summaryrefslogtreecommitdiffstats
path: root/src/plugins/snort/snort.h
diff options
context:
space:
mode:
authorDamjan Marion <damarion@cisco.com>2021-01-27 21:17:48 +0100
committerDamjan Marion <dmarion@me.com>2021-07-16 11:36:32 +0000
commit839b1473e96800f577d06b14234aef9b573bb303 (patch)
tree7e87c52cafc49a1a66c2ba3e56af1e8e22f92144 /src/plugins/snort/snort.h
parent0ec7dad7a00852663eb88554561347987f87bb53 (diff)
snort: snort3 plugin and DAQ
Zero copy interface which exposes VPP buffers to snort instance(s). Includes VPP DAQ which is compiled only if libdaq 3 API headers are available. Type: feature Change-Id: I96611b43f94fbae091e7391589e0454ae66de88b Signed-off-by: Damjan Marion <damarion@cisco.com> Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Diffstat (limited to 'src/plugins/snort/snort.h')
-rw-r--r--src/plugins/snort/snort.h113
1 files changed, 113 insertions, 0 deletions
diff --git a/src/plugins/snort/snort.h b/src/plugins/snort/snort.h
new file mode 100644
index 00000000000..d069fa01661
--- /dev/null
+++ b/src/plugins/snort/snort.h
@@ -0,0 +1,113 @@
+/* SPDX-License-Identifier: Apache-2.0
+ * Copyright(c) 2021 Cisco Systems, Inc.
+ */
+
+#ifndef __snort_snort_h__
+#define __snort_snort_h__
+
+#include <vppinfra/error.h>
+#include <vppinfra/socket.h>
+#include <vlib/vlib.h>
+#include <snort/daq_vpp.h>
+
+typedef struct
+{
+ CLIB_CACHE_LINE_ALIGN_MARK (cacheline0);
+ u8 log2_queue_size;
+ daq_vpp_desc_t *descriptors;
+ volatile u32 *enq_head;
+ volatile u32 *deq_head;
+ volatile u32 *enq_ring;
+ volatile u32 *deq_ring;
+ u32 next_desc;
+ int enq_fd, deq_fd;
+ u32 deq_fd_file_index;
+ u32 *buffer_indices;
+ u16 *next_indices;
+ u32 *freelist;
+ u32 ready;
+
+ /* temporary storeage used by enqueue node */
+ u32 n_pending;
+ u16 pending_nexts[VLIB_FRAME_SIZE];
+ u32 pending_buffers[VLIB_FRAME_SIZE];
+ daq_vpp_desc_t pending_descs[VLIB_FRAME_SIZE];
+} snort_qpair_t;
+
+typedef struct
+{
+ u32 index;
+ u32 client_index;
+ void *shm_base;
+ u32 shm_size;
+ int shm_fd;
+ snort_qpair_t *qpairs;
+ u8 *name;
+ u8 drop_on_disconnect;
+} snort_instance_t;
+
+typedef struct
+{
+ daq_vpp_msg_t msg;
+ int fds[2];
+ int n_fds;
+} snort_client_msg_queue_elt;
+
+typedef struct
+{
+ clib_socket_t socket;
+ u32 instance_index;
+ u32 file_index;
+ snort_client_msg_queue_elt *msg_queue;
+} snort_client_t;
+
+typedef struct
+{
+ /* per-instance dequeue interrupts */
+ void *interrupts;
+} snort_per_thread_data_t;
+
+typedef struct
+{
+ clib_socket_t *listener;
+ snort_client_t *clients;
+ snort_instance_t *instances;
+ uword *instance_by_name;
+ u32 *instance_by_sw_if_index;
+ u8 **buffer_pool_base_addrs;
+ snort_per_thread_data_t *per_thread_data;
+ u32 input_mode;
+ u8 *socket_name;
+} snort_main_t;
+
+extern snort_main_t snort_main;
+extern vlib_node_registration_t snort_enq_node;
+extern vlib_node_registration_t snort_deq_node;
+
+typedef enum
+{
+ SNORT_ENQ_NEXT_DROP,
+ SNORT_ENQ_N_NEXT_NODES,
+} snort_enq_next_t;
+
+#define SNORT_ENQ_NEXT_NODES \
+ { \
+ [SNORT_ENQ_NEXT_DROP] = "error-drop", \
+ }
+
+/* functions */
+clib_error_t *snort_instance_create (vlib_main_t *vm, char *name,
+ u8 log2_queue_sz, u8 drop_on_disconnect);
+clib_error_t *snort_interface_enable_disable (vlib_main_t *vm,
+ char *instance_name,
+ u32 sw_if_index, int is_enable);
+clib_error_t *snort_set_node_mode (vlib_main_t *vm, u32 mode);
+
+always_inline void
+snort_freelist_init (u32 *fl)
+{
+ for (int j = 0; j < vec_len (fl); j++)
+ fl[j] = j;
+}
+
+#endif /* __snort_snort_h__ */