nat: nat44-ed cleanup & fixes

[vpp.git] / src / plugins / snort / main.c

diff --git a/src/plugins/snort/main.c b/src/plugins/snort/main.c
index 89ffa88..39c13a8 100644 (file)
--- a/src/plugins/snort/main.c
+++ b/src/plugins/snort/main.c
@@ -195,9 +195,18 @@ snort_deq_ready (clib_file_t *uf)
   snort_per_thread_data_t *ptd =
     vec_elt_at_index (sm->per_thread_data, vm->thread_index);
   u64 counter;
+  ssize_t bytes_read;
 
-  if (read (uf->file_descriptor, &counter, sizeof (counter)) < 0)
-    return clib_error_return (0, "client closed socket");
+  bytes_read = read (uf->file_descriptor, &counter, sizeof (counter));
+  if (bytes_read < 0)
+    {
+      return clib_error_return (0, "client closed socket");
+    }
+
+  if (bytes_read < sizeof (counter))
+    {
+      return clib_error_return (0, "unexpected truncated read");
+    }
 
   clib_interrupt_set (ptd->interrupts, uf->private_data);
   vlib_node_set_interrupt_pending (vm, snort_deq_node.index);
@@ -298,8 +307,8 @@ snort_instance_create (vlib_main_t *vm, char *name, u8 log2_queue_sz,
   /* enq and deq head pointer */
   qpair_mem_sz += 2 * round_pow2 (sizeof (u32), align);
 
-  size =
-    round_pow2 (tm->n_vlib_mains * qpair_mem_sz, clib_mem_get_page_size ());
+  size = round_pow2 ((uword) tm->n_vlib_mains * qpair_mem_sz,
+                    clib_mem_get_page_size ());
   fd = clib_mem_vm_create_fd (CLIB_MEM_PAGE_SZ_DEFAULT, "snort instance %s",
                              name);
 
@@ -400,12 +409,14 @@ done:
 
 clib_error_t *
 snort_interface_enable_disable (vlib_main_t *vm, char *instance_name,
-                               u32 sw_if_index, int is_enable)
+                               u32 sw_if_index, int is_enable,
+                               snort_attach_dir_t snort_dir)
 {
   snort_main_t *sm = &snort_main;
   vnet_main_t *vnm = vnet_get_main ();
   snort_instance_t *si;
   clib_error_t *err = 0;
+  u64 fa_data;
   u32 index;
 
   if (is_enable)
@@ -431,8 +442,18 @@ snort_interface_enable_disable (vlib_main_t *vm, char *instance_name,
        }
 
       index = sm->instance_by_sw_if_index[sw_if_index] = si->index;
-      vnet_feature_enable_disable ("ip4-unicast", "snort-enq", sw_if_index, 1,
-                                  &index, sizeof (index));
+      if (snort_dir & SNORT_INPUT)
+       {
+         fa_data = (u64) index;
+         vnet_feature_enable_disable ("ip4-unicast", "snort-enq", sw_if_index,
+                                      1, &fa_data, sizeof (fa_data));
+       }
+      if (snort_dir & SNORT_OUTPUT)
+       {
+         fa_data = (1LL << 32 | index);
+         vnet_feature_enable_disable ("ip4-output", "snort-enq", sw_if_index,
+                                      1, &fa_data, sizeof (fa_data));
+       }
     }
   else
     {
@@ -450,8 +471,18 @@ snort_interface_enable_disable (vlib_main_t *vm, char *instance_name,
       si = vec_elt_at_index (sm->instances, index);
 
       sm->instance_by_sw_if_index[sw_if_index] = ~0;
-      vnet_feature_enable_disable ("ip4-unicast", "snort-enq", sw_if_index, 0,
-                                  &index, sizeof (index));
+      if (snort_dir & SNORT_INPUT)
+       {
+         fa_data = (u64) index;
+         vnet_feature_enable_disable ("ip4-unicast", "snort-enq", sw_if_index,
+                                      0, &fa_data, sizeof (fa_data));
+       }
+      if (snort_dir & SNORT_OUTPUT)
+       {
+         fa_data = (1LL << 32 | index);
+         vnet_feature_enable_disable ("ip4-output", "snort-enq", sw_if_index,
+                                      0, &fa_data, sizeof (fa_data));
+       }
     }
 
 done:
@@ -518,3 +549,9 @@ VNET_FEATURE_INIT (snort_enq, static) = {
   .node_name = "snort-enq",
   .runs_before = VNET_FEATURES ("ip4-lookup"),
 };
+
+VNET_FEATURE_INIT (snort_enq_out, static) = {
+  .arc_name = "ip4-output",
+  .node_name = "snort-enq",
+  .runs_before = VNET_FEATURES ("interface-output"),
+};