osmo-bsc[master]: bsc filter: don't ignore imsi-allow on "global" filter level

This is merely a historical archive of years 2008-2021, before the migration to mailman3.

A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.

Neels Hofmeyr gerrit-no-reply at lists.osmocom.org
Fri Nov 10 23:46:28 UTC 2017


Patch Set 1:

(1 comment)

https://gerrit.osmocom.org/#/c/4750/1/src/libfilter/bsc_msg_filter.c
File src/libfilter/bsc_msg_filter.c:

Line 208: 	return 1;
> But that was "the global allow". So It might make sense to have an access-l
The above "allow" check does change the semantics significantly: In order to be able to deny anything, we need *some* deny rule. Without a deny rule, we always end up accepting everything; either we allow before, or we hit this 'return 1'. Now, *with* a deny rule in place, say a "deny .*", which acts as the default you propose, we would deny all IMSIs and never reach this 'return 1', unless we allow some IMSIs before that and exit early. So before this patch, you can either compose a deny regex that matches all IMSIs except the ones you want to allow (usually rather cumbersome), or you're stuck on allowing all or nothing. After this patch you can conveniently pick IMSI prefixes to allow, rather than having to negate a deny regex.


-- 
To view, visit https://gerrit.osmocom.org/4750
To unsubscribe, visit https://gerrit.osmocom.org/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: Idb6c8dd62aa90666ba6fcd213f59d79f5498da3f
Gerrit-PatchSet: 1
Gerrit-Project: osmo-bsc
Gerrit-Branch: master
Gerrit-Owner: Neels Hofmeyr <nhofmeyr at sysmocom.de>
Gerrit-Reviewer: Harald Welte <laforge at gnumonks.org>
Gerrit-Reviewer: Holger Freyther <holger at freyther.de>
Gerrit-Reviewer: Jenkins Builder
Gerrit-Reviewer: Neels Hofmeyr <nhofmeyr at sysmocom.de>
Gerrit-HasComments: Yes



More information about the gerrit-log mailing list