Topics

ACL in routing apps


Cort N0MJS <n0mjs@...>
 

Guys,

Is anyone using the Access Control List function of bridge, confbridge or proxy?

I have written a much better parser that allows you to use ranges for allowed or denied radio IDs…. but if nobody is using it, why bother, right? If I make the changes, you’ll have to change your ACL file format. So, questions are:

1) you want me to update it?
2) if you have no idea what I’m talking about, should I explain more?

0x49 DE N0MJS

Cort Buffington
785-865-7206


Steve N4IRS
 

Who are you and why are you e-mail me?
I do not use the ACL. That is not to say I will never. Go ahead and change it.

Steve

On 6/29/2017 1:07 PM, Cort N0MJS wrote:
Guys,

Is anyone using the Access Control List function of bridge, confbridge or proxy?

I have written a much better parser that allows you to use ranges for allowed or denied radio IDs…. but if nobody is using it, why bother, right? If I make the changes, you’ll have to change your ACL file format. So, questions are:

1) you want me to update it?
2) if you have no idea what I’m talking about, should I explain more?

0x49 DE N0MJS

Cort Buffington
785-865-7206



Cort N0MJS <n0mjs@...>
 

Oh yeah, and the parsing is MUCH faster in the updated version… with ranges, I’m gonna need that right? Check this out:

time to build ACL: 10.89 seconds
radio IDs in ALC: 6003304
search time 1.90734863281e-06
subscriber 3120201 found in ACL

I had it build a list of about 6 million radio IDs to deny… while that took about 12 seconds for it to build while starting up, searching the list (python type ‘set’ actually - yes, it’s a hashed type) it takes about 2 microseconds to find a match. Now, that’s relative to the machine speed, but based on other per-packet processing actions these programs take, that’s round-off error.



On Jun 29, 2017, at 12:07 PM, Cort N0MJS <n0mjs@...> wrote:

Guys,

Is anyone using the Access Control List function of bridge, confbridge or proxy?

I have written a much better parser that allows you to use ranges for allowed or denied radio IDs…. but if nobody is using it, why bother, right? If I make the changes, you’ll have to change your ACL file format. So, questions are:

1) you want me to update it?
2) if you have no idea what I’m talking about, should I explain more?

0x49 DE N0MJS

Cort Buffington
785-865-7206





Cort Buffington
785-865-7206


Peter M0NWI
 


I think it's great but I would :)

I'd  like a way for it to re-read the file without restarting the bridge though, but I'm hoping to add that, unless its something your on with?

73,
Peter

Sent from Outlook
From: DVSwitch@groups.io <DVSwitch@groups.io> on behalf of Cort N0MJS <n0mjs@...>
Sent: 29 June 2017 18:07:51
To: DVSwitch@groups.io
Subject: [DVSwitch] ACL in routing apps
 
Guys,

Is anyone using the Access Control List function of bridge, confbridge or proxy?

I have written a much better parser that allows you to use ranges for allowed or denied radio IDs…. but if nobody is using it, why bother, right? If I make the changes, you’ll have to change your ACL file format. So, questions are:

1) you want me to update it?
2) if you have no idea what I’m talking about, should I explain more?

0x49 DE N0MJS

Cort Buffington
785-865-7206





Cort N0MJS <n0mjs@...>
 

How would you signal it to re-read it? Network socket? Signal to the process?

On Jun 29, 2017, at 3:35 PM, Peter M0NWI <peter-martin@...> wrote:


I think it's great but I would :)

I'd  like a way for it to re-read the file without restarting the bridge though, but I'm hoping to add that, unless its something your on with?

73,
Peter

Sent from Outlook 
From: DVSwitch@groups.io <DVSwitch@groups.io> on behalf of Cort N0MJS <n0mjs@...>
Sent: 29 June 2017 18:07:51
To: DVSwitch@groups.io
Subject: [DVSwitch] ACL in routing apps
 
Guys,

Is anyone using the Access Control List function of bridge, confbridge or proxy?

I have written a much better parser that allows you to use ranges for allowed or denied radio IDs…. but if nobody is using it, why bother, right? If I make the changes, you’ll have to change your ACL file format. So, questions are:

1) you want me to update it?
2) if you have no idea what I’m talking about, should I explain more?

0x49 DE N0MJS

Cort Buffington
785-865-7206





Cort Buffington
785-865-7206


Peter M0NWI
 


Not thought that through, would be nice to have it detect a hup of some sort, but i suppose i was just thinking of dropping it into the same timespace used by the TG timer flipper, so once a minute?

Sent from Outlook
From: DVSwitch@groups.io <DVSwitch@groups.io> on behalf of Cort N0MJS <n0mjs@...>
Sent: 29 June 2017 21:48:02
To: DVSwitch@groups.io
Subject: Re: [DVSwitch] ACL in routing apps
 
How would you signal it to re-read it? Network socket? Signal to the process?

On Jun 29, 2017, at 3:35 PM, Peter M0NWI <peter-martin@...> wrote:


I think it's great but I would :)

I'd  like a way for it to re-read the file without restarting the bridge though, but I'm hoping to add that, unless its something your on with?

73,
Peter

Sent from Outlook 
From: DVSwitch@groups.io <DVSwitch@groups.io> on behalf of Cort N0MJS <n0mjs@...>
Sent: 29 June 2017 18:07:51
To: DVSwitch@groups.io
Subject: [DVSwitch] ACL in routing apps
 
Guys,

Is anyone using the Access Control List function of bridge, confbridge or proxy?

I have written a much better parser that allows you to use ranges for allowed or denied radio IDs…. but if nobody is using it, why bother, right? If I make the changes, you’ll have to change your ACL file format. So, questions are:

1) you want me to update it?
2) if you have no idea what I’m talking about, should I explain more?

0x49 DE N0MJS

Cort Buffington
785-865-7206





Cort Buffington
785-865-7206


Matthew 2E0SIP
 

How would you signal it to re-read it? Network socket? Signal to the process?
My personal suggestion would be to explore using a distributed distributed hash table such as memcached or REDIS, so external processes can add/remove the ACLs when required.

A distributed 'database' could also be used in future for ensuring redundancy (Two HB Link servers, with shared states),  'switching' private calls (I.E which DMR ID is behind which HB/IPSC client for efficient routing of calls), and also aid with building a user interface similar to the BM dashboard where a user can assign and unassign talk groups

Maybe I'm getting carried away...


Peter M0NWI
 

Hi Matthew,


My longer term goal was to be able to say use a web page to add entries, or even an automated algorithm to calculate excessive blocking of TG's and add an entry for a specific time period?


73,

Peter



From: DVSwitch@groups.io <DVSwitch@groups.io> on behalf of Matthew 2E0SIP <groups.io@...>
Sent: 30 June 2017 10:55
To: DVSwitch@groups.io
Subject: Re: [DVSwitch] ACL in routing apps
 
How would you signal it to re-read it? Network socket? Signal to the process?
My personal suggestion would be to explore using a distributed distributed hash table such as memcached or REDIS, so external processes can add/remove the ACLs when required.

A distributed 'database' could also be used in future for ensuring redundancy (Two HB Link servers, with shared states),  'switching' private calls (I.E which DMR ID is behind which HB/IPSC client for efficient routing of calls), and also aid with building a user interface similar to the BM dashboard where a user can assign and unassign talk groups

Maybe I'm getting carried away...