diff --git a/ipsc.py b/ipsc.py index e9863bc..9f4e5a6 100644 --- a/ipsc.py +++ b/ipsc.py @@ -17,9 +17,6 @@ import hmac import hashlib import socket -#from logging.config import dictConfig -#import logging - #************************************************ # IMPORTING OTHER FILES - '#include' @@ -63,12 +60,14 @@ except ImportError: # Remove the hash from a paket and return the payload # def strip_hash(_data): +# _log = logger.debug return _data[:-10] # Determine if the provided peer ID is valid for the provided network # def valid_peer(_peer_list, _peerid): +# _log = logger.debug if _peerid in _peer_list: return True return False @@ -77,6 +76,7 @@ def valid_peer(_peer_list, _peerid): # Determine if the provided master ID is valid for the provided network # def valid_master(_network, _peerid): +# _log = logger.debug if NETWORK[_network]['MASTER']['RADIO_ID'] == _peerid: return True else: @@ -86,133 +86,151 @@ def valid_master(_network, _peerid): # Take a packet to be SENT, calcualte auth hash and return the whole thing # def hashed_packet(_key, _data): - hash = binascii.a2b_hex((hmac.new(_key,_data,hashlib.sha1)).hexdigest()[:20]) - return (_data + hash) +# _log = logger.debug + _hash = binascii.a2b_hex((hmac.new(_key,_data,hashlib.sha1)).hexdigest()[:20]) + return (_data + _hash) # Take a RECEIVED packet, calculate the auth hash and verify authenticity # def validate_auth(_key, _data): - _log = logger.debug - _payload = _data[:-10] +# _log = logger.debug + _payload = strip_hash(_data) _hash = _data[-10:] - _chk_hash = binascii.a2b_hex((hmac.new(_key,_payload,hashlib.sha1)).hexdigest()[:20]) - + _chk_hash = binascii.a2b_hex((hmac.new(_key,_payload,hashlib.sha1)).hexdigest()[:20]) + if _chk_hash == _hash: - _log(' AUTH: Valid - Payload: %s, Hash: %s', binascii.b2a_hex(_payload), binascii.b2a_hex(_hash)) +# _log(' AUTH: Valid - Payload: %s, Hash: %s', binascii.b2a_hex(_payload), binascii.b2a_hex(_hash)) return True else: - _log(' AUTH: Invalid - Payload: %s, Hash: %s', binascii.b2a_hex(_payload), binascii.b2a_hex(_hash)) +# _log(' AUTH: Invalid - Payload: %s, Hash: %s', binascii.b2a_hex(_payload), binascii.b2a_hex(_hash)) return False # Forward Group Voice Packet # def fwd_group_voice(_network, _data): +# _log = logger.debug _src_group = _data[9:12] _src_ipsc = _data[1:5] for source in NETWORK[_network]['RULES']['GROUP_VOICE']: + # Matching for rules is against the Destination Group in the SOURCE packet (SRC_GROUP) if source['SRC_GROUP'] == _src_group: _target = source['DST_NET'] _target_sock = NETWORK[_target]['MASTER']['IP'], NETWORK[_target]['MASTER']['PORT'] + # Re-Write the IPSC SRC to match the target network's ID _data = _data.replace(_src_ipsc, NETWORK[_target]['LOCAL']['RADIO_ID']) + # Re-Write the destinaion Group ID _data = _data.replace(_src_group, source['DST_GROUP']) - _data = hashed_packet(NETWORK[_target]['LOCAL']['AUTH_KEY'], _data) + # Calculate and append the authentication hash for the target network... if necessary + if NETWORK[_target]['LOCAL']['AUTH_KEY'] == True: + _data = hashed_packet(NETWORK[_target]['LOCAL']['AUTH_KEY'], _data) + # Send the packet to all peers in the target IPSC send_to_ipsc(_target, _data) # Accept a complete packet, ready to be sent, and send it to all active peers + master in an IPSC # def send_to_ipsc(_target, _packet): +# _log = logger.debug + # Send to the Master networks[_target].transport.write(_packet, (NETWORK[_target]['MASTER']['IP'], NETWORK[_target]['MASTER']['PORT'])) + # Send to each connected Peer for peer in NETWORK[_target]['PEERS']: if peer['STATUS']['CONNECTED'] == True: networks[_target].transport.write(_packet, (peer['IP'], peer['PORT'])) - + +# De-register a peer from an IPSC by removing it's infomation +# +def de_register_peer(_network, _peerid): +# _log = logger.debug + # Iterate for the peer in our data + for peer in NETWORK[_network]['PEERS']: + # If we find the peer, remove it (we should find it) + if _peerid == peer['RADIO_ID']: + NETWORK[_network]['PEERS'].remove(peer) + + # Take a recieved peer list and the network it belongs to, process and populate the -# data structure in my_ipsc_config with the results. +# data structure in my_ipsc_config with the results, and return a simple list of peers. # def process_peer_list(_data, _network, _peer_list): - _log = logger.debug - +# _log = logger.debug + # Set the status flag to indicate we have recieved a Peer List NETWORK[_network]['MASTER']['STATUS']['PEER-LIST'] = True + # Determine how many peers are in the list by parsing the packet _num_peers = int(str(int(binascii.b2a_hex(_data[5:7]), 16))[1:]) + # Record the number of peers in the data structure... we'll use it later. NETWORK[_network]['LOCAL']['NUM_PEERS'] = _num_peers + # _log('<<- (%s) The Peer List has been Received from Master\n%s There are %s peers in this IPSC Network', _network, (' '*(len(_network)+7)), _num_peers) - _log('<<- (%s) The Peer List has been Received from Master\n%s \ - There are %s peers in this IPSC Network', _network, (' '*(len(_network)+7)), _num_peers) - + # Iterate each peer entry in the peer list. Skip the header, then pull the next peer, the next, etc. for i in range(7, (_num_peers*11)+7, 11): - hex_radio_id = (_data[i:i+4]) - hex_address = (_data[i+4:i+8]) - ip_address = socket.inet_ntoa(hex_address) - hex_port = (_data[i+8:i+10]) - port = int(binascii.b2a_hex(hex_port), 16) - hex_mode = (_data[i+10:i+11]) - decoded_mode = mode_decode(hex_mode, _data) + # Extract various elements from each entry... + _hex_radio_id = (_data[i:i+4]) + _hex_address = (_data[i+4:i+8]) + _ip_address = socket.inet_ntoa(_hex_address) + _hex_port = (_data[i+8:i+10]) + _port = int(binascii.b2a_hex(_hex_port), 16) + _hex_mode = (_data[i+10:i+11]) + _mode = int(binascii.b2a_hex(_hex_mode), 16) + # mask individual Mode parameters + _link_op = _mode & PEER_OP_MSK + _link_mode = _mode & PEER_MODE_MSK + _ts1 = _mode & IPSC_TS1_MSK + _ts2 = _mode & IPSC_TS2_MSK + + # Determine whether or not the peer is operational + if _link_op == 0b01000000: + _peer_op = True + else: + _peer_op = False + + # Determine the operational mode of the peer + if _link_mode == 0b00000000: + _peer_mode = 'NO_RADIO' + elif _link_mode == 0b00010000: + _peer_mode = 'ANALOG' + elif _link_mode == 0b00100000: + _peer_mode = 'DIGITAL' + else: + _peer_node = 'NO_RADIO' + + # Determine whether or not timeslot 1 is linked + if _ts1 == 0b00001000: + _ts1 = True + else: + _ts1 = False + + # Determine whether or not timeslot 2 is linked + if _ts2 == 0b00000010: + _ts2 = True + else: + _ts2 = False - if hex_radio_id not in _peer_list: - _peer_list.append(hex_radio_id) + # If this entry was NOT already in our list, add it. + if _hex_radio_id not in _peer_list: + _peer_list.append(_hex_radio_id) NETWORK[_network]['PEERS'].append({ - 'RADIO_ID': hex_radio_id, - 'IP': ip_address, - 'PORT': port, - 'MODE': hex_mode, - 'PEER_OPER': decoded_mode[0], - 'PEER_MODE': decoded_mode[1], - 'TS1_LINK': decoded_mode[2], - 'TS2_LINK': decoded_mode[3], + 'RADIO_ID': _hex_radio_id, + 'IP': _ip_address, + 'PORT': _port, + 'MODE': _hex_mode, + 'PEER_OPER': _peer_op, + 'PEER_MODE': _peer_mode, + 'TS1_LINK': _ts1, + 'TS2_LINK': _ts2, 'STATUS': {'CONNECTED': False, 'KEEP_ALIVES_SENT': 0, 'KEEP_ALIVES_MISSED': 0, 'KEEP_ALIVES_OUTSTANDING': 0} }) return _peer_list -# Given a mode byte, decode the functions and return a tuple of results -# -def mode_decode(_mode, _data): - _log = logger.debug - _mode = int(binascii.b2a_hex(_mode), 16) - link_op = _mode & PEER_OP_MSK - link_mode = _mode & PEER_MODE_MSK - ts1 = _mode & IPSC_TS1_MSK - ts2 = _mode & IPSC_TS2_MSK - # Determine whether or not the peer is operational - if link_op == 0b01000000: - _peer_op = True - elif link_op == 0b00000000: - _peer_op = False - else: - _peer_op = False - # Determine the operational mode of the peer - if link_mode == 0b00000000: - _peer_mode = 'NO_RADIO' - elif link_mode == 0b00010000: - _peer_mode = 'ANALOG' - elif link_mode == 0b00100000: - _peer_mode = 'DIGITAL' - else: - _peer_node = 'NO_RADIO' - # Determine whether or not timeslot 1 is linked - if ts1 == 0b00001000: - _ts1 = True - else: - _ts1 = False - # Determine whether or not timeslot 2 is linked - if ts2 == 0b00000010: - _ts2 = True - else: - _ts2 = False - # Return a tuple with the decoded values - return _peer_op, _peer_mode, _ts1, _ts2 - - # Gratuituous print-out of the peer list.. Pretty much debug stuff. # def print_peer_list(_network): - _log = logger.info -# os.system('clear') +# _log = logger.info if not NETWORK[_network]['PEERS']: print('No peer list for: {}' .format(_network)) return @@ -250,7 +268,8 @@ class IPSC(DatagramProtocol): if len(args) == 1: # Housekeeping: create references to the configuration and status data for this IPSC instance. # Some configuration objects that are used frequently and have lengthy names are shortened - # such as (self._master_sock) expands to (self._config['MASTER']['IP'], self._config['MASTER']['PORT']) + # such as (self._master_sock) expands to (self._config['MASTER']['IP'], self._config['MASTER']['PORT']). + # Note that many of them reference each other... this is the Pythonic way. # self._network = args[0] self._config = NETWORK[self._network] @@ -274,7 +293,8 @@ class IPSC(DatagramProtocol): args = () - # Packet 'constructors' - builds the necessary control packets for this IPSC instance + # Packet 'constructors' - builds the necessary control packets for this IPSC instance. + # This isn't really necessary for anything other than readability (reduction of code golf) # self.TS_FLAGS = (self._local['MODE'] + self._local['FLAGS']) self.MASTER_REG_REQ_PKT = (MASTER_REG_REQ + self._local_id + self.TS_FLAGS + IPSC_VER) @@ -310,54 +330,72 @@ class IPSC(DatagramProtocol): # TIMED LOOP - MY CONNECTION MAINTENANCE #************************************************ - def timed_loop(self): + def timed_loop(self): + # Right now, without this, we really dont' know anything is happening. print_peer_list(self._network) + # If the master isn't connected, we have to do that before we can do anything else! if (self._master_stat['CONNECTED'] == False): reg_packet = hashed_packet(self._local['AUTH_KEY'], self.MASTER_REG_REQ_PKT) self.transport.write(reg_packet, (self._master_sock)) + # Once the master is connected, we have to send keep-alives.. and make sure we get them back elif (self._master_stat['CONNECTED'] == True): + # Send keep-alive to the master master_alive_packet = hashed_packet(self._local['AUTH_KEY'], self.MASTER_ALIVE_PKT) self.transport.write(master_alive_packet, (self._master_sock)) + # If we had a keep-alive outstanding by the time we send another, mark it missed. if (self._master_stat['KEEP_ALIVES_OUTSTANDING']) > 0: self._master_stat['KEEP_ALIVES_MISSED'] += 1 + # If we have missed too many keep-alives, de-regiseter the master and start over. if self._master_stat['KEEP_ALIVES_OUTSTANDING'] >= self._local['MAX_MISSED']: self._master_stat['CONNECTED'] = False logger.error('Maximum Master Keep-Alives Missed -- De-registering the Master') - + + # Update our stats before we move on... self._master_stat['KEEP_ALIVES_SENT'] += 1 self._master_stat['KEEP_ALIVES_OUTSTANDING'] += 1 else: + # This is bad. If we get this message, probably need to restart the program. logger.error('->> (%s) Master in UNKOWN STATE:%s:%s', self._network, self._master_sock) - - if ((self._master_stat['CONNECTED'] == True) and (self._master_stat['PEER-LIST'] == False)): + + # If the master is connected and we don't have a peer-list yet.... + if ((self._master_stat['CONNECTED'] == True) and (self._master_stat['PEER-LIST'] == False)): + # Ask the master for a peer-list peer_list_req_packet = hashed_packet(self._local['AUTH_KEY'], self.PEER_LIST_REQ_PKT) self.transport.write(peer_list_req_packet, (self._master_sock)) + # If we do ahve a peer-list, we need to register with the peers and send keep-alives... if (self._master_stat['PEER-LIST'] == True): + # Iterate the list of peers... so we do this for each one. for peer in (self._peers): - if (peer['RADIO_ID'] == self._local_id): # We are in the peer-list, but don't need to talk to ourselves + # We will show up in the peer list, but shouldn't try to talk to ourselves. + if (peer['RADIO_ID'] == self._local_id): continue + # If we haven't registered to a peer, send a registration if peer['STATUS']['CONNECTED'] == False: peer_reg_packet = hashed_packet(self._local['AUTH_KEY'], self.PEER_REG_REQ_PKT) self.transport.write(peer_reg_packet, (peer['IP'], peer['PORT'])) + # If we have registered with the peer, then send a keep-alive elif peer['STATUS']['CONNECTED'] == True: peer_alive_req_packet = hashed_packet(self._local['AUTH_KEY'], self.PEER_ALIVE_REQ_PKT) self.transport.write(peer_alive_req_packet, (peer['IP'], peer['PORT'])) - + + # If we have a keep-alive outstanding by the time we send another, mark it missed. if peer['STATUS']['KEEP_ALIVES_OUTSTANDING'] > 0: peer['STATUS']['KEEP_ALIVES_MISSED'] += 1 - + + # If we have missed too many keep-alives, de-register the peer and start over. if peer['STATUS']['KEEP_ALIVES_OUTSTANDING'] >= self._local['MAX_MISSED']: peer['STATUS']['CONNECTED'] = False self._peer_list.remove(peer['RADIO_ID']) # Remove the peer from the simple list FIRST self._peers.remove(peer) # Becuase once it's out of the dictionary, you can't use it for anything else. logger.error('Maximum Peer Keep-Alives Missed -- De-registering the Peer: %s', peer) + # Update our stats before moving on... peer['STATUS']['KEEP_ALIVES_SENT'] += 1 peer['STATUS']['KEEP_ALIVES_OUTSTANDING'] += 1 @@ -367,7 +405,12 @@ class IPSC(DatagramProtocol): # RECEIVED DATAGRAM - ACT IMMEDIATELY!!! #************************************************ - # Actions for recieved packets by type: Call a function or process here... + # Actions for recieved packets by type: For every packet recieved, there are some things that we need to do: + # Decode some of the info + # Check for auth and authenticate the packet + # Strip the hash from the end... we don't need it anymore + # + # Once they're done, we move on to the proccessing or callbacks for each packet type. # def datagramReceived(self, data, (host, port)): _packettype = data[0:1] @@ -377,53 +420,70 @@ class IPSC(DatagramProtocol): # First action: if Authentication is active, authenticate the packet # if bool(self._local['AUTH_KEY']) == True: + # Validate if validate_auth(self._local['AUTH_KEY'], data) == False: logger.warning('(%s) AuthError: IPSC packet failed authentication. Type %s: Peer ID: %s', self._network, binascii.b2a_hex(_packettype), _dec_peerid) return + # Strip the hash, we won't need it anymore data = strip_hash(data) # Packets generated by "users" that are the most common should come first for efficiency. # if (_packettype == GROUP_VOICE): + # Don't take action unless it's from a valid peer (including the master, of course) if not(valid_master(self._network, _peerid) == False or valid_peer(self._peer_list, _peerid) == False): logger.warning('(%s) PeerError: Peer not in peer-list: %s', self._network, _dec_peerid) return + # Group voice callback function fwd_group_voice(self._network, data) # IPSC keep alives, master and peer, come next in processing priority # elif (_packettype == PEER_ALIVE_REQ): + # We should not answer a keep-alive request from a peer we don't know about! if valid_peer(self._peer_list, _peerid) == False: logger.warning('(%s) PeerError: Peer %s not in peer-list: %s', self._network, _dec_peerid, self._peer_list) return + + # Generate a hashed paket from our template and send it. peer_alive_reply_packet = hashed_packet(self._local['AUTH_KEY'], self.PEER_ALIVE_REPLY_PKT) self.transport.write(peer_alive_reply_packet, (host, port)) elif (_packettype == MASTER_ALIVE_REPLY): + # We should not accept keep-alive reply from someone claming to be a master who isn't! if valid_master(self._network, _peerid) == False: logger.warning('(%s) PeerError: Peer %s not in peer-list: %s', self._network, _dec_peerid, self._peer_list) return - - logger.debug('<<- (%s) Master Keep-alive Reply From: %s \t@ IP: %s:%s', self._network, _dec_peerid, host, port) + + # logger.debug('<<- (%s) Master Keep-alive Reply From: %s \t@ IP: %s:%s', self._network, _dec_peerid, host, port) + # This action is so simple, it doesn't require a callback function, master is responding, we're good. self._master_stat['KEEP_ALIVES_OUTSTANDING'] = 0 elif (_packettype == PEER_ALIVE_REPLY): + # Find the peer in our list of peers... for peer in self._config['PEERS']: if peer['RADIO_ID'] == _peerid: + # No callback funcntion needed, set the outstanding keepalives to 0, and move on. peer['STATUS']['KEEP_ALIVES_OUTSTANDING'] = 0 # Registration requests and replies are infrequent, but important. Peer lists can go here too as a part # of the registration process. # elif (_packettype == MASTER_REG_REQ): - logger.debug('<<- (%s) Master Registration Packet Recieved', self._network) + # We can't operate as a master as of now, so we should never receive one of these. + # logger.debug('<<- (%s) Master Registration Packet Recieved', self._network) + pass + # When we hear from the maseter, record it's ID, flag that we're connected, and reset the dead counter. elif (_packettype == MASTER_REG_REPLY): self._master['RADIO_ID'] = _peerid self._master_stat['CONNECTED'] = True self._master_stat['KEEP_ALIVES_OUTSTANDING'] = 0 - + + # Answer a peer registration request -- simple, no callback runction needed elif (_packettype == PEER_REG_REQ): +# TO DO TO DO TO DO TO DO ***ADD CODE TO VALIDATE THE PEER IS IN OUR PEER-LIST HERE*** +# ***MAKE SURE WE CHECK TO SEE IF WE NEED TO MAKE AN AUTHENITCATED PACKET FIRST*** peer_reg_reply_packet = hashed_packet(self._local['AUTH_KEY'], self.PEER_REG_REPLY_PKT) self.transport.write(peer_reg_reply_packet, (host, port)) @@ -447,6 +507,7 @@ class IPSC(DatagramProtocol): logger.warning('<<- (%s) Private Data Packet From From:%s:%s', self._network, host, port) elif (_packettype == DE_REG_REQ): + de_register_peer(self._network, _peerid) logger.warning('<<- (%s) Peer De-Registration Request From:%s:%s', self._network, host, port) elif (_packettype == DE_REG_REPLY): diff --git a/ipsc_message_types.py b/ipsc_message_types.py index a79d47b..7772445 100644 --- a/ipsc_message_types.py +++ b/ipsc_message_types.py @@ -46,6 +46,7 @@ LINK_TYPE_IPSC = b'\x04' IPSC_VER = LINK_TYPE_IPSC + IPSC_VER_19 + LINK_TYPE_IPSC + IPSC_VER_17 # Conditions for accepting certain types of messages... the cornerstone of a secure IPSC system :) +''' REQ_VALID_PEER = [ PEER_REG_REQ, PEER_REG_REPLY @@ -80,4 +81,5 @@ REQ_PEER_CONNECTED = [ REQ_VALID_MASTER_OR_PEER = [ REQ_VALID_PEER, REQ_VALID_MASTER -] \ No newline at end of file +] +''' \ No newline at end of file