Add traffic source validation:

Change behaviour of NETWORK_ID in OPENBRIDGE config: This should be the ID of remote system. If traffic received on this bridge is not shown as from this ID, it will be disgarded. Fix reporting of PEER so it actually takes the peer from the incoming connection, not NETWORK_ID: So, in short: SERVER_ID in [GLOBAL] - the ID you send to other servers via OBP NETWORK_ID in OPENBRIDGE - the expected ** remote ** ID for the bridge.
2021-06-15 00:24:49 +01:00 · 2021-06-15 00:24:49 +01:00 · fa20a25852
commit fa20a25852
parent c2cd23f341
2 changed files with 9 additions and 3 deletions
--- a/bridge_master.py
+++ b/bridge_master.py
@ -416,9 +416,9 @@ def stream_trimmer_loop():
                    _sysconfig = CONFIG['SYSTEMS'][system]
                    #systems[system].STATUS[stream_id]['_fin'] = True
                    logger.info('(%s) *TIME OUT*   STREAM ID: %s SUB: %s PEER: %s TGID: %s TS 1 Duration: %.2f', \
-                        system, int_id(stream_id), get_alias(int_id(_stream['RFS']), subscriber_ids), get_alias(int_id(_sysconfig['NETWORK_ID']), peer_ids), get_alias(int_id(_stream['TGID']), talkgroup_ids), _stream['LAST'] - _stream['START'])
+                        system, int_id(stream_id), get_alias(int_id(_stream['RFS']), subscriber_ids), get_alias(int_id(_stream['RX_PEER']), peer_ids), get_alias(int_id(_stream['TGID']), talkgroup_ids), _stream['LAST'] - _stream['START'])
                    if CONFIG['REPORTS']['REPORT']:
-                            systems[system]._report.send_bridgeEvent('GROUP VOICE,END,RX,{},{},{},{},{},{},{:.2f}'.format(system, int_id(stream_id), int_id(_sysconfig['NETWORK_ID']), int_id(_stream['RFS']), 1, int_id(_stream['TGID']), _stream['LAST'] - _stream['START']).encode(encoding='utf-8', errors='ignore'))
+                            systems[system]._report.send_bridgeEvent('GROUP VOICE,END,RX,{},{},{},{},{},{},{:.2f}'.format(system, int_id(stream_id), int_id(_stream['RX_PEER']), int_id(_stream['RFS']), 1, int_id(_stream['TGID']), _stream['LAST'] - _stream['START']).encode(encoding='utf-8', errors='ignore'))
                    systems[system].STATUS[stream_id]['_to'] = True
                    continue
                #except:
@ -1185,6 +1185,7 @@ class routerOBP(OPENBRIDGE):
                            'CONTENTION':False,
                            'RFS':       _rf_src,
                            'TGID':      _dst_id,
+                            'RX_PEER': _peer_id
                        }
                        # Generate LCs (full and EMB) for the TX stream
                        try:
@ -1333,7 +1334,8 @@ class routerOBP(OPENBRIDGE):
                    'TGID':      _dst_id,
                    '1ST': True,
                    'lastSeq': False,
-                    'lastData': False
+                    'lastData': False,
+                    'RX_PEER': _peer_id

                }

@ -1548,6 +1550,7 @@ class routerHBP(HBSYSTEM):
                                'CONTENTION':False,
                                'RFS':       _rf_src,
                                'TGID':      _dst_id,
+                                'RX_PEER':   _peer_id
                            }
                            # Generate LCs (full and EMB) for the TX stream
                            dst_lc = b''.join([self.STATUS[_slot]['RX_LC'][0:3], _target['TGID'], _rf_src])
--- a/hblink.py
+++ b/hblink.py
@ -169,6 +169,9 @@ class OPENBRIDGE(DatagramProtocol):

            if compare_digest(_hash, _ckhs) and (_sockaddr == self._config['TARGET_SOCK'] or self._config['RELAX_CHECKS']):
                _peer_id = _data[11:15]
+                if self._config['NETWORK_ID'] != _peer_id:
+                    logger.error('(%s) OpenBridge packet discarded because NETWORK_ID: %s Does not match sent Peer ID: %s', self._system, self._config['NETWORK_ID'], _peer_id)
+                    return
                _seq = _data[4]
                _rf_src = _data[5:8]
                _dst_id = _data[8:11]