Enabling IDS renders ARM version unbootable, is it fixed?

Help on building IPFire & Feature Requests
FiftyOneFifty
Posts: 1

Enabling IDS renders ARM version unbootable, is it fixed?

Postby FiftyOneFifty » August 7th, 2015, 12:36 am

I've been looking for a firewall distro with an ARM port and found IPFire. I also wanted to enable an IDS, but this article http://chuckscoolreviews.blogspot.com/2 ... na-pi.html says enabling IDS renders IP-Fire unbootable because of a kernel panic. Before I purchase a Banana Pi router, can anyone confirm if ths issue has been reported and addressed?

seekator
Posts: 1

Re: Enabling IDS renders ARM version unbootable, is it fixed?

Postby seekator » October 18th, 2015, 8:26 pm

IDS will not work with ARM. Problem still exist :'( , and it forced me to change software on Banana R1 (Lamobo) another.
It has something to do with kernel 3.14, but on openwrt it works.
https://bugzilla.ipfire.org/show_bug.cgi?id=10770#c16

User avatar
Arne.F
Core Developer
Core Developer
Posts: 7273
Location: BS <-> NDH
Contact:

Re: Enabling IDS renders ARM version unbootable, is it fixed?

Postby Arne.F » October 19th, 2015, 1:46 pm

It is a grsecurity related problem and we get no support for this. At the moment im thinking about removing grsecurity on arm kernels...

Also keep in mind that snort needs many system resources so it make not really sense to run it on small arm boards because many rules need much CPU Power and RAM.
Arne

Support the project on the IPFire whishlist!

Image

Image

Image
PS: I will not answer support questions via email and ignore IPFire related messages on my non IPFire.org mail addresses.

User avatar
twilson
Posts: 456
Location: Germany

Re: Enabling IDS renders ARM version unbootable, is it fixed?

Postby twilson » October 21st, 2015, 7:25 am

Hello Arne.F,
Arne.F wrote:Also keep in mind that snort needs many system resources so it make not really sense to run it on small arm boards because many rules need much CPU Power and RAM.


In my opinion, this depends on the ARM board you have in use, the number and complexity of the enabled rules and on how many interfaces snort is active.

Of course, running snort on a board with 256 MByte RAM is not that funny, but with 1 GB it works fine...

Best regards,
Timmothy Wilson

User avatar
Arne.F
Core Developer
Core Developer
Posts: 7273
Location: BS <-> NDH
Contact:

Re: Enabling IDS renders ARM version unbootable, is it fixed?

Postby Arne.F » January 20th, 2016, 8:30 am

On current nightly builds ids seems working now. http://nightly.ipfire.org/next/
It looks like the problem was a compiler bug because we have not changed kernel or snort, only updated gcc.
Arne

Support the project on the IPFire whishlist!

Image

Image

Image
PS: I will not answer support questions via email and ignore IPFire related messages on my non IPFire.org mail addresses.

User avatar
twilson
Posts: 456
Location: Germany

Re: Enabling IDS renders ARM version unbootable, is it fixed?

Postby twilson » January 23rd, 2016, 12:21 pm

Hello Arne.F,

thanks for yor reply. At the moment I have no testing system at hand, so I cannot check it out.

But indeed i am very happy about this being fixed (or will be fixed in the future).

Best regards,
Timmothy Wilson

User avatar
twilson
Posts: 456
Location: Germany

Re: Enabling IDS renders ARM version unbootable, is it fixed?

Postby twilson » March 24th, 2016, 2:50 pm

Hello Arne,

I've just read the release notes of the new testing version (core 100). Since I am not sure if I understood right, does the following snippet indicate that snort was recompiled with a new gcc version?

Many programs and tools of the toolchain that is used have been updated. A new version of the GNU Compiler Collections offers more efficient code, stronger hardening and compatibility for C++11
GCC 4.9.3, binutils 2.24, bison 3.0.4, grep 2.22, m4 1.4.17, sed 4.2.2, xz 5.2.2


Best regards,
Timmothy Wilson

User avatar
MichaelTremer
Core Developer
Core Developer
Posts: 5452

Re: Enabling IDS renders ARM version unbootable, is it fixed?

Postby MichaelTremer » March 26th, 2016, 10:16 am

Well, he sent you this information in the bug report earlier. You didn't test back then. We know that it is working now on some ARM machines, it could well be that it is not working everywhere. That's what we get when there is no feedback.

the-mk
Posts: 27

Re: Enabling IDS renders ARM version unbootable, is it fixed?

Postby the-mk » March 26th, 2016, 5:57 pm

Feedback: BananaPi Router (Lamobo R1) - installed Core 100, enabled SNORT (with emergingthreats.net) on RED and GREEN - works fine. During Reboot it takes ages until IPFire is available again (8-12 minutes), but it works. Reboot without SNORT enabled is much faster...


Return to “Development”



Who is online

Users browsing this forum: No registered users and 4 guests