Date
1 - 8 of 8
ACL in routing apps
Cort N0MJS <n0mjs@...>
Guys,
Is anyone using the Access Control List function of bridge, confbridge or proxy? I have written a much better parser that allows you to use ranges for allowed or denied radio IDs…. but if nobody is using it, why bother, right? If I make the changes, you’ll have to change your ACL file format. So, questions are: 1) you want me to update it? 2) if you have no idea what I’m talking about, should I explain more? 0x49 DE N0MJS Cort Buffington 785-865-7206
|
|
Who are you and why are you e-mail me?
toggle quoted messageShow quoted text
I do not use the ACL. That is not to say I will never. Go ahead and change it. Steve
On 6/29/2017 1:07 PM, Cort N0MJS wrote:
Guys,
|
|
Cort N0MJS <n0mjs@...>
Oh yeah, and the parsing is MUCH faster in the updated version… with ranges, I’m gonna need that right? Check this out:
time to build ACL: 10.89 seconds radio IDs in ALC: 6003304 search time 1.90734863281e-06 subscriber 3120201 found in ACL I had it build a list of about 6 million radio IDs to deny… while that took about 12 seconds for it to build while starting up, searching the list (python type ‘set’ actually - yes, it’s a hashed type) it takes about 2 microseconds to find a match. Now, that’s relative to the machine speed, but based on other per-packet processing actions these programs take, that’s round-off error.
Cort Buffington 785-865-7206
|
|
Peter M0NWI
I think it's great but I would :) I'd like a way for it to re-read the file without restarting the bridge though, but I'm hoping to add that, unless its something your on with? 73, Peter Sent from Outlook From: DVSwitch@groups.io <DVSwitch@groups.io> on behalf of Cort N0MJS <n0mjs@...>
Sent: 29 June 2017 18:07:51 To: DVSwitch@groups.io Subject: [DVSwitch] ACL in routing apps Guys,
Is anyone using the Access Control List function of bridge, confbridge or proxy? I have written a much better parser that allows you to use ranges for allowed or denied radio IDs…. but if nobody is using it, why bother, right? If I make the changes, you’ll have to change your ACL file format. So, questions are: 1) you want me to update it? 2) if you have no idea what I’m talking about, should I explain more? 0x49 DE N0MJS Cort Buffington 785-865-7206
|
|
Cort N0MJS <n0mjs@...>
How would you signal it to re-read it? Network socket? Signal to the process?
Cort Buffington 785-865-7206
|
|
Peter M0NWI
Not thought that through, would be nice to have it detect a hup of some sort, but i suppose i was just thinking of dropping it into the same timespace used by the TG timer flipper, so once a minute? Sent from Outlook From: DVSwitch@groups.io <DVSwitch@groups.io> on behalf of Cort N0MJS <n0mjs@...>
Sent: 29 June 2017 21:48:02 To: DVSwitch@groups.io Subject: Re: [DVSwitch] ACL in routing apps How would you signal it to re-read it? Network socket? Signal to the process?
Cort Buffington
785-865-7206
|
|
Matthew 2E0SIP
How would you signal it to re-read it? Network socket? Signal to the process?My personal suggestion would be to explore using a distributed distributed hash table such as memcached or REDIS, so external processes can add/remove the ACLs when required. A distributed 'database' could also be used in future for ensuring redundancy (Two HB Link servers, with shared states), 'switching' private calls (I.E which DMR ID is behind which HB/IPSC client for efficient routing of calls), and also aid with building a user interface similar to the BM dashboard where a user can assign and unassign talk groups Maybe I'm getting carried away...
|
|
Peter M0NWI
Hi Matthew,
My longer term goal was to be able to say use a web page to add entries, or even an automated algorithm to calculate excessive blocking of TG's and add an entry for a specific time period?
73, Peter
From: DVSwitch@groups.io <DVSwitch@groups.io> on behalf of Matthew 2E0SIP <groups.io@...>
Sent: 30 June 2017 10:55 To: DVSwitch@groups.io Subject: Re: [DVSwitch] ACL in routing apps How would you signal it to re-read it? Network socket? Signal to the process?My personal suggestion would be to explore using a distributed distributed hash table such as memcached or REDIS, so external processes can add/remove the ACLs when required. A distributed 'database' could also be used in future for ensuring redundancy (Two HB Link servers, with shared states), 'switching' private calls (I.E which DMR ID is behind which HB/IPSC client for efficient routing of calls), and also aid with building a user interface similar to the BM dashboard where a user can assign and unassign talk groups Maybe I'm getting carried away...
|
|