diff options
Diffstat (limited to 'src/plugins/snort/cli.c')
| -rw-r--r-- | src/plugins/snort/cli.c | 205 |
1 files changed, 196 insertions, 9 deletions
diff --git a/src/plugins/snort/cli.c b/src/plugins/snort/cli.c index 08740f41b37..4b6dbc742a7 100644 --- a/src/plugins/snort/cli.c +++ b/src/plugins/snort/cli.c @@ -25,6 +25,7 @@ snort_create_instance_command_fn (vlib_main_t *vm, unformat_input_t *input, u8 *name = 0; u32 queue_size = 1024; u8 drop_on_diconnect = 1; + int rv = 0; /* Get a line of input. */ if (!unformat_user (input, unformat_line_input, line_input)) @@ -60,8 +61,30 @@ snort_create_instance_command_fn (vlib_main_t *vm, unformat_input_t *input, goto done; } - err = snort_instance_create (vm, (char *) name, min_log2 (queue_size), - drop_on_diconnect); + rv = snort_instance_create (vm, (char *) name, min_log2 (queue_size), + drop_on_diconnect); + + switch (rv) + { + case 0: + break; + case VNET_API_ERROR_ENTRY_ALREADY_EXISTS: + err = clib_error_return (0, "instance '%s' already exists", name); + break; + case VNET_API_ERROR_SYSCALL_ERROR_1: + err = clib_error_return (0, "memory fd failure: %U", format_clib_error, + clib_mem_get_last_error ()); + break; + case VNET_API_ERROR_SYSCALL_ERROR_2: + err = clib_error_return (0, "ftruncate failure"); + break; + case VNET_API_ERROR_SYSCALL_ERROR_3: + err = clib_error_return (0, "mmap failure"); + break; + default: + err = clib_error_return (0, "snort_instance_create returned %d", rv); + break; + } done: vec_free (name); @@ -77,6 +100,118 @@ VLIB_CLI_COMMAND (snort_create_instance_command, static) = { }; static clib_error_t * +snort_disconnect_instance_command_fn (vlib_main_t *vm, unformat_input_t *input, + vlib_cli_command_t *cmd) +{ + unformat_input_t _line_input, *line_input = &_line_input; + clib_error_t *err = 0; + u8 *name = 0; + snort_instance_t *si; + int rv = 0; + + if (!unformat_user (input, unformat_line_input, line_input)) + return clib_error_return (0, "please specify instance name"); + + if (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT) + unformat (line_input, "%s", &name); + + if (!name) + { + err = clib_error_return (0, "please specify instance name"); + goto done; + } + + si = snort_get_instance_by_name ((char *) name); + if (!si) + rv = VNET_API_ERROR_NO_SUCH_ENTRY; + else + rv = snort_instance_disconnect (vm, si->index); + + switch (rv) + { + case 0: + break; + case VNET_API_ERROR_NO_SUCH_ENTRY: + err = clib_error_return (0, "unknown instance '%s'", name); + break; + case VNET_API_ERROR_FEATURE_DISABLED: + err = clib_error_return (0, "instance '%s' is not connected", name); + break; + case VNET_API_ERROR_INVALID_VALUE: + err = clib_error_return (0, "failed to disconnect a broken client"); + break; + default: + err = clib_error_return (0, "snort_instance_disconnect returned %d", rv); + break; + } + +done: + vec_free (name); + unformat_free (line_input); + return err; +} + +VLIB_CLI_COMMAND (snort_disconnect_instance_command, static) = { + .path = "snort disconnect instance", + .short_help = "snort disconnect instance <name>", + .function = snort_disconnect_instance_command_fn, +}; + +static clib_error_t * +snort_delete_instance_command_fn (vlib_main_t *vm, unformat_input_t *input, + vlib_cli_command_t *cmd) +{ + unformat_input_t _line_input, *line_input = &_line_input; + clib_error_t *err = 0; + u8 *name = 0; + int rv = 0; + + if (!unformat_user (input, unformat_line_input, line_input)) + return clib_error_return (0, "please specify instance name"); + + if (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT) + unformat (line_input, "%s", &name); + + if (!name) + { + err = clib_error_return (0, "please specify instance name"); + goto done; + } + + snort_instance_t *si = snort_get_instance_by_name ((char *) name); + if (!si) + err = clib_error_return (0, "unknown instance '%s' requested", name); + else + rv = snort_instance_delete (vm, si->index); + + switch (rv) + { + case 0: + break; + case VNET_API_ERROR_NO_SUCH_ENTRY: + err = clib_error_return (0, "instance '%s' deletion failure", name); + break; + case VNET_API_ERROR_INSTANCE_IN_USE: + err = clib_error_return (0, "instance '%s' has connected client", name); + break; + default: + err = clib_error_return (0, "snort_instance_delete returned %d", rv); + break; + } + +done: + vec_free (name); + unformat_free (line_input); + return err; +} + +VLIB_CLI_COMMAND (snort_delete_instance_command, static) = { + .path = "snort delete instance", + .short_help = "snort delete instance <name>", + .function = snort_delete_instance_command_fn, +}; + +static clib_error_t * snort_attach_command_fn (vlib_main_t *vm, unformat_input_t *input, vlib_cli_command_t *cmd) { @@ -86,6 +221,7 @@ snort_attach_command_fn (vlib_main_t *vm, unformat_input_t *input, u8 *name = 0; u32 sw_if_index = ~0; snort_attach_dir_t dir = SNORT_INOUT; + int rv = 0; /* Get a line of input. */ if (!unformat_user (input, unformat_line_input, line_input)) @@ -124,8 +260,29 @@ snort_attach_command_fn (vlib_main_t *vm, unformat_input_t *input, goto done; } - err = - snort_interface_enable_disable (vm, (char *) name, sw_if_index, 1, dir); + rv = snort_interface_enable_disable (vm, (char *) name, sw_if_index, 1, dir); + + switch (rv) + { + case 0: + break; + case VNET_API_ERROR_FEATURE_ALREADY_ENABLED: + /* already attached to same instance */ + break; + case VNET_API_ERROR_INSTANCE_IN_USE: + err = clib_error_return (0, + "interface %U already assigned to " + "an instance", + format_vnet_sw_if_index_name, vnm, sw_if_index); + break; + case VNET_API_ERROR_NO_SUCH_ENTRY: + err = clib_error_return (0, "unknown instance '%s'", name); + break; + default: + err = clib_error_return (0, "snort_interface_enable_disable returned %d", + rv); + break; + } done: vec_free (name); @@ -148,6 +305,7 @@ snort_detach_command_fn (vlib_main_t *vm, unformat_input_t *input, vnet_main_t *vnm = vnet_get_main (); clib_error_t *err = 0; u32 sw_if_index = ~0; + int rv = 0; /* Get a line of input. */ if (!unformat_user (input, unformat_line_input, line_input)) @@ -172,7 +330,23 @@ snort_detach_command_fn (vlib_main_t *vm, unformat_input_t *input, goto done; } - err = snort_interface_enable_disable (vm, 0, sw_if_index, 0, SNORT_INOUT); + rv = snort_interface_enable_disable (vm, 0, sw_if_index, 0, SNORT_INOUT); + + switch (rv) + { + case 0: + break; + case VNET_API_ERROR_INVALID_INTERFACE: + err = clib_error_return (0, + "interface %U is not assigned to snort " + "instance!", + format_vnet_sw_if_index_name, vnm, sw_if_index); + break; + default: + err = clib_error_return (0, "snort_interface_enable_disable returned %d", + rv); + break; + } done: unformat_free (line_input); @@ -213,7 +387,7 @@ snort_show_interfaces_command_fn (vlib_main_t *vm, unformat_input_t *input, snort_instance_t *si; u32 *index; - vlib_cli_output (vm, "interface\tsnort instance"); + vlib_cli_output (vm, "interface\t\tsnort instance"); vec_foreach (index, sm->instance_by_sw_if_index) { if (index[0] != ~0) @@ -237,7 +411,18 @@ snort_show_clients_command_fn (vlib_main_t *vm, unformat_input_t *input, vlib_cli_command_t *cmd) { snort_main_t *sm = &snort_main; - vlib_cli_output (vm, "number of clients: %d", pool_elts (sm->clients)); + u32 n_clients = pool_elts (sm->clients); + snort_client_t *c; + snort_instance_t *si; + + vlib_cli_output (vm, "number of clients: %d", n_clients); + if (n_clients) + vlib_cli_output (vm, "client snort instance"); + pool_foreach (c, sm->clients) + { + si = vec_elt_at_index (sm->instances, c->instance_index); + vlib_cli_output (vm, "%6d %s", c - sm->clients, si->name); + } return 0; } @@ -251,14 +436,16 @@ static clib_error_t * snort_mode_polling_command_fn (vlib_main_t *vm, unformat_input_t *input, vlib_cli_command_t *cmd) { - return snort_set_node_mode (vm, VLIB_NODE_STATE_POLLING); + snort_set_node_mode (vm, VLIB_NODE_STATE_POLLING); + return 0; } static clib_error_t * snort_mode_interrupt_command_fn (vlib_main_t *vm, unformat_input_t *input, vlib_cli_command_t *cmd) { - return snort_set_node_mode (vm, VLIB_NODE_STATE_INTERRUPT); + snort_set_node_mode (vm, VLIB_NODE_STATE_INTERRUPT); + return 0; } VLIB_CLI_COMMAND (snort_mode_polling_command, static) = { |