From c454e8993d18670f76b03dca780213860c2e19a2 Mon Sep 17 00:00:00 2001
From: Sivaprasad Tummala <Sivaprasad.Tummala@intel.com>
Date: Sat, 22 Jan 2022 03:09:18 +0530
Subject: snort: feature support on interface output

support snort plugin on interface output via ip4-output fa

Type: feature

Signed-off-by: Sivaprasad Tummala <Sivaprasad.Tummala@intel.com>
Change-Id: I2d5e7d0719c03f88806b12debfe596675dbd66c1
---
 src/plugins/snort/main.c | 38 +++++++++++++++++++++++++++++++++-----
 1 file changed, 33 insertions(+), 5 deletions(-)

(limited to 'src/plugins/snort/main.c')

diff --git a/src/plugins/snort/main.c b/src/plugins/snort/main.c
index 6b7e49a23ad..39c13a8f237 100644
--- a/src/plugins/snort/main.c
+++ b/src/plugins/snort/main.c
@@ -409,12 +409,14 @@ done:
 
 clib_error_t *
 snort_interface_enable_disable (vlib_main_t *vm, char *instance_name,
-				u32 sw_if_index, int is_enable)
+				u32 sw_if_index, int is_enable,
+				snort_attach_dir_t snort_dir)
 {
   snort_main_t *sm = &snort_main;
   vnet_main_t *vnm = vnet_get_main ();
   snort_instance_t *si;
   clib_error_t *err = 0;
+  u64 fa_data;
   u32 index;
 
   if (is_enable)
@@ -440,8 +442,18 @@ snort_interface_enable_disable (vlib_main_t *vm, char *instance_name,
 	}
 
       index = sm->instance_by_sw_if_index[sw_if_index] = si->index;
-      vnet_feature_enable_disable ("ip4-unicast", "snort-enq", sw_if_index, 1,
-				   &index, sizeof (index));
+      if (snort_dir & SNORT_INPUT)
+	{
+	  fa_data = (u64) index;
+	  vnet_feature_enable_disable ("ip4-unicast", "snort-enq", sw_if_index,
+				       1, &fa_data, sizeof (fa_data));
+	}
+      if (snort_dir & SNORT_OUTPUT)
+	{
+	  fa_data = (1LL << 32 | index);
+	  vnet_feature_enable_disable ("ip4-output", "snort-enq", sw_if_index,
+				       1, &fa_data, sizeof (fa_data));
+	}
     }
   else
     {
@@ -459,8 +471,18 @@ snort_interface_enable_disable (vlib_main_t *vm, char *instance_name,
       si = vec_elt_at_index (sm->instances, index);
 
       sm->instance_by_sw_if_index[sw_if_index] = ~0;
-      vnet_feature_enable_disable ("ip4-unicast", "snort-enq", sw_if_index, 0,
-				   &index, sizeof (index));
+      if (snort_dir & SNORT_INPUT)
+	{
+	  fa_data = (u64) index;
+	  vnet_feature_enable_disable ("ip4-unicast", "snort-enq", sw_if_index,
+				       0, &fa_data, sizeof (fa_data));
+	}
+      if (snort_dir & SNORT_OUTPUT)
+	{
+	  fa_data = (1LL << 32 | index);
+	  vnet_feature_enable_disable ("ip4-output", "snort-enq", sw_if_index,
+				       0, &fa_data, sizeof (fa_data));
+	}
     }
 
 done:
@@ -527,3 +549,9 @@ VNET_FEATURE_INIT (snort_enq, static) = {
   .node_name = "snort-enq",
   .runs_before = VNET_FEATURES ("ip4-lookup"),
 };
+
+VNET_FEATURE_INIT (snort_enq_out, static) = {
+  .arc_name = "ip4-output",
+  .node_name = "snort-enq",
+  .runs_before = VNET_FEATURES ("interface-output"),
+};
-- 
cgit 1.2.3-korg