nat: Make the access-list deny cause configurable

Add two optional arguments to the imsi-deny rule for the reject cause and verify that it is saved out.
2014-01-20 10:14:05 +01:00 · 2014-01-20 10:14:05 +01:00 · d8afce9b6d
parent 802cb5efc2
commit d8afce9b6d
2 changed files with 50 additions and 4 deletions
--- a/openbsc/src/osmo-bsc_nat/bsc_nat_vty.c
+++ b/openbsc/src/osmo-bsc_nat/bsc_nat_vty.c
@ -78,8 +78,10 @@ static void write_acc_lst(struct vty *vty, struct bsc_nat_acc_lst *lst)
 			vty_out(vty, " access-list %s imsi-allow %s%s",
 				lst->name, entry->imsi_allow, VTY_NEWLINE);
 		if (entry->imsi_deny)
-			vty_out(vty, " access-list %s imsi-deny %s%s",
-				lst->name, entry->imsi_deny, VTY_NEWLINE);
+			vty_out(vty, " access-list %s imsi-deny %s %d %d%s",
+				lst->name, entry->imsi_deny,
+				entry->cm_reject_cause, entry->lu_reject_cause,
+				VTY_NEWLINE);
 	}
 }

@ -870,11 +872,13 @@ DEFUN(cfg_lst_imsi_allow,

 DEFUN(cfg_lst_imsi_deny,
      cfg_lst_imsi_deny_cmd,
-      "access-list NAME imsi-deny [REGEXP]",
+      "access-list NAME imsi-deny [REGEXP] (<0-256>) (<0-256>)",
      "Access list commands\n"
      "Name of the access list\n"
      "Add denied IMSI to the list\n"
-      "Regexp for IMSIs\n")
+      "Regexp for IMSIs\n"
+      "CM Service Reject reason\n"
+      "LU Reject reason\n")
 {
 	struct bsc_nat_acc_lst *acc;
 	struct bsc_nat_acc_lst_entry *entry;
@ -889,6 +893,10 @@ DEFUN(cfg_lst_imsi_deny,

 	if (gsm_parse_reg(acc, &entry->imsi_deny_re, &entry->imsi_deny, argc - 1, &argv[1]) != 0)
 		return CMD_WARNING;
+	if (argc >= 3)
+		entry->cm_reject_cause = atoi(argv[2]);
+	if (argc >= 4)
+		entry->lu_reject_cause = atoi(argv[3]);
 	return CMD_SUCCESS;
 }

--- a/openbsc/tests/vty_test_runner.py
+++ b/openbsc/tests/vty_test_runner.py
@ -512,6 +512,44 @@ class TestVTYNAT(TestVTYGenericBSC):
        res = self.vty.verify("show ussd-connection", ['The USSD side channel provider is not connected and not authorized.'])
        self.assertTrue(res)

+    def testAccessList(self):
+        """
+        Verify that the imsi-deny can have a reject cause or no reject cause
+        """
+        self.vty.enable()
+        self.vty.command("configure terminal")
+        self.vty.command("nat")
+
+        # Old default
+        self.vty.command("access-list test-default imsi-deny ^123[0-9]*$")
+        res = self.vty.command("show running-config").split("\r\n")
+        asserted = False
+        for line in res:
+           if line.startswith(" access-list"):
+                self.assertEqual(line, " access-list test-default imsi-deny ^123[0-9]*$ 11 11")
+                asserted = True
+        self.assert_(asserted)
+
+        # Check the optional CM Service Reject Cause
+        self.vty.command("access-list test-cm-deny imsi-deny ^123[0-9]*$ 42").split("\r\n")
+        res = self.vty.command("show running-config").split("\r\n")
+        asserted = False
+        for line in res:
+           if line.startswith(" access-list test-cm"):
+                self.assertEqual(line, " access-list test-cm-deny imsi-deny ^123[0-9]*$ 42 11")
+                asserted = True
+        self.assert_(asserted)
+
+        # Check the optional LU Reject Cause
+        self.vty.command("access-list test-lu-deny imsi-deny ^123[0-9]*$ 23 42").split("\r\n")
+        res = self.vty.command("show running-config").split("\r\n")
+        asserted = False
+        for line in res:
+           if line.startswith(" access-list test-lu"):
+                self.assertEqual(line, " access-list test-lu-deny imsi-deny ^123[0-9]*$ 23 42")
+                asserted = True
+        self.assert_(asserted)
+
 class TestVTYGbproxy(TestVTYGenericBSC):

    def vty_command(self):