28e2988ce2
nat: Add the OSMO NAT to the build process.
2010-06-15 20:31:43 +08:00
434a1fd84e
nat: Make the test compile, no bssap.c, use log_target
2010-06-15 20:31:43 +08:00
1398f13a64
nat: Attempt to update the VTY usage to the latest version
...
* Install the show commands to be available in the enable mode as well
* Provide a copyright header..
2010-06-15 20:31:35 +08:00
69d801e23a
nat: Do not use the bssap.h include as it does not exist in this branch.
2010-06-15 20:24:21 +08:00
9b0550ce4c
[mgcp] Build a libmgcp.a and link to it.
2010-06-15 20:24:21 +08:00
ab52c84889
nat: Add NAT_NODE and BSC_NODE for the nat
...
Implement the go to parent and exit functions for the nat.
2010-06-15 20:24:21 +08:00
3d73e0d235
nat: Register a debug region for the nat.
2010-06-15 20:24:21 +08:00
27d36de3b9
nat: Fix the access-list-name command...
...
We have added two commands with the same name to the tree..
the second one should have been the BSC...
2010-06-15 20:24:21 +08:00
26c3a358d6
nat: Add both entries to the tail to keep the order they are inserted
2010-06-15 20:24:21 +08:00
d77c8171aa
nat: Allow to specify multiple entries in the access-list...
...
Inside the access-list we have a list of entries that have
either one allow or one deny rule... we do not allow to remove
a single rule but one has to remove the whole list, in that case
talloc will handle cleaning all entries.
Right now the matching is O(n*m) as we traverse the list
(multiple times) and run the regexp multiple times. One
way to make it faster would be to concat all regexps into
one.
2010-06-15 20:24:21 +08:00
29c67039fe
nat: Shorten the access-list struct and method names (still way too long)
2010-06-15 20:24:21 +08:00
e4900a074a
[nat] Implement the removal of an access-list.
2010-06-15 20:24:21 +08:00
f0c3e912e3
[nat] Fix the parsing of the access-list regexp...
...
We need to start at argv[1] for the regexp of
this access-list, also subtract one from number
of items..
2010-06-15 20:24:21 +08:00
86c4dc3a0e
[nat] Fix VTY bug with access-lists...
...
vty->index does not hold a BSC Config at this point as we are
on the nat level... use the global _nat pointer for now...
2010-06-15 20:24:21 +08:00
8affef5059
[nat] Introduce the concept of access-list
...
One can set one access-list to one BSC and one
access-list to one NAT. The matching of IMSIs
remains the same for now, also applying the
white/blacklist. Access lists can not be deleted
for now and no perf opt is done (e.g. one could
cache the result of the last lookup in the bsc
struct).
2010-06-15 20:24:21 +08:00
078321aaae
[nat] Add ip-tos option to the nat.
...
This is applied to all incoming BSC connections.
2010-06-15 20:24:21 +08:00
ca999a989d
msc: Add msc ip-tos NR option for the BSC
...
Allow to set the TOS field via the VTY interface. The
SO_PRIORITY was not used as it has no effect on the
packets being sent (in contrast to the documentation).
2010-06-15 20:24:20 +08:00
b71c23bb0a
[nat] Make the refusal more complicated to support more MSCs
...
We will need to confirm the connection, then we can send the
GSM48 message, then we need to close the connection... the
embedding in the refusal method was way too easy..
2010-06-15 20:24:20 +08:00
fa20c94456
[nat] Make create_sccp_src_ref return the SCCP Connection.
...
Right now it was not possible to just find a connection, by returning
the connection that is created we will have direct access to it. It
will be used by the local connection handling.
2010-06-15 20:24:20 +08:00
e1fb5670cd
[nat] Remove parameter that is never accessed directly
...
The msgb needs to be around when we access the parsed structure
but that needs to be guranteed by the caller handing out the parsed
structure.
2010-06-15 20:24:20 +08:00
c58da4b374
[nat] Add the notion of a "local" connection.
...
A local connection is only between the MUX and the real BSC. We will
not forward anything to the MSC. This will be needed for the IMSI
filtering as sending a CREF is not liked by every BSC...
2010-06-15 20:24:20 +08:00
605f62a16a
[nat] Do not access the con after the removal
...
In case of a RLC message we will destroy the SCCP connection. This means
that accessing the con and con->bsc will access old memory. Keep the status
local and move the con into an inner scope.
2010-06-15 20:24:20 +08:00
ed775e4c1d
[nat] Send a GSM48 message within the reject message
2010-06-15 20:24:20 +08:00
91246d724f
[nat] Move the SCCP CREF handling into a new method.
...
We will need to generate messages with a proper reason
and it is easier to do that from a dedicated method.
2010-06-15 20:24:20 +08:00
234d31218f
[nat] Use and print the connection type of a SCCP connection.
2010-06-15 20:24:20 +08:00
19c0a84fb8
[nat] Set the connection type/reason as out parameter
...
We are analyzing each CR message and it is nice to know the
reason these connections were created. Change the nat method.
2010-06-15 20:24:20 +08:00
66e1ef73c8
[nat] Use the new gsm48 method to parse the MI followed by a classmark.
2010-06-15 20:24:20 +08:00
1f38747cf1
[nat] Let IMSI DETACH and other messages pass by.
2010-06-15 20:24:20 +08:00
48945b18cd
[nat] Print on which BSC config this happend.
2010-06-15 20:24:20 +08:00
f192498885
[nat] Parse the PAGING RESPONSE inside a CR message as well.
...
Now we are parsing a CM Service Request, Location Updating Request
and the Paging Response. For all other messages we claim to not
support it and force a refuse.
2010-06-15 20:24:20 +08:00
87ef2f27e4
[nat] Check proto descriptor and the message type
2010-06-15 20:24:19 +08:00
bcb32a4ad9
[nat] Add code to filter the CM Service Request by IMSI.
...
The code should be shared among the GSM0408 implementation
and this one, and like the LU we are not handling a TMSI
properly as we have no idea where it is coming from.
2010-06-15 20:24:19 +08:00
5f10c6d6f4
[nat] Mention where the MSG is coming from.
2010-06-15 20:24:19 +08:00
e6dfb18a79
[sccp/nat] Make it optional to send data on a SCCP Connection Refuse
...
This can be used to send a Location Updating Reject down to the
BSC when it is clear that a subscriber is not allowed.
2010-06-15 20:24:19 +08:00
f1012a432c
[nat] Remove the imsi allow option on the nat level.
...
For now we have:
1.) bsc imsi deny to deny at the BSC level
2.) bsc imsi allow to allow a SIM at the BSC level
3.) nat imsi deny to deny at the global level
2010-06-15 20:24:19 +08:00
1498d2e182
[nat] Separate exit2/exit3 as this can not be shared...
...
We have tried to send a refuse for arbitary things and ended
up with a segfault... separate the exi2 and exit3 label to have
separate exits and cleanups.
2010-06-15 20:24:19 +08:00
e635dab52f
[nat] Add a token to the nat config and handle ID GET
...
This allows to chain a nat with a nat by answering to the
id get code and sending the token.
2010-06-15 20:24:19 +08:00
f76e7ef5e1
[bsc_msc] Move the id get response into the bsc_msc.c
...
Create the message in a common place and then it can be used
by tools having an a link or such.
2010-06-15 20:24:19 +08:00
52c4ba0309
[nat] Add a regexp test command to the VTY.
...
This allows to test the regexp to be used for allo/deny of
the imsi filter.
2010-06-15 20:24:19 +08:00
a0aeaa799e
[nat] Fix the regexp of the test and the command line.
2010-06-15 20:24:19 +08:00
3df0233e5d
[nat] Fix the imsi deny config write.
2010-06-15 20:24:19 +08:00
9cc1b83c54
[nat] We do not want to see the actual matches.
2010-06-15 20:24:19 +08:00
b606101011
[nat] Allow to set the description for the bsc.
...
This will allow to add description to each BSC.
2010-06-15 20:24:19 +08:00
34a96aeb32
[nat] Implement IMSI filtering...
2010-06-15 20:24:18 +08:00
f830322846
[nat] Fix the size check of the LU Request.
2010-06-15 20:24:18 +08:00
12dc89ad37
[nat] Make the string -> regexp parsing public
...
This way it can be used from within a test case to test
the regexps..
2010-06-15 20:24:18 +08:00
290ed9a98c
nat: Add code to parse the SCCP optional data.
...
First we have the Complete Layer3 Information, then we have
the IE for the Layer3 information, then the GSM48 hdr, then
the actual content with data. Right now we are parsing the
LU but we are not filtering anything yet.
2010-06-15 20:24:18 +08:00
0c08db17bf
nat: Start to add a test case.. with one CR message.
2010-06-15 20:24:18 +08:00
b4af5c9b57
nat: Introduce a nat filter that is working on the CR message.
...
Currently there is no implementation but the refusal code is
in place and will send a refusal back to the BSC.
2010-06-15 20:24:18 +08:00
d8b82066fa
[nat] Use A.B.C.D for the IP address
...
The VTY code will then be able to validate the IP Address.
2010-06-15 20:24:18 +08:00
Holger Hans Peter Freyther