Project

General

Profile

Actions
Copy link

Bug #6088

open

xdp/ebpf: updated shipped bpf files to be supported by libbpf v1.0 and higher

Added by Andreas Herz 11 months ago. Updated 11 months ago.

Status:
New
Priority:
Normal
Assignee:
OISF Dev
Target version:
TBD
Affected Versions:
7.0.0-rc1, 6.0.12
Effort:
Difficulty:
Label:

Description

The newer versions of libbpf (v1.0 and higher) do require updates on the shipped ebpf files like bypass_filter, xdp_filter etc.

In 6.0.12 they will error out like this:

25/5/2023 -- 09:00:52 - <Notice> - This is Suricata version 6.0.12 RELEASE running in SYSTEM mode
libbpf: elf: legacy map definitions in 'maps' section are not supported by libbpf v1.0+
25/5/2023 -- 09:00:52 - <Error> - [ERRCODE: SC_ERR_INVALID_VALUE(130)] - Unable to load eBPF objects in 'xdp_lb.bpf': Operation not supported
25/5/2023 -- 09:00:52 - <Warning> - [ERRCODE: SC_ERR_INVALID_VALUE(130)] - Error when loading eBPF filter file

So does 7.0.0-rc1:

i: suricata: This is Suricata version 7.0.0-rc1 RELEASE running in SYSTEM mode
libbpf: elf: legacy map definitions in 'maps' section are not supported by libbpf v1.0+
E: ebpf: Unable to load eBPF objects in 'bypass_filter.bpf': Operation not supported
W: af-packet: enp4s0: failed to load eBPF filter file
Actions
Copy link
 #1

Updated by Lukas Sismis 11 months ago

  • Subject changed from xpd/ebpf: updated shipped bpf files to be supported by libbpf v1.0 and higher to xdp/ebpf: updated shipped bpf files to be supported by libbpf v1.0 and higher
Actions
Copy link

Also available in: Atom PDF