ShaYmez
/
HBLink
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Consolidate ACLs into HBlink.py 

MAJOR CHANGE: Move ACLs into the main hblink.cfg configuraiton file and process all ingress ACLs in hblink.py itself. This means removing all other ACL processing from other programs, except hb_bridge_all.py which uses the main hblink.py ACLs for egress processing.
This commit is contained in:
Cort Buffington 2018-11-21 10:24:19 -06:00
parent b639f83057
commit e5978f79ca
10 changed files with 325 additions and 492 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

104
acl.py
View File

@ -1,104 +0,0 @@
###############################################################################
# Copyright (C) 2018 Cortney T. Buffington, N0MJS <n0mjs@me.com>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software Foundation,
# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
###############################################################################
from dmr_utils.utils import int_id
# Lowest possible Subscirber and/or talkgroup IDs allowed by ETSI standard
ID_MIN = 1
ID_MAX = 16776415
# Checks the supplied ID against the ID given, and the ACL list, and the action
# Returns True if the ID should be allowed, False if it should not be
def acl_check(_id, _acl):
id = int_id(_id)
for entry in _acl[1]:
if entry[0] <= id <= entry[1]:
return _acl[0]
return not _acl[0]
def acl_build(_acl):
if not _acl:
return(True, set((ID_MIN, ID_MAX)))
acl = set()
sections = _acl.split(':')
if sections[0] == 'PERMIT':
action = True
else:
action = False
for entry in sections[1].split(','):
if entry == 'ALL':
acl.add((ID_MIN, ID_MAX))
break
elif '-' in entry:
start,end = entry.split('-')
start,end = int(start), int(end)
if (ID_MIN <= start <= ID_MAX) or (ID_MIN <= end <= ID_MAX):
acl.add((start, end))
else:
pass #logger message here
else:
id = int(entry)
if (ID_MIN <= id <= ID_MAX):
acl.add((id, id))
else:
pass #logger message here
return (action, acl)
if __name__ == '__main__':
from time import time
from pprint import pprint
ACL = {
'SUB': {
'K0USY': {
1: 'PERMIT:1-5,3120101,3120124',
2: 'DENY:1-5,3120101,3120124'
}
},
'TGID': {
'GLOBAL': {
1: 'PERMIT:ALL',
2: 'DENY:ALL'
},
'K0USY': {
1: 'PERMIT:1-5,3120,31201',
2: 'DENY:1-5,3120,31201'
}
}
}
for acl in ACL:
if 'GLOBAL' not in ACL[acl]:
ACL[acl].update({'GLOBAL': {1:'PERMIT:ALL',2:'PERMIT:ALL'}})
for acltype in ACL[acl]:
for slot in ACL[acl][acltype]:
ACL[acl][acltype][slot] = acl_build(ACL[acl][acltype][slot])
pprint(ACL)
print
print(acl_check('\x00\x00\x01', ACL['TGID']['GLOBAL'][1]))
print(acl_check('\x00\x00\x01', ACL['TGID']['K0USY'][2]))

149
hb_bridge_all.py
View File

@ -45,10 +45,9 @@ from twisted.protocols.basic import NetstringReceiver
from twisted.internet import reactor, task
# Things we import from the main hblink module
from hblink import HBSYSTEM, systems, hblink_handler, reportFactory, REPORT_OPCODES, config_reports, build_reg_acl
from hblink import HBSYSTEM, OPENBRIDGE, systems, hblink_handler, reportFactory, REPORT_OPCODES, config_reports
from dmr_utils.utils import hex_str_3, int_id, get_alias
from dmr_utils import decode, bptc, const
from acl import acl_check, acl_build
import hb_config
import hb_log
import hb_const
@ -65,19 +64,6 @@ __status__ = 'pre-alpha'
# Module gobal varaibles
# Import rules -- at this point, just ACLs
def import_rules(_rules):
try:
rules_file = import_module(_rules)
logger.info('Rules file found and bridges imported')
return rules_file
except ImportError:
logger.info('Rules file not found. Initializing defaults')
rules_file = ModuleType('rules_file')
rules_file.ACL = {'SID':{}, 'TGID':{}}
return rules_file
class bridgeallSYSTEM(HBSYSTEM):
def __init__(self, _name, _config, _logger, _report):
@ -140,32 +126,6 @@ class bridgeallSYSTEM(HBSYSTEM):
if _call_type == 'group':
# Check for GLOBAL Subscriber ID ACL Match
if acl_check(_rf_src, ACL['SID']['GLOBAL'][_slot]) == False:
if (_stream_id != self.STATUS[_slot]['RX_STREAM_ID']):
self._logger.warning('(%s) Group Voice Call ***REJECTED BY INGRESS GLOBAL ACL*** SID: %s SLOT: %s HBP Peer %s', self._system, int_id(_rf_src), _slot, int_id(_peer_id))
self.STATUS[_slot]['RX_STREAM_ID'] = _stream_id
return
# Check for SYSTEM Subscriber ID ACL Match
if acl_check(_rf_src, ACL['SID'][self._system][_slot]) == False:
if (_stream_id != self.STATUS[_slot]['RX_STREAM_ID']):
self._logger.warning('(%s) Group Voice Call ***REJECTED BY INGRESS SYSTEM ACL*** SID: %s SLOT: %s HBP Peer %s', self._system, int_id(_rf_src), _slot, int_id(_peer_id))
self.STATUS[_slot]['RX_STREAM_ID'] = _stream_id
return
# Check for GLOBAL Talkgroup ID ACL Match
if acl_check(_dst_id, ACL['TGID']['GLOBAL'][_slot]) == False:
if (_stream_id != self.STATUS[_slot]['RX_STREAM_ID']):
self._logger.warning('(%s) Group Voice Call ***REJECTED BY INGRESS GLOBAL ACL*** TGID: %s SLOT: %s HBP Peer %s', self._system, int_id(_dst_id), _slot, int_id(_peer_id))
self.STATUS[_slot]['RX_STREAM_ID'] = _stream_id
return
# Check for SYSTEM Talkgroup ID ID ACL Match
if acl_check(_dst_id, ACL['TGID'][self._system][_slot]) == False:
if (_stream_id != self.STATUS[_slot]['RX_STREAM_ID']):
self._logger.warning('(%s) Group Voice Call ***REJECTED BY INGRESS SYSTEM ACL*** TGID: %s SLOT: %s HBP Peer %s', self._system, int_id(_dst_id), _slot, int_id(_peer_id))
self.STATUS[_slot]['RX_STREAM_ID'] = _stream_id
return
# Is this is a new call stream?
if (_stream_id != self.STATUS[_slot]['RX_STREAM_ID']):
self.STATUS['RX_START'] = pkt_time
@ -191,39 +151,45 @@ class bridgeallSYSTEM(HBSYSTEM):
_target_status = systems[_target].STATUS
_target_system = self._CONFIG['SYSTEMS'][_target]
# Check for GLOBAL Subscriber ID ACL Match
if acl_check(_rf_src, ACL['SID']['GLOBAL'][_slot]) == False:
if (_stream_id != _target_status[_slot]['TX_STREAM_ID']):
self._logger.warning('(%s) Group Voice Call ***REJECTED BY EGRESS GLOBAL ACL*** SID: %s SLOT: %s HBP Peer %s', _target, int_id(_rf_src), _slot, int_id(_peer_id))
_target_status[_slot]['TX_STREAM_ID'] = _stream_id
return
# Check for SYSTEM Subscriber ID ACL Match
if acl_check(_rf_src, ACL['SID'][_target][_slot]) == False:
if (_stream_id != _target_status[_slot]['TX_STREAM_ID']):
self._logger.warning('(%s) Group Voice Call ***REJECTED BY EGRESS SYSTEM ACL*** SID: %s SLOT: %s HBP Peer %s', _target, int_id(_rf_src), _slot, int_id(_peer_id))
_target_status[_slot]['TX_STREAM_ID'] = _stream_id
return
# Check for GLOBAL Talkgroup ID ACL Match
if acl_check(_dst_id, ACL['TGID']['GLOBAL'][_slot]) == False:
if (_stream_id != _target_status[_slot]['TX_STREAM_ID']):
self._logger.warning('(%s) Group Voice Call ***REJECTED BY EGRESS GLOBAL ACL*** TGID: %s SLOT: %s HBP Peer %s', _target, int_id(_dst_id), _slot, int_id(_peer_id))
_target_status[_slot]['TX_STREAM_ID'] = _stream_id
return
# Check for SYSTEM Talkgroup ID ID ACL Match
if acl_check(_dst_id, ACL['TGID'][_target][_slot]) == False:
if (_stream_id != _target_status[_slot]['TX_STREAM_ID']):
self._logger.warning('(%s) Group Voice Call ***REJECTED BY EGRESS SYSTEM ACL*** TGID: %s HBP Peer %s', _target, int_id(_dst_id), int_id(_peer_id))
_target_status[_slot]['TX_STREAM_ID'] = _stream_id
return
_target_status[_slot]['TX_STREAM_ID'] = _stream_id
# ACL Processing
if self._CONFIG['GLOBAL']['USE_ACL']:
if not acl_check(_rf_src, self._CONFIG['GLOBAL']['SUB_ACL']):
if self._laststrid != _stream_id:
self._logger.debug('(%s) CALL DROPPED ON EGRESS WITH STREAM ID %s FROM SUBSCRIBER %s BY GLOBAL ACL', _target_system, int_id(_stream_id), int_id(_rf_src))
self._laststrid = _stream_id
return
if _slot == 1 and not acl_check(_dst_id, self._CONFIG['GLOBAL']['TG1_ACL']):
if self._laststrid != _stream_id:
self._logger.debug('(%s) CALL DROPPED ON EGRESS WITH STREAM ID %s ON TGID %s BY GLOBAL TS1 ACL', _target_system, int_id(_stream_id), int_id(_dst_id))
self._laststrid = _stream_id
return
if _slot == 2 and not acl_check(_dst_id, self._CONFIG['GLOBAL']['TG2_ACL']):
if self._laststrid != _stream_id:
self._logger.debug('(%s) CALL DROPPED ON EGRESS WITH STREAM ID %s ON TGID %s BY GLOBAL TS2 ACL', _target_system, int_id(_stream_id), int_id(_dst_id))
self._laststrid = _stream_id
return
if self._target_system['USE_ACL']:
if not acl_check(_rf_src, _target_system['SUB_ACL']):
if self._laststrid != _stream_id:
self._logger.debug('(%s) CALL DROPPED ON EGRESS WITH STREAM ID %s FROM SUBSCRIBER %s BY SYSTEM ACL', _target_system, int_id(_stream_id), int_id(_rf_src))
self._laststrid = _stream_id
return
if _slot == 1 and not acl_check(_dst_id, _target_system['TG1_ACL']):
if self._laststrid != _stream_id:
self._logger.debug('(%s) CALL DROPPED ON EGRESS WITH STREAM ID %s ON TGID %s BY SYSTEM TS1 ACL', _target_system, int_id(_stream_id), int_id(_dst_id))
self._laststrid = _stream_id
return
if _slot == 2 and not acl_check(_dst_id, _target_system['TG2_ACL']):
if self._laststrid != _stream_id:
self._logger.debug('(%s) CALL DROPPED ON EGRESS WITH STREAM ID %s ON TGID %s BY SYSTEM TS2 ACL', _target_system, int_id(_stream_id), int_id(_dst_id))
self._laststrid = _stream_id
return
self._laststrid = _stream_id
systems[_target].send_system(_data)
#self._logger.debug('(%s) Packet routed to system: %s', self._system, _target)
#************************************************
@ -269,9 +235,6 @@ if __name__ == '__main__':
# Set signal handers so that we can gracefully exit if need be
for sig in [signal.SIGTERM, signal.SIGINT]:
signal.signal(sig, sig_handler)
# Build the Access Control List
REG_ACL = build_reg_acl('reg_acl', logger)
# ID ALIAS CREATION
# Download
@ -295,43 +258,21 @@ if __name__ == '__main__':
talkgroup_ids = mk_id_dict(CONFIG['ALIASES']['PATH'], CONFIG['ALIASES']['TGID_FILE'])
if talkgroup_ids:
logger.info('ID ALIAS MAPPER: talkgroup_ids dictionary is available')
# Import rules file
rules_file = import_rules('hb_bridge_all_rules')
# Create ACLs
ACL = rules_file.ACL
for acl_type in ACL:
if acl_type != 'SID' and acl_type != 'TGID':
sys.exit(('TERMINATE: SID or TGID stanzas not in ACL!!! Exiting to save you grief later'))
if 'GLOBAL' not in ACL[acl_type]:
ACL[acl_type].update({'GLOBAL': {1:'PERMIT:ALL',2:'PERMIT:ALL'}})
for system_acl in ACL[acl_type]:
if system_acl not in CONFIG['SYSTEMS'] and system_acl != 'GLOBAL':
sys.exit(('TERMINATE: {} ACL configured for system {} that does not exist!!! Exiting to save you grief later'.format(acl_type, system_acl)))
for slot in ACL[acl_type][system_acl]:
ACL[acl_type][system_acl][slot] = acl_build(ACL[acl_type][system_acl][slot])
for system in CONFIG['SYSTEMS']:
for acl_type in ACL:
if system not in ACL[acl_type]:
logger.warning('No %s ACL for system %s - initializing \'PERMIT:ALL\'', acl_type, system)
ACL[acl_type].update({system: {1: acl_build('PERMIT:ALL'), 2: acl_build('PERMIT:ALL')}})
# Build the Registration Access Control List
REG_ACL = build_reg_acl('reg_acl', logger)
# INITIALIZE THE REPORTING LOOP
report_server = config_reports(CONFIG, logger, reportFactory)
# HBlink instance creation
logger.info('HBlink \'hb_bridge_all.py\' (c) 2016 N0MJS & the K0USY Group - SYSTEM STARTING...')
logger.info('HBlink \'HBlink.py\' (c) 2016-2018 N0MJS & the K0USY Group - SYSTEM STARTING...')
for system in CONFIG['SYSTEMS']:
if CONFIG['SYSTEMS'][system]['ENABLED']:
systems[system] = bridgeallSYSTEM(system, CONFIG, logger, report_server)
if CONFIG['SYSTEMS'][system]['MODE'] == 'OPENBRIDGE':
logger.critical('%s FATAL: Instance is mode \'OPENBRIDGE\', \n\t\t...Which would be tragic for Bridge All, since it carries multiple call\n\t\tstreams simultaneously. hb_bridge_all.py onlyl works with MMDVM-based systems', system)
sys.exit('hb_bridge_all.py cannot function with systems that are not MMDVM devices. System {} is configured as an OPENBRIDGE'.format(system))
else:
systems[system] = HBSYSTEM(system, CONFIG, logger, report_server)
reactor.listenUDP(CONFIG['SYSTEMS'][system]['PORT'], systems[system], interface=CONFIG['SYSTEMS'][system]['IP'])
logger.debug('%s instance created: %s, %s', CONFIG['SYSTEMS'][system]['MODE'], system, systems[system])

62
hb_bridge_all_rules_SAMPLE.py
View File

@ -1,62 +0,0 @@
# ACL Entries
#
# The 'action' May be PERMIT|DENY
# Each entry may be a single radio id, a hypenated range (e.g. 1-2999), or the string 'ALL'.
# if "ALL" is used, you may not include any other ranges or individual IDs.
# Format:
# ACL = 'action:id|start-end|,id|start-end,....'
#
# Sections exist for both TGIDs and Subscriber IDs.
# Sections exist for glboal actions, and per-system actions.
# ***FIRST MATCH EXITS***
# SID - Subscriber ID section.
# TGID - Talkgroup ID section.
#
# "GLOBAL" affects ALL systems
# "SYSTEM NAME" affects the system in quetion
# ACLs are applied both ingress AND egress
# If you omit GLOBAL or SYSTEM level ACLs, they will be initilzied
# automatically as "PERMIT:ALL"
# Each system (or global) has two sections 1 and 2, which correspond
# to timeslots 1 and 2 respectively
#
# EXAMPLE:
#ACL = {
# 'SID': {
# 'GLOBAL': {
# 1: 'PERMIT:ALL',
# 2: 'PERMIT:ALL'
# },
# 'LINK': {
# 1: 'DENY:3120121',
# 2: 'PERMIT:ALL'
# }
# },
# 'TGID': {
# 'GLOBAL': {
# 1: 'PERMIT:ALL',
# 2: 'PERMIT:ALL'
# },
# 'LINK': {
# 1: 'DENY:1-5,1616',
# 2: 'PERMIT:3120'
# }
# }
#}
ACL = {
'SID': {
'GLOBAL': {
1: 'PERMIT:ALL',
2: 'PERMIT:ALL'
}
},
'TGID': {
'GLOBAL': {
1: 'PERMIT:ALL',
2: 'PERMIT:ALL'
}
}
}

77
hb_confbridge.py
View File

@ -45,7 +45,7 @@ from twisted.protocols.basic import NetstringReceiver
from twisted.internet import reactor, task
# Things we import from the main hblink module
from hblink import HBSYSTEM, OPENBRIDGE, systems, hblink_handler, reportFactory, REPORT_OPCODES, build_reg_acl
from hblink import HBSYSTEM, OPENBRIDGE, systems, hblink_handler, reportFactory, REPORT_OPCODES
from dmr_utils.utils import hex_str_3, int_id, get_alias
from dmr_utils import decode, bptc, const
import hb_config
@ -115,61 +115,8 @@ def make_bridges(_hb_confbridge_bridges):
_system['TIMER'] = time() + _system['TIMEOUT']
else:
_system['TIMER'] = time()
return bridge_file.BRIDGES
# Import subscriber ACL
# ACL may be a single list of subscriber IDs
# Global action is to allow or deny them. Multiple lists with different actions and ranges
# are not yet implemented.
def build_acl(_sub_acl):
ACL = set()
try:
acl_file = import_module(_sub_acl)
logger.info('ACL file found, importing entries. This will take about 1.5 seconds per 1 million IDs')
sections = acl_file.ACL.split(':')
ACL_ACTION = sections[0]
entries_str = sections[1]
for entry in entries_str.split(','):
if '-' in entry:
start,end = entry.split('-')
start,end = int(start), int(end)
for id in range(start, end+1):
ACL.add(hex_str_3(id))
else:
id = int(entry)
ACL.add(hex_str_3(id))
logger.info('ACL loaded: action "{}" for {:,} radio IDs'.format(ACL_ACTION, len(ACL)))
except ImportError:
logger.info('ACL file not found or invalid - all subscriber IDs are valid')
ACL_ACTION = 'NONE'
# Depending on which type of ACL is used (PERMIT, DENY... or there isn't one)
# define a differnet function to be used to check the ACL
global allow_sub
if ACL_ACTION == 'PERMIT':
def allow_sub(_sub):
if _sub in ACL:
return True
else:
return False
elif ACL_ACTION == 'DENY':
def allow_sub(_sub):
if _sub not in ACL:
return True
else:
return False
else:
def allow_sub(_sub):
return True
return ACL
# Run this every minute for rule timer updates
def rule_timer_loop():
@ -250,12 +197,6 @@ class routerOBP(OPENBRIDGE):
_bits = int_id(_data[15])
if _call_type == 'group':
# Check for ACL match, and return if the subscriber is not allowed
if allow_sub(_rf_src) == False:
self._logger.warning('(%s) Group Voice Packet ***REJECTED BY ACL*** From: %s, HBP Peer %s, Destination TGID %s', self._system, int_id(_rf_src), int_id(_peer_id), int_id(_dst_id))
return
# Is this a new call stream?
if (_stream_id not in self.STATUS):
# This is a new call stream
@ -505,11 +446,6 @@ class routerHBP(HBSYSTEM):
if _call_type == 'group':
# Check for ACL match, and return if the subscriber is not allowed
if allow_sub(_rf_src) == False:
self._logger.warning('(%s) Group Voice Packet ***REJECTED BY ACL*** From: %s, HBP Peer %s, Destination TGID %s', self._system, int_id(_rf_src), int_id(_peer_id), int_id(_dst_id))
return
# Is this a new call stream?
if (_stream_id != self.STATUS[_slot]['RX_STREAM_ID']):
if (self.STATUS[_slot]['RX_TYPE'] != hb_const.HBPF_SLT_VTERM) and (pkt_time < (self.STATUS[_slot]['RX_TIME'] + hb_const.STREAM_TO)) and (_rf_src != self.STATUS[_slot]['RX_RFS']):
@ -804,9 +740,6 @@ if __name__ == '__main__':
for sig in [signal.SIGTERM, signal.SIGINT]:
signal.signal(sig, sig_handler)
# Build the Access Control List
REG_ACL = build_reg_acl('reg_acl', logger)
# ID ALIAS CREATION
# Download
if CONFIG['ALIASES']['TRY_DOWNLOAD'] == True:
@ -833,12 +766,6 @@ if __name__ == '__main__':
# Build the routing rules file
BRIDGES = make_bridges('hb_confbridge_rules')
# Build the Access Control List
ACL = build_acl('sub_acl')
# Build the Registration Access Control List
REG_ACL = build_reg_acl('reg_acl', logger)
# INITIALIZE THE REPORTING LOOP
report_server = config_reports(CONFIG, logger, confbridgeReportFactory)

108
hb_config.py
View File

@ -28,6 +28,7 @@ change.
import ConfigParser
import sys
import hb_const as const
from socket import gethostbyname
@ -39,6 +40,61 @@ __license__ = 'GNU GPLv3'
__maintainer__ = 'Cort Buffington, N0MJS'
__email__ = 'n0mjs@me.com'
# Processing of ALS goes here. It's separated from the acl_build function because this
# code is hblink config-file format specific, and acl_build is abstracted
def process_acls(_config):
# Global registration ACL
_config['GLOBAL']['REG_ACL'] = acl_build(_config['GLOBAL']['REG_ACL'], const.PEER_MAX)
# Global subscriber and TGID ACLs
for acl in ['SUB_ACL', 'TG1_ACL', 'TG2_ACL']:
_config['GLOBAL'][acl] = acl_build(_config['GLOBAL'][acl], const.ID_MAX)
# System level ACLs
for system in _config['SYSTEMS']:
# Registration ACLs (which make no sense for peer systems)
if _config['SYSTEMS'][system]['MODE'] == 'MASTER':
_config['SYSTEMS'][system]['REG_ACL'] = acl_build(_config['SYSTEMS'][system]['REG_ACL'], const.PEER_MAX)
# Subscriber and TGID ACLs (valid for all system types)
for acl in ['SUB_ACL', 'TG1_ACL', 'TG2_ACL']:
_config['SYSTEMS'][system][acl] = acl_build(_config['SYSTEMS'][system][acl], const.ID_MAX)
# Create an access control list that is programatically useable from human readable:
# ORIGINAL: 'DENY:1-5,3120101,3120124'
# PROCESSED: (False, set([(1, 5), (3120124, 3120124), (3120101, 3120101)]))
def acl_build(_acl, _max):
if not _acl:
return(True, set((const.ID_MIN, _max)))
acl = set()
sections = _acl.split(':')
if sections[0] == 'PERMIT':
action = True
else:
action = False
for entry in sections[1].split(','):
if entry == 'ALL':
acl.add((const.ID_MIN, _max))
break
elif '-' in entry:
start,end = entry.split('-')
start,end = int(start), int(end)
if (const.ID_MIN <= start <= _max) or (const.ID_MIN <= end <= _max):
acl.add((start, end))
else:
sys.exit('ACL CREATION ERROR, VALUE OUT OF RANGE (} - {})IN RANGE-BASED ENTRY: {}'.format(const.ID_MIN, _max, entry))
else:
id = int(entry)
if (const.ID_MIN <= id <= _max):
acl.add((id, id))
else:
sys.exit('ACL CREATION ERROR, VALUE OUT OF RANGE ({} - {}) IN SINGLE ID ENTRY: {}'.format(const.ID_MIN, _max, entry))
return (action, acl)
def build_config(_config_file):
config = ConfigParser.ConfigParser()
@ -51,7 +107,6 @@ def build_config(_config_file):
CONFIG['REPORTS'] = {}
CONFIG['LOGGER'] = {}
CONFIG['ALIASES'] = {}
CONFIG['AMBE'] = {}
CONFIG['SYSTEMS'] = {}
try:
@ -60,7 +115,12 @@ def build_config(_config_file):
CONFIG['GLOBAL'].update({
'PATH': config.get(section, 'PATH'),
'PING_TIME': config.getint(section, 'PING_TIME'),
'MAX_MISSED': config.getint(section, 'MAX_MISSED')
'MAX_MISSED': config.getint(section, 'MAX_MISSED'),
'USE_ACL': config.get(section, 'USE_ACL'),
'REG_ACL': config.get(section, 'REG_ACL'),
'SUB_ACL': config.get(section, 'SUB_ACL'),
'TG1_ACL': config.get(section, 'TGID_TS1_ACL'),
'TG2_ACL': config.get(section, 'TGID_TS2_ACL')
})
elif section == 'REPORTS':
@ -91,12 +151,6 @@ def build_config(_config_file):
'STALE_TIME': config.getint(section, 'STALE_DAYS') * 86400,
})
elif section == 'AMBE':
CONFIG['AMBE'].update({
'EXPORT_IP': gethostbyname(config.get(section, 'EXPORT_IP')),
'EXPORT_PORT': config.getint(section, 'EXPORT_PORT'),
})
elif config.getboolean(section, 'ENABLED'):
if config.get(section, 'MODE') == 'PEER':
CONFIG['SYSTEMS'].update({section: {
@ -127,7 +181,11 @@ def build_config(_config_file):
'SOFTWARE_ID': config.get(section, 'SOFTWARE_ID').ljust(40)[:40],
'PACKAGE_ID': config.get(section, 'PACKAGE_ID').ljust(40)[:40],
'GROUP_HANGTIME': config.getint(section, 'GROUP_HANGTIME'),
'OPTIONS': config.get(section, 'OPTIONS')
'OPTIONS': config.get(section, 'OPTIONS'),
'USE_ACL': config.getboolean(section, 'USE_ACL'),
'SUB_ACL': config.get(section, 'SUB_ACL'),
'TG1_ACL': config.get(section, 'TGID_TS1_ACL'),
'TG2_ACL': config.get(section, 'TGID_TS2_ACL')
}})
CONFIG['SYSTEMS'][section].update({'STATS': {
'CONNECTION': 'NO', # NO, RTPL_SENT, AUTHENTICATED, CONFIG-SENT, YES
@ -148,7 +206,12 @@ def build_config(_config_file):
'IP': gethostbyname(config.get(section, 'IP')),
'PORT': config.getint(section, 'PORT'),
'PASSPHRASE': config.get(section, 'PASSPHRASE'),
'GROUP_HANGTIME': config.getint(section, 'GROUP_HANGTIME')
'GROUP_HANGTIME': config.getint(section, 'GROUP_HANGTIME'),
'USE_ACL': config.getboolean(section, 'USE_ACL'),
'REG_ACL': config.get(section, 'REG_ACL'),
'SUB_ACL': config.get(section, 'SUB_ACL'),
'TG1_ACL': config.get(section, 'TGID_TS1_ACL'),
'TG2_ACL': config.get(section, 'TGID_TS2_ACL')
}})
CONFIG['SYSTEMS'][section].update({'PEERS': {}})
@ -163,19 +226,20 @@ def build_config(_config_file):
'TARGET_SOCK': (gethostbyname(config.get(section, 'TARGET_IP')), config.getint(section, 'TARGET_PORT')),
'TARGET_IP': gethostbyname(config.get(section, 'TARGET_IP')),
'TARGET_PORT': config.getint(section, 'TARGET_PORT'),
'USE_ACL': config.getboolean(section, 'USE_ACL'),
'SUB_ACL': config.get(section, 'SUB_ACL'),
'TG1_ACL': config.get(section, 'TGID_ACL'),
'TG2_ACL': 'PERMIT:ALL'
}})
except ConfigParser.Error, err:
print "Cannot parse configuration file. %s" %err
sys.exit('Could not parse configuration file, exiting...')
sys.exit('Error processing configuration file -- {}'.format(err))
process_acls(CONFIG)
return CONFIG
# Used to run this file direclty and print the config,
# which might be useful for debugging
if __name__ == '__main__':
@ -183,6 +247,7 @@ if __name__ == '__main__':
import os
import argparse
from pprint import pprint
from dmr_utils.utils import int_id
# Change the current directory to the location of the application
os.chdir(os.path.dirname(os.path.realpath(sys.argv[0])))
@ -197,5 +262,14 @@ if __name__ == '__main__':
if not cli_args.CONFIG_FILE:
cli_args.CONFIG_FILE = os.path.dirname(os.path.abspath(__file__))+'/hblink.cfg'
CONFIG = build_config(cli_args.CONFIG_FILE)
pprint(CONFIG)
pprint(build_config(cli_args.CONFIG_FILE))
def acl_check(_id, _acl):
id = int_id(_id)
for entry in _acl[1]:
if entry[0] <= id <= entry[1]:
return _acl[0]
return not _acl[0]
print acl_check('\x00\x01\x37', CONFIG['GLOBAL']['TG1_ACL'])

5
hb_const.py
View File

@ -46,4 +46,7 @@ HBPF_VOICE = 0x0
HBPF_VOICE_SYNC = 0x1
HBPF_DATA_SYNC = 0x2
HBPF_SLT_VHEAD = 0x1
HBPF_SLT_VTERM = 0x2
HBPF_SLT_VTERM = 0x2
# Higheset peer ID permitted by HBP
PEER_MAX = 4294967295

64
hblink-SAMPLE.cfg
View File

@ -4,10 +4,47 @@
# - how often the Master maintenance loop runs
# MAX_MISSED - how many pings are missed before we give up and re-register
# - number of times the master maintenance loop runs before de-registering a peer
#
# ACLs:
#
# Access Control Lists are a very powerful tool for administering your system.
# But they consume packet processing time. Disable them if you are not using them.
# But be aware that, as of now, the confiuration stanzas still need the ACL
# sections configured even if you're not using them.
#
# REGISTRATION ACLS ARE ALWAYS USED, ONLY SUBSCRIBER AND TGID MAY BE DISABLED!!!
#
# The 'action' May be PERMIT|DENY
# Each entry may be a single radio id, or a hypenated range (e.g. 1-2999)
# Format:
# ACL = 'action:id|start-end|,id|start-end,....'
# --for example--
# SUB_ACL: DENY:1,1000-2000,4500-60000,17
#
# ACL Types:
# REG_ACL: peer radio IDs for registration (only used on HBP master systems)
# SUB_ACL: subscriber IDs for end-users
# TGID_TS1_ACL: destination talkgroup IDs on Timeslot 1
# TGID_TS2_ACL: destination talkgroup IDs on Timeslot 2
#
# ACLs may be repeated for individual systems if needed for granularity
# Global ACLs will be processed BEFORE the system level ACLs
# Packets will be matched against all ACLs, GLOBAL first. If a packet 'passes'
# All elements, processing continues. Packets are discarded at the first
# negative match, or 'reject' from an ACL element.
#
# If you do not wish to use ACLs, set them to 'PERMIT:ALL'
# TGID_TS1_ACL in the global stanza is used for OPENBRIDGE systems, since all
# traffic is passed as TS 1 between OpenBridges
[GLOBAL]
PATH: ./
PING_TIME: 5
MAX_MISSED: 3
USE_ACL: True
REG_ACL: PERMIT:ALL
SUB_ACL: DENY:1
TGID_TS1_ACL: PERMIT:ALL
TGID_TS2_ACL: PERMIT:ALL
# NOT YET WORKING: NETWORK REPORTING CONFIGURATION
@ -87,7 +124,12 @@ EXPORT_PORT: 1234
# connecting to. NETWORK_ID is a number in the format of a DMR Radio ID that
# will be sent to the other server to identify this connection.
# other parameters follow the other system types.
[3199]
#
# ACLs:
# OpenBridge does not 'register', so registration ACL is meaningless.
# OpenBridge passes all traffic on TS1, so there is only 1 TGID ACL.
# Otherwise ACLs work as described in the global stanza
[OBP-1]
MODE: OPENBRIDGE
ENABLED: True
IP:
@ -96,6 +138,9 @@ NETWORK_ID: 3129100
PASSPHRASE: password
TARGET_IP: 1.2.3.4
TARGET_PORT: 62035
USE_ACL: True
SUB_ACL: 1
TGID_ACL: PERMIT:ALL
# MASTER INSTANCES - DUPLICATE SECTION FOR MULTIPLE MASTERS
# HomeBrew Protocol Master instances go here.
@ -103,6 +148,9 @@ TARGET_PORT: 62035
# Port should be the port you want this master to listen on. It must be unique
# and unused by anything else.
# Repeat - if True, the master repeats traffic to peers, False, it does nothing.
#
# ACLs:
# See comments in the GLOBAL stanza
[MASTER-1]
MODE: MASTER
ENABLED: True
@ -112,6 +160,11 @@ IP:
PORT: 54000
PASSPHRASE: s3cr37w0rd
GROUP_HANGTIME: 5
USE_ACL: True
REG_ACL: DENY:1
SUB_ACL: DENY:1
TGID_TS1_ACL: PERMIT:ALL
TGID_TS2_ACL: PERMIT:ALL
# PEER INSTANCES - DUPLICATE SECTION FOR MULTIPLE PEERS
# There are a LOT of errors in the HB Protocol specifications on this one!
@ -122,6 +175,9 @@ GROUP_HANGTIME: 5
# Height is in meters
# Setting Loose to True relaxes the validation on packets received from the master.
# This will allow HBlink to connect to a non-compliant system such as XLXD, DMR+ etc.
#
# ACLs:
# See comments in the GLOBAL stanza
[REPEATER-1]
MODE: PEER
ENABLED: True
@ -148,4 +204,8 @@ URL: www.w1abc.org
SOFTWARE_ID: 20170620
PACKAGE_ID: MMDVM_HBlink
GROUP_HANGTIME: 5
OPTIONS:
OPTIONS:
USE_ACL: True
SUB_ACL: DENY:1
TGID_TS1_ACL: PERMIT:ALL
TGID_TS2_ACL: PERMIT:ALL

228
hblink.py
View File

@ -48,6 +48,7 @@ from twisted.internet import reactor, task
# Other files we pull from -- this is mostly for readability and segmentation
import hb_log
import hb_config
import hb_const as const
from dmr_utils.utils import int_id, hex_str_4
# Imports for the reporting server
@ -93,93 +94,15 @@ def hblink_handler(_signal, _frame, _logger):
_logger.info('SHUTDOWN: DE-REGISTER SYSTEM: %s', system)
systems[system].dereg()
# Import subscriber registration ACL
# REG_ACL may be a single list of subscriber IDs
# Global action is to allow or deny them. Multiple lists with different actions and ranges
# are not yet implemented.
def build_reg_acl(_reg_acl, _logger):
REG_ACL = set()
try:
acl_file = import_module(_reg_acl)
_logger.info('Registration ACL file found, importing entries. This will take about 1.5 seconds per 1 million IDs')
sections = acl_file.REG_ACL.split(':')
REG_ACL_ACTION = sections[0]
entries_str = sections[1]
for entry in entries_str.split(','):
if '-' in entry:
start,end = entry.split('-')
start,end = int(start), int(end)
for id in range(start, end+1):
REG_ACL.add(hex_str_4(id))
else:
id = int(entry)
REG_ACL.add(hex_str_4(id))
_logger.info('Registration ACL loaded: action "{}" for {:,} registration IDs'.format( REG_ACL_ACTION, len(REG_ACL)))
# Check a supplied ID against the ACL provided. Returns action (True|False) based
# on matching and the action specified.
def acl_check(_id, _acl):
id = int_id(_id)
for entry in _acl[1]:
if entry[0] <= id <= entry[1]:
return _acl[0]
return not _acl[0]
except ImportError:
_logger.info('Registration ACL file not found or invalid - all IDs may register with this system')
REG_ACL_ACTION = 'NONE'
# Depending on which type of REG_ACL is used (PERMIT, DENY... or there isn't one)
# define a differnet function to be used to check the ACL
global allow_reg
if REG_ACL_ACTION == 'PERMIT':
def allow_reg(_id):
if _id in REG_ACL:
return True
else:
return False
elif REG_ACL_ACTION == 'DENY':
def allow_reg(_id):
if _id not in REG_ACL:
return True
else:
return False
else:
def allow_reg(_id):
return True
return REG_ACL
#************************************************
# AMBE CLASS: Used to parse out AMBE and send to gateway
#************************************************
class AMBE:
def __init__(self, _config, _logger):
self._CONFIG = _config
self._logger = _logger
self._sock = socket.socket(socket.AF_INET,socket.SOCK_DGRAM)
self._exp_ip = self._CONFIG['AMBE']['EXPORT_IP']
self._exp_port = self._CONFIG['AMBE']['EXPORT_PORT']
def parseAMBE(self, _peer, _data):
_seq = int_id(_data[4:5])
_srcID = int_id(_data[5:8])
_dstID = int_id(_data[8:11])
_rptID = int_id(_data[11:15])
_bits = int_id(_data[15:16]) # SCDV NNNN (Slot|Call type|Data|Voice|Seq or Data type)
_slot = 2 if _bits & 0x80 else 1
_callType = 1 if (_bits & 0x40) else 0
_frameType = (_bits & 0x30) >> 4
_voiceSeq = (_bits & 0x0f)
_streamID = int_id(_data[16:20])
self._logger.debug('(%s) seq: %d srcID: %d dstID: %d rptID: %d bits: %0X slot:%d callType: %d frameType: %d voiceSeq: %d streamID: %0X',
_peer, _seq, _srcID, _dstID, _rptID, _bits, _slot, _callType, _frameType, _voiceSeq, _streamID )
#logger.debug('Frame 1:(%s)', self.ByteToHex(_data))
_dmr_frame = BitArray('0x'+ahex(_data[20:]))
_ambe = _dmr_frame[0:108] + _dmr_frame[156:264]
#_sock.sendto(_ambe.tobytes(), ("127.0.0.1", 31000))
ambeBytes = _ambe.tobytes()
self._sock.sendto(ambeBytes[0:9], (self._exp_ip, self._exp_port))
self._sock.sendto(ambeBytes[9:18], (self._exp_ip, self._exp_port))
self._sock.sendto(ambeBytes[18:27], (self._exp_ip, self._exp_port))
#************************************************
@ -194,6 +117,7 @@ class OPENBRIDGE(DatagramProtocol):
self._logger = _logger
self._report = _report
self._config = self._CONFIG['SYSTEMS'][self._system]
self._laststrid = ''
def dereg(self):
self._logger.info('(%s) is mode OPENBRIDGE. No De-Registration required, continuing shutdown', self._system)
@ -206,7 +130,7 @@ class OPENBRIDGE(DatagramProtocol):
# KEEP THE FOLLOWING COMMENTED OUT UNLESS YOU'RE DEBUGGING DEEPLY!!!!
# self._logger.debug('(%s) TX Packet to OpenBridge %s:%s -- %s', self._system, self._config['TARGET_IP'], self._config['TARGET_PORT'], ahex(_packet))
else:
self._logger.error('(%s) OpenBridge system was asked to send non DMRD packet')
self._logger.error('(%s) OpenBridge system was asked to send non DMRD packet', self._system)
def dmrd_received(self, _peer_id, _rf_src, _dst_id, _seq, _slot, _call_type, _frame_type, _dtype_vseq, _stream_id, _data):
pass
@ -233,12 +157,42 @@ class OPENBRIDGE(DatagramProtocol):
_dtype_vseq = (_bits & 0xF) # data, 1=voice header, 2=voice terminator; voice, 0=burst A ... 5=burst F
_stream_id = _data[16:20]
#self._logger.debug('(%s) DMRD - Seqence: %s, RF Source: %s, Destination ID: %s', self._system, int_id(_seq), int_id(_rf_src), int_id(_dst_id))
# Sanity check for OpenBridge -- all calls must be on Slot 1
if _slot != 1:
self._logger.error('(%s) OpenBridge packet discarded because it was not received on slot 1. SID: %s, TGID %s', self._system, int_id(_rf_src), int_id(_dst_id))
return
# ACL Processing
if self._CONFIG['GLOBAL']['USE_ACL']:
if not acl_check(_rf_src, self._CONFIG['GLOBAL']['SUB_ACL']):
if self._laststrid != _stream_id:
self._logger.debug('(%s) CALL DROPPED WITH STREAM ID %s FROM SUBSCRIBER %s BY GLOBAL ACL', self._system, int_id(_stream_id), int_id(_rf_src))
self._laststrid = _stream_id
return
if _slot == 1 and not acl_check(_dst_id, self._CONFIG['GLOBAL']['TG1_ACL']):
if self._laststrid != _stream_id:
self._logger.info('(%s) CALL DROPPED WITH STREAM ID %s ON TGID %s BY GLOBAL TS1 ACL', self._system, int_id(_stream_id), int_id(_dst_id))
self._laststrid = _stream_id
return
if self._config['USE_ACL']:
if not acl_check(_rf_src, self._config['SUB_ACL']):
if self._laststrid != _stream_id:
self._logger.debug('(%s) CALL DROPPED WITH STREAM ID %s FROM SUBSCRIBER %s BY SYSTEM ACL', self._system, int_id(_stream_id), int_id(_rf_src))
self._laststrid = _stream_id
return
if not acl_check(_dst_id, self._config['TG1_ACL']):
if self._laststrid != _stream_id:
self._logger.debug('(%s) CALL DROPPED WITH STREAM ID %s ON TGID %s BY SYSTEM ACL', self._system, int_id(_stream_id), int_id(_dst_id))
self._laststrid = _stream_id
return
self._laststrid = _stream_id
# Userland actions -- typically this is the function you subclass for an application
self.dmrd_received(_peer_id, _rf_src, _dst_id, _seq, _slot, _call_type, _frame_type, _dtype_vseq, _stream_id, _data)
else:
self._logger.info('(%s) OpenBridge HMAC failed, packet discarded - OPCODE: %s DATA: %s HMAC LENGTH: %s HMAC: %s', self._system, _packet[:4], repr(_packet[:53]), len(_packet[53:]), repr(_packet[53:]))
#************************************************
# HB MASTER CLASS
@ -252,6 +206,7 @@ class HBSYSTEM(DatagramProtocol):
self._logger = _logger
self._report = _report
self._config = self._CONFIG['SYSTEMS'][self._system]
self._laststrid = ''
# Define shortcuts and generic function names based on the type of system we are
if self._config['MODE'] == 'MASTER':
@ -267,10 +222,6 @@ class HBSYSTEM(DatagramProtocol):
self.maintenance_loop = self.peer_maintenance_loop
self.datagramReceived = self.peer_datagramReceived
self.dereg = self.peer_dereg
# Configure for AMBE audio export if enabled
if self._config['EXPORT_AMBE']:
self._ambe = AMBE(_config, _logger)
def startProtocol(self):
# Set up periodic loop for tracking pings from peers. Run every 'PING_TIME' seconds
@ -363,10 +314,41 @@ class HBSYSTEM(DatagramProtocol):
_dtype_vseq = (_bits & 0xF) # data, 1=voice header, 2=voice terminator; voice, 0=burst A ... 5=burst F
_stream_id = _data[16:20]
#self._logger.debug('(%s) DMRD - Seqence: %s, RF Source: %s, Destination ID: %s', self._system, int_id(_seq), int_id(_rf_src), int_id(_dst_id))
# If AMBE audio exporting is configured...
if self._config['EXPORT_AMBE']:
self._ambe.parseAMBE(self._system, _data)
# ACL Processing
if self._CONFIG['GLOBAL']['USE_ACL']:
if not acl_check(_rf_src, self._CONFIG['GLOBAL']['SUB_ACL']):
if self._laststrid != _stream_id:
self._logger.debug('(%s) CALL DROPPED WITH STREAM ID %s FROM SUBSCRIBER %s BY GLOBAL ACL', self._system, int_id(_stream_id), int_id(_rf_src))
self._laststrid = _stream_id
return
if _slot == 1 and not acl_check(_dst_id, self._CONFIG['GLOBAL']['TG1_ACL']):
if self._laststrid != _stream_id:
self._logger.debug('(%s) CALL DROPPED WITH STREAM ID %s ON TGID %s BY GLOBAL TS1 ACL', self._system, int_id(_stream_id), int_id(_dst_id))
self._laststrid = _stream_id
return
if _slot == 2 and not acl_check(_dst_id, self._CONFIG['GLOBAL']['TG2_ACL']):
if self._laststrid != _stream_id:
self._logger.debug('(%s) CALL DROPPED WITH STREAM ID %s ON TGID %s BY GLOBAL TS2 ACL', self._system, int_id(_stream_id), int_id(_dst_id))
self._laststrid = _stream_id
return
if self._config['USE_ACL']:
if not acl_check(_rf_src, self._config['SUB_ACL']):
if self._laststrid != _stream_id:
self._logger.debug('(%s) CALL DROPPED WITH STREAM ID %s FROM SUBSCRIBER %s BY SYSTEM ACL', self._system, int_id(_stream_id), int_id(_rf_src))
self._laststrid = _stream_id
return
if _slot == 1 and not acl_check(_dst_id, self._config['TG1_ACL']):
if self._laststrid != _stream_id:
self._logger.debug('(%s) CALL DROPPED WITH STREAM ID %s ON TGID %s BY SYSTEM TS1 ACL', self._system, int_id(_stream_id), int_id(_dst_id))
self._laststrid = _stream_id
return
if _slot == 2 and not acl_check(_dst_id, self._config['TG2_ACL']):
if self._laststrid != _stream_id:
self._logger.debug('(%s) CALL DROPPED WITH STREAM ID %s ON TGID %s BY SYSTEM TS2 ACL', self._system, int_id(_stream_id), int_id(_dst_id))
self._laststrid = _stream_id
return
self._laststrid = _stream_id
# The basic purpose of a master is to repeat to the peers
if self._config['REPEAT'] == True:
@ -377,13 +359,16 @@ class HBSYSTEM(DatagramProtocol):
#self.send_peer(_peer, _data[:11] + self._config['RADIO_ID'] + _data[15:])
#self._logger.debug('(%s) Packet on TS%s from %s (%s) for destination ID %s repeated to peer: %s (%s) [Stream ID: %s]', self._system, _slot, self._peers[_peer_id]['CALLSIGN'], int_id(_peer_id), int_id(_dst_id), self._peers[_peer]['CALLSIGN'], int_id(_peer), int_id(_stream_id))
# Userland actions -- typically this is the function you subclass for an application
self.dmrd_received(_peer_id, _rf_src, _dst_id, _seq, _slot, _call_type, _frame_type, _dtype_vseq, _stream_id, _data)
elif _command == 'RPTL': # RPTLogin -- a repeater wants to login
_peer_id = _data[4:8]
if allow_reg(_peer_id): # Check for valid Radio ID
self._peers.update({_peer_id: { # Build the configuration data strcuture for the peer
# Check for valid Radio ID
if acl_check(_peer_id, self._CONFIG['REG_ACL']) and acl_check(_peer_id, self._config['REG_ACL']):
# Build the configuration data strcuture for the peer
self._peers.update({_peer_id: {
'CONNECTION': 'RPTL-RECEIVED',
'PINGS_RECEIVED': 0,
'LAST_PING': time(),
@ -515,10 +500,42 @@ class HBSYSTEM(DatagramProtocol):
_dtype_vseq = (_bits & 0xF) # data, 1=voice header, 2=voice terminator; voice, 0=burst A ... 5=burst F
_stream_id = _data[16:20]
self._logger.debug('(%s) DMRD - Sequence: %s, RF Source: %s, Destination ID: %s', self._system, int_id(_seq), int_id(_rf_src), int_id(_dst_id))
# If AMBE audio exporting is configured...
if self._config['EXPORT_AMBE']:
self._ambe.parseAMBE(self._system, _data)
# ACL Processing
if self._CONFIG['GLOBAL']['USE_ACL']:
if not acl_check(_rf_src, self._CONFIG['GLOBAL']['SUB_ACL']):
if self._laststrid != _stream_id:
self._logger.debug('(%s) CALL DROPPED WITH STREAM ID %s FROM SUBSCRIBER %s BY GLOBAL ACL', self._system, int_id(_stream_id), int_id(_rf_src))
self._laststrid = _stream_id
return
if _slot == 1 and not acl_check(_dst_id, self._CONFIG['GLOBAL']['TG1_ACL']):
if self._laststrid != _stream_id:
self._logger.debug('(%s) CALL DROPPED WITH STREAM ID %s ON TGID %s BY GLOBAL TS1 ACL', self._system, int_id(_stream_id), int_id(_dst_id))
self._laststrid = _stream_id
return
if _slot == 2 and not acl_check(_dst_id, self._CONFIG['GLOBAL']['TG2_ACL']):
if self._laststrid != _stream_id:
self._logger.debug('(%s) CALL DROPPED WITH STREAM ID %s ON TGID %s BY GLOBAL TS2 ACL', self._system, int_id(_stream_id), int_id(_dst_id))
self._laststrid = _stream_id
return
if self._config['USE_ACL']:
if not acl_check(_rf_src, self._config['SUB_ACL']):
if self._laststrid != _stream_id:
self._logger.debug('(%s) CALL DROPPED WITH STREAM ID %s FROM SUBSCRIBER %s BY SYSTEM ACL', self._system, int_id(_stream_id), int_id(_rf_src))
self._laststrid = _stream_id
return
if _slot == 1 and not acl_check(_dst_id, self._config['TG1_ACL']):
if self._laststrid != _stream_id:
self._logger.debug('(%s) CALL DROPPED WITH STREAM ID %s ON TGID %s BY SYSTEM TS1 ACL', self._system, int_id(_stream_id), int_id(_dst_id))
self._laststrid = _stream_id
return
if _slot == 2 and not acl_check(_dst_id, self._config['TG2_ACL']):
if self._laststrid != _stream_id:
self._logger.debug('(%s) CALL DROPPED WITH STREAM ID %s ON TGID %s BY SYSTEM TS2 ACL', self._system, int_id(_stream_id), int_id(_dst_id))
self._laststrid = _stream_id
return
self._laststrid = _stream_id
# Userland actions -- typically this is the function you subclass for an application
self.dmrd_received(_peer_id, _rf_src, _dst_id, _seq, _slot, _call_type, _frame_type, _dtype_vseq, _stream_id, _data)
@ -701,9 +718,6 @@ if __name__ == '__main__':
for sig in [signal.SIGTERM, signal.SIGINT]:
signal.signal(sig, sig_handler)
# Build the Registration Access Control List
REG_ACL = build_reg_acl('reg_acl', logger)
# INITIALIZE THE REPORTING LOOP
report_server = config_reports(CONFIG, logger, reportFactory)
@ -718,4 +732,4 @@ if __name__ == '__main__':
reactor.listenUDP(CONFIG['SYSTEMS'][system]['PORT'], systems[system], interface=CONFIG['SYSTEMS'][system]['IP'])
logger.debug('%s instance created: %s, %s', CONFIG['SYSTEMS'][system]['MODE'], system, systems[system])
reactor.run()
reactor.run()

11
reg_acl-SAMPLE.py
View File

@ -1,11 +0,0 @@
#
# Used to limit HomeBrew repeater Protocol registrations.
#
# If this is the SAMPLE file, you'll need to made a copy or start from scratch
# with one called reg_acl.py
#
# The 'action' May be PERMIT|DENY
# Each entry may be a single radio id, or a hypenated range (e.g. 1-2999)
# Format:
# ACL = 'action:id|start-end|,id|start-end,....'
REG_ACL = 'DENY:1'

9
sub_acl-SAMPLE.py
View File

@ -1,9 +0,0 @@
#
# To use this feature, you'll need to copy this, or create a file called
# sub_acl.py that's like this one, with your local parameters in it.
#
# The 'action' May be PERMIT|DENY
# Each entry may be a single radio id, or a hypenated range (e.g. 1-2999)
# Format:
# ACL = 'action:id|start-end|,id|start-end,....'
ACL = 'DENY:0-2999,4000000-4000999'