue.bfd.fd,
+ inet_ntoa(sock.sin_addr), VTY_NEWLINE);
+ }
+
+ return CMD_SUCCESS;
+}
+
+DEFUN(show_bsc_cfg, show_bsc_cfg_cmd, "show bsc config",
+ SHOW_STR "Display information about known BSC configs")
+{
+ struct bsc_config *conf;
+ llist_for_each_entry(conf, &_nat->bsc_configs, entry) {
+ vty_out(vty, "BSC token: '%s' lac: %u nr: %u%s",
+ conf->token, conf->lac, conf->nr, VTY_NEWLINE);
+ if (conf->acc_lst_name)
+ vty_out(vty, " access-list: %s%s",
+ conf->acc_lst_name, VTY_NEWLINE);
+ vty_out(vty, " paging forbidden: %d%s",
+ conf->forbid_paging, VTY_NEWLINE);
+ if (conf->description)
+ vty_out(vty, " description: %s%s", conf->description, VTY_NEWLINE);
+ else
+ vty_out(vty, " No description.%s", VTY_NEWLINE);
+
+ }
+
+ return CMD_SUCCESS;
+}
+
+DEFUN(show_stats,
+ show_stats_cmd,
+ "show statistics [NR]",
+ SHOW_STR "Display network statistics")
+{
+ struct bsc_config *conf;
+
+ int nr = -1;
+
+ if (argc == 1)
+ nr = atoi(argv[0]);
+
+ vty_out(vty, "NAT statistics%s", VTY_NEWLINE);
+ vty_out(vty, " SCCP Connections %lu total, %lu calls%s",
+ counter_get(_nat->stats.sccp.conn),
+ counter_get(_nat->stats.sccp.calls), VTY_NEWLINE);
+ vty_out(vty, " MSC Connections %lu%s",
+ counter_get(_nat->stats.msc.reconn), VTY_NEWLINE);
+ vty_out(vty, " BSC Connections %lu total, %lu auth failed.%s",
+ counter_get(_nat->stats.bsc.reconn),
+ counter_get(_nat->stats.bsc.auth_fail), VTY_NEWLINE);
+
+ llist_for_each_entry(conf, &_nat->bsc_configs, entry) {
+ if (argc == 1 && nr != conf->nr)
+ continue;
+
+ vty_out(vty, " BSC lac: %d nr: %d%s",
+ conf->lac, conf->nr, VTY_NEWLINE);
+ vty_out(vty, " SCCP Connnections %lu total, %lu calls%s",
+ counter_get(conf->stats.sccp.conn),
+ counter_get(conf->stats.sccp.calls), VTY_NEWLINE);
+ vty_out(vty, " BSC Connections %lu total%s",
+ counter_get(conf->stats.net.reconn), VTY_NEWLINE);
+ }
+
+ return CMD_SUCCESS;
+}
+
+DEFUN(show_msc,
+ show_msc_cmd,
+ "show msc connection",
+ SHOW_STR "Show the status of the MSC connection.")
+{
+ if (!_nat->msc_con) {
+ vty_out(vty, "The MSC is not yet configured.\n");
+ return CMD_WARNING;
+ }
+
+ vty_out(vty, "MSC on %s:%d is connected: %d%s\n",
+ _nat->msc_con->ip, _nat->msc_con->port,
+ _nat->msc_con->is_connected, VTY_NEWLINE);
+ return CMD_SUCCESS;
+}
+
+DEFUN(close_bsc,
+ close_bsc_cmd,
+ "close bsc connection BSC_NR",
+ "Close the connection with the BSC identified by the config number.")
+{
+ struct bsc_connection *bsc;
+ int bsc_nr = atoi(argv[0]);
+
+ llist_for_each_entry(bsc, &_nat->bsc_connections, list_entry) {
+ if (!bsc->cfg || bsc->cfg->nr != bsc_nr)
+ continue;
+ bsc_close_connection(bsc);
+ break;
+ }
+
+ return CMD_SUCCESS;
+}
+
+DEFUN(cfg_nat, cfg_nat_cmd, "nat", "Configute the NAT")
+{
+ vty->index = _nat;
+ vty->node = NAT_NODE;
+
+ return CMD_SUCCESS;
+}
+
+DEFUN(cfg_nat_msc_ip,
+ cfg_nat_msc_ip_cmd,
+ "msc ip A.B.C.D",
+ "Set the IP address of the MSC.")
+{
+ bsc_nat_set_msc_ip(_nat, argv[0]);
+ return CMD_SUCCESS;
+}
+
+DEFUN(cfg_nat_msc_port,
+ cfg_nat_msc_port_cmd,
+ "msc port <1-65500>",
+ "Set the port of the MSC.")
+{
+ _nat->msc_port = atoi(argv[0]);
+ return CMD_SUCCESS;
+}
+
+DEFUN(cfg_nat_auth_time,
+ cfg_nat_auth_time_cmd,
+ "timeout auth <1-256>",
+ "The time to wait for an auth response.")
+{
+ _nat->auth_timeout = atoi(argv[0]);
+ return CMD_SUCCESS;
+}
+
+DEFUN(cfg_nat_ping_time,
+ cfg_nat_ping_time_cmd,
+ "timeout ping NR",
+ "Send a ping every NR seconds. Negative to disable.")
+{
+ _nat->ping_timeout = atoi(argv[0]);
+ return CMD_SUCCESS;
+}
+
+DEFUN(cfg_nat_pong_time,
+ cfg_nat_pong_time_cmd,
+ "timeout pong NR",
+ "Wait NR seconds for the PONG response. Should be smaller than ping.")
+{
+ _nat->pong_timeout = atoi(argv[0]);
+ return CMD_SUCCESS;
+}
+
+DEFUN(cfg_nat_token, cfg_nat_token_cmd,
+ "token TOKEN",
+ "Set a token for the NAT")
+{
+ if (_nat->token)
+ talloc_free(_nat->token);
+ _nat->token = talloc_strdup(_nat, argv[0]);
+ return CMD_SUCCESS;
+}
+
+DEFUN(cfg_nat_bsc_ip_tos, cfg_nat_bsc_ip_tos_cmd,
+ "ip-tos <0-255>",
+ "Set the IP_TOS for the BSCs to use\n" "Set the IP_TOS attribute")
+{
+ _nat->bsc_ip_tos = atoi(argv[0]);
+ return CMD_SUCCESS;
+}
+
+DEFUN(cfg_nat_acc_lst_name,
+ cfg_nat_acc_lst_name_cmd,
+ "access-list-name NAME",
+ "Set the name of the access list to use.\n"
+ "The name of the to be used access list.")
+{
+ if (_nat->acc_lst_name)
+ talloc_free(_nat->acc_lst_name);
+ _nat->acc_lst_name = talloc_strdup(_nat, argv[0]);
+ return CMD_SUCCESS;
+}
+
+/* per BSC configuration */
+DEFUN(cfg_bsc, cfg_bsc_cmd, "bsc BSC_NR", "Select a BSC to configure")
+{
+ int bsc_nr = atoi(argv[0]);
+ struct bsc_config *bsc;
+
+ if (bsc_nr > _nat->num_bsc) {
+ vty_out(vty, "%% The next unused BSC number is %u%s",
+ _nat->num_bsc, VTY_NEWLINE);
+ return CMD_WARNING;
+ } else if (bsc_nr == _nat->num_bsc) {
+ /* allocate a new one */
+ bsc = bsc_config_alloc(_nat, "unknown", 0);
+ } else
+ bsc = bsc_config_num(_nat, bsc_nr);
+
+ if (!bsc)
+ return CMD_WARNING;
+
+ vty->index = bsc;
+ vty->node = BSC_NODE;
+
+ return CMD_SUCCESS;
+}
+
+DEFUN(cfg_bsc_token, cfg_bsc_token_cmd, "token TOKEN", "Set the token")
+{
+ struct bsc_config *conf = vty->index;
+
+ if (conf->token)
+ talloc_free(conf->token);
+ conf->token = talloc_strdup(conf, argv[0]);
+ return CMD_SUCCESS;
+}
+
+DEFUN(cfg_bsc_lac, cfg_bsc_lac_cmd, "location_area_code <0-65535>",
+ "Set the Location Area Code (LAC) of this BSC")
+{
+ struct bsc_config *tmp;
+ struct bsc_config *conf = vty->index;
+
+ int lac = atoi(argv[0]);
+
+ if (lac == GSM_LAC_RESERVED_DETACHED || lac == GSM_LAC_RESERVED_ALL_BTS) {
+ vty_out(vty, "%% LAC %d is reserved by GSM 04.08%s",
+ lac, VTY_NEWLINE);
+ return CMD_WARNING;
+ }
+
+ /* verify that the LACs are unique */
+ llist_for_each_entry(tmp, &_nat->bsc_configs, entry) {
+ if (tmp->lac == lac) {
+ vty_out(vty, "%% LAC %d is already used.%s", lac, VTY_NEWLINE);
+ return CMD_ERR_INCOMPLETE;
+ }
+ }
+
+ conf->lac = lac;
+
+ return CMD_SUCCESS;
+}
+
+DEFUN(cfg_lst_imsi_allow,
+ cfg_lst_imsi_allow_cmd,
+ "access-list NAME imsi-allow [REGEXP]",
+ "Allow IMSIs matching the REGEXP\n"
+ "The name of the access-list\n"
+ "The regexp of allowed IMSIs\n")
+{
+ struct bsc_nat_acc_lst *acc;
+ struct bsc_nat_acc_lst_entry *entry;
+
+ acc = bsc_nat_acc_lst_get(_nat, argv[0]);
+ if (!acc)
+ return CMD_WARNING;
+
+ entry = bsc_nat_acc_lst_entry_create(acc);
+ if (!entry)
+ return CMD_WARNING;
+
+ bsc_parse_reg(acc, &entry->imsi_allow_re, &entry->imsi_allow, argc - 1, &argv[1]);
+ return CMD_SUCCESS;
+}
+
+DEFUN(cfg_lst_imsi_deny,
+ cfg_lst_imsi_deny_cmd,
+ "access-list NAME imsi-deny [REGEXP]",
+ "Allow IMSIs matching the REGEXP\n"
+ "The name of the access-list\n"
+ "The regexp of to be denied IMSIs\n")
+{
+ struct bsc_nat_acc_lst *acc;
+ struct bsc_nat_acc_lst_entry *entry;
+
+ acc = bsc_nat_acc_lst_get(_nat, argv[0]);
+ if (!acc)
+ return CMD_WARNING;
+
+ entry = bsc_nat_acc_lst_entry_create(acc);
+ if (!entry)
+ return CMD_WARNING;
+
+ bsc_parse_reg(acc, &entry->imsi_deny_re, &entry->imsi_deny, argc - 1, &argv[1]);
+ return CMD_SUCCESS;
+}
+
+/* naming to follow Zebra... */
+DEFUN(cfg_lst_no,
+ cfg_lst_no_cmd,
+ "no access-list NAME",
+ NO_STR "Remove an access-list by name\n"
+ "The access-list to remove\n")
+{
+ struct bsc_nat_acc_lst *acc;
+ acc = bsc_nat_acc_lst_find(_nat, argv[0]);
+ if (!acc)
+ return CMD_WARNING;
+
+ bsc_nat_acc_lst_delete(acc);
+ return CMD_SUCCESS;
+}
+
+DEFUN(cfg_bsc_acc_lst_name,
+ cfg_bsc_acc_lst_name_cmd,
+ "access-list-name NAME",
+ "Set the name of the access list to use.\n"
+ "The name of the to be used access list.")
+{
+ struct bsc_config *conf = vty->index;
+
+ if (conf->acc_lst_name)
+ talloc_free(conf->acc_lst_name);
+ conf->acc_lst_name = talloc_strdup(conf, argv[0]);
+ return CMD_SUCCESS;
+}
+
+DEFUN(cfg_bsc_paging,
+ cfg_bsc_paging_cmd,
+ "paging forbidden (0|1)",
+ "Forbid sending PAGING REQUESTS to the BSC.")
+{
+ struct bsc_config *conf = vty->index;
+
+ if (strcmp("1", argv[0]) == 0)
+ conf->forbid_paging = 1;
+ else
+ conf->forbid_paging = 0;
+
+ return CMD_SUCCESS;
+}
+
+DEFUN(cfg_bsc_desc,
+ cfg_bsc_desc_cmd,
+ "description DESC",
+ "Provide a description for the given BSC.")
+{
+ struct bsc_config *conf = vty->index;
+
+ if (conf->description)
+ talloc_free(conf->description);
+ conf->description = talloc_strdup(conf, argv[0]);
+ return CMD_SUCCESS;
+}
+
+DEFUN(test_regex, test_regex_cmd,
+ "test regex PATTERN STRING",
+ "Check if the string is matching the current pattern.")
+{
+ regex_t reg;
+ char *str = NULL;
+
+ memset(®, 0, sizeof(reg));
+ bsc_parse_reg(_nat, ®, &str, 1, argv);
+
+ vty_out(vty, "String matches allow pattern: %d%s",
+ regexec(®, argv[1], 0, NULL, 0) == 0, VTY_NEWLINE);
+
+ talloc_free(str);
+ regfree(®);
+ return CMD_SUCCESS;
+}
+
+int bsc_nat_vty_init(struct bsc_nat *nat)
+{
+ _nat = nat;
+
+ /* show commands */
+ install_element_ve(&show_sccp_cmd);
+ install_element_ve(&show_bsc_cmd);
+ install_element_ve(&show_bsc_cfg_cmd);
+ install_element_ve(&show_stats_cmd);
+ install_element_ve(&close_bsc_cmd);
+ install_element_ve(&show_msc_cmd);
+ install_element_ve(&test_regex_cmd);
+
+ /* nat group */
+ install_element(CONFIG_NODE, &cfg_nat_cmd);
+ install_node(&nat_node, config_write_nat);
+ install_default(NAT_NODE);
+ install_element(NAT_NODE, &cfg_nat_msc_ip_cmd);
+ install_element(NAT_NODE, &cfg_nat_msc_port_cmd);
+ install_element(NAT_NODE, &cfg_nat_auth_time_cmd);
+ install_element(NAT_NODE, &cfg_nat_ping_time_cmd);
+ install_element(NAT_NODE, &cfg_nat_pong_time_cmd);
+ install_element(NAT_NODE, &cfg_nat_token_cmd);
+ install_element(NAT_NODE, &cfg_nat_bsc_ip_tos_cmd);
+ install_element(NAT_NODE, &cfg_nat_acc_lst_name_cmd);
+
+ /* access-list */
+ install_element(NAT_NODE, &cfg_lst_imsi_allow_cmd);
+ install_element(NAT_NODE, &cfg_lst_imsi_deny_cmd);
+ install_element(NAT_NODE, &cfg_lst_no_cmd);
+
+ /* BSC subgroups */
+ install_element(NAT_NODE, &cfg_bsc_cmd);
+ install_node(&bsc_node, config_write_bsc);
+ install_default(BSC_NODE);
+ install_element(BSC_NODE, &cfg_bsc_token_cmd);
+ install_element(BSC_NODE, &cfg_bsc_lac_cmd);
+ install_element(BSC_NODE, &cfg_bsc_paging_cmd);
+ install_element(BSC_NODE, &cfg_bsc_desc_cmd);
+ install_element(BSC_NODE, &cfg_bsc_acc_lst_name_cmd);
+
+ mgcp_vty_init();
+
+ return 0;
+}
+
+
+/* called by the telnet interface... we have our own init above */
+void bsc_vty_init()
+{}
diff --git a/openbsc/src/nat/bsc_sccp.c b/openbsc/src/nat/bsc_sccp.c
new file mode 100644
index 0000000..94b332a
--- /dev/null
+++ b/openbsc/src/nat/bsc_sccp.c
@@ -0,0 +1,236 @@
+/* SCCP patching and handling routines */
+/*
+ * (C) 2010 by Holger Hans Peter Freyther <zecke@selfish.org>
+ * (C) 2010 by On-Waves
+ * All Rights Reserved
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ */
+
+#include <openbsc/debug.h>
+#include <openbsc/bsc_nat.h>
+
+#include <sccp/sccp.h>
+
+#include <osmocore/talloc.h>
+
+#include <string.h>
+#include <time.h>
+
+static int equal(struct sccp_source_reference *ref1, struct sccp_source_reference *ref2)
+{
+ return memcmp(ref1, ref2, sizeof(*ref1)) == 0;
+}
+
+/*
+ * SCCP patching below
+ */
+
+/* check if we are using this ref for patched already */
+static int sccp_ref_is_free(struct sccp_source_reference *ref, struct bsc_nat *nat)
+{
+ struct sccp_connections *conn;
+
+ llist_for_each_entry(conn, &nat->sccp_connections, list_entry) {
+ if (memcmp(ref, &conn->patched_ref, sizeof(*ref)) == 0)
+ return -1;
+ }
+
+ return 0;
+}
+
+/* copied from sccp.c */
+static int assign_src_local_reference(struct sccp_source_reference *ref, struct bsc_nat *nat)
+{
+ static u_int32_t last_ref = 0x50000;
+ int wrapped = 0;
+
+ do {
+ struct sccp_source_reference reference;
+ reference.octet1 = (last_ref >> 0) & 0xff;
+ reference.octet2 = (last_ref >> 8) & 0xff;
+ reference.octet3 = (last_ref >> 16) & 0xff;
+
+ ++last_ref;
+ /* do not use the reversed word and wrap around */
+ if ((last_ref & 0x00FFFFFF) == 0x00FFFFFF) {
+ LOGP(DNAT, LOGL_NOTICE, "Wrapped searching for a free code\n");
+ last_ref = 0;
+ ++wrapped;
+ }
+
+ if (sccp_ref_is_free(&reference, nat) == 0) {
+ *ref = reference;
+ return 0;
+ }
+ } while (wrapped != 2);
+
+ LOGP(DNAT, LOGL_ERROR, "Finding a free reference failed\n");
+ return -1;
+}
+
+struct sccp_connections *create_sccp_src_ref(struct bsc_connection *bsc,
+ struct bsc_nat_parsed *parsed)
+{
+ struct sccp_connections *conn;
+
+ /* Some commercial BSCs like to reassign there SRC ref */
+ llist_for_each_entry(conn, &bsc->nat->sccp_connections, list_entry) {
+ if (conn->bsc != bsc)
+ continue;
+ if (memcmp(&conn->real_ref, parsed->src_local_ref, sizeof(conn->real_ref)) != 0)
+ continue;
+
+ /* the BSC has reassigned the SRC ref and we failed to keep track */
+ memset(&conn->remote_ref, 0, sizeof(conn->remote_ref));
+ if (assign_src_local_reference(&conn->patched_ref, bsc->nat) != 0) {
+ LOGP(DNAT, LOGL_ERROR, "BSC %d reused src ref: %d and we failed to generate a new id.\n",
+ bsc->cfg->nr, sccp_src_ref_to_int(parsed->src_local_ref));
+ bsc_mgcp_dlcx(conn);
+ llist_del(&conn->list_entry);
+ talloc_free(conn);
+ return NULL;
+ } else {
+ clock_gettime(CLOCK_MONOTONIC, &conn->creation_time);
+ bsc_mgcp_dlcx(conn);
+ return conn;
+ }
+ }
+
+
+ conn = talloc_zero(bsc->nat, struct sccp_connections);
+ if (!conn) {
+ LOGP(DNAT, LOGL_ERROR, "Memory allocation failure.\n");
+ return NULL;
+ }
+
+ conn->bsc = bsc;
+ clock_gettime(CLOCK_MONOTONIC, &conn->creation_time);
+ conn->real_ref = *parsed->src_local_ref;
+ if (assign_src_local_reference(&conn->patched_ref, bsc->nat) != 0) {
+ LOGP(DNAT, LOGL_ERROR, "Failed to assign a ref.\n");
+ talloc_free(conn);
+ return NULL;
+ }
+
+ bsc_mgcp_init(conn);
+ llist_add_tail(&conn->list_entry, &bsc->nat->sccp_connections);
+ counter_inc(bsc->cfg->stats.sccp.conn);
+ counter_inc(bsc->cfg->nat->stats.sccp.conn);
+
+ LOGP(DNAT, LOGL_DEBUG, "Created 0x%x <-> 0x%x mapping for con %p\n",
+ sccp_src_ref_to_int(&conn->real_ref),
+ sccp_src_ref_to_int(&conn->patched_ref), bsc);
+
+ return conn;
+}
+
+int update_sccp_src_ref(struct sccp_connections *sccp, struct bsc_nat_parsed *parsed)
+{
+ if (!parsed->dest_local_ref || !parsed->src_local_ref) {
+ LOGP(DNAT, LOGL_ERROR, "CC MSG should contain both local and dest address.\n");
+ return -1;
+ }
+
+ sccp->remote_ref = *parsed->src_local_ref;
+ sccp->has_remote_ref = 1;
+ LOGP(DNAT, LOGL_DEBUG, "Updating 0x%x to remote 0x%x on %p\n",
+ sccp_src_ref_to_int(&sccp->patched_ref),
+ sccp_src_ref_to_int(&sccp->remote_ref), sccp->bsc);
+
+ return 0;
+}
+
+void remove_sccp_src_ref(struct bsc_connection *bsc, struct msgb *msg, struct bsc_nat_parsed *parsed)
+{
+ struct sccp_connections *conn;
+
+ llist_for_each_entry(conn, &bsc->nat->sccp_connections, list_entry) {
+ if (memcmp(parsed->src_local_ref,
+ &conn->patched_ref, sizeof(conn->patched_ref)) == 0) {
+
+ sccp_connection_destroy(conn);
+ return;
+ }
+ }
+
+ LOGP(DNAT, LOGL_ERROR, "Can not remove connection: 0x%x\n",
+ sccp_src_ref_to_int(parsed->src_local_ref));
+}
+
+/*
+ * We have a message from the MSC to the BSC. The MSC is using
+ * an address that was assigned by the MUX, we need to update the
+ * dest reference to the real network.
+ */
+struct sccp_connections *patch_sccp_src_ref_to_bsc(struct msgb *msg,
+ struct bsc_nat_parsed *parsed,
+ struct bsc_nat *nat)
+{
+ struct sccp_connections *conn;
+
+ if (!parsed->dest_local_ref) {
+ LOGP(DNAT, LOGL_ERROR, "MSG should contain dest_local_ref.\n");
+ return NULL;
+ }
+
+
+ llist_for_each_entry(conn, &nat->sccp_connections, list_entry) {
+ if (!equal(parsed->dest_local_ref, &conn->patched_ref))
+ continue;
+
+ /* Change the dest address to the real one */
+ *parsed->dest_local_ref = conn->real_ref;
+ return conn;
+ }
+
+ return NULL;
+}
+
+/*
+ * These are message to the MSC. We will need to find the BSC
+ * Connection by either the SRC or the DST local reference.
+ *
+ * In case of a CR we need to work by the SRC local reference
+ * in all other cases we need to work by the destination local
+ * reference..
+ */
+struct sccp_connections *patch_sccp_src_ref_to_msc(struct msgb *msg,
+ struct bsc_nat_parsed *parsed,
+ struct bsc_connection *bsc)
+{
+ struct sccp_connections *conn;
+
+ llist_for_each_entry(conn, &bsc->nat->sccp_connections, list_entry) {
+ if (conn->bsc != bsc)
+ continue;
+
+ if (parsed->src_local_ref) {
+ if (equal(parsed->src_local_ref, &conn->real_ref)) {
+ *parsed->src_local_ref = conn->patched_ref;
+ return conn;
+ }
+ } else if (parsed->dest_local_ref) {
+ if (equal(parsed->dest_local_ref, &conn->remote_ref))
+ return conn;
+ } else {
+ LOGP(DNAT, LOGL_ERROR, "Header has neither loc/dst ref.\n");
+ return NULL;
+ }
+ }
+
+ return NULL;
+}
diff --git a/openbsc/tests/Makefile.am b/openbsc/tests/Makefile.am
index 3b1b931..b469832 100644
--- a/openbsc/tests/Makefile.am
+++ b/openbsc/tests/Makefile.am
@@ -1 +1 @@
-SUBDIRS = debug gsm0408 db channel sccp
+SUBDIRS = debug gsm0408 db channel sccp bsc-nat
diff --git a/openbsc/tests/bsc-nat/Makefile.am b/openbsc/tests/bsc-nat/Makefile.am
new file mode 100644
index 0000000..013a465
--- /dev/null
+++ b/openbsc/tests/bsc-nat/Makefile.am
@@ -0,0 +1,15 @@
+INCLUDES = $(all_includes) -I$(top_srcdir)/include
+AM_CFLAGS=-Wall -ggdb3 $(LIBOSMOCORE_CFLAGS)
+
+EXTRA_DIST = bsc_data.c
+
+noinst_PROGRAMS = bsc_nat_test
+
+bsc_nat_test_SOURCES = bsc_nat_test.c \
+ $(top_srcdir)/src/nat/bsc_filter.c \
+ $(top_srcdir)/src/nat/bsc_sccp.c \
+ $(top_srcdir)/src/nat/bsc_nat_utils.c \
+ $(top_srcdir)/src/nat/bsc_mgcp_utils.c \
+ $(top_srcdir)/src/mgcp/mgcp_protocol.c \
+ $(top_srcdir)/src/mgcp/mgcp_network.c
+bsc_nat_test_LDADD = $(top_builddir)/src/libbsc.a $(top_builddir)/src/libsccp.a $(LIBOSMOCORE_LIBS) -lrt
diff --git a/openbsc/tests/bsc-nat/bsc_data.c b/openbsc/tests/bsc-nat/bsc_data.c
new file mode 100644
index 0000000..34242db
--- /dev/null
+++ b/openbsc/tests/bsc-nat/bsc_data.c
@@ -0,0 +1,154 @@
+/* test data */
+
+/* BSC -> MSC, CR */
+static const u_int8_t bsc_cr[] = {
+0x00, 0x2e, 0xfd,
+0x01, 0x00, 0x00, 0x15, 0x02, 0x02, 0x04, 0x02,
+0x42, 0xfe, 0x0f, 0x21, 0x00, 0x1f, 0x57, 0x05,
+0x08, 0x00, 0x72, 0xf4, 0x80, 0x20, 0x1c, 0xc3,
+0x51, 0x17, 0x12, 0x05, 0x08, 0x20, 0x72, 0xf4,
+0x90, 0x20, 0x1d, 0x50, 0x08, 0x29, 0x47, 0x80,
+0x00, 0x00, 0x00, 0x00, 0x80, 0x00 };
+
+static const u_int8_t bsc_cr_patched[] = {
+0x00, 0x2e, 0xfd,
+0x01, 0x00, 0x00, 0x05, 0x02, 0x02, 0x04, 0x02,
+0x42, 0xfe, 0x0f, 0x21, 0x00, 0x1f, 0x57, 0x05,
+0x08, 0x00, 0x72, 0xf4, 0x80, 0x20, 0x1c, 0xc3,
+0x51, 0x17, 0x12, 0x05, 0x08, 0x20, 0x72, 0xf4,
+0x90, 0x20, 0x1d, 0x50, 0x08, 0x29, 0x47, 0x80,
+0x00, 0x00, 0x00, 0x00, 0x80, 0x00 };
+
+/* CC, MSC -> BSC */
+static const u_int8_t msc_cc[] = {
+0x00, 0x0a, 0xfd,
+0x02, 0x00, 0x00, 0x05, 0x01, 0x1f, 0xe4, 0x02,
+0x01, 0x00 };
+static const u_int8_t msc_cc_patched[] = {
+0x00, 0x0a, 0xfd,
+0x02, 0x00, 0x00, 0x15, 0x01, 0x1f, 0xe4, 0x02,
+0x01, 0x00 };
+
+/* Classmark, BSC -> MSC */
+static const u_int8_t bsc_dtap[] = {
+0x00, 0x17, 0xfd,
+0x06, 0x01, 0x1f, 0xe4, 0x00, 0x01, 0x10, 0x00,
+0x0e, 0x54, 0x12, 0x03, 0x50, 0x18, 0x93, 0x13,
+0x06, 0x60, 0x14, 0x45, 0x00, 0x81, 0x00 };
+
+static const u_int8_t bsc_dtap_patched[] = {
+0x00, 0x17, 0xfd,
+0x06, 0x01, 0x1f, 0xe4, 0x00, 0x01, 0x10, 0x00,
+0x0e, 0x54, 0x12, 0x03, 0x50, 0x18, 0x93, 0x13,
+0x06, 0x60, 0x14, 0x45, 0x00, 0x81, 0x00 };
+
+/* Clear command, MSC -> BSC */
+static const u_int8_t msc_dtap[] = {
+0x00, 0x0d, 0xfd,
+0x06, 0x00, 0x00, 0x05, 0x00, 0x01, 0x06, 0x00,
+0x04, 0x20, 0x04, 0x01, 0x09 };
+static const u_int8_t msc_dtap_patched[] = {
+0x00, 0x0d, 0xfd,
+0x06, 0x00, 0x00, 0x15, 0x00, 0x01, 0x06, 0x00,
+0x04, 0x20, 0x04, 0x01, 0x09 };
+
+/*RLSD, MSC -> BSC */
+static const u_int8_t msc_rlsd[] = {
+0x00, 0x0a, 0xfd,
+0x04, 0x00, 0x00, 0x05, 0x01, 0x1f, 0xe4, 0x00,
+0x01, 0x00 };
+static const u_int8_t msc_rlsd_patched[] = {
+0x00, 0x0a, 0xfd,
+0x04, 0x00, 0x00, 0x15, 0x01, 0x1f, 0xe4, 0x00,
+0x01, 0x00 };
+
+/* RLC, BSC -> MSC */
+static const u_int8_t bsc_rlc[] = {
+0x00, 0x07, 0xfd,
+0x05, 0x01, 0x1f, 0xe4, 0x00, 0x00, 0x15 };
+
+static const u_int8_t bsc_rlc_patched[] = {
+0x00, 0x07, 0xfd,
+0x05, 0x01, 0x1f, 0xe4, 0x00, 0x00, 0x05 };
+
+
+/* a paging command */
+static const u_int8_t paging_by_lac_cmd[] = {
+0x00, 0x22, 0xfd, 0x09,
+0x00, 0x03, 0x07, 0x0b, 0x04, 0x43, 0x02, 0x00,
+0xfe, 0x04, 0x43, 0x5c, 0x00, 0xfe, 0x12, 0x00,
+0x10, 0x52, 0x08, 0x08, 0x29, 0x47, 0x10, 0x02,
+0x01, 0x50, 0x02, 0x30, 0x1a, 0x03, 0x05, 0x20,
+0x15 };
+
+/* an assignment command */
+static const u_int8_t ass_cmd[] = {
+0x00, 0x12, 0xfd, 0x06,
+0x00, 0x00, 0x49, 0x00, 0x01, 0x0b, 0x00, 0x09,
+0x01, 0x0b, 0x03, 0x01, 0x0a, 0x11, 0x01, 0x00,
+0x15 };
+
+/*
+ * MGCP messages
+ */
+
+/* nothing to patch */
+static const char crcx[] = "CRCX 23265295 8@mgw MGCP 1.0\r\nC: 394b0439fb\r\nL: p:20, a:AMR, nt:IN\r\nM: recvonly\r\n";
+static const char crcx_patched[] = "CRCX 23265295 8@mgw MGCP 1.0\r\nC: 394b0439fb\r\nL: p:20, a:AMR, nt:IN\r\nM: recvonly\r\n";
+
+
+/* patch the ip and port */
+static const char crcx_resp[] = "200 23265295\r\nI: 1\r\n\r\nv=0\r\nc=IN IP4 172.16.18.2\r\nm=audio 4002 RTP/AVP 98\r\na=rtpmap:98 AMR/8000\r\n";
+static const char crcx_resp_patched[] = "200 23265295\r\nI: 1\r\n\r\nv=0\r\nc=IN IP4 10.0.0.1\r\nm=audio 999 RTP/AVP 98\r\na=rtpmap:98 AMR/8000\r\n";
+
+/* patch the ip and port */
+static const char mdcx[] = " MDCX 23330829 8@mgw MGCP 1.0\r\nC: 394b0439fb\r\nI: 1\r\nL: p:20, a:AMR, nt:IN\r\nM: recvonly\r\n\r\nv=0\r\no=- 1049380491 0 IN IP4 172.16.18.2\r\ns=-\r\nc=IN IP4 172.16.18.2\r\nt=0 0\r\nm=audio 4410 RTP/AVP 126\r\na=rtpmap:126 AMR/8000/1\r\na=fmtp:126 mode-set=2;start-mode=0\r\na=ptime:20\r\na=recvonly\r\nm=image 4412 udptl t38\r\na=T38FaxVersion:0\r\na=T38MaxBitRate:14400\r\n";
+static const char mdcx_patched[] = " MDCX 23330829 8@mgw MGCP 1.0\r\nC: 394b0439fb\r\nI: 1\r\nL: p:20, a:AMR, nt:IN\r\nM: recvonly\r\n\r\nv=0\r\no=- 1049380491 0 IN IP4 172.16.18.2\r\ns=-\r\nc=IN IP4 10.0.0.23\r\nt=0 0\r\nm=audio 6666 RTP/AVP 126\r\na=rtpmap:126 AMR/8000/1\r\na=fmtp:126 mode-set=2;start-mode=0\r\na=ptime:20\r\na=recvonly\r\nm=image 4412 udptl t38\r\na=T38FaxVersion:0\r\na=T38MaxBitRate:14400\r\n";
+
+
+static const char mdcx_resp[] = "200 23330829\r\n\r\nv=0\r\nc=IN IP4 172.16.18.2\r\nm=audio 4002 RTP/AVP 98\r\na=rtpmap:98 AMR/8000\r\n";
+static const char mdcx_resp_patched[] = "200 23330829\r\n\r\nv=0\r\nc=IN IP4 10.0.0.23\r\nm=audio 5555 RTP/AVP 98\r\na=rtpmap:98 AMR/8000\r\n";
+
+/* different line ending */
+static const char mdcx_resp2[] = "200 33330829\n\nv=0\nc=IN IP4 172.16.18.2\nm=audio 4002 RTP/AVP 98\na=rtpmap:98 AMR/8000\n";
+static const char mdcx_resp_patched2[] = "200 33330829\n\nv=0\nc=IN IP4 10.0.0.23\nm=audio 5555 RTP/AVP 98\na=rtpmap:98 AMR/8000\n";
+
+struct mgcp_patch_test {
+ const char *orig;
+ const char *patch;
+ const char *ip;
+ const int port;
+};
+
+static const struct mgcp_patch_test mgcp_messages[] = {
+ {
+ .orig = crcx,
+ .patch = crcx_patched,
+ .ip = "0.0.0.0",
+ .port = 2323,
+ },
+ {
+ .orig = crcx_resp,
+ .patch = crcx_resp_patched,
+ .ip = "10.0.0.1",
+ .port = 999,
+ },
+ {
+ .orig = mdcx,
+ .patch = mdcx_patched,
+ .ip = "10.0.0.23",
+ .port = 6666,
+ },
+ {
+ .orig = mdcx_resp,
+ .patch = mdcx_resp_patched,
+ .ip = "10.0.0.23",
+ .port = 5555,
+ },
+ {
+ .orig = mdcx_resp2,
+ .patch = mdcx_resp_patched2,
+ .ip = "10.0.0.23",
+ .port = 5555,
+ },
+};
diff --git a/openbsc/tests/bsc-nat/bsc_nat_test.c b/openbsc/tests/bsc-nat/bsc_nat_test.c
new file mode 100644
index 0000000..d1db2e4
--- /dev/null
+++ b/openbsc/tests/bsc-nat/bsc_nat_test.c
@@ -0,0 +1,727 @@
+/*
+ * BSC NAT Message filtering
+ *
+ * (C) 2010 by Holger Hans Peter Freyther <zecke@selfish.org>
+ * (C) 2010 by On-Waves
+ *
+ * All Rights Reserved
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ */
+
+
+#include <openbsc/debug.h>
+#include <openbsc/gsm_data.h>
+#include <openbsc/bsc_nat.h>
+
+#include <osmocore/talloc.h>
+
+#include <stdio.h>
+
+/* test messages for ipa */
+static u_int8_t ipa_id[] = {
+ 0x00, 0x01, 0xfe, 0x06,
+};
+
+/* SCCP messages are below */
+static u_int8_t gsm_reset[] = {
+ 0x00, 0x12, 0xfd,
+ 0x09, 0x00, 0x03, 0x05, 0x07, 0x02, 0x42, 0xfe,
+ 0x02, 0x42, 0xfe, 0x06, 0x00, 0x04, 0x30, 0x04,
+ 0x01, 0x20,
+};
+
+static const u_int8_t gsm_reset_ack[] = {
+ 0x00, 0x13, 0xfd,
+ 0x09, 0x00, 0x03, 0x07, 0x0b, 0x04, 0x43, 0x01,
+ 0x00, 0xfe, 0x04, 0x43, 0x5c, 0x00, 0xfe, 0x03,
+ 0x00, 0x01, 0x31,
+};
+
+static const u_int8_t gsm_paging[] = {
+ 0x00, 0x20, 0xfd,
+ 0x09, 0x00, 0x03, 0x07, 0x0b, 0x04, 0x43, 0x01,
+ 0x00, 0xfe, 0x04, 0x43, 0x5c, 0x00, 0xfe, 0x10,
+ 0x00, 0x0e, 0x52, 0x08, 0x08, 0x29, 0x47, 0x10,
+ 0x02, 0x01, 0x31, 0x97, 0x61, 0x1a, 0x01, 0x06,
+};
+
+/* BSC -> MSC connection open */
+static const u_int8_t bssmap_cr[] = {
+ 0x00, 0x2c, 0xfd,
+ 0x01, 0x01, 0x02, 0x03, 0x02, 0x02, 0x04, 0x02,
+ 0x42, 0xfe, 0x0f, 0x1f, 0x00, 0x1d, 0x57, 0x05,
+ 0x08, 0x00, 0x72, 0xf4, 0x80, 0x20, 0x12, 0xc3,
+ 0x50, 0x17, 0x10, 0x05, 0x24, 0x11, 0x03, 0x33,
+ 0x19, 0xa2, 0x08, 0x29, 0x47, 0x10, 0x02, 0x01,
+ 0x31, 0x97, 0x61, 0x00
+};
+
+/* MSC -> BSC connection confirm */
+static const u_int8_t bssmap_cc[] = {
+ 0x00, 0x0a, 0xfd,
+ 0x02, 0x01, 0x02, 0x03, 0x00, 0x00, 0x03, 0x02, 0x01, 0x00,
+};
+
+/* MSC -> BSC released */
+static const u_int8_t bssmap_released[] = {
+ 0x00, 0x0e, 0xfd,
+ 0x04, 0x00, 0x00, 0x03, 0x01, 0x02, 0x03, 0x00, 0x01, 0x0f,
+ 0x02, 0x23, 0x42, 0x00,
+};
+
+/* BSC -> MSC released */
+static const u_int8_t bssmap_release_complete[] = {
+ 0x00, 0x07, 0xfd,
+ 0x05, 0x01, 0x02, 0x03, 0x00, 0x00, 0x03
+};
+
+/* both directions IT timer */
+static const u_int8_t connnection_it[] = {
+ 0x00, 0x0b, 0xfd,
+ 0x10, 0x01, 0x02, 0x03, 0x01, 0x02, 0x03,
+ 0x00, 0x00, 0x00, 0x00,
+};
+
+/* error in both directions */
+static const u_int8_t proto_error[] = {
+ 0x00, 0x05, 0xfd,
+ 0x0f, 0x22, 0x33, 0x44, 0x00,
+};
+
+/* MGCP wrap... */
+static const u_int8_t mgcp_msg[] = {
+ 0x00, 0x03, 0xfc,
+ 0x20, 0x20, 0x20,
+};
+
+/* location updating request */
+static const u_int8_t bss_lu[] = {
+ 0x00, 0x2e, 0xfd,
+ 0x01, 0x91, 0x45, 0x14, 0x02, 0x02, 0x04, 0x02,
+ 0x42, 0xfe, 0x0f, 0x21, 0x00, 0x1f, 0x57, 0x05,
+ 0x08, 0x00, 0x72, 0xf4, 0x80, 0x20, 0x14, 0xc3,
+ 0x50, 0x17, 0x12, 0x05, 0x08, 0x70, 0x72, 0xf4,
+ 0x80, 0xff, 0xfe, 0x30, 0x08, 0x29, 0x44, 0x50,
+ 0x12, 0x03, 0x24, 0x01, 0x95, 0x00
+};
+
+/* paging response */
+static const uint8_t pag_resp[] = {
+ 0x00, 0x2c, 0xfd, 0x01, 0xe5, 0x68,
+ 0x14, 0x02, 0x02, 0x04, 0x02, 0x42, 0xfe, 0x0f,
+ 0x1f, 0x00, 0x1d, 0x57, 0x05, 0x08, 0x00, 0x72,
+ 0xf4, 0x80, 0x20, 0x16, 0xc3, 0x50, 0x17, 0x10,
+ 0x06, 0x27, 0x01, 0x03, 0x30, 0x18, 0x96, 0x08,
+ 0x29, 0x26, 0x30, 0x32, 0x11, 0x42, 0x01, 0x19,
+ 0x00
+};
+
+struct filter_result {
+ const u_int8_t *data;
+ const u_int16_t length;
+ const int dir;
+ const int result;
+};
+
+static const struct filter_result results[] = {
+ {
+ .data = ipa_id,
+ .length = ARRAY_SIZE(ipa_id),
+ .dir = DIR_MSC,
+ .result = 1,
+ },
+ {
+ .data = gsm_reset,
+ .length = ARRAY_SIZE(gsm_reset),
+ .dir = DIR_MSC,
+ .result = 1,
+ },
+ {
+ .data = gsm_reset_ack,
+ .length = ARRAY_SIZE(gsm_reset_ack),
+ .dir = DIR_BSC,
+ .result = 1,
+ },
+ {
+ .data = gsm_paging,
+ .length = ARRAY_SIZE(gsm_paging),
+ .dir = DIR_BSC,
+ .result = 0,
+ },
+ {
+ .data = bssmap_cr,
+ .length = ARRAY_SIZE(bssmap_cr),
+ .dir = DIR_MSC,
+ .result = 0,
+ },
+ {
+ .data = bssmap_cc,
+ .length = ARRAY_SIZE(bssmap_cc),
+ .dir = DIR_BSC,
+ .result = 0,
+ },
+ {
+ .data = bssmap_released,
+ .length = ARRAY_SIZE(bssmap_released),
+ .dir = DIR_MSC,
+ .result = 0,
+ },
+ {
+ .data = bssmap_release_complete,
+ .length = ARRAY_SIZE(bssmap_release_complete),
+ .dir = DIR_BSC,
+ .result = 0,
+ },
+ {
+ .data = mgcp_msg,
+ .length = ARRAY_SIZE(mgcp_msg),
+ .dir = DIR_MSC,
+ .result = 0,
+ },
+ {
+ .data = connnection_it,
+ .length = ARRAY_SIZE(connnection_it),
+ .dir = DIR_BSC,
+ .result = 0,
+ },
+ {
+ .data = connnection_it,
+ .length = ARRAY_SIZE(connnection_it),
+ .dir = DIR_MSC,
+ .result = 0,
+ },
+ {
+ .data = proto_error,
+ .length = ARRAY_SIZE(proto_error),
+ .dir = DIR_BSC,
+ .result = 0,
+ },
+ {
+ .data = proto_error,
+ .length = ARRAY_SIZE(proto_error),
+ .dir = DIR_MSC,
+ .result = 0,
+ },
+
+};
+
+static void test_filter(void)
+{
+ int i;
+
+
+ /* start testinh with proper messages */
+ fprintf(stderr, "Testing BSS Filtering.\n");
+ for (i = 0; i < ARRAY_SIZE(results); ++i) {
+ int result;
+ struct bsc_nat_parsed *parsed;
+ struct msgb *msg = msgb_alloc(4096, "test-message");
+
+ fprintf(stderr, "Going to test item: %d\n", i);
+ memcpy(msg->data, results[i].data, results[i].length);
+ msg->l2h = msgb_put(msg, results[i].length);
+
+ parsed = bsc_nat_parse(msg);
+ if (!parsed) {
+ fprintf(stderr, "FAIL: Failed to parse the message\n");
+ continue;
+ }
+
+ result = bsc_nat_filter_ipa(results[i].dir, msg, parsed);
+ if (result != results[i].result) {
+ fprintf(stderr, "FAIL: Not the expected result got: %d wanted: %d\n",
+ result, results[i].result);
+ }
+
+ msgb_free(msg);
+ }
+}
+
+#include "bsc_data.c"
+
+static void copy_to_msg(struct msgb *msg, const u_int8_t *data, unsigned int length)
+{
+ msgb_reset(msg);
+ msg->l2h = msgb_put(msg, length);
+ memcpy(msg->l2h, data, msgb_l2len(msg));
+}
+
+#define VERIFY(con_found, con, msg, ver, str) \
+ if (!con_found || con_found->bsc != con) { \
+ fprintf(stderr, "Failed to find the con: %p\n", con_found); \
+ abort(); \
+ } \
+ if (memcmp(msg->data, ver, sizeof(ver)) != 0) { \
+ fprintf(stderr, "Failed to patch the %s msg.\n", str); \
+ abort(); \
+ }
+
+/* test conn tracking once */
+static void test_contrack()
+{
+ struct bsc_nat *nat;
+ struct bsc_connection *con;
+ struct sccp_connections *con_found;
+ struct sccp_connections *rc_con;
+ struct bsc_nat_parsed *parsed;
+ struct msgb *msg;
+
+ fprintf(stderr, "Testing connection tracking.\n");
+ nat = bsc_nat_alloc();
+ con = bsc_connection_alloc(nat);
+ con->cfg = bsc_config_alloc(nat, "foo", 23);
+ msg = msgb_alloc(4096, "test");
+
+ /* 1.) create a connection */
+ copy_to_msg(msg, bsc_cr, sizeof(bsc_cr));
+ parsed = bsc_nat_parse(msg);
+ con_found = patch_sccp_src_ref_to_msc(msg, parsed, con);
+ if (con_found != NULL) {
+ fprintf(stderr, "Con should not exist %p\n", con_found);
+ abort();
+ }
+ rc_con = create_sccp_src_ref(con, parsed);
+ if (!rc_con) {
+ fprintf(stderr, "Failed to create a ref\n");
+ abort();
+ }
+ con_found = patch_sccp_src_ref_to_msc(msg, parsed, con);
+ if (!con_found || con_found->bsc != con) {
+ fprintf(stderr, "Failed to find the con: %p\n", con_found);
+ abort();
+ }
+ if (con_found != rc_con) {
+ fprintf(stderr, "Failed to find the right connection.\n");
+ abort();
+ }
+ if (memcmp(msg->data, bsc_cr_patched, sizeof(bsc_cr_patched)) != 0) {
+ fprintf(stderr, "Failed to patch the BSC CR msg.\n");
+ abort();
+ }
+ talloc_free(parsed);
+
+ /* 2.) get the cc */
+ copy_to_msg(msg, msc_cc, sizeof(msc_cc));
+ parsed = bsc_nat_parse(msg);
+ con_found = patch_sccp_src_ref_to_bsc(msg, parsed, nat);
+ VERIFY(con_found, con, msg, msc_cc_patched, "MSC CC");
+ if (update_sccp_src_ref(con_found, parsed) != 0) {
+ fprintf(stderr, "Failed to update the SCCP con.\n");
+ abort();
+ }
+
+ /* 3.) send some data */
+ copy_to_msg(msg, bsc_dtap, sizeof(bsc_dtap));
+ parsed = bsc_nat_parse(msg);
+ con_found = patch_sccp_src_ref_to_msc(msg, parsed, con);
+ VERIFY(con_found, con, msg, bsc_dtap_patched, "BSC DTAP");
+
+ /* 4.) receive some data */
+ copy_to_msg(msg, msc_dtap, sizeof(msc_dtap));
+ parsed = bsc_nat_parse(msg);
+ con_found = patch_sccp_src_ref_to_bsc(msg, parsed, nat);
+ VERIFY(con_found, con, msg, msc_dtap_patched, "MSC DTAP");
+
+ /* 5.) close the connection */
+ copy_to_msg(msg, msc_rlsd, sizeof(msc_rlsd));
+ parsed = bsc_nat_parse(msg);
+ con_found = patch_sccp_src_ref_to_bsc(msg, parsed, nat);
+ VERIFY(con_found, con, msg, msc_rlsd_patched, "MSC RLSD");
+
+ /* 6.) confirm the connection close */
+ copy_to_msg(msg, bsc_rlc, sizeof(bsc_rlc));
+ parsed = bsc_nat_parse(msg);
+ con_found = patch_sccp_src_ref_to_msc(msg, parsed, con);
+ if (!con_found || con_found->bsc != con) {
+ fprintf(stderr, "Failed to find the con: %p\n", con_found);
+ abort();
+ }
+ if (memcmp(msg->data, bsc_rlc_patched, sizeof(bsc_rlc_patched)) != 0) {
+ fprintf(stderr, "Failed to patch the BSC CR msg.\n");
+ abort();
+ }
+ remove_sccp_src_ref(con, msg, parsed);
+ talloc_free(parsed);
+
+ copy_to_msg(msg, bsc_rlc, sizeof(bsc_rlc));
+ parsed = bsc_nat_parse(msg);
+ con_found = patch_sccp_src_ref_to_msc(msg, parsed, con);
+
+ /* verify that it is gone */
+ if (con_found != NULL) {
+ fprintf(stderr, "Con should be gone. %p\n", con_found);
+ abort();
+ }
+ talloc_free(parsed);
+
+
+ talloc_free(nat);
+ msgb_free(msg);
+}
+
+static void test_paging(void)
+{
+ int lac;
+ struct bsc_nat *nat;
+ struct bsc_connection *con;
+ struct bsc_nat_parsed *parsed;
+ struct bsc_config cfg;
+ struct msgb *msg;
+
+ fprintf(stderr, "Testing paging by lac.\n");
+
+ nat = bsc_nat_alloc();
+ con = bsc_connection_alloc(nat);
+ con->cfg = &cfg;
+ cfg.lac = 23;
+ con->authenticated = 1;
+ llist_add(&con->list_entry, &nat->bsc_connections);
+ msg = msgb_alloc(4096, "test");
+
+ /* Test completely bad input */
+ copy_to_msg(msg, paging_by_lac_cmd, sizeof(paging_by_lac_cmd));
+ if (bsc_nat_find_bsc(nat, msg, &lac) != 0) {
+ fprintf(stderr, "Should have not found anything.\n");
+ abort();
+ }
+
+ /* Test it by not finding it */
+ copy_to_msg(msg, paging_by_lac_cmd, sizeof(paging_by_lac_cmd));
+ parsed = bsc_nat_parse(msg);
+ if (bsc_nat_find_bsc(nat, msg, &lac) != 0) {
+ fprintf(stderr, "Should have not found aynthing.\n");
+ abort();
+ }
+ talloc_free(parsed);
+
+ /* Test by finding it */
+ cfg.lac = 8213;
+ copy_to_msg(msg, paging_by_lac_cmd, sizeof(paging_by_lac_cmd));
+ parsed = bsc_nat_parse(msg);
+ if (bsc_nat_find_bsc(nat, msg, &lac) != con) {
+ fprintf(stderr, "Should have found it.\n");
+ abort();
+ }
+ talloc_free(parsed);
+}
+
+static void test_mgcp_ass_tracking(void)
+{
+ struct bsc_connection *bsc;
+ struct bsc_nat *nat;
+ struct sccp_connections con;
+ struct bsc_nat_parsed *parsed;
+ struct msgb *msg;
+
+ fprintf(stderr, "Testing MGCP.\n");
+ memset(&con, 0, sizeof(con));
+
+ nat = bsc_nat_alloc();
+ nat->bsc_endpoints = talloc_zero_array(nat,
+ struct bsc_endpoint,
+ 33);
+ bsc = bsc_connection_alloc(nat);
+ bsc->cfg = bsc_config_alloc(nat, "foo", 2323);
+ con.bsc = bsc;
+
+ msg = msgb_alloc(4096, "foo");
+ copy_to_msg(msg, ass_cmd, sizeof(ass_cmd));
+ parsed = bsc_nat_parse(msg);
+ if (bsc_mgcp_assign(&con, msg) != 0) {
+ fprintf(stderr, "Failed to handle assignment.\n");
+ abort();
+ }
+
+ if (con.msc_timeslot != 21) {
+ fprintf(stderr, "Timeslot should be 21.\n");
+ abort();
+ }
+
+ if (con.bsc_timeslot != 21) {
+ fprintf(stderr, "Assigned timeslot should have been 21.\n");
+ abort();
+ }
+ talloc_free(parsed);
+
+ bsc_mgcp_dlcx(&con);
+ if (con.bsc_timeslot != -1 || con.msc_timeslot != -1) {
+ fprintf(stderr, "Clearing should remove the mapping.\n");
+ abort();
+ }
+
+ talloc_free(nat);
+}
+
+/* test the code to find a given connection */
+static void test_mgcp_find(void)
+{
+ struct bsc_nat *nat;
+ struct bsc_connection *con;
+ struct sccp_connections *sccp_con;
+
+ fprintf(stderr, "Testing finding of a BSC Connection\n");
+
+ nat = bsc_nat_alloc();
+ con = bsc_connection_alloc(nat);
+ llist_add(&con->list_entry, &nat->bsc_connections);
+
+ sccp_con = talloc_zero(con, struct sccp_connections);
+ sccp_con->msc_timeslot = 12;
+ sccp_con->bsc_timeslot = 12;
+ sccp_con->bsc = con;
+ llist_add(&sccp_con->list_entry, &nat->sccp_connections);
+
+ if (bsc_mgcp_find_con(nat, 11) != NULL) {
+ fprintf(stderr, "Found the wrong connection.\n");
+ abort();
+ }
+
+ if (bsc_mgcp_find_con(nat, 12) != sccp_con) {
+ fprintf(stderr, "Didn't find the connection\n");
+ abort();
+ }
+
+ sccp_con->msc_timeslot = 0;
+ sccp_con->bsc_timeslot = 0;
+ if (bsc_mgcp_find_con(nat, 1) != sccp_con) {
+ fprintf(stderr, "Didn't find the connection\n");
+ abort();
+ }
+
+ /* free everything */
+ talloc_free(nat);
+}
+
+static void test_mgcp_rewrite(void)
+{
+ int i;
+ struct msgb *output;
+ fprintf(stderr, "Test rewriting MGCP messages.\n");
+
+ for (i = 0; i < ARRAY_SIZE(mgcp_messages); ++i) {
+ const char *orig = mgcp_messages[i].orig;
+ const char *patc = mgcp_messages[i].patch;
+ const char *ip = mgcp_messages[i].ip;
+ const int port = mgcp_messages[i].port;
+
+ char *input = strdup(orig);
+
+ output = bsc_mgcp_rewrite(input, strlen(input), ip, port);
+ if (msgb_l2len(output) != strlen(patc)) {
+ fprintf(stderr, "Wrong sizes for test: %d %d != %d != %d\n", i, msgb_l2len(output), strlen(patc), strlen(orig));
+ fprintf(stderr, "String '%s' vs '%s'\n", (const char *) output->l2h, patc);
+ abort();
+ }
+
+ if (memcmp(output->l2h, patc, msgb_l2len(output)) != 0) {
+ fprintf(stderr, "Broken on %d msg: '%s'\n", i, (const char *) output->l2h);
+ abort();
+ }
+
+ msgb_free(output);
+ free(input);
+ }
+}
+
+static void test_mgcp_parse(void)
+{
+ int code, ci;
+ char transaction[60];
+
+ fprintf(stderr, "Test MGCP response parsing.\n");
+
+ if (bsc_mgcp_parse_response(crcx_resp, &code, transaction) != 0) {
+ fprintf(stderr, "Failed to parse CRCX resp.\n");
+ abort();
+ }
+
+ if (code != 200) {
+ fprintf(stderr, "Failed to parse the CODE properly. Got: %d\n", code);
+ abort();
+ }
+
+ if (strcmp(transaction, "23265295") != 0) {
+ fprintf(stderr, "Failed to parse transaction id: '%s'\n", transaction);
+ abort();
+ }
+
+ ci = bsc_mgcp_extract_ci(crcx_resp);
+ if (ci != 1) {
+ fprintf(stderr, "Failed to parse the CI. Got: %d\n", ci);
+ abort();
+ }
+}
+
+struct cr_filter {
+ const u_int8_t *data;
+ int length;
+ int result;
+ int contype;
+
+ const char *bsc_imsi_allow;
+ const char *bsc_imsi_deny;
+ const char *nat_imsi_deny;
+};
+
+static struct cr_filter cr_filter[] = {
+ {
+ .data = bssmap_cr,
+ .length = sizeof(bssmap_cr),
+ .result = 0,
+ .contype = NAT_CON_TYPE_CM_SERV_REQ,
+ },
+ {
+ .data = bss_lu,
+ .length = sizeof(bss_lu),
+ .result = 0,
+ .contype = NAT_CON_TYPE_LU,
+ },
+ {
+ .data = pag_resp,
+ .length = sizeof(pag_resp),
+ .result = 0,
+ .contype = NAT_CON_TYPE_PAG_RESP,
+ },
+ {
+ /* nat deny is before blank/null BSC */
+ .data = bss_lu,
+ .length = sizeof(bss_lu),
+ .result = -3,
+ .nat_imsi_deny = "[0-9]*",
+ .contype = NAT_CON_TYPE_LU,
+ },
+ {
+ /* BSC allow is before NAT deny */
+ .data = bss_lu,
+ .length = sizeof(bss_lu),
+ .result = 0,
+ .nat_imsi_deny = "[0-9]*",
+ .bsc_imsi_allow = "2440[0-9]*",
+ .contype = NAT_CON_TYPE_LU,
+ },
+ {
+ /* BSC allow is before NAT deny */
+ .data = bss_lu,
+ .length = sizeof(bss_lu),
+ .result = 0,
+ .bsc_imsi_allow = "[0-9]*",
+ .nat_imsi_deny = "[0-9]*",
+ .contype = NAT_CON_TYPE_LU,
+ },
+ {
+ /* filter as deny is first */
+ .data = bss_lu,
+ .length = sizeof(bss_lu),
+ .result = -2,
+ .bsc_imsi_deny = "[0-9]*",
+ .bsc_imsi_allow = "[0-9]*",
+ .nat_imsi_deny = "[0-9]*",
+ .contype = NAT_CON_TYPE_LU,
+ },
+
+};
+
+static void test_cr_filter()
+{
+ int i, res, contype;
+ struct msgb *msg = msgb_alloc(4096, "test_cr_filter");
+ struct bsc_nat_parsed *parsed;
+ struct bsc_nat_acc_lst *nat_lst, *bsc_lst;
+ struct bsc_nat_acc_lst_entry *nat_entry, *bsc_entry;
+
+ struct bsc_nat *nat = bsc_nat_alloc();
+ struct bsc_connection *bsc = bsc_connection_alloc(nat);
+ bsc->cfg = bsc_config_alloc(nat, "foo", 1234);
+ bsc->cfg->acc_lst_name = "bsc";
+ nat->acc_lst_name = "nat";
+
+ nat_lst = bsc_nat_acc_lst_get(nat, "nat");
+ bsc_lst = bsc_nat_acc_lst_get(nat, "bsc");
+
+ bsc_entry = bsc_nat_acc_lst_entry_create(bsc_lst);
+ nat_entry = bsc_nat_acc_lst_entry_create(nat_lst);
+
+ for (i = 0; i < ARRAY_SIZE(cr_filter); ++i) {
+ msgb_reset(msg);
+ copy_to_msg(msg, cr_filter[i].data, cr_filter[i].length);
+
+ nat_lst = bsc_nat_acc_lst_get(nat, "nat");
+ bsc_lst = bsc_nat_acc_lst_get(nat, "bsc");
+
+ bsc_parse_reg(nat_entry, &nat_entry->imsi_deny_re, &nat_entry->imsi_deny,
+ cr_filter[i].nat_imsi_deny ? 1 : 0,
+ &cr_filter[i].nat_imsi_deny);
+ bsc_parse_reg(bsc_entry, &bsc_entry->imsi_allow_re, &bsc_entry->imsi_allow,
+ cr_filter[i].bsc_imsi_allow ? 1 : 0,
+ &cr_filter[i].bsc_imsi_allow);
+ bsc_parse_reg(bsc_entry, &bsc_entry->imsi_deny_re, &bsc_entry->imsi_deny,
+ cr_filter[i].bsc_imsi_deny ? 1 : 0,
+ &cr_filter[i].bsc_imsi_deny);
+
+ parsed = bsc_nat_parse(msg);
+ if (!parsed) {
+ fprintf(stderr, "FAIL: Failed to parse the message\n");
+ abort();
+ }
+
+ res = bsc_nat_filter_sccp_cr(bsc, msg, parsed, &contype);
+ if (res != cr_filter[i].result) {
+ fprintf(stderr, "FAIL: Wrong result %d for test %d.\n", res, i);
+ abort();
+ }
+
+ if (contype != cr_filter[i].contype) {
+ fprintf(stderr, "FAIL: Wrong contype %d for test %d.\n", res, contype);
+ abort();
+ }
+
+ talloc_free(parsed);
+ }
+
+ msgb_free(msg);
+}
+
+int main(int argc, char **argv)
+{
+ struct log_target *stderr_target;
+
+ stderr_target = log_target_create_stderr();
+ log_add_target(stderr_target);
+ log_set_all_filter(stderr_target, 1);
+
+ test_filter();
+ test_contrack();
+ test_paging();
+ test_mgcp_ass_tracking();
+ test_mgcp_find();
+ test_mgcp_rewrite();
+ test_mgcp_parse();
+ test_cr_filter();
+ return 0;
+}
+
+void input_event()
+{}
+int nm_state_event()
+{
+ return -1;
+}
+
+int gsm0408_rcvmsg(struct msgb *msg, u_int8_t link_id)
+{
+ return -1;
+}