aboutsummaryrefslogtreecommitdiffstats
path: root/src/plugins/snort/main.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/plugins/snort/main.c')
-rw-r--r--src/plugins/snort/main.c65
1 files changed, 52 insertions, 13 deletions
diff --git a/src/plugins/snort/main.c b/src/plugins/snort/main.c
index 37b517215bc..2430fcdc5c2 100644
--- a/src/plugins/snort/main.c
+++ b/src/plugins/snort/main.c
@@ -13,7 +13,6 @@ snort_main_t snort_main;
VLIB_REGISTER_LOG_CLASS (snort_log, static) = {
.class_name = "snort",
- .default_syslog_level = VLIB_LOG_LEVEL_DEBUG,
};
#define log_debug(fmt, ...) vlib_log_debug (snort_log.class, fmt, __VA_ARGS__)
@@ -196,9 +195,18 @@ snort_deq_ready (clib_file_t *uf)
snort_per_thread_data_t *ptd =
vec_elt_at_index (sm->per_thread_data, vm->thread_index);
u64 counter;
+ ssize_t bytes_read;
- if (read (uf->file_descriptor, &counter, sizeof (counter)) < 0)
- return clib_error_return (0, "client closed socket");
+ bytes_read = read (uf->file_descriptor, &counter, sizeof (counter));
+ if (bytes_read < 0)
+ {
+ return clib_error_return (0, "client closed socket");
+ }
+
+ if (bytes_read < sizeof (counter))
+ {
+ return clib_error_return (0, "unexpected truncated read");
+ }
clib_interrupt_set (ptd->interrupts, uf->private_data);
vlib_node_set_interrupt_pending (vm, snort_deq_node.index);
@@ -251,8 +259,10 @@ snort_listener_init (vlib_main_t *vm)
s = clib_mem_alloc (sizeof (clib_socket_t));
clib_memset (s, 0, sizeof (clib_socket_t));
s->config = (char *) sm->socket_name;
- s->flags = CLIB_SOCKET_F_IS_SERVER | CLIB_SOCKET_F_ALLOW_GROUP_WRITE |
- CLIB_SOCKET_F_SEQPACKET | CLIB_SOCKET_F_PASSCRED;
+ s->is_server = 1;
+ s->allow_group_write = 1;
+ s->is_seqpacket = 1;
+ s->passcred = 1;
if ((err = clib_socket_init (s)))
{
@@ -299,8 +309,8 @@ snort_instance_create (vlib_main_t *vm, char *name, u8 log2_queue_sz,
/* enq and deq head pointer */
qpair_mem_sz += 2 * round_pow2 (sizeof (u32), align);
- size =
- round_pow2 (tm->n_vlib_mains * qpair_mem_sz, clib_mem_get_page_size ());
+ size = round_pow2 ((uword) tm->n_vlib_mains * qpair_mem_sz,
+ clib_mem_get_page_size ());
fd = clib_mem_vm_create_fd (CLIB_MEM_PAGE_SZ_DEFAULT, "snort instance %s",
name);
@@ -386,7 +396,7 @@ snort_instance_create (vlib_main_t *vm, char *name, u8 log2_queue_sz,
for (i = 0; i < vlib_get_n_threads (); i++)
vlib_node_set_state (vlib_get_main_by_index (i), snort_deq_node.index,
- VLIB_NODE_STATE_INTERRUPT);
+ sm->input_mode);
done:
if (err)
@@ -401,12 +411,14 @@ done:
clib_error_t *
snort_interface_enable_disable (vlib_main_t *vm, char *instance_name,
- u32 sw_if_index, int is_enable)
+ u32 sw_if_index, int is_enable,
+ snort_attach_dir_t snort_dir)
{
snort_main_t *sm = &snort_main;
vnet_main_t *vnm = vnet_get_main ();
snort_instance_t *si;
clib_error_t *err = 0;
+ u64 fa_data;
u32 index;
if (is_enable)
@@ -432,8 +444,18 @@ snort_interface_enable_disable (vlib_main_t *vm, char *instance_name,
}
index = sm->instance_by_sw_if_index[sw_if_index] = si->index;
- vnet_feature_enable_disable ("ip4-unicast", "snort-enq", sw_if_index, 1,
- &index, sizeof (index));
+ if (snort_dir & SNORT_INPUT)
+ {
+ fa_data = (u64) index;
+ vnet_feature_enable_disable ("ip4-unicast", "snort-enq", sw_if_index,
+ 1, &fa_data, sizeof (fa_data));
+ }
+ if (snort_dir & SNORT_OUTPUT)
+ {
+ fa_data = (1LL << 32 | index);
+ vnet_feature_enable_disable ("ip4-output", "snort-enq", sw_if_index,
+ 1, &fa_data, sizeof (fa_data));
+ }
}
else
{
@@ -451,8 +473,18 @@ snort_interface_enable_disable (vlib_main_t *vm, char *instance_name,
si = vec_elt_at_index (sm->instances, index);
sm->instance_by_sw_if_index[sw_if_index] = ~0;
- vnet_feature_enable_disable ("ip4-unicast", "snort-enq", sw_if_index, 0,
- &index, sizeof (index));
+ if (snort_dir & SNORT_INPUT)
+ {
+ fa_data = (u64) index;
+ vnet_feature_enable_disable ("ip4-unicast", "snort-enq", sw_if_index,
+ 0, &fa_data, sizeof (fa_data));
+ }
+ if (snort_dir & SNORT_OUTPUT)
+ {
+ fa_data = (1LL << 32 | index);
+ vnet_feature_enable_disable ("ip4-output", "snort-enq", sw_if_index,
+ 0, &fa_data, sizeof (fa_data));
+ }
}
done:
@@ -490,6 +522,7 @@ static clib_error_t *
snort_init (vlib_main_t *vm)
{
snort_main_t *sm = &snort_main;
+ sm->input_mode = VLIB_NODE_STATE_INTERRUPT;
sm->instance_by_name = hash_create_string (0, sizeof (uword));
vlib_buffer_pool_t *bp;
@@ -518,3 +551,9 @@ VNET_FEATURE_INIT (snort_enq, static) = {
.node_name = "snort-enq",
.runs_before = VNET_FEATURES ("ip4-lookup"),
};
+
+VNET_FEATURE_INIT (snort_enq_out, static) = {
+ .arc_name = "ip4-output",
+ .node_name = "snort-enq",
+ .runs_before = VNET_FEATURES ("interface-output"),
+};