Re: [FIRMWARE] Itus Networks Shield Firmware Upgrade *WIP*
Posted by
Grommish on
May 21, 2019; 11:56pm
URL: https://itus.accessinnov.com/FIRMWARE-Itus-Networks-Shield-Firmware-Upgrade-WIP-tp1726p1749.html
Well, I took the next step and started from scratch on the OpenWrt image. I hosed my external Linux SSD when I installed it and didn't install Grub on it, and it was being such a PITA to get it installed there, i just decided to take the chance to start over.
I'll put up an updated image later on and a fresh Changelog, but I added Snort.
root@OpenWrt:/# snort --version
,,_ -*> Snort! <*-
o" )~ Version 2.9.11.1 GRE (Build 268)
'''' By Martin Roesch & The Snort Team: http://www.snort.org/contact#team
Copyright (C) 2014-2017 Cisco and/or its affiliates. All rights reserved.
Copyright (C) 1998-2013 Sourcefire, Inc., et al.
Using libpcap version 1.9.0-PRE-GIT (with TPACKET_V3)
Using PCRE version: 8.43 2019-02-23
Using ZLIB version: 1.2.11
It's the one that comes with OpenWrt, and i can look into updating it from source later i suppose (2.9.13.0 is the latest available).
the fantastic news is, with Snort running I saw NO LOSS in throughput! I was seeing the same ~90MB/s down, 11.5MB/s up. Now, I've not configured anything, and I _probably_ don't have any real rules loaded, but I was running the Snort log output to console and this is the tail end (lots of message)
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
WARNING: No preprocessors configured for policy 0.
05/21-23:41:56.634975 10.10.10.200:48460 -> 8.43.72.42:443
TCP TTL:64 TOS:0x0 ID:63658 IpLen:20 DgmLen:40 DF
***A**** Seq: 0x4C6E558A Ack: 0xD04A6497 Win: 0xFAF0 TcpLen: 20
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
WARNING: No preprocessors configured for policy 0.
05/21-23:41:56.634976 10.10.10.200:48384 -> 68.67.178.184:443
TCP TTL:64 TOS:0x0 ID:42618 IpLen:20 DgmLen:52 DF
***A**** Seq: 0xFF90B68 Ack: 0xB903D959 Win: 0x1F6 TcpLen: 32
TCP Options (3) => NOP NOP TS: 2859580113 1937562391
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
WARNING: No preprocessors configured for policy 0.
05/21-23:41:56.635165 10.10.10.200:48386 -> 68.67.178.184:443
TCP TTL:64 TOS:0x0 ID:24433 IpLen:20 DgmLen:569 DF
***AP*** Seq: 0x8C03F272 Ack: 0xDD89D3C6 Win: 0x1F6 TcpLen: 32
TCP Options (3) => NOP NOP TS: 2859580113 1937562391
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
05/21-23:41:56.635292 10.10.10.10:53 -> 10.10.10.200:[ 478.132861] device br-lan left promiscuous mode
^C0 ID:42619 IpLen:20 DgmLen:569 DF
***AP*** Seq: 0xFF90B68 Ack: 0xB903D959 Win: 0x1F6 TcpLen: 32
TCP Options (3) => NOP NOP TS: 2859580116 1937562391
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
*** Caught Int-Signal
WARNING: No preprocessors configured for policy 0.
05/21-23:41:56.639159 8.43.72.42:443 -> 10.10.10.200:48464
TCP TTL:116 TOS:0x0 ID:11784 IpLen:20 DgmLen:48 DF
***A**S* Seq: 0x5ABB4B2B Ack: 0x91CF8329 Win: 0xFAF0 TcpLen: 28
TCP Options (3) => MSS: 1460 SackOK EOL
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
===============================================================================
Run time for packet processing was 89.413442 seconds
Snort processed 2036 packets.
Snort ran for 0 days 0 hours 1 minutes 29 seconds
Pkts/min: 2036
Pkts/sec: 22
===============================================================================
Packet I/O Totals:
Received: 214964
Analyzed: 2036 ( 0.947%)
Dropped: 210362 ( 49.459%)
Filtered: 0 ( 0.000%)
Outstanding: 212928 ( 99.053%)
Injected: 0
===============================================================================
Breakdown by protocol (includes rebuilt packets):
Eth: 2036 (100.000%)
VLAN: 0 ( 0.000%)
IP4: 2034 ( 99.902%)
Frag: 0 ( 0.000%)
ICMP: 0 ( 0.000%)
UDP: 336 ( 16.503%)
TCP: 1698 ( 83.399%)
IP6: 0 ( 0.000%)
IP6 Ext: 0 ( 0.000%)
IP6 Opts: 0 ( 0.000%)
Frag6: 0 ( 0.000%)
ICMP6: 0 ( 0.000%)
UDP6: 0 ( 0.000%)
TCP6: 0 ( 0.000%)
Teredo: 0 ( 0.000%)
ICMP-IP: 0 ( 0.000%)
IP4/IP4: 0 ( 0.000%)
IP4/IP6: 0 ( 0.000%)
IP6/IP4: 0 ( 0.000%)
IP6/IP6: 0 ( 0.000%)
GRE: 0 ( 0.000%)
GRE Eth: 0 ( 0.000%)
GRE VLAN: 0 ( 0.000%)
GRE IP4: 0 ( 0.000%)
GRE IP6: 0 ( 0.000%)
GRE IP6 Ext: 0 ( 0.000%)
GRE PPTP: 0 ( 0.000%)
GRE ARP: 0 ( 0.000%)
GRE IPX: 0 ( 0.000%)
GRE Loop: 0 ( 0.000%)
MPLS: 0 ( 0.000%)
ARP: 2 ( 0.098%)
IPX: 0 ( 0.000%)
Eth Loop: 0 ( 0.000%)
Eth Disc: 0 ( 0.000%)
IP4 Disc: 0 ( 0.000%)
IP6 Disc: 0 ( 0.000%)
TCP Disc: 0 ( 0.000%)
UDP Disc: 0 ( 0.000%)
ICMP Disc: 0 ( 0.000%)
All Discard: 0 ( 0.000%)
Other: 0 ( 0.000%)
Bad Chk Sum: 168 ( 8.251%)
Bad TTL: 0 ( 0.000%)
S5 G 1: 0 ( 0.000%)
S5 G 2: 0 ( 0.000%)
Total: 2036
===============================================================================
Snort exiting
This was while running the Speedtest on the Laptop attached through the Shield.
So, I'm really, really hoping someone with Snort experience can/will give me a shout on what to do next. I've never used Snort, so I need guidance badly (otherwise this will take forever and probably end up badly).
I'm going to start on the next step to things, but it will end up breaking the existing Itus stuff completely. In order to setup /extroot, I need to overwrite an existing /dev/mmcblk1pX mount. I'm thinking about just removing the entire Gateway OEM setup and using that, since it never worked right to begin with and i highly doubt anyone is actually using it. I'm also thinking about switching filesystems for it from ext3 to f2fs (Flash-Friendly File System) to help keep the destructive writes down.. I'll look into it at least and see if there actually is an advantage with it.
Running Itus Shield v2 Firmware