summaryrefslogtreecommitdiffstats
path: root/src/plugins/snort/main.c
diff options
context:
space:
mode:
authorSivaprasad Tummala <Sivaprasad.Tummala@intel.com>2022-01-22 03:09:18 +0530
committerDamjan Marion <dmarion@me.com>2022-01-30 15:20:38 +0000
commitc454e8993d18670f76b03dca780213860c2e19a2 (patch)
tree22d84f0047a8d746fabd58709e4553960644e84c /src/plugins/snort/main.c
parent9d0c638b0fa28b9aebd9e3c0c0bdf98361d50a50 (diff)
snort: feature support on interface output
support snort plugin on interface output via ip4-output fa Type: feature Signed-off-by: Sivaprasad Tummala <Sivaprasad.Tummala@intel.com> Change-Id: I2d5e7d0719c03f88806b12debfe596675dbd66c1
Diffstat (limited to 'src/plugins/snort/main.c')
-rw-r--r--src/plugins/snort/main.c38
1 files changed, 33 insertions, 5 deletions
diff --git a/src/plugins/snort/main.c b/src/plugins/snort/main.c
index 6b7e49a23ad..39c13a8f237 100644
--- a/src/plugins/snort/main.c
+++ b/src/plugins/snort/main.c
@@ -409,12 +409,14 @@ done:
clib_error_t *
snort_interface_enable_disable (vlib_main_t *vm, char *instance_name,
- u32 sw_if_index, int is_enable)
+ u32 sw_if_index, int is_enable,
+ snort_attach_dir_t snort_dir)
{
snort_main_t *sm = &snort_main;
vnet_main_t *vnm = vnet_get_main ();
snort_instance_t *si;
clib_error_t *err = 0;
+ u64 fa_data;
u32 index;
if (is_enable)
@@ -440,8 +442,18 @@ snort_interface_enable_disable (vlib_main_t *vm, char *instance_name,
}
index = sm->instance_by_sw_if_index[sw_if_index] = si->index;
- vnet_feature_enable_disable ("ip4-unicast", "snort-enq", sw_if_index, 1,
- &index, sizeof (index));
+ if (snort_dir & SNORT_INPUT)
+ {
+ fa_data = (u64) index;
+ vnet_feature_enable_disable ("ip4-unicast", "snort-enq", sw_if_index,
+ 1, &fa_data, sizeof (fa_data));
+ }
+ if (snort_dir & SNORT_OUTPUT)
+ {
+ fa_data = (1LL << 32 | index);
+ vnet_feature_enable_disable ("ip4-output", "snort-enq", sw_if_index,
+ 1, &fa_data, sizeof (fa_data));
+ }
}
else
{
@@ -459,8 +471,18 @@ snort_interface_enable_disable (vlib_main_t *vm, char *instance_name,
si = vec_elt_at_index (sm->instances, index);
sm->instance_by_sw_if_index[sw_if_index] = ~0;
- vnet_feature_enable_disable ("ip4-unicast", "snort-enq", sw_if_index, 0,
- &index, sizeof (index));
+ if (snort_dir & SNORT_INPUT)
+ {
+ fa_data = (u64) index;
+ vnet_feature_enable_disable ("ip4-unicast", "snort-enq", sw_if_index,
+ 0, &fa_data, sizeof (fa_data));
+ }
+ if (snort_dir & SNORT_OUTPUT)
+ {
+ fa_data = (1LL << 32 | index);
+ vnet_feature_enable_disable ("ip4-output", "snort-enq", sw_if_index,
+ 0, &fa_data, sizeof (fa_data));
+ }
}
done:
@@ -527,3 +549,9 @@ VNET_FEATURE_INIT (snort_enq, static) = {
.node_name = "snort-enq",
.runs_before = VNET_FEATURES ("ip4-lookup"),
};
+
+VNET_FEATURE_INIT (snort_enq_out, static) = {
+ .arc_name = "ip4-output",
+ .node_name = "snort-enq",
+ .runs_before = VNET_FEATURES ("interface-output"),
+};