search

CiscoDevNet / MUD-Manager

Manufacturer Usage Description (MUD) is a technique whereby constrained end devices (e.g., IoT devices) can signal to the network what sort of access and network functionality they require to properly function
BSD 3-Clause "New" or "Revised" License
22 stars 10 forks source link

Problems with the stable release on Raspberry Pi #41

Open Vafa-Andalibi opened 5 years ago

Vafa-Andalibi commented 5 years ago

I have been trying to run the basic luminaire example (on branch 2.0) on Raspberry Pi but haven't been successful yet. Things that I've found so far:

Thanks,

EDIT:

EDIT 2:

Would you accept a pull request on the stable release if I fix these and submit the PR?

Vafa-Andalibi commented 5 years ago

I managed to run the mud_manager on port 8000, but now the mud_test_client doesn't work:

$ mud_test_client -f Luminaire_150.json -c 127.0.0.1 -p 8000 -w luminaire.example.com
URL:  https://luminaire.example.com/Luminaire_150.json

Starting RESTful client against http://127.0.0.1:8000/getaclname
    with request {
    "MUD_URI":  "https://luminaire.example.com/Luminaire_150.json"
}
Unexpected return code: 204
curl_easy_perform() failed: Failed writing received data to disk/application
Aborting. No ACL name found.

This is the mud_controller output after running the mud_test_client: 

***MUDC [INFO][mudc_print_request_info:2457]--> print parsed HTTP request header info
***MUDC [INFO][mudc_print_request_info:2458]--> request method: POST
***MUDC [INFO][mudc_print_request_info:2459]--> request uri: /getaclname
***MUDC [INFO][mudc_print_request_info:2460]--> local uri: /getaclname
***MUDC [INFO][mudc_print_request_info:2461]--> http version: 1.1
***MUDC [INFO][mudc_print_request_info:2462]--> query string: (null)
***MUDC [INFO][mudc_print_request_info:2463]--> content_length: 66
***MUDC [INFO][mudc_print_request_info:2464]--> remote ip addr: 0x2025fb8
***MUDC [INFO][mudc_print_request_info:2465]--> remote port: 57836
***MUDC [INFO][mudc_print_request_info:2466]--> remote_user: (null)
***MUDC [INFO][mudc_print_request_info:2467]--> is ssl: 0
***MUDC [INFO][mudc_print_request_info:2471]--> header(0): name: <Host>, value: <127.0.0.1:8000>
***MUDC [INFO][mudc_print_request_info:2471]--> header(1): name: <Accept>, value: <application/json>
***MUDC [INFO][mudc_print_request_info:2471]--> header(2): name: <Content-Type>, value: <application/json>
***MUDC [INFO][mudc_print_request_info:2471]--> header(3): name: <Content-Length>, value: <66>
***MUDC [INFO][validate_muduri:2645]--> uri: https://luminaire.example.com/Luminaire_150.json
***MUDC [INFO][validate_muduri:2671]--> ip: luminaire.example.com, filename: Luminaire_150.json
***MUDC [INFO][handle_get_aclname:2830]--> Got URL from message <https://luminaire.example.com/Luminaire_150.json>

***MUDC [INFO][query_policies_by_uri:1639]--> No mudfile policy found for this URI
***MUDC [INFO][find_manufacturer:1605]--> Found Manufacturer index <0>

***MUDC [STATUS][send_mudfs_request:2277]-->
Request URI <https://luminaire.example.com/Luminaire_150.json>

*   Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to luminaire.example.com (127.0.0.1) port 443 (#0)
* SSL: couldn't create a context: error:140A90A1:lib(20):func(169):reason(161)
* Curl_http_done: called premature == 0
* Closing connection 0
***MUDC [ERROR][fetch_file:184]--> curl_easy_perform() failed: Out of memory

***MUDC [INFO][send_mudfs_request:2291]--> Unable to reach MUD fileserver to fetch MUD file.  Will try to append .json
*   Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to luminaire.example.com (127.0.0.1) port 443 (#0)
* SSL: couldn't create a context: error:140A90A1:lib(20):func(169):reason(161)
* Curl_http_done: called premature == 0
* Closing connection 0
***MUDC [ERROR][fetch_file:184]--> curl_easy_perform() failed: Out of memory

***MUDC [ERROR][send_mudfs_request:2299]--> Unable to reach MUD fileserver to fetch .json file
***MUDC [INFO][mudc_construct_head:148]--> status_code: 204, content_len: 14, extra_headers: (null)
***MUDC [INFO][mudc_construct_head:165]--> HTTP header: HTTP/1.1 204 No Content
Content-Length: 14

***MUDC [INFO][send_error_result:189]--> error from FS

***MUDC [ERROR][send_mudfs_request:2442]--> mudfs_conn failed

Also, the file server is working fine (tested it on a browser). I'm not sure whether the problem is the luminaire_conf.json? I just changed the following lines: 

{
...
"Default_Localv4": "192.168.2.0 0.0.0.255",
...
"Manufacturers" : [
        { "authority" : "luminaire.example.com",
                  "cert": "/home/mudtester/luminaire-cacert.pem",
          "my_controller_v4" : "192.168.2.19",
          "local_networks_v4" : "192.168.2.0 0.0.0.255"
        }
     ],
...
}

Any idea what I'm doing wrong?

EDIT: This might be a curl version issue

EDIT2: I just built curl from source on RP, the version is now 7.63, but still I'm getting the same error: ***MUDC [ERROR][fetch_file:184]--> curl_easy_perform() failed: Out of memory

EDIT3: After trying the example on a linux machine, I confirm that this problem is only on Raspberry Pi. I'll post a solution if I found one.

elear commented 5 years ago

Hiya Vafa! Thanks so much for opening the issue. Lots up there. We may need to split these out. Let's start with the easy one. Don't worry about the mongoc_collection_insert_one() bug. I've already whacked the dev release to just do an upsert instead.

That memory error is just a little bit weird. I haven't tested on a Pi, and although I suspect the program leaks like a sieve, it shouldn't leak THAT fast. So I suspect that it's something else. I've been testing on Intel gear. I'll see if I can reproduce with AMD gear.

If there's a doc error on the config file, I've missed that as well.

The general answer is on PRs is that i'm grateful for all of them, and will merge what I can. The dev base, by the way, is highly unstable, and is not guaranteed to even compile. I wouldn't go near it yet.

Vafa-Andalibi commented 5 years ago

Thanks for you comment, I installed Ubuntu Mate on Raspberry Pi 2, and seems like the "Out of Memory" issue is gone but it is still raising error for mogodb version which needs to be at least 3, which is not very easy to install on RP since it's 32bit and the latest available version is 2.4. I'll am trying to run the freeradius + hotspot on RP, and the MUD-manager and file server on an Ubuntu machine. Hopefully I will be able to make it work with this scenario.

elear commented 5 years ago

Hi Vafa, I'd be curious what would be the backward compatibility issue. mongo has definitely changed some of their queries (as discussed above), but I would be surprised if we're really doing something that requires a high version #.

Vafa-Andalibi commented 5 years ago

When I used Ubuntu Mate on Raspberry Pi, it gave me the name of the library call. But unfortunately I don't have it now since I reformatted the Ubuntu Mate to Raspbian Stretch. I am now running:

I'm using another raspberry pi as a client, trying to connect to the network. The WPA-EAP using PEAP with username and password works just fine (mud_manager in this scenario does not do anything). Now I'm trying to connect to the network using x509 certificates as in Luminaire example which mean technically the second Raspberry Pi's access should be limited by MUDs.

But I'm getting errors on wpa_supplicant. After this, I'll definitely go back one more time trying to run the V2.0 on Raspberry Pi.

elear commented 5 years ago

Ok, please send the errors along again. I've got a few MUD URLs up and running that you can test against. Try https://www.mudmaker.org/cloud-K89, for one, and usually there's something at https://www.ofcourseimright.com/Luminaire_150.json.