filter: Put all the parameters in a struct to avoid order issues
With the "local" and "global" list name we might pick the wrong argument. Avoid it by passing them as a struct.
This commit is contained in:
parent
a0478814bc
commit
71857d7242
|
@ -38,6 +38,14 @@
|
||||||
|
|
||||||
#include <osmocom/sccp/sccp.h>
|
#include <osmocom/sccp/sccp.h>
|
||||||
|
|
||||||
|
struct filter_request {
|
||||||
|
struct rb_root *black_list;
|
||||||
|
struct llist_head *access_lists;
|
||||||
|
const char *local_lst_name;
|
||||||
|
const char *global_lst_name;
|
||||||
|
int bsc_nr;
|
||||||
|
};
|
||||||
|
|
||||||
int bsc_filter_barr_find(struct rb_root *root, const char *imsi, int *cm, int *lu)
|
int bsc_filter_barr_find(struct rb_root *root, const char *imsi, int *cm, int *lu)
|
||||||
{
|
{
|
||||||
struct bsc_filter_barr_entry *n;
|
struct bsc_filter_barr_entry *n;
|
||||||
|
@ -142,10 +150,8 @@ static int lst_check_deny(struct bsc_msg_acc_lst *lst, const char *mi_string,
|
||||||
}
|
}
|
||||||
|
|
||||||
/* apply white/black list */
|
/* apply white/black list */
|
||||||
static int auth_imsi(struct rb_root *black_list,
|
static int auth_imsi(struct filter_request *req,
|
||||||
struct llist_head *access_lists,
|
const char *imsi,
|
||||||
const char *local_lst_name, const char *global_lst_name,
|
|
||||||
int bsc_nr, const char *imsi,
|
|
||||||
struct bsc_filter_reject_cause *cause)
|
struct bsc_filter_reject_cause *cause)
|
||||||
{
|
{
|
||||||
/*
|
/*
|
||||||
|
@ -161,7 +167,7 @@ static int auth_imsi(struct rb_root *black_list,
|
||||||
struct bsc_msg_acc_lst *bsc_lst = NULL;
|
struct bsc_msg_acc_lst *bsc_lst = NULL;
|
||||||
|
|
||||||
/* 1. global check for barred imsis */
|
/* 1. global check for barred imsis */
|
||||||
if (bsc_filter_barr_find(black_list, imsi, &cm, &lu)) {
|
if (bsc_filter_barr_find(req->black_list, imsi, &cm, &lu)) {
|
||||||
cause->cm_reject_cause = cm;
|
cause->cm_reject_cause = cm;
|
||||||
cause->lu_reject_cause = lu;
|
cause->lu_reject_cause = lu;
|
||||||
LOGP(DNAT, LOGL_DEBUG,
|
LOGP(DNAT, LOGL_DEBUG,
|
||||||
|
@ -171,8 +177,8 @@ static int auth_imsi(struct rb_root *black_list,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
bsc_lst = bsc_msg_acc_lst_find(access_lists, local_lst_name);
|
bsc_lst = bsc_msg_acc_lst_find(req->access_lists, req->local_lst_name);
|
||||||
nat_lst = bsc_msg_acc_lst_find(access_lists, global_lst_name);
|
nat_lst = bsc_msg_acc_lst_find(req->access_lists, req->global_lst_name);
|
||||||
|
|
||||||
|
|
||||||
if (bsc_lst) {
|
if (bsc_lst) {
|
||||||
|
@ -183,7 +189,7 @@ static int auth_imsi(struct rb_root *black_list,
|
||||||
/* 3. BSC deny */
|
/* 3. BSC deny */
|
||||||
if (lst_check_deny(bsc_lst, imsi, &cm, &lu) == 0) {
|
if (lst_check_deny(bsc_lst, imsi, &cm, &lu) == 0) {
|
||||||
LOGP(DNAT, LOGL_ERROR,
|
LOGP(DNAT, LOGL_ERROR,
|
||||||
"Filtering %s by imsi_deny on config nr: %d.\n", imsi, bsc_nr);
|
"Filtering %s by imsi_deny on config nr: %d.\n", imsi, req->bsc_nr);
|
||||||
rate_ctr_inc(&bsc_lst->stats->ctr[ACC_LIST_LOCAL_FILTER]);
|
rate_ctr_inc(&bsc_lst->stats->ctr[ACC_LIST_LOCAL_FILTER]);
|
||||||
cause->cm_reject_cause = cm;
|
cause->cm_reject_cause = cm;
|
||||||
cause->lu_reject_cause = lu;
|
cause->lu_reject_cause = lu;
|
||||||
|
@ -196,7 +202,7 @@ static int auth_imsi(struct rb_root *black_list,
|
||||||
if (nat_lst) {
|
if (nat_lst) {
|
||||||
if (lst_check_deny(nat_lst, imsi, &cm, &lu) == 0) {
|
if (lst_check_deny(nat_lst, imsi, &cm, &lu) == 0) {
|
||||||
LOGP(DNAT, LOGL_ERROR,
|
LOGP(DNAT, LOGL_ERROR,
|
||||||
"Filtering %s global imsi_deny on bsc nr: %d.\n", imsi, bsc_nr);
|
"Filtering %s global imsi_deny on bsc nr: %d.\n", imsi, req->bsc_nr);
|
||||||
rate_ctr_inc(&nat_lst->stats->ctr[ACC_LIST_GLOBAL_FILTER]);
|
rate_ctr_inc(&nat_lst->stats->ctr[ACC_LIST_GLOBAL_FILTER]);
|
||||||
cause->cm_reject_cause = cm;
|
cause->cm_reject_cause = cm;
|
||||||
cause->lu_reject_cause = lu;
|
cause->lu_reject_cause = lu;
|
||||||
|
@ -300,7 +306,7 @@ static int _cr_check_pag_resp(struct bsc_connection *bsc,
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int _dt_check_id_resp(struct bsc_connection *bsc,
|
static int _dt_check_id_resp(struct filter_request *req,
|
||||||
uint8_t *data, unsigned int length,
|
uint8_t *data, unsigned int length,
|
||||||
struct nat_sccp_connection *con,
|
struct nat_sccp_connection *con,
|
||||||
struct bsc_filter_reject_cause *cause)
|
struct bsc_filter_reject_cause *cause)
|
||||||
|
@ -326,10 +332,7 @@ static int _dt_check_id_resp(struct bsc_connection *bsc,
|
||||||
|
|
||||||
con->imsi_checked = 1;
|
con->imsi_checked = 1;
|
||||||
con->imsi = talloc_strdup(con, mi_string);
|
con->imsi = talloc_strdup(con, mi_string);
|
||||||
return auth_imsi(&bsc->nat->imsi_black_list,
|
return auth_imsi(req, mi_string, cause);
|
||||||
&bsc->nat->access_lists,
|
|
||||||
bsc->cfg->acc_lst_name, bsc->nat->acc_lst_name,
|
|
||||||
bsc->cfg->nr, mi_string, cause);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -339,6 +342,7 @@ int bsc_msg_filter_initial(struct gsm48_hdr *hdr48, size_t hdr48_len,
|
||||||
int *con_type,
|
int *con_type,
|
||||||
char **imsi, struct bsc_filter_reject_cause *cause)
|
char **imsi, struct bsc_filter_reject_cause *cause)
|
||||||
{
|
{
|
||||||
|
struct filter_request req;
|
||||||
int ret = 0;
|
int ret = 0;
|
||||||
uint8_t msg_type, proto;
|
uint8_t msg_type, proto;
|
||||||
|
|
||||||
|
@ -380,10 +384,12 @@ int bsc_msg_filter_initial(struct gsm48_hdr *hdr48, size_t hdr48_len,
|
||||||
return -1;
|
return -1;
|
||||||
|
|
||||||
/* now check the imsi */
|
/* now check the imsi */
|
||||||
return auth_imsi(&bsc->nat->imsi_black_list,
|
req.black_list = &bsc->nat->imsi_black_list;
|
||||||
&bsc->nat->access_lists,
|
req.access_lists = &bsc->nat->access_lists;
|
||||||
bsc->cfg->acc_lst_name, bsc->nat->acc_lst_name,
|
req.local_lst_name = bsc->cfg->acc_lst_name;
|
||||||
bsc->cfg->nr, *imsi, cause);
|
req.global_lst_name = bsc->nat->acc_lst_name;
|
||||||
|
req.bsc_nr = bsc->cfg->nr;
|
||||||
|
return auth_imsi(&req, *imsi, cause);
|
||||||
}
|
}
|
||||||
|
|
||||||
int bsc_msg_filter_data(struct gsm48_hdr *hdr48, size_t len,
|
int bsc_msg_filter_data(struct gsm48_hdr *hdr48, size_t len,
|
||||||
|
@ -391,6 +397,7 @@ int bsc_msg_filter_data(struct gsm48_hdr *hdr48, size_t len,
|
||||||
struct nat_sccp_connection *con,
|
struct nat_sccp_connection *con,
|
||||||
struct bsc_filter_reject_cause *cause)
|
struct bsc_filter_reject_cause *cause)
|
||||||
{
|
{
|
||||||
|
struct filter_request req;
|
||||||
uint8_t msg_type, proto;
|
uint8_t msg_type, proto;
|
||||||
|
|
||||||
cause->cm_reject_cause = GSM48_REJECT_PLMN_NOT_ALLOWED;
|
cause->cm_reject_cause = GSM48_REJECT_PLMN_NOT_ALLOWED;
|
||||||
|
@ -404,6 +411,11 @@ int bsc_msg_filter_data(struct gsm48_hdr *hdr48, size_t len,
|
||||||
if (proto != GSM48_PDISC_MM || msg_type != GSM48_MT_MM_ID_RESP)
|
if (proto != GSM48_PDISC_MM || msg_type != GSM48_MT_MM_ID_RESP)
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
return _dt_check_id_resp(bsc, &hdr48->data[0],
|
req.black_list = &bsc->nat->imsi_black_list;
|
||||||
|
req.access_lists = &bsc->nat->access_lists;
|
||||||
|
req.local_lst_name = bsc->cfg->acc_lst_name;
|
||||||
|
req.global_lst_name = bsc->nat->acc_lst_name;
|
||||||
|
req.bsc_nr = bsc->cfg->nr;
|
||||||
|
return _dt_check_id_resp(&req, &hdr48->data[0],
|
||||||
len - sizeof(*hdr48), con, cause);
|
len - sizeof(*hdr48), con, cause);
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue