Actions
Bug #6088
openxdp/ebpf: updated shipped bpf files to be supported by libbpf v1.0 and higher
Description
The newer versions of libbpf (v1.0 and higher) do require updates on the shipped ebpf files like bypass_filter, xdp_filter etc.
In 6.0.12 they will error out like this:
25/5/2023 -- 09:00:52 - <Notice> - This is Suricata version 6.0.12 RELEASE running in SYSTEM mode libbpf: elf: legacy map definitions in 'maps' section are not supported by libbpf v1.0+ 25/5/2023 -- 09:00:52 - <Error> - [ERRCODE: SC_ERR_INVALID_VALUE(130)] - Unable to load eBPF objects in 'xdp_lb.bpf': Operation not supported 25/5/2023 -- 09:00:52 - <Warning> - [ERRCODE: SC_ERR_INVALID_VALUE(130)] - Error when loading eBPF filter file
So does 7.0.0-rc1:
i: suricata: This is Suricata version 7.0.0-rc1 RELEASE running in SYSTEM mode libbpf: elf: legacy map definitions in 'maps' section are not supported by libbpf v1.0+ E: ebpf: Unable to load eBPF objects in 'bypass_filter.bpf': Operation not supported W: af-packet: enp4s0: failed to load eBPF filter file
Updated by Lukas Sismis over 2 years ago
- Subject changed from xpd/ebpf: updated shipped bpf files to be supported by libbpf v1.0 and higher to xdp/ebpf: updated shipped bpf files to be supported by libbpf v1.0 and higher
Updated by Philippe Antoine 16 days ago
Is this still the case in 8 ?
How do we reproduce step by step ?
Updated by Philippe Antoine 13 days ago
libbpf: elf: legacy map definitions in 'maps' section are not supported by libbpf v1.0+
I do not see this with suricata 8 and
pkg-config --modversion libbpf 1.6.2
Actions