(IPS) add Add promisc mode / physical interface selection, closes...

(IPS) add Add promisc mode / physical interface selection, closes https://github.com/opnsense/core/issues/935 (cherry picked from commit 3bacc745) (cherry picked from commit 8b4b5bbb)

(IPS) add Add promisc mode / physical interface selection, closes...
(IPS) add Add promisc mode / physical interface selection, closes https://github.com/opnsense/core/issues/935 (cherry picked from commit 3bacc745) (cherry picked from commit 8b4b5bbb)
ed808ac4 · Ad Schellevis · Franco Fichtner · 6f3b7af5 · ed808ac4 · ed808ac4
Commit ed808ac4 authored May 11, 2016 by Ad Schellevis Committed by Franco Fichtner May 24, 2016
3 changed files
--- a/src/opnsense/mvc/app/controllers/OPNsense/IDS/forms/generalSettings.xml
+++ b/src/opnsense/mvc/app/controllers/OPNsense/IDS/forms/generalSettings.xml
@@ -13,12 +13,19 @@
        before enabling, please disable all hardware offloading first. <br><a href="/system_advanced_network.php">in advanced network</a>
        ]]></help>
    </field>
+    <field>
+        <id>ids.general.promisc</id>
+        <label>promiscuous mode</label>
+        <type>checkbox</type>
+        <help><![CDATA[enable promiscuous mode, for certain setups (like IPS with vlans), this is required to actually capture data on the physical interface
+        ]]></help>
+    </field>
    <field>
        <id>ids.general.interfaces</id>
        <label>interfaces</label>
        <type>select_multiple</type>
        <style>tokenize</style>
-        <help><![CDATA[Select interface(s) to use.]]></help>
+        <help><![CDATA[Select interface(s) to use. When enabling IPS, only use physical interfaces here (no vlans etc).]]></help>
        <hint>Type or select interface.</hint>
    </field>
 </form>
--- a/src/opnsense/mvc/app/models/OPNsense/IDS/IDS.xml
+++ b/src/opnsense/mvc/app/models/OPNsense/IDS/IDS.xml
@@ -92,10 +92,15 @@
                <default>0</default>
                <Required>Y</Required>
            </ips>
+            <promisc type="BooleanField">
+                <default>0</default>
+                <Required>Y</Required>
+            </promisc>
            <interfaces type="InterfaceField">
                <Required>Y</Required>
                <default>wan</default>
                <multiple>Y</multiple>
+                <AddParentDevices>Y</AddParentDevices>
                <filters>
                    <enable>/^(?!0).*$/</enable>
                </filters>

--- a/src/opnsense/service/templates/OPNsense/IDS/suricata.yaml
+++ b/src/opnsense/service/templates/OPNsense/IDS/suricata.yaml
@@ -313,7 +313,7 @@ netmap:
  - interface: default
    threads: auto
    copy-mode: ips
-    disable-promisc: yes
+    disable-promisc: {% if helpers.exists('OPNsense.IDS.general.promisc') and OPNsense.IDS.general.promisc|default('0') == '0' %}yes{% else %}no{% endif %} #  promiscuous mode
    checksum-checks: auto

  {% if helpers.exists('OPNsense.IDS.general.interfaces') %}
@@ -745,6 +745,7 @@ logging:

 pcap:
  - interface: default
+    promisc: {% if helpers.exists('OPNsense.IDS.general.promisc') and OPNsense.IDS.general.promisc|default('0') == '1' %}yes{% else %}no{% endif %} #  promiscuous mode

 pcap-file:
  # Possible values are: