From: Mohsin Kazmi Date: Mon, 15 Sep 2025 12:54:47 +0000 (+0000) Subject: snort: refactor to better align the code X-Git-Tag: v26.02-rc0~33 X-Git-Url: https://gerrit.fd.io/r/gitweb?a=commitdiff_plain;h=refs%2Fchanges%2F04%2F43604%2F3;p=vpp.git snort: refactor to better align the code Type: refactor Signed-off-by: Mohsin Kazmi Change-Id: If6c71b96843f082842e1f290885ee0e12384e5d0 --- diff --git a/src/plugins/snort/CMakeLists.txt b/src/plugins/snort/CMakeLists.txt index 895fdd04c58..0e23d191dcd 100644 --- a/src/plugins/snort/CMakeLists.txt +++ b/src/plugins/snort/CMakeLists.txt @@ -27,8 +27,6 @@ endif() message(STATUS "snort plugin needs libdaq ${DAQ_VER} - found at ${LIBDAQ_LINK_LIBRARY}") -include_directories (${LIBDAQ_INCLUDE_DIR}) - add_vpp_plugin(snort SOURCES cli.c @@ -44,6 +42,7 @@ add_vpp_plugin(snort snort.api INSTALL_HEADERS + daq_vpp_shared.h export.h MULTIARCH_SOURCES @@ -59,5 +58,6 @@ set_target_properties(daq_vpp PROPERTIES SOVERSION ${VPP_LIB_VERSION}) target_compile_options (daq_vpp PRIVATE "-fvisibility=hidden") target_compile_options (daq_vpp PRIVATE "-DHAVE_VISIBILITY") target_compile_options (daq_vpp PRIVATE "-I${LIBDAQ_INCLUDE_DIR}") +target_compile_options (daq_vpp PRIVATE "-I${VPP_INCLUDE_DIR}/vpp_plugins") install(TARGETS daq_vpp DESTINATION ${VPP_LIBRARY_DIR}/daq COMPONENT vpp-plugin-snort) diff --git a/src/plugins/snort/cli.c b/src/plugins/snort/cli.c index d04dd392f38..c3ea8499481 100644 --- a/src/plugins/snort/cli.c +++ b/src/plugins/snort/cli.c @@ -87,15 +87,15 @@ snort_create_instance_command_fn (vlib_main_t *vm, unformat_input_t *input, goto done; } - rv = snort_instance_create ( - vm, - &(snort_instance_create_args_t){ - .log2_queue_sz = min_log2 (queue_size), - .drop_on_disconnect = drop_on_disconnect, - .drop_bitmap = 1 << DAQ_VERDICT_BLOCK | 1 << DAQ_VERDICT_BLACKLIST, - .qpairs_per_thread = qpairs_per_thread, - }, - "%s", name); + rv = snort_instance_create (vm, + &(snort_instance_create_args_t){ + .log2_queue_sz = min_log2 (queue_size), + .drop_on_disconnect = drop_on_disconnect, + .drop_bitmap = 1 << DAQ_VPP_VERDICT_BLOCK | + 1 << DAQ_VPP_VERDICT_BLACKLIST, + .qpairs_per_thread = qpairs_per_thread, + }, + "%s", name); switch (rv) { @@ -359,7 +359,7 @@ snort_show_instances_command_fn (vlib_main_t *vm, unformat_input_t *input, (u8 *) qp->deq_ring - (u8 *) si->shm_base, qp->deq_fd, qp->hdr->deq.head, qp->deq_tail); - for (u32 i = 0; i < MAX_DAQ_VERDICT; i++) + for (u32 i = 0; i < DAQ_VPP_MAX_DAQ_VERDICT; i++) if (qp->n_packets_by_verdict[i]) { n += qp->n_packets_by_verdict[i]; diff --git a/src/plugins/snort/daq/config.c b/src/plugins/snort/daq/config.c index ba0fba10cf3..a615bc89286 100644 --- a/src/plugins/snort/daq/config.c +++ b/src/plugins/snort/daq/config.c @@ -1,6 +1,21 @@ -/* SPDX-License-Identifier: Apache-2.0 - * Copyright(c) 2025 Cisco Systems, Inc. - */ +/* +** Copyright (C) 2025 Cisco and/or its affiliates. All rights reserved. +** +** This program is free software; you can redistribute it and/or modify +** it under the terms of the GNU General Public License Version 2 as +** published by the Free Software Foundation. You may not use, modify or +** distribute this program under any other version of the GNU General +** Public License. +** +** This program is distributed in the hope that it will be useful, +** but WITHOUT ANY WARRANTY; without even the implied warranty of +** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +** GNU General Public License for more details. +** +** You should have received a copy of the GNU General Public License +** along with this program; if not, write to the Free Software Foundation, Inc. +** 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. +*/ #define _GNU_SOURCE #include diff --git a/src/plugins/snort/daq/daq_vpp.h b/src/plugins/snort/daq/daq_vpp.h index 720fedd7636..3e6828c39a7 100644 --- a/src/plugins/snort/daq/daq_vpp.h +++ b/src/plugins/snort/daq/daq_vpp.h @@ -1,13 +1,28 @@ -/* SPDX-License-Identifier: Apache-2.0 - * Copyright(c) 2025 Cisco Systems, Inc. - */ +/* +** Copyright (C) 2025 Cisco and/or its affiliates. All rights reserved. +** +** This program is free software; you can redistribute it and/or modify +** it under the terms of the GNU General Public License Version 2 as +** published by the Free Software Foundation. You may not use, modify or +** distribute this program under any other version of the GNU General +** Public License. +** +** This program is distributed in the hope that it will be useful, +** but WITHOUT ANY WARRANTY; without even the implied warranty of +** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +** GNU General Public License for more details. +** +** You should have received a copy of the GNU General Public License +** along with this program; if not, write to the Free Software Foundation, Inc. +** 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. +*/ #ifndef __DAQ_VPP_H__ #define __DAQ_VPP_H__ #include #include -#include "daq_vpp_shared.h" +#include #define __unused __attribute__ ((unused)) #define __aligned(x) __attribute__ ((__aligned__ (x))) diff --git a/src/plugins/snort/daq/main.c b/src/plugins/snort/daq/main.c index 6d7c7b67113..e6ae4044554 100644 --- a/src/plugins/snort/daq/main.c +++ b/src/plugins/snort/daq/main.c @@ -1,6 +1,21 @@ -/* SPDX-License-Identifier: Apache-2.0 - * Copyright(c) 2025 Cisco Systems, Inc. - */ +/* +** Copyright (C) 2025 Cisco and/or its affiliates. All rights reserved. +** +** This program is free software; you can redistribute it and/or modify +** it under the terms of the GNU General Public License Version 2 as +** published by the Free Software Foundation. You may not use, modify or +** distribute this program under any other version of the GNU General +** Public License. +** +** This program is distributed in the hope that it will be useful, +** but WITHOUT ANY WARRANTY; without even the implied warranty of +** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +** GNU General Public License for more details. +** +** You should have received a copy of the GNU General Public License +** along with this program; if not, write to the Free Software Foundation, Inc. +** 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. +*/ #define _GNU_SOURCE #include @@ -643,7 +658,7 @@ daq_vpp_msg_finalize (void *handle, const DAQ_Msg_t *msg, DAQ_Verdict verdict) head = __atomic_load_n (&h->deq.head, __ATOMIC_RELAXED); d = h->descs + pe->index; - d->metadata.verdict = verdict; + d->metadata.verdict = (daq_vpp_verdict_t) verdict; qp->deq_ring[head & mask] = pe->index; head = head + 1; __atomic_store_n (&h->deq.head, head, __ATOMIC_RELEASE); diff --git a/src/plugins/snort/daq/socket.c b/src/plugins/snort/daq/socket.c index b2c7126ba74..1203bbd7af6 100644 --- a/src/plugins/snort/daq/socket.c +++ b/src/plugins/snort/daq/socket.c @@ -1,6 +1,21 @@ -/* SPDX-License-Identifier: Apache-2.0 - * Copyright(c) 2025 Cisco Systems, Inc. - */ +/* +** Copyright (C) 2025 Cisco and/or its affiliates. All rights reserved. +** +** This program is free software; you can redistribute it and/or modify +** it under the terms of the GNU General Public License Version 2 as +** published by the Free Software Foundation. You may not use, modify or +** distribute this program under any other version of the GNU General +** Public License. +** +** This program is distributed in the hope that it will be useful, +** but WITHOUT ANY WARRANTY; without even the implied warranty of +** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +** GNU General Public License for more details. +** +** You should have received a copy of the GNU General Public License +** along with this program; if not, write to the Free Software Foundation, Inc. +** 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. +*/ #define _GNU_SOURCE #include @@ -120,7 +135,7 @@ daq_vpp_connect (daq_vpp_ctx_t *ctx, uint16_t num_instances, DAQ_Mode mode) .connect = { .num_snort_instances = num_instances, .daq_version = daq_version_number(), - .mode = mode, + .mode = (daq_vpp_mode_t)mode, }, }, &reply, 0, 0); diff --git a/src/plugins/snort/daq/daq_vpp_shared.h b/src/plugins/snort/daq_vpp_shared.h similarity index 89% rename from src/plugins/snort/daq/daq_vpp_shared.h rename to src/plugins/snort/daq_vpp_shared.h index 783cc50c341..04f6f0540eb 100644 --- a/src/plugins/snort/daq/daq_vpp_shared.h +++ b/src/plugins/snort/daq_vpp_shared.h @@ -1,17 +1,36 @@ /* SPDX-License-Identifier: Apache-2.0 - * Copyright(c) 2021 Cisco Systems, Inc. + * Copyright(c) 2021-2025 Cisco Systems, Inc. */ #ifndef __DAQ_VPP_SHARED_H__ #define __DAQ_VPP_SHARED_H__ -#include - #define DAQ_VPP_VERSION 2 #define DAQ_VPP_DEFAULT_SOCKET_FILE "snort.sock" #define DAQ_VPP_DEFAULT_SOCKET_PATH "/run/vpp/" DAQ_VPP_DEFAULT_SOCKET_FILE #define DAQ_VPP_MAX_INST_NAME_LEN 32 #define DAQ_VPP_COOKIE 0xa196c3e82a4bc68f +#define DAQ_VPP_PKT_FLAG_PRE_ROUTING (1 << 2) + +typedef enum +{ + DAQ_VPP_VERDICT_PASS = 0, + DAQ_VPP_VERDICT_BLOCK, + DAQ_VPP_VERDICT_REPLACE, + DAQ_VPP_VERDICT_WHITELIST, + DAQ_VPP_VERDICT_BLACKLIST, + DAQ_VPP_VERDICT_IGNORE, + DAQ_VPP_MAX_DAQ_VERDICT, +} daq_vpp_verdict_t; + +typedef enum +{ + DAQ_VPP_MODE_NONE = 0, + DAQ_VPP_MODE_PASSIVE, + DAQ_VPP_MODE_INLINE, + DAQ_VPP_MODE_READ_FILE, + DAQ_VPP_MAX_DAQ_MODE, +} daq_vpp_mode_t; typedef uint8_t daq_vpp_buffer_pool_index_t; typedef uint16_t daq_vpp_input_index_t; @@ -73,7 +92,7 @@ typedef struct { uint32_t daq_version; uint16_t num_snort_instances; - uint8_t mode; /* DAQ_Mode */ + daq_vpp_mode_t mode; /* mode */ } daq_vpp_msg_req_connect_t; typedef struct @@ -159,7 +178,7 @@ typedef struct }; struct { - uint8_t verdict; /* DAQ_Verdict */ + daq_vpp_verdict_t verdict; /* verdict */ }; uint32_t data[4]; }; diff --git a/src/plugins/snort/dequeue.c b/src/plugins/snort/dequeue.c index 85111278423..b567701ecd0 100644 --- a/src/plugins/snort/dequeue.c +++ b/src/plugins/snort/dequeue.c @@ -16,7 +16,7 @@ snort_deq_node_inline (vlib_main_t *vm, vlib_node_runtime_t *node, daq_vpp_head_tail_t head, tail, old_tail; daq_vpp_desc_index_t next_free, mask = pow2_mask (qp->log2_queue_size); u32 drop_bitmap = si->drop_bitmap; - u16 n_verdicsts[MAX_DAQ_VERDICT] = {}; + u16 n_verdicsts[DAQ_VPP_MAX_DAQ_VERDICT] = {}; if (PREDICT_FALSE (qp->cleanup_needed)) { @@ -144,7 +144,7 @@ more: qp->next_free_desc = next_free; if (n_total) - for (u32 i = 0; i < MAX_DAQ_VERDICT; i++) + for (u32 i = 0; i < DAQ_VPP_MAX_DAQ_VERDICT; i++) qp->n_packets_by_verdict[i] += n_verdicsts[i]; if (head != tail) diff --git a/src/plugins/snort/enqueue.c b/src/plugins/snort/enqueue.c index 03b0d64f97d..23caa97807f 100644 --- a/src/plugins/snort/enqueue.c +++ b/src/plugins/snort/enqueue.c @@ -301,7 +301,7 @@ snort_arc_input (vlib_main_t *vm, vlib_node_runtime_t *node, u32 n_pkts = frame->n_vectors, n_left = n_pkts, n_total_left = n_pkts; u16 instance_indices[VLIB_FRAME_SIZE], *ii = instance_indices; daq_vpp_pkt_metadata_t metadata = { - .flags = is_output ? 0 : DAQ_PKT_FLAG_PRE_ROUTING, + .flags = is_output ? 0 : DAQ_VPP_PKT_FLAG_PRE_ROUTING, }; for (; n_left >= 8; n_left -= 4, bi += 4, ii += 4) diff --git a/src/plugins/snort/format.c b/src/plugins/snort/format.c index 9228007a6c5..ae1e2c4bdd8 100644 --- a/src/plugins/snort/format.c +++ b/src/plugins/snort/format.c @@ -80,17 +80,17 @@ format_snort_daq_version (u8 *s, va_list *args) u8 * format_snort_verdict (u8 *s, va_list *args) { - DAQ_Verdict v = va_arg (*args, DAQ_Verdict); - static char *strings[MAX_DAQ_VERDICT] = { - [DAQ_VERDICT_PASS] = "PASS", - [DAQ_VERDICT_BLOCK] = "BLOCK", - [DAQ_VERDICT_REPLACE] = "REPLACE", - [DAQ_VERDICT_WHITELIST] = "WHITELIST", - [DAQ_VERDICT_BLACKLIST] = "BLACKLIST", - [DAQ_VERDICT_IGNORE] = "IGNORE", + daq_vpp_verdict_t v = va_arg (*args, daq_vpp_verdict_t); + static char *strings[DAQ_VPP_MAX_DAQ_VERDICT] = { + [DAQ_VPP_VERDICT_PASS] = "PASS", + [DAQ_VPP_VERDICT_BLOCK] = "BLOCK", + [DAQ_VPP_VERDICT_REPLACE] = "REPLACE", + [DAQ_VPP_VERDICT_WHITELIST] = "WHITELIST", + [DAQ_VPP_VERDICT_BLACKLIST] = "BLACKLIST", + [DAQ_VPP_VERDICT_IGNORE] = "IGNORE", }; - if (v >= MAX_DAQ_VERDICT || strings[v] == 0) + if (v >= DAQ_VPP_MAX_DAQ_VERDICT || strings[v] == 0) return format (s, "unknown (%d)", v); return format (s, "%s", strings[v]); @@ -99,15 +99,15 @@ format_snort_verdict (u8 *s, va_list *args) u8 * format_snort_mode (u8 *s, va_list *args) { - DAQ_Mode v = va_arg (*args, DAQ_Mode); - static char *strings[MAX_DAQ_MODE] = { - [DAQ_MODE_NONE] = "none", - [DAQ_MODE_PASSIVE] = "passive", - [DAQ_MODE_INLINE] = "inline", - [DAQ_MODE_READ_FILE] = "read-file", + daq_vpp_mode_t v = va_arg (*args, daq_vpp_mode_t); + static char *strings[DAQ_VPP_MAX_DAQ_MODE] = { + [DAQ_VPP_MODE_NONE] = "none", + [DAQ_VPP_MODE_PASSIVE] = "passive", + [DAQ_VPP_MODE_INLINE] = "inline", + [DAQ_VPP_MODE_READ_FILE] = "read-file", }; - if (v >= MAX_DAQ_MODE || strings[v] == 0) + if (v >= DAQ_VPP_MAX_DAQ_MODE || strings[v] == 0) return format (s, "unknown (%d)", v); return format (s, "%s", strings[v]); diff --git a/src/plugins/snort/snort.h b/src/plugins/snort/snort.h index a5e33001603..f7ba66df4c0 100644 --- a/src/plugins/snort/snort.h +++ b/src/plugins/snort/snort.h @@ -12,9 +12,7 @@ #include #include #include -#include - -#include +#include #define SNORT_INVALID_CLIENT_INDEX CLIB_U32_MAX @@ -43,7 +41,7 @@ typedef struct daq_vpp_qpair_id_t qpair_id; u32 deq_fd_file_index; u32 dequeue_node_index; - u64 n_packets_by_verdict[MAX_DAQ_VERDICT]; + u64 n_packets_by_verdict[DAQ_VPP_MAX_DAQ_VERDICT]; snort_qpair_entry_t entries[]; } snort_qpair_t;