[nat] Add a bsc_filter.c which will carry out the analysis and filtering

The first part is to analyze the IP Access Header and only forward SCCP messages for now. In the future we might want to do MGCP signalling through this protocol and connection as well and need to update this then.
2010-06-15 18:45:26 +08:00 · 2010-06-15 18:45:26 +08:00 · 6a97b8d188
parent d7fb9545b6
commit 6a97b8d188
3 changed files with 81 additions and 6 deletions
--- a/openbsc/include/openbsc/bsc_nat.h
+++ b/openbsc/include/openbsc/bsc_nat.h
@ -0,0 +1,33 @@
+/*
+ * (C) 2010 by Holger Hans Peter Freyther <zecke@selfish.org>
+ * (C) 2010 by on-waves.com
+ * All Rights Reserved
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ */
+
+#ifndef BSC_NAT_H
+#define BSC_NAT_H
+
+#include <sys/types.h>
+#include "msgb.h"
+
+/**
+ * filter based on IP Access header in both directions
+ */
+int bsc_nat_filter_ipa(struct msgb *msg);
+
+#endif
--- a/openbsc/src/nat/bsc_filter.c
+++ b/openbsc/src/nat/bsc_filter.c
@ -0,0 +1,34 @@
+/* BSC Multiplexer/NAT */
+
+/*
+ * (C) 2010 by Holger Hans Peter Freyther <zecke@selfish.org>
+ * (C) 2010 by on-waves.com
+ * All Rights Reserved
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ */
+
+#include <openbsc/bsc_nat.h>
+#include <openbsc/ipaccess.h>
+
+int bsc_nat_filter_ipa(struct msgb *msg)
+{
+	struct ipaccess_head *hh;
+
+	/* handle base message handling */
+	hh = (struct ipaccess_head *) msg->data;
+	return hh->proto == IPAC_PROTO_IPACCESS;
+}
--- a/openbsc/src/nat/bsc_nat.c
+++ b/openbsc/src/nat/bsc_nat.c
@ -38,11 +38,14 @@
 #include <openbsc/debug.h>
 #include <openbsc/msgb.h>
 #include <openbsc/bsc_msc.h>
+#include <openbsc/bsc_nat.h>
 #include <openbsc/ipaccess.h>
 #include <openbsc/abis_nm.h>
 #include <openbsc/talloc.h>
 #include <openbsc/linuxlist.h>

+#include <sccp/sccp.h>
+
 static const char *config_file = "openbsc.cfg";
 static char *msc_address = "127.0.0.1";
 static struct in_addr local_addr;
@ -65,6 +68,7 @@ struct bsc_connection {

 static LLIST_HEAD(bsc_connections);

+
 /*
 * below are stubs we need to link
 */
@ -101,6 +105,10 @@ static void forward_sccp_to_bts(struct msgb *msg)

 	/* filter, drop, patch the message? */

+	/* drop packets with the wrong IPA header */
+	if (bsc_nat_filter_ipa(msg))
+		return;
+
 	/* currently send this to every BSC connected */
 	llist_for_each_entry(bsc, &bsc_connections, list_entry) {
 		write(bsc->bsc_fd.fd, msg->data, msg->len);
@ -160,6 +168,10 @@ static int forward_sccp_to_msc(struct msgb *msg)
 {
 	/* FIXME: We need to filter out certain messages */

+	/* drop packets with the wrong IPA header */
+	if (bsc_nat_filter_ipa(msg))
+		return 0;
+
 	/* send the non-filtered but maybe modified msg */
 	return write(msc_connection.fd, msg->data, msg->len);
 }
@ -168,7 +180,6 @@ static int ipaccess_bsc_cb(struct bsc_fd *bfd, unsigned int what)
 {
 	int error;
 	struct msgb *msg = ipaccess_read_msg(bfd, &error);
-	struct ipaccess_head *hh;

 	if (!msg) {
 		if (error == 0) {
@ -180,16 +191,13 @@ static int ipaccess_bsc_cb(struct bsc_fd *bfd, unsigned int what)
 		return -1;
 	}

-	DEBUGP(DMSC, "MSG from BSC: %s proto: %d\n", hexdump(msg->data, msg->len), msg->l2h[0]);

-	/* handle base message handling */
-	hh = (struct ipaccess_head *) msg->data;
+	DEBUGP(DMSC, "MSG from BSC: %s proto: %d\n", hexdump(msg->data, msg->len), msg->l2h[0]);

 	/* Handle messages from the BSC */
 	/* FIXME: Currently no PONG is sent to the BSC */
 	/* FIXME: Currently no ID ACK is sent to the BSC */
-	if (hh->proto == IPAC_PROTO_SCCP)
-		forward_sccp_to_msc(msg);
+	forward_sccp_to_msc(msg);

 	return 0;
 }