ShaYmez
/
HBLink
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Added per-timeslot ACLs 

WILL BREAK OLD CONFIGURATIONS!!!
This commit is contained in:
Cort Buffington 2018-06-19 16:03:08 -05:00
parent df264042d6
commit dc826bac59
3 changed files with 89 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
acl.py
View File

@ -1,3 +1,21 @@
###############################################################################
# Copyright (C) 2018 Cortney T. Buffington, N0MJS <n0mjs@me.com>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software Foundation,
# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
###############################################################################
from dmr_utils.utils import int_id
# Lowest possible Subscirber and/or talkgroup IDs allowed by ETSI standard
@ -55,22 +73,32 @@ if __name__ == '__main__':
ACL = {
'SUB': {
'K0USY': 'PERMIT:1-5,3120101,3120124'
'K0USY': {
1: 'PERMIT:1-5,3120101,3120124',
2: 'DENY:1-5,3120101,3120124'
}
},
'TGID': {
'GLOBAL': 'DENY:ALL',
'K0USY': 'PERMIT:1-5,3120,31201'
'GLOBAL': {
1: 'PERMIT:ALL',
2: 'DENY:ALL'
},
'K0USY': {
1: 'PERMIT:1-5,3120,31201',
2: 'DENY:1-5,3120,31201'
}
}
}
for acl in ACL:
if 'GLOBAL' not in ACL[acl]:
ACL[acl].update({'GLOBAL':'PERMIT:ALL'})
ACL[acl].update({'GLOBAL': {1:'PERMIT:ALL',2:'PERMIT:ALL'}})
for acltype in ACL[acl]:
ACL[acl][acltype] = acl_build(ACL[acl][acltype])
for slot in ACL[acl][acltype]:
ACL[acl][acltype][slot] = acl_build(ACL[acl][acltype][slot])
pprint(ACL)
print
print(acl_check('\x00\x00\x01', ACL['TGID']['GLOBAL']))
print(acl_check('\x00\x00\x01', ACL['TGID']['K0USY']))
print(acl_check('\x00\x00\x01', ACL['TGID']['GLOBAL'][1]))
print(acl_check('\x00\x00\x01', ACL['TGID']['K0USY'][2]))

39
hb_bridge_all.py
View File

@ -141,28 +141,28 @@ class bridgeallSYSTEM(HBSYSTEM):
if _call_type == 'group':
# Check for GLOBAL Subscriber ID ACL Match
if acl_check(_rf_src, ACL['SID']['GLOBAL']) == False:
if acl_check(_rf_src, ACL['SID']['GLOBAL'][_slot]) == False:
if (_stream_id != self.STATUS[_slot]['RX_STREAM_ID']):
self._logger.warning('(%s) Group Voice Call ***REJECTED BY INGRESS GLOBAL ACL*** SID: %s HBP, Peer %s', self._system, int_id(_rf_src), int_id(_radio_id))
self._logger.warning('(%s) Group Voice Call ***REJECTED BY INGRESS GLOBAL ACL*** SID: %s SLOT: %s HBP Peer %s', self._system, int_id(_rf_src), _slot, int_id(_radio_id))
self.STATUS[_slot]['RX_STREAM_ID'] = _stream_id
return
# Check for SYSTEM Subscriber ID ACL Match
if acl_check(_rf_src, ACL['SID'][self._system]) == False:
if acl_check(_rf_src, ACL['SID'][self._system][_slot]) == False:
if (_stream_id != self.STATUS[_slot]['RX_STREAM_ID']):
self._logger.warning('(%s) Group Voice Call ***REJECTED BY INGRESS SYSTEM ACL*** SID: %s HBP, Peer %s', self._system, int_id(_rf_src), int_id(_radio_id))
self._logger.warning('(%s) Group Voice Call ***REJECTED BY INGRESS SYSTEM ACL*** SID: %s SLOT: %s HBP Peer %s', self._system, int_id(_rf_src), _slot, int_id(_radio_id))
self.STATUS[_slot]['RX_STREAM_ID'] = _stream_id
return
# Check for GLOBAL Talkgroup ID ACL Match
if acl_check(_dst_id, ACL['TGID']['GLOBAL']) == False:
if acl_check(_dst_id, ACL['TGID']['GLOBAL'][_slot]) == False:
if (_stream_id != self.STATUS[_slot]['RX_STREAM_ID']):
self._logger.warning('(%s) Group Voice Call ***REJECTED BY INGRESS GLOBAL ACL*** TGID: %s HBP, Peer %s', self._system, int_id(_dst_id), int_id(_radio_id))
self._logger.warning('(%s) Group Voice Call ***REJECTED BY INGRESS GLOBAL ACL*** TGID: %s SLOT: %s HBP Peer %s', self._system, int_id(_dst_id), _slot, int_id(_radio_id))
self.STATUS[_slot]['RX_STREAM_ID'] = _stream_id
return
# Check for SYSTEM Talkgroup ID ID ACL Match
if acl_check(_dst_id, ACL['TGID'][self._system]) == False:
if acl_check(_dst_id, ACL['TGID'][self._system][_slot]) == False:
if (_stream_id != self.STATUS[_slot]['RX_STREAM_ID']):
self._logger.warning('(%s) Group Voice Call ***REJECTED BY INGRESS SYSTEM ACL*** TGID: %s HBP, Peer %s', self._system, int_id(_dst_id), int_id(_radio_id))
self._logger.warning('(%s) Group Voice Call ***REJECTED BY INGRESS SYSTEM ACL*** TGID: %s SLOT: %s HBP Peer %s', self._system, int_id(_dst_id), _slot, int_id(_radio_id))
self.STATUS[_slot]['RX_STREAM_ID'] = _stream_id
return
@ -193,28 +193,28 @@ class bridgeallSYSTEM(HBSYSTEM):
_target_system = self._CONFIG['SYSTEMS'][_target]
# Check for GLOBAL Subscriber ID ACL Match
if acl_check(_rf_src, ACL['SID']['GLOBAL']) == False:
if acl_check(_rf_src, ACL['SID']['GLOBAL'][_slot]) == False:
if (_stream_id != _target_status[_slot]['TX_STREAM_ID']):
self._logger.warning('(%s) Group Voice Call ***REJECTED BY EGRESS GLOBAL ACL*** SID: %s HBP, Peer %s', _target, int_id(_rf_src), int_id(_radio_id))
self._logger.warning('(%s) Group Voice Call ***REJECTED BY EGRESS GLOBAL ACL*** SID: %s SLOT: %s HBP Peer %s', _target, int_id(_rf_src), _slot, int_id(_radio_id))
_target_status[_slot]['TX_STREAM_ID'] = _stream_id
return
# Check for SYSTEM Subscriber ID ACL Match
if acl_check(_rf_src, ACL['SID'][_target]) == False:
if acl_check(_rf_src, ACL['SID'][_target][_slot]) == False:
if (_stream_id != _target_status[_slot]['TX_STREAM_ID']):
self._logger.warning('(%s) Group Voice Call ***REJECTED BY EGRESS SYSTEM ACL*** SID: %s HBP, Peer %s', _target, int_id(_rf_src), int_id(_radio_id))
self._logger.warning('(%s) Group Voice Call ***REJECTED BY EGRESS SYSTEM ACL*** SID: %s SLOT: %s HBP Peer %s', _target, int_id(_rf_src), _slot, int_id(_radio_id))
_target_status[_slot]['TX_STREAM_ID'] = _stream_id
return
# Check for GLOBAL Talkgroup ID ACL Match
if acl_check(_dst_id, ACL['TGID']['GLOBAL']) == False:
if acl_check(_dst_id, ACL['TGID']['GLOBAL'][_slot]) == False:
if (_stream_id != _target_status[_slot]['TX_STREAM_ID']):
self._logger.warning('(%s) Group Voice Call ***REJECTED BY EGRESS GLOBAL ACL*** TGID: %s HBP, Peer %s', _target, int_id(_dst_id), int_id(_radio_id))
self._logger.warning('(%s) Group Voice Call ***REJECTED BY EGRESS GLOBAL ACL*** TGID: %s SLOT: %s HBP Peer %s', _target, int_id(_dst_id), _slot, int_id(_radio_id))
_target_status[_slot]['TX_STREAM_ID'] = _stream_id
return
# Check for SYSTEM Talkgroup ID ID ACL Match
if acl_check(_dst_id, ACL['TGID'][_target]) == False:
if acl_check(_dst_id, ACL['TGID'][_target][_slot]) == False:
if (_stream_id != _target_status[_slot]['TX_STREAM_ID']):
self._logger.warning('(%s) Group Voice Call ***REJECTED BY EGRESS SYSTEM ACL*** TGID: %s HBP, Peer %s', _target, int_id(_dst_id), int_id(_radio_id))
self._logger.warning('(%s) Group Voice Call ***REJECTED BY EGRESS SYSTEM ACL*** TGID: %s HBP Peer %s', _target, int_id(_dst_id), int_id(_radio_id))
_target_status[_slot]['TX_STREAM_ID'] = _stream_id
return
@ -304,18 +304,19 @@ if __name__ == '__main__':
sys.exit(('TERMINATE: SID or TGID stanzas not in ACL!!! Exiting to save you grief later'))
if 'GLOBAL' not in ACL[acl_type]:
ACL[acl_type].update({'GLOBAL':'PERMIT:ALL'})
ACL[acl_type].update({'GLOBAL': {1:'PERMIT:ALL',2:'PERMIT:ALL'}})
for system_acl in ACL[acl_type]:
if system_acl not in CONFIG['SYSTEMS'] and system_acl != 'GLOBAL':
sys.exit(('TERMINATE: {} ACL configured for system {} that does not exist!!! Exiting to save you grief later'.format(acl_type, system_acl)))
ACL[acl_type][system_acl] = acl_build(ACL[acl_type][system_acl])
for slot in ACL[acl_type][system_acl]:
ACL[acl_type][system_acl][slot] = acl_build(ACL[acl_type][system_acl][slot])
for system in CONFIG['SYSTEMS']:
for acl_type in ACL:
if system not in ACL[acl_type]:
logger.warning('No %s ACL for system %s - initializing \'PERMIT:ALL\'', acl_type, system)
ACL[acl_type].update({system: acl_build('PERMIT:ALL')})
ACL[acl_type].update({system: {1: acl_build('PERMIT:ALL'), 2: acl_build('PERMIT:ALL')}})
# HBlink instance creation

46
hb_bridge_all_rules_SAMPLE.py
View File

@ -18,23 +18,45 @@
# ACLs are applied both ingress AND egress
# If you omit GLOBAL or SYSTEM level ACLs, they will be initilzied
# automatically as "PERMIT:ALL"
# Each system (or global) has two sections 1 and 2, which correspond
# to timeslots 1 and 2 respectively
#
# EXAMPLE:
# ACL = {
# 'SID': {
# 'K0USY': 'PERMIT:1-5,3120101,3120124'
# },
# 'TGID': {
# 'GLOBAL': 'PERMIT:ALL',
# 'K0USY': 'DENY:1-5,3120,31201'
# }
# }
#ACL = {
# 'SID': {
# 'GLOBAL': {
# 1: 'PERMIT:ALL',
# 2: 'PERMIT:ALL'
# },
# 'LINK': {
# 1: 'DENY:3120121',
# 2: 'PERMIT:ALL'
# }
# },
# 'TGID': {
# 'GLOBAL': {
# 1: 'PERMIT:ALL',
# 2: 'PERMIT:ALL'
# },
# 'LINK': {
# 1: 'DENY:1-5,1616',
# 2: 'PERMIT:3120'
# }
# }
#}
ACL = {
'SID': {
'GLOBAL': 'PERMIT:ALL'
'GLOBAL': {
1: 'PERMIT:ALL',
2: 'PERMIT:ALL'
}
},
'TGID': {
'GLOBAL': 'PERMIT:ALL'
'GLOBAL': {
1: 'PERMIT:ALL',
2: 'PERMIT:ALL'
}
}
}
}