From 03c938a782956b41832a8d5b5b8f62abfb001306 Mon Sep 17 00:00:00 2001 From: Simon Date: Tue, 7 Jun 2016 15:33:17 +0100 Subject: [PATCH 01/19] Added whitelist and blacklist config --- Conf.cpp | 48 +++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 47 insertions(+), 1 deletion(-) diff --git a/Conf.cpp b/Conf.cpp index fbfd21765..ae966a8cb 100644 --- a/Conf.cpp +++ b/Conf.cpp @@ -308,6 +308,38 @@ bool CConf::read() m_dmrBlackList.push_back(id); p = ::strtok(NULL, ",\r\n"); } + } else if (::strcmp(key, "DstIdBlackListSlot1") == 0) { + char* p = ::strtok(value, ",\r\n"); + while (p != NULL) { + unsigned int id = (unsigned int)::atoi(p); + if (id > 0U) + m_dmrDstIdBlacklistSlot1.push_back(id); + p = ::strtok(NULL, ",\r\n"); + } + } else if (::strcmp(key, "DstIdBlackListSlot2") == 0) { + char* p = ::strtok(value, ",\r\n"); + while (p != NULL) { + unsigned int id = (unsigned int)::atoi(p); + if (id > 0U) + m_dmrDstIdBlacklistSlot2.push_back(id); + p = ::strtok(NULL, ",\r\n"); + } + } else if (::strcmp(key, "DstIdWhiteListSlot1") == 0) { + char* p = ::strtok(value, ",\r\n"); + while (p != NULL) { + unsigned int id = (unsigned int)::atoi(p); + if (id > 0U) + m_dmrDstIdWhitelistSlot1.push_back(id); + p = ::strtok(NULL, ",\r\n"); + } + } else if (::strcmp(key, "DstIdWhiteListSlot2") == 0) { + char* p = ::strtok(value, ",\r\n"); + while (p != NULL) { + unsigned int id = (unsigned int)::atoi(p); + if (id > 0U) + m_dmrDstIdWhitelistSlot2.push_back(id); + p = ::strtok(NULL, ",\r\n"); + } } else if (::strcmp(key, "LookupFile") == 0) m_dmrLookupFile = value; else if (::strcmp(key, "TXHang") == 0) @@ -608,7 +640,21 @@ std::vector CConf::getDMRBlackList() const { return m_dmrBlackList; } - +std::vector CConf::getDMRDstIdBlacklistSlot1() const +{ + return m_dmrDstIdBlacklistSlot1; +} +std::vector CConf::getDMRDstIdBlacklistSlot2() const +{ + return m_dmrDstIdBlacklistSlot2; +} +std::vector CConf::getDMRDstIdWhitelistSlot1() const +{ + return m_dmrDstIdWhitelistSlot1; +}std::vector CConf::getDMRDstIdWhitelistSlot2() const +{ + return m_dmrDstIdWhitelistSlot2; +} std::string CConf::getDMRLookupFile() const { return m_dmrLookupFile; From daafbf6d8f9f11a7bd48141f0f27cec751acf4a7 Mon Sep 17 00:00:00 2001 From: Simon Date: Tue, 7 Jun 2016 15:33:41 +0100 Subject: [PATCH 02/19] Addedd whitelist and blacklist config --- Conf.h | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/Conf.h b/Conf.h index 3ee3a3ed8..39b5d9313 100644 --- a/Conf.h +++ b/Conf.h @@ -85,6 +85,10 @@ class CConf bool getDMRSelfOnly() const; std::vector getDMRPrefixes() const; std::vector getDMRBlackList() const; + std::vector getDMRDstIdBlacklistSlot1() const; + std::vector getDMRDstIdBlacklistSlot2() const; + std::vector getDMRDstIdWhitelistSlot1() const; + std::vector getDMRDstIdWhitelistSlot2() const; std::string getDMRLookupFile() const; unsigned int getDMRTXHang() const; @@ -186,6 +190,10 @@ class CConf bool m_dmrSelfOnly; std::vector m_dmrPrefixes; std::vector m_dmrBlackList; + std::vector m_dmrDstIdBlacklistSlot1; + std::vector m_dmrDstIdBlacklistSlot2; + std::vector m_dmrDstIdWhitelistSlot1; + std::vector m_dmrDstIdWhitelistSlot2; std::string m_dmrLookupFile; unsigned int m_dmrTXHang; From ff4bd9f82ef29c0ecce437b06fb2dc507a9de3b5 Mon Sep 17 00:00:00 2001 From: Simon Date: Tue, 7 Jun 2016 15:34:16 +0100 Subject: [PATCH 03/19] Added blacklist and whitelist for TGs --- DMRControl.cpp | 4 +-- DMRControl.h | 2 +- DMRSlot.cpp | 69 +++++++++++++++++++++++++++++++++++++++++++++++--- DMRSlot.h | 9 ++++++- MMDVMHost.cpp | 6 ++++- 5 files changed, 82 insertions(+), 8 deletions(-) diff --git a/DMRControl.cpp b/DMRControl.cpp index f35f7c93f..d576bc825 100644 --- a/DMRControl.cpp +++ b/DMRControl.cpp @@ -20,7 +20,7 @@ #include #include -CDMRControl::CDMRControl(unsigned int id, unsigned int colorCode, bool selfOnly, const std::vector& prefixes, const std::vector& blackList, unsigned int timeout, CModem* modem, CDMRIPSC* network, CDisplay* display, bool duplex, const std::string& lookupFile) : +CDMRControl::CDMRControl(unsigned int id, unsigned int colorCode, bool selfOnly, const std::vector& prefixes, const std::vector& blackList, const std::vector& DstIdBlacklistSlot1, const std::vector& DstIdWhitelistSlot1, const std::vector& DstIdBlacklistSlot2, const std::vector& DstIdWhitelistSlot2, unsigned int timeout, CModem* modem, CDMRIPSC* network, CDisplay* display, bool duplex, const std::string& lookupFile) : m_id(id), m_colorCode(colorCode), m_selfOnly(selfOnly), @@ -38,7 +38,7 @@ m_lookup(NULL) m_lookup = new CDMRLookup(lookupFile); m_lookup->read(); - CDMRSlot::init(id, colorCode, selfOnly, prefixes, blackList, modem, network, display, duplex, m_lookup); + CDMRSlot::init(id, colorCode, selfOnly, prefixes, blackList, DstIdBlacklistSlot1, DstIdWhitelistSlot1, DstIdBlacklistSlot2, DstIdWhitelistSlot2, modem, network, display, duplex, m_lookup); } CDMRControl::~CDMRControl() diff --git a/DMRControl.h b/DMRControl.h index 559856442..c011048ab 100644 --- a/DMRControl.h +++ b/DMRControl.h @@ -30,7 +30,7 @@ class CDMRControl { public: - CDMRControl(unsigned int id, unsigned int colorCode, bool selfOnly, const std::vector& prefixes, const std::vector& blackList, unsigned int timeout, CModem* modem, CDMRIPSC* network, CDisplay* display, bool duplex, const std::string& lookupFile); + CDMRControl(unsigned int id, unsigned int colorCode, bool selfOnly, const std::vector& prefixes, const std::vector& blackList, const std::vector& DstIdBlacklistSlot1, const std::vector& DstIdWhitelistSlot1, const std::vector& DstIdBlacklistSlot2, const std::vector& DstIdWhitelistSlot2, unsigned int timeout, CModem* modem, CDMRIPSC* network, CDisplay* display, bool duplex, const std::string& lookupFile); ~CDMRControl(); bool processWakeup(const unsigned char* data); diff --git a/DMRSlot.cpp b/DMRSlot.cpp index 28e6d76f6..5295c9ec1 100644 --- a/DMRSlot.cpp +++ b/DMRSlot.cpp @@ -31,6 +31,11 @@ unsigned int CDMRSlot::m_colorCode = 0U; bool CDMRSlot::m_selfOnly = false; std::vector CDMRSlot::m_prefixes; std::vector CDMRSlot::m_blackList; +std::vector CDMRSlot::m_dstBlackListSlot1; +std::vector CDMRSlot::m_dstWhiteListSlot1; +std::vector CDMRSlot::m_dstBlackListSlot2; +std::vector CDMRSlot::m_dstWhiteListSlot2; + CModem* CDMRSlot::m_modem = NULL; CDMRIPSC* CDMRSlot::m_network = NULL; CDisplay* CDMRSlot::m_display = NULL; @@ -131,12 +136,31 @@ void CDMRSlot::writeModem(unsigned char *data) if (lc == NULL) return; - unsigned int id = lc->getSrcId(); + unsigned int id; + unsigned int did; + id = lc->getSrcId(); if (!validateId(id)) { - LogMessage("DMR Slot %u, invalid access attempt from %u", m_slotNo, id); + LogMessage("DMR Slot %u, invalid access attempt from %u (blacklisted)", m_slotNo, id); delete lc; return; } + // add check for valid dst id (e.g. TG) + //AKA - the BlockTheNet modification ;-) + // - G7RZU + did = lc->getDstId(); + if (!DstIdBlacklist(did,m_slotNo)) { + LogMessage("DMR Slot %u, invalid access attempt to %u (blacklisted)", m_slotNo, did); + delete lc; + return; + } + did = lc->getDstId(); + // true sets allow greater than 4k. Need to add boolean in conf for this later. + if (!DstIdWhitelist(did,m_slotNo,true)) { + LogMessage("DMR Slot %u, invalid access attempt to %u (not in whitelist)", m_slotNo, did); + delete lc; + return; + } + m_rfLC = lc; @@ -1263,7 +1287,7 @@ void CDMRSlot::writeQueueNet(const unsigned char *data) m_queue.addData(data, len); } -void CDMRSlot::init(unsigned int id, unsigned int colorCode, bool selfOnly, const std::vector& prefixes, const std::vector& blackList, CModem* modem, CDMRIPSC* network, CDisplay* display, bool duplex, CDMRLookup* lookup) +void CDMRSlot::init(unsigned int id, unsigned int colorCode, bool selfOnly, const std::vector& prefixes, const std::vector& blackList, const std::vector& DstIdBlacklistSlot1, const std::vector& DstIdWhitelistSlot1, const std::vector& DstIdBlacklistSlot2, const std::vector& DstIdWhitelistSlot2, CModem* modem, CDMRIPSC* network, CDisplay* display, bool duplex, CDMRLookup* lookup) { assert(id != 0U); assert(modem != NULL); @@ -1275,6 +1299,10 @@ void CDMRSlot::init(unsigned int id, unsigned int colorCode, bool selfOnly, cons m_selfOnly = selfOnly; m_prefixes = prefixes; m_blackList = blackList; + m_dstBlackListSlot1 = DstIdBlacklistSlot1; + m_dstWhiteListSlot1 = DstIdWhitelistSlot1; + m_dstBlackListSlot2 = DstIdBlacklistSlot2; + m_dstWhiteListSlot2 = DstIdWhitelistSlot2; m_modem = modem; m_network = network; m_display = display; @@ -1311,6 +1339,41 @@ bool CDMRSlot::validateId(unsigned int id) } } +//is dst id blacklisted? +bool CDMRSlot::DstIdBlacklist(unsigned int did, unsigned int slot) +{ + if (slot == 1) { + if (std::find(m_dstBlackListSlot1.begin(), m_dstBlackListSlot1.end(), did) != m_dstBlackListSlot1.end()) + return false; + } else { + if (std::find(m_dstBlackListSlot2.begin(), m_dstBlackListSlot2.end(), did) != m_dstBlackListSlot2.end()) + return false; + } +} + +//is dst id whitelisted or, if ID is greater than or equal to 4000 +bool CDMRSlot::DstIdWhitelist(unsigned int did, unsigned int slot, bool gt4k) +{ + if (slot == 1) { + if(gt4k) { + if (std::find(m_dstWhiteListSlot1.begin(), m_dstWhiteListSlot1.end(), did) != m_dstWhiteListSlot1.end() || did >= 4000) + return true; + } else { + if (std::find(m_dstWhiteListSlot1.begin(), m_dstWhiteListSlot1.end(), did) != m_dstWhiteListSlot1.end()) + return true; + } + } else { + if(gt4k) { + if (std::find(m_dstWhiteListSlot2.begin(), m_dstWhiteListSlot2.end(), did) != m_dstWhiteListSlot2.end() || did >= 4000) + return true; + } else { + if (std::find(m_dstWhiteListSlot2.begin(), m_dstWhiteListSlot2.end(), did) != m_dstWhiteListSlot2.end()) + return true; + } + } +} + + void CDMRSlot::setShortLC(unsigned int slotNo, unsigned int id, FLCO flco, bool voice) { assert(m_modem != NULL); diff --git a/DMRSlot.h b/DMRSlot.h index ae368b5e2..96fb3bf0b 100644 --- a/DMRSlot.h +++ b/DMRSlot.h @@ -50,7 +50,7 @@ class CDMRSlot { void clock(); - static void init(unsigned int id, unsigned int colorCode, bool selfOnly, const std::vector& prefixes, const std::vector& blackList, CModem* modem, CDMRIPSC* network, CDisplay* display, bool duplex, CDMRLookup* lookup); + static void init(unsigned int id, unsigned int colorCode, bool selfOnly, const std::vector& prefixes, const std::vector& blackList, const std::vector& DstIdBlacklistSlot1, const std::vector& DstIdWhitelistSlot1, const std::vector& DstIdBlacklistSlot2, const std::vector& DstIdWhitelistSlot2, CModem* modem, CDMRIPSC* network, CDisplay* display, bool duplex, CDMRLookup* lookup); private: unsigned int m_slotNo; @@ -90,6 +90,11 @@ class CDMRSlot { static bool m_selfOnly; static std::vector m_prefixes; static std::vector m_blackList; + static std::vector m_dstBlackListSlot1; + static std::vector m_dstBlackListSlot2; + static std::vector m_dstWhiteListSlot1; + static std::vector m_dstWhiteListSlot2; + static CModem* m_modem; static CDMRIPSC* m_network; static CDisplay* m_display; @@ -125,6 +130,8 @@ class CDMRSlot { static void setShortLC(unsigned int slotNo, unsigned int id, FLCO flco = FLCO_GROUP, bool voice = true); static bool validateId(unsigned int id); + static bool DstIdBlacklist(unsigned int did,unsigned int slot); + static bool DstIdWhitelist(unsigned int did,unsigned int slot,bool gt4k); }; #endif diff --git a/MMDVMHost.cpp b/MMDVMHost.cpp index 514605b2c..328079a09 100644 --- a/MMDVMHost.cpp +++ b/MMDVMHost.cpp @@ -288,6 +288,10 @@ int CMMDVMHost::run() bool selfOnly = m_conf.getDMRSelfOnly(); std::vector prefixes = m_conf.getDMRPrefixes(); std::vector blackList = m_conf.getDMRBlackList(); + std::vector dstIDBlackListSlot1 = m_conf.getDMRDstIdBlacklistSlot1(); + std::vector dstIDBlackListSlot2 = m_conf.getDMRDstIdBlacklistSlot2(); + std::vector dstIDWhiteListSlot1 = m_conf.getDMRDstIdWhitelistSlot1(); + std::vector dstIDWhiteListSlot2 = m_conf.getDMRDstIdWhitelistSlot2(); unsigned int timeout = m_conf.getTimeout(); std::string lookupFile = m_conf.getDMRLookupFile(); unsigned int txHang = m_conf.getDMRTXHang(); @@ -303,7 +307,7 @@ int CMMDVMHost::run() LogInfo(" Lookup File: %s", lookupFile.length() > 0U ? lookupFile.c_str() : "None"); LogInfo(" TX Hang: %us", txHang); - dmr = new CDMRControl(id, colorCode, selfOnly, prefixes, blackList, timeout, m_modem, m_dmrNetwork, m_display, m_duplex, lookupFile); + dmr = new CDMRControl(id, colorCode, selfOnly, prefixes, blackList,dstIDBlackListSlot1,dstIDWhiteListSlot1, dstIDBlackListSlot2, dstIDWhiteListSlot2, timeout, m_modem, m_dmrNetwork, m_display, m_duplex, lookupFile); m_dmrTXTimer.setTimeout(txHang); } From 2fc08f56d81d2650c7fcc4a26a13b3400877306b Mon Sep 17 00:00:00 2001 From: Simon Date: Tue, 7 Jun 2016 15:39:12 +0100 Subject: [PATCH 04/19] Added blacklist and whitelist options (commented out) --- MMDVM.ini | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/MMDVM.ini b/MMDVM.ini index a92d104c4..be94e2e1d 100644 --- a/MMDVM.ini +++ b/MMDVM.ini @@ -55,6 +55,12 @@ SelfOnly=0 # Prefixes=234,235 LookupFile=DMRIds.dat TXHang=4 +#Blacklist= +#DstIDBlackListSlot1= +#DstIDBlackListSlot2= +#DstIDWhiteListSlot1= +#DstIDWhiteListSlot2= + [System Fusion] Enable=1 From 8f7aac365c9d14361609282004daaba0eb50cea5 Mon Sep 17 00:00:00 2001 From: Simon Date: Tue, 7 Jun 2016 15:43:02 +0100 Subject: [PATCH 05/19] fixed end of non-void --- DMRSlot.cpp | 2 ++ 1 file changed, 2 insertions(+) diff --git a/DMRSlot.cpp b/DMRSlot.cpp index e137bd8c4..0727f4d28 100644 --- a/DMRSlot.cpp +++ b/DMRSlot.cpp @@ -1341,6 +1341,7 @@ bool CDMRSlot::DstIdBlacklist(unsigned int did, unsigned int slot) if (std::find(m_dstBlackListSlot2.begin(), m_dstBlackListSlot2.end(), did) != m_dstBlackListSlot2.end()) return false; } + return true; } //is dst id whitelisted or, if ID is greater than or equal to 4000 @@ -1363,6 +1364,7 @@ bool CDMRSlot::DstIdWhitelist(unsigned int did, unsigned int slot, bool gt4k) return true; } } + return false; } From 3e3bb2ce4b8fcdc4be4cd84130caa246c38d5bf6 Mon Sep 17 00:00:00 2001 From: Simon Date: Tue, 7 Jun 2016 18:05:13 +0100 Subject: [PATCH 06/19] Fixed blacklist/whitelist logic --- DMRSlot.cpp | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/DMRSlot.cpp b/DMRSlot.cpp index 0727f4d28..0536e38be 100644 --- a/DMRSlot.cpp +++ b/DMRSlot.cpp @@ -148,7 +148,7 @@ void CDMRSlot::writeModem(unsigned char *data) //AKA - the BlockTheNet modification ;-) // - G7RZU did = lc->getDstId(); - if (!DstIdBlacklist(did,m_slotNo)) { + if (DstIdBlacklist(did,m_slotNo)) { LogMessage("DMR Slot %u, invalid access attempt to %u (blacklisted)", m_slotNo, did); delete lc; return; @@ -1336,12 +1336,12 @@ bool CDMRSlot::DstIdBlacklist(unsigned int did, unsigned int slot) { if (slot == 1) { if (std::find(m_dstBlackListSlot1.begin(), m_dstBlackListSlot1.end(), did) != m_dstBlackListSlot1.end()) - return false; + return true; } else { if (std::find(m_dstBlackListSlot2.begin(), m_dstBlackListSlot2.end(), did) != m_dstBlackListSlot2.end()) - return false; + return true; } - return true; + return false; } //is dst id whitelisted or, if ID is greater than or equal to 4000 @@ -1356,7 +1356,7 @@ bool CDMRSlot::DstIdWhitelist(unsigned int did, unsigned int slot, bool gt4k) return true; } } else { - if(gt4k) { + if(gt4k) { if (std::find(m_dstWhiteListSlot2.begin(), m_dstWhiteListSlot2.end(), did) != m_dstWhiteListSlot2.end() || did >= 4000) return true; } else { From 34f6e7a2025010f698037ff8653aa1eecb07c696 Mon Sep 17 00:00:00 2001 From: Simon Date: Tue, 7 Jun 2016 18:09:57 +0100 Subject: [PATCH 07/19] Logging at blacklist and whitelist initiation --- MMDVMHost.cpp | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/MMDVMHost.cpp b/MMDVMHost.cpp index fec92a972..3d5276444 100644 --- a/MMDVMHost.cpp +++ b/MMDVMHost.cpp @@ -303,8 +303,18 @@ int CMMDVMHost::run() LogInfo(" Color Code: %u", colorCode); LogInfo(" Self Only: %s", selfOnly ? "yes" : "no"); LogInfo(" Prefixes: %u", prefixes.size()); + if (blackList.size() > 0U) LogInfo(" Black List: %u", blackList.size()); + if (dstIDBlackListSlot1.size() > 0U) + LogInfo(" Slot 1 Destination ID Black List: %u", dstIDBlackListSlot1.size()); + if (dstIDBlackListSlot2.size() > 0U) + LogInfo(" Slot 2 Destination ID Black List: %u", dstIDBlackListSlot2.size()); + if (dstIDWhiteListSlot1.size() > 0U) + LogInfo(" Slot 1 Destination ID White List: %u", dstIDWhiteListSlot1.size()); + if (dstIDWhiteListSlot2.size() > 0U) + LogInfo(" Slot 1 Destination ID Black List: %u", dstIDWhiteListSlot2.size()); + LogInfo(" Timeout: %us", timeout); LogInfo(" Lookup File: %s", lookupFile.length() > 0U ? lookupFile.c_str() : "None"); LogInfo(" TX Hang: %us", txHang); From fcc3902e8fa7413f919965ef535beedca12a43a9 Mon Sep 17 00:00:00 2001 From: Simon Date: Tue, 7 Jun 2016 19:09:00 +0100 Subject: [PATCH 08/19] Blacklist/whitelist stuff --- Conf.cpp | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/Conf.cpp b/Conf.cpp index f293550ff..c39e094d3 100644 --- a/Conf.cpp +++ b/Conf.cpp @@ -90,6 +90,10 @@ m_dmrColorCode(2U), m_dmrSelfOnly(false), m_dmrPrefixes(), m_dmrBlackList(), +m_dmrDstIdBlacklistSlot1(), +m_dmrDstIdBlacklistSlot2(), +m_dmrDstIdWhitelistSlot1(), +m_dmrDstIdWhitelistSlot2(), m_dmrLookupFile(), m_dmrTXHang(4U), m_fusionEnabled(true), From 811d8e6c308b9c5823d161e96f27cc392d10c52f Mon Sep 17 00:00:00 2001 From: Simon Date: Thu, 9 Jun 2016 19:33:00 +0100 Subject: [PATCH 09/19] Blacklist and whitelist traffic from network --- DMRSlot.cpp | 165 +++++++++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 152 insertions(+), 13 deletions(-) diff --git a/DMRSlot.cpp b/DMRSlot.cpp index 0536e38be..9ff2e1f0d 100644 --- a/DMRSlot.cpp +++ b/DMRSlot.cpp @@ -149,14 +149,14 @@ void CDMRSlot::writeModem(unsigned char *data) // - G7RZU did = lc->getDstId(); if (DstIdBlacklist(did,m_slotNo)) { - LogMessage("DMR Slot %u, invalid access attempt to %u (blacklisted)", m_slotNo, did); + LogMessage("DMR Slot %u, invalid access attempt to TG %u (TG blacklisted)", m_slotNo, did); delete lc; return; } did = lc->getDstId(); // true sets allow greater than 4k. Need to add boolean in conf for this later. if (!DstIdWhitelist(did,m_slotNo,true)) { - LogMessage("DMR Slot %u, invalid access attempt to %u (not in whitelist)", m_slotNo, did); + LogMessage("DMR Slot %u, invalid access attempt to TG %u (TG not in whitelist)", m_slotNo, did); delete lc; return; } @@ -275,6 +275,18 @@ void CDMRSlot::writeModem(unsigned char *data) LogMessage("DMR Slot %u, invalid access attempt from %u", m_slotNo, srcId); return; } + // add check for valid dst id (e.g. TG) + //AKA - the BlockTheNet modification ;-) + // - G7RZU + if (DstIdBlacklist(dstId,m_slotNo)) { + LogMessage("DMR Slot %u, invalid access attempt to TG %u (TG blacklisted)", m_slotNo, dstId); + return; + } + // true sets allow greater than 4k. Need to add boolean in conf for this later. + if (!DstIdWhitelist(dstId,m_slotNo,true)) { + LogMessage("DMR Slot %u, invalid access attempt to TG %u (TG not in whitelist)", m_slotNo, dstId); + return; + } m_rfFrames = dataHeader.getBlocks(); @@ -333,6 +345,18 @@ void CDMRSlot::writeModem(unsigned char *data) LogMessage("DMR Slot %u, invalid access attempt from %u", m_slotNo, srcId); return; } + // add check for valid dst id (e.g. TG) + //AKA - the BlockTheNet modification ;-) + // - G7RZU + if (DstIdBlacklist(dstId,m_slotNo)) { + LogMessage("DMR Slot %u, invalid access attempt to TG %u (TG blacklisted)", m_slotNo, dstId); + return; + } + // true sets allow greater than 4k. Need to add boolean in conf for this later. + if (!DstIdWhitelist(dstId,m_slotNo,true)) { + LogMessage("DMR Slot %u, invalid access attempt to TG %u (TG not in whitelist)", m_slotNo, dstId); + return; + } // Regenerate the CSBK data csbk.get(data + 2U); @@ -482,6 +506,23 @@ void CDMRSlot::writeModem(unsigned char *data) delete lc; return; } + // add check for valid dst id (e.g. TG) + //AKA - the BlockTheNet modification ;-) + // - G7RZU + unsigned int did; + did = lc->getDstId(); + if (DstIdBlacklist(did,m_slotNo)) { + LogMessage("DMR Slot %u, invalid access attempt to TG %u (TG blacklisted)", m_slotNo, did); + delete lc; + return; + } + did = lc->getDstId(); + // true sets allow greater than 4k. Need to add boolean in conf for this later. + if (!DstIdWhitelist(did,m_slotNo,true)) { + LogMessage("DMR Slot %u, invalid access attempt to TG %u (TG not in whitelist)", m_slotNo, did); + delete lc; + return; + } m_rfLC = lc; @@ -725,7 +766,7 @@ void CDMRSlot::writeEndNet(bool writeEnd) #endif } -void CDMRSlot::writeNetwork(const CDMRData& dmrData) +void CDMRSlot::writeNetwork (const CDMRData& dmrData) { if (m_rfState != RS_RF_LISTENING && m_netState == RS_NET_IDLE) return; @@ -748,12 +789,28 @@ void CDMRSlot::writeNetwork(const CDMRData& dmrData) return; } + // add check for valid dst id (e.g. TG) + //AKA - the BlockTheNet modification ;-) + // - G7RZU + unsigned int did; + did = m_netLC->getDstId(); + if (DstIdBlacklist(did,m_slotNo)) { + LogMessage("DMR Network Slot %u, invalid traffic to TG %u (TG blacklisted)", m_slotNo, did); + return; + } + // true sets allow greater than 4k. Need to add boolean in conf for this later. + if (!DstIdWhitelist(did,m_slotNo,true)) { + LogMessage("DMR Network Slot %u, invalid traffic to TG %u (TG not in whitelist)", m_slotNo, did); + return; + } + // Store the LC for the embedded LC m_netEmbeddedLC.setData(*m_netLC); // Regenerate the LC data fullLC.encode(*m_netLC, data + 2U, DT_VOICE_LC_HEADER); - + + // Regenerate the Slot Type CDMRSlotType slotType; slotType.setColorCode(m_colorCode); @@ -774,6 +831,7 @@ void CDMRSlot::writeNetwork(const CDMRData& dmrData) m_netBits = 1U; m_netErrs = 0U; + writeQueueNet(m_idle); writeQueueNet(m_idle); writeQueueNet(m_idle); @@ -818,7 +876,22 @@ void CDMRSlot::writeNetwork(const CDMRData& dmrData) data[0U] = TAG_DATA; data[1U] = 0x00U; - + + // add check for valid dst id (e.g. TG) + //AKA - the BlockTheNet modification ;-) + // - G7RZU + unsigned int did; + did = m_netLC->getDstId(); + if (DstIdBlacklist(did,m_slotNo)) { + LogMessage("DMR Network Slot %u, invalid traffic to TG %u (TG blacklisted)", m_slotNo, did); + return; + } + // true sets allow greater than 4k. Need to add boolean in conf for this later. + if (!DstIdWhitelist(did,m_slotNo,true)) { + LogMessage("DMR Network Slot %u, invalid traffic to TG %u (TG not in whitelist)", m_slotNo, did); + return; + } + writeQueueNet(data); #if defined(DUMP_DMR) @@ -831,7 +904,20 @@ void CDMRSlot::writeNetwork(const CDMRData& dmrData) // Regenerate the LC data CDMRFullLC fullLC; fullLC.encode(*m_netLC, data + 2U, DT_TERMINATOR_WITH_LC); - + // add check for valid dst id (e.g. TG) + //AKA - the BlockTheNet modification ;-) + // - G7RZU + unsigned int did; + did = m_netLC->getDstId(); + if (DstIdBlacklist(did,m_slotNo)) { + LogMessage("DMR Network Slot %u, invalid traffic to TG %u (TG blacklisted)", m_slotNo, did); + return; + } + // true sets allow greater than 4k. Need to add boolean in conf for this later. + if (!DstIdWhitelist(did,m_slotNo,true)) { + LogMessage("DMR Network Slot %u, invalid traffic to TG %u (TG not in whitelist)", m_slotNo, did); + return; + } // Regenerate the Slot Type CDMRSlotType slotType; slotType.setColorCode(m_colorCode); @@ -843,7 +929,7 @@ void CDMRSlot::writeNetwork(const CDMRData& dmrData) data[0U] = TAG_EOT; data[1U] = 0x00U; - + writeQueueNet(data); writeQueueNet(data); writeQueueNet(data); @@ -878,7 +964,20 @@ void CDMRSlot::writeNetwork(const CDMRData& dmrData) unsigned int dstId = dataHeader.getDstId(); m_netLC = new CDMRLC(gi ? FLCO_GROUP : FLCO_USER_USER, srcId, dstId); - + // add check for valid dst id (e.g. TG) + //AKA - the BlockTheNet modification ;-) + // - G7RZU + unsigned int did; + did = m_netLC->getDstId(); + if (DstIdBlacklist(did,m_slotNo)) { + LogMessage("DMR Network Slot %u, invalid traffic to TG %u (TG blacklisted)", m_slotNo, did); + return; + } + // true sets allow greater than 4k. Need to add boolean in conf for this later. + if (!DstIdWhitelist(did,m_slotNo,true)) { + LogMessage("DMR Network Slot %u, invalid traffic to TG %u (TG not in whitelist)", m_slotNo, did); + return; + } // Regenerate the data header dataHeader.get(data + 2U); @@ -897,7 +996,7 @@ void CDMRSlot::writeNetwork(const CDMRData& dmrData) // Put a small delay into starting transmission writeQueueNet(m_idle); writeQueueNet(m_idle); - + writeQueueNet(data); m_netState = RS_NET_DATA; @@ -916,7 +1015,21 @@ void CDMRSlot::writeNetwork(const CDMRData& dmrData) } else if (dataType == DT_VOICE_SYNC) { if (m_netState == RS_NET_IDLE) { m_netLC = new CDMRLC(dmrData.getFLCO(), dmrData.getSrcId(), dmrData.getDstId()); - + // add check for valid dst id (e.g. TG) + //AKA - the BlockTheNet modification ;-) + // - G7RZU + unsigned int did; + did = m_netLC->getDstId(); + if (DstIdBlacklist(did,m_slotNo)) { + LogMessage("DMR Network Slot %u, invalid traffic to TG %u (TG blacklisted)", m_slotNo, did); + return; + } + // true sets allow greater than 4k. Need to add boolean in conf for this later. + if (!DstIdWhitelist(did,m_slotNo,true)) { + LogMessage("DMR Network Slot %u, invalid traffic to TG %u (TG not in whitelist)", m_slotNo, did); + return; + } + m_netTimeoutTimer.start(); writeQueueNet(m_idle); @@ -955,7 +1068,7 @@ void CDMRSlot::writeNetwork(const CDMRData& dmrData) m_netState = RS_NET_AUDIO; setShortLC(m_slotNo, m_netLC->getDstId(), m_netLC->getFLCO(), true); - + std::string src = m_lookup->find(m_netLC->getSrcId()); std::string dst = m_lookup->find(m_netLC->getDstId()); @@ -1004,7 +1117,20 @@ void CDMRSlot::writeNetwork(const CDMRData& dmrData) } else if (dataType == DT_VOICE) { if (m_netState != RS_NET_AUDIO) return; - + // add check for valid dst id (e.g. TG) + //AKA - the BlockTheNet modification ;-) + // - G7RZU + unsigned int did; + did = m_netLC->getDstId(); + if (DstIdBlacklist(did,m_slotNo)) { + LogMessage("DMR Network Slot %u, invalid traffic to TG %u (TG blacklisted)", m_slotNo, did); + return; + } + // true sets allow greater than 4k. Need to add boolean in conf for this later. + if (!DstIdWhitelist(did,m_slotNo,true)) { + LogMessage("DMR Network Slot %u, invalid traffic to TG %u (TG not in whitelist)", m_slotNo, did); + return; + } unsigned char fid = m_netLC->getFID(); if (fid == FID_ETSI || fid == FID_DMRA) m_netErrs += m_fec.regenerateDMR(data + 2U); @@ -1061,7 +1187,20 @@ void CDMRSlot::writeNetwork(const CDMRData& dmrData) bool gi = csbk.getGI(); unsigned int srcId = csbk.getSrcId(); unsigned int dstId = csbk.getDstId(); - + // add check for valid dst id (e.g. TG) + //AKA - the BlockTheNet modification ;-) + // - G7RZU + unsigned int did; + did = dstId; + if (DstIdBlacklist(did,m_slotNo)) { + LogMessage("DMR Network Slot %u, invalid traffic to TG %u (TG blacklisted)", m_slotNo, did); + return; + } + // true sets allow greater than 4k. Need to add boolean in conf for this later. + if (!DstIdWhitelist(did,m_slotNo,true)) { + LogMessage("DMR Network Slot %u, invalid traffic to TG %u (TG not in whitelist)", m_slotNo, did); + return; + } // Regenerate the CSBK data csbk.get(data + 2U); From 06a99a4d9345579ab8aade295e15908e16d25ed8 Mon Sep 17 00:00:00 2001 From: Simon Date: Thu, 9 Jun 2016 22:10:04 +0100 Subject: [PATCH 10/19] blacklist --- DMRSlot.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/DMRSlot.cpp b/DMRSlot.cpp index 9ff2e1f0d..a00f67677 100644 --- a/DMRSlot.cpp +++ b/DMRSlot.cpp @@ -765,7 +765,7 @@ void CDMRSlot::writeEndNet(bool writeEnd) closeFile(); #endif } - +//add void CDMRSlot::writeNetwork (const CDMRData& dmrData) { if (m_rfState != RS_RF_LISTENING && m_netState == RS_NET_IDLE) From c4384bffe19792339b8a7a9106c1c4e705ec7c4e Mon Sep 17 00:00:00 2001 From: Simon Date: Thu, 9 Jun 2016 22:13:55 +0100 Subject: [PATCH 11/19] fixed typo in blacklist/whitelist logging --- MMDVMHost.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/MMDVMHost.cpp b/MMDVMHost.cpp index 3d5276444..6cd6a5c0d 100644 --- a/MMDVMHost.cpp +++ b/MMDVMHost.cpp @@ -313,7 +313,7 @@ int CMMDVMHost::run() if (dstIDWhiteListSlot1.size() > 0U) LogInfo(" Slot 1 Destination ID White List: %u", dstIDWhiteListSlot1.size()); if (dstIDWhiteListSlot2.size() > 0U) - LogInfo(" Slot 1 Destination ID Black List: %u", dstIDWhiteListSlot2.size()); + LogInfo(" Slot 1 Destination ID White List: %u", dstIDWhiteListSlot2.size()); LogInfo(" Timeout: %us", timeout); LogInfo(" Lookup File: %s", lookupFile.length() > 0U ? lookupFile.c_str() : "None"); From 03280cd4e4d3aa5b31426e6be00873c8ea517c8d Mon Sep 17 00:00:00 2001 From: Simon Date: Thu, 9 Jun 2016 22:19:13 +0100 Subject: [PATCH 12/19] Improved acl logging (added dataType) --- DMRSlot.cpp | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/DMRSlot.cpp b/DMRSlot.cpp index a00f67677..76e2e066c 100644 --- a/DMRSlot.cpp +++ b/DMRSlot.cpp @@ -795,12 +795,12 @@ void CDMRSlot::writeNetwork (const CDMRData& dmrData) unsigned int did; did = m_netLC->getDstId(); if (DstIdBlacklist(did,m_slotNo)) { - LogMessage("DMR Network Slot %u, invalid traffic to TG %u (TG blacklisted)", m_slotNo, did); + LogMessage("DMR Network Slot %u, invalid traffic to TG %u (TG blacklisted) dataType: %s", m_slotNo, did,dataType); return; } // true sets allow greater than 4k. Need to add boolean in conf for this later. if (!DstIdWhitelist(did,m_slotNo,true)) { - LogMessage("DMR Network Slot %u, invalid traffic to TG %u (TG not in whitelist)", m_slotNo, did); + LogMessage("DMR Network Slot %u, invalid traffic to TG %u (TG not in whitelist) dataType: %s", m_slotNo, did,dataType); return; } @@ -883,12 +883,12 @@ void CDMRSlot::writeNetwork (const CDMRData& dmrData) unsigned int did; did = m_netLC->getDstId(); if (DstIdBlacklist(did,m_slotNo)) { - LogMessage("DMR Network Slot %u, invalid traffic to TG %u (TG blacklisted)", m_slotNo, did); + LogMessage("DMR Network Slot %u, invalid traffic to TG %u (TG blacklisted) dataType: %s", m_slotNo, did,dataType); return; } // true sets allow greater than 4k. Need to add boolean in conf for this later. if (!DstIdWhitelist(did,m_slotNo,true)) { - LogMessage("DMR Network Slot %u, invalid traffic to TG %u (TG not in whitelist)", m_slotNo, did); + LogMessage("DMR Network Slot %u, invalid traffic to TG %u (TG not in whitelist) dataType: %s", m_slotNo, did,dataType); return; } @@ -910,12 +910,12 @@ void CDMRSlot::writeNetwork (const CDMRData& dmrData) unsigned int did; did = m_netLC->getDstId(); if (DstIdBlacklist(did,m_slotNo)) { - LogMessage("DMR Network Slot %u, invalid traffic to TG %u (TG blacklisted)", m_slotNo, did); + LogMessage("DMR Network Slot %u, invalid traffic to TG %u (TG blacklisted) dataType: %s", m_slotNo, did,dataType); return; } // true sets allow greater than 4k. Need to add boolean in conf for this later. if (!DstIdWhitelist(did,m_slotNo,true)) { - LogMessage("DMR Network Slot %u, invalid traffic to TG %u (TG not in whitelist)", m_slotNo, did); + LogMessage("DMR Network Slot %u, invalid traffic to TG %u (TG not in whitelist) dataType: %s", m_slotNo, did,dataType); return; } // Regenerate the Slot Type @@ -970,12 +970,12 @@ void CDMRSlot::writeNetwork (const CDMRData& dmrData) unsigned int did; did = m_netLC->getDstId(); if (DstIdBlacklist(did,m_slotNo)) { - LogMessage("DMR Network Slot %u, invalid traffic to TG %u (TG blacklisted)", m_slotNo, did); + LogMessage("DMR Network Slot %u, invalid traffic to TG %u (TG blacklisted) dataType: %s", m_slotNo, did,dataType); return; } // true sets allow greater than 4k. Need to add boolean in conf for this later. if (!DstIdWhitelist(did,m_slotNo,true)) { - LogMessage("DMR Network Slot %u, invalid traffic to TG %u (TG not in whitelist)", m_slotNo, did); + LogMessage("DMR Network Slot %u, invalid traffic to TG %u (TG not in whitelist) dataType: %s", m_slotNo, did,dataType); return; } // Regenerate the data header @@ -1021,12 +1021,12 @@ void CDMRSlot::writeNetwork (const CDMRData& dmrData) unsigned int did; did = m_netLC->getDstId(); if (DstIdBlacklist(did,m_slotNo)) { - LogMessage("DMR Network Slot %u, invalid traffic to TG %u (TG blacklisted)", m_slotNo, did); + LogMessage("DMR Network Slot %u, invalid traffic to TG %u (TG blacklisted) dataType: %s", m_slotNo, did,dataType); return; } // true sets allow greater than 4k. Need to add boolean in conf for this later. if (!DstIdWhitelist(did,m_slotNo,true)) { - LogMessage("DMR Network Slot %u, invalid traffic to TG %u (TG not in whitelist)", m_slotNo, did); + LogMessage("DMR Network Slot %u, invalid traffic to TG %u (TG not in whitelist) dataType: %s", m_slotNo, did,dataType); return; } @@ -1123,12 +1123,12 @@ void CDMRSlot::writeNetwork (const CDMRData& dmrData) unsigned int did; did = m_netLC->getDstId(); if (DstIdBlacklist(did,m_slotNo)) { - LogMessage("DMR Network Slot %u, invalid traffic to TG %u (TG blacklisted)", m_slotNo, did); + LogMessage("DMR Network Slot %u, invalid traffic to TG %u (TG blacklisted) dataType: %s", m_slotNo, did,dataType); return; } // true sets allow greater than 4k. Need to add boolean in conf for this later. if (!DstIdWhitelist(did,m_slotNo,true)) { - LogMessage("DMR Network Slot %u, invalid traffic to TG %u (TG not in whitelist)", m_slotNo, did); + LogMessage("DMR Network Slot %u, invalid traffic to TG %u (TG not in whitelist) dataType: %s", m_slotNo, did,dataType); return; } unsigned char fid = m_netLC->getFID(); @@ -1193,12 +1193,12 @@ void CDMRSlot::writeNetwork (const CDMRData& dmrData) unsigned int did; did = dstId; if (DstIdBlacklist(did,m_slotNo)) { - LogMessage("DMR Network Slot %u, invalid traffic to TG %u (TG blacklisted)", m_slotNo, did); + LogMessage("DMR Network Slot %u, invalid traffic to TG %u (TG blacklisted) dataType: %s", m_slotNo, did,dataType); return; } // true sets allow greater than 4k. Need to add boolean in conf for this later. if (!DstIdWhitelist(did,m_slotNo,true)) { - LogMessage("DMR Network Slot %u, invalid traffic to TG %u (TG not in whitelist)", m_slotNo, did); + LogMessage("DMR Network Slot %u, invalid traffic to TG %u (TG not in whitelist) dataType: %s", m_slotNo, did,dataType); return; } // Regenerate the CSBK data From ced66b374c32a9d9a49001587ca4fe3bfdc2daf8 Mon Sep 17 00:00:00 2001 From: Simon Date: Thu, 9 Jun 2016 22:33:57 +0100 Subject: [PATCH 13/19] first draft of readme --- README.DMR_ACL | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 README.DMR_ACL diff --git a/README.DMR_ACL b/README.DMR_ACL new file mode 100644 index 000000000..90d906595 --- /dev/null +++ b/README.DMR_ACL @@ -0,0 +1,7 @@ +To use DMR Access Control you can add the following fields to your MMDVM.ini: + +Blacklist= +DstIdBlackListSlot1= +DstIdBlackListSlot2= +DstIdWhiteListSlot1=9 +DstIdWhiteListSlot2=9 \ No newline at end of file From 89836def2f01d7ce04d6a61c24e823226f3d8832 Mon Sep 17 00:00:00 2001 From: Simon Date: Fri, 10 Jun 2016 10:22:02 +0100 Subject: [PATCH 14/19] Added check for null whitelist --- DMRSlot.cpp | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/DMRSlot.cpp b/DMRSlot.cpp index 76e2e066c..0a5f4b161 100644 --- a/DMRSlot.cpp +++ b/DMRSlot.cpp @@ -1487,6 +1487,8 @@ bool CDMRSlot::DstIdBlacklist(unsigned int did, unsigned int slot) bool CDMRSlot::DstIdWhitelist(unsigned int did, unsigned int slot, bool gt4k) { if (slot == 1) { + if(m_dstWhiteListSlot1.size == 0) + return; if(gt4k) { if (std::find(m_dstWhiteListSlot1.begin(), m_dstWhiteListSlot1.end(), did) != m_dstWhiteListSlot1.end() || did >= 4000) return true; @@ -1495,6 +1497,8 @@ bool CDMRSlot::DstIdWhitelist(unsigned int did, unsigned int slot, bool gt4k) return true; } } else { + if(m_dstWhiteListSlot2.size == 0) + return; if(gt4k) { if (std::find(m_dstWhiteListSlot2.begin(), m_dstWhiteListSlot2.end(), did) != m_dstWhiteListSlot2.end() || did >= 4000) return true; From 352503b8238dae806ba1c5c9db6e1a20c1cb46ea Mon Sep 17 00:00:00 2001 From: Simon Date: Fri, 10 Jun 2016 10:30:54 +0100 Subject: [PATCH 15/19] Include secondary TGs in default block for TS1 TGs --- DMRSlot.cpp | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) diff --git a/DMRSlot.cpp b/DMRSlot.cpp index 0a5f4b161..3c5e43ea0 100644 --- a/DMRSlot.cpp +++ b/DMRSlot.cpp @@ -1483,15 +1483,18 @@ bool CDMRSlot::DstIdBlacklist(unsigned int did, unsigned int slot) return false; } -//is dst id whitelisted or, if ID is greater than or equal to 4000 bool CDMRSlot::DstIdWhitelist(unsigned int did, unsigned int slot, bool gt4k) { if (slot == 1) { if(m_dstWhiteListSlot1.size == 0) return; + // No reflectors on slot1, so we only allow all IDs over 10000 unless specifically whitelisted if(gt4k) { - if (std::find(m_dstWhiteListSlot1.begin(), m_dstWhiteListSlot1.end(), did) != m_dstWhiteListSlot1.end() || did >= 4000) + if (std::find(m_dstWhiteListSlot1.begin(), m_dstWhiteListSlot1.end(), did) != m_dstWhiteListSlot1.end() || did >= 10000) { + return true; + } + } else { if (std::find(m_dstWhiteListSlot1.begin(), m_dstWhiteListSlot1.end(), did) != m_dstWhiteListSlot1.end()) return true; @@ -1499,9 +1502,17 @@ bool CDMRSlot::DstIdWhitelist(unsigned int did, unsigned int slot, bool gt4k) } else { if(m_dstWhiteListSlot2.size == 0) return; + //On slot2 we allow reflector control IDs, but not secondary TG IDs unless specifically listed if(gt4k) { - if (std::find(m_dstWhiteListSlot2.begin(), m_dstWhiteListSlot2.end(), did) != m_dstWhiteListSlot2.end() || did >= 4000) - return true; + if (std::find(m_dstWhiteListSlot2.begin(), m_dstWhiteListSlot2.end(), did) != m_dstWhiteListSlot2.end() || did >= 4000) { + + //if dstId in secondary TG range + if(did > 5000 && did < 10000) + return false; + + return true; + } + } else { if (std::find(m_dstWhiteListSlot2.begin(), m_dstWhiteListSlot2.end(), did) != m_dstWhiteListSlot2.end()) return true; From cb9ec738e1724e4fc230b19c340fa26a76d47d1e Mon Sep 17 00:00:00 2001 From: Simon Date: Fri, 10 Jun 2016 10:42:04 +0100 Subject: [PATCH 16/19] Tided up logging text for acl --- DMRSlot.cpp | 8 ++++---- MMDVMHost.cpp | 8 ++++---- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/DMRSlot.cpp b/DMRSlot.cpp index 3c5e43ea0..0f44e9080 100644 --- a/DMRSlot.cpp +++ b/DMRSlot.cpp @@ -1486,8 +1486,8 @@ bool CDMRSlot::DstIdBlacklist(unsigned int did, unsigned int slot) bool CDMRSlot::DstIdWhitelist(unsigned int did, unsigned int slot, bool gt4k) { if (slot == 1) { - if(m_dstWhiteListSlot1.size == 0) - return; + if(m_dstWhiteListSlot1.size() == 0) + return true; // No reflectors on slot1, so we only allow all IDs over 10000 unless specifically whitelisted if(gt4k) { if (std::find(m_dstWhiteListSlot1.begin(), m_dstWhiteListSlot1.end(), did) != m_dstWhiteListSlot1.end() || did >= 10000) { @@ -1500,8 +1500,8 @@ bool CDMRSlot::DstIdWhitelist(unsigned int did, unsigned int slot, bool gt4k) return true; } } else { - if(m_dstWhiteListSlot2.size == 0) - return; + if(m_dstWhiteListSlot2.size() == 0) + return true; //On slot2 we allow reflector control IDs, but not secondary TG IDs unless specifically listed if(gt4k) { if (std::find(m_dstWhiteListSlot2.begin(), m_dstWhiteListSlot2.end(), did) != m_dstWhiteListSlot2.end() || did >= 4000) { diff --git a/MMDVMHost.cpp b/MMDVMHost.cpp index c0c725844..940009da0 100644 --- a/MMDVMHost.cpp +++ b/MMDVMHost.cpp @@ -307,13 +307,13 @@ int CMMDVMHost::run() if (blackList.size() > 0U) LogInfo(" Black List: %u", blackList.size()); if (dstIDBlackListSlot1.size() > 0U) - LogInfo(" Slot 1 Destination ID Black List: %u", dstIDBlackListSlot1.size()); + LogInfo(" Slot 1 Destination ID Black List: %u entries", dstIDBlackListSlot1.size()); if (dstIDBlackListSlot2.size() > 0U) - LogInfo(" Slot 2 Destination ID Black List: %u", dstIDBlackListSlot2.size()); + LogInfo(" Slot 2 Destination ID Black List: %u entries", dstIDBlackListSlot2.size()); if (dstIDWhiteListSlot1.size() > 0U) - LogInfo(" Slot 1 Destination ID White List: %u", dstIDWhiteListSlot1.size()); + LogInfo(" Slot 1 Destination ID White List: %u entries", dstIDWhiteListSlot1.size()); if (dstIDWhiteListSlot2.size() > 0U) - LogInfo(" Slot 1 Destination ID White List: %u", dstIDWhiteListSlot2.size()); + LogInfo(" Slot 1 Destination ID White List: %u entries", dstIDWhiteListSlot2.size()); LogInfo(" Timeout: %us", timeout); LogInfo(" Lookup File: %s", lookupFile.length() > 0U ? lookupFile.c_str() : "None"); From 63584b4a3ae094842255c230696e64e26e8e8cd6 Mon Sep 17 00:00:00 2001 From: Simon Date: Fri, 10 Jun 2016 10:57:58 +0100 Subject: [PATCH 17/19] more logging tidying for acl --- DMRSlot.cpp | 4 ++-- MMDVMHost.cpp | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/DMRSlot.cpp b/DMRSlot.cpp index 0f44e9080..143202551 100644 --- a/DMRSlot.cpp +++ b/DMRSlot.cpp @@ -1488,7 +1488,7 @@ bool CDMRSlot::DstIdWhitelist(unsigned int did, unsigned int slot, bool gt4k) if (slot == 1) { if(m_dstWhiteListSlot1.size() == 0) return true; - // No reflectors on slot1, so we only allow all IDs over 10000 unless specifically whitelisted + // No reflectors on slot1, so we only allow all IDs over 10000 unless specifically whitelisted. if(gt4k) { if (std::find(m_dstWhiteListSlot1.begin(), m_dstWhiteListSlot1.end(), did) != m_dstWhiteListSlot1.end() || did >= 10000) { @@ -1502,7 +1502,7 @@ bool CDMRSlot::DstIdWhitelist(unsigned int did, unsigned int slot, bool gt4k) } else { if(m_dstWhiteListSlot2.size() == 0) return true; - //On slot2 we allow reflector control IDs, but not secondary TG IDs unless specifically listed + //On slot2 we allow reflector control IDs, but not secondary TG IDs unless specifically listed. Also allow echo. if(gt4k) { if (std::find(m_dstWhiteListSlot2.begin(), m_dstWhiteListSlot2.end(), did) != m_dstWhiteListSlot2.end() || did >= 4000) { diff --git a/MMDVMHost.cpp b/MMDVMHost.cpp index 940009da0..2d37f93ec 100644 --- a/MMDVMHost.cpp +++ b/MMDVMHost.cpp @@ -313,7 +313,7 @@ int CMMDVMHost::run() if (dstIDWhiteListSlot1.size() > 0U) LogInfo(" Slot 1 Destination ID White List: %u entries", dstIDWhiteListSlot1.size()); if (dstIDWhiteListSlot2.size() > 0U) - LogInfo(" Slot 1 Destination ID White List: %u entries", dstIDWhiteListSlot2.size()); + LogInfo(" Slot 2 Destination ID White List: %u entries", dstIDWhiteListSlot2.size()); LogInfo(" Timeout: %us", timeout); LogInfo(" Lookup File: %s", lookupFile.length() > 0U ? lookupFile.c_str() : "None"); From 42407aed64a9e27358d873db06fb8b1af05c1649 Mon Sep 17 00:00:00 2001 From: Simon Date: Sat, 11 Jun 2016 09:40:14 +0100 Subject: [PATCH 18/19] More blacklist tidying --- README.DMR_ACL | 25 +++++++++++++++++++++++-- 1 file changed, 23 insertions(+), 2 deletions(-) diff --git a/README.DMR_ACL b/README.DMR_ACL index 90d906595..43115f5f2 100644 --- a/README.DMR_ACL +++ b/README.DMR_ACL @@ -3,5 +3,26 @@ To use DMR Access Control you can add the following fields to your MMDVM.ini: Blacklist= DstIdBlackListSlot1= DstIdBlackListSlot2= -DstIdWhiteListSlot1=9 -DstIdWhiteListSlot2=9 \ No newline at end of file +DstIdWhiteListSlot1= +DstIdWhiteListSlot2= + +So, for example: + +DstIdBlackListSlot1=91 - block the TG91 net. + +DstIdWhiteSlot1=9.5057,9990 - allows TG9, APRS SMS Gateway and Echo. + +If the whitelist is null and commented out, it is disabled. + +The whitelist behaves slightly differently on Slot1 than is does on Slot2. + +For Slot1, the whitelist will allow all IDs above 10000 and everything in the whitelist. + +For Slot2, the whitelist will allow all IDs between 4000 and 5000, IDs above 10000 and everything in the whitelist. + +You can use the blacklist with the whitelist if you want to specifically block IDs within the allowed ranges above. + +For example, to block users from disconnecting the reflectors, you could block ID 4000. + +To block users connecting to reflector 4400 you could add ID 4400 to the blacklist for that slot. + From 05c1b525406beb9b881b3041a447e9c300dcbc04 Mon Sep 17 00:00:00 2001 From: Simon Date: Sat, 11 Jun 2016 09:51:18 +0100 Subject: [PATCH 19/19] Tidyed comments --- DMRSlot.cpp | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/DMRSlot.cpp b/DMRSlot.cpp index 143202551..e1bf1feaa 100644 --- a/DMRSlot.cpp +++ b/DMRSlot.cpp @@ -145,7 +145,7 @@ void CDMRSlot::writeModem(unsigned char *data) return; } // add check for valid dst id (e.g. TG) - //AKA - the BlockTheNet modification ;-) + // - G7RZU did = lc->getDstId(); if (DstIdBlacklist(did,m_slotNo)) { @@ -276,7 +276,7 @@ void CDMRSlot::writeModem(unsigned char *data) return; } // add check for valid dst id (e.g. TG) - //AKA - the BlockTheNet modification ;-) + // - G7RZU if (DstIdBlacklist(dstId,m_slotNo)) { LogMessage("DMR Slot %u, invalid access attempt to TG %u (TG blacklisted)", m_slotNo, dstId); @@ -346,7 +346,7 @@ void CDMRSlot::writeModem(unsigned char *data) return; } // add check for valid dst id (e.g. TG) - //AKA - the BlockTheNet modification ;-) + // - G7RZU if (DstIdBlacklist(dstId,m_slotNo)) { LogMessage("DMR Slot %u, invalid access attempt to TG %u (TG blacklisted)", m_slotNo, dstId); @@ -507,7 +507,7 @@ void CDMRSlot::writeModem(unsigned char *data) return; } // add check for valid dst id (e.g. TG) - //AKA - the BlockTheNet modification ;-) + // - G7RZU unsigned int did; did = lc->getDstId(); @@ -790,7 +790,7 @@ void CDMRSlot::writeNetwork (const CDMRData& dmrData) } // add check for valid dst id (e.g. TG) - //AKA - the BlockTheNet modification ;-) + // - G7RZU unsigned int did; did = m_netLC->getDstId(); @@ -878,7 +878,7 @@ void CDMRSlot::writeNetwork (const CDMRData& dmrData) data[1U] = 0x00U; // add check for valid dst id (e.g. TG) - //AKA - the BlockTheNet modification ;-) + // - G7RZU unsigned int did; did = m_netLC->getDstId(); @@ -905,7 +905,7 @@ void CDMRSlot::writeNetwork (const CDMRData& dmrData) CDMRFullLC fullLC; fullLC.encode(*m_netLC, data + 2U, DT_TERMINATOR_WITH_LC); // add check for valid dst id (e.g. TG) - //AKA - the BlockTheNet modification ;-) + // - G7RZU unsigned int did; did = m_netLC->getDstId(); @@ -965,7 +965,7 @@ void CDMRSlot::writeNetwork (const CDMRData& dmrData) m_netLC = new CDMRLC(gi ? FLCO_GROUP : FLCO_USER_USER, srcId, dstId); // add check for valid dst id (e.g. TG) - //AKA - the BlockTheNet modification ;-) + // - G7RZU unsigned int did; did = m_netLC->getDstId(); @@ -1016,7 +1016,7 @@ void CDMRSlot::writeNetwork (const CDMRData& dmrData) if (m_netState == RS_NET_IDLE) { m_netLC = new CDMRLC(dmrData.getFLCO(), dmrData.getSrcId(), dmrData.getDstId()); // add check for valid dst id (e.g. TG) - //AKA - the BlockTheNet modification ;-) + // - G7RZU unsigned int did; did = m_netLC->getDstId(); @@ -1118,7 +1118,7 @@ void CDMRSlot::writeNetwork (const CDMRData& dmrData) if (m_netState != RS_NET_AUDIO) return; // add check for valid dst id (e.g. TG) - //AKA - the BlockTheNet modification ;-) + // - G7RZU unsigned int did; did = m_netLC->getDstId(); @@ -1188,7 +1188,7 @@ void CDMRSlot::writeNetwork (const CDMRData& dmrData) unsigned int srcId = csbk.getSrcId(); unsigned int dstId = csbk.getDstId(); // add check for valid dst id (e.g. TG) - //AKA - the BlockTheNet modification ;-) + // - G7RZU unsigned int did; did = dstId;