From a4956c0ff8db607b89880c0473d5bca77a6aa8bb Mon Sep 17 00:00:00 2001
From: Ad Schellevis <ad@opnsense.org>
Date: Sun, 10 Jul 2016 17:08:56 +0200
Subject: [PATCH] (IDS) add Hyperscan pattern matching option, closes
 https://github.com/opnsense/core/issues/1050

---
 .../controllers/OPNsense/IDS/forms/generalSettings.xml |  6 ++++++
 src/opnsense/mvc/app/models/OPNsense/IDS/IDS.xml       | 10 ++++++++++
 .../service/templates/OPNsense/IDS/suricata.yaml       |  3 ++-
 3 files changed, 18 insertions(+), 1 deletion(-)

diff --git a/src/opnsense/mvc/app/controllers/OPNsense/IDS/forms/generalSettings.xml b/src/opnsense/mvc/app/controllers/OPNsense/IDS/forms/generalSettings.xml
index b28b4fe2e..8ae1a12ab 100644
--- a/src/opnsense/mvc/app/controllers/OPNsense/IDS/forms/generalSettings.xml
+++ b/src/opnsense/mvc/app/controllers/OPNsense/IDS/forms/generalSettings.xml
@@ -17,6 +17,12 @@
         <type>checkbox</type>
         <help><![CDATA[Enable promiscuous mode, for certain setups (like IPS with vlans), this is required to actually capture data on the physical interface.]]></help>
     </field>
+    <field>
+        <id>ids.general.MPMAlgo</id>
+        <label>Pattern matcher</label>
+        <type>dropdown</type>
+        <help><![CDATA[Choose the pattern matcher algoritm, default is Aho-Corasick.]]></help>
+    </field>
     <field>
         <id>ids.general.interfaces</id>
         <label>Interfaces</label>
diff --git a/src/opnsense/mvc/app/models/OPNsense/IDS/IDS.xml b/src/opnsense/mvc/app/models/OPNsense/IDS/IDS.xml
index a5545b5c3..bc774f5ef 100644
--- a/src/opnsense/mvc/app/models/OPNsense/IDS/IDS.xml
+++ b/src/opnsense/mvc/app/models/OPNsense/IDS/IDS.xml
@@ -136,6 +136,16 @@
                 <MaximumValue>1000</MaximumValue>
                 <ValidationMessage>Enter a valid number of logs to save</ValidationMessage>
             </AlertSaveLogs>
+            <MPMAlgo type="OptionField">
+              <Required>N</Required>
+              <default>ac</default>
+              <BlankDesc>Default</BlankDesc>
+              <OptionValues>
+                  <ac>Aho-Corasick</ac>
+                  <hs>Hyperscan</hs>
+              </OptionValues>
+              <ValidationMessage>Please select a valid pattern matcher algorithm</ValidationMessage>
+            </MPMAlgo>
         </general>
     </items>
 </model>
diff --git a/src/opnsense/service/templates/OPNsense/IDS/suricata.yaml b/src/opnsense/service/templates/OPNsense/IDS/suricata.yaml
index 56a1519b7..922e44daf 100644
--- a/src/opnsense/service/templates/OPNsense/IDS/suricata.yaml
+++ b/src/opnsense/service/templates/OPNsense/IDS/suricata.yaml
@@ -474,7 +474,8 @@ cuda:
 # compiled with --enable-cuda: b2g_cuda. Make sure to update your
 # max-pending-packets setting above as well if you use b2g_cuda.
 
-mpm-algo: ac
+mpm-algo: {% if helpers.exists('OPNsense.IDS.general') %} {{ OPNsense.IDS.general.MPMAlgo|default("ac")}} {% else %}ac{% endif %}
+
 
 # The memory settings for hash size of these algorithms can vary from lowest
 # (2048) - low (4096) - medium (8192) - high (16384) - higher (32768) - max