Login  Register

Re: [FIRMWARE] Itus Networks Shield Firmware Upgrade *WIP*

Posted by Grommish on Jun 19, 2019; 4:34am
URL: https://itus.accessinnov.com/FIRMWARE-Itus-Networks-Shield-Firmware-Upgrade-WIP-tp1726p1766.html

Update 6/19/19:

I figured out the e2guardian issue.  It WAS being baked in, however it wasn't showing until I iron'ed out the external root issues.

Currently, the system is setup like this:

Stage 1 uboot, Stage 2 uboot, Stage 3.  Stage 3 decides which of the three files (ItusrouterImage, ItusbridgeImage, ItusgatewayImage) to load based on the front-panel switch.

Image loads.  The init script figures out which mode the Shield is in by reading the GPIO values, sets an environmental export.  I had to stall out init until /dev/mmcblk gets mounted, it then mounts the correct for the mode partition (/dev/mmcblk1pX, X=2-4, 2=router, 3=gateway, 4=bridge).  I have it checking to see if a /.norwits file exists in the ExtRoot, and if it does, it hands root off to the external mount.

If it doesn't, it initiates a "First boot" condition.  This does a couple of things..  First, it copies the rootfs to the external mount, and then adds the .norwits file.  Then it adds an export FIRSTBOOT flag.  Finally, it hands root over to the external partition.

I've added a rc.d/init.d file at S13 that checks the FIRSTBOOT flag, and if it is an initial boot, Runs the following structure.


#!/bin/bash
#
# This script serves as the jumping point for initial setup on a first boot.
# The script will setup aspects of the system from the "default" settings.
echo "[DEBUG] Entered Firstboot Script"
if [[ ${FIRSTBOOT} -eq 1 ]]
then

case ${SHIELD_MODE} in
   "Router")
   # Router
   # Snort Rules
   uci set snort.snort.interface='br-lan'
   uci set snort.snort.config_file='/etc/snort/snort.conf'
   ;;
   "Bridge")
   # Bridge
   # Snort Rules
   uci set snort.snort.interface='br-lan'
   uci set snort.snort.config_file='/etc/snort/snort.conf'
   ;;
   "Gateway")
   # Gateway
   # Snort Rules
   uci set snort.snort.interface='br-lan'
   uci set snort.snort.config_file='/etc/snort/snort.conf'

   # Extract the Snort configuration and rule files
   tar xvzf /etc/snort.tgz -C /etc
   ;;
   *)
   # Other?
   echo "[FAILED] Unknown Device Mode!" > /dev/kmsg
   ;;
esac
fi


The .tgz file can/will contain the various configuration files for the given mode.  So each mode can be pre-set for various applications (including network settings, Snort configurations, e2guardian settings, etc, etc.  Since this is called/checked for at rc.d/S13, it comes BEFORE the system services come up, so it can set things before they load.

This means I/someone will only have to maintain 1 core image, and updates can be made to the included tgz files.

Now, in theory, FIRSTBOOT is only initiated if the /.norwits file is missing.  This will work even if the entire partition is blank.  I will need to further test, but I've done the following:


mount /dev/mmcblk1p3 /overlay
rm -rf /overlay/*
umount /overlay


or even


mkfs.f2fs /dev/mmcblk1p3


which formatted my Gateway partition in f2fs (Flash Friendly File System) (Note: I wouldn't recommend doing this unless you know what you're doing or are crazy like me - The Itus images do NOT recognize f2fs at all!)

Of course, it causes an immediate Kernel panic :D

On the subsequent reboot, the image rebuilt the external partition and went on it's merry way.

Now, the issue I'm going to be facing is how to do an update/upgrade system.  Because it overwrites everything, calling a FIRSTBOOT condition isn't good for anyone who alters configurations from the initial settings.  I suppose we can continue doing hotfixes; at least the codebase will be up to date.  I can generate the sysupdate file, but so far, going through luCi gives me an error (with the open to force the update).  I need to see why the error is happening and how it can be fixed.  

luCi's e2guardian page is working, as well!  Snort! is starting at boot now that the interface and whatnot are correct.  Yay!

On the heatsink front:

I mounted that Raspberry Pi flat copper heatsink to the CPU, and I'm seeing anywhere from a 20 - 30 degree F difference in the CPU temp from the rest of the chipset.  I'm reading ~95*F (~34*C) on the CPU and ~115*F (~44*C) on the rest of the chipset.  Even under load..


Running Itus Shield v2 Firmware