From: Holger Hans Peter Freyther <holger(a)moiji-mobile.com>
In case the token was not correct, just close the connection.
It is not clear that forcing a new TCP connection is going to
give us any extra security here. But with the upcoming auth
handling it does make sense to have both case look similar.
---
openbsc/src/osmo-bsc_nat/bsc_nat.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/openbsc/src/osmo-bsc_nat/bsc_nat.c b/openbsc/src/osmo-bsc_nat/bsc_nat.c
index 2f186b2..9216654 100644
--- a/openbsc/src/osmo-bsc_nat/bsc_nat.c
+++ b/openbsc/src/osmo-bsc_nat/bsc_nat.c
@@ -985,6 +985,7 @@ static void ipaccess_auth_bsc(struct tlv_parsed *tvp, struct
bsc_connection *bsc
LOGP(DNAT, LOGL_ERROR,
"No bsc found for token '%s' on fd: %d.\n", token,
bsc->write_queue.bfd.fd);
+ bsc_close_connection(bsc);
return;
}
--
2.3.5