Enabling IDS renders ARM version unbootable, is it fixed?

Help on building IPFire & Feature Requests
Post Reply
FiftyOneFifty
Posts: 1
Joined: August 7th, 2015, 12:21 am

Enabling IDS renders ARM version unbootable, is it fixed?

Post by FiftyOneFifty » August 7th, 2015, 12:36 am

I've been looking for a firewall distro with an ARM port and found IPFire. I also wanted to enable an IDS, but this article http://chuckscoolreviews.blogspot.com/2 ... na-pi.html says enabling IDS renders IP-Fire unbootable because of a kernel panic. Before I purchase a Banana Pi router, can anyone confirm if ths issue has been reported and addressed?

seekator
Posts: 1
Joined: October 6th, 2015, 5:55 pm

Re: Enabling IDS renders ARM version unbootable, is it fixed?

Post by seekator » October 18th, 2015, 8:26 pm

IDS will not work with ARM. Problem still exist :'( , and it forced me to change software on Banana R1 (Lamobo) another.
It has something to do with kernel 3.14, but on openwrt it works.
https://bugzilla.ipfire.org/show_bug.cgi?id=10770#c16

User avatar
Arne.F
Core Developer
Core Developer
Posts: 7473
Joined: May 7th, 2006, 8:57 am
Location: BS <-> NDH
Contact:

Re: Enabling IDS renders ARM version unbootable, is it fixed?

Post by Arne.F » October 19th, 2015, 1:46 pm

It is a grsecurity related problem and we get no support for this. At the moment im thinking about removing grsecurity on arm kernels...

Also keep in mind that snort needs many system resources so it make not really sense to run it on small arm boards because many rules need much CPU Power and RAM.
Arne

Support the project on the IPFire whishlist!

Image

Image

Image
PS: I will not answer support questions via email and ignore IPFire related messages on my non IPFire.org mail addresses.

User avatar
twilson
Posts: 457
Joined: October 31st, 2014, 9:26 am
Location: Germany

Re: Enabling IDS renders ARM version unbootable, is it fixed?

Post by twilson » October 21st, 2015, 7:25 am

Hello Arne.F,
Arne.F wrote:Also keep in mind that snort needs many system resources so it make not really sense to run it on small arm boards because many rules need much CPU Power and RAM.
In my opinion, this depends on the ARM board you have in use, the number and complexity of the enabled rules and on how many interfaces snort is active.

Of course, running snort on a board with 256 MByte RAM is not that funny, but with 1 GB it works fine...

Best regards,
Timmothy Wilson

User avatar
Arne.F
Core Developer
Core Developer
Posts: 7473
Joined: May 7th, 2006, 8:57 am
Location: BS <-> NDH
Contact:

Re: Enabling IDS renders ARM version unbootable, is it fixed?

Post by Arne.F » January 20th, 2016, 8:30 am

On current nightly builds ids seems working now. http://nightly.ipfire.org/next/
It looks like the problem was a compiler bug because we have not changed kernel or snort, only updated gcc.
Arne

Support the project on the IPFire whishlist!

Image

Image

Image
PS: I will not answer support questions via email and ignore IPFire related messages on my non IPFire.org mail addresses.

User avatar
twilson
Posts: 457
Joined: October 31st, 2014, 9:26 am
Location: Germany

Re: Enabling IDS renders ARM version unbootable, is it fixed?

Post by twilson » January 23rd, 2016, 12:21 pm

Hello Arne.F,

thanks for yor reply. At the moment I have no testing system at hand, so I cannot check it out.

But indeed i am very happy about this being fixed (or will be fixed in the future).

Best regards,
Timmothy Wilson

User avatar
twilson
Posts: 457
Joined: October 31st, 2014, 9:26 am
Location: Germany

Re: Enabling IDS renders ARM version unbootable, is it fixed?

Post by twilson » March 24th, 2016, 2:50 pm

Hello Arne,

I've just read the release notes of the new testing version (core 100). Since I am not sure if I understood right, does the following snippet indicate that snort was recompiled with a new gcc version?
Many programs and tools of the toolchain that is used have been updated. A new version of the GNU Compiler Collections offers more efficient code, stronger hardening and compatibility for C++11
GCC 4.9.3, binutils 2.24, bison 3.0.4, grep 2.22, m4 1.4.17, sed 4.2.2, xz 5.2.2
Best regards,
Timmothy Wilson

User avatar
MichaelTremer
Core Developer
Core Developer
Posts: 5488
Joined: August 11th, 2005, 9:02 am

Re: Enabling IDS renders ARM version unbootable, is it fixed?

Post by MichaelTremer » March 26th, 2016, 10:16 am

Well, he sent you this information in the bug report earlier. You didn't test back then. We know that it is working now on some ARM machines, it could well be that it is not working everywhere. That's what we get when there is no feedback.

the-mk
Posts: 27
Joined: February 19th, 2016, 2:23 pm

Re: Enabling IDS renders ARM version unbootable, is it fixed?

Post by the-mk » March 26th, 2016, 5:57 pm

Feedback: BananaPi Router (Lamobo R1) - installed Core 100, enabled SNORT (with emergingthreats.net) on RED and GREEN - works fine. During Reboot it takes ages until IPFire is available again (8-12 minutes), but it works. Reboot without SNORT enabled is much faster...

Post Reply

Who is online

Users browsing this forum: Google [Bot] and 1 guest