How to configure hostapd for MACSEC? - hostapd

I'm trying to configure hostapd to dynamically set up a MACSEC channel after authentication.
From the sample hostapd.conf file, there is an entire section that talks about MACSEC configuration items, which says
##### MACsec ##################################################################
# macsec_policy: IEEE 802.1X/MACsec options
# This determines how sessions are secured with MACsec (only for MACsec
# drivers).
# 0: MACsec not in use (default)
# 1: MACsec enabled - Should secure, accept key server's advice to
# determine whether to use a secure session or not.
...
...
but for whatever reason when I try to set any of these parameters in /etc/hostapd/hostapd.conf, like macsec_policy=1, hostapd fails to start with an error.
The macsec kernel module is loaded:
root#machine:~# lsmod | grep macsec
macsec 49152 0
I'm using the latest hostapd (v2.10), how do I do configure MACSEC?
I've searched a ton online and seem some similar post insinuating that they were able to do it, like this one which even has excerpts from his config file.
What I don't understand though is that this post is a year old, and I'm using the latest hostapd, but it doesn't recognize some of those parameters when I try, for example:
eapol_version=3 gives:
Line 17: invalid EAPOL version (3): '3'.
1 errors found in configuration file '/etc/hostapd/hostapd.conf'
macsec_policy=1 gives:
Line 26: unknown configuration item 'macsec_policy'
1 errors found in configuration file '/etc/hostapd/hostapd.conf'
driver=macsec_linux gives:
Line 86: invalid/unknown driver 'macsec'
1 errors found in configuration file '/etc/hostapd/hostapd.conf'
I can't figure out why it doesn't recognize these options when there are other posts over a year old that seemed to do it just fine, hostapd has been at v2.10 since 2019 so this shouldn't be a version thing, right? What am I missing?

Related

Mosquitto Broker - Can still sign in with no credentials after allow_anonymous set to false

Following Steve Copes "How to install the Mosquitto Broker on Windows", I created a password.txt file and encrypted it using the mosquiito_passwd utility.
Then I edited the mosquitto.conf file by uncommenting allow_anonymous and setting to false, and uncommenting password_file and setting the path of my password.txt file (In the same folder as mosquitto.conf)
Using MQTT Explorer I am able to log into the broker using the credentials in my password.txt file, but I am also able to still log in leaving user and password blank.
I've seen similar questions being asked here, but I can't find any solutions that have worked, please point me in the right direction. I'am using mosquitto 2.0.14 x64 on Windows 10
Edit:
Only edit done to mosquitto.conf is uncommenting the lines as follows:
# acl_file
allow_anonymous false
# allow_zero_length_clientid
# auto_id_prefix
password_file C:\Users\'MyName'\mosquitto\password.txt
# plugin
# plugin_opt_*
# psk_file
Solution Found:
Adding 'listener 1883' before allow_anonymous false has got it working although I am unsure why that makes a difference.
Config file as follows:
# acl_file
listener 1883
allow_anonymous false
# allow_zero_length_clientid
# auto_id_prefix
password_file C:\Users\'MyName'\mosquitto\password.txt
# plugin
# plugin_opt_*
# psk_file

How to get a more relevant stacktrace (file name and line number) for hhvm fatal error?

I have a legacy hhvm restful api.
I made some changes to its code base and now my local server throws:
Syntax only allowed in Hack files (<?hh) or with -v
Eval.EnableHipHopSyntax=true
My current hhvm specific setting inside my php.ini is:
; hhvm specific
hhvm.log.level = Warning
hhvm.log.always_log_unhandled_exceptions = true
hhvm.log.runtime_error_reporting_level = 8191
hhvm.mysql.typed_results = false
date.timezone="Europe/Berlin"
hhvm.libxml.ext_entity_whitelist = file,http
I checked the log at
cat /var/log/hhvm/error.log
Yet it is empty.
I do not want to allow hack file syntax but I do want more relevant information on where the error is occurring.
I want to at least know in which file I created the error. Nice to have would be in which line and at which character position within that line occurs. The api is internal, so I do not mind to expose that information for now.
Right now I am going through the git diff, and that is not a very effective way of finding the offending code.
This won't expose the error to the server response but check your sandbox settings.
The error log may be in your hhvm sandbox, not inside the main hhvm folder:
/var/log/hhvm/sandbox/error.log
There you will find the relevant information with the error's context:
[Mon May 13 15:40:32 2019] [hphp] [25:7fe693fff700:413:000001] [] \nFatal error: Syntax only allowed in Hack files (<?hh) or with -v Eval.EnableHipHopSyntax=true in /var/www/service/src/Dreamlines/BookingService/Bundle/OperatorBundle/Soap/Call/CallBuilderFactory.php on line 177

sctp_core_destroy(): SCTP API not initialized in kamailio start

Hi I have installed Kamalio it start first time but when I stop and start it again it gives sctp_core_destroy(): SCTP API not initialized . I have already installed sctp module.
yyerror_at(): parse error in config file /etc/kamailio/kamailio.cfg
load_module(): could not find module <db_mysql> in </usr/lib/kamailio/modules>
[sctp_core.c:53]: sctp_core_destroy(): SCTP API not initialized
From the log it is obvious that you have successfully compiled & installed SCTP module, however it could NOT be initialized.
Note that is error could must often than not be as a result of other errors in your cfg file.
Few tips:
Can you run kamailio -c and to be sure there is NO error in your cfg.
Found error? use this command to monitor what the exact issue is. Run from a different terminal tail -fn200 /var/log/syslog
On the second terminal try restarting you Kamalio server sudo service kamalio restart
Revisit terminal 1 and look out for the first line with CRITICAL output like the one below CRITICAL: <core> [core/cfg.y:3413]: yyerror_at(): parse error in config file /usr/local/etc/kamailio/kamailio.cfg, line 366, column 41: syntax error
Line 366 mostly is the issue so visit that file at that line (366) to fix the proble
sudo nano +366 /usr/local/etc/kamailio/kamailio.cfg
Let me know if it helps

Apache Solr: Setting HTTP Response Headers From solrconfig.xml For CORS

Is it possible to setup the sending of a custom HTTP response header from within the solrconfig.xml file? I am thinking that it might be possible to add some configuration to the <requestDispatcher> section since it controls caching headers.
I am sure this is possible in the servlet container configuration (Jetty, Tomcat, etc.), but I would like to do this from within Solr's configuration files if at all possible.
If this makes any difference, I am attempting to set an Access-Control-Allow-Origin header for CORS AJAX requests from a different host.
You could use JSONP instead. See this link for an example
Solr and JSONP
The easiest way will be to write custom javax.servlet.Filter and add the Access-Control-Allow-Origin header there. For code which handles HTTP processing see org.apache.solr.servlet.SolrDispatchFilter class.
It IS the easiest way for you to proceed. If you look at the doFilter in SolrDispatchFilter - the only manipulation with HTTP Headers is to cache them and there's no place touching them in some way.
front solr with apache, and conf apache to send back the header. For example,
Header set X-Server-Name "abc0.com"
I found this helpful. You would need to add a couple of jetty jars and webdefault.xml change in order to enable CORS.
I am reproducing the text here:
In the example solr project when you start it up by calling the following line:
java -jar start
You are starting a Jetty server on your local machine that's going to serve the solr results. This server is not able to do CORS (Cross Origin Resource Sharing). Which means that if you tried to do an AJAX call from a webpage of a different origin than the server itself you would be denied a response.
To fix this you first need to get the apropriate jars to allow for cross-domain resource sharing.
I used the following jar:
http://repo1.maven.org/maven2/org/eclipse/jetty/jetty-servlets/8.1.10.v20130312/
But you may need to get the version that's right for your version of jetty:
http://repo1.maven.org/maven2/org/eclipse/jetty/jetty-servlets/
You can find out what version of Jetty you're running with your solr example by going:
java -jar start --version
and you'll see a dump as follows:
C:\Users\username\Desktop\solr-4.8.0\example>java -jar start.jar --version
Active Options: [default, *]
Version Information on 18 entries in the classpath.
Note: order presented here is how they would appear on the classpath.
changes to the OPTIONS=[option,option,...] command line option will be reflected he
re.
0: (dir) | ${jetty.home}\resources
1: 8.1.10.v20130312 | ${jetty.home}\lib\jetty-xml-8.1.10.v20130312.jar
2: 3.0.0.v201112011016 | ${jetty.home}\lib\servlet-api-3.0.jar
3: 8.1.10.v20130312 | ${jetty.home}\lib\jetty-http-8.1.10.v20130312.jar
4: 8.1.10.v20130312 | ${jetty.home}\lib\jetty-continuation-8.1.10.v20130312.jar
5: 8.1.10.v20130312 | ${jetty.home}\lib\jetty-server-8.1.10.v20130312.jar
6: 8.1.10.v20130312 | ${jetty.home}\lib\jetty-security-8.1.10.v20130312.jar
7: 8.1.10.v20130312 | ${jetty.home}\lib\jetty-servlet-8.1.10.v20130312.jar
8: 8.1.10.v20130312 | ${jetty.home}\lib\jetty-webapp-8.1.10.v20130312.jar
9: 8.1.10.v20130312 | ${jetty.home}\lib\jetty-deploy-8.1.10.v20130312.jar
10: 8.1.10.v20130312 | ${jetty.home}\lib\jetty-servlets-8.1.10.v20130312.jar
11: 1.7.6 | ${jetty.home}\lib\ext\jcl-over-slf4j-1.7.6.jar
12: 1.7.6 | ${jetty.home}\lib\ext\jul-to-slf4j-1.7.6.jar
13: 1.2.16 | ${jetty.home}\lib\ext\log4j-1.2.16.jar
14: 1.7.6 | ${jetty.home}\lib\ext\slf4j-api-1.7.6.jar
15: 1.7.6 | ${jetty.home}\lib\ext\slf4j-log4j12-1.7.6.jar
16: 8.1.10.v20130312 | ${jetty.home}\lib\jetty-util-8.1.10.v20130312.jar
17: 8.1.10.v20130312 | ${jetty.home}\lib\jetty-io-8.1.10.v20130312.jar
Look for the line that says ${jetty.home}\lib\jetty-server (in the dump above it's line 5) and you should be able to see your version.
You'll also want to get the "jetty-util" for your jetty version too:
http://mvnrepository.com/artifact/org.mortbay.jetty/jetty-util
You should be able to find your version there. I used jetty-util-8.1.10.v20130312.jar for mine.
Now take both the servlet.jar and util.jar files that you downloaded and place it into the following folder:
solr-4.8.0\example\lib
For your version it may be different but you want it in the lib folder under the example directory.
Finally, to allow these changes to take affect, you want to open up solr-4.8.0\example\etc\webdefault.xml
and add the following lines before </web-app>:
<filter>
<filter-name>cross-origin</filter-name>
<filter-class>org.eclipse.jetty.servlets.CrossOriginFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>cross-origin</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
Now restart your server and you should have CORS enabled.
Notes:
If you start to get fancy and have multiple webapps running on the solr example jetty server then this will effect all those web apps. Be aware that you have set the url patter to recognize any domain which is dangerous for a production set up. This is for local testing only.
Also I did try to change the web.xml file in the webapps folder so that these changes would remain local but after hours of trying to get it to go, I gave up and found that putting it in the global webdefault worked.

After porting some php and web app related files from my friend's windows computer to my mac I'm getting some errors

This is for a facebook app being run on heroku, but heroku is probably not the issue. The issue is either some kind of cache related thing, os porting, or I'm thinking it might be a carriage return issue.
In any case I'm getting a couple errors at the top and bottom respectively:
Warning: Unknown:
Warning: session_start(): open(C:\ProgramData\Jcx.Software\VS.Php\2.10.6970.0\temp/sess_i4ood4poc11ebsgth000g1nm74, O_RDWR) failed: No such file or directory (2) in /app/www/sdk/src/facebook.php on line 37
Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at /app/www/sdk/src/facebook.php:37) in /app/www/sdk/src/facebook.php on line 37
open(C:\ProgramData\Jcx.Software\VS.Php\2.10.6970.0\temp/sess_i4ood4poc11ebsgth000g1nm74, O_RDWR) failed: No such file or directory (2) in Unknown on line 0 Warning: Unknown: Failed to write session data (files). Please verify that the current setting of session.save_path is correct (C:\ProgramData\Jcx.Software\VS.Php\2.10.6970.0\temp) in Unknown on line 0
Essentially I have tried the whole "making sure session is at the top thing," but I don't have that session piece of code in any of the files. I have tried the whole making sure "?>" is on a new line as well to no effect.
update
I have discovered something called:
zend_extension_ts="C:\Program Files (x86)\Jcx.Software\VS.Php\2010\php 5.2\ext\php_xdebug.dll"
within a file called php.ini which even after I tried to get rid of didn't seem to change anything. So, I'm thinking this has something to do with some previous files that I pushed and then removed with extensions like puo, intellisense.cache, projphp, etc.
I don't know if those are auto-generated or not, but in any case according to my errors:
There is some session data in a file called temp. I have no file named temp.
zend_extension_ts supposedly gets referenced somewhere, but it isn't visible in my code.
I apparently need to resend session cache limiter again through session_start() which is not visible in my code.
Is not the session , I'm sure. But there is directory path included in your code but that directory does not exist! Just refactor that part of the code first!
As a tip you should use realpath() and check if path exist before attempting to use it.
Hope this helps!

Resources