commit ec0cb7c64d5d42e8d0d599b209a3eabacfceba60
author Holger Hans Peter Freyther <holger@moiji-mobile.com> Sun Apr 05 20:53:42 2015 +0200
committer Holger Hans Peter Freyther <holger@moiji-mobile.com> Sun May 03 22:33:35 2015 +0200
tree 4f31fc47e9f723dad6c77e732a88592b98a06fa9
parent d6332809d8313903c65ccd28646f41b7c1aa6b99

bsc: Add access list filtering to the BSC

openbsc/src/osmo-bsc/osmo_bsc_api.c

diff --git a/openbsc/src/osmo-bsc/osmo_bsc_api.c b/openbsc/src/osmo-bsc/osmo_bsc_api.c
index a90ad16..17026af 100644
--- a/openbsc/src/osmo-bsc/osmo_bsc_api.c
+++ b/openbsc/src/osmo-bsc/osmo_bsc_api.c
@@ -1,4 +1,4 @@
-/* (C) 2009-2011 by Holger Hans Peter Freyther <zecke@selfish.org>
+/* (C) 2009-2015 by Holger Hans Peter Freyther <zecke@selfish.org>
  * (C) 2009-2011 by On-Waves
  * All Rights Reserved
  *
@@ -79,6 +79,45 @@
 	return bts->cell_identity;
 }
 
+static int bsc_filter_initial(struct osmo_bsc_data *bsc,
+				struct osmo_msc_data *msc,
+				struct gsm_subscriber_connection *conn,
+				struct msgb *msg, char **imsi)
+{
+	int con_type;
+	struct bsc_filter_request req;
+	struct bsc_filter_reject_cause cause;
+	struct gsm48_hdr *gh = msgb_l3(msg);
+
+	req.ctx = conn;
+	req.black_list = NULL;
+	req.access_lists = bsc_access_lists();
+	req.local_lst_name = msc->acc_lst_name;
+	req.global_lst_name = conn->bts->network->bsc_data->acc_lst_name;
+	req.bsc_nr = 0;
+
+	return bsc_msg_filter_initial(gh, msgb_l3len(msg), &req,
+				&con_type, imsi, &cause);
+}
+
+static int bsc_filter_data(struct gsm_subscriber_connection *conn,
+				struct msgb *msg)
+{
+	struct bsc_filter_request req;
+	struct gsm48_hdr *gh = msgb_l3(msg);
+	struct bsc_filter_reject_cause cause;
+
+	req.ctx = conn;
+	req.black_list = NULL;
+	req.access_lists = bsc_access_lists();
+	req.local_lst_name = conn->sccp_con->msc->acc_lst_name;
+	req.global_lst_name = conn->bts->network->bsc_data->acc_lst_name;
+	req.bsc_nr = 0;
+
+	return bsc_msg_filter_data(gh, msgb_l3len(msg), &req,
+				&conn->sccp_con->filter_state,
+				&cause);
+}
 
 static void bsc_sapi_n_reject(struct gsm_subscriber_connection *conn, int dlci)
 {
@@ -172,6 +211,7 @@
 static int complete_layer3(struct gsm_subscriber_connection *conn,
 			   struct msgb *msg, struct osmo_msc_data *msc)
 {
+	char *imsi = NULL;
 	struct timeval tv;
 	struct msgb *resp;
 	uint16_t network_code;
@@ -189,6 +229,10 @@
 	if (send_ping && osmo_timer_remaining(&msc->ping_timer, NULL, &tv) == -1)
 		send_ping = 0;
 
+	/* Check the filter */
+	if (bsc_filter_initial(msc->network->bsc_data, msc, conn, msg, &imsi) < 0)
+		return BSC_API_CONN_POL_REJECT;
+
 	/* allocate resource for a new connection */
 	ret = bsc_create_new_connection(conn, msc, send_ping);
 
@@ -202,6 +246,9 @@
 		return BSC_API_CONN_POL_REJECT;
 	}
 
+	if (imsi)
+		conn->sccp_con->filter_state.imsi = talloc_steal(conn, imsi);
+
 	/* check return value, if failed check msg for and send USSD */
 
 	network_code = get_network_code_for_msc(conn->sccp_con->msc);
@@ -333,8 +380,13 @@
 	if (handle_cc_setup(conn, msg) >= 1)
 		return;
 
-	bsc_scan_bts_msg(conn, msg);
+	/* Check the filter */
+	if (bsc_filter_data(conn, msg) < 0) {
+		bsc_clear_request(conn, 0);
+		return;
+	}
 
+	bsc_scan_bts_msg(conn, msg);
 
 	resp = gsm0808_create_dtap(msg, link_id);
 	queue_msg_or_return(resp);