Le blog de Jean David TECHER, un Réunionnais à Saint-Priest/Lyon

My WiFi Network

At home I have:

• Freeradius 3.0.20 + OpenLDAP: for authentification EAP-TTLS/PAP
• 1st Access Point:
  • Netgear R7000 (2.4GHz + 5GHz) based on dd-wrt
  • Security Mode: WPA2-EAP/WPA-EAP, WPA Algorithm: TKIP+CCMP(AES)
• 2nd Access Point:
  • Linksys WRT3200ACM (2.4GHz + 5GHz) based on dd-wrt
  • Security Mode: WPA2-Enterprise, WPA Algorithm: CCPMP-128(AES)

Issue with WRT3200ACM

Wifi connexions are dropped after 8h24. Googling on that I found this link. I was a bit curious about these two parameters dot11RSNAConfigPMKLifetime and dot11RSNAConfigPMKReauthThreshold

After googling once again in wpa_supplicant configuration file, we have these values and these comments

# Maximum lifetime for PMKSA in seconds; default 43200
#dot11RSNAConfigPMKLifetime=43200
# Threshold for reauthentication (percentage of PMK lifetime); default 70
#dot11RSNAConfigPMKReauthThreshold=70

• So we have 43200 x 70% = 43200 x 70 / 100 = 30240 seconds. Now we want to estimate its value in ?? hours ?? minutes
• Let's try to estimate this value in hours. To be more precise (1 hours = 3600 second) we have 30240 / 3600 = 8.4 hours.
• Lets' try to testimate the remaining 0.4 minutes of 1 hour. It is just a percentage of 1 hour. 40% of 1 hours are egal to ( 1 hour = 60minutes) => 60 x 40 /100 = 24 minutes.

That's it 8 hours 24 minutes = 30240 seconds

I have two laptops connected to this router. After 8h24, I got this error in logs

Rekeying PTK for STA 30:23:03:db:38:c2 but driver can't safely do tha

The problem is that

• On both laptops wpa_supplicant is managed through NetworkManager -- I am using Xubuntu 19.10 on both of them --.
• The parameter dot11RSNAConfigPMKLifetime is manageable if you used wpa_supplicant.conf. This is not the case here through Network Manager.

Workarounds

The only solution is to

• Laptop: modify wpa_supplicant by rebuilding it from sources and to modify its default value for dot11RSNAConfigPMKLifetime (43200) by setting it to a higher value for almost 24 hours
• Router: Add particulars parameters to hostapd through Web Interface that should help to fix this issue

Laptops: Rebuild wpa_supplicant setting a high default value for dot11RSNAConfigPMKLifetime

Let's start by modifying wpa_supplicant

cd /opt/Sources

# Download hostapd sources. It should contain wpa_supplicant sources
git clone git://w1.fi/srv/git/hostap.git
cd hostap/

# We will replace 43200 by 129600. 
# This way: If dot11RSNAConfigPMKLifetime = 129600 then our Wifi connection should up for  70% of 129600 seconds
# Duration for Wifi Connection = (129600 x 0.7) / 3600 = 25,2 hours
# This is more than enough for me!!!
# A simple loop using for is enough

for file in $(grep -lr 43200 .);do sed -i "s:43200:129600:g" $file;done

cd wpa_supplicant
# Write a config file that should support NetworkManager and na Access Point
cat << _EOF_ > .config
CONFIG_BACKEND=file
CONFIG_CTRL_IFACE=y
CONFIG_DEBUG_FILE=y
CONFIG_DEBUG_SYSLOG=y
CONFIG_DEBUG_SYSLOG_FACILITY=LOG_DAEMON
CONFIG_DRIVER_NL80211=y
CONFIG_DRIVER_WEXT=y
CONFIG_DRIVER_WIRED=y
CONFIG_EAP_GTC=y
CONFIG_EAP_LEAP=y
CONFIG_EAP_MD5=y
CONFIG_EAP_MSCHAPV2=y
CONFIG_EAP_OTP=y
CONFIG_EAP_PEAP=y
CONFIG_EAP_TLS=y
CONFIG_EAP_TTLS=y
CONFIG_IEEE8021X_EAPOL=y
CONFIG_IPV6=y
CONFIG_LIBNL32=y
CONFIG_PEERKEY=y
CONFIG_PKCS12=y
CONFIG_READLINE=y
CONFIG_SMARTCARD=y
CONFIG_WPS=y
CFLAGS += -I/usr/include/libnl3
CONFIG_CTRL_IFACE_DBUS=y
CONFIG_CTRL_IFACE_DBUS_NEW=y
CONFIG_CTRL_IFACE_DBUS_INTRO=y
_EOF_

# Build it and reduce its size using strip command
make BINDIR=/sbin LIBDIR=/lib -j$(nproc) 
strip wpa_supplicant

# * Stop the current original wpa_supplicant binary on the laptop if it is running
# * Make a backup file
# * Copy the new one into /sbin folder
pidof wpa_supplicant && kill -9 $(pidof wpa_supplicant)
cp /sbin/wpa_supplicant /sbin/wpa_supplicant_orig
cp wpa_supplicant /sbin

# Then reboot and test it

Then copy the new binary on the other laptop

Router: Add parameters for hostapd

On the routeur, through the Web interface,

• Go to "Wireless" Then "Wireless Security".
• In the form "Custom Config" add the following parameters

  tls_session_lifetime=86400
  eap_reauth_period=86400
  disable_pmksa_caching=0
  rsn_preauth=1

• Then "Save" and "Apply Settings". Reboot the router

To be honest I don't really kmow if these above parameters are really required but after many and many tries I kept it as-it-is. It works. That's all I want.

I am currently working on this branch. To do so

cgit clone git://git.postgresql.org/git/postgresql.git
cd postgresql
git branch -r
git checkout -b origin/REL9_6_STABLE

9.6.17 was released in February 2020. I was a bit curious about this commit before pushing it

commit 93745f1e019543fe7b742d0c5e971aad8d08fd56
Author: Thomas Munro 
Date:   Sat Feb 1 14:29:13 2020 +1300

    Fix memory leak on DSM slot exhaustion.
    
    If we attempt to create a DSM segment when no slots are available,
    we should return the memory to the operating system.  Previously
    we did that if the DSM_CREATE_NULL_IF_MAXSEGMENTS flag was
    passed in, but we didn't do it if an error was raised.  Repair.
    
    Back-patch to 9.4, where DSM segments arrived.
    
    Author: Thomas Munro
    Reviewed-by: Robert Haas
    Reported-by: Julian Backes
    Discussion: https://postgr.es/m/CA%2BhUKGKAAoEw-R4om0d2YM4eqT1eGEi6%3DQot-3ceDR-SLiWVDw%40mail.gmail.com

Using the link above then I got all details I want.

Conclusion: Back-ported to 9.4, 9.5, 9.6.

There is another tool called pg_squeeze but not tested for the moment

Documentation

Refer to https://reorg.github.io/pg_repack/

Build from sources

OpenSSL 1.1.x and Libmemcached are required only to build the package/extension from pg_repack not for execution usage.

# OpenSSL
wget https://github.com/openssl/openssl/archive/OpenSSL_1_1_1d.tar.gz -O - |tar xvzf  -  && cd openssl-OpenSSL_1_1_1d/
./config --prefix=/opt/pg_repack --openssldir=/opt/pg_repack  shared zlib
make -j$(nproc) && sudo make install

# Libmemcached
cd ..
wget --no-check-certificate "https://launchpad.net/libmemcached/1.0/1.0.18/+download/libmemcached-1.0.18.tar.gz"
tar xvzf libmemcached-1.0.18.tar.gz
cd libmemcached-1.0.18/
./configure --prefix=/opt/pg_repack
make -j$(nproc) && sudo make install

# Pg_repack
cd ..
wget https://github.com/reorg/pg_repack/archive/ver_1.4.5.tar.gz -O - | tar xvzf - && cd pg_repack-ver_1.4.5/
make LDFLAGS='-L/opt/pg_repack/lib/'
sudo chmod 777 -R /opt/PostgresPlus/9.6AS/as9.6/
make install

Saison	Date
Printemps	Vendredi 20 mars 2020 équinoxe à  04:49:36 (UTC +1)
Eté	Samedi 20 juin 2020 solstice à  23:43:40 (UTC +2)
Automne	Mardi 22 septembre 2020 équinoxe à  15:30:38 (UTC +2)
Hiver	Lundi 21 décembre 2020 solstice à  11:02:19 (UTC +1)

Source: https://kalendrier.ouest-france.fr/dates-changements-saisons-2020.html