Patch Set 1: (1 comment)
https://gerrit.osmocom.org/#/c/4750/1/src/libfilter/bsc_msg_filter.c File src/libfilter/bsc_msg_filter.c: Line 208: return 1; > But that was "the global allow". So It might make sense to have an access-l The above "allow" check does change the semantics significantly: In order to be able to deny anything, we need *some* deny rule. Without a deny rule, we always end up accepting everything; either we allow before, or we hit this 'return 1'. Now, *with* a deny rule in place, say a "deny .*", which acts as the default you propose, we would deny all IMSIs and never reach this 'return 1', unless we allow some IMSIs before that and exit early. So before this patch, you can either compose a deny regex that matches all IMSIs except the ones you want to allow (usually rather cumbersome), or you're stuck on allowing all or nothing. After this patch you can conveniently pick IMSI prefixes to allow, rather than having to negate a deny regex. -- To view, visit https://gerrit.osmocom.org/4750 To unsubscribe, visit https://gerrit.osmocom.org/settings Gerrit-MessageType: comment Gerrit-Change-Id: Idb6c8dd62aa90666ba6fcd213f59d79f5498da3f Gerrit-PatchSet: 1 Gerrit-Project: osmo-bsc Gerrit-Branch: master Gerrit-Owner: Neels Hofmeyr <[email protected]> Gerrit-Reviewer: Harald Welte <[email protected]> Gerrit-Reviewer: Holger Freyther <[email protected]> Gerrit-Reviewer: Jenkins Builder Gerrit-Reviewer: Neels Hofmeyr <[email protected]> Gerrit-HasComments: Yes
