diff --git a/acl.py b/acl.py index f392f1b..1c10ae6 100644 --- a/acl.py +++ b/acl.py @@ -1,3 +1,21 @@ +############################################################################### +# Copyright (C) 2018 Cortney T. Buffington, N0MJS +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA +############################################################################### + from dmr_utils.utils import int_id # Lowest possible Subscirber and/or talkgroup IDs allowed by ETSI standard @@ -55,22 +73,32 @@ if __name__ == '__main__': ACL = { 'SUB': { - 'K0USY': 'PERMIT:1-5,3120101,3120124' + 'K0USY': { + 1: 'PERMIT:1-5,3120101,3120124', + 2: 'DENY:1-5,3120101,3120124' + } }, 'TGID': { - 'GLOBAL': 'DENY:ALL', - 'K0USY': 'PERMIT:1-5,3120,31201' + 'GLOBAL': { + 1: 'PERMIT:ALL', + 2: 'DENY:ALL' + }, + 'K0USY': { + 1: 'PERMIT:1-5,3120,31201', + 2: 'DENY:1-5,3120,31201' + } } } for acl in ACL: if 'GLOBAL' not in ACL[acl]: - ACL[acl].update({'GLOBAL':'PERMIT:ALL'}) + ACL[acl].update({'GLOBAL': {1:'PERMIT:ALL',2:'PERMIT:ALL'}}) for acltype in ACL[acl]: - ACL[acl][acltype] = acl_build(ACL[acl][acltype]) + for slot in ACL[acl][acltype]: + ACL[acl][acltype][slot] = acl_build(ACL[acl][acltype][slot]) pprint(ACL) print - print(acl_check('\x00\x00\x01', ACL['TGID']['GLOBAL'])) - print(acl_check('\x00\x00\x01', ACL['TGID']['K0USY'])) \ No newline at end of file + print(acl_check('\x00\x00\x01', ACL['TGID']['GLOBAL'][1])) + print(acl_check('\x00\x00\x01', ACL['TGID']['K0USY'][2])) \ No newline at end of file diff --git a/hb_bridge_all.py b/hb_bridge_all.py index 5fc7e5c..94d95cb 100755 --- a/hb_bridge_all.py +++ b/hb_bridge_all.py @@ -141,28 +141,28 @@ class bridgeallSYSTEM(HBSYSTEM): if _call_type == 'group': # Check for GLOBAL Subscriber ID ACL Match - if acl_check(_rf_src, ACL['SID']['GLOBAL']) == False: + if acl_check(_rf_src, ACL['SID']['GLOBAL'][_slot]) == False: if (_stream_id != self.STATUS[_slot]['RX_STREAM_ID']): - self._logger.warning('(%s) Group Voice Call ***REJECTED BY INGRESS GLOBAL ACL*** SID: %s HBP, Peer %s', self._system, int_id(_rf_src), int_id(_radio_id)) + self._logger.warning('(%s) Group Voice Call ***REJECTED BY INGRESS GLOBAL ACL*** SID: %s SLOT: %s HBP Peer %s', self._system, int_id(_rf_src), _slot, int_id(_radio_id)) self.STATUS[_slot]['RX_STREAM_ID'] = _stream_id return # Check for SYSTEM Subscriber ID ACL Match - if acl_check(_rf_src, ACL['SID'][self._system]) == False: + if acl_check(_rf_src, ACL['SID'][self._system][_slot]) == False: if (_stream_id != self.STATUS[_slot]['RX_STREAM_ID']): - self._logger.warning('(%s) Group Voice Call ***REJECTED BY INGRESS SYSTEM ACL*** SID: %s HBP, Peer %s', self._system, int_id(_rf_src), int_id(_radio_id)) + self._logger.warning('(%s) Group Voice Call ***REJECTED BY INGRESS SYSTEM ACL*** SID: %s SLOT: %s HBP Peer %s', self._system, int_id(_rf_src), _slot, int_id(_radio_id)) self.STATUS[_slot]['RX_STREAM_ID'] = _stream_id return # Check for GLOBAL Talkgroup ID ACL Match - if acl_check(_dst_id, ACL['TGID']['GLOBAL']) == False: + if acl_check(_dst_id, ACL['TGID']['GLOBAL'][_slot]) == False: if (_stream_id != self.STATUS[_slot]['RX_STREAM_ID']): - self._logger.warning('(%s) Group Voice Call ***REJECTED BY INGRESS GLOBAL ACL*** TGID: %s HBP, Peer %s', self._system, int_id(_dst_id), int_id(_radio_id)) + self._logger.warning('(%s) Group Voice Call ***REJECTED BY INGRESS GLOBAL ACL*** TGID: %s SLOT: %s HBP Peer %s', self._system, int_id(_dst_id), _slot, int_id(_radio_id)) self.STATUS[_slot]['RX_STREAM_ID'] = _stream_id return # Check for SYSTEM Talkgroup ID ID ACL Match - if acl_check(_dst_id, ACL['TGID'][self._system]) == False: + if acl_check(_dst_id, ACL['TGID'][self._system][_slot]) == False: if (_stream_id != self.STATUS[_slot]['RX_STREAM_ID']): - self._logger.warning('(%s) Group Voice Call ***REJECTED BY INGRESS SYSTEM ACL*** TGID: %s HBP, Peer %s', self._system, int_id(_dst_id), int_id(_radio_id)) + self._logger.warning('(%s) Group Voice Call ***REJECTED BY INGRESS SYSTEM ACL*** TGID: %s SLOT: %s HBP Peer %s', self._system, int_id(_dst_id), _slot, int_id(_radio_id)) self.STATUS[_slot]['RX_STREAM_ID'] = _stream_id return @@ -193,28 +193,28 @@ class bridgeallSYSTEM(HBSYSTEM): _target_system = self._CONFIG['SYSTEMS'][_target] # Check for GLOBAL Subscriber ID ACL Match - if acl_check(_rf_src, ACL['SID']['GLOBAL']) == False: + if acl_check(_rf_src, ACL['SID']['GLOBAL'][_slot]) == False: if (_stream_id != _target_status[_slot]['TX_STREAM_ID']): - self._logger.warning('(%s) Group Voice Call ***REJECTED BY EGRESS GLOBAL ACL*** SID: %s HBP, Peer %s', _target, int_id(_rf_src), int_id(_radio_id)) + self._logger.warning('(%s) Group Voice Call ***REJECTED BY EGRESS GLOBAL ACL*** SID: %s SLOT: %s HBP Peer %s', _target, int_id(_rf_src), _slot, int_id(_radio_id)) _target_status[_slot]['TX_STREAM_ID'] = _stream_id return # Check for SYSTEM Subscriber ID ACL Match - if acl_check(_rf_src, ACL['SID'][_target]) == False: + if acl_check(_rf_src, ACL['SID'][_target][_slot]) == False: if (_stream_id != _target_status[_slot]['TX_STREAM_ID']): - self._logger.warning('(%s) Group Voice Call ***REJECTED BY EGRESS SYSTEM ACL*** SID: %s HBP, Peer %s', _target, int_id(_rf_src), int_id(_radio_id)) + self._logger.warning('(%s) Group Voice Call ***REJECTED BY EGRESS SYSTEM ACL*** SID: %s SLOT: %s HBP Peer %s', _target, int_id(_rf_src), _slot, int_id(_radio_id)) _target_status[_slot]['TX_STREAM_ID'] = _stream_id return # Check for GLOBAL Talkgroup ID ACL Match - if acl_check(_dst_id, ACL['TGID']['GLOBAL']) == False: + if acl_check(_dst_id, ACL['TGID']['GLOBAL'][_slot]) == False: if (_stream_id != _target_status[_slot]['TX_STREAM_ID']): - self._logger.warning('(%s) Group Voice Call ***REJECTED BY EGRESS GLOBAL ACL*** TGID: %s HBP, Peer %s', _target, int_id(_dst_id), int_id(_radio_id)) + self._logger.warning('(%s) Group Voice Call ***REJECTED BY EGRESS GLOBAL ACL*** TGID: %s SLOT: %s HBP Peer %s', _target, int_id(_dst_id), _slot, int_id(_radio_id)) _target_status[_slot]['TX_STREAM_ID'] = _stream_id return # Check for SYSTEM Talkgroup ID ID ACL Match - if acl_check(_dst_id, ACL['TGID'][_target]) == False: + if acl_check(_dst_id, ACL['TGID'][_target][_slot]) == False: if (_stream_id != _target_status[_slot]['TX_STREAM_ID']): - self._logger.warning('(%s) Group Voice Call ***REJECTED BY EGRESS SYSTEM ACL*** TGID: %s HBP, Peer %s', _target, int_id(_dst_id), int_id(_radio_id)) + self._logger.warning('(%s) Group Voice Call ***REJECTED BY EGRESS SYSTEM ACL*** TGID: %s HBP Peer %s', _target, int_id(_dst_id), int_id(_radio_id)) _target_status[_slot]['TX_STREAM_ID'] = _stream_id return @@ -304,18 +304,19 @@ if __name__ == '__main__': sys.exit(('TERMINATE: SID or TGID stanzas not in ACL!!! Exiting to save you grief later')) if 'GLOBAL' not in ACL[acl_type]: - ACL[acl_type].update({'GLOBAL':'PERMIT:ALL'}) + ACL[acl_type].update({'GLOBAL': {1:'PERMIT:ALL',2:'PERMIT:ALL'}}) for system_acl in ACL[acl_type]: if system_acl not in CONFIG['SYSTEMS'] and system_acl != 'GLOBAL': sys.exit(('TERMINATE: {} ACL configured for system {} that does not exist!!! Exiting to save you grief later'.format(acl_type, system_acl))) - ACL[acl_type][system_acl] = acl_build(ACL[acl_type][system_acl]) + for slot in ACL[acl_type][system_acl]: + ACL[acl_type][system_acl][slot] = acl_build(ACL[acl_type][system_acl][slot]) for system in CONFIG['SYSTEMS']: for acl_type in ACL: if system not in ACL[acl_type]: logger.warning('No %s ACL for system %s - initializing \'PERMIT:ALL\'', acl_type, system) - ACL[acl_type].update({system: acl_build('PERMIT:ALL')}) + ACL[acl_type].update({system: {1: acl_build('PERMIT:ALL'), 2: acl_build('PERMIT:ALL')}}) # HBlink instance creation diff --git a/hb_bridge_all_rules_SAMPLE.py b/hb_bridge_all_rules_SAMPLE.py index b1d97e6..e06039a 100644 --- a/hb_bridge_all_rules_SAMPLE.py +++ b/hb_bridge_all_rules_SAMPLE.py @@ -18,23 +18,45 @@ # ACLs are applied both ingress AND egress # If you omit GLOBAL or SYSTEM level ACLs, they will be initilzied # automatically as "PERMIT:ALL" +# Each system (or global) has two sections 1 and 2, which correspond +# to timeslots 1 and 2 respectively # # EXAMPLE: -# ACL = { -# 'SID': { -# 'K0USY': 'PERMIT:1-5,3120101,3120124' -# }, -# 'TGID': { -# 'GLOBAL': 'PERMIT:ALL', -# 'K0USY': 'DENY:1-5,3120,31201' -# } -# } +#ACL = { +# 'SID': { +# 'GLOBAL': { +# 1: 'PERMIT:ALL', +# 2: 'PERMIT:ALL' +# }, +# 'LINK': { +# 1: 'DENY:3120121', +# 2: 'PERMIT:ALL' +# } +# }, +# 'TGID': { +# 'GLOBAL': { +# 1: 'PERMIT:ALL', +# 2: 'PERMIT:ALL' +# }, +# 'LINK': { +# 1: 'DENY:1-5,1616', +# 2: 'PERMIT:3120' +# } +# } +#} ACL = { 'SID': { - 'GLOBAL': 'PERMIT:ALL' + 'GLOBAL': { + 1: 'PERMIT:ALL', + 2: 'PERMIT:ALL' + } }, 'TGID': { - 'GLOBAL': 'PERMIT:ALL' + 'GLOBAL': { + 1: 'PERMIT:ALL', + 2: 'PERMIT:ALL' + } } -} \ No newline at end of file +} +