Page 1 of 1

Enabling IDS renders ARM version unbootable, is it fixed?

Posted: August 7th, 2015, 12:36 am
by FiftyOneFifty
I've been looking for a firewall distro with an ARM port and found IPFire. I also wanted to enable an IDS, but this article http://chuckscoolreviews.blogspot.com/2 ... na-pi.html says enabling IDS renders IP-Fire unbootable because of a kernel panic. Before I purchase a Banana Pi router, can anyone confirm if ths issue has been reported and addressed?

Re: Enabling IDS renders ARM version unbootable, is it fixed?

Posted: October 18th, 2015, 8:26 pm
by seekator
IDS will not work with ARM. Problem still exist :'( , and it forced me to change software on Banana R1 (Lamobo) another.
It has something to do with kernel 3.14, but on openwrt it works.
https://bugzilla.ipfire.org/show_bug.cgi?id=10770#c16

Re: Enabling IDS renders ARM version unbootable, is it fixed?

Posted: October 19th, 2015, 1:46 pm
by Arne.F
It is a grsecurity related problem and we get no support for this. At the moment im thinking about removing grsecurity on arm kernels...

Also keep in mind that snort needs many system resources so it make not really sense to run it on small arm boards because many rules need much CPU Power and RAM.

Re: Enabling IDS renders ARM version unbootable, is it fixed?

Posted: October 21st, 2015, 7:25 am
by twilson
Hello Arne.F,
Arne.F wrote:Also keep in mind that snort needs many system resources so it make not really sense to run it on small arm boards because many rules need much CPU Power and RAM.
In my opinion, this depends on the ARM board you have in use, the number and complexity of the enabled rules and on how many interfaces snort is active.

Of course, running snort on a board with 256 MByte RAM is not that funny, but with 1 GB it works fine...

Best regards,
Timmothy Wilson

Re: Enabling IDS renders ARM version unbootable, is it fixed?

Posted: January 20th, 2016, 8:30 am
by Arne.F
On current nightly builds ids seems working now. http://nightly.ipfire.org/next/
It looks like the problem was a compiler bug because we have not changed kernel or snort, only updated gcc.

Re: Enabling IDS renders ARM version unbootable, is it fixed?

Posted: January 23rd, 2016, 12:21 pm
by twilson
Hello Arne.F,

thanks for yor reply. At the moment I have no testing system at hand, so I cannot check it out.

But indeed i am very happy about this being fixed (or will be fixed in the future).

Best regards,
Timmothy Wilson

Re: Enabling IDS renders ARM version unbootable, is it fixed?

Posted: March 24th, 2016, 2:50 pm
by twilson
Hello Arne,

I've just read the release notes of the new testing version (core 100). Since I am not sure if I understood right, does the following snippet indicate that snort was recompiled with a new gcc version?
Many programs and tools of the toolchain that is used have been updated. A new version of the GNU Compiler Collections offers more efficient code, stronger hardening and compatibility for C++11
GCC 4.9.3, binutils 2.24, bison 3.0.4, grep 2.22, m4 1.4.17, sed 4.2.2, xz 5.2.2
Best regards,
Timmothy Wilson

Re: Enabling IDS renders ARM version unbootable, is it fixed?

Posted: March 26th, 2016, 10:16 am
by MichaelTremer
Well, he sent you this information in the bug report earlier. You didn't test back then. We know that it is working now on some ARM machines, it could well be that it is not working everywhere. That's what we get when there is no feedback.

Re: Enabling IDS renders ARM version unbootable, is it fixed?

Posted: March 26th, 2016, 5:57 pm
by the-mk
Feedback: BananaPi Router (Lamobo R1) - installed Core 100, enabled SNORT (with emergingthreats.net) on RED and GREEN - works fine. During Reboot it takes ages until IPFire is available again (8-12 minutes), but it works. Reboot without SNORT enabled is much faster...