parent
df264042d6
commit
dc826bac59
42
acl.py
42
acl.py
|
@ -1,3 +1,21 @@
|
|||
###############################################################################
|
||||
# Copyright (C) 2018 Cortney T. Buffington, N0MJS <n0mjs@me.com>
|
||||
#
|
||||
# This program is free software; you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation; either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program; if not, write to the Free Software Foundation,
|
||||
# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
|
||||
###############################################################################
|
||||
|
||||
from dmr_utils.utils import int_id
|
||||
|
||||
# Lowest possible Subscirber and/or talkgroup IDs allowed by ETSI standard
|
||||
|
@ -55,22 +73,32 @@ if __name__ == '__main__':
|
|||
|
||||
ACL = {
|
||||
'SUB': {
|
||||
'K0USY': 'PERMIT:1-5,3120101,3120124'
|
||||
'K0USY': {
|
||||
1: 'PERMIT:1-5,3120101,3120124',
|
||||
2: 'DENY:1-5,3120101,3120124'
|
||||
}
|
||||
},
|
||||
'TGID': {
|
||||
'GLOBAL': 'DENY:ALL',
|
||||
'K0USY': 'PERMIT:1-5,3120,31201'
|
||||
'GLOBAL': {
|
||||
1: 'PERMIT:ALL',
|
||||
2: 'DENY:ALL'
|
||||
},
|
||||
'K0USY': {
|
||||
1: 'PERMIT:1-5,3120,31201',
|
||||
2: 'DENY:1-5,3120,31201'
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
for acl in ACL:
|
||||
if 'GLOBAL' not in ACL[acl]:
|
||||
ACL[acl].update({'GLOBAL':'PERMIT:ALL'})
|
||||
ACL[acl].update({'GLOBAL': {1:'PERMIT:ALL',2:'PERMIT:ALL'}})
|
||||
for acltype in ACL[acl]:
|
||||
ACL[acl][acltype] = acl_build(ACL[acl][acltype])
|
||||
for slot in ACL[acl][acltype]:
|
||||
ACL[acl][acltype][slot] = acl_build(ACL[acl][acltype][slot])
|
||||
|
||||
pprint(ACL)
|
||||
print
|
||||
|
||||
print(acl_check('\x00\x00\x01', ACL['TGID']['GLOBAL']))
|
||||
print(acl_check('\x00\x00\x01', ACL['TGID']['K0USY']))
|
||||
print(acl_check('\x00\x00\x01', ACL['TGID']['GLOBAL'][1]))
|
||||
print(acl_check('\x00\x00\x01', ACL['TGID']['K0USY'][2]))
|
|
@ -141,28 +141,28 @@ class bridgeallSYSTEM(HBSYSTEM):
|
|||
if _call_type == 'group':
|
||||
|
||||
# Check for GLOBAL Subscriber ID ACL Match
|
||||
if acl_check(_rf_src, ACL['SID']['GLOBAL']) == False:
|
||||
if acl_check(_rf_src, ACL['SID']['GLOBAL'][_slot]) == False:
|
||||
if (_stream_id != self.STATUS[_slot]['RX_STREAM_ID']):
|
||||
self._logger.warning('(%s) Group Voice Call ***REJECTED BY INGRESS GLOBAL ACL*** SID: %s HBP, Peer %s', self._system, int_id(_rf_src), int_id(_radio_id))
|
||||
self._logger.warning('(%s) Group Voice Call ***REJECTED BY INGRESS GLOBAL ACL*** SID: %s SLOT: %s HBP Peer %s', self._system, int_id(_rf_src), _slot, int_id(_radio_id))
|
||||
self.STATUS[_slot]['RX_STREAM_ID'] = _stream_id
|
||||
return
|
||||
# Check for SYSTEM Subscriber ID ACL Match
|
||||
if acl_check(_rf_src, ACL['SID'][self._system]) == False:
|
||||
if acl_check(_rf_src, ACL['SID'][self._system][_slot]) == False:
|
||||
if (_stream_id != self.STATUS[_slot]['RX_STREAM_ID']):
|
||||
self._logger.warning('(%s) Group Voice Call ***REJECTED BY INGRESS SYSTEM ACL*** SID: %s HBP, Peer %s', self._system, int_id(_rf_src), int_id(_radio_id))
|
||||
self._logger.warning('(%s) Group Voice Call ***REJECTED BY INGRESS SYSTEM ACL*** SID: %s SLOT: %s HBP Peer %s', self._system, int_id(_rf_src), _slot, int_id(_radio_id))
|
||||
self.STATUS[_slot]['RX_STREAM_ID'] = _stream_id
|
||||
return
|
||||
|
||||
# Check for GLOBAL Talkgroup ID ACL Match
|
||||
if acl_check(_dst_id, ACL['TGID']['GLOBAL']) == False:
|
||||
if acl_check(_dst_id, ACL['TGID']['GLOBAL'][_slot]) == False:
|
||||
if (_stream_id != self.STATUS[_slot]['RX_STREAM_ID']):
|
||||
self._logger.warning('(%s) Group Voice Call ***REJECTED BY INGRESS GLOBAL ACL*** TGID: %s HBP, Peer %s', self._system, int_id(_dst_id), int_id(_radio_id))
|
||||
self._logger.warning('(%s) Group Voice Call ***REJECTED BY INGRESS GLOBAL ACL*** TGID: %s SLOT: %s HBP Peer %s', self._system, int_id(_dst_id), _slot, int_id(_radio_id))
|
||||
self.STATUS[_slot]['RX_STREAM_ID'] = _stream_id
|
||||
return
|
||||
# Check for SYSTEM Talkgroup ID ID ACL Match
|
||||
if acl_check(_dst_id, ACL['TGID'][self._system]) == False:
|
||||
if acl_check(_dst_id, ACL['TGID'][self._system][_slot]) == False:
|
||||
if (_stream_id != self.STATUS[_slot]['RX_STREAM_ID']):
|
||||
self._logger.warning('(%s) Group Voice Call ***REJECTED BY INGRESS SYSTEM ACL*** TGID: %s HBP, Peer %s', self._system, int_id(_dst_id), int_id(_radio_id))
|
||||
self._logger.warning('(%s) Group Voice Call ***REJECTED BY INGRESS SYSTEM ACL*** TGID: %s SLOT: %s HBP Peer %s', self._system, int_id(_dst_id), _slot, int_id(_radio_id))
|
||||
self.STATUS[_slot]['RX_STREAM_ID'] = _stream_id
|
||||
return
|
||||
|
||||
|
@ -193,28 +193,28 @@ class bridgeallSYSTEM(HBSYSTEM):
|
|||
_target_system = self._CONFIG['SYSTEMS'][_target]
|
||||
|
||||
# Check for GLOBAL Subscriber ID ACL Match
|
||||
if acl_check(_rf_src, ACL['SID']['GLOBAL']) == False:
|
||||
if acl_check(_rf_src, ACL['SID']['GLOBAL'][_slot]) == False:
|
||||
if (_stream_id != _target_status[_slot]['TX_STREAM_ID']):
|
||||
self._logger.warning('(%s) Group Voice Call ***REJECTED BY EGRESS GLOBAL ACL*** SID: %s HBP, Peer %s', _target, int_id(_rf_src), int_id(_radio_id))
|
||||
self._logger.warning('(%s) Group Voice Call ***REJECTED BY EGRESS GLOBAL ACL*** SID: %s SLOT: %s HBP Peer %s', _target, int_id(_rf_src), _slot, int_id(_radio_id))
|
||||
_target_status[_slot]['TX_STREAM_ID'] = _stream_id
|
||||
return
|
||||
# Check for SYSTEM Subscriber ID ACL Match
|
||||
if acl_check(_rf_src, ACL['SID'][_target]) == False:
|
||||
if acl_check(_rf_src, ACL['SID'][_target][_slot]) == False:
|
||||
if (_stream_id != _target_status[_slot]['TX_STREAM_ID']):
|
||||
self._logger.warning('(%s) Group Voice Call ***REJECTED BY EGRESS SYSTEM ACL*** SID: %s HBP, Peer %s', _target, int_id(_rf_src), int_id(_radio_id))
|
||||
self._logger.warning('(%s) Group Voice Call ***REJECTED BY EGRESS SYSTEM ACL*** SID: %s SLOT: %s HBP Peer %s', _target, int_id(_rf_src), _slot, int_id(_radio_id))
|
||||
_target_status[_slot]['TX_STREAM_ID'] = _stream_id
|
||||
return
|
||||
|
||||
# Check for GLOBAL Talkgroup ID ACL Match
|
||||
if acl_check(_dst_id, ACL['TGID']['GLOBAL']) == False:
|
||||
if acl_check(_dst_id, ACL['TGID']['GLOBAL'][_slot]) == False:
|
||||
if (_stream_id != _target_status[_slot]['TX_STREAM_ID']):
|
||||
self._logger.warning('(%s) Group Voice Call ***REJECTED BY EGRESS GLOBAL ACL*** TGID: %s HBP, Peer %s', _target, int_id(_dst_id), int_id(_radio_id))
|
||||
self._logger.warning('(%s) Group Voice Call ***REJECTED BY EGRESS GLOBAL ACL*** TGID: %s SLOT: %s HBP Peer %s', _target, int_id(_dst_id), _slot, int_id(_radio_id))
|
||||
_target_status[_slot]['TX_STREAM_ID'] = _stream_id
|
||||
return
|
||||
# Check for SYSTEM Talkgroup ID ID ACL Match
|
||||
if acl_check(_dst_id, ACL['TGID'][_target]) == False:
|
||||
if acl_check(_dst_id, ACL['TGID'][_target][_slot]) == False:
|
||||
if (_stream_id != _target_status[_slot]['TX_STREAM_ID']):
|
||||
self._logger.warning('(%s) Group Voice Call ***REJECTED BY EGRESS SYSTEM ACL*** TGID: %s HBP, Peer %s', _target, int_id(_dst_id), int_id(_radio_id))
|
||||
self._logger.warning('(%s) Group Voice Call ***REJECTED BY EGRESS SYSTEM ACL*** TGID: %s HBP Peer %s', _target, int_id(_dst_id), int_id(_radio_id))
|
||||
_target_status[_slot]['TX_STREAM_ID'] = _stream_id
|
||||
return
|
||||
|
||||
|
@ -304,18 +304,19 @@ if __name__ == '__main__':
|
|||
sys.exit(('TERMINATE: SID or TGID stanzas not in ACL!!! Exiting to save you grief later'))
|
||||
|
||||
if 'GLOBAL' not in ACL[acl_type]:
|
||||
ACL[acl_type].update({'GLOBAL':'PERMIT:ALL'})
|
||||
ACL[acl_type].update({'GLOBAL': {1:'PERMIT:ALL',2:'PERMIT:ALL'}})
|
||||
|
||||
for system_acl in ACL[acl_type]:
|
||||
if system_acl not in CONFIG['SYSTEMS'] and system_acl != 'GLOBAL':
|
||||
sys.exit(('TERMINATE: {} ACL configured for system {} that does not exist!!! Exiting to save you grief later'.format(acl_type, system_acl)))
|
||||
ACL[acl_type][system_acl] = acl_build(ACL[acl_type][system_acl])
|
||||
for slot in ACL[acl_type][system_acl]:
|
||||
ACL[acl_type][system_acl][slot] = acl_build(ACL[acl_type][system_acl][slot])
|
||||
|
||||
for system in CONFIG['SYSTEMS']:
|
||||
for acl_type in ACL:
|
||||
if system not in ACL[acl_type]:
|
||||
logger.warning('No %s ACL for system %s - initializing \'PERMIT:ALL\'', acl_type, system)
|
||||
ACL[acl_type].update({system: acl_build('PERMIT:ALL')})
|
||||
ACL[acl_type].update({system: {1: acl_build('PERMIT:ALL'), 2: acl_build('PERMIT:ALL')}})
|
||||
|
||||
|
||||
# HBlink instance creation
|
||||
|
|
|
@ -18,23 +18,45 @@
|
|||
# ACLs are applied both ingress AND egress
|
||||
# If you omit GLOBAL or SYSTEM level ACLs, they will be initilzied
|
||||
# automatically as "PERMIT:ALL"
|
||||
# Each system (or global) has two sections 1 and 2, which correspond
|
||||
# to timeslots 1 and 2 respectively
|
||||
#
|
||||
# EXAMPLE:
|
||||
# ACL = {
|
||||
# 'SID': {
|
||||
# 'K0USY': 'PERMIT:1-5,3120101,3120124'
|
||||
# },
|
||||
# 'TGID': {
|
||||
# 'GLOBAL': 'PERMIT:ALL',
|
||||
# 'K0USY': 'DENY:1-5,3120,31201'
|
||||
# }
|
||||
# }
|
||||
#ACL = {
|
||||
# 'SID': {
|
||||
# 'GLOBAL': {
|
||||
# 1: 'PERMIT:ALL',
|
||||
# 2: 'PERMIT:ALL'
|
||||
# },
|
||||
# 'LINK': {
|
||||
# 1: 'DENY:3120121',
|
||||
# 2: 'PERMIT:ALL'
|
||||
# }
|
||||
# },
|
||||
# 'TGID': {
|
||||
# 'GLOBAL': {
|
||||
# 1: 'PERMIT:ALL',
|
||||
# 2: 'PERMIT:ALL'
|
||||
# },
|
||||
# 'LINK': {
|
||||
# 1: 'DENY:1-5,1616',
|
||||
# 2: 'PERMIT:3120'
|
||||
# }
|
||||
# }
|
||||
#}
|
||||
|
||||
ACL = {
|
||||
'SID': {
|
||||
'GLOBAL': 'PERMIT:ALL'
|
||||
'GLOBAL': {
|
||||
1: 'PERMIT:ALL',
|
||||
2: 'PERMIT:ALL'
|
||||
}
|
||||
},
|
||||
'TGID': {
|
||||
'GLOBAL': 'PERMIT:ALL'
|
||||
'GLOBAL': {
|
||||
1: 'PERMIT:ALL',
|
||||
2: 'PERMIT:ALL'
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue