[FIRMWARE] Itus Networks Shield Firmware Upgrade *WIP*

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
Locked 240 messages Options
12345 ... 12
Reply | Threaded
Open this post in threaded view
|

Re: [FIRMWARE] Itus Networks Shield Firmware Upgrade *WIP*

Roadrunnere42
Hi
Here's the code that Itus used to determine the switch position if that helps.

Putting only one image and then adjusting the the config files does make sense but i have to ask why didn't Itus do that?

I will send you the tgz files.

Roadrunnere42

######################################################################
###### Function To Determine Shields Operating Mode (All Modes) ######
######################################################################
determine_shield_mode () {
if [ `df -h | grep mmcblk* | awk '{ print substr( $0, 6, 14 ) }'` ]; then

disk_partition=`df -h | grep mmcblk* | awk '{ print substr( $0, 6, 14 ) }'`

if [ $disk_partition = mmcblk0p2 ]; then
shield_mode=Router
elif [ $disk_partition = mmcblk0p3 ]; then
shield_mode=Gateway
elif [ $disk_partition = mmcblk0p4 ]; then
shield_mode=Bridge
else
echo -e "Unable to Determine the Shields Operation Mode (Router, Bridge, Gateway) -- \e[31m**SCRIPT FAILED**\e[39m (determine_shield_mode)" >> $script_log_file
fi

else
echo -e "Unable to Determine the Shields Operation Mode (Router, Bridge, Gateway) -- \e[31m**SCRIPT FAILED**\e[39m (determine_shield_mode)" >> $script_log_file
fi
}

On Mon, 20 May 2019 at 20:06, Grommish [via Itus Networks Owners Forum] <[hidden email]> wrote:
Ok..  I need some feedback.  

First, I got the front "M" LED working, 3 colors, 3 modes.. Yay..
Second, I found a way to read the Mode switch position, which means I can read the switch, and set the LED.

Of course, this also means I can read the switch and load a given configuration once booted.

So the question is, should we continue to split the firmware into 3 image files?  I mean, the box has the rootfs that the Image itself gets loaded into at boot.

root@OpenWrt:/# df -h
Filesystem                Size      Used Available Use% Mounted on
rootfs                  460.0M     32.1M    427.9M   7% /
tmpfs                   474.6M     72.0K    474.5M   0% /tmp
tmpfs                   512.0K         0    512.0K   0% /dev
/dev/mmcblk1p1         1022.0M    497.4M    524.6M  49% /overlay
/dev/mmcblk1p4          820.6M    892.0K    777.3M   0% /overlay2

rootfs is the image file that is loaded, and is 460MB
mmcblk1p1 (where the images and uboot is stored) is 1GB in size
Each of the /extroot partitions are 820MB (x3)

Nothing in the image file survives a reboot, that is what the extroot is for.  But, the image and everything is can hold (like the plugins, apps, etc) can be HUGE and the configs, rules, etc are held in /extroot.

If I can read the front-panel switch and determine the "mode", couldn't we just put the config files for each mode side-by-side (or defined by a env variable set at boot) and just load the config files based on it?

Also, Road, can you re-send me those tgz files you made for me when you get a chance?  I had to blow up my Linux install before I moved them off :(  Good news is that most of the time I spent on the OpenWrt image was in figuring out how things work, so rebuilding what I lost (as far as progress) was easy.





If you reply to this email, your message will be added to the discussion below:
http://itus.accessinnov.com/FIRMWARE-Itus-Networks-Shield-Firmware-Upgrade-WIP-tp1726p1746.html
To start a new topic under Technical Discussion, email [hidden email]
To unsubscribe from Itus Networks Owners Forum, click here.
NAML
Reply | Threaded
Open this post in threaded view
|

Re: [FIRMWARE] Itus Networks Shield Firmware Upgrade *WIP*

Grommish
Administrator
The Itus script only sets the "mode" based on the mmcblk0p block that is loaded as the /extroot.  They went lazy about it, i guess.  I was going to use the GPIOs to determine the switch position
GPIO16=0 is Gateway
GPIO16=1 and GPIO17=1 is Router
GPIO16=1 and GPIO17=0 is Bridge

For the record, GPIO9/10/11=0 are the Front "M" LED (Orange/Green/Cyan)

You can see it yourself by scripting out the following (taken from my test image rc.local - it sets the LED on at the tail end to signify boot complete):


# Set the front LED to on to show boot finished
# Orange
gpio=9
echo $gpio > /sys/class/gpio/export
echo out > /sys/class/gpio/gpio$gpio/direction
echo 0 > /sys/class/gpio/gpio$gpio/value
echo $gpio > /sys/class/gpio/unexport


You can change the gpio= to 9/10/11 and run it



You might have to change the path as I've not tested it on the Itus image, just the OpenWrt one.  

Thanks for being wiling to resend it.. no rush on it, but I'd really like to keep a copy handy.  i already managed to lose the superblocks on ALL THREE of my mmcblk1pX blocks (silly me, i didn't realize Itus used ext3 and e2fs in addition to vfat for their stuff.  I never though to include those filesystems in the test image until it was to late.  Ah well.)  I managed to extract the restore/router.tar.gz from dev/mmcblk1p1 and reset the ItusrouterImage from the original restore/router.elf file.  So it will at least boot in router mode, even though I can't seem to get network running..
Running Itus Shield v2 Firmware
Reply | Threaded
Open this post in threaded view
|

Re: [FIRMWARE] Itus Networks Shield Firmware Upgrade *WIP*

Grommish
Administrator
Well, I took the next step and started from scratch on the OpenWrt image.  I hosed my external Linux SSD when I installed it and didn't install Grub on it, and it was being such a PITA to get it installed there, i just decided to take the chance to start over.

I'll put up an updated image later on and a fresh Changelog, but I added Snort.


root@OpenWrt:/# snort --version

   ,,_     -*> Snort! <*-
  o"  )~   Version 2.9.11.1 GRE (Build 268)
   ''''    By Martin Roesch & The Snort Team: http://www.snort.org/contact#team
           Copyright (C) 2014-2017 Cisco and/or its affiliates. All rights reserved.
           Copyright (C) 1998-2013 Sourcefire, Inc., et al.
           Using libpcap version 1.9.0-PRE-GIT (with TPACKET_V3)
           Using PCRE version: 8.43 2019-02-23
           Using ZLIB version: 1.2.11


It's the one that comes with OpenWrt, and i can look into updating it from source later i suppose (2.9.13.0 is the latest available).

the fantastic news is, with Snort running I saw NO LOSS in throughput!  I was seeing the same ~90MB/s down, 11.5MB/s up.  Now, I've not configured anything, and I _probably_ don't have any real rules loaded, but I was running the Snort log output to console and this is the tail end (lots of message)


=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

WARNING: No preprocessors configured for policy 0.
05/21-23:41:56.634975 10.10.10.200:48460 -> 8.43.72.42:443
TCP TTL:64 TOS:0x0 ID:63658 IpLen:20 DgmLen:40 DF
***A**** Seq: 0x4C6E558A  Ack: 0xD04A6497  Win: 0xFAF0  TcpLen: 20
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

WARNING: No preprocessors configured for policy 0.
05/21-23:41:56.634976 10.10.10.200:48384 -> 68.67.178.184:443
TCP TTL:64 TOS:0x0 ID:42618 IpLen:20 DgmLen:52 DF
***A**** Seq: 0xFF90B68  Ack: 0xB903D959  Win: 0x1F6  TcpLen: 32
TCP Options (3) => NOP NOP TS: 2859580113 1937562391
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

WARNING: No preprocessors configured for policy 0.
05/21-23:41:56.635165 10.10.10.200:48386 -> 68.67.178.184:443
TCP TTL:64 TOS:0x0 ID:24433 IpLen:20 DgmLen:569 DF
***AP*** Seq: 0x8C03F272  Ack: 0xDD89D3C6  Win: 0x1F6  TcpLen: 32
TCP Options (3) => NOP NOP TS: 2859580113 1937562391
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

05/21-23:41:56.635292 10.10.10.10:53 -> 10.10.10.200:[  478.132861] device br-lan left promiscuous mode
^C0 ID:42619 IpLen:20 DgmLen:569 DF
***AP*** Seq: 0xFF90B68  Ack: 0xB903D959  Win: 0x1F6  TcpLen: 32
TCP Options (3) => NOP NOP TS: 2859580116 1937562391
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

*** Caught Int-Signal
WARNING: No preprocessors configured for policy 0.
05/21-23:41:56.639159 8.43.72.42:443 -> 10.10.10.200:48464
TCP TTL:116 TOS:0x0 ID:11784 IpLen:20 DgmLen:48 DF
***A**S* Seq: 0x5ABB4B2B  Ack: 0x91CF8329  Win: 0xFAF0  TcpLen: 28
TCP Options (3) => MSS: 1460 SackOK EOL
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

===============================================================================
Run time for packet processing was 89.413442 seconds
Snort processed 2036 packets.
Snort ran for 0 days 0 hours 1 minutes 29 seconds
   Pkts/min:         2036
   Pkts/sec:           22
===============================================================================
Packet I/O Totals:
   Received:       214964
   Analyzed:         2036 (  0.947%)
    Dropped:       210362 ( 49.459%)
   Filtered:            0 (  0.000%)
Outstanding:       212928 ( 99.053%)
   Injected:            0
===============================================================================
Breakdown by protocol (includes rebuilt packets):
        Eth:         2036 (100.000%)
       VLAN:            0 (  0.000%)
        IP4:         2034 ( 99.902%)
       Frag:            0 (  0.000%)
       ICMP:            0 (  0.000%)
        UDP:          336 ( 16.503%)
        TCP:         1698 ( 83.399%)
        IP6:            0 (  0.000%)
    IP6 Ext:            0 (  0.000%)
   IP6 Opts:            0 (  0.000%)
      Frag6:            0 (  0.000%)
      ICMP6:            0 (  0.000%)
       UDP6:            0 (  0.000%)
       TCP6:            0 (  0.000%)
     Teredo:            0 (  0.000%)
    ICMP-IP:            0 (  0.000%)
    IP4/IP4:            0 (  0.000%)
    IP4/IP6:            0 (  0.000%)
    IP6/IP4:            0 (  0.000%)
    IP6/IP6:            0 (  0.000%)
        GRE:            0 (  0.000%)
    GRE Eth:            0 (  0.000%)
   GRE VLAN:            0 (  0.000%)
    GRE IP4:            0 (  0.000%)
    GRE IP6:            0 (  0.000%)
GRE IP6 Ext:            0 (  0.000%)
   GRE PPTP:            0 (  0.000%)
    GRE ARP:            0 (  0.000%)
    GRE IPX:            0 (  0.000%)
   GRE Loop:            0 (  0.000%)
       MPLS:            0 (  0.000%)
        ARP:            2 (  0.098%)
        IPX:            0 (  0.000%)
   Eth Loop:            0 (  0.000%)
   Eth Disc:            0 (  0.000%)
   IP4 Disc:            0 (  0.000%)
   IP6 Disc:            0 (  0.000%)
   TCP Disc:            0 (  0.000%)
   UDP Disc:            0 (  0.000%)
  ICMP Disc:            0 (  0.000%)
All Discard:            0 (  0.000%)
      Other:            0 (  0.000%)
Bad Chk Sum:          168 (  8.251%)
    Bad TTL:            0 (  0.000%)
     S5 G 1:            0 (  0.000%)
     S5 G 2:            0 (  0.000%)
      Total:         2036
===============================================================================
Snort exiting


This was while running the Speedtest on the Laptop attached through the Shield.

So, I'm really, really hoping someone with Snort experience can/will give me a shout on what to do next.  I've never used Snort, so I need guidance badly (otherwise this will take forever and probably end up badly).

I'm going to start on the next step to things, but it will end up breaking the existing Itus stuff completely.  In order to setup /extroot, I need to overwrite an existing /dev/mmcblk1pX mount.  I'm thinking about just removing the entire Gateway OEM setup and using that, since it never worked right to begin with and i highly doubt anyone is actually using it.  I'm also thinking about switching filesystems for it from ext3 to f2fs (Flash-Friendly File System) to help keep the destructive writes down..  I'll look into it at least and see if there actually is an advantage with it.
Running Itus Shield v2 Firmware
Reply | Threaded
Open this post in threaded view
|

Re: [FIRMWARE] Itus Networks Shield Firmware Upgrade *WIP*

Grommish
Administrator
This post was updated on .
In reply to this post by Grommish
For anyone who is decent with bash scripting, I'm trying to do the following, but it keeps returning empty in the init script.


CUR_FS=$(blkid /dev/mmcblk1p3 | awk -F= '{print $3}');
echo "[DEBUG] Shield is in ${SHIELD_MODE} Mode - Using /dev/${MNT_POINT} as ${CUR_FS}" > /dev/kmsg


When I run the command on the box in the shell itself, I get the following:


root@OpenWrt:/# $(blkid /dev/mmcblk1p3 | awk -F= '{print $3}');
/bin/ash: "f2fs": not found


"f2fs" is what it SHOULD report, so that's right (although any suggestions on stripping those double-quotes would be very helpful)

However, what appears in the kernel log:


[   34.828073] [DEBUG] Shield is in Gateway Mode - Using /dev/mmcblk1p3 as


Eventually, I'll be replacing the hardcoded mmcblk1p3 with another variable that's set by reading the GPIO settings.


GPIO=0
GPIO16=1
GPIO17=2

GPIO=16
echo $GPIO > /sys/class/gpio/export
echo in > /sys/class/gpio/gpio$GPIO/direction
GPIO16=$(cat /sys/class/gpio/gpio${GPIO}/value)
echo $GPIO > /sys/class/gpio/unexport

GPIO=17
echo $GPIO > /sys/class/gpio/export
echo in > /sys/class/gpio/gpio$GPIO/direction
GPIO17=$(cat /sys/class/gpio/gpio${GPIO}/value)
echo $GPIO > /sys/class/gpio/unexport

if [ $GPIO16 -eq 0 ]; then
   # Gateway Mode
   SHIELD_MODE="Gateway"
   MNT_POINT="mmcblk1p3"
else
   if [ $GPIO17 -eq 0 ]; then
      # Bridge Mode
      SHIELD_MODE="Bridge"
      MNT_POINT="mmcblk1p4"
   else
      # Router Mode
      SHIELD_MODE="Router"
      MNT_POINT="mmcblk1p2"
   fi
fi


This allows us to read the Front-switch state and load the config files as appropriate (and/or just load the appropriate mmcblk for the mode)

Getting there!  My next steps are to ensure the file system is correct (which is why I really need to get the awk command working), format the block if it isn't setup for f2fs, and copy a seed tgz package to the mount point to get things started.  This should let anyone who is coming from the stock Itus images to easily convert over.

Anyway, I know the couple people who are actually following this are away on travel or other things, but maybe they can spot the error I'm having.

Cheers!
Running Itus Shield v2 Firmware
Reply | Threaded
Open this post in threaded view
|

Re: [FIRMWARE] Itus Networks Shield Firmware Upgrade *WIP*

user8446
Administrator
This is Roadrunnere42's post... it was causing a redirect on the thread so I had to delete it....


Hi
I tried following what you said about running the new gatewayimage but i can't get it to work. I don't have a dev device called mmcblk01 in the dev folder, can you confirm the device name?

Roadrunnere42


mount /dev/mmcblk01 /overlay

then on your PC

scp ~/Downloads/ItusgatewayImage root@10.10.10.10:/overlay

As an alternative, I've loaded gkermit on the image so you could use minicom to console transfer.

Back to the Shield.  Switch the Front-switch to Gateway (Outer) mode

umount /overlay
reboot -f
LuCI - Lua Configuration Interface

On Sat, 25 May 2019 at 20:58, Grommish [via Itus Networks Owners Forum] <[hidden email]> wrote:
For anyone who is decent with bash scripting, I'm trying to do the following, but it keeps returning empty in the init script.


CUR_FS=$(blkid /dev/mmcblk1p3 | awk -F= '{print $3}');
echo "[DEBUG] Shield is in ${SHIELD_MODE} Mode - Using /dev/${MNT_POINT} as ${CUR_FS}" > /dev/kmsg

When I run the command on the box in the shell itself, I get the following:


root@OpenWrt:/# $(blkid /dev/mmcblk1p3 | awk -F= '{print $3}');
/bin/ash: "f2fs": not found

"f2fs" is what it SHOULD report, so that's right (although any suggestions on stripping those double-quotes would be very helpful)

However, what appears in the kernel log:


[   34.828073] [DEBUG] Shield is in Gateway Mode - Using /dev/mmcblk1p3 as

Eventually, I'll be replacing the hardcoded mmcblk1p3 with another variable that's set by reading the GPIO settings.


GPIO=0
GPIO16=1
GPIO17=2

GPIO=16
echo $GPIO > /sys/class/gpio/export
echo in > /sys/class/gpio/gpio$GPIO/direction
GPIO16=$(cat /sys/class/gpio/gpio${GPIO}/value)
echo $GPIO > /sys/class/gpio/unexport

GPIO=17
echo $GPIO > /sys/class/gpio/export
echo in > /sys/class/gpio/gpio$GPIO/direction
GPIO17=$(cat /sys/class/gpio/gpio${GPIO}/value)
echo $GPIO > /sys/class/gpio/unexport

if [ $GPIO16 -eq 0 ]; then
   # Gateway Mode
   SHIELD_MODE="Gateway"
   MNT_POINT="mmcblk1p3"
else
   if [ $GPIO17 -eq 0 ]; then
      # Bridge Mode
      SHIELD_MODE="Bridge"
      MNT_POINT="mmcblk1p4"
   else
      # Router Mode
      SHIELD_MODE="Router"
      MNT_POINT="mmcblk1p2"
   fi
fi

This allows us to read the Front-switch state and load the config files as appropriate (and/or just load the appropriate mmcblk for the mode)

Getting there!  My next steps are to ensure the file system is correct (which is why I really need to get the awk command working), format the block if it isn't setup for f2fs, and copy a seed tgz package to the mount point to get things started.  This should let anyone who is coming from the stock Itus images to easily convert over.

Anyway, I know the couple people who are actually following this are away on travel or other things, but maybe they can spot the error I'm having.

Cheers!
Running in bridge mode, 1.51 SP1 fw
Reply | Threaded
Open this post in threaded view
|

Re: [FIRMWARE] Itus Networks Shield Firmware Upgrade *WIP*

Grommish
Administrator
I've updated the original post and second post.

I'm at a stand-still at the moment because I can't get the block device (mmcblk) to mount any earlier than after init.  I can't figure out where in OpenWrt to change the default /init file.  Currently, the mmcblk isn't mounted or even available in /dev until AFTER /etc/rc.local finishes..  It is literally the last thing to come up.  Without being able to bring this up sooner means I have no way to set the rootfs_data and no changes to the filesystem will ever be saved.  I'm missing something and it's frustrating.

Anyone that can offer suggestions, I'd be more than happy to try them.
Running Itus Shield v2 Firmware
Reply | Threaded
Open this post in threaded view
|

Re: [FIRMWARE] Itus Networks Shield Firmware Upgrade *WIP*

Grommish
Administrator
Update 6/14/2019:

I finally got the blasted MMC block to mount!  I can finally start the real fun stuff. The good news is that the *core* image seems to be about finished and changes to the extroot survive reboots! *happy dance*.  Now i just have to get the image set for multi-boot.

Serious question time - I need to get info from anyone with an opinion on what to add.  Also, I'm going to start thinking on ways to make it user proof.  Updates to follow.

Also, for anything NOT kernel related, the posted image will work for tests.  It still isn't destructive, but that means nothing survives reboots.  There is way more setup I've got to do in the scripts to make it an all-in-one.

late_board_init ..
ITUS: SW1 3 Gateway (OUTER)  
Hit any key to stop autoboot:  0
mmc1(part 0) is current device
reading ItusgatewayImage
42393744 bytes read in 3628 ms (11.1 MiB/s)
argv[2]: mem=0
argv[3]: numcores=2
argv[4]: serial#=752011191521-36409
Allocating memory for ELF segment: addr: 0xffffffff81100000 (adjusted to: 0x1100000), size 0x39b6df0
## Loading big-endian Linux kernel with entry point: 0xffffffff81607720 ...
Bootloader: Done loading app on coremask: 0x3
Starting cores:
 0x3
[    0.000000] Linux version 4.14.123 (grommish@norwits) (gcc version 7.4.0 (OpenWrt GCC 7.4.0 r10050-df6e8c8771)) #0 SMP Mon Jun 3 15:00:29 2019
[    0.000000] Skipping L2 locking due to reduced L2 cache size
[    0.000000] CVMSEG size: 8 cache lines (1024 bytes)
[    0.000000] bootconsole [early0] enabled
[    0.000000] CPU0 revision is: 000d9602 (Cavium Octeon III)
[    0.000000] FPU revision is: 00739600
[    0.000000] Checking for the multiply/shift bug... no.
[    0.000000] Checking for the daddiu bug... no.
[    0.000000] Determined physical RAM map:
[    0.000000]  memory: 000000000a400000 @ 0000000004b00000 (usable)
[    0.000000]  memory: 0000000000c00000 @ 000000000f200000 (usable)
[    0.000000]  memory: 000000002f000000 @ 0000000020000000 (usable)
[    0.000000]  memory: 00000000039b6df0 @ 0000000001100000 (usable)
[    0.000000] Wasting 243712 bytes for tracking 4352 unused pages
[    0.000000] Initrd not found or empty - disabling initrd
[    0.000000] Using passed Device Tree.
[    0.000000] software IO TLB: mapped [mem 0x04b15000-0x04b55000] (0MB)
[    0.000000] Primary instruction cache 78kB, virtually tagged, 39 way, 16 sets, linesize 128 bytes.
[    0.000000] Primary data cache 32kB, 32-way, 8 sets, linesize 128 bytes.
[    0.000000] Zone ranges:
[    0.000000]   DMA32    [mem 0x0000000000000000-0x00000000efffffff]
[    0.000000]   Normal   empty
[    0.000000] Movable zone start for each node
[    0.000000] Early memory node ranges
[    0.000000]   node   0: [mem 0x0000000000000000-0x0000000004ab5fff]
[    0.000000]   node   0: [mem 0x0000000004b00000-0x000000000eefffff]
[    0.000000]   node   0: [mem 0x000000000f200000-0x000000000fdfffff]
[    0.000000]   node   0: [mem 0x0000000020000000-0x000000004effffff]
[    0.000000] Initmem setup node 0 [mem 0x0000000000000000-0x000000004effffff]
[    0.000000] random: get_random_bytes called from start_kernel+0x94/0x4fc with crng_init=0
[    0.000000] percpu: Embedded 19 pages/cpu s39600 r8192 d30032 u77824
[    0.000000] Built 1 zonelists, mobility grouping on.  Total pages: 253184
[    0.000000] Kernel command line:  bootoctlinux 0x20000000 numcores=2 serial#=752011191521-36409 console=ttyS0,115200
[    0.000000] PID hash table entries: 4096 (order: 3, 32768 bytes)
[    0.000000] Dentry cache hash table entries: 131072 (order: 8, 1048576 bytes)
[    0.000000] Inode-cache hash table entries: 65536 (order: 7, 524288 bytes)
[    0.000000] Memory: 933848K/1026776K available (5177K kernel code, 322K rwdata, 1284K rodata, 35636K init, 16667K bss, 92928K reserved, 0K cma-)
[    0.000000] SLUB: HWalign=128, Order=0-3, MinObjects=0, CPUs=2, Nodes=1
[    0.000000] Hierarchical RCU implementation.
[    0.000000]  CONFIG_RCU_FANOUT set to non-default value of 32
[    0.000000]  RCU restricting CPUs from NR_CPUS=16 to nr_cpu_ids=2.
[    0.000000] RCU: Adjusting geometry for rcu_fanout_leaf=16, nr_cpu_ids=2
[    0.000000] NR_IRQS: 127
[    0.000000] CIB interrupt controller probed: 800107000000e000 23
[    0.000000] CIB interrupt controller probed: 800107000000e200 12
[    0.000000] CIB interrupt controller probed: 800107000000e400 6
[    0.000000] CIB interrupt controller probed: 800107000000ec00 15
[    0.000000] CIB interrupt controller probed: 800107000000e600 4
[    0.000000] CIB interrupt controller probed: 800107000000e800 11
[    0.000000] CIB interrupt controller probed: 800107000000e900 11
[   22.984276] clocksource: OCTEON_CVMCOUNT: mask: 0xffffffffffffffff max_cycles: 0x1cd42e4dffb, max_idle_ns: 881590591483 ns
[   22.995332] Calibrating delay loop (skipped) preset value.. 2000.00 BogoMIPS (lpj=1000000)
[   23.003582] pid_max: default: 32768 minimum: 301
[   23.008241] Mount-cache hash table entries: 2048 (order: 2, 16384 bytes)
[   23.014865] Mountpoint-cache hash table entries: 2048 (order: 2, 16384 bytes)
[   23.022408] Checking for the daddi bug... no.
[   23.027053] Hierarchical SRCU implementation.
[   23.031597] smp: Bringing up secondary CPUs ...
[   23.036235] SMP: Booting CPU01 (CoreId  1)...
[   23.040543] CPU1 revision is: 000d9602 (Cavium Octeon III)
[   23.040547] FPU revision is: 00739600
[   23.040656] smp: Brought up 1 node, 2 CPUs
[   23.056119] clocksource: jiffies: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 1911260446275000 ns
[   23.065737] futex hash table entries: 512 (order: 4, 65536 bytes)
[   23.072105] NET: Registered protocol family 16
[   23.081144] PCIe: Initializing port 0
[   23.087886] PCIe: BIST2 FAILED for port 0 (0x0000000000000003)
[   23.190950] random: fast init done
[   25.093580] PCIe: Link timeout on port 0, probably the slot is empty
[   25.099881] PCIe: Initializing port 1
[   25.106752] PCIe: BIST FAILED for port 1 (0xffffffffffffffff)
[   27.117421] PCIe: Link timeout on port 1, probably the slot is empty
[   27.129761] SCSI subsystem initialized
[   27.133559] usbcore: registered new interface driver usbfs
[   27.138951] usbcore: registered new interface driver hub
[   27.144251] usbcore: registered new device driver usb
[   27.149381] PCI host bridge to bus 0000:00
[   27.153331] pci_bus 0000:00: root bus resource [mem 0x1000000000000]
[   27.159665] pci_bus 0000:00: root bus resource [io  0x0000]
[   27.165229] pci_bus 0000:00: root bus resource [??? 0x00000000 flags 0x0]
[   27.172011] pci_bus 0000:00: No busn resource found for root bus, will use [bus 00-ff]
[   27.181117] clocksource: Switched to clocksource OCTEON_CVMCOUNT
[   27.187552] NET: Registered protocol family 2
[   27.192173] TCP established hash table entries: 8192 (order: 4, 65536 bytes)
[   27.199161] TCP bind hash table entries: 8192 (order: 6, 262144 bytes)
[   27.205740] TCP: Hash tables configured (established 8192 bind 8192)
[   27.212012] UDP hash table entries: 512 (order: 3, 49152 bytes)
[   27.217885] UDP-Lite hash table entries: 512 (order: 3, 49152 bytes)
[   27.224344] NET: Registered protocol family 1
[   27.419414] Crashlog allocated RAM at address 0x3f00000
[   27.425083] workingset: timestamp_bits=62 max_order=18 bucket_order=0
[   27.435292] squashfs: version 4.0 (2009/01/31) Phillip Lougher
[   27.441165] jffs2: version 2.2 (NAND) (SUMMARY) (LZMA) (RTIME) (CMODE_PRIORITY) (c) 2001-2006 Red Hat, Inc.
[   27.452529] io scheduler noop registered
[   27.456329] io scheduler deadline registered (default)
[   27.461836] octeon_gpio 1070000000800.gpio-controller: OCTEON GPIO driver probed.
[   27.469389] Serial: 8250/16550 driver, 2 ports, IRQ sharing disabled
[   27.476038] console [ttyS0] disabled
[   27.479496] 1180000000800.serial: ttyS0 at MMIO 0x1180000000800 (irq = 44, base_baud = 37500000) is a OCTEON
[   27.489297] console [ttyS0] enabled
[   27.489297] console [ttyS0] enabled
[   27.496241] bootconsole [early0] disabled
[   27.496241] bootconsole [early0] disabled
[   27.504521] 1180000000c00.serial: ttyS1 at MMIO 0x1180000000c00 (irq = 45, base_baud = 37500000) is a OCTEON
[   27.514632] octeon_rng octeon_rng: Octeon Random Number Generator
[   27.520915] cacheinfo: Failed to find cpu0 device node
[   27.526081] cacheinfo: Unable to detect cache hierarchy for CPU 0
[   27.534875] loop: module loaded
[   27.538528] libphy: mdio_octeon: probed
[   27.542419] [Firmware Warn]: /soc@0/mdio@1180000001800/ethernet-phy@0: Whitelisted compatible string. Please remove
[   27.559325] irq: :soc@0:gpio-controller@1070000000800 didn't like hwirq-0x7 to VIRQ48 mapping (rc=-22)
[   27.568779] [Firmware Warn]: /soc@0/mdio@1180000001800/ethernet-phy@1: Whitelisted compatible string. Please remove
[   27.584964] irq: :soc@0:gpio-controller@1070000000800 didn't like hwirq-0x7 to VIRQ48 mapping (rc=-22)
[   27.594417] [Firmware Warn]: /soc@0/mdio@1180000001800/ethernet-phy@2: Whitelisted compatible string. Please remove
[   27.610500] irq: :soc@0:gpio-controller@1070000000800 didn't like hwirq-0x7 to VIRQ48 mapping (rc=-22)
[   27.619957] [Firmware Warn]: /soc@0/mdio@1180000001800/ethernet-phy@3: Whitelisted compatible string. Please remove
[   27.636196] irq: :soc@0:gpio-controller@1070000000800 didn't like hwirq-0x7 to VIRQ48 mapping (rc=-22)
[   27.645640] mdio_octeon 1180000001800.mdio: Probed
[   27.650667] libphy: Fixed MDIO Bus: probed
[   27.654869] ehci_hcd: USB 2.0 'Enhanced' Host Controller (EHCI) Driver
[   27.661419] ehci-pci: EHCI PCI platform driver
[   27.665911] ehci-platform: EHCI generic platform driver
[   27.671234] ohci_hcd: USB 1.1 'Open' Host Controller (OHCI) Driver
[   27.677451] ohci-platform: OHCI generic platform driver
[   27.682818] usbcore: registered new interface driver usb-storage
[   27.688878] octeon_wdt: Initial granularity 5 Sec
[   27.694008] sdhci: Secure Digital Host Controller Interface driver
[   27.700226] sdhci: Copyright(c) Pierre Ossman
[   28.591240] usbcore: registered new interface driver ushc
[   28.598059] Interface 0 has 4 ports (SGMII)
[   28.602302] Interface 1 has 4 ports (SGMII)
[   28.607055] Interface 3 has 4 ports (LOOP)
[   28.617372] NET: Registered protocol family 10
[   28.623732] Segment Routing with IPv6
[   28.627484] NET: Registered protocol family 17
[   28.631977] 8021q: 802.1Q VLAN Support v1.8
[   28.636908] OF: fdt: not creating '/sys/firmware/fdt': CRC check failed
[   28.658689] Freeing unused kernel memory: 35636K
[   28.663336] This architecture does not have kernel memory protection.
Waiting for extroot dev : /dev/mmcblk1p3 : 0
[   29.827134] random: crng init done
Waiting for extroot dev : /dev/mmcblk1p3 : 1
Waiting for extroot dev : /dev/mmcblk1p3 : 2
Waiting for extroot dev : /dev/mmcblk1p3 : 3
Waiting for extroot dev : /dev/mmcblk1p3 : 4
Waiting for extroot dev : /dev/mmcblk1p3 : 5
Waiting for extroot dev : /dev/mmcblk1p3 : 6
Waiting for extroot dev : /dev/mmcblk1p3 : 7
Waiting for extroot dev : /dev/mmcblk1p3 : 8
Waiting for extroot dev : /dev/mmcblk1p3 : 9
Waiting for extroot dev : /dev/mmcblk1p3 : 10
Waiting for extroot dev : /dev/mmcblk1p3 : 11
Waiting for extroot dev : /dev/mmcblk1p3 : 12
Waiting for extroot dev : /dev/mmcblk1p3 : 13
Waiting for extroot dev : /dev/mmcblk1p3 : 14
Waiting for extroot dev : /dev/mmcblk1p3 : 15
Waiting for extroot dev : /dev/mmcblk1p3 : 16
Waiting for extroot dev : /dev/mmcblk1p3 : 17
[   47.352102] mmc1: new DDR MMC card at address 0001
[   47.357243] mmcblk1: mmc1:0001 P1XXXX 3.60 GiB
[   47.361917] mmcblk1boot0: mmc1:0001 P1XXXX partition 1 2.00 MiB
[   47.367969] mmcblk1boot1: mmc1:0001 P1XXXX partition 2 2.00 MiB
[   47.374019] mmcblk1rpmb: mmc1:0001 P1XXXX partition 3 128 KiB
[   47.380517]  mmcblk1: p1 p2 p3 p4
Waiting for extroot dev : /dev/mmcblk1p3 : 18
Found /sys/block/mmcblk1/mmcblk1p3 : 19
Creating /dev/mmcblk1p3
Mounting /dev/mmcblk1p3 on /extroot
[   47.747670] F2FS-fs (mmcblk1p3): Found nat_bits in checkpoint
[   47.773481] F2FS-fs (mmcblk1p3): Mounted with checkpoint version = 4ea2e7e4
Found /extroot/init
[   47.964327] init: Console is alive
[   47.967885] init: - watchdog -
[   48.069062] kmodloader: loading kernel modules from /etc/modules-boot.d/*
[   48.088967] kmodloader: done loading kernel modules from /etc/modules-boot.d/*
[   48.102357] init: - preinit -
[   48.282050] IPv6: ADDRCONF(NETDEV_UP): eth0: link is not ready
Press the [f] key and hit [enter] to enter failsafe mode
Press the [1], [2], [3] or [4] key and hit [enter] to select the debug level
[   51.352574] mount_root: mounting /dev/root
[   51.367973] urandom-seed: Seeding with /etc/urandom.seed
[   51.397469] procd: - early -
[   51.400434] procd: - watchdog -
[   51.928849] procd: - watchdog -
[   51.932227] procd: - ubus -
[   51.986490] procd: - init -
Please press Enter to activate this console.
[   52.224548] kmodloader: loading kernel modules from /etc/modules.d/*
[   52.234762] ip6_tables: (C) 2000-2006 Netfilter Core Team
[   52.243608] ip_tables: (C) 2000-2006 Netfilter Core Team
[   52.252137] nf_conntrack version 0.5.0 (7680 buckets, 30720 max)
[   52.272003] usbcore: registered new interface driver ums-alauda
[   52.278366] usbcore: registered new interface driver ums-cypress
[   52.284827] usbcore: registered new interface driver ums-datafab
[   52.291271] usbcore: registered new interface driver ums-freecom
[   52.297810] usbcore: registered new interface driver ums-isd200
[   52.304234] usbcore: registered new interface driver ums-jumpshot
[   52.310776] usbcore: registered new interface driver ums-karma
[   52.317183] usbcore: registered new interface driver ums-sddr09
[   52.323597] usbcore: registered new interface driver ums-sddr55
[   52.330023] usbcore: registered new interface driver ums-usbat
[   52.341431] xt_time: kernel timezone is -0000
[   52.349471] PPP generic driver version 2.4.2
[   52.354461] NET: Registered protocol family 24
[   52.360341] kmodloader: done loading kernel modules from /etc/modules.d/*
[   53.695552] [DEBUG] Shield is in Gateway Mode - Using /dev/mmcblk1p3 as f2fs
[   53.706272] [TODO] Mount /extroot is empty! Populate it with stuff!
[   53.712805] [DEBUG] TEST TEST TEST!
[   54.948490] br-lan: port 1(eth1) entered blocking state
[   54.953769] br-lan: port 1(eth1) entered disabled state
[   54.959239] device eth1 entered promiscuous mode
[   54.972510] br-lan: port 1(eth1) entered blocking state
[   54.977773] br-lan: port 1(eth1) entered forwarding state
[   54.983313] IPv6: ADDRCONF(NETDEV_UP): br-lan: link is not ready
[   54.995106] br-lan: port 2(eth2) entered blocking state
[   55.000400] br-lan: port 2(eth2) entered disabled state
[   55.005866] device eth2 entered promiscuous mode
[   55.010617] br-lan: port 2(eth2) entered blocking state
[   55.015878] br-lan: port 2(eth2) entered forwarding state
[   55.046608] IPv6: ADDRCONF(NETDEV_UP): eth0: link is not ready
[   55.966448] br-lan: port 1(eth1) entered disabled state
[   55.971920] IPv6: ADDRCONF(NETDEV_CHANGE): br-lan: link becomes ready
[   55.979559] br-lan: port 2(eth2) entered disabled state
[   58.088296] eth2: 1000 Mbps Full duplex, port 2, queue 2
[   58.093654] br-lan: port 2(eth2) entered blocking state
[   58.098903] br-lan: port 2(eth2) entered forwarding state
[   58.151300] eth0: 1000 Mbps Full duplex, port 0, queue 0
[   58.156651] IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready



BusyBox v1.30.1 () built-in shell (ash)

  _______                     ________        __
 |       |.-----.-----.-----.|  |  |  |.----.|  |_
 |   -   ||  _  |  -__|     ||  |  |  ||   _||   _|
 |_______||   __|_____|__|__||________||__|  |____|
          |__| W I R E L E S S   F R E E D O M
 -----------------------------------------------------
 OpenWrt SNAPSHOT, r10127-3209f5ae3d
 -----------------------------------------------------
=== WARNING! =====================================
There is no root password defined on this device!
Use the "passwd" command to set up a new password
in order to prevent unauthorized SSH logins.
--------------------------------------------------
root@OpenWrt:/#
Running Itus Shield v2 Firmware
Reply | Threaded
Open this post in threaded view
|

Re: [FIRMWARE] Itus Networks Shield Firmware Upgrade *WIP*

Roadrunnere42
Great work Grommish, you must be spending sometime on this project.
On the question of things to add I would say intrusion prevention (snort or equivalent) this was one of the advantages of using the shields cpu, Web Filters, vpn,  not sure if it's possible to have traffic management not qos but speed throttling seen it on tomato firmware routers, you just select the ip address and assign a download speed, not sure if this is part of openwrt or not.
keep up the great work.

Roadrunnere42

On Sat, 15 Jun 2019 at 03:12, Grommish [via Itus Networks Owners Forum] <[hidden email]> wrote:
Update 6/14/2019:

I finally got the blasted MMC block to mount!  I can finally start the real fun stuff. The good news is that the *core* image seems to be about finished and changes to the extroot survive reboots! *happy dance*.  Now i just have to get the image set for multi-boot.

Serious question time - I need to get info from anyone with an opinion on what to add.  Also, I'm going to start thinking on ways to make it user proof.  Updates to follow.

Also, for anything NOT kernel related, the posted image will work for tests.  It still isn't destructive, but that means nothing survives reboots.  There is way more setup I've got to do in the scripts to make it an all-in-one.

late_board_init ..
ITUS: SW1 3 Gateway (OUTER)  
Hit any key to stop autoboot:  0
mmc1(part 0) is current device
reading ItusgatewayImage
42393744 bytes read in 3628 ms (11.1 MiB/s)
argv[2]: mem=0
argv[3]: numcores=2
argv[4]: serial#=752011191521-36409
Allocating memory for ELF segment: addr: 0xffffffff81100000 (adjusted to: 0x1100000), size 0x39b6df0
## Loading big-endian Linux kernel with entry point: 0xffffffff81607720 ...
Bootloader: Done loading app on coremask: 0x3
Starting cores:
 0x3
[    0.000000] Linux version 4.14.123 (grommish@norwits) (gcc version 7.4.0 (OpenWrt GCC 7.4.0 r10050-df6e8c8771)) #0 SMP Mon Jun 3 15:00:29 2019
[    0.000000] Skipping L2 locking due to reduced L2 cache size
[    0.000000] CVMSEG size: 8 cache lines (1024 bytes)
[    0.000000] bootconsole [early0] enabled
[    0.000000] CPU0 revision is: 000d9602 (Cavium Octeon III)
[    0.000000] FPU revision is: 00739600
[    0.000000] Checking for the multiply/shift bug... no.
[    0.000000] Checking for the daddiu bug... no.
[    0.000000] Determined physical RAM map:
[    0.000000]  memory: 000000000a400000 @ 0000000004b00000 (usable)
[    0.000000]  memory: 0000000000c00000 @ 000000000f200000 (usable)
[    0.000000]  memory: 000000002f000000 @ 0000000020000000 (usable)
[    0.000000]  memory: 00000000039b6df0 @ 0000000001100000 (usable)
[    0.000000] Wasting 243712 bytes for tracking 4352 unused pages
[    0.000000] Initrd not found or empty - disabling initrd
[    0.000000] Using passed Device Tree.
[    0.000000] software IO TLB: mapped [mem 0x04b15000-0x04b55000] (0MB)
[    0.000000] Primary instruction cache 78kB, virtually tagged, 39 way, 16 sets, linesize 128 bytes.
[    0.000000] Primary data cache 32kB, 32-way, 8 sets, linesize 128 bytes.
[    0.000000] Zone ranges:
[    0.000000]   DMA32    [mem 0x0000000000000000-0x00000000efffffff]
[    0.000000]   Normal   empty
[    0.000000] Movable zone start for each node
[    0.000000] Early memory node ranges
[    0.000000]   node   0: [mem 0x0000000000000000-0x0000000004ab5fff]
[    0.000000]   node   0: [mem 0x0000000004b00000-0x000000000eefffff]
[    0.000000]   node   0: [mem 0x000000000f200000-0x000000000fdfffff]
[    0.000000]   node   0: [mem 0x0000000020000000-0x000000004effffff]
[    0.000000] Initmem setup node 0 [mem 0x0000000000000000-0x000000004effffff]
[    0.000000] random: get_random_bytes called from start_kernel+0x94/0x4fc with crng_init=0
[    0.000000] percpu: Embedded 19 pages/cpu s39600 r8192 d30032 u77824
[    0.000000] Built 1 zonelists, mobility grouping on.  Total pages: 253184
[    0.000000] Kernel command line:  bootoctlinux 0x20000000 numcores=2 serial#=752011191521-36409 console=ttyS0,115200
[    0.000000] PID hash table entries: 4096 (order: 3, 32768 bytes)
[    0.000000] Dentry cache hash table entries: 131072 (order: 8, 1048576 bytes)
[    0.000000] Inode-cache hash table entries: 65536 (order: 7, 524288 bytes)
[    0.000000] Memory: 933848K/1026776K available (5177K kernel code, 322K rwdata, 1284K rodata, 35636K init, 16667K bss, 92928K reserved, 0K cma-)
[    0.000000] SLUB: HWalign=128, Order=0-3, MinObjects=0, CPUs=2, Nodes=1
[    0.000000] Hierarchical RCU implementation.
[    0.000000]  CONFIG_RCU_FANOUT set to non-default value of 32
[    0.000000]  RCU restricting CPUs from NR_CPUS=16 to nr_cpu_ids=2.
[    0.000000] RCU: Adjusting geometry for rcu_fanout_leaf=16, nr_cpu_ids=2
[    0.000000] NR_IRQS: 127
[    0.000000] CIB interrupt controller probed: 800107000000e000 23
[    0.000000] CIB interrupt controller probed: 800107000000e200 12
[    0.000000] CIB interrupt controller probed: 800107000000e400 6
[    0.000000] CIB interrupt controller probed: 800107000000ec00 15
[    0.000000] CIB interrupt controller probed: 800107000000e600 4
[    0.000000] CIB interrupt controller probed: 800107000000e800 11
[    0.000000] CIB interrupt controller probed: 800107000000e900 11
[   22.984276] clocksource: OCTEON_CVMCOUNT: mask: 0xffffffffffffffff max_cycles: 0x1cd42e4dffb, max_idle_ns: 881590591483 ns
[   22.995332] Calibrating delay loop (skipped) preset value.. 2000.00 BogoMIPS (lpj=1000000)
[   23.003582] pid_max: default: 32768 minimum: 301
[   23.008241] Mount-cache hash table entries: 2048 (order: 2, 16384 bytes)
[   23.014865] Mountpoint-cache hash table entries: 2048 (order: 2, 16384 bytes)
[   23.022408] Checking for the daddi bug... no.
[   23.027053] Hierarchical SRCU implementation.
[   23.031597] smp: Bringing up secondary CPUs ...
[   23.036235] SMP: Booting CPU01 (CoreId  1)...
[   23.040543] CPU1 revision is: 000d9602 (Cavium Octeon III)
[   23.040547] FPU revision is: 00739600
[   23.040656] smp: Brought up 1 node, 2 CPUs
[   23.056119] clocksource: jiffies: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 1911260446275000 ns
[   23.065737] futex hash table entries: 512 (order: 4, 65536 bytes)
[   23.072105] NET: Registered protocol family 16
[   23.081144] PCIe: Initializing port 0
[   23.087886] PCIe: BIST2 FAILED for port 0 (0x0000000000000003)
[   23.190950] random: fast init done
[   25.093580] PCIe: Link timeout on port 0, probably the slot is empty
[   25.099881] PCIe: Initializing port 1
[   25.106752] PCIe: BIST FAILED for port 1 (0xffffffffffffffff)
[   27.117421] PCIe: Link timeout on port 1, probably the slot is empty
[   27.129761] SCSI subsystem initialized
[   27.133559] usbcore: registered new interface driver usbfs
[   27.138951] usbcore: registered new interface driver hub
[   27.144251] usbcore: registered new device driver usb
[   27.149381] PCI host bridge to bus 0000:00
[   27.153331] pci_bus 0000:00: root bus resource [mem 0x1000000000000]
[   27.159665] pci_bus 0000:00: root bus resource [io  0x0000]
[   27.165229] pci_bus 0000:00: root bus resource [??? 0x00000000 flags 0x0]
[   27.172011] pci_bus 0000:00: No busn resource found for root bus, will use [bus 00-ff]
[   27.181117] clocksource: Switched to clocksource OCTEON_CVMCOUNT
[   27.187552] NET: Registered protocol family 2
[   27.192173] TCP established hash table entries: 8192 (order: 4, 65536 bytes)
[   27.199161] TCP bind hash table entries: 8192 (order: 6, 262144 bytes)
[   27.205740] TCP: Hash tables configured (established 8192 bind 8192)
[   27.212012] UDP hash table entries: 512 (order: 3, 49152 bytes)
[   27.217885] UDP-Lite hash table entries: 512 (order: 3, 49152 bytes)
[   27.224344] NET: Registered protocol family 1
[   27.419414] Crashlog allocated RAM at address 0x3f00000
[   27.425083] workingset: timestamp_bits=62 max_order=18 bucket_order=0
[   27.435292] squashfs: version 4.0 (2009/01/31) Phillip Lougher
[   27.441165] jffs2: version 2.2 (NAND) (SUMMARY) (LZMA) (RTIME) (CMODE_PRIORITY) (c) 2001-2006 Red Hat, Inc.
[   27.452529] io scheduler noop registered
[   27.456329] io scheduler deadline registered (default)
[   27.461836] octeon_gpio 1070000000800.gpio-controller: OCTEON GPIO driver probed.
[   27.469389] Serial: 8250/16550 driver, 2 ports, IRQ sharing disabled
[   27.476038] console [ttyS0] disabled
[   27.479496] 1180000000800.serial: ttyS0 at MMIO 0x1180000000800 (irq = 44, base_baud = 37500000) is a OCTEON
[   27.489297] console [ttyS0] enabled
[   27.489297] console [ttyS0] enabled
[   27.496241] bootconsole [early0] disabled
[   27.496241] bootconsole [early0] disabled
[   27.504521] 1180000000c00.serial: ttyS1 at MMIO 0x1180000000c00 (irq = 45, base_baud = 37500000) is a OCTEON
[   27.514632] octeon_rng octeon_rng: Octeon Random Number Generator
[   27.520915] cacheinfo: Failed to find cpu0 device node
[   27.526081] cacheinfo: Unable to detect cache hierarchy for CPU 0
[   27.534875] loop: module loaded
[   27.538528] libphy: mdio_octeon: probed
[   27.542419] [Firmware Warn]: /soc@0/mdio@1180000001800/ethernet-phy@0: Whitelisted compatible string. Please remove
[   27.559325] irq: :soc@0:gpio-controller@1070000000800 didn't like hwirq-0x7 to VIRQ48 mapping (rc=-22)
[   27.568779] [Firmware Warn]: /soc@0/mdio@1180000001800/ethernet-phy@1: Whitelisted compatible string. Please remove
[   27.584964] irq: :soc@0:gpio-controller@1070000000800 didn't like hwirq-0x7 to VIRQ48 mapping (rc=-22)
[   27.594417] [Firmware Warn]: /soc@0/mdio@1180000001800/ethernet-phy@2: Whitelisted compatible string. Please remove
[   27.610500] irq: :soc@0:gpio-controller@1070000000800 didn't like hwirq-0x7 to VIRQ48 mapping (rc=-22)
[   27.619957] [Firmware Warn]: /soc@0/mdio@1180000001800/ethernet-phy@3: Whitelisted compatible string. Please remove
[   27.636196] irq: :soc@0:gpio-controller@1070000000800 didn't like hwirq-0x7 to VIRQ48 mapping (rc=-22)
[   27.645640] mdio_octeon 1180000001800.mdio: Probed
[   27.650667] libphy: Fixed MDIO Bus: probed
[   27.654869] ehci_hcd: USB 2.0 'Enhanced' Host Controller (EHCI) Driver
[   27.661419] ehci-pci: EHCI PCI platform driver
[   27.665911] ehci-platform: EHCI generic platform driver
[   27.671234] ohci_hcd: USB 1.1 'Open' Host Controller (OHCI) Driver
[   27.677451] ohci-platform: OHCI generic platform driver
[   27.682818] usbcore: registered new interface driver usb-storage
[   27.688878] octeon_wdt: Initial granularity 5 Sec
[   27.694008] sdhci: Secure Digital Host Controller Interface driver
[   27.700226] sdhci: Copyright(c) Pierre Ossman
[   28.591240] usbcore: registered new interface driver ushc
[   28.598059] Interface 0 has 4 ports (SGMII)
[   28.602302] Interface 1 has 4 ports (SGMII)
[   28.607055] Interface 3 has 4 ports (LOOP)
[   28.617372] NET: Registered protocol family 10
[   28.623732] Segment Routing with IPv6
[   28.627484] NET: Registered protocol family 17
[   28.631977] 8021q: 802.1Q VLAN Support v1.8
[   28.636908] OF: fdt: not creating '/sys/firmware/fdt': CRC check failed
[   28.658689] Freeing unused kernel memory: 35636K
[   28.663336] This architecture does not have kernel memory protection.
Waiting for extroot dev : /dev/mmcblk1p3 : 0
[   29.827134] random: crng init done
Waiting for extroot dev : /dev/mmcblk1p3 : 1
Waiting for extroot dev : /dev/mmcblk1p3 : 2
Waiting for extroot dev : /dev/mmcblk1p3 : 3
Waiting for extroot dev : /dev/mmcblk1p3 : 4
Waiting for extroot dev : /dev/mmcblk1p3 : 5
Waiting for extroot dev : /dev/mmcblk1p3 : 6
Waiting for extroot dev : /dev/mmcblk1p3 : 7
Waiting for extroot dev : /dev/mmcblk1p3 : 8
Waiting for extroot dev : /dev/mmcblk1p3 : 9
Waiting for extroot dev : /dev/mmcblk1p3 : 10
Waiting for extroot dev : /dev/mmcblk1p3 : 11
Waiting for extroot dev : /dev/mmcblk1p3 : 12
Waiting for extroot dev : /dev/mmcblk1p3 : 13
Waiting for extroot dev : /dev/mmcblk1p3 : 14
Waiting for extroot dev : /dev/mmcblk1p3 : 15
Waiting for extroot dev : /dev/mmcblk1p3 : 16
Waiting for extroot dev : /dev/mmcblk1p3 : 17
[   47.352102] mmc1: new DDR MMC card at address 0001
[   47.357243] mmcblk1: mmc1:0001 P1XXXX 3.60 GiB
[   47.361917] mmcblk1boot0: mmc1:0001 P1XXXX partition 1 2.00 MiB
[   47.367969] mmcblk1boot1: mmc1:0001 P1XXXX partition 2 2.00 MiB
[   47.374019] mmcblk1rpmb: mmc1:0001 P1XXXX partition 3 128 KiB
[   47.380517]  mmcblk1: p1 p2 p3 p4
Waiting for extroot dev : /dev/mmcblk1p3 : 18
Found /sys/block/mmcblk1/mmcblk1p3 : 19
Creating /dev/mmcblk1p3
Mounting /dev/mmcblk1p3 on /extroot
[   47.747670] F2FS-fs (mmcblk1p3): Found nat_bits in checkpoint
[   47.773481] F2FS-fs (mmcblk1p3): Mounted with checkpoint version = 4ea2e7e4
Found /extroot/init
[   47.964327] init: Console is alive
[   47.967885] init: - watchdog -
[   48.069062] kmodloader: loading kernel modules from /etc/modules-boot.d/*
[   48.088967] kmodloader: done loading kernel modules from /etc/modules-boot.d/*
[   48.102357] init: - preinit -
[   48.282050] IPv6: ADDRCONF(NETDEV_UP): eth0: link is not ready
Press the [f] key and hit [enter] to enter failsafe mode
Press the [1], [2], [3] or [4] key and hit [enter] to select the debug level
[   51.352574] mount_root: mounting /dev/root
[   51.367973] urandom-seed: Seeding with /etc/urandom.seed
[   51.397469] procd: - early -
[   51.400434] procd: - watchdog -
[   51.928849] procd: - watchdog -
[   51.932227] procd: - ubus -
[   51.986490] procd: - init -
Please press Enter to activate this console.
[   52.224548] kmodloader: loading kernel modules from /etc/modules.d/*
[   52.234762] ip6_tables: (C) 2000-2006 Netfilter Core Team
[   52.243608] ip_tables: (C) 2000-2006 Netfilter Core Team
[   52.252137] nf_conntrack version 0.5.0 (7680 buckets, 30720 max)
[   52.272003] usbcore: registered new interface driver ums-alauda
[   52.278366] usbcore: registered new interface driver ums-cypress
[   52.284827] usbcore: registered new interface driver ums-datafab
[   52.291271] usbcore: registered new interface driver ums-freecom
[   52.297810] usbcore: registered new interface driver ums-isd200
[   52.304234] usbcore: registered new interface driver ums-jumpshot
[   52.310776] usbcore: registered new interface driver ums-karma
[   52.317183] usbcore: registered new interface driver ums-sddr09
[   52.323597] usbcore: registered new interface driver ums-sddr55
[   52.330023] usbcore: registered new interface driver ums-usbat
[   52.341431] xt_time: kernel timezone is -0000
[   52.349471] PPP generic driver version 2.4.2
[   52.354461] NET: Registered protocol family 24
[   52.360341] kmodloader: done loading kernel modules from /etc/modules.d/*
[   53.695552] [DEBUG] Shield is in Gateway Mode - Using /dev/mmcblk1p3 as f2fs
[   53.706272] [TODO] Mount /extroot is empty! Populate it with stuff!
[   53.712805] [DEBUG] TEST TEST TEST!
[   54.948490] br-lan: port 1(eth1) entered blocking state
[   54.953769] br-lan: port 1(eth1) entered disabled state
[   54.959239] device eth1 entered promiscuous mode
[   54.972510] br-lan: port 1(eth1) entered blocking state
[   54.977773] br-lan: port 1(eth1) entered forwarding state
[   54.983313] IPv6: ADDRCONF(NETDEV_UP): br-lan: link is not ready
[   54.995106] br-lan: port 2(eth2) entered blocking state
[   55.000400] br-lan: port 2(eth2) entered disabled state
[   55.005866] device eth2 entered promiscuous mode
[   55.010617] br-lan: port 2(eth2) entered blocking state
[   55.015878] br-lan: port 2(eth2) entered forwarding state
[   55.046608] IPv6: ADDRCONF(NETDEV_UP): eth0: link is not ready
[   55.966448] br-lan: port 1(eth1) entered disabled state
[   55.971920] IPv6: ADDRCONF(NETDEV_CHANGE): br-lan: link becomes ready
[   55.979559] br-lan: port 2(eth2) entered disabled state
[   58.088296] eth2: 1000 Mbps Full duplex, port 2, queue 2
[   58.093654] br-lan: port 2(eth2) entered blocking state
[   58.098903] br-lan: port 2(eth2) entered forwarding state
[   58.151300] eth0: 1000 Mbps Full duplex, port 0, queue 0
[   58.156651] IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready



BusyBox v1.30.1 () built-in shell (ash)

  _______                     ________        __
 |       |.-----.-----.-----.|  |  |  |.----.|  |_
 |   -   ||  _  |  -__|     ||  |  |  ||   _||   _|
 |_______||   __|_____|__|__||________||__|  |____|
          |__| W I R E L E S S   F R E E D O M
 -----------------------------------------------------
 OpenWrt SNAPSHOT, r10127-3209f5ae3d
 -----------------------------------------------------
=== WARNING! =====================================
There is no root password defined on this device!
Use the "passwd" command to set up a new password
in order to prevent unauthorized SSH logins.
--------------------------------------------------
root@OpenWrt:/#



If you reply to this email, your message will be added to the discussion below:
http://itus.accessinnov.com/FIRMWARE-Itus-Networks-Shield-Firmware-Upgrade-WIP-tp1726p1758.html
To start a new topic under Technical Discussion, email [hidden email]
To unsubscribe from Itus Networks Owners Forum, click here.
NAML
Reply | Threaded
Open this post in threaded view
|

Re: [FIRMWARE] Itus Networks Shield Firmware Upgrade *WIP*

Grommish
Administrator
Snort is already loaded, but while it's called, I need to tweak the command line (--daq-dir /usr/lib/daq for instance).  Also, I've not really loaded any rulesets or baked in update scripts for the rules.  This is where I really, really could use assistance from folks like user8446 and the rest of the really smart folks to make this work well.

Anything I bake into the main image will be available in all three modes.  Differences can be handled down the line, like network setups, configurations, etc.

I've gotten full mode detection by the front switch (the system reads the front switch setting to figure out what mode it SHOULD be in during boot), and the system will do a half-assed initial setup on the mmcblk partition used by the mode (it copies the rootfs from the image to the block device and sets a /extroot/.gribbits text file to show it's been done).  I'm thinking of making "setup packages" to include with the image that are .tgz'd for a given mode (one for router.tgz, bridge,tgz, gateway.tgz) that self-contain any configuration settings and whatnot and just extracting them as an overlay to the extroot.  Anyone have any thoughts on it?  Or anyone have any suggestions on the best way to get what we want?  With the base about done, everything we do is on us and we aren't restrained by OpenWrt or the Itus images.  I am also thinking about trying to update uboot, since it's 5 years old, but I don't know if it's worth the hassle since its works.  It would allow a wider range of things, but, eh, maybe for down the line.

I should mention that full opkg support is already in the system, so people CAN add extras as they see fit (and will be saved now in the extroot).  I will look for the bandwidth throttle you were talking about, but if you find a name, let me know since it makes it easier.

As for non-standard OpenWrt packages, that's alright too, since I can just compile whatever from source to include it.  That shouldn't be an issue.

I find it comical that this image will probably never be seen by more than a dozen people, if that.  People got rid of their Shields or stopped using them.  Maybe once we get things settles, I can convince user8446 to see if there is a way to send out a site announcement email to the registered users inviting them to take a look.
Running Itus Shield v2 Firmware
Reply | Threaded
Open this post in threaded view
|

Re: [FIRMWARE] Itus Networks Shield Firmware Upgrade *WIP*

Grommish
Administrator
This post was updated on .
Worked through some Snort! config issues.  It should be noted that this is almost the stock configuration file, BUT I'm using the ENTIRE Emerging Threats rules (https://rules.emergingthreats.net/open/snort-2.9.0/emerging-all.rules) because it's only a single file and was easy to wget.  Not sure this would be the best solution long term, but i figure it should be alright for testing.

I did not see a decrease in speed or latency times (see below), and the system load is reading 0.00, 0.10, 0.14 - which is fantastic considering.

root@OpenWrt:/etc/snort/rules# free
              total        used        free      shared  buff/cache   available
Mem:         969484      386808      516044          84       66632      545644
Swap:             0           0           0



root@OpenWrt:/etc/snort/rules# snort -v -c /etc/snort/snort.conf --daq-dir /usr/
lib/daq &
root@OpenWrt:/etc/snort/rules# Running in IDS mode

        --== Initializing Snort ==--
Initializing Output Plugins!
Initializing Preprocessors!
Initializing Plug-ins!
Parsing Rules file "/etc/snort/snort.conf"
PortVar 'HTTP_PORTS' defined :  [ 80:81 311 383 591 593 901 1220 1414 1741 1830 2301 2381 2809 3037 3128 3702 4343 4848 5250 6988 7000:7001 7144:7]
PortVar 'SHELLCODE_PORTS' defined :  [ 0:79 81:65535 ]
PortVar 'ORACLE_PORTS' defined :  [ 1024:65535 ]
PortVar 'SSH_PORTS' defined :  [ 22 ]
PortVar 'FTP_PORTS' defined :  [ 21 2100 3535 ]
PortVar 'SIP_PORTS' defined :  [ 5060:5061 5600 ]
PortVar 'FILE_DATA_PORTS' defined :  [ 80:81 110 143 311 383 591 593 901 1220 1414 1741 1830 2301 2381 2809 3037 3128 3702 4343 4848 5250 6988 700]
PortVar 'GTP_PORTS' defined :  [ 2123 2152 3386 ]
Detection:
   Search-Method = AC-Full-Q
    Split Any/Any group = enabled
    Search-Method-Optimizations = enabled
    Maximum pattern length = 20
Tagged Packet Limit: 256
Loading dynamic engine /usr/lib/snort_dynamicengine/libsf_engine.so... done
Loading all dynamic preprocessor libs from /usr/lib/snort_dynamicpreprocessor/...
  Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ssl_preproc.so... done
  Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ssh_preproc.so... done
  Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_smtp_preproc.so... done
  Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_sip_preproc.so... done
  Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_sdf_preproc.so... done
  Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_reputation_preproc.so... done
  Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_pop_preproc.so... done
  Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_modbus_preproc.so... done
  Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_imap_preproc.so... done
  Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_gtp_preproc.so... done
  Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ftptelnet_preproc.so... done
  Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_dns_preproc.so... done
  Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_dnp3_preproc.so... done
  Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_dce2_preproc.so... done
  Finished Loading all dynamic preprocessor libs from /usr/lib/snort_dynamicpreprocessor/
Log directory = /var/log/snort
WARNING: ip4 normalizations disabled because not inline.
WARNING: tcp normalizations disabled because not inline.
WARNING: icmp4 normalizations disabled because not inline.
WARNING: ip6 normalizations disabled because not inline.
WARNING: icmp6 normalizations disabled because not inline.
Frag3 global config:
    Max frags: 65536
    Fragment memory cap: 4194304 bytes
Frag3 engine config:
    Bound Address: default
    Target-based policy: WINDOWS
    Fragment timeout: 180 seconds
    Fragment min_ttl:   1
    Fragment Anomalies: Alert
    Overlap Limit:     10
    Min fragment Length:     100
      Max Expected Streams: 768
Stream global config:
    Track TCP sessions: ACTIVE
    Max TCP sessions: 262144
    TCP cache pruning timeout: 30 seconds
    TCP cache nominal timeout: 3600 seconds
    Memcap (for reassembly packet storage): 8388608
    Track UDP sessions: ACTIVE
    Max UDP sessions: 131072
    UDP cache pruning timeout: 30 seconds
    UDP cache nominal timeout: 180 seconds
    Track ICMP sessions: INACTIVE
    Track IP sessions: INACTIVE
    Log info if session memory consumption exceeds 1048576
    Send up to 2 active responses
    Wait at least 5 seconds between responses
    Protocol Aware Flushing: ACTIVE
        Maximum Flush Point: 16000
Stream TCP Policy config:
    Bound Address: default
    Reassembly Policy: WINDOWS
    Timeout: 180 seconds
    Limit on TCP Overlaps: 10
    Maximum number of bytes to queue per session: 1048576
    Maximum number of segs to queue per session: 2621
    Options:
        Require 3-Way Handshake: YES
        3-Way Handshake Timeout: 180
        Detect Anomalies: YES
    Reassembly Ports:
      21 client (Footprint)
      22 client (Footprint)
      23 client (Footprint)
      25 client (Footprint)
      42 client (Footprint)
      53 client (Footprint)
      79 client (Footprint)
      80 client (Footprint) server (Footprint)
      81 client (Footprint) server (Footprint)
      109 client (Footprint)
      110 client (Footprint)
      111 client (Footprint)
      113 client (Footprint)
      119 client (Footprint)
      135 client (Footprint)
      136 client (Footprint)
      137 client (Footprint)
      139 client (Footprint)
      143 client (Footprint)
      161 client (Footprint)
      additional ports configured but not printed.
Stream UDP Policy config:
    Timeout: 180 seconds
HttpInspect Config:
    GLOBAL CONFIG
      Detect Proxy Usage:       NO
      IIS Unicode Map Filename: /etc/snort/unicode.map
      IIS Unicode Map Codepage: 1252
      Memcap used for logging URI and Hostname: 150994944
      Max Gzip Memory: 838860
      Max Gzip Sessions: 1807
      Gzip Compress Depth: 65535
      Gzip Decompress Depth: 65535
    DEFAULT SERVER CONFIG:
      Server profile: All
      Ports (PAF): 80 81 311 383 591 593 901 1220 1414 1741 1830 2301 2381 2809 3037 3128 3702 4343 4848 5250 6988 7000 7001 7144 7145 7510 7777 7
      Server Flow Depth: 0
      Client Flow Depth: 0
      Max Chunk Length: 500000
      Small Chunk Length Evasion: chunk size <= 10, threshold >= 5 times
      Max Header Field Length: 750
      Max Number Header Fields: 100
      Max Number of WhiteSpaces allowed with header folding: 200
      Inspect Pipeline Requests: YES
      URI Discovery Strict Mode: NO
      Allow Proxy Usage: NO
      Disable Alerting: NO
      Oversize Dir Length: 500
      Only inspect URI: NO
      Normalize HTTP Headers: NO
      Inspect HTTP Cookies: YES
      Inspect HTTP Responses: YES
      Extract Gzip from responses: YES
      Decompress response files:  
      Unlimited decompression of gzip data from responses: YES
      Normalize Javascripts in HTTP Responses: YES
      Max Number of WhiteSpaces allowed with Javascript Obfuscation in HTTP responses: 200
      Normalize HTTP Cookies: NO
      Enable XFF and True Client IP: NO
      Log HTTP URI data: NO
      Log HTTP Hostname data: NO
      Extended ASCII code support in URI: NO
      Ascii: YES alert: NO
      Double Decoding: YES alert: NO
      %U Encoding: YES alert: YES
      Bare Byte: YES alert: NO
      UTF 8: YES alert: NO
      IIS Unicode: YES alert: NO
      Multiple Slash: YES alert: NO
      IIS Backslash: YES alert: NO
      Directory Traversal: YES alert: NO
      Web Root Traversal: YES alert: NO
      Apache WhiteSpace: YES alert: NO
      IIS Delimiter: YES alert: NO
      IIS Unicode Map: GLOBAL IIS UNICODE MAP CONFIG
      Non-RFC Compliant Characters: 0x00 0x01 0x02 0x03 0x04 0x05 0x06 0x07
      Whitespace Characters: 0x09 0x0b 0x0c 0x0d
      Legacy mode: NO
rpc_decode arguments:
    Ports to decode RPC on: 111 32770 32771 32772 32773 32774 32775 32776 32777 32778 32779
    alert_fragments: INACTIVE
    alert_large_fragments: INACTIVE
    alert_incomplete: INACTIVE
    alert_multiple_requests: INACTIVE
FTPTelnet Config:
    GLOBAL CONFIG
      Memcap 0
      Inspection Type: stateful
      Check for Encrypted Traffic: YES alert: NO
      Continue to check encrypted data: YES
    TELNET CONFIG:
      Ports: 23
      Are You There Threshold: 20
      Normalize: YES
      Detect Anomalies: YES
    FTP CONFIG:
      FTP Server: default
        Ports (PAF): 21 2100 3535
        Check for Telnet Cmds: YES alert: YES
        Ignore Telnet Cmd Operations: YES alert: YES
        Ignore open data channels: NO
      FTP Client: default
        Check for Bounce Attacks: YES alert: YES
        Check for Telnet Cmds: YES alert: YES
        Ignore Telnet Cmd Operations: YES alert: YES
        Max Response Length: 256
SMTP Config:
    Ports: 25 465 587 691
    Inspection Type: Stateful
    Normalize: ATRN AUTH BDAT DATA DEBUG EHLO EMAL ESAM ESND ESOM ETRN EVFY EXPN HELO HELP IDENT MAIL NOOP ONEX QUEU QUIT RCPT RSET SAML SEND STAR
    Ignore Data: No
    Ignore TLS Data: No
    Ignore SMTP Alerts: No
    Max Command Line Length: 512
    Max auth Command Line Length: 1000
    Max Specific Command Line Length:
       ATRN:255 AUTH:246 BDAT:255 DATA:246 DEBUG:255
       EHLO:500 EMAL:255 ESAM:255 ESND:255 ESOM:255
       ETRN:246 EVFY:255 EXPN:255 HELO:500 HELP:500
       IDENT:255 MAIL:260 NOOP:255 ONEX:246 QUEU:246
       QUIT:246 RCPT:300 RSET:246 SAML:246 SEND:246
       SIZE:255 STARTTLS:246 SOML:246 TICK:246 TIME:246
       TURN:246 TURNME:246 VERB:246 VRFY:255 X-EXPS:246
       XADR:246 XAUTH:246 XCIR:246 XEXCH50:246 XGEN:246
       XLICENSE:246 X-LINK2STATE:246 XQUE:246 XSTA:246 XTRN:246
       XUSR:246
    Max Header Line Length: 1000
    Max Response Line Length: 512
    X-Link2State Alert: Yes
    Drop on X-Link2State Alert: No
    Alert on commands: None
    Alert on unknown commands: No
    SMTP Memcap: 838860
    MIME Max Mem: 838860
    Base64 Decoding: Enabled
    Base64 Decoding Depth: Unlimited
    Quoted-Printable Decoding: Enabled
    Quoted-Printable Decoding Depth: Unlimited
    Unix-to-Unix Decoding: Enabled
    Unix-to-Unix Decoding Depth: Unlimited
    Non-Encoded MIME attachment Extraction: Enabled
    Non-Encoded MIME attachment Extraction Depth: Unlimited
    Log Attachment filename: Enabled
    Log MAIL FROM Address: Enabled
    Log RCPT TO Addresses: Enabled
    Log Email Headers: Enabled
    Email Hdrs Log Depth: 1464
SSH config:
    Autodetection: ENABLED
    Challenge-Response Overflow Alert: ENABLED
    SSH1 CRC32 Alert: ENABLED
    Server Version String Overflow Alert: ENABLED
    Protocol Mismatch Alert: ENABLED
    Bad Message Direction Alert: DISABLED
    Bad Payload Size Alert: DISABLED
    Unrecognized Version Alert: DISABLED
    Max Encrypted Packets: 20  
    Max Server Version String Length: 100  
    MaxClientBytes: 19600 (Default)
    Ports:
        22
DCE/RPC 2 Preprocessor Configuration
  Global Configuration
    DCE/RPC Defragmentation: Enabled
    Memcap: 102400 KB
    Events: co
    SMB Fingerprint policy: Disabled
  Server Default Configuration
    Policy: WinXP
    Detect ports (PAF)
      SMB: 139 445
      TCP: 135
      UDP: 135
      RPC over HTTP server: 593
      RPC over HTTP proxy: None
    Autodetect ports (PAF)
      SMB: None
      TCP: 1025-65535
      UDP: 1025-65535
      RPC over HTTP server: 1025-65535
      RPC over HTTP proxy: None
    Invalid SMB shares: C$ D$ ADMIN$
    Maximum SMB command chaining: 3 commands
    SMB file inspection: Disabled
DNS config:
    DNS Client rdata txt Overflow Alert: ACTIVE
    Obsolete DNS RR Types Alert: INACTIVE
    Experimental DNS RR Types Alert: INACTIVE
    Ports: 53
SSLPP config:
    Encrypted packets: not inspected
    Ports:
      443      465      563      636      989
      992      993      994      995     7801
     7802     7900     7901     7902     7903
     7904     7905     7906     7907     7908
     7909     7910     7911     7912     7913
     7914     7915     7916     7917     7918
     7919     7920
    Server side data is trusted
    Maximum SSL Heartbeat length: 0
Sensitive Data preprocessor config:
    Global Alert Threshold: 25
    Masked Output: DISABLED
SIP config:
    Max number of sessions: 40000  
    Max number of dialogs in a session: 4 (Default)
    Status: ENABLED
    Ignore media channel: DISABLED
    Max URI length: 512  
    Max Call ID length: 80  
    Max Request name length: 20 (Default)
    Max From length: 256 (Default)
    Max To length: 256 (Default)
    Max Via length: 1024 (Default)
    Max Contact length: 512  
    Max Content length: 2048  
    Ports:
        5060    5061    5600
    Methods:
          invite cancel ack bye register options refer subscribe update join info message notify benotify do qauth sprack publish service unsubscrk
IMAP Config:
    Ports: 143
    IMAP Memcap: 838860
    MIME Max Mem: 838860
    Base64 Decoding: Enabled
    Base64 Decoding Depth: Unlimited
    Quoted-Printable Decoding: Enabled
    Quoted-Printable Decoding Depth: Unlimited
    Unix-to-Unix Decoding: Enabled
    Unix-to-Unix Decoding Depth: Unlimited
    Non-Encoded MIME attachment Extraction: Enabled
    Non-Encoded MIME attachment Extraction Depth: Unlimited
POP Config:
    Ports: 110
    POP Memcap: 838860
    MIME Max Mem: 838860
    Base64 Decoding: Enabled
    Base64 Decoding Depth: Unlimited
    Quoted-Printable Decoding: Enabled
    Quoted-Printable Decoding Depth: Unlimited
    Unix-to-Unix Decoding: Enabled
    Unix-to-Unix Decoding Depth: Unlimited
    Non-Encoded MIME attachment Extraction: Enabled
    Non-Encoded MIME attachment Extraction Depth: Unlimited
Modbus config:
    Ports:
        502
DNP3 config:
    Memcap: 262144
    Check Link-Layer CRCs: ENABLED
    Ports:
        20000
Reputation config:
WARNING: Can't find any whitelist/blacklist entries. Reputation Preprocessor disabled.

+++++++++++++++++++++++++++++++++++++++++++++++++++
Initializing rule chains...
WARNING: /etc/snort/./rules/emerging-all.rules(629) threshold (in rule) is deprecated; use detection_filter instead.

18443 Snort rules read
    18443 detection rules
    0 decoder rules
    0 preprocessor rules
18443 Option Chains linked into 489 Chain Headers
0 Dynamic rules
+++++++++++++++++++++++++++++++++++++++++++++++++++

+-------------------[Rule Port Counts]---------------------------------------
|             tcp     udp    icmp      ip
|     src    3118     117       0       0
|     dst   11314    2130       0       0
|     any    1646     114      65      26
|      nc      24       3       0       1
|     s+d      59      34       0       0
+----------------------------------------------------------------------------

+-----------------------[detection-filter-config]------------------------------
| memory-cap : 1048576 bytes
+-----------------------[detection-filter-rules]-------------------------------
-------------------------------------------------------------------------------

+-----------------------[rate-filter-config]-----------------------------------
| memory-cap : 1048576 bytes
+-----------------------[rate-filter-rules]------------------------------------
| none
-------------------------------------------------------------------------------

+-----------------------[event-filter-config]----------------------------------
| memory-cap : 1048576 bytes
+-----------------------[event-filter-global]----------------------------------
| none
+-----------------------[event-filter-local]-----------------------------------
| gen-id=1      sig-id=2008510    type=Limit     tracking=src count=2   seconds=300
| gen-id=1      sig-id=2008504    type=Limit     tracking=src count=2   seconds=300
| gen-id=1      sig-id=2020064    type=Limit     tracking=src count=1   seconds=60
| gen-id=1      sig-id=2008514    type=Limit     tracking=src count=2   seconds=300
| gen-id=1      sig-id=2006546    type=Both      tracking=src count=5   seconds=30
| gen-id=1      sig-id=2008513    type=Limit     tracking=src count=2   seconds=300
| gen-id=1      sig-id=2008512    type=Limit     tracking=src count=2   seconds=300
| gen-id=1      sig-id=2024265    type=Limit     tracking=dst count=3   seconds=60
| gen-id=1      sig-id=2002383    type=Threshold tracking=dst count=5   seconds=300
| gen-id=1      sig-id=2020069    type=Limit     tracking=src count=1   seconds=60
| gen-id=1      sig-id=2014703    type=Limit     tracking=dst count=1   seconds=120
| gen-id=1      sig-id=2014702    type=Limit     tracking=dst count=1   seconds=120
| gen-id=1      sig-id=2014701    type=Limit     tracking=dst count=1   seconds=120
| gen-id=1      sig-id=2002402    type=Limit     tracking=src count=1   seconds=360
| gen-id=1      sig-id=2002400    type=Limit     tracking=src count=2   seconds=360
| gen-id=1      sig-id=2008544    type=Limit     tracking=src count=2   seconds=300
| gen-id=1      sig-id=2008571    type=Threshold tracking=dst count=2   seconds=5  
| gen-id=1      sig-id=2008564    type=Limit     tracking=src count=2   seconds=300
| gen-id=1      sig-id=2008560    type=Threshold tracking=dst count=4   seconds=15
| gen-id=1      sig-id=2018208    type=Both      tracking=src count=100 seconds=300
| gen-id=1      sig-id=2024379    type=Limit     tracking=src count=1   seconds=60
| gen-id=1      sig-id=2012080    type=Both      tracking=dst count=1   seconds=300
| gen-id=1      sig-id=2016292    type=Both      tracking=src count=1   seconds=60
| gen-id=1      sig-id=2012079    type=Both      tracking=dst count=1   seconds=300
| gen-id=1      sig-id=2012078    type=Both      tracking=dst count=1   seconds=300
| gen-id=1      sig-id=2010142    type=Limit     tracking=dst count=10  seconds=600
| gen-id=1      sig-id=2010140    type=Limit     tracking=src count=1   seconds=120
| gen-id=1      sig-id=2010139    type=Limit     tracking=src count=10  seconds=600
| gen-id=1      sig-id=2018277    type=Both      tracking=src count=5   seconds=90
| gen-id=1      sig-id=2024416    type=Limit     tracking=src count=1   seconds=300
| gen-id=1      sig-id=2022477    type=Both      tracking=src count=9   seconds=60
| gen-id=1      sig-id=2010144    type=Limit     tracking=src count=1   seconds=120
| gen-id=1      sig-id=2018292    type=Limit     tracking=src count=2   seconds=300
| gen-id=1      sig-id=2012141    type=Both      tracking=dst count=1   seconds=60
| gen-id=1      sig-id=2024435    type=Both      tracking=src count=3   seconds=1  
| gen-id=1      sig-id=2018283    type=Threshold tracking=src count=3   seconds=60
| gen-id=1      sig-id=2024430    type=Both      tracking=src count=10  seconds=1  
| gen-id=1      sig-id=2020240    type=Limit     tracking=src count=1   seconds=180
| gen-id=1      sig-id=2024452    type=Limit     tracking=src count=1   seconds=30
| gen-id=1      sig-id=2026418    type=Both      tracking=src count=200 seconds=10
| gen-id=1      sig-id=2026415    type=Limit     tracking=src count=1   seconds=60
| gen-id=1      sig-id=2026414    type=Limit     tracking=src count=1   seconds=60
| gen-id=1      sig-id=2026413    type=Limit     tracking=src count=1   seconds=60
| gen-id=1      sig-id=2018316    type=Both      tracking=dst count=12  seconds=120
| gen-id=1      sig-id=2024464    type=Limit     tracking=src count=1   seconds=30
| gen-id=1      sig-id=2014141    type=Both      tracking=src count=5   seconds=60
| gen-id=1      sig-id=2014140    type=Both      tracking=src count=5   seconds=60
| gen-id=1      sig-id=2024497    type=Limit     tracking=src count=1   seconds=60
| gen-id=1      sig-id=2008343    type=Limit     tracking=src count=2   seconds=300
| gen-id=1      sig-id=2020306    type=Both      tracking=dst count=30  seconds=60
| gen-id=1      sig-id=2020305    type=Both      tracking=src count=30  seconds=60
| gen-id=1      sig-id=2014153    type=Both      tracking=src count=225 seconds=60
| gen-id=1      sig-id=2024511    type=Both      tracking=dst count=30  seconds=300
| gen-id=1      sig-id=2024504    type=Limit     tracking=src count=1   seconds=60
| gen-id=1      sig-id=2020323    type=Limit     tracking=src count=1   seconds=60
| gen-id=1      sig-id=2012204    type=Limit     tracking=src count=1   seconds=60
| gen-id=1      sig-id=2018382    type=Limit     tracking=dst count=1   seconds=120
| gen-id=1      sig-id=2026495    type=Limit     tracking=src count=1   seconds=30
| gen-id=1      sig-id=2018378    type=Limit     tracking=src count=1   seconds=120
| gen-id=1      sig-id=2026494    type=Limit     tracking=src count=1   seconds=30
| gen-id=1      sig-id=2018377    type=Limit     tracking=src count=1   seconds=120
| gen-id=1      sig-id=2018374    type=Limit     tracking=src count=1   seconds=120
| gen-id=1      sig-id=2008043    type=Limit     tracking=src count=2   seconds=300
| gen-id=1      sig-id=2018373    type=Limit     tracking=src count=1   seconds=120
| gen-id=1      sig-id=2018372    type=Limit     tracking=src count=1   seconds=120
| gen-id=1      sig-id=2020338    type=Limit     tracking=src count=1   seconds=60
| gen-id=1      sig-id=2018389    type=Limit     tracking=src count=1   seconds=120
| gen-id=1      sig-id=2018388    type=Limit     tracking=src count=1   seconds=120
| gen-id=1      sig-id=2018383    type=Limit     tracking=src count=1   seconds=120
| gen-id=1      sig-id=2008051    type=Limit     tracking=src count=2   seconds=360
| gen-id=1      sig-id=2008048    type=Limit     tracking=src count=2   seconds=300
| gen-id=1      sig-id=2100877    type=Limit     tracking=src count=1   seconds=300
| gen-id=1      sig-id=2018430    type=Limit     tracking=src count=1   seconds=300
| gen-id=1      sig-id=2024585    type=Both      tracking=src count=200 seconds=60
| gen-id=1      sig-id=2024584    type=Both      tracking=src count=100 seconds=60
| gen-id=1      sig-id=2018433    type=Limit     tracking=src count=1   seconds=300
| gen-id=1      sig-id=2018432    type=Limit     tracking=src count=1   seconds=300
| gen-id=1      sig-id=2018431    type=Limit     tracking=src count=1   seconds=300
| gen-id=1      sig-id=2018455    type=Limit     tracking=src count=1   seconds=60
| gen-id=1      sig-id=2012306    type=Limit     tracking=dst count=1   seconds=60
| gen-id=1      sig-id=2012305    type=Limit     tracking=src count=1   seconds=60
| gen-id=1      sig-id=2012304    type=Limit     tracking=src count=1   seconds=60
| gen-id=1      sig-id=2012303    type=Limit     tracking=src count=1   seconds=60
| gen-id=1      sig-id=2012297    type=Limit     tracking=src count=1   seconds=60
| gen-id=1      sig-id=2012296    type=Limit     tracking=src count=1   seconds=60
| gen-id=1      sig-id=2022679    type=Threshold tracking=src count=20  seconds=120
| gen-id=1      sig-id=2023883    type=Limit     tracking=src count=1   seconds=30
| gen-id=1      sig-id=2023882    type=Limit     tracking=src count=1   seconds=30
| gen-id=1      sig-id=2023901    type=Limit     tracking=src count=1   seconds=30
| gen-id=1      sig-id=2016571    type=Limit     tracking=src count=1   seconds=300
| gen-id=1      sig-id=2016570    type=Limit     tracking=src count=1   seconds=300
| gen-id=1      sig-id=2016569    type=Limit     tracking=src count=1   seconds=300
| gen-id=1      sig-id=2003622    type=Limit     tracking=src count=3   seconds=300
| gen-id=1      sig-id=2014002    type=Limit     tracking=src count=1   seconds=60
| gen-id=1      sig-id=2014020    type=Both      tracking=src count=5   seconds=60
| gen-id=1      sig-id=2003657    type=Limit     tracking=src count=2   seconds=300
| gen-id=1      sig-id=2020167    type=Both      tracking=src count=1   seconds=10
| gen-id=1      sig-id=2015986    type=Both      tracking=src count=100 seconds=1  
| gen-id=1      sig-id=2009833    type=Threshold tracking=dst count=2   seconds=30
| gen-id=1      sig-id=2015993    type=Both      tracking=dst count=10  seconds=1  
| gen-id=1      sig-id=2027155    type=Limit     tracking=src count=1   seconds=30
| gen-id=1      sig-id=2001796    type=Threshold tracking=src count=10  seconds=60
| gen-id=1      sig-id=2021018    type=Both      tracking=dst count=10  seconds=60
| gen-id=1      sig-id=2001809    type=Both      tracking=src count=1   seconds=360
| gen-id=1      sig-id=2014103    type=Both      tracking=src count=15  seconds=30
| gen-id=1      sig-id=2025221    type=Both      tracking=dst count=1   seconds=120
| gen-id=1      sig-id=2025253    type=Both      tracking=src count=2   seconds=60
| gen-id=1      sig-id=2027219    type=Limit     tracking=src count=1   seconds=180
| gen-id=1      sig-id=2019102    type=Both      tracking=src count=2   seconds=60
| gen-id=1      sig-id=2001858    type=Limit     tracking=src count=1   seconds=360
| gen-id=1      sig-id=2001855    type=Limit     tracking=src count=1   seconds=360
| gen-id=1      sig-id=2001872    type=Limit     tracking=src count=1   seconds=360
| gen-id=1      sig-id=2001864    type=Limit     tracking=src count=1   seconds=360
| gen-id=1      sig-id=2008797    type=Limit     tracking=src count=2   seconds=300
| gen-id=1      sig-id=2008795    type=Limit     tracking=src count=1   seconds=120
| gen-id=1      sig-id=2019177    type=Both      tracking=src count=1   seconds=30
| gen-id=1      sig-id=2001906    type=Both      tracking=src count=5   seconds=60
| gen-id=1      sig-id=2025321    type=Limit     tracking=src count=1   seconds=30
| gen-id=1      sig-id=2013017    type=Limit     tracking=src count=2   seconds=300
| gen-id=1      sig-id=2019166    type=Both      tracking=src count=5   seconds=300
| gen-id=1      sig-id=2025314    type=Limit     tracking=src count=2   seconds=300
| gen-id=1      sig-id=2013013    type=Both      tracking=src count=2   seconds=300
| gen-id=1      sig-id=2002677    type=Both      tracking=src count=5   seconds=60
| gen-id=1      sig-id=2013037    type=Limit     tracking=src count=1   seconds=3  
| gen-id=1      sig-id=2013036    type=Limit     tracking=src count=1   seconds=3  
| gen-id=1      sig-id=2025370    type=Limit     tracking=dst count=1   seconds=30
| gen-id=1      sig-id=2019211    type=Both      tracking=src count=1   seconds=60
| gen-id=1      sig-id=2025391    type=Both      tracking=src count=10  seconds=30
| gen-id=1      sig-id=2013059    type=Limit     tracking=src count=2   seconds=300
| gen-id=1      sig-id=2019230    type=Both      tracking=src count=50  seconds=10
| gen-id=1      sig-id=2011146    type=Limit     tracking=src count=1   seconds=60
| gen-id=1      sig-id=2022738    type=Limit     tracking=src count=1   seconds=600
| gen-id=1      sig-id=2024701    type=Limit     tracking=src count=1   seconds=30
| gen-id=1      sig-id=2022750    type=Limit     tracking=src count=1   seconds=60
| gen-id=1      sig-id=2022775    type=Limit     tracking=dst count=1   seconds=300
| gen-id=1      sig-id=2102924    type=Threshold tracking=dst count=10  seconds=60
| gen-id=1      sig-id=2102923    type=Threshold tracking=dst count=10  seconds=60
| gen-id=1      sig-id=2010494    type=Threshold tracking=src count=5   seconds=120
| gen-id=1      sig-id=2010513    type=Threshold tracking=src count=10  seconds=60
| gen-id=1      sig-id=2010508    type=Limit     tracking=src count=1   seconds=60
| gen-id=1      sig-id=2008584    type=Both      tracking=src count=1   seconds=300
| gen-id=1      sig-id=2008583    type=Both      tracking=src count=1   seconds=300
| gen-id=1      sig-id=2008582    type=Both      tracking=src count=1   seconds=300
| gen-id=1      sig-id=2008581    type=Both      tracking=src count=1   seconds=300
| gen-id=1      sig-id=2008579    type=Threshold tracking=dst count=20  seconds=15
| gen-id=1      sig-id=2008578    type=Limit     tracking=src count=1   seconds=10
| gen-id=1      sig-id=2014726    type=Limit     tracking=src count=1   seconds=60
| gen-id=1      sig-id=2008577    type=Threshold tracking=dst count=5   seconds=15
| gen-id=1      sig-id=2022842    type=Limit     tracking=src count=1   seconds=300
| gen-id=1      sig-id=2022883    type=Both      tracking=src count=5   seconds=30
| gen-id=1      sig-id=2008585    type=Both      tracking=src count=1   seconds=300
| gen-id=1      sig-id=2022882    type=Both      tracking=src count=5   seconds=30
| gen-id=1      sig-id=2008609    type=Threshold tracking=src count=3   seconds=10
| gen-id=1      sig-id=2022903    type=Limit     tracking=src count=1   seconds=600
| gen-id=1      sig-id=2022902    type=Limit     tracking=src count=1   seconds=600
| gen-id=1      sig-id=2008603    type=Limit     tracking=src count=2   seconds=300
| gen-id=1      sig-id=2022901    type=Limit     tracking=src count=1   seconds=600
| gen-id=1      sig-id=2014784    type=Limit     tracking=src count=1   seconds=300
| gen-id=1      sig-id=2022900    type=Limit     tracking=src count=1   seconds=600
| gen-id=1      sig-id=2014783    type=Limit     tracking=src count=1   seconds=300
| gen-id=1      sig-id=2014782    type=Limit     tracking=src count=1   seconds=300
| gen-id=1      sig-id=2014781    type=Limit     tracking=src count=1   seconds=300
| gen-id=1      sig-id=2014779    type=Limit     tracking=src count=1   seconds=300
| gen-id=1      sig-id=2004443    type=Limit     tracking=src count=2   seconds=300
| gen-id=1      sig-id=2008643    type=Limit     tracking=src count=2   seconds=300
| gen-id=1      sig-id=2014786    type=Limit     tracking=src count=1   seconds=300
| gen-id=1      sig-id=2008663    type=Limit     tracking=src count=2   seconds=300
| gen-id=1      sig-id=2008658    type=Limit     tracking=src count=2   seconds=300
| gen-id=1      sig-id=2008657    type=Limit     tracking=src count=2   seconds=300
| gen-id=1      sig-id=2024834    type=Limit     tracking=src count=1   seconds=30
| gen-id=1      sig-id=2014869    type=Limit     tracking=src count=1   seconds=300
| gen-id=1      sig-id=2008734    type=Limit     tracking=src count=2   seconds=300
| gen-id=1      sig-id=2024904    type=Limit     tracking=src count=1   seconds=30
| gen-id=1      sig-id=2018755    type=Both      tracking=src count=5   seconds=120
| gen-id=1      sig-id=2008756    type=Limit     tracking=src count=2   seconds=300
| gen-id=1      sig-id=2008749    type=Limit     tracking=src count=2   seconds=300
| gen-id=1      sig-id=2101991    type=Limit     tracking=src count=1   seconds=60
| gen-id=1      sig-id=2010643    type=Threshold tracking=src count=5   seconds=60
| gen-id=1      sig-id=2010642    type=Threshold tracking=src count=5   seconds=60
| gen-id=1      sig-id=2024930    type=Limit     tracking=src count=1   seconds=3600
| gen-id=1      sig-id=2024955    type=Limit     tracking=src count=1   seconds=30
| gen-id=1      sig-id=2012648    type=Limit     tracking=src count=1   seconds=3600
| gen-id=1      sig-id=2012647    type=Limit     tracking=src count=1   seconds=300
| gen-id=1      sig-id=2016872    type=Limit     tracking=src count=2   seconds=60
| gen-id=1      sig-id=2002664    type=Limit     tracking=src count=1   seconds=60
| gen-id=1      sig-id=2016871    type=Limit     tracking=src count=2   seconds=60
| gen-id=1      sig-id=2023019    type=Limit     tracking=src count=1   seconds=30
| gen-id=1      sig-id=2016870    type=Limit     tracking=src count=2   seconds=60
| gen-id=1      sig-id=2023016    type=Limit     tracking=src count=1   seconds=30
| gen-id=1      sig-id=2016867    type=Limit     tracking=src count=1   seconds=600
| gen-id=1      sig-id=2010715    type=Limit     tracking=src count=1   seconds=180
| gen-id=1      sig-id=2016879    type=Limit     tracking=src count=2   seconds=60
| gen-id=1      sig-id=2016878    type=Limit     tracking=src count=2   seconds=60
| gen-id=1      sig-id=2016877    type=Limit     tracking=src count=2   seconds=60
| gen-id=1      sig-id=2016876    type=Limit     tracking=src count=2   seconds=60
| gen-id=1      sig-id=2016875    type=Limit     tracking=src count=2   seconds=60
| gen-id=1      sig-id=2016874    type=Limit     tracking=src count=2   seconds=60
| gen-id=1      sig-id=2010725    type=Limit     tracking=src count=1   seconds=60
| gen-id=1      sig-id=2023054    type=Both      tracking=dst count=5   seconds=60
| gen-id=1      sig-id=2016873    type=Limit     tracking=src count=2   seconds=60
| gen-id=1      sig-id=2023053    type=Both      tracking=dst count=5   seconds=60
| gen-id=1      sig-id=2016898    type=Limit     tracking=src count=2   seconds=60
| gen-id=1      sig-id=2016897    type=Limit     tracking=src count=2   seconds=60
| gen-id=1      sig-id=2023066    type=Limit     tracking=src count=1   seconds=30
| gen-id=1      sig-id=2026508    type=Limit     tracking=src count=1   seconds=30
| gen-id=1      sig-id=2026507    type=Limit     tracking=src count=1   seconds=30
| gen-id=1      sig-id=2026506    type=Limit     tracking=src count=1   seconds=30
| gen-id=1      sig-id=2026505    type=Limit     tracking=src count=1   seconds=30
| gen-id=1      sig-id=2026504    type=Limit     tracking=src count=1   seconds=30
| gen-id=1      sig-id=2026503    type=Limit     tracking=src count=1   seconds=30
| gen-id=1      sig-id=2026502    type=Limit     tracking=src count=1   seconds=30
| gen-id=1      sig-id=2026501    type=Limit     tracking=src count=1   seconds=30
| gen-id=1      sig-id=2026500    type=Limit     tracking=src count=1   seconds=30
| gen-id=1      sig-id=2026499    type=Limit     tracking=src count=1   seconds=30
| gen-id=1      sig-id=2026498    type=Limit     tracking=src count=1   seconds=30
| gen-id=1      sig-id=2026497    type=Limit     tracking=src count=1   seconds=30
| gen-id=1      sig-id=2026496    type=Limit     tracking=src count=1   seconds=30
| gen-id=1      sig-id=2023092    type=Limit     tracking=src count=1   seconds=30
| gen-id=1      sig-id=2014997    type=Limit     tracking=src count=1   seconds=3600
| gen-id=1      sig-id=2008847    type=Limit     tracking=src count=2   seconds=300
| gen-id=1      sig-id=2026551    type=Limit     tracking=dst count=1   seconds=30
| gen-id=1      sig-id=2026547    type=Limit     tracking=dst count=1   seconds=30
| gen-id=1      sig-id=2022363    type=Limit     tracking=src count=1   seconds=60
| gen-id=1      sig-id=2022360    type=Limit     tracking=src count=1   seconds=60
| gen-id=1      sig-id=2010819    type=Limit     tracking=src count=1   seconds=60
| gen-id=1      sig-id=2026565    type=Both      tracking=dst count=1   seconds=30
| gen-id=1      sig-id=2026576    type=Limit     tracking=dst count=1   seconds=30
| gen-id=1      sig-id=2008913    type=Limit     tracking=src count=2   seconds=300
| gen-id=1      sig-id=2008912    type=Limit     tracking=src count=2   seconds=300
| gen-id=1      sig-id=2002761    type=Both      tracking=src count=5   seconds=3600
| gen-id=1      sig-id=2002760    type=Both      tracking=src count=10  seconds=600
| gen-id=1      sig-id=2014297    type=Limit     tracking=src count=2   seconds=300
| gen-id=1      sig-id=2008919    type=Limit     tracking=src count=2   seconds=300
| gen-id=1      sig-id=2008916    type=Limit     tracking=src count=2   seconds=300
| gen-id=1      sig-id=2008914    type=Limit     tracking=src count=2   seconds=300
| gen-id=1      sig-id=2008941    type=Limit     tracking=src count=2   seconds=300
| gen-id=1      sig-id=2002801    type=Limit     tracking=src count=1   seconds=360
| gen-id=1      sig-id=2002825    type=Both      tracking=src count=10  seconds=60
| gen-id=1      sig-id=2008184    type=Limit     tracking=src count=2   seconds=300
| gen-id=1      sig-id=2002823    type=Both      tracking=src count=10  seconds=60
| gen-id=1      sig-id=2008214    type=Limit     tracking=src count=2   seconds=300
| gen-id=1      sig-id=2008211    type=Limit     tracking=src count=2   seconds=300
| gen-id=1      sig-id=2008209    type=Limit     tracking=src count=2   seconds=300
| gen-id=1      sig-id=2008208    type=Limit     tracking=src count=2   seconds=300
| gen-id=1      sig-id=2008199    type=Limit     tracking=src count=2   seconds=300
| gen-id=1      sig-id=2008228    type=Limit     tracking=src count=3   seconds=300
| gen-id=1      sig-id=2014372    type=Both      tracking=src count=2   seconds=60
| gen-id=1      sig-id=2024732    type=Both      tracking=src count=1   seconds=5  
| gen-id=1      sig-id=2002827    type=Both      tracking=src count=10  seconds=60
| gen-id=1      sig-id=2008216    type=Limit     tracking=src count=2   seconds=300
| gen-id=1      sig-id=2008215    type=Limit     tracking=src count=2   seconds=300
| gen-id=1      sig-id=2018569    type=Limit     tracking=src count=1   seconds=120
| gen-id=1      sig-id=2018568    type=Limit     tracking=src count=1   seconds=120
| gen-id=1      sig-id=2002087    type=Threshold tracking=src count=10  seconds=60
| gen-id=1      sig-id=2008231    type=Limit     tracking=src count=2   seconds=300
| gen-id=1      sig-id=2008262    type=Limit     tracking=src count=2   seconds=300
| gen-id=1      sig-id=2008259    type=Limit     tracking=src count=2   seconds=300
| gen-id=1      sig-id=2008257    type=Limit     tracking=src count=2   seconds=300
| gen-id=1      sig-id=2008255    type=Limit     tracking=src count=2   seconds=300
| gen-id=1      sig-id=2008253    type=Limit     tracking=src count=2   seconds=300
| gen-id=1      sig-id=2018607    type=Limit     tracking=src count=1   seconds=300
| gen-id=1      sig-id=2008276    type=Limit     tracking=src count=2   seconds=300
| gen-id=1      sig-id=2008266    type=Limit     tracking=src count=2   seconds=300
| gen-id=1      sig-id=2008264    type=Limit     tracking=src count=2   seconds=300
| gen-id=1      sig-id=2024793    type=Limit     tracking=src count=1   seconds=30
| gen-id=1      sig-id=2018666    type=Both      tracking=dst count=12  seconds=120
| gen-id=1      sig-id=2006365    type=Limit     tracking=src count=2   seconds=300
| gen-id=1      sig-id=2006380    type=Both      tracking=src count=1   seconds=300
| gen-id=1      sig-id=2006402    type=Both      tracking=src count=1   seconds=300
| gen-id=1      sig-id=2025638    type=Limit     tracking=src count=1   seconds=60
| gen-id=1      sig-id=2025637    type=Limit     tracking=src count=1   seconds=30
| gen-id=1      sig-id=2023688    type=Limit     tracking=src count=1   seconds=60
| gen-id=1      sig-id=2023687    type=Limit     tracking=src count=1   seconds=60
| gen-id=1      sig-id=2025650    type=Limit     tracking=src count=1   seconds=30
| gen-id=1      sig-id=2025649    type=Limit     tracking=src count=1   seconds=30
| gen-id=1      sig-id=2025673    type=Limit     tracking=src count=1   seconds=30
| gen-id=1      sig-id=2000334    type=Limit     tracking=dst count=1   seconds=300
| gen-id=1      sig-id=2013416    type=Threshold tracking=dst count=10  seconds=20
| gen-id=1      sig-id=2000328    type=Threshold tracking=src count=10  seconds=120
| gen-id=1      sig-id=2013408    type=Limit     tracking=src count=1   seconds=600
| gen-id=1      sig-id=2103152    type=Threshold tracking=src count=5   seconds=2  
| gen-id=1      sig-id=2023776    type=Limit     tracking=src count=1   seconds=30
| gen-id=1      sig-id=2023775    type=Limit     tracking=src count=1   seconds=30
| gen-id=1      sig-id=2000357    type=Limit     tracking=src count=1   seconds=120
| gen-id=1      sig-id=2005320    type=Limit     tracking=src count=2   seconds=300
| gen-id=1      sig-id=2011497    type=Limit     tracking=src count=1   seconds=60
| gen-id=1      sig-id=2023819    type=Limit     tracking=src count=1   seconds=30
| gen-id=1      sig-id=2027287    type=Limit     tracking=src count=1   seconds=120
| gen-id=1      sig-id=2027280    type=Limit     tracking=src count=1   seconds=120
| gen-id=1      sig-id=2027299    type=Limit     tracking=src count=1   seconds=120
| gen-id=1      sig-id=2003458    type=Both      tracking=src count=5   seconds=300
| gen-id=1      sig-id=2003457    type=Both      tracking=src count=5   seconds=300
| gen-id=1      sig-id=2017722    type=Both      tracking=src count=5   seconds=60
| gen-id=1      sig-id=2017721    type=Both      tracking=src count=5   seconds=60
| gen-id=1      sig-id=2103273    type=Threshold tracking=src count=5   seconds=2  
| gen-id=1      sig-id=2011585    type=Limit     tracking=src count=1   seconds=60
| gen-id=1      sig-id=2011584    type=Limit     tracking=src count=2   seconds=300
| gen-id=1      sig-id=2011582    type=Limit     tracking=src count=2   seconds=300
| gen-id=1      sig-id=2011581    type=Limit     tracking=src count=2   seconds=300
| gen-id=1      sig-id=2023149    type=Limit     tracking=src count=10  seconds=60
| gen-id=1      sig-id=2021172    type=Both      tracking=dst count=10  seconds=60
| gen-id=1      sig-id=2021171    type=Both      tracking=src count=10  seconds=60
| gen-id=1      sig-id=2021170    type=Both      tracking=src count=10  seconds=60
| gen-id=1      sig-id=2027369    type=Limit     tracking=src count=2   seconds=600
| gen-id=1      sig-id=2003497    type=Limit     tracking=src count=3   seconds=300
| gen-id=1      sig-id=2009646    type=Limit     tracking=src count=1   seconds=60
| gen-id=1      sig-id=2003493    type=Limit     tracking=src count=2   seconds=360
| gen-id=1      sig-id=2027397    type=Limit     tracking=src count=1   seconds=300
| gen-id=1      sig-id=2009703    type=Limit     tracking=src count=2   seconds=300
| gen-id=1      sig-id=2009700    type=Both      tracking=src count=5   seconds=360
| gen-id=1      sig-id=2009699    type=Both      tracking=src count=100 seconds=60
| gen-id=1      sig-id=2009698    type=Both      tracking=src count=100 seconds=60
| gen-id=1      sig-id=2021260    type=Limit     tracking=src count=1   seconds=60
| gen-id=1      sig-id=2003566    type=Limit     tracking=src count=3   seconds=300
| gen-id=1      sig-id=2008956    type=Limit     tracking=src count=2   seconds=300
| gen-id=1      sig-id=2003586    type=Limit     tracking=src count=3   seconds=300
| gen-id=1      sig-id=2003583    type=Limit     tracking=src count=3   seconds=300
| gen-id=1      sig-id=2027421    type=Limit     tracking=dst count=1   seconds=120
| gen-id=1      sig-id=2027420    type=Limit     tracking=dst count=1   seconds=120
| gen-id=1      sig-id=2027419    type=Limit     tracking=dst count=1   seconds=120
| gen-id=1      sig-id=2027438    type=Limit     tracking=src count=1   seconds=60
| gen-id=1      sig-id=2027437    type=Limit     tracking=src count=1   seconds=60
| gen-id=1      sig-id=2019346    type=Both      tracking=dst count=500 seconds=60
| gen-id=1      sig-id=2021329    type=Both      tracking=src count=10  seconds=120
| gen-id=1      sig-id=2021328    type=Both      tracking=src count=10  seconds=120
| gen-id=1      sig-id=2021327    type=Both      tracking=src count=10  seconds=120
| gen-id=1      sig-id=2021326    type=Limit     tracking=src count=3   seconds=60
| gen-id=1      sig-id=2002842    type=Both      tracking=src count=5   seconds=60
| gen-id=1      sig-id=2019350    type=Both      tracking=dst count=500 seconds=60
| gen-id=1      sig-id=2019349    type=Both      tracking=dst count=500 seconds=60
| gen-id=1      sig-id=2019348    type=Both      tracking=dst count=500 seconds=60
| gen-id=1      sig-id=2019347    type=Both      tracking=dst count=500 seconds=60
| gen-id=1      sig-id=2009040    type=Threshold tracking=src count=20  seconds=10
| gen-id=1      sig-id=2025518    type=Limit     tracking=src count=2   seconds=300
| gen-id=1      sig-id=2025546    type=Both      tracking=src count=1   seconds=120
| gen-id=1      sig-id=2021333    type=Both      tracking=src count=10  seconds=120
| gen-id=1      sig-id=2021332    type=Both      tracking=src count=10  seconds=120
| gen-id=1      sig-id=2021331    type=Both      tracking=src count=10  seconds=120
| gen-id=1      sig-id=2021330    type=Both      tracking=src count=10  seconds=120
| gen-id=1      sig-id=2002878    type=Limit     tracking=src count=1   seconds=360
| gen-id=1      sig-id=2019383    type=Both      tracking=src count=1   seconds=60
| gen-id=1      sig-id=2025553    type=Limit     tracking=src count=2   seconds=300
| gen-id=1      sig-id=2019401    type=Limit     tracking=src count=2   seconds=300
| gen-id=1      sig-id=2002911    type=Both      tracking=src count=5   seconds=60
| gen-id=1      sig-id=2002910    type=Both      tracking=src count=5   seconds=60
| gen-id=1      sig-id=2019418    type=Both      tracking=src count=50  seconds=300
| gen-id=1      sig-id=2019416    type=Limit     tracking=src count=1   seconds=300
| gen-id=1      sig-id=2019415    type=Limit     tracking=src count=1   seconds=300
| gen-id=1      sig-id=2002935    type=Both      tracking=src count=10  seconds=60
| gen-id=1      sig-id=2023304    type=Limit     tracking=src count=1   seconds=30
| gen-id=1      sig-id=2002943    type=Both      tracking=src count=10  seconds=60
| gen-id=1      sig-id=2013336    type=Limit     tracking=src count=1   seconds=600
| gen-id=1      sig-id=2021410    type=Both      tracking=src count=10  seconds=120
| gen-id=1      sig-id=2021409    type=Both      tracking=src count=10  seconds=120
| gen-id=1      sig-id=2023400    type=Both      tracking=src count=1   seconds=120
| gen-id=1      sig-id=2021444    type=Both      tracking=src count=10  seconds=120
| gen-id=1      sig-id=2021443    type=Both      tracking=src count=10  seconds=120
| gen-id=1      sig-id=2009159    type=Limit     tracking=src count=1   seconds=60
| gen-id=1      sig-id=2003068    type=Threshold tracking=src count=5   seconds=120
| gen-id=1      sig-id=2019609    type=Both      tracking=src count=50  seconds=10
| gen-id=1      sig-id=2021575    type=Limit     tracking=src count=1   seconds=60
| gen-id=1      sig-id=2021574    type=Limit     tracking=src count=1   seconds=60
| gen-id=1      sig-id=2021573    type=Limit     tracking=src count=1   seconds=60
| gen-id=1      sig-id=2021572    type=Limit     tracking=src count=1   seconds=60
| gen-id=1      sig-id=2025009    type=Limit     tracking=src count=1   seconds=30
| gen-id=1      sig-id=2013479    type=Both      tracking=src count=20  seconds=360
| gen-id=1      sig-id=2013505    type=Limit     tracking=src count=1   seconds=300
| gen-id=1      sig-id=2020853    type=Limit     tracking=src count=1   seconds=60
| gen-id=1      sig-id=2013492    type=Both      tracking=src count=2   seconds=120
| gen-id=1      sig-id=2001219    type=Both      tracking=src count=5   seconds=120
| gen-id=1      sig-id=2018908    type=Limit     tracking=src count=1   seconds=60
| gen-id=1      sig-id=2018907    type=Limit     tracking=dst count=1   seconds=120
| gen-id=1      sig-id=2018906    type=Limit     tracking=dst count=1   seconds=120
| gen-id=1      sig-id=2018905    type=Limit     tracking=dst count=1   seconds=120
| gen-id=1      sig-id=2018904    type=Limit     tracking=dst count=1   seconds=120
| gen-id=1      sig-id=2003171    type=Limit     tracking=src count=1   seconds=60
| gen-id=1      sig-id=2003194    type=Both      tracking=src count=5   seconds=360
| gen-id=1      sig-id=2003193    type=Both      tracking=src count=100 seconds=60
| gen-id=1      sig-id=2003192    type=Both      tracking=src count=100 seconds=60
| gen-id=1      sig-id=2025107    type=Limit     tracking=src count=1   seconds=120
| gen-id=1      sig-id=2025106    type=Limit     tracking=src count=1   seconds=120
| gen-id=1      sig-id=2025105    type=Limit     tracking=src count=1   seconds=120
| gen-id=1      sig-id=2025104    type=Limit     tracking=src count=1   seconds=120
| gen-id=1      sig-id=2018984    type=Both      tracking=src count=1   seconds=30
| gen-id=1      sig-id=2018978    type=Both      tracking=dst count=1   seconds=60
| gen-id=1      sig-id=2018977    type=Both      tracking=src count=1   seconds=60
| gen-id=1      sig-id=2023203    type=Limit     tracking=src count=1   seconds=30
| gen-id=1      sig-id=2019022    type=Both      tracking=src count=2   seconds=60
| gen-id=1      sig-id=2019021    type=Both      tracking=dst count=2   seconds=60
| gen-id=1      sig-id=2019020    type=Both      tracking=dst count=2   seconds=60
| gen-id=1      sig-id=2019019    type=Both      tracking=dst count=2   seconds=60
| gen-id=1      sig-id=2019018    type=Both      tracking=dst count=2   seconds=60
| gen-id=1      sig-id=2019017    type=Both      tracking=dst count=2   seconds=60
| gen-id=1      sig-id=2019016    type=Both      tracking=dst count=2   seconds=60
| gen-id=1      sig-id=2019015    type=Both      tracking=src count=1   seconds=120
| gen-id=1      sig-id=2019014    type=Both      tracking=src count=1   seconds=120
| gen-id=1      sig-id=2019013    type=Both      tracking=src count=1   seconds=120
| gen-id=1      sig-id=2019012    type=Both      tracking=src count=1   seconds=120
| gen-id=1      sig-id=2019011    type=Both      tracking=src count=1   seconds=120
| gen-id=1      sig-id=2019010    type=Both      tracking=src count=1   seconds=120
| gen-id=1      sig-id=2010937    type=Limit     tracking=src count=5   seconds=60
| gen-id=1      sig-id=2010936    type=Limit     tracking=src count=5   seconds=60
| gen-id=1      sig-id=2025202    type=Limit     tracking=src count=1   seconds=30
| gen-id=1      sig-id=2010935    type=Limit     tracking=src count=5   seconds=60
| gen-id=1      sig-id=2025200    type=Limit     tracking=src count=1   seconds=60
| gen-id=1      sig-id=2025198    type=Both      tracking=src count=5   seconds=120
| gen-id=1      sig-id=2010953    type=Limit     tracking=src count=10  seconds=60
| gen-id=1      sig-id=2010939    type=Limit     tracking=src count=5   seconds=60
| gen-id=1      sig-id=2010938    type=Limit     tracking=src count=5   seconds=60
| gen-id=1      sig-id=2102275    type=Threshold tracking=dst count=5   seconds=60
| gen-id=1      sig-id=2017162    type=Limit     tracking=src count=1   seconds=60
| gen-id=1      sig-id=2017161    type=Limit     tracking=src count=1   seconds=60
| gen-id=1      sig-id=2011030    type=Limit     tracking=src count=1   seconds=60
| gen-id=1      sig-id=2011029    type=Limit     tracking=src count=1   seconds=60
| gen-id=1      sig-id=2009098    type=Limit     tracking=src count=1   seconds=300
| gen-id=1      sig-id=2002945    type=Both      tracking=src count=10  seconds=60
| gen-id=1      sig-id=2017967    type=Both      tracking=src count=2   seconds=60
| gen-id=1      sig-id=2017966    type=Both      tracking=src count=1   seconds=120
| gen-id=1      sig-id=2017965    type=Both      tracking=src count=1   seconds=120
| gen-id=1      sig-id=2022197    type=Limit     tracking=src count=1   seconds=600
| gen-id=1      sig-id=2016016    type=Both      tracking=dst count=5   seconds=60
| gen-id=1      sig-id=2002953    type=Limit     tracking=src count=1   seconds=120
| gen-id=1      sig-id=2002952    type=Limit     tracking=src count=1   seconds=120
| gen-id=1      sig-id=2002951    type=Limit     tracking=src count=1   seconds=60
| gen-id=1      sig-id=2009099    type=Limit     tracking=src count=1   seconds=300
| gen-id=1      sig-id=2002950    type=Limit     tracking=src count=1   seconds=30
| gen-id=1      sig-id=2016033    type=Limit     tracking=src count=1   seconds=300
| gen-id=1      sig-id=2016031    type=Limit     tracking=src count=1   seconds=300
| gen-id=1      sig-id=2016030    type=Limit     tracking=src count=1   seconds=300
| gen-id=1      sig-id=2024177    type=Limit     tracking=src count=1   seconds=600
| gen-id=1      sig-id=2024175    type=Limit     tracking=src count=1   seconds=600
| gen-id=1      sig-id=2024174    type=Limit     tracking=dst count=1   seconds=600
| gen-id=1      sig-id=2022206    type=Limit     tracking=src count=1   seconds=3600
| gen-id=1      sig-id=2024173    type=Limit     tracking=src count=1   seconds=600
| gen-id=1      sig-id=2022205    type=Limit     tracking=src count=1   seconds=600
| gen-id=1      sig-id=2022204    type=Limit     tracking=src count=1   seconds=600
| gen-id=1      sig-id=2022203    type=Limit     tracking=src count=1   seconds=600
| gen-id=1      sig-id=2022202    type=Limit     tracking=src count=1   seconds=600
| gen-id=1      sig-id=2022201    type=Limit     tracking=src count=1   seconds=600
| gen-id=1      sig-id=2022200    type=Limit     tracking=src count=1   seconds=600
| gen-id=1      sig-id=2022199    type=Limit     tracking=src count=1   seconds=600
| gen-id=1      sig-id=2022198    type=Limit     tracking=src count=1   seconds=600
| gen-id=1      sig-id=2002994    type=Both      tracking=src count=30  seconds=60
| gen-id=1      sig-id=2002993    type=Both      tracking=src count=30  seconds=120
| gen-id=1      sig-id=2002992    type=Both      tracking=src count=30  seconds=120
| gen-id=1      sig-id=2011887    type=Limit     tracking=src count=1   seconds=60
| gen-id=1      sig-id=2024182    type=Both      tracking=src count=60  seconds=60
| gen-id=1      sig-id=2022243    type=Limit     tracking=src count=1   seconds=60
| gen-id=1      sig-id=2002995    type=Both      tracking=src count=30  seconds=60
| gen-id=1      sig-id=2016101    type=Limit     tracking=src count=1   seconds=120
| gen-id=1      sig-id=2009972    type=Limit     tracking=src count=5   seconds=600
| gen-id=1      sig-id=2009969    type=Limit     tracking=src count=5   seconds=600
| gen-id=1      sig-id=2009968    type=Limit     tracking=src count=5   seconds=600
| gen-id=1      sig-id=2009967    type=Limit     tracking=src count=1   seconds=300
| gen-id=1      sig-id=2022291    type=Limit     tracking=src count=1   seconds=60
| gen-id=1      sig-id=2009986    type=Both      tracking=src count=2   seconds=60
| gen-id=1      sig-id=2010008    type=Limit     tracking=src count=1   seconds=600
| gen-id=1      sig-id=2008085    type=Limit     tracking=src count=2   seconds=300
| gen-id=1      sig-id=2008084    type=Limit     tracking=src count=2   seconds=300
| gen-id=1      sig-id=2008073    type=Limit     tracking=src count=2   seconds=300
| gen-id=1      sig-id=2008098    type=Limit     tracking=src count=2   seconds=300
| gen-id=1      sig-id=2008097    type=Limit     tracking=src count=2   seconds=300
| gen-id=1      sig-id=2008096    type=Limit     tracking=src count=2   seconds=300
| gen-id=1      sig-id=2016212    type=Limit     tracking=src count=1   seconds=300
| gen-id=1      sig-id=2025780    type=Threshold tracking=dst count=255 seconds=10
| gen-id=1      sig-id=2003930    type=Limit     tracking=src count=2   seconds=300
| gen-id=1      sig-id=2003927    type=Limit     tracking=src count=2   seconds=300
| gen-id=1      sig-id=2014272    type=Limit     tracking=src count=1   seconds=60
| gen-id=1      sig-id=2014271    type=Limit     tracking=src count=1   seconds=60
| gen-id=1      sig-id=2015482    type=Both      tracking=src count=10  seconds=600
| gen-id=1      sig-id=2001972    type=Both      tracking=src count=20  seconds=360
| gen-id=1      sig-id=2008147    type=Limit     tracking=src count=2   seconds=300
| gen-id=1      sig-id=2019692    type=Both      tracking=src count=12  seconds=120
| gen-id=1      sig-id=2008181    type=Limit     tracking=src count=2   seconds=300
| gen-id=1      sig-id=2019749    type=Limit     tracking=src count=1   seconds=600
| gen-id=1      sig-id=2019748    type=Limit     tracking=src count=1   seconds=600
| gen-id=1      sig-id=2025894    type=Limit     tracking=src count=1   seconds=60
| gen-id=1      sig-id=2025921    type=Limit     tracking=src count=1   seconds=30
| gen-id=1      sig-id=2025919    type=Limit     tracking=dst count=1   seconds=30
| gen-id=1      sig-id=2011668    type=Limit     tracking=src count=1   seconds=300
| gen-id=1      sig-id=2019778    type=Both      tracking=dst count=1   seconds=60
| gen-id=1      sig-id=2023996    type=Limit     tracking=dst count=3   seconds=90
| gen-id=1      sig-id=2023995    type=Both      tracking=dst count=3   seconds=90
| gen-id=1      sig-id=2011716    type=Limit     tracking=src count=5   seconds=120
| gen-id=1      sig-id=2017921    type=Both      tracking=src count=2   seconds=60
| gen-id=1      sig-id=2017920    type=Both      tracking=src count=2   seconds=60
| gen-id=1      sig-id=2017919    type=Both      tracking=dst count=2   seconds=60
| gen-id=1      sig-id=2017918    type=Both      tracking=dst count=2   seconds=60
| gen-id=1      sig-id=2011766    type=Limit     tracking=src count=1   seconds=60
| gen-id=1      sig-id=2025992    type=Limit     tracking=src count=1   seconds=30
| gen-id=1      sig-id=2011809    type=Limit     tracking=src count=1   seconds=30
| gen-id=1      sig-id=2025984    type=Limit     tracking=src count=1   seconds=30
| gen-id=1      sig-id=2011808    type=Limit     tracking=src count=1   seconds=30
| gen-id=1      sig-id=2026027    type=Threshold tracking=src count=1   seconds=35
| gen-id=1      sig-id=2019876    type=Limit     tracking=src count=1   seconds=30
| gen-id=1      sig-id=2026020    type=Limit     tracking=src count=1   seconds=30
| gen-id=1      sig-id=2026019    type=Limit     tracking=src count=1   seconds=30
| gen-id=1      sig-id=2026018    type=Limit     tracking=src count=1   seconds=30
| gen-id=1      sig-id=2026017    type=Limit     tracking=src count=1   seconds=30
| gen-id=1      sig-id=2026016    type=Limit     tracking=src count=1   seconds=30
| gen-id=1      sig-id=2009867    type=Limit     tracking=src count=2   seconds=300
| gen-id=1      sig-id=2026040    type=Both      tracking=dst count=10  seconds=90
| gen-id=1      sig-id=2019889    type=Both      tracking=src count=12  seconds=120
| gen-id=1      sig-id=2019888    type=Both      tracking=src count=12  seconds=120
| gen-id=1      sig-id=2019887    type=Both      tracking=src count=12  seconds=120
| gen-id=1      sig-id=2026035    type=Both      tracking=dst count=1   seconds=60
| gen-id=1      sig-id=2019886    type=Both      tracking=src count=12  seconds=120
| gen-id=1      sig-id=2019885    type=Both      tracking=src count=12  seconds=120
| gen-id=1      sig-id=2019884    type=Both      tracking=src count=12  seconds=120
| gen-id=1      sig-id=2019883    type=Both      tracking=src count=12  seconds=120
| gen-id=1      sig-id=2019882    type=Both      tracking=src count=12  seconds=120
| gen-id=1      sig-id=2009547    type=Limit     tracking=src count=2   seconds=300
| gen-id=1      sig-id=2009544    type=Limit     tracking=src count=2   seconds=300
| gen-id=1      sig-id=2019897    type=Limit     tracking=src count=1   seconds=60
| gen-id=1      sig-id=2019922    type=Limit     tracking=src count=1   seconds=60
| gen-id=1      sig-id=2019919    type=Limit     tracking=src count=1   seconds=120
| gen-id=1      sig-id=2021886    type=Limit     tracking=src count=1   seconds=300
| gen-id=1      sig-id=2026098    type=Limit     tracking=src count=1   seconds=300
| gen-id=1      sig-id=2026097    type=Limit     tracking=src count=1   seconds=300
| gen-id=1      sig-id=2019966    type=Limit     tracking=src count=1   seconds=60
| gen-id=1      sig-id=2019963    type=Limit     tracking=src count=1   seconds=60
| gen-id=1      sig-id=2025403    type=Both      tracking=dst count=100 seconds=60
| gen-id=1      sig-id=2001564    type=Limit     tracking=src count=5   seconds=300
| gen-id=1      sig-id=2025402    type=Both      tracking=dst count=100 seconds=60
| gen-id=1      sig-id=2025401    type=Both      tracking=dst count=100 seconds=60
| gen-id=1      sig-id=2001562    type=Limit     tracking=src count=2   seconds=300
| gen-id=1      sig-id=2011915    type=Limit     tracking=src count=1   seconds=60
| gen-id=1      sig-id=2011914    type=Limit     tracking=src count=1   seconds=60
| gen-id=1      sig-id=2023453    type=Both      tracking=src count=1   seconds=60
| gen-id=1      sig-id=2102496    type=Both      tracking=dst count=20  seconds=60
| gen-id=1      sig-id=2001580    type=Both      tracking=src count=70  seconds=60
| gen-id=1      sig-id=2001579    type=Both      tracking=src count=70  seconds=60
| gen-id=1      sig-id=2020026    type=Both      tracking=src count=1   seconds=120
| gen-id=1      sig-id=2001569    type=Both      tracking=src count=70  seconds=60
| gen-id=1      sig-id=2013894    type=Both      tracking=src count=100 seconds=10
| gen-id=1      sig-id=2001583    type=Both      tracking=src count=40  seconds=60
| gen-id=1      sig-id=2018094    type=Limit     tracking=src count=1   seconds=60
| gen-id=1      sig-id=2025453    type=Both      tracking=src count=1   seconds=120
| gen-id=1      sig-id=2001582    type=Both      tracking=src count=40  seconds=60
| gen-id=1      sig-id=2025452    type=Both      tracking=src count=1   seconds=120
| gen-id=1      sig-id=2001581    type=Both      tracking=src count=70  seconds=60
| gen-id=1      sig-id=2018090    type=Limit     tracking=src count=1   seconds=300
| gen-id=1      sig-id=2018088    type=Limit     tracking=src count=1   seconds=300
| gen-id=1      sig-id=2025465    type=Limit     tracking=src count=1   seconds=30
| gen-id=1      sig-id=2023495    type=Limit     tracking=src count=1   seconds=30
| gen-id=1      sig-id=2011975    type=Limit     tracking=src count=1   seconds=60
| gen-id=1      sig-id=2011974    type=Limit     tracking=src count=1   seconds=60
| gen-id=1      sig-id=2007801    type=Both      tracking=src count=5   seconds=360
| gen-id=1      sig-id=2023596    type=Limit     tracking=src count=1   seconds=30
| gen-id=1      sig-id=2023618    type=Both      tracking=src count=1   seconds=60
| gen-id=1      sig-id=2023617    type=Both      tracking=src count=1   seconds=60
| gen-id=1      sig-id=2023616    type=Both      tracking=src count=1   seconds=60
| gen-id=1      sig-id=2023615    type=Both      tracking=src count=1   seconds=60
| gen-id=1      sig-id=2023614    type=Both      tracking=src count=1   seconds=60
| gen-id=1      sig-id=2023613    type=Both      tracking=src count=1   seconds=60
| gen-id=1      sig-id=2023612    type=Both      tracking=src count=1   seconds=60
| gen-id=1      sig-id=2023627    type=Both      tracking=src count=1   seconds=60
| gen-id=1      sig-id=2023626    type=Both      tracking=src count=1   seconds=60
| gen-id=1      sig-id=2023625    type=Both      tracking=src count=1   seconds=60
| gen-id=1      sig-id=2023624    type=Both      tracking=src count=1   seconds=60
| gen-id=1      sig-id=2023623    type=Both      tracking=src count=1   seconds=60
| gen-id=1      sig-id=2009356    type=Limit     tracking=src count=2   seconds=300
| gen-id=1      sig-id=2023622    type=Both      tracking=src count=1   seconds=60
| gen-id=1      sig-id=2009355    type=Limit     tracking=src count=2   seconds=300
| gen-id=1      sig-id=2023621    type=Both      tracking=src count=1   seconds=60
| gen-id=1      sig-id=2023620    type=Both      tracking=src count=1   seconds=60
| gen-id=1      sig-id=2023619    type=Both      tracking=src count=1   seconds=60
| gen-id=1      sig-id=2021691    type=Limit     tracking=src count=3   seconds=60
| gen-id=1      sig-id=2023678    type=Both      tracking=src count=10  seconds=60
| gen-id=1      sig-id=2023677    type=Both      tracking=src count=10  seconds=60
| gen-id=1      sig-id=2003259    type=Both      tracking=src count=1   seconds=900
| gen-id=1      sig-id=2003258    type=Both      tracking=src count=1   seconds=900
| gen-id=1      sig-id=2003257    type=Both      tracking=src count=2   seconds=900
| gen-id=1      sig-id=2003256    type=Both      tracking=src count=2   seconds=900
| gen-id=1      sig-id=2003255    type=Both      tracking=src count=1   seconds=900
| gen-id=1      sig-id=2003254    type=Both      tracking=src count=1   seconds=900
| gen-id=1      sig-id=2015577    type=Limit     tracking=src count=1   seconds=30
| gen-id=1      sig-id=2003275    type=Both      tracking=src count=1   seconds=900
| gen-id=1      sig-id=2003274    type=Both      tracking=src count=1   seconds=900
| gen-id=1      sig-id=2003273    type=Both      tracking=src count=1   seconds=900
| gen-id=1      sig-id=2003272    type=Both      tracking=src count=1   seconds=900
| gen-id=1      sig-id=2003271    type=Both      tracking=src count=1   seconds=900
| gen-id=1      sig-id=2003270    type=Both      tracking=src count=1   seconds=900
| gen-id=1      sig-id=2003269    type=Both      tracking=src count=1   seconds=900
| gen-id=1      sig-id=2003268    type=Both      tracking=src count=1   seconds=900
| gen-id=1      sig-id=2003267    type=Both      tracking=src count=1   seconds=900
| gen-id=1      sig-id=2003266    type=Both      tracking=src count=1   seconds=900
| gen-id=1      sig-id=2003263    type=Both      tracking=src count=1   seconds=900
| gen-id=1      sig-id=2003262    type=Both      tracking=src count=1   seconds=900
| gen-id=1      sig-id=2003261    type=Both      tracking=src count=1   seconds=900
| gen-id=1      sig-id=2003260    type=Both      tracking=src count=1   seconds=900
| gen-id=1      sig-id=2003281    type=Both      tracking=src count=1   seconds=900
| gen-id=1      sig-id=2003280    type=Both      tracking=src count=1   seconds=900
| gen-id=1      sig-id=2003279    type=Both      tracking=src count=1   seconds=900
| gen-id=1      sig-id=2003278    type=Both      tracking=src count=1   seconds=900
| gen-id=1      sig-id=2003277    type=Both      tracking=src count=1   seconds=900
| gen-id=1      sig-id=2003276    type=Both      tracking=src count=1   seconds=900
| gen-id=1      sig-id=2022540    type=Limit     tracking=src count=1   seconds=60
| gen-id=1      sig-id=2009475    type=Limit     tracking=src count=1   seconds=120
| gen-id=1      sig-id=2015633    type=Limit     tracking=src count=1   seconds=300
| gen-id=1      sig-id=2009481    type=Threshold tracking=dst count=20  seconds=40
| gen-id=1      sig-id=2009480    type=Limit     tracking=dst count=1   seconds=60
| gen-id=1      sig-id=2022564    type=Limit     tracking=src count=2   seconds=300
| gen-id=1      sig-id=2026773    type=Both      tracking=src count=10  seconds=60
| gen-id=1      sig-id=2022588    type=Limit     tracking=dst count=1   seconds=600
| gen-id=1      sig-id=2014471    type=Limit     tracking=src count=1   seconds=3  
| gen-id=1      sig-id=2022587    type=Limit     tracking=dst count=1   seconds=600
| gen-id=1      sig-id=2022586    type=Limit     tracking=dst count=1   seconds=600
| gen-id=1      sig-id=2022585    type=Limit     tracking=dst count=1   seconds=600
| gen-id=1      sig-id=2022584    type=Limit     tracking=dst count=1   seconds=600
| gen-id=1      sig-id=2026762    type=Limit     tracking=src count=1   seconds=30
| gen-id=1      sig-id=2009512    type=Limit     tracking=src count=2   seconds=300
| gen-id=1      sig-id=2009538    type=Limit     tracking=src count=2   seconds=300
| gen-id=1      sig-id=2009537    type=Limit     tracking=src count=2   seconds=300
| gen-id=1      sig-id=2003387    type=Limit     tracking=src count=5   seconds=60
| gen-id=1      sig-id=2009534    type=Limit     tracking=src count=2   seconds=300
| gen-id=1      sig-id=2003384    type=Limit     tracking=src count=1   seconds=300
| gen-id=1      sig-id=2022618    type=Limit     tracking=src count=1   seconds=30
| gen-id=1      sig-id=2022617    type=Limit     tracking=src count=1   seconds=30
| gen-id=1      sig-id=2022616    type=Limit     tracking=src count=1   seconds=30
| gen-id=1      sig-id=2022615    type=Limit     tracking=src count=1   seconds=30
| gen-id=1      sig-id=2007583    type=Limit     tracking=src count=2   seconds=300
| gen-id=1      sig-id=2003397    type=Both      tracking=src count=1   seconds=300
| gen-id=1      sig-id=2008363    type=Limit     tracking=src count=2   seconds=300
| gen-id=1      sig-id=2020661    type=Limit     tracking=dst count=1   seconds=1200
| gen-id=1      sig-id=2008361    type=Limit     tracking=src count=2   seconds=300
| gen-id=1      sig-id=2008355    type=Limit     tracking=src count=2   seconds=300
| gen-id=1      sig-id=2020702    type=Both      tracking=src count=1   seconds=60
| gen-id=1      sig-id=2008391    type=Limit     tracking=src count=2   seconds=300
| gen-id=1      sig-id=2020712    type=Limit     tracking=src count=2   seconds=60
| gen-id=1      sig-id=2008413    type=Limit     tracking=src count=2   seconds=300
| gen-id=1      sig-id=2008400    type=Limit     tracking=src count=2   seconds=300
| gen-id=1      sig-id=2008429    type=Limit     tracking=src count=2   seconds=300
| gen-id=1      sig-id=2008428    type=Limit     tracking=src count=2   seconds=300
| gen-id=1      sig-id=2008427    type=Limit     tracking=src count=2   seconds=300
| gen-id=1      sig-id=2008424    type=Limit     tracking=src count=2   seconds=300
| gen-id=1      sig-id=2008423    type=Limit     tracking=src count=2   seconds=300
| gen-id=1      sig-id=2026901    type=Limit     tracking=src count=1   seconds=30
| gen-id=1      sig-id=2008422    type=Limit     tracking=src count=2   seconds=300
| gen-id=1      sig-id=2020742    type=Both      tracking=src count=3   seconds=60
| gen-id=1      sig-id=2020741    type=Both      tracking=src count=3   seconds=60
| gen-id=1      sig-id=2008440    type=Limit     tracking=src count=2   seconds=300
| gen-id=1      sig-id=2008463    type=Limit     tracking=src count=2   seconds=300
| gen-id=1      sig-id=2008460    type=Limit     tracking=src count=2   seconds=300
| gen-id=1      sig-id=2100163    type=Both      tracking=src count=100 seconds=60
| gen-id=1      sig-id=2100162    type=Both      tracking=dst count=100 seconds=60
| gen-id=1      sig-id=2008455    type=Threshold tracking=src count=5   seconds=30
| gen-id=1      sig-id=2008454    type=Threshold tracking=src count=5   seconds=30
| gen-id=1      sig-id=2100158    type=Both      tracking=src count=100 seconds=60
| gen-id=1      sig-id=2008453    type=Threshold tracking=src count=5   seconds=30
| gen-id=1      sig-id=2024219    type=Threshold tracking=src count=20  seconds=1  
| gen-id=1      sig-id=2008464    type=Limit     tracking=src count=2   seconds=300
| gen-id=1      sig-id=2024217    type=Both      tracking=src count=3   seconds=30
| gen-id=1      sig-id=2008495    type=Limit     tracking=src count=2   seconds=300
| gen-id=1      sig-id=2008494    type=Limit     tracking=src count=2   seconds=300
| gen-id=1      sig-id=2008488    type=Limit     tracking=src count=2   seconds=300
+-----------------------[suppression]------------------------------------------
| none
-------------------------------------------------------------------------------
Rule application order: activation->dynamic->pass->drop->sdrop->reject->alert->log
Verifying Preprocessor Configurations!
WARNING: flowbits key 'ET.RIGEKExploit' is set but not ever checked.
WARNING: flowbits key 'http.dottedquadhost.ppt' is set but not ever checked.
WARNING: flowbits key 'http.dottedquadhost.pptx' is set but not ever checked.
WARNING: flowbits key 'ETPRO.Trojan.BAT.Qhost' is set but not ever checked.
WARNING: flowbits key 'et.trojan.valkik.kku' is set but not ever checked.
WARNING: flowbits key 'ET.http.rtf.download' is set but not ever checked.
WARNING: flowbits key 'ET.genericphish_Tesco' is set but not ever checked.
WARNING: flowbits key 'ET.PcClient' is set but not ever checked.
WARNING: flowbits key 'ET.000webhostpost' is set but not ever checked.
WARNING: flowbits key 'http.dottedquadhost.rar' is set but not ever checked.
WARNING: flowbits key 'ET.atf.in.http' is set but not ever checked.
WARNING: flowbits key 'ETPRO.Microsoft.Excel' is set but not ever checked.
WARNING: flowbits key 'ET.mp3.in.http' is set but not ever checked.
WARNING: flowbits key 'http.dottedquadhost.dll' is set but not ever checked.
WARNING: flowbits key 'http.dottedquadhost.docx' is set but not ever checked.
WARNING: flowbits key 'ET.formdata' is set but not ever checked.
WARNING: flowbits key 'ET.MP4.Download' is set but not ever checked.
WARNING: flowbits key 'http.dottedquadhost.tgz' is set but not ever checked.
WARNING: flowbits key 'http.dottedquadhost.xls' is set but not ever checked.
WARNING: flowbits key 'http.dottedquadhost.ps' is set but not ever checked.
WARNING: flowbits key 'ETPRO.Emotet' is set but not ever checked.
WARNING: flowbits key 'NuclearEK' is set but not ever checked.
WARNING: flowbits key 'ET.aurora.init' is set but not ever checked.
WARNING: flowbits key 'ETPRO.RTF.OBJ' is set but not ever checked.
WARNING: flowbits key 'ET.fakealert.rena.n' is set but not ever checked.
WARNING: flowbits key 'ET.HTA.Download' is set but not ever checked.
WARNING: flowbits key 'ET.realEDUrequest' is set but not ever checked.
WARNING: flowbits key 'ET.Fedex_DHL_Phish' is set but not ever checked.
WARNING: flowbits key 'http.dottedquadhost.rtf' is set but not ever checked.
WARNING: flowbits key 'ET.Multimedia.Download' is set but not ever checked.
WARNING: flowbits key 'ET.TinyNuke' is set but not ever checked.
WARNING: flowbits key 'ET.Fareit.chk' is set but not ever checked.
WARNING: flowbits key 'ET.iTunes.vuln' is set but not ever checked.
WARNING: flowbits key 'http.dottedquadhost.hta' is set but not ever checked.
WARNING: flowbits key 'ET.bifrose1' is set but not ever checked.
WARNING: flowbits key 'EXE2' is set but not ever checked.
WARNING: flowbits key 'ET.vba-jpg-dl' is set but not ever checked.
WARNING: flowbits key 'ET.zipfile' is set but not ever checked.
WARNING: flowbits key 'http.dottedquadhost.xlsx' is set but not ever checked.
WARNING: flowbits key 'http.dottedquadhost.ps1' is set but not ever checked.
WARNING: flowbits key 'http.dottedquadhost.vbs' is set but not ever checked.
WARNING: flowbits key 'ET.pdx.in.http' is set but not ever checked.
WARNING: flowbits key 'ET.etrust.fieldis' is set but not ever checked.
WARNING: flowbits key 'ET.Cryptocurrency_Phish' is set but not ever checked.
WARNING: flowbits key 'SunDown.EK' is set but not ever checked.
WARNING: flowbits key 'http.dottedquadhost.doc' is set but not ever checked.
WARNING: flowbits key 'ET.mp4.in.http' is set but not ever checked.
WARNING: flowbits key 'http.dottedquadhost.gz' is set but not ever checked.
WARNING: flowbits key 'ET.saturn.checkin' is set but not ever checked.
WARNING: flowbits key 'ET.IRC.BOT.CntSOCPU' is set but not ever checked.
WARNING: flowbits key 'ET.fdf.in.http' is set but not ever checked.
WARNING: flowbits key 'ET.RUGGED.BANNER' is set but not ever checked.
WARNING: flowbits key 'http.dottedquadhost.pdf' is set but not ever checked.
WARNING: flowbits key 'ET.SecondaryFlash.Req' is set but not ever checked.
WARNING: flowbits key 'ET_EDGE_UA' is set but not ever checked.
WARNING: flowbits key 'ET.EOT.Download' is set but not ever checked.
WARNING: flowbits key 'ET.pdf.in.smtp.attachment' is set but not ever checked.
WARNING: flowbits key 'BS.BPcheckin1' is set but not ever checked.
WARNING: flowbits key 'http.dottedquadhost.zip' is set but not ever checked.
258 out of 1024 flowbits in use.

root@OpenWrt:/etc/snort/rules#
root@OpenWrt:/etc/snort/rules# C�+HTK$�X�YY��attern Matching Memory ]
+- [ Aho-Corasick Summary ] -------------------------------------
| Storage Format    :[46769.678832] device br-lan entered promiscuous mode
 Full-Q
| Finite Automaton  : DFA
| Alphabet Size     : 256 Chars
| Sizeof State      : Variable (1,2,4 bytes)
| Instances         : 220
|     1 byte states : 195
|     2 byte states : 25
|     4 byte states : 0
| Characters        : 457909
| States            : 226401
| Transitions       : 16439472
| State Density     : 28.4%
| Patterns          : 31007
| Match States      : 25384
| Memory (MB)       : 123.73
|   Patterns        : 3.24
|   Match Lists     : 8.62
|   DFA
|     1 byte states : 1.70
|     2 byte states : 109.79
|     4 byte states : 0.00
+----------------------------------------------------------------
[ Number of patterns truncated to 20 bytes: 7684 ]
pcap DAQ configured to passive.
Acquiring network traffic from "br-lan".
Reload thread starting...
Reload thread started, thread 0xfff516ab08 (2730)
Decoding Ethernet

        --== Initialization Complete ==--

   ,,_     -*> Snort! <*-
  o"  )~   Version 2.9.11.1 GRE (Build 268)
   ''''    By Martin Roesch & The Snort Team: http://www.snort.org/contact#team
           Copyright (C) 2014-2017 Cisco and/or its affiliates. All rights reserved.
           Copyright (C) 1998-2013 Sourcefire, Inc., et al.
           Using libpcap version 1.9.0-PRE-GIT (with TPACKET_V3)
           Using PCRE version: 8.43 2019-02-23
           Using ZLIB version: 1.2.11

           Rules Engine: SF_SNORT_DETECTION_ENGINE  Version 3.0  <Build 1>
           Preprocessor Object: SF_DCERPC2  Version 1.0  <Build 3>
           Preprocessor Object: SF_DNP3  Version 1.1  <Build 1>
           Preprocessor Object: SF_DNS  Version 1.1  <Build 4>
           Preprocessor Object: SF_FTPTELNET  Version 1.2  <Build 13>
           Preprocessor Object: SF_GTP  Version 1.1  <Build 1>
           Preprocessor Object: SF_IMAP  Version 1.0  <Build 1>
           Preprocessor Object: SF_MODBUS  Version 1.1  <Build 1>
           Preprocessor Object: SF_POP  Version 1.0  <Build 1>
           Preprocessor Object: SF_REPUTATION  Version 1.1  <Build 1>
           Preprocessor Object: SF_SDF  Version 1.1  <Build 1>
           Preprocessor Object: SF_SIP  Version 1.1  <Build 1>
           Preprocessor Object: SF_SMTP  Version 1.1  <Build 9>
           Preprocessor Object: SF_SSH  Version 1.1  <Build 3>
           Preprocessor Object: SF_SSLPP  Version 1.1  <Build 4>
Commencing packet processing (pid=2729)
Running Itus Shield v2 Firmware
Reply | Threaded
Open this post in threaded view
|

Re: [FIRMWARE] Itus Networks Shield Firmware Upgrade *WIP*

Gnomad
In reply to this post by Grommish
Wow - nice work Grommish!
You've gone well past my capabilities with any of this..  I'm a .NET & Angular dev, so am comfortable following & debugging existing code - but doing all this from scratch?  not a chance!

RE: suggestions for extras, perhaps:
* some of the other (non emergingthreats) blocklists covered by the fw_ugprade script that "legacy" installs run weekly - e.g. shallalist, sslipblacklist, zeus, etc.
* is it feasible to get the OpenWrt distro & other installed packages to auto-update?  Too much risk of breakage?
* not sure if it's mature enough, but luci2 might also be worth a look.

Keep me posted once you think the router mode install is "user-proof" enough for a Windows user ;)
OpenWrt SNAPSHOT, r10391-3d8d528939
Reply | Threaded
Open this post in threaded view
|

Re: [FIRMWARE] Itus Networks Shield Firmware Upgrade *WIP*

Grommish
Administrator
This post was updated on .
The Emerging Threats rules were just the first ones I found. Any Snort rules can be used. Updates can be scheduled via Cron job as long as the URL is reasonably scriptable.

By all accounts, once I get everything sorted, we should be able to do a few things.  First, opkg has an upgrade option, if I recall correctly. So you could schedule the Cron job for that.  More importantly, turning out system updates for use in the luCi interface should be doable, as well.

As far as testing, the "Gateway" image I'm building is Gateway in name only. The first post has info on how to install. It's called Gateway because uboot looks for Itus<mode>Image (ItusgatewayImage, ItusrouterImage, etc) depending on the front switch at the end of Stage 2 into Stage 3 boot.  The test image is set to act like the router image, it just goes in the Gateway slot because no one ever used that slot.  It's also non destructive, so it doesn't mess with the /dev/mmcblk partitions (at this point. My current test builds I have locally do.). So you're perfectly safe in loading the test image in post 1 and just backup your existing ItusgatewayImage file before hand.  The test file doesn't do Snort by default, and won't save anything through a reboot of the device.  Snort is present, but the /etc/snort/snort.conf isn't right and it dies when it tries to start (silently).  You can still call it manually from the command line to test it. I've got it working on the local test builds, but again, it'll overwrite your Gateway stuff (you can restore it later, if you decide to).  It doesn't effect the Router image, at all.

If you really want to play with it, I'm always willing to walk you through it in something like Google Hangouts.  Just send the request to my email (grommish@gmail.com) and we can set aside some time.  Any additional eyes I can get on this would be extremely helpful since I never played with the Shield during the hayday, and almost immediately decided to start this little adventure after only like 1 or 2 days of use. I never even hooked it inline on my network, only console and stub use.

I can look at luCi2.  I didn't see a config option in the source, but I've not synced in a few weeks.


Edit: luCi2 can be installed, I suppose, but the dev on it looks kind of janky.  Last commit was 2 months ago. While I could put it in the image, it's beyond me to make the pages.  I'm no good with JSON or even Js.  I also don't know what issues and conflicts luCi and luCi2 might have.  I'm all for bleeding edge, but for now, we should probably stick to tried and true. Besides, the luCi limitations in space and RAM don't apply to us.

Gnomad wrote
Wow - nice work Grommish!
You've gone well past my capabilities with any of this..  I'm a .NET & Angular dev, so am comfortable following & debugging existing code - but doing all this from scratch?  not a chance!

RE: suggestions for extras, perhaps:
* some of the other (non emergingthreats) blocklists covered by the fw_ugprade script that "legacy" installs run weekly - e.g. shallalist, sslipblacklist, zeus, etc.
* is it feasible to get the OpenWrt distro & other installed packages to auto-update?  Too much risk of breakage?
* not sure if it's mature enough, but luci2 might also be worth a look.

Keep me posted once you think the router mode install is "user-proof" enough for a Windows user ;)
Running Itus Shield v2 Firmware
Reply | Threaded
Open this post in threaded view
|

Re: [FIRMWARE] Itus Networks Shield Firmware Upgrade *WIP*

Grommish
Administrator
I was correct in opkg having an update/upgrade options:

I'm sure we can script it to auto-upgrade

root@OpenWrt:/etc# opkg update
Downloading http://downloads.openwrt.org/snapshots/targets/octeon/generic/packages/Packages.gz
Updated list of available packages in /var/opkg-lists/openwrt_core
Downloading http://downloads.openwrt.org/snapshots/targets/octeon/generic/packages/Packages.sig
Signature check passed.
Downloading http://downloads.openwrt.org/snapshots/packages/mips64_octeonplus/base/Packages.gz
Updated list of available packages in /var/opkg-lists/openwrt_base
Downloading http://downloads.openwrt.org/snapshots/packages/mips64_octeonplus/base/Packages.sig
Signature check passed.
root@OpenWrt:/etc# opkg list-upgradable
kmod-usb-storage - 4.14.123-1 - 4.14.125-1
mkf2fs - 1.12.0-2 - 1.12.0-3
opkg - 2019-01-31-d4ba162b-1 - 2019-06-14-dcbc142e-1
kmod-usb-core - 4.14.123-1 - 4.14.125-1
rpcd - 2018-11-28-3aa81d0d-1 - 2019-06-05-89bfaa42-2
busybox - 1.30.1-3 - 1.31.0-1
kmod-block2mtd - 4.14.123-1 - 4.14.125-1
kmod-crypto-hash - 4.14.123-1 - 4.14.125-1
kmod-nf-reject6 - 4.14.123-1 - 4.14.125-1
libiwinfo-lua - 2019-05-21-073a8388-1 - 2019-06-12-1372f47e-1
kmod-nf-flow - 4.14.123-1 - 4.14.125-1
kmod-lib-crc-ccitt - 4.14.123-1 - 4.14.125-1
kmod-pppoe - 4.14.123-1 - 4.14.125-1
kmod-pppox - 4.14.123-1 - 4.14.125-1
kmod-ipt-conntrack - 4.14.123-1 - 4.14.125-1
kmod-nf-reject - 4.14.123-1 - 4.14.125-1
base-files - 197-r10127-3209f5ae3d - 198-r10231-1fd900d
kmod-lib-crc16 - 4.14.123-1 - 4.14.125-1
kmod-nf-nat - 4.14.123-1 - 4.14.125-1
kmod-crypto-crc32c - 4.14.123-1 - 4.14.125-1
netifd - 2019-05-28-beb810db-2 - 2019-06-15-9932ed02-1
libf2fs6 - 1.12.0-2 - 1.12.0-3
dnsmasq - 2.80-11 - 2.80-13
libubox20170601 - 2019-02-27-eeef7b50-1 - 2019-06-16-ecf56174-1
kmod-usb-ehci - 4.14.123-1 - 4.14.125-1
libiwinfo20181126 - 2019-05-21-073a8388-1 - 2019-06-12-1372f47e-1
kmod-fs-vfat - 4.14.123-1 - 4.14.125-1
kmod-usb2 - 4.14.123-1 - 4.14.125-1
kmod-usb3 - 4.14.123-1 - 4.14.125-1
kmod-nf-ipt - 4.14.123-1 - 4.14.125-1
kmod-mmc - 4.14.123-1 - 4.14.125-1
kmod-ip6tables - 4.14.123-1 - 4.14.125-1
kmod-fs-ext4 - 4.14.123-1 - 4.14.125-1
curl - 7.65.0-1 - 7.65.1-1
kmod-nls-utf8 - 4.14.123-1 - 4.14.125-1
kmod-nls-cp437 - 4.14.123-1 - 4.14.125-1
logd - 2019-04-07-5130fa4d-1 - 2019-06-16-4df34a4d-2
libjson-script - 2019-02-27-eeef7b50-1 - 2019-06-16-ecf56174-1
libblobmsg-json - 2019-02-27-eeef7b50-1 - 2019-06-16-ecf56174-1
jshn - 2019-02-27-eeef7b50-1 - 2019-06-16-ecf56174-1
kmod-ipt-core - 4.14.123-1 - 4.14.125-1
kmod-ppp - 4.14.123-1 - 4.14.125-1
kmod-fs-f2fs - 4.14.123-1 - 4.14.125-1
kmod-nf-conntrack - 4.14.123-1 - 4.14.125-1
libcurl4 - 7.65.0-1 - 7.65.1-1
kmod-nf-ipt6 - 4.14.123-1 - 4.14.125-1
kmod-nls-iso8859-1 - 4.14.123-1 - 4.14.125-1
kmod-nf-conntrack6 - 4.14.123-1 - 4.14.125-1
ubox - 2019-04-07-5130fa4d-1 - 2019-06-16-4df34a4d-2
kmod-crypto-crc32 - 4.14.123-1 - 4.14.125-1
kmod-usb-storage-extras - 4.14.123-1 - 4.14.125-1
kmod-fs-squashfs - 4.14.123-1 - 4.14.125-1
kmod-nls-base - 4.14.123-1 - 4.14.125-1
kmod-ipt-offload - 4.14.123-1 - 4.14.125-1
kmod-scsi-core - 4.14.123-1 - 4.14.125-1
kmod-slhc - 4.14.123-1 - 4.14.125-1
libnghttp2-14 - 1.38.0-1 - 1.38.0-2
kmod-ipt-nat - 4.14.123-1 - 4.14.125-1
root@OpenWrt:/etc#
root@OpenWrt:/etc# opkg upgrade busybox
Upgrading busybox on root from 1.30.1-3 to 1.31.0-1...
Downloading http://downloads.openwrt.org/snapshots/packages/mips64_octeonplus/base/busybox_1.31.0-1_mips64_octeonplus.ipk
Removing obsolete file /bin/more.
Removing obsolete file /sbin/fdisk.
Removing obsolete file /lib/upgrade/keep.d/busybox.
Configuring busybox.
root@OpenWrt:/etc#
Running Itus Shield v2 Firmware
Reply | Threaded
Open this post in threaded view
|

Re: [FIRMWARE] Itus Networks Shield Firmware Upgrade *WIP*

Grommish
Administrator
This post was updated on .
It seems that every time I get on a tear, the posts just come back and back.

First, I finally managed to get Snort to more or less work properly, although I'm reasonably sure it's just alerting, rather than dropping, matching packets.  I'm sure there is a setting for that somewhere.

I didn't realize the map files were actually needed for things .  Snort comes with gen_msg.map, but the sid_msg.map from ET was also needed - silly me..

Luckily, it seems to have fixed the detection issues for the most part.  Of course, since I'm using ALL the rules, it picks up on more than just threats (which I was surprised to see).  It's surprisingly difficult to trigger Snort when you're testing it 3 layers deep in a private network.  NAT within NAT within NAT means not much is going to "go rogue" and hit the Shield.


First thing I tried was a DNS query on a questionable domain.

dig a 3wzn5p2yiumh7akj.onion

 returned

06/17-14:07:59.466089  [**] [1:2014939:1] ET POLICY DNS Query for TOR Hidden Domain .onion Accessible Via TOR [**] [Classification: Potential Corporate Privacy Violation] [Priori3
Then I did a

ping -b 255.255.255.255 -p "7569643d3028726f6f74290a" -c3


Which actually popped TWO alerts, because I had added it to local.rules before I got the sid-msg.map file in there

06/17-14:09:49.086335  [**] [1:2100498:8] GPL ATTACK_RESPONSE id check returned root [**] [Classification: Potentially Bad Traffic] [Priority: 2] {ICMP} 10.10.10.200 -> 255.255.255.255
06/17-14:09:49.086335  [**] [1:498:3] ATTACK RESPONSES id check returned root [**] [Classification: Potentially Bad Traffic] [Priority: 2] {ICMP} 10.10.10.200 -> 255.255.255.255
So, that seemed to verify it was working.  Then, I got the following, which was completely unexpected.
06/17-10:51:42.280977  [**] [1:2013504:3] ET POLICY GNU/Linux APT User-Agent Outbound likely related to package management [**] [Classification: Not Suspicious Traffic0
Happened when my Ubuntu laptop went and did a Software Update.  So, yeah, seems to be working (at least the detection part, and at least to Console).

And in case anyone is wondering, Snort is using both ALL the Emerging Threats AND the Snort Community rules AND my one local rule without issue..

19938 Snort rules read
    19504 detection rules
    153 decoder rules
    281 preprocessor rules
19938 Option Chains linked into 533 Chain Headers
0 Dynamic rules
+++++++++++++++++++++++++++++++++++++++++++++++++++

+-------------------[Rule Port Counts]---------------------------------------
|             tcp     udp    icmp      ip
|     src    3303     119       0       0
|     dst   12093    2141       0       0
|     any    2162     118      66      27
|      nc     462       3       0       1
|     s+d      59      35       0       0
+----------------------------------------------------------------------------
root@OpenWrt:/etc/snort# free
                     total          used           free     shared  buff/cache    available
Mem:         970636      414548      501264         772         54824      518356
Swap:                 0              0               0
root@OpenWrt:/etc/snort# uptime
 14:13:58 up 17:47,  load average: 0.00, 0.00, 0.00
root@OpenWrt:/etc/snort#
I have no preprocessors, no so_rules, no reputation monitor, and it's not running inline.  These are just straight-up .rules files. (I'd love to get the rest of it working, if I understood what they did and how to do it).


****

Issue 2:

I saw on the Itus firmware they used e2guardian to web-filter.  Is this something we want to put back in?  I included it, or at least tried to, on a local build.  It says it put it in there, but I'll be damned if i can find it.  I was looking at the fw_update file Gnomad mentioned and saw it was the site restrictions were being updated by it, so I thought I'd ask.

****

Issue 3:

Anyone know LUA who wants to try and make a luCi page for Snort/e2guardian rules as far as active/updated?  I doubt anyone, including me, wants to use the ET all ruleset.  I can work with you on the directory structure and we could include all of the individual files.  Perhaps the luCi page can let you toggle which rule files you want to use (read from the directory) and then update a .conf file (which we can call from the main snort.conf).  This allows granularity for each user.  But, I don't know LUA, so.....
Running Itus Shield v2 Firmware
Reply | Threaded
Open this post in threaded view
|

Re: [FIRMWARE] Itus Networks Shield Firmware Upgrade *WIP*

Grommish
Administrator
This post was updated on .
Update 6/19/19:

I figured out the e2guardian issue.  It WAS being baked in, however it wasn't showing until I iron'ed out the external root issues.

Currently, the system is setup like this:

Stage 1 uboot, Stage 2 uboot, Stage 3.  Stage 3 decides which of the three files (ItusrouterImage, ItusbridgeImage, ItusgatewayImage) to load based on the front-panel switch.

Image loads.  The init script figures out which mode the Shield is in by reading the GPIO values, sets an environmental export.  I had to stall out init until /dev/mmcblk gets mounted, it then mounts the correct for the mode partition (/dev/mmcblk1pX, X=2-4, 2=router, 3=gateway, 4=bridge).  I have it checking to see if a /.norwits file exists in the ExtRoot, and if it does, it hands root off to the external mount.

If it doesn't, it initiates a "First boot" condition.  This does a couple of things..  First, it copies the rootfs to the external mount, and then adds the .norwits file.  Then it adds an export FIRSTBOOT flag.  Finally, it hands root over to the external partition.

I've added a rc.d/init.d file at S13 that checks the FIRSTBOOT flag, and if it is an initial boot, Runs the following structure.


#!/bin/bash
#
# This script serves as the jumping point for initial setup on a first boot.
# The script will setup aspects of the system from the "default" settings.
echo "[DEBUG] Entered Firstboot Script"
if [[ ${FIRSTBOOT} -eq 1 ]]
then

case ${SHIELD_MODE} in
   "Router")
   # Router
   # Snort Rules
   uci set snort.snort.interface='br-lan'
   uci set snort.snort.config_file='/etc/snort/snort.conf'
   ;;
   "Bridge")
   # Bridge
   # Snort Rules
   uci set snort.snort.interface='br-lan'
   uci set snort.snort.config_file='/etc/snort/snort.conf'
   ;;
   "Gateway")
   # Gateway
   # Snort Rules
   uci set snort.snort.interface='br-lan'
   uci set snort.snort.config_file='/etc/snort/snort.conf'

   # Extract the Snort configuration and rule files
   tar xvzf /etc/snort.tgz -C /etc
   ;;
   *)
   # Other?
   echo "[FAILED] Unknown Device Mode!" > /dev/kmsg
   ;;
esac
fi


The .tgz file can/will contain the various configuration files for the given mode.  So each mode can be pre-set for various applications (including network settings, Snort configurations, e2guardian settings, etc, etc.  Since this is called/checked for at rc.d/S13, it comes BEFORE the system services come up, so it can set things before they load.

This means I/someone will only have to maintain 1 core image, and updates can be made to the included tgz files.

Now, in theory, FIRSTBOOT is only initiated if the /.norwits file is missing.  This will work even if the entire partition is blank.  I will need to further test, but I've done the following:


mount /dev/mmcblk1p3 /overlay
rm -rf /overlay/*
umount /overlay


or even


mkfs.f2fs /dev/mmcblk1p3


which formatted my Gateway partition in f2fs (Flash Friendly File System) (Note: I wouldn't recommend doing this unless you know what you're doing or are crazy like me - The Itus images do NOT recognize f2fs at all!)

Of course, it causes an immediate Kernel panic :D

On the subsequent reboot, the image rebuilt the external partition and went on it's merry way.

Now, the issue I'm going to be facing is how to do an update/upgrade system.  Because it overwrites everything, calling a FIRSTBOOT condition isn't good for anyone who alters configurations from the initial settings.  I suppose we can continue doing hotfixes; at least the codebase will be up to date.  I can generate the sysupdate file, but so far, going through luCi gives me an error (with the open to force the update).  I need to see why the error is happening and how it can be fixed.  

luCi's e2guardian page is working, as well!  Snort! is starting at boot now that the interface and whatnot are correct.  Yay!

On the heatsink front:

I mounted that Raspberry Pi flat copper heatsink to the CPU, and I'm seeing anywhere from a 20 - 30 degree F difference in the CPU temp from the rest of the chipset.  I'm reading ~95*F (~34*C) on the CPU and ~115*F (~44*C) on the rest of the chipset.  Even under load..


Running Itus Shield v2 Firmware
Reply | Threaded
Open this post in threaded view
|

Re: [FIRMWARE] Itus Networks Shield Firmware Upgrade *WIP*

Grommish
Administrator
I was looking into OpenWrt's update system, and I don't think it's going to be able to be used for what we need to do.  Meh.

On the flip side, I might be able to create an update system, although it looks like it would have to be two parts.  One chain for the kernel, one chain for the filesystem.  The update .tar file that the system generates is broken into those two sections, kernel and root.

The kernel file is the standard ELF image, and I can't find where in the rootfs that would go.  I doubt it would go in the rootfs at all, but would need to be in the boot image.   The root file, however, is a squashfs file, so it can be unsquashfs'd and mounted.

Question for the crowd:  Does anyone have any scripting suggestions on how to compare two file-trees (I was thinking diff), figuring out which files are new or changed, but excluding things like .conf?

I am thinking diff might be able to handle it, but I'm not sure about excluding .conf files that aren't NEW.  Anyone with suggestions would be most appreciated.
Running Itus Shield v2 Firmware
Reply | Threaded
Open this post in threaded view
|

Re: [FIRMWARE] Itus Networks Shield Firmware Upgrade *WIP*

Grommish
Administrator
I put up my stuff on my GitHub, in case anyone wants to either look/suggest/play with their own version.

I pushed the entire OpenWrt repo and then committed my changes on top of that.. OpenWrt offers a "mirror" of their git, but I'm not sure how current it is.  I'd rather just make sure I was up-to-date, and I can commit other changes down the line when I pull them from the upstream.

https://github.com/Grommish/Itus_Shield_v2
Running Itus Shield v2 Firmware
Reply | Threaded
Open this post in threaded view
|

Re: [FIRMWARE] Itus Networks Shield Firmware Upgrade *WIP*

Gnomad
In reply to this post by Grommish
Hi Grommish,
see commit history under https://github.com/ItusShield/Shield-Master/commits/master/usr/lib/lua/luci for LUA page changes from the original Shield, which includes a tab for users to specify which block lists they want applied.  I can't remember the specifics of how that was saved, but if you clone the repo and diff against 2016-03-30 you should find the relevant files.  Then the fw_upgrade.sh file referenced earlier picks up those settings to apply them.

Similarly under this folder is a tab that allows users to backup or restore their configs via downloadable zip - might be able to replicate this mechanism with your repo.
OpenWrt SNAPSHOT, r10391-3d8d528939
Reply | Threaded
Open this post in threaded view
|

Re: [FIRMWARE] Itus Networks Shield Firmware Upgrade *WIP*

Grommish
Administrator
Thanks!  So, you do the Lua *peer* haha.

One of the advantages to being able to actually work on-device now for a lot of things is that I can rob the bones of the Itus images in place.  I can just mount the overlay for the other images and walk through things.

I'm working on the Snort Lua stuff at the moment.  I pulled the stuff, although interesting enough, it was either being setup for Suricata, or borrowed from the Suricata package..  I looked into getting Suricata in the build, but finally put it aside for now.  Suricata doesn't support cross-compiling for mips, meh.. If they ever get it working, I can add it easy enough.  I already have the package hooks for it.

The rule files for the Itus image has Snort dropping rather than alerting like the public rules do.  Do we want to continue with that?  I'm down to learn new things like Lua, OpenWrt, Snort, etc, but if I have to sit down and learn functional sed and regex, it's going to slow my down considerably.

I'm pretty sure you're the one that is tagging my repo for this, so if you feel froggy, let me know and I'll do the pull request :D  if i had been smart, I'd have set up the git repo from the start, but eh.  the important bits are there.  It's been a long time since I used git (as you can tell from my other repos),  so I'm still feeling my way around it again..

In any case, I'll work through it.  I figure I'll work Snort first, since it is the main reason for the device.  Then, maybe move on to e2guardian, and then go from there.  I know the FIREWALL needs to be tweaked something fierce.  I DMZ'd the shield and scanned it, and so many closed-but-not-stealthed ports..   Can't let this stand.  And yes, the 80:443 open ports are not the Shield, which shouldn't be exposed anyway by default.

Standard Scan
Standard Scan

DMZ'd Shield
Shield DMZ'd
Running Itus Shield v2 Firmware
Reply | Threaded
Open this post in threaded view
|

Re: [FIRMWARE] Itus Networks Shield Firmware Upgrade *WIP*

Gnomad
Hi Grommish, I'm afraid your peer, tagging and froggy references have gone over my head!   I've add your repo to my github favourites list, but not submitted any PRs (or even cloned it yet).

RE: interest in learning lua/sed etc, I've previously been okay tweaking working examples when my Shield was running & my head was in the game, but none of this is in my wheelhouse either m'afraid.  Most of the commits I made to the old github repo were me pasting in the work of Roadrunner, user 8446 & others to track them for posterity.  You're already well advanced beyond anything I've ever done with the hardware.

As it stands before your efforts, I lost enthusiasm when my shield stopped working for the umpteenth time on me nearly a year ago, after one of the weekly fw_upgrade runs.  I might be encouraged to plug it in again as a test user given a working image, but will need to find a clear weekend or two..  Sorry I'm not your man for anything more involved!  Hopefully one or more of the other users can step up with other assistance.
OpenWrt SNAPSHOT, r10391-3d8d528939
12345 ... 12