OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of j0bb13 »
  • Show Posts »
  • Messages
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Messages - j0bb13

Pages: [1]
1
20.1 Legacy Series / Re: IDS log reports "hs" is an invalid mpm algo
« on: May 07, 2020, 12:46:01 pm »
Oops, forgot. I've added -amd64 to my original post.

Also, there doesn't seem to be SSSE3 in the default cpu model (kvm64). So that might very well be the issue. Thanks!
Now I just have to figure out which of the +-30 cpu options I can best select for the VM hardware in Proxmox.

Edit:
Never mind, there is a "host" option at the bottom of the cpu list. I'll try that one later this week.

Edit 2:
Cool! I changed the cpu type to "host" and it just worked. No reinstall needed. The only downside is that my VM is now less "portable", but I can live with that.

Maybe it's handy to mention in the documentation that SSE3 is required for Hyperscan and that VM solutions not necessarily have that flag set for their default CPU?
https://docs.opnsense.org/manual/virtuals.html

2
20.1 Legacy Series / [Solved] IDS log reports "hs" is an invalid mpm algo
« on: May 07, 2020, 12:21:51 pm »
My issue:
I can't seem to enable Hyperscan in the IDS configuration. The Aho–Corasick algorithm seems to work fine.

My analysis:
The IDS log shows the following when trying to enable Intrusion Detection:
Code: [Select]
<Error> -- [ERRCODE: SC_ERR_INVALID_YAML_CONF_ENTRY(139)] - Invalid mpm algo supplied in the yaml conf file: "hs"
The /usr/local/etc/suricata/suricata.yaml file specifies "mpm-algo:  hs ". (yes, those extra spaces are in there)

I ran "suricata --build-info | grep Hyperscan" to check if suricata has hyperman support and the result was "Hyperscan support:         yes". So suricata was built with hyperscan support.

My system:
Version: OPNsense 20.1.6-amd64
VM: KVM container in Proxmox
Host: Shuttle XPC DS10U (Celeron 4205U) with 8GB RAM and 240GB SSDs in RAID1

The required packages were installed by default:
hyperscan   4.7.0_3   19.3MiB
suricata   4.1.8   6.05MiB

My question:
Could someone help me figure out why hyperscan is reported to be an invalid mpm algorithm? The system is practically a vanilla OPNsense installation and suricata reports it was built with hyperscan support.

Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2