1 /* SPDX-License-Identifier: Apache-2.0
2 * Copyright(c) 2021 Cisco Systems, Inc.
7 #include <snort/snort.h>
10 format_snort_instance (u8 *s, va_list *args)
12 snort_instance_t *i = va_arg (*args, snort_instance_t *);
13 s = format (s, "%s [idx:%d sz:%d fd:%d]", i->name, i->index, i->shm_size,
20 snort_create_instance_command_fn (vlib_main_t *vm, unformat_input_t *input,
21 vlib_cli_command_t *cmd)
23 unformat_input_t _line_input, *line_input = &_line_input;
24 clib_error_t *err = 0;
26 u32 queue_size = 1024;
27 u8 drop_on_diconnect = 1;
29 /* Get a line of input. */
30 if (!unformat_user (input, unformat_line_input, line_input))
33 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
35 if (unformat (line_input, "queue-size %u", &queue_size))
37 else if (unformat (line_input, "on-disconnect drop"))
38 drop_on_diconnect = 1;
39 else if (unformat (line_input, "on-disconnect pass"))
40 drop_on_diconnect = 0;
41 else if (unformat (line_input, "name %s", &name))
45 err = clib_error_return (0, "unknown input `%U'",
46 format_unformat_error, input);
51 if (!is_pow2 (queue_size))
53 err = clib_error_return (0, "Queue size must be a power of two");
59 err = clib_error_return (0, "please specify instance name");
63 err = snort_instance_create (vm, (char *) name, min_log2 (queue_size),
68 unformat_free (line_input);
72 VLIB_CLI_COMMAND (snort_create_instance_command, static) = {
73 .path = "snort create-instance",
74 .short_help = "snort create-instaince name <name> [queue-size <size>] "
75 "[on-disconnect drop|pass]",
76 .function = snort_create_instance_command_fn,
80 snort_attach_command_fn (vlib_main_t *vm, unformat_input_t *input,
81 vlib_cli_command_t *cmd)
83 unformat_input_t _line_input, *line_input = &_line_input;
84 vnet_main_t *vnm = vnet_get_main ();
85 clib_error_t *err = 0;
88 snort_attach_dir_t dir = SNORT_INOUT;
90 /* Get a line of input. */
91 if (!unformat_user (input, unformat_line_input, line_input))
94 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
96 if (unformat (line_input, "interface %U", unformat_vnet_sw_interface,
99 else if (unformat (line_input, "instance %s", &name))
101 else if (unformat (line_input, "input"))
103 else if (unformat (line_input, "output"))
105 else if (unformat (line_input, "inout"))
109 err = clib_error_return (0, "unknown input `%U'",
110 format_unformat_error, input);
115 if (sw_if_index == ~0)
117 err = clib_error_return (0, "please specify interface");
123 err = clib_error_return (0, "please specify instance name");
128 snort_interface_enable_disable (vm, (char *) name, sw_if_index, 1, dir);
132 unformat_free (line_input);
136 VLIB_CLI_COMMAND (snort_attach_command, static) = {
137 .path = "snort attach",
138 .short_help = "snort attach instance <name> interface <if-name> "
139 "[input|ouput|inout]",
140 .function = snort_attach_command_fn,
143 static clib_error_t *
144 snort_detach_command_fn (vlib_main_t *vm, unformat_input_t *input,
145 vlib_cli_command_t *cmd)
147 unformat_input_t _line_input, *line_input = &_line_input;
148 vnet_main_t *vnm = vnet_get_main ();
149 clib_error_t *err = 0;
150 u32 sw_if_index = ~0;
152 /* Get a line of input. */
153 if (!unformat_user (input, unformat_line_input, line_input))
156 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
158 if (unformat (line_input, "interface %U", unformat_vnet_sw_interface,
163 err = clib_error_return (0, "unknown input `%U'",
164 format_unformat_error, input);
169 if (sw_if_index == ~0)
171 err = clib_error_return (0, "please specify interface");
175 err = snort_interface_enable_disable (vm, 0, sw_if_index, 0, SNORT_INOUT);
178 unformat_free (line_input);
182 VLIB_CLI_COMMAND (snort_detach_command, static) = {
183 .path = "snort detach",
184 .short_help = "snort detach interface <if-name>",
185 .function = snort_detach_command_fn,
188 static clib_error_t *
189 snort_show_instances_command_fn (vlib_main_t *vm, unformat_input_t *input,
190 vlib_cli_command_t *cmd)
192 snort_main_t *sm = &snort_main;
193 snort_instance_t *si;
195 pool_foreach (si, sm->instances)
196 vlib_cli_output (vm, "%U", format_snort_instance, si);
201 VLIB_CLI_COMMAND (snort_show_instances_command, static) = {
202 .path = "show snort instances",
203 .short_help = "show snort instances",
204 .function = snort_show_instances_command_fn,
207 static clib_error_t *
208 snort_show_interfaces_command_fn (vlib_main_t *vm, unformat_input_t *input,
209 vlib_cli_command_t *cmd)
211 snort_main_t *sm = &snort_main;
212 vnet_main_t *vnm = vnet_get_main ();
213 snort_instance_t *si;
216 vlib_cli_output (vm, "interface\tsnort instance");
217 vec_foreach (index, sm->instance_by_sw_if_index)
221 si = vec_elt_at_index (sm->instances, index[0]);
222 vlib_cli_output (vm, "%U:\t%s", format_vnet_sw_if_index_name, vnm,
223 index - sm->instance_by_sw_if_index, si->name);
229 VLIB_CLI_COMMAND (snort_show_interfaces_command, static) = {
230 .path = "show snort interfaces",
231 .short_help = "show snort interfaces",
232 .function = snort_show_interfaces_command_fn,
235 static clib_error_t *
236 snort_show_clients_command_fn (vlib_main_t *vm, unformat_input_t *input,
237 vlib_cli_command_t *cmd)
239 snort_main_t *sm = &snort_main;
240 vlib_cli_output (vm, "number of clients: %d", pool_elts (sm->clients));
244 VLIB_CLI_COMMAND (snort_show_clients_command, static) = {
245 .path = "show snort clients",
246 .short_help = "show snort clients",
247 .function = snort_show_clients_command_fn,
250 static clib_error_t *
251 snort_mode_polling_command_fn (vlib_main_t *vm, unformat_input_t *input,
252 vlib_cli_command_t *cmd)
254 return snort_set_node_mode (vm, VLIB_NODE_STATE_POLLING);
257 static clib_error_t *
258 snort_mode_interrupt_command_fn (vlib_main_t *vm, unformat_input_t *input,
259 vlib_cli_command_t *cmd)
261 return snort_set_node_mode (vm, VLIB_NODE_STATE_INTERRUPT);
264 VLIB_CLI_COMMAND (snort_mode_polling_command, static) = {
265 .path = "snort mode polling",
266 .short_help = "snort mode polling|interrupt",
267 .function = snort_mode_polling_command_fn,
270 VLIB_CLI_COMMAND (snort_mode_interrupt_command, static) = {
271 .path = "snort mode interrupt",
272 .short_help = "snort mode polling|interrupt",
273 .function = snort_mode_interrupt_command_fn,
276 static clib_error_t *
277 snort_show_mode_command_fn (vlib_main_t *vm, unformat_input_t *input,
278 vlib_cli_command_t *cmd)
280 snort_main_t *sm = &snort_main;
282 sm->input_mode == VLIB_NODE_STATE_POLLING ? "polling" : "interrupt";
283 vlib_cli_output (vm, "input mode: %s", mode);
287 VLIB_CLI_COMMAND (snort_show_mode_command, static) = {
288 .path = "show snort mode",
289 .short_help = "show snort mode",
290 .function = snort_show_mode_command_fn,