diff --git a/hblink.py b/hblink.py index bf8edb6..3f7a64c 100755 --- a/hblink.py +++ b/hblink.py @@ -532,14 +532,113 @@ class OPENBRIDGE(DatagramProtocol): elif _packet[:4] == DMRF: -<<<<<<< HEAD - _stream_id = _packet[16:20] + _data = _packet[:53] + _timestamp = _packet[53:60] + _hops = _packet[61] + _hash = _packet[62:] + #_ckhs = hmac_new(self._config['PASSPHRASE'],_data,sha1).digest() + _h = blake2b(key=self._config['PASSPHRASE'], digest_size=16) + if 'VER' in self._config and self._config['VER'] > 2: + _h.update(_packet[:53]) + elif 'VER' in self._config and self._config['VER'] == 2: + _h.update(_packet[:61]) + + _ckhs = _h.digest() + if compare_digest(_hash, _ckhs) and (_sockaddr == self._config['TARGET_SOCK'] or self._config['RELAX_CHECKS']): + _peer_id = _data[11:15] + if self._config['NETWORK_ID'] != _peer_id: + logger.error('(%s) OpenBridge packet discarded because NETWORK_ID: %s Does not match sent Peer ID: %s', self._system, int_id(self._config['NETWORK_ID']), int_id(_peer_id)) + return + _seq = _data[4] + _rf_src = _data[5:8] + _dst_id = _data[8:11] + _int_dst_id = int_id(_dst_id) + _bits = _data[15] + _slot = 2 if (_bits & 0x80) else 1 + #_call_type = 'unit' if (_bits & 0x40) else 'group' + if _bits & 0x40: + _call_type = 'unit' + elif (_bits & 0x23) == 0x23: + _call_type = 'vcsbk' + else: + _call_type = 'group' + _frame_type = (_bits & 0x30) >> 4 + _dtype_vseq = (_bits & 0xF) # data, 1=voice header, 2=voice terminator; voice, 0=burst A ... 5=burst F + _stream_id = _data[16:20] + #logger.debug('(%s) DMRD - Seqence: %s, RF Source: %s, Destination ID: %s', self._system, int_id(_seq), int_id(_rf_src), int_id(_dst_id)) + + #Don't do anything if we are STUNned + if 'STUN' in self._CONFIG: + if _stream_id not in self._laststrid: + logger.warning('(%s) Bridge STUNned, discarding', self._system) + self._laststrid.append(_stream_id) + return + + #Increment max hops + _inthops = _hops +1 + + if _inthops > 10: + logger.warning('(%s) MAX HOPS exceed, dropping. Hops: %s, DST: %s', self._system, _inthops, _int_dst_id) + self.send_bcsq(_dst_id,_stream_id) + return + + + #Low-level TG filtering + if _call_type != 'unit': + _int_dst_id = int_id(_dst_id) + if _int_dst_id <= 79 or (_int_dst_id >= 9990 and _int_dst_id <= 9999) or _int_dst_id == 900999: + if _stream_id not in self._laststrid: + logger.info('(%s) CALL DROPPED WITH STREAM ID %s FROM SUBSCRIBER %s BY GLOBAL TG FILTER', self._system, int_id(_stream_id), _int_dst_id) + self.send_bcsq(_dst_id,_stream_id) + self._laststrid.append(_stream_id) + return + + # ACL Processing + if self._CONFIG['GLOBAL']['USE_ACL']: + if not acl_check(_rf_src, self._CONFIG['GLOBAL']['SUB_ACL']): + if _stream_id not in self._laststrid: + logger.info('(%s) CALL DROPPED WITH STREAM ID %s ON TGID %s BY GLOBAL TS1 ACL', self._system, int_id(_stream_id), int_id(_rf_src)) + self.send_bcsq(_dst_id,_stream_id) + self._laststrid.append(_stream_id) + return + if _slot == 1 and not acl_check(_dst_id, self._CONFIG['GLOBAL']['TG1_ACL']): + if _stream_id not in self._laststrid: + logger.info('(%s) CALL DROPPED WITH STREAM ID %s ON TGID %s BY GLOBAL TS1 ACL', self._system, int_id(_stream_id), int_id(_dst_id)) + self.send_bcsq(_dst_id,_stream_id) + self._laststrid.append(_stream_id) + return + if self._config['USE_ACL']: + if not acl_check(_rf_src, self._config['SUB_ACL']): + if _stream_id not in self._laststrid: + logger.info('(%s) CALL DROPPED WITH STREAM ID %s FROM SUBSCRIBER %s BY SYSTEM ACL', self._system, int_id(_stream_id), int_id(_rf_src)) + self.send_bcsq(_dst_id,_stream_id) + self._laststrid.append(_stream_id) + return + if not acl_check(_dst_id, self._config['TG1_ACL']): + if _stream_id not in self._laststrid: + logger.info('(%s) CALL DROPPED WITH STREAM ID %s ON TGID %s BY SYSTEM ACL', self._system, int_id(_stream_id), int_id(_dst_id)) + self.send_bcsq(_dst_id,_stream_id) + self._laststrid.append(_stream_id) + return + - if _stream_id not in self._laststrid: - self.send_bcsq(_dst_id,_stream_id) - self._laststrid.append(_stream_id) - return + + #Remove timestamp from data. For now dmrd_received does not expect it + #Leaving it in screws up the AMBE data + #_data = b''.join([_data[:5],_data[12:]]) + _data = b''.join([DMRD,_data[4:]]) + + _hops = _inthops.to_bytes(1,'big') + # Userland actions -- typically this is the function you subclass for an application + self.dmrd_received(_peer_id, _rf_src, _dst_id, _seq, _slot, _call_type, _frame_type, _dtype_vseq, _stream_id, _data,_hash,_hops) + #Silently treat a DMRD packet like a keepalive - this is because it's traffic and the + #Other end may not have enabled ENAHNCED_OBP + self._config['_bcka'] = time() + else: + h,p = _sockaddr + logger.warning('(%s) FreeBridge HMAC failed, packet discarded - OPCODE: %s DATA: %s HMAC LENGTH: %s HMAC: %s SRC IP: %s SRC PORT: %s', self._system, _packet[:4], repr(_packet[:61]), len(_packet[61:]), repr(_packet[61:]),h,p) +>>>>>>> parent of fd8bcf6 (end-of-life protocols 2 and 3) if self._config['ENHANCED_OBP']: if _packet[:2] == BC: # Bridge Control packet (Extended OBP)