Project

General

Profile

Actions

Bug #5200

closed

libbpf: Use of legacy code in eBPF/XDP programs

Added by Lukas Sismis almost 3 years ago. Updated about 2 years ago.

Status:
Closed
Priority:
Normal
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

When running Suricata with (at least) bypass filters of eBPF (bypass_filter.bpf) or XDP (xdp_filter.bpf), libbpf library outputs warnings that certain libbpf API calls are deprecated and should be updated.
As of now, this does not affect the functionality of the examples and only outputs multiple warning lines. Warnings are shown during Suricata initialization.
Running kernel 4.18.

Cutted out part of the Suricata startup log:

[33503] 21/3/2022 -- 22:11:02 - (runmode-af-packet.c:223) <Config> (ParseAFPConfig) -- Enabling locked memory for mmap on iface ens1f1                                                                                                                
[33503] 21/3/2022 -- 22:11:02 - (runmode-af-packet.c:231) <Config> (ParseAFPConfig) -- Enabling tpacket v3 capture on iface ens1f1                                                                                                                    
[33503] 21/3/2022 -- 22:11:02 - (runmode-af-packet.c:321) <Config> (ParseAFPConfig) -- Using queue based cluster mode for AF_PACKET (iface ens1f1)                                                                                                    
[33503] 21/3/2022 -- 22:11:02 - (runmode-af-packet.c:464) <Config> (ParseAFPConfig) -- Using bypass kernel functionality for AF_PACKET (iface ens1f1)                                                                                                 
libbpf: map 'cpu_map' (legacy): legacy map definitions are deprecated, use BTF-defined maps instead                                        
libbpf: map 'cpus_available' (legacy): legacy map definitions are deprecated, use BTF-defined maps instead                                  
libbpf: map 'cpus_count' (legacy): legacy map definitions are deprecated, use BTF-defined maps instead                             
libbpf: map 'flow_table_v4' (legacy): legacy map definitions are deprecated, use BTF-defined maps instead                                
libbpf: map 'flow_table_v6' (legacy): legacy map definitions are deprecated, use BTF-defined maps instead                                
libbpf: map 'tx_peer' (legacy): legacy map definitions are deprecated, use BTF-defined maps instead                                             
libbpf: map 'tx_peer_int' (legacy): legacy map definitions are deprecated, use BTF-defined maps instead                                         
[33503] 21/3/2022 -- 22:11:02 - (util-ebpf.c:469) <Info> (EBPFLoadFile) -- Successfully loaded eBPF file '/usr/libexec/suricata/ebpf/xdp_filter.bpf' on 'ens1f1'                                                                                      
[33503] 21/3/2022 -- 22:11:03 - (util-ioctl.c:442) <Perf> (DisableIfaceOffloadingLinux) -- ens1f1: disabling gro offloading                      
[33503] 21/3/2022 -- 22:11:03 - (util-ioctl.c:449) <Perf> (DisableIfaceOffloadingLinux) -- ens1f1: disabling tso offloading                        
[33503] 21/3/2022 -- 22:11:03 - (util-ioctl.c:456) <Perf> (DisableIfaceOffloadingLinux) -- ens1f1: disabling gso offloading                  
[33503] 21/3/2022 -- 22:11:03 - (util-ioctl.c:463) <Perf> (DisableIfaceOffloadingLinux) -- ens1f1: disabling sg offloading                     
[33503] 21/3/2022 -- 22:11:03 - (util-runmodes.c:281) <Info> (RunModeSetLiveCaptureWorkersForDevice) -- Going to use 8 thread(s) for device ens1f1


Subtasks 1 (0 open1 closed)

Bug #5763: libbpf: Use of legacy code in eBPF/XDP programs (6.0.x backport)ClosedSascha SteinbissActions
Actions #1

Updated by Philippe Antoine over 2 years ago

  • Assignee changed from OISF Dev to Eric Leblond

Eric, would you know about this ?

Actions #2

Updated by Victor Julien about 2 years ago

  • Tracker changed from Support to Bug
  • Assignee changed from Eric Leblond to Community Ticket
  • Target version set to TBD
Actions #3

Updated by Jay MJ about 2 years ago

suricata compiling with 6.0.9 and libbpf 1.0.1, turned into an error and won't compile. I ran a pull from GH master (7.0.0-rc1-dev) and the legacy C code appears to have been updated, it compiles and seems to work fine now.

If 6.x series continues, I would kindly suggest the ebpf updated C code be backported.

Actions #4

Updated by Victor Julien about 2 years ago

  • Status changed from New to Resolved
  • Assignee changed from Community Ticket to Sascha Steinbiss
  • Target version changed from TBD to 7.0.0-beta1
Actions #5

Updated by Victor Julien about 2 years ago

  • Subtask #5763 added
Actions #6

Updated by Victor Julien about 2 years ago

  • Status changed from Resolved to Closed

@Jay MJ yup this will be addressed in 6.0.10. See #5763.

Actions

Also available in: Atom PDF