From 0fd6758161afa00adc4392596277e05a10663b6b Mon Sep 17 00:00:00 2001 From: Bryan Biedenkapp Date: Mon, 10 Mar 2025 21:07:05 -0400 Subject: [PATCH] allow always send peers to ignore reject unknown RID (always send peers are treated specially); --- src/fne/network/callhandler/TagDMRData.cpp | 45 +++++++++++--------- src/fne/network/callhandler/TagNXDNData.cpp | 43 +++++++++++-------- src/fne/network/callhandler/TagP25Data.cpp | 46 +++++++++++++-------- 3 files changed, 79 insertions(+), 55 deletions(-) diff --git a/src/fne/network/callhandler/TagDMRData.cpp b/src/fne/network/callhandler/TagDMRData.cpp index e5705e31..99106df1 100644 --- a/src/fne/network/callhandler/TagDMRData.cpp +++ b/src/fne/network/callhandler/TagDMRData.cpp @@ -751,6 +751,7 @@ bool TagDMRData::isPeerPermitted(uint32_t peerId, data::NetData& data, uint32_t bool TagDMRData::validate(uint32_t peerId, data::NetData& data, uint32_t streamId) { // is the source ID a blacklisted ID? + bool rejectUnknownBadCall = false; lookups::RadioId rid = m_network->m_ridLookup->find(data.getSrcId()); if (!rid.radioDefault()) { if (!rid.radioEnabled()) { @@ -777,25 +778,7 @@ bool TagDMRData::validate(uint32_t peerId, data::NetData& data, uint32_t streamI // if this is a default radio -- and we are rejecting undefined radios // report call error if (m_network->m_rejectUnknownRID) { - // report error event to InfluxDB - if (m_network->m_enableInfluxDB) { - influxdb::QueryBuilder() - .meas("call_error_event") - .tag("peerId", std::to_string(peerId)) - .tag("streamId", std::to_string(streamId)) - .tag("srcId", std::to_string(data.getSrcId())) - .tag("dstId", std::to_string(data.getDstId())) - .field("message", INFLUXDB_ERRSTR_DISABLED_SRC_RID) - .field("slot", data.getSlotNo()) - .timestamp(std::chrono::duration_cast(std::chrono::system_clock::now().time_since_epoch()).count()) - .request(m_network->m_influxServer); - } - - LogWarning(LOG_NET, "DMR slot %s, illegal/unknown RID attempted access, srcId = %u, dstId = %u", data.getSlotNo(), data.getSrcId(), data.getDstId()); - - // report In-Call Control to the peer sending traffic - m_network->writePeerICC(peerId, streamId, NET_SUBFUNC::PROTOCOL_SUBFUNC_DMR, NET_ICC::REJECT_TRAFFIC, data.getDstId(), data.getSlotNo()); - return false; + rejectUnknownBadCall = true; } } @@ -883,7 +866,31 @@ bool TagDMRData::validate(uint32_t peerId, data::NetData& data, uint32_t streamI auto it = std::find(alwaysSend.begin(), alwaysSend.end(), peerId); if (it != alwaysSend.end()) { isAlwaysPeer = true; // skip any following checks and always send traffic + rejectUnknownBadCall = false; + } + } + + // fail call if the reject flag is set + if (rejectUnknownBadCall) { + // report error event to InfluxDB + if (m_network->m_enableInfluxDB) { + influxdb::QueryBuilder() + .meas("call_error_event") + .tag("peerId", std::to_string(peerId)) + .tag("streamId", std::to_string(streamId)) + .tag("srcId", std::to_string(data.getSrcId())) + .tag("dstId", std::to_string(data.getDstId())) + .field("message", INFLUXDB_ERRSTR_DISABLED_SRC_RID) + .field("slot", data.getSlotNo()) + .timestamp(std::chrono::duration_cast(std::chrono::system_clock::now().time_since_epoch()).count()) + .request(m_network->m_influxServer); } + + LogWarning(LOG_NET, "DMR slot %s, illegal/unknown RID attempted access, srcId = %u, dstId = %u", data.getSlotNo(), data.getSrcId(), data.getDstId()); + + // report In-Call Control to the peer sending traffic + m_network->writePeerICC(peerId, streamId, NET_SUBFUNC::PROTOCOL_SUBFUNC_DMR, NET_ICC::REJECT_TRAFFIC, data.getDstId(), data.getSlotNo()); + return false; } // check the DMR slot number diff --git a/src/fne/network/callhandler/TagNXDNData.cpp b/src/fne/network/callhandler/TagNXDNData.cpp index d19dae20..0fc2f6c6 100644 --- a/src/fne/network/callhandler/TagNXDNData.cpp +++ b/src/fne/network/callhandler/TagNXDNData.cpp @@ -558,6 +558,7 @@ bool TagNXDNData::isPeerPermitted(uint32_t peerId, lc::RTCH& lc, uint8_t message bool TagNXDNData::validate(uint32_t peerId, lc::RTCH& lc, uint8_t messageType, uint32_t streamId) { // is the source ID a blacklisted ID? + bool rejectUnknownBadCall = false; lookups::RadioId rid = m_network->m_ridLookup->find(lc.getSrcId()); if (!rid.radioDefault()) { if (!rid.radioEnabled()) { @@ -583,24 +584,7 @@ bool TagNXDNData::validate(uint32_t peerId, lc::RTCH& lc, uint8_t messageType, u // if this is a default radio -- and we are rejecting undefined radios // report call error if (m_network->m_rejectUnknownRID) { - // report error event to InfluxDB - if (m_network->m_enableInfluxDB) { - influxdb::QueryBuilder() - .meas("call_error_event") - .tag("peerId", std::to_string(peerId)) - .tag("streamId", std::to_string(streamId)) - .tag("srcId", std::to_string(lc.getSrcId())) - .tag("dstId", std::to_string(lc.getDstId())) - .field("message", INFLUXDB_ERRSTR_DISABLED_SRC_RID) - .timestamp(std::chrono::duration_cast(std::chrono::system_clock::now().time_since_epoch()).count()) - .request(m_network->m_influxServer); - } - - LogWarning(LOG_NET, "NXDN, illegal/unknown RID attempted access, srcId = %u, dstId = %u", lc.getSrcId(), lc.getDstId()); - - // report In-Call Control to the peer sending traffic - m_network->writePeerICC(peerId, streamId, NET_SUBFUNC::PROTOCOL_SUBFUNC_NXDN, NET_ICC::REJECT_TRAFFIC, lc.getDstId()); - return false; + rejectUnknownBadCall = true; } } @@ -689,9 +673,32 @@ bool TagNXDNData::validate(uint32_t peerId, lc::RTCH& lc, uint8_t messageType, u auto it = std::find(alwaysSend.begin(), alwaysSend.end(), peerId); if (it != alwaysSend.end()) { isAlwaysPeer = true; // skip any following checks and always send traffic + rejectUnknownBadCall = false; } } + // fail call if the reject flag is set + if (rejectUnknownBadCall) { + // report error event to InfluxDB + if (m_network->m_enableInfluxDB) { + influxdb::QueryBuilder() + .meas("call_error_event") + .tag("peerId", std::to_string(peerId)) + .tag("streamId", std::to_string(streamId)) + .tag("srcId", std::to_string(lc.getSrcId())) + .tag("dstId", std::to_string(lc.getDstId())) + .field("message", INFLUXDB_ERRSTR_DISABLED_SRC_RID) + .timestamp(std::chrono::duration_cast(std::chrono::system_clock::now().time_since_epoch()).count()) + .request(m_network->m_influxServer); + } + + LogWarning(LOG_NET, "NXDN, illegal/unknown RID attempted access, srcId = %u, dstId = %u", lc.getSrcId(), lc.getDstId()); + + // report In-Call Control to the peer sending traffic + m_network->writePeerICC(peerId, streamId, NET_SUBFUNC::PROTOCOL_SUBFUNC_NXDN, NET_ICC::REJECT_TRAFFIC, lc.getDstId()); + return false; + } + // is the TGID active? if (!tg.config().active()) { // report error event to InfluxDB diff --git a/src/fne/network/callhandler/TagP25Data.cpp b/src/fne/network/callhandler/TagP25Data.cpp index fd73f2b7..f88dee48 100644 --- a/src/fne/network/callhandler/TagP25Data.cpp +++ b/src/fne/network/callhandler/TagP25Data.cpp @@ -1075,6 +1075,7 @@ bool TagP25Data::validate(uint32_t peerId, lc::LC& control, DUID::E duid, const //LogDebug(LOG_NET, "P25, duid = $%02X, mfId = $%02X, lco = $%02X, srcId = %u, dstId = %u", duid, control.getMFId(), control.getLCO(), control.getSrcId(), control.getDstId()); // is the source ID a blacklisted ID? + bool rejectUnknownBadCall = false; if (!skipRidCheck) { lookups::RadioId rid = m_network->m_ridLookup->find(control.getSrcId()); if (!rid.radioDefault()) { @@ -1101,24 +1102,7 @@ bool TagP25Data::validate(uint32_t peerId, lc::LC& control, DUID::E duid, const // if this is a default radio -- and we are rejecting undefined radios // report call error if (m_network->m_rejectUnknownRID) { - // report error event to InfluxDB - if (m_network->m_enableInfluxDB) { - influxdb::QueryBuilder() - .meas("call_error_event") - .tag("peerId", std::to_string(peerId)) - .tag("streamId", std::to_string(streamId)) - .tag("srcId", std::to_string(control.getSrcId())) - .tag("dstId", std::to_string(control.getDstId())) - .field("message", INFLUXDB_ERRSTR_DISABLED_SRC_RID) - .timestamp(std::chrono::duration_cast(std::chrono::system_clock::now().time_since_epoch()).count()) - .request(m_network->m_influxServer); - } - - LogWarning(LOG_NET, "P25, illegal/unknown RID attempted access, srcId = %u, dstId = %u", control.getSrcId(), control.getDstId()); - - // report In-Call Control to the peer sending traffic - m_network->writePeerICC(peerId, streamId, NET_SUBFUNC::PROTOCOL_SUBFUNC_P25, NET_ICC::REJECT_TRAFFIC, control.getDstId()); - return false; + rejectUnknownBadCall = true; } } } @@ -1185,6 +1169,9 @@ bool TagP25Data::validate(uint32_t peerId, lc::LC& control, DUID::E duid, const // always validate a TSDU or PDU if the source is valid if (duid == DUID::TSDU) { + if (rejectUnknownBadCall) + return false; + if (tsbk != nullptr) { // handle standard P25 reference opcodes switch (tsbk->getLCO()) { @@ -1256,9 +1243,32 @@ bool TagP25Data::validate(uint32_t peerId, lc::LC& control, DUID::E duid, const auto it = std::find(alwaysSend.begin(), alwaysSend.end(), peerId); if (it != alwaysSend.end()) { isAlwaysPeer = true; // skip any following checks and always send traffic + rejectUnknownBadCall = false; } } + // fail call if the reject flag is set + if (rejectUnknownBadCall) { + // report error event to InfluxDB + if (m_network->m_enableInfluxDB) { + influxdb::QueryBuilder() + .meas("call_error_event") + .tag("peerId", std::to_string(peerId)) + .tag("streamId", std::to_string(streamId)) + .tag("srcId", std::to_string(control.getSrcId())) + .tag("dstId", std::to_string(control.getDstId())) + .field("message", INFLUXDB_ERRSTR_DISABLED_SRC_RID) + .timestamp(std::chrono::duration_cast(std::chrono::system_clock::now().time_since_epoch()).count()) + .request(m_network->m_influxServer); + } + + LogWarning(LOG_NET, "P25, illegal/unknown RID attempted access, srcId = %u, dstId = %u", control.getSrcId(), control.getDstId()); + + // report In-Call Control to the peer sending traffic + m_network->writePeerICC(peerId, streamId, NET_SUBFUNC::PROTOCOL_SUBFUNC_P25, NET_ICC::REJECT_TRAFFIC, control.getDstId()); + return false; + } + // is the TGID active? if (!tg.config().active()) { // report error event to InfluxDB