+/* SPDX-License-Identifier: Apache-2.0
+ * Copyright(c) 2025 Cisco Systems, Inc.
+ */
#include <vlib/vlib.h>
#include <vnet/plugin/plugin.h>
#include <snort/snort.h>
u8 snort_dir = mp->snort_dir;
int rv = VNET_API_ERROR_NO_SUCH_ENTRY;
- if (sw_if_index == INDEX_INVALID)
- rv = VNET_API_ERROR_NO_MATCHING_INTERFACE;
- else
+ VALIDATE_SW_IF_INDEX (mp);
+ switch (snort_dir)
{
- instance = snort_get_instance_by_index (instance_index);
- if (instance)
- rv = snort_interface_enable_disable (vm, (char *) instance->name,
- sw_if_index, 1 /* is_enable */,
- snort_dir);
+ case SNORT_INPUT:
+ case SNORT_OUTPUT:
+ case SNORT_INOUT:
+ break;
+ default:
+ rv = VNET_API_ERROR_INVALID_ARGUMENT;
+ goto bad_sw_if_index;
}
-
+ instance = snort_get_instance_by_index (instance_index);
+ if (instance)
+ {
+ rv = snort_interface_enable_disable (vm, (char *) instance->name,
+ sw_if_index, 1 /* is_enable */,
+ snort_dir);
+ }
+ BAD_SW_IF_INDEX_LABEL;
REPLY_MACRO (VL_API_SNORT_INTERFACE_ATTACH_REPLY);
}
u32 sw_if_index = clib_net_to_host_u32 (mp->sw_if_index);
int rv;
+ VALIDATE_SW_IF_INDEX (mp);
rv = snort_interface_disable_all (vm, sw_if_index);
+ BAD_SW_IF_INDEX_LABEL;
REPLY_MACRO (VL_API_SNORT_INTERFACE_DETACH_REPLY);
}
def test_snort_cli(self):
# TODO: add a test with packets
# { cli command : part of the expected reply }
- print("TEST SNORT CLI")
commands_replies = {
"snort create-instance name snortTest queue-size 16 on-disconnect drop": "",
"snort create-instance name snortTest2 queue-size 16 on-disconnect pass": "",
reply = self.vapi.snort_interface_attach(
instance_index=0, sw_if_index=2, snort_dir=2
)
+ # verify attaching with an invalid direction is rejected
+ try:
+ reply = self.vapi.snort_interface_attach(
+ instance_index=1, sw_if_index=2, snort_dir=4
+ )
+ except:
+ pass
+ else:
+ self.assertNotEqual(reply.retval, 0)
+ reply = self.vapi.cli("show snort interfaces")
+ self.assertNotIn("snortTest1", reply)
+
reply = self.vapi.snort_interface_attach(
instance_index=1, sw_if_index=2, snort_dir=3
)
self.assertIn("input", reply)
self.assertIn("inout", reply)
self.assertIn("output", reply)
+
+ # verify attaching a previously attached interface is rejected
try:
reply = self.vapi.snort_interface_attach(
instance_index=1, sw_if_index=2, snort_dir=2
pass
else:
self.assertNotEqual(reply.retval, 0)
+
+ # verify attaching an invalid sw_if_index is rejected
+ try:
+ reply = self.vapi.snort_interface_attach(
+ instance_index=1, sw_if_index=3, snort_dir=2
+ )
+ except:
+ pass
+ else:
+ self.assertNotEqual(reply.retval, 0)
reply = self.vapi.cli("show snort interfaces")
self.assertIn("snortTest1", reply)
def test_snort_06_detach_if(self):
"""Interfaces can be detached"""
+ # verify detaching an invalid sw_if_index is rejected
try:
reply = self.vapi.snort_interface_detach(sw_if_index=3)
except:
Code Review / vpp.git / commitdiff