diff options
author | Sivaprasad Tummala <Sivaprasad.Tummala@intel.com> | 2022-01-22 03:09:18 +0530 |
---|---|---|
committer | Damjan Marion <dmarion@me.com> | 2022-01-30 15:20:38 +0000 |
commit | c454e8993d18670f76b03dca780213860c2e19a2 (patch) | |
tree | 22d84f0047a8d746fabd58709e4553960644e84c /src/plugins/snort/main.c | |
parent | 9d0c638b0fa28b9aebd9e3c0c0bdf98361d50a50 (diff) |
snort: feature support on interface output
support snort plugin on interface output via ip4-output fa
Type: feature
Signed-off-by: Sivaprasad Tummala <Sivaprasad.Tummala@intel.com>
Change-Id: I2d5e7d0719c03f88806b12debfe596675dbd66c1
Diffstat (limited to 'src/plugins/snort/main.c')
-rw-r--r-- | src/plugins/snort/main.c | 38 |
1 files changed, 33 insertions, 5 deletions
diff --git a/src/plugins/snort/main.c b/src/plugins/snort/main.c index 6b7e49a23ad..39c13a8f237 100644 --- a/src/plugins/snort/main.c +++ b/src/plugins/snort/main.c @@ -409,12 +409,14 @@ done: clib_error_t * snort_interface_enable_disable (vlib_main_t *vm, char *instance_name, - u32 sw_if_index, int is_enable) + u32 sw_if_index, int is_enable, + snort_attach_dir_t snort_dir) { snort_main_t *sm = &snort_main; vnet_main_t *vnm = vnet_get_main (); snort_instance_t *si; clib_error_t *err = 0; + u64 fa_data; u32 index; if (is_enable) @@ -440,8 +442,18 @@ snort_interface_enable_disable (vlib_main_t *vm, char *instance_name, } index = sm->instance_by_sw_if_index[sw_if_index] = si->index; - vnet_feature_enable_disable ("ip4-unicast", "snort-enq", sw_if_index, 1, - &index, sizeof (index)); + if (snort_dir & SNORT_INPUT) + { + fa_data = (u64) index; + vnet_feature_enable_disable ("ip4-unicast", "snort-enq", sw_if_index, + 1, &fa_data, sizeof (fa_data)); + } + if (snort_dir & SNORT_OUTPUT) + { + fa_data = (1LL << 32 | index); + vnet_feature_enable_disable ("ip4-output", "snort-enq", sw_if_index, + 1, &fa_data, sizeof (fa_data)); + } } else { @@ -459,8 +471,18 @@ snort_interface_enable_disable (vlib_main_t *vm, char *instance_name, si = vec_elt_at_index (sm->instances, index); sm->instance_by_sw_if_index[sw_if_index] = ~0; - vnet_feature_enable_disable ("ip4-unicast", "snort-enq", sw_if_index, 0, - &index, sizeof (index)); + if (snort_dir & SNORT_INPUT) + { + fa_data = (u64) index; + vnet_feature_enable_disable ("ip4-unicast", "snort-enq", sw_if_index, + 0, &fa_data, sizeof (fa_data)); + } + if (snort_dir & SNORT_OUTPUT) + { + fa_data = (1LL << 32 | index); + vnet_feature_enable_disable ("ip4-output", "snort-enq", sw_if_index, + 0, &fa_data, sizeof (fa_data)); + } } done: @@ -527,3 +549,9 @@ VNET_FEATURE_INIT (snort_enq, static) = { .node_name = "snort-enq", .runs_before = VNET_FEATURES ("ip4-lookup"), }; + +VNET_FEATURE_INIT (snort_enq_out, static) = { + .arc_name = "ip4-output", + .node_name = "snort-enq", + .runs_before = VNET_FEATURES ("interface-output"), +}; |