From 3f37b8fba3d0a644cedb9073ac36121f54bda49f Mon Sep 17 00:00:00 2001
From: Holger Hans Peter Freyther <zecke@selfish.org>
Date: Mon, 8 Feb 2010 23:24:32 +0100
Subject: [PATCH] [nat] Do not forward messages from and to BSC when it is not
 authenticated

* Start using the authenticated bit in the BSC connection. This means
  that currently no messages are forwarded to the MSC from unauthenticated
  BSCs.
---
 openbsc/src/nat/bsc_nat.c | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/openbsc/src/nat/bsc_nat.c b/openbsc/src/nat/bsc_nat.c
index 016e06eeb..aee009545 100644
--- a/openbsc/src/nat/bsc_nat.c
+++ b/openbsc/src/nat/bsc_nat.c
@@ -308,11 +308,19 @@ static int forward_sccp_to_bts(struct msgb *msg)
 	talloc_free(parsed);
 	if (!bsc)
 		return -1;
+	if (!bsc->authenticated) {
+		LOGP(DNAT, LOGL_ERRO, "Selected BSC not authenticated.\n");
+		return -1;
+	}
+
 	return write(bsc->bsc_fd.fd, msg->data, msg->len);
 
 send_to_all:
 	/* currently send this to every BSC connected */
 	llist_for_each_entry(bsc, &nat->bsc_connections, list_entry) {
+		if (!bsc->authenticated)
+			continue;
+
 		rc = write(bsc->bsc_fd.fd, msg->data, msg->len);
 
 		/* try the next one */
@@ -436,6 +444,11 @@ static int forward_sccp_to_msc(struct bsc_fd *bfd, struct msgb *msg)
 		goto exit2;
 	}
 
+	if (!bsc->authenticated) {
+		LOGP(DNAT, LOGL_ERROR, "BSC is not authenticated.\n");
+		goto exit2;
+	}
+
 	/* send the non-filtered but maybe modified msg */
 	rc = write(msc_connection.fd, msg->data, msg->len);
 	talloc_free(parsed);