CiscoDevNet
Problems with the stable release on Raspberry Pi
I have been trying to run the basic luminaire example (on branch 2.0) on Raspberry Pi but haven't been successful yet. Things that I've found so far:
-
The Readme is suggesting installing "Mongo C driver V1.7.0", yet the code is using
mongoc_collection_insert_one()which doesn't exist in V1.7.0 (here). So I built and installed V1.13.0 to be able to make the mud-manager. -
There are a few bracket mismatch in
luminaire_conf.jsonwhich causes themud_manager -f ./luminaire_conf.jsonto raise error. Does it mean the luminaire example isn't tested in the stable release?
Thanks,
EDIT:
- Another minor issue in the documentation:
/usr/local/etc/mud_manager_config.jsonis changed to/usr/local/etc/mud_manager_conf.jsonapparently and should be updated in the documentation.
EDIT 2:
Would you accept a pull request on the stable release if I fix these and submit the PR?
I managed to run the mud_manager on port 8000, but now the mud_test_client doesn't work:
$ mud_test_client -f Luminaire_150.json -c 127.0.0.1 -p 8000 -w luminaire.example.com
URL: https://luminaire.example.com/Luminaire_150.json
Starting RESTful client against http://127.0.0.1:8000/getaclname
with request {
"MUD_URI": "https://luminaire.example.com/Luminaire_150.json"
}
Unexpected return code: 204
curl_easy_perform() failed: Failed writing received data to disk/application
Aborting. No ACL name found.
This is the mud_controller output after running the mud_test_client:
***MUDC [INFO][mudc_print_request_info:2457]--> print parsed HTTP request header info
***MUDC [INFO][mudc_print_request_info:2458]--> request method: POST
***MUDC [INFO][mudc_print_request_info:2459]--> request uri: /getaclname
***MUDC [INFO][mudc_print_request_info:2460]--> local uri: /getaclname
***MUDC [INFO][mudc_print_request_info:2461]--> http version: 1.1
***MUDC [INFO][mudc_print_request_info:2462]--> query string: (null)
***MUDC [INFO][mudc_print_request_info:2463]--> content_length: 66
***MUDC [INFO][mudc_print_request_info:2464]--> remote ip addr: 0x2025fb8
***MUDC [INFO][mudc_print_request_info:2465]--> remote port: 57836
***MUDC [INFO][mudc_print_request_info:2466]--> remote_user: (null)
***MUDC [INFO][mudc_print_request_info:2467]--> is ssl: 0
***MUDC [INFO][mudc_print_request_info:2471]--> header(0): name: <Host>, value: <127.0.0.1:8000>
***MUDC [INFO][mudc_print_request_info:2471]--> header(1): name: <Accept>, value: <application/json>
***MUDC [INFO][mudc_print_request_info:2471]--> header(2): name: <Content-Type>, value: <application/json>
***MUDC [INFO][mudc_print_request_info:2471]--> header(3): name: <Content-Length>, value: <66>
***MUDC [INFO][validate_muduri:2645]--> uri: https://luminaire.example.com/Luminaire_150.json
***MUDC [INFO][validate_muduri:2671]--> ip: luminaire.example.com, filename: Luminaire_150.json
***MUDC [INFO][handle_get_aclname:2830]--> Got URL from message <https://luminaire.example.com/Luminaire_150.json>
***MUDC [INFO][query_policies_by_uri:1639]--> No mudfile policy found for this URI
***MUDC [INFO][find_manufacturer:1605]--> Found Manufacturer index <0>
***MUDC [STATUS][send_mudfs_request:2277]-->
Request URI <https://luminaire.example.com/Luminaire_150.json>
* Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to luminaire.example.com (127.0.0.1) port 443 (#0)
* SSL: couldn't create a context: error:140A90A1:lib(20):func(169):reason(161)
* Curl_http_done: called premature == 0
* Closing connection 0
***MUDC [ERROR][fetch_file:184]--> curl_easy_perform() failed: Out of memory
***MUDC [INFO][send_mudfs_request:2291]--> Unable to reach MUD fileserver to fetch MUD file. Will try to append .json
* Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to luminaire.example.com (127.0.0.1) port 443 (#0)
* SSL: couldn't create a context: error:140A90A1:lib(20):func(169):reason(161)
* Curl_http_done: called premature == 0
* Closing connection 0
***MUDC [ERROR][fetch_file:184]--> curl_easy_perform() failed: Out of memory
***MUDC [ERROR][send_mudfs_request:2299]--> Unable to reach MUD fileserver to fetch .json file
***MUDC [INFO][mudc_construct_head:148]--> status_code: 204, content_len: 14, extra_headers: (null)
***MUDC [INFO][mudc_construct_head:165]--> HTTP header: HTTP/1.1 204 No Content
Content-Length: 14
***MUDC [INFO][send_error_result:189]--> error from FS
***MUDC [ERROR][send_mudfs_request:2442]--> mudfs_conn failed
Also, the file server is working fine (tested it on a browser). I'm not sure whether the problem is the luminaire_conf.json? I just changed the following lines:
{
...
"Default_Localv4": "192.168.2.0 0.0.0.255",
...
"Manufacturers" : [
{ "authority" : "luminaire.example.com",
"cert": "/home/mudtester/luminaire-cacert.pem",
"my_controller_v4" : "192.168.2.19",
"local_networks_v4" : "192.168.2.0 0.0.0.255"
}
],
...
}
Any idea what I'm doing wrong?
EDIT: This might be a curl version issue
EDIT2:
I just built curl from source on RP, the version is now 7.63, but still I'm getting the same error:
***MUDC [ERROR][fetch_file:184]--> curl_easy_perform() failed: Out of memory
EDIT3: After trying the example on a linux machine, I confirm that this problem is only on Raspberry Pi. I'll post a solution if I found one.
Hiya Vafa! Thanks so much for opening the issue. Lots up there. We may need to split these out. Let's start with the easy one. Don't worry about the mongoc_collection_insert_one() bug. I've already whacked the dev release to just do an upsert instead.
That memory error is just a little bit weird. I haven't tested on a Pi, and although I suspect the program leaks like a sieve, it shouldn't leak THAT fast. So I suspect that it's something else. I've been testing on Intel gear. I'll see if I can reproduce with AMD gear.
If there's a doc error on the config file, I've missed that as well.
The general answer is on PRs is that i'm grateful for all of them, and will merge what I can. The dev base, by the way, is highly unstable, and is not guaranteed to even compile. I wouldn't go near it yet.
Thanks for you comment, I installed Ubuntu Mate on Raspberry Pi 2, and seems like the "Out of Memory" issue is gone but it is still raising error for mogodb version which needs to be at least 3, which is not very easy to install on RP since it's 32bit and the latest available version is 2.4. I'll am trying to run the freeradius + hotspot on RP, and the MUD-manager and file server on an Ubuntu machine. Hopefully I will be able to make it work with this scenario.
Hi Vafa, I'd be curious what would be the backward compatibility issue. mongo has definitely changed some of their queries (as discussed above), but I would be surprised if we're really doing something that requires a high version #.
When I used Ubuntu Mate on Raspberry Pi, it gave me the name of the library call. But unfortunately I don't have it now since I reformatted the Ubuntu Mate to Raspbian Stretch. I am now running:
- Mud_manger on my Ubuntu 18.04 computer
- hostapd + Freeradius on a Raspberry Pi (Raspbian Stretch)
- wpa_supplicant on another raspberry pi (Raspbian Stretch)
I'm using another raspberry pi as a client, trying to connect to the network. The WPA-EAP using PEAP with username and password works just fine (mud_manager in this scenario does not do anything). Now I'm trying to connect to the network using x509 certificates as in Luminaire example which mean technically the second Raspberry Pi's access should be limited by MUDs.
But I'm getting errors on wpa_supplicant. After this, I'll definitely go back one more time trying to run the V2.0 on Raspberry Pi.
Ok, please send the errors along again. I've got a few MUD URLs up and running that you can test against. Try https://www.mudmaker.org/cloud-K89, for one, and usually there's something at https://www.ofcourseimright.com/Luminaire_150.json.