Project

General

Profile

Actions

Bug #5200

open

libbpf: Use of legacy code in eBPF/XDP programs

Added by Lukas Sismis 8 months ago. Updated about 1 month ago.

Status:
New
Priority:
Normal
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

When running Suricata with (at least) bypass filters of eBPF (bypass_filter.bpf) or XDP (xdp_filter.bpf), libbpf library outputs warnings that certain libbpf API calls are deprecated and should be updated.
As of now, this does not affect the functionality of the examples and only outputs multiple warning lines. Warnings are shown during Suricata initialization.
Running kernel 4.18.

Cutted out part of the Suricata startup log:

[33503] 21/3/2022 -- 22:11:02 - (runmode-af-packet.c:223) <Config> (ParseAFPConfig) -- Enabling locked memory for mmap on iface ens1f1                                                                                                                
[33503] 21/3/2022 -- 22:11:02 - (runmode-af-packet.c:231) <Config> (ParseAFPConfig) -- Enabling tpacket v3 capture on iface ens1f1                                                                                                                    
[33503] 21/3/2022 -- 22:11:02 - (runmode-af-packet.c:321) <Config> (ParseAFPConfig) -- Using queue based cluster mode for AF_PACKET (iface ens1f1)                                                                                                    
[33503] 21/3/2022 -- 22:11:02 - (runmode-af-packet.c:464) <Config> (ParseAFPConfig) -- Using bypass kernel functionality for AF_PACKET (iface ens1f1)                                                                                                 
libbpf: map 'cpu_map' (legacy): legacy map definitions are deprecated, use BTF-defined maps instead                                        
libbpf: map 'cpus_available' (legacy): legacy map definitions are deprecated, use BTF-defined maps instead                                  
libbpf: map 'cpus_count' (legacy): legacy map definitions are deprecated, use BTF-defined maps instead                             
libbpf: map 'flow_table_v4' (legacy): legacy map definitions are deprecated, use BTF-defined maps instead                                
libbpf: map 'flow_table_v6' (legacy): legacy map definitions are deprecated, use BTF-defined maps instead                                
libbpf: map 'tx_peer' (legacy): legacy map definitions are deprecated, use BTF-defined maps instead                                             
libbpf: map 'tx_peer_int' (legacy): legacy map definitions are deprecated, use BTF-defined maps instead                                         
[33503] 21/3/2022 -- 22:11:02 - (util-ebpf.c:469) <Info> (EBPFLoadFile) -- Successfully loaded eBPF file '/usr/libexec/suricata/ebpf/xdp_filter.bpf' on 'ens1f1'                                                                                      
[33503] 21/3/2022 -- 22:11:03 - (util-ioctl.c:442) <Perf> (DisableIfaceOffloadingLinux) -- ens1f1: disabling gro offloading                      
[33503] 21/3/2022 -- 22:11:03 - (util-ioctl.c:449) <Perf> (DisableIfaceOffloadingLinux) -- ens1f1: disabling tso offloading                        
[33503] 21/3/2022 -- 22:11:03 - (util-ioctl.c:456) <Perf> (DisableIfaceOffloadingLinux) -- ens1f1: disabling gso offloading                  
[33503] 21/3/2022 -- 22:11:03 - (util-ioctl.c:463) <Perf> (DisableIfaceOffloadingLinux) -- ens1f1: disabling sg offloading                     
[33503] 21/3/2022 -- 22:11:03 - (util-runmodes.c:281) <Info> (RunModeSetLiveCaptureWorkersForDevice) -- Going to use 8 thread(s) for device ens1f1

Actions #1

Updated by Philippe Antoine 5 months ago

  • Assignee changed from OISF Dev to Eric Leblond

Eric, would you know about this ?

Actions #2

Updated by Victor Julien about 1 month ago

  • Tracker changed from Support to Bug
  • Assignee changed from Eric Leblond to Community Ticket
  • Target version set to TBD
Actions

Also available in: Atom PDF