message(STATUS "snort plugin needs libdaq ${DAQ_VER} - found at ${LIBDAQ_LINK_LIBRARY}")
-include_directories (${LIBDAQ_INCLUDE_DIR})
-
add_vpp_plugin(snort
SOURCES
cli.c
snort.api
INSTALL_HEADERS
+ daq_vpp_shared.h
export.h
MULTIARCH_SOURCES
target_compile_options (daq_vpp PRIVATE "-fvisibility=hidden")
target_compile_options (daq_vpp PRIVATE "-DHAVE_VISIBILITY")
target_compile_options (daq_vpp PRIVATE "-I${LIBDAQ_INCLUDE_DIR}")
+target_compile_options (daq_vpp PRIVATE "-I${VPP_INCLUDE_DIR}/vpp_plugins")
install(TARGETS daq_vpp DESTINATION ${VPP_LIBRARY_DIR}/daq COMPONENT vpp-plugin-snort)
goto done;
}
- rv = snort_instance_create (
- vm,
- &(snort_instance_create_args_t){
- .log2_queue_sz = min_log2 (queue_size),
- .drop_on_disconnect = drop_on_disconnect,
- .drop_bitmap = 1 << DAQ_VERDICT_BLOCK | 1 << DAQ_VERDICT_BLACKLIST,
- .qpairs_per_thread = qpairs_per_thread,
- },
- "%s", name);
+ rv = snort_instance_create (vm,
+ &(snort_instance_create_args_t){
+ .log2_queue_sz = min_log2 (queue_size),
+ .drop_on_disconnect = drop_on_disconnect,
+ .drop_bitmap = 1 << DAQ_VPP_VERDICT_BLOCK |
+ 1 << DAQ_VPP_VERDICT_BLACKLIST,
+ .qpairs_per_thread = qpairs_per_thread,
+ },
+ "%s", name);
switch (rv)
{
(u8 *) qp->deq_ring - (u8 *) si->shm_base, qp->deq_fd,
qp->hdr->deq.head, qp->deq_tail);
- for (u32 i = 0; i < MAX_DAQ_VERDICT; i++)
+ for (u32 i = 0; i < DAQ_VPP_MAX_DAQ_VERDICT; i++)
if (qp->n_packets_by_verdict[i])
{
n += qp->n_packets_by_verdict[i];
-/* SPDX-License-Identifier: Apache-2.0
- * Copyright(c) 2025 Cisco Systems, Inc.
- */
+/*
+** Copyright (C) 2025 Cisco and/or its affiliates. All rights reserved.
+**
+** This program is free software; you can redistribute it and/or modify
+** it under the terms of the GNU General Public License Version 2 as
+** published by the Free Software Foundation. You may not use, modify or
+** distribute this program under any other version of the GNU General
+** Public License.
+**
+** This program is distributed in the hope that it will be useful,
+** but WITHOUT ANY WARRANTY; without even the implied warranty of
+** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+** GNU General Public License for more details.
+**
+** You should have received a copy of the GNU General Public License
+** along with this program; if not, write to the Free Software Foundation, Inc.
+** 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+*/
#define _GNU_SOURCE
#include <stdbool.h>
-/* SPDX-License-Identifier: Apache-2.0
- * Copyright(c) 2025 Cisco Systems, Inc.
- */
+/*
+** Copyright (C) 2025 Cisco and/or its affiliates. All rights reserved.
+**
+** This program is free software; you can redistribute it and/or modify
+** it under the terms of the GNU General Public License Version 2 as
+** published by the Free Software Foundation. You may not use, modify or
+** distribute this program under any other version of the GNU General
+** Public License.
+**
+** This program is distributed in the hope that it will be useful,
+** but WITHOUT ANY WARRANTY; without even the implied warranty of
+** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+** GNU General Public License for more details.
+**
+** You should have received a copy of the GNU General Public License
+** along with this program; if not, write to the Free Software Foundation, Inc.
+** 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+*/
#ifndef __DAQ_VPP_H__
#define __DAQ_VPP_H__
#include <stdint.h>
#include <daq_module_api.h>
-#include "daq_vpp_shared.h"
+#include <snort/daq_vpp_shared.h>
#define __unused __attribute__ ((unused))
#define __aligned(x) __attribute__ ((__aligned__ (x)))
-/* SPDX-License-Identifier: Apache-2.0
- * Copyright(c) 2025 Cisco Systems, Inc.
- */
+/*
+** Copyright (C) 2025 Cisco and/or its affiliates. All rights reserved.
+**
+** This program is free software; you can redistribute it and/or modify
+** it under the terms of the GNU General Public License Version 2 as
+** published by the Free Software Foundation. You may not use, modify or
+** distribute this program under any other version of the GNU General
+** Public License.
+**
+** This program is distributed in the hope that it will be useful,
+** but WITHOUT ANY WARRANTY; without even the implied warranty of
+** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+** GNU General Public License for more details.
+**
+** You should have received a copy of the GNU General Public License
+** along with this program; if not, write to the Free Software Foundation, Inc.
+** 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+*/
#define _GNU_SOURCE
#include <string.h>
head = __atomic_load_n (&h->deq.head, __ATOMIC_RELAXED);
d = h->descs + pe->index;
- d->metadata.verdict = verdict;
+ d->metadata.verdict = (daq_vpp_verdict_t) verdict;
qp->deq_ring[head & mask] = pe->index;
head = head + 1;
__atomic_store_n (&h->deq.head, head, __ATOMIC_RELEASE);
-/* SPDX-License-Identifier: Apache-2.0
- * Copyright(c) 2025 Cisco Systems, Inc.
- */
+/*
+** Copyright (C) 2025 Cisco and/or its affiliates. All rights reserved.
+**
+** This program is free software; you can redistribute it and/or modify
+** it under the terms of the GNU General Public License Version 2 as
+** published by the Free Software Foundation. You may not use, modify or
+** distribute this program under any other version of the GNU General
+** Public License.
+**
+** This program is distributed in the hope that it will be useful,
+** but WITHOUT ANY WARRANTY; without even the implied warranty of
+** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+** GNU General Public License for more details.
+**
+** You should have received a copy of the GNU General Public License
+** along with this program; if not, write to the Free Software Foundation, Inc.
+** 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+*/
#define _GNU_SOURCE
#include <stdio.h>
.connect = {
.num_snort_instances = num_instances,
.daq_version = daq_version_number(),
- .mode = mode,
+ .mode = (daq_vpp_mode_t)mode,
},
},
&reply, 0, 0);
/* SPDX-License-Identifier: Apache-2.0
- * Copyright(c) 2021 Cisco Systems, Inc.
+ * Copyright(c) 2021-2025 Cisco Systems, Inc.
*/
#ifndef __DAQ_VPP_SHARED_H__
#define __DAQ_VPP_SHARED_H__
-#include <stdint.h>
-
#define DAQ_VPP_VERSION 2
#define DAQ_VPP_DEFAULT_SOCKET_FILE "snort.sock"
#define DAQ_VPP_DEFAULT_SOCKET_PATH "/run/vpp/" DAQ_VPP_DEFAULT_SOCKET_FILE
#define DAQ_VPP_MAX_INST_NAME_LEN 32
#define DAQ_VPP_COOKIE 0xa196c3e82a4bc68f
+#define DAQ_VPP_PKT_FLAG_PRE_ROUTING (1 << 2)
+
+typedef enum
+{
+ DAQ_VPP_VERDICT_PASS = 0,
+ DAQ_VPP_VERDICT_BLOCK,
+ DAQ_VPP_VERDICT_REPLACE,
+ DAQ_VPP_VERDICT_WHITELIST,
+ DAQ_VPP_VERDICT_BLACKLIST,
+ DAQ_VPP_VERDICT_IGNORE,
+ DAQ_VPP_MAX_DAQ_VERDICT,
+} daq_vpp_verdict_t;
+
+typedef enum
+{
+ DAQ_VPP_MODE_NONE = 0,
+ DAQ_VPP_MODE_PASSIVE,
+ DAQ_VPP_MODE_INLINE,
+ DAQ_VPP_MODE_READ_FILE,
+ DAQ_VPP_MAX_DAQ_MODE,
+} daq_vpp_mode_t;
typedef uint8_t daq_vpp_buffer_pool_index_t;
typedef uint16_t daq_vpp_input_index_t;
{
uint32_t daq_version;
uint16_t num_snort_instances;
- uint8_t mode; /* DAQ_Mode */
+ daq_vpp_mode_t mode; /* mode */
} daq_vpp_msg_req_connect_t;
typedef struct
};
struct
{
- uint8_t verdict; /* DAQ_Verdict */
+ daq_vpp_verdict_t verdict; /* verdict */
};
uint32_t data[4];
};
daq_vpp_head_tail_t head, tail, old_tail;
daq_vpp_desc_index_t next_free, mask = pow2_mask (qp->log2_queue_size);
u32 drop_bitmap = si->drop_bitmap;
- u16 n_verdicsts[MAX_DAQ_VERDICT] = {};
+ u16 n_verdicsts[DAQ_VPP_MAX_DAQ_VERDICT] = {};
if (PREDICT_FALSE (qp->cleanup_needed))
{
qp->next_free_desc = next_free;
if (n_total)
- for (u32 i = 0; i < MAX_DAQ_VERDICT; i++)
+ for (u32 i = 0; i < DAQ_VPP_MAX_DAQ_VERDICT; i++)
qp->n_packets_by_verdict[i] += n_verdicsts[i];
if (head != tail)
u32 n_pkts = frame->n_vectors, n_left = n_pkts, n_total_left = n_pkts;
u16 instance_indices[VLIB_FRAME_SIZE], *ii = instance_indices;
daq_vpp_pkt_metadata_t metadata = {
- .flags = is_output ? 0 : DAQ_PKT_FLAG_PRE_ROUTING,
+ .flags = is_output ? 0 : DAQ_VPP_PKT_FLAG_PRE_ROUTING,
};
for (; n_left >= 8; n_left -= 4, bi += 4, ii += 4)
u8 *
format_snort_verdict (u8 *s, va_list *args)
{
- DAQ_Verdict v = va_arg (*args, DAQ_Verdict);
- static char *strings[MAX_DAQ_VERDICT] = {
- [DAQ_VERDICT_PASS] = "PASS",
- [DAQ_VERDICT_BLOCK] = "BLOCK",
- [DAQ_VERDICT_REPLACE] = "REPLACE",
- [DAQ_VERDICT_WHITELIST] = "WHITELIST",
- [DAQ_VERDICT_BLACKLIST] = "BLACKLIST",
- [DAQ_VERDICT_IGNORE] = "IGNORE",
+ daq_vpp_verdict_t v = va_arg (*args, daq_vpp_verdict_t);
+ static char *strings[DAQ_VPP_MAX_DAQ_VERDICT] = {
+ [DAQ_VPP_VERDICT_PASS] = "PASS",
+ [DAQ_VPP_VERDICT_BLOCK] = "BLOCK",
+ [DAQ_VPP_VERDICT_REPLACE] = "REPLACE",
+ [DAQ_VPP_VERDICT_WHITELIST] = "WHITELIST",
+ [DAQ_VPP_VERDICT_BLACKLIST] = "BLACKLIST",
+ [DAQ_VPP_VERDICT_IGNORE] = "IGNORE",
};
- if (v >= MAX_DAQ_VERDICT || strings[v] == 0)
+ if (v >= DAQ_VPP_MAX_DAQ_VERDICT || strings[v] == 0)
return format (s, "unknown (%d)", v);
return format (s, "%s", strings[v]);
u8 *
format_snort_mode (u8 *s, va_list *args)
{
- DAQ_Mode v = va_arg (*args, DAQ_Mode);
- static char *strings[MAX_DAQ_MODE] = {
- [DAQ_MODE_NONE] = "none",
- [DAQ_MODE_PASSIVE] = "passive",
- [DAQ_MODE_INLINE] = "inline",
- [DAQ_MODE_READ_FILE] = "read-file",
+ daq_vpp_mode_t v = va_arg (*args, daq_vpp_mode_t);
+ static char *strings[DAQ_VPP_MAX_DAQ_MODE] = {
+ [DAQ_VPP_MODE_NONE] = "none",
+ [DAQ_VPP_MODE_PASSIVE] = "passive",
+ [DAQ_VPP_MODE_INLINE] = "inline",
+ [DAQ_VPP_MODE_READ_FILE] = "read-file",
};
- if (v >= MAX_DAQ_MODE || strings[v] == 0)
+ if (v >= DAQ_VPP_MAX_DAQ_MODE || strings[v] == 0)
return format (s, "unknown (%d)", v);
return format (s, "%s", strings[v]);
#include <vlib/vlib.h>
#include <vnet/vnet.h>
#include <snort/export.h>
-#include <snort/daq/daq_vpp_shared.h>
-
-#include <daq_common.h>
+#include <snort/daq_vpp_shared.h>
#define SNORT_INVALID_CLIENT_INDEX CLIB_U32_MAX
daq_vpp_qpair_id_t qpair_id;
u32 deq_fd_file_index;
u32 dequeue_node_index;
- u64 n_packets_by_verdict[MAX_DAQ_VERDICT];
+ u64 n_packets_by_verdict[DAQ_VPP_MAX_DAQ_VERDICT];
snort_qpair_entry_t entries[];
} snort_qpair_t;
Code Review / vpp.git / commitdiff