Project

General

Profile

Actions
Copy link

Bug #6250

closed
VL OD

libbpf: elf: legacy map definitions in 'maps' section are not supported by libbpf v1.0+

Bug #6250: libbpf: elf: legacy map definitions in 'maps' section are not supported by libbpf v1.0+

Added by Vincent Li over 2 years ago. Updated 9 months ago.

Status:
Closed
Priority:
Normal
Assignee:
OISF Dev
Target version:
8.0.0
Affected Versions:
7.0.0, 6.0.14, 7.0.1, git main
Effort:
Difficulty:
Label:

Description

Hi

I followed https://docs.suricata.io/en/latest/capture-hardware/ebpf-xdp.html to compile most recent github libbpf and suricata. when I run:

suricata -c ./suricata-ebpf.yaml --pidfile /var/run/suricata.pid --af-packet -vvv

I got:

libbpf: elf: legacy map definitions in 'maps' section are not supported by libbpf v1.0+
Error: ebpf: Unable to load eBPF objects in '/usr/libexec/suricata/ebpf/xdp_filter.bpf': Operation not supported [EBPFLoadFile:util-ebpf.c:342]
Warning: af-packet: enp4s0f0: failed to load XDP filter file [ParseAFPConfig:runmode-af-packet.c:579]

libbpf: elf: legacy map definitions in 'maps' section are not supported by libbpf v1.0+
Error: ebpf: Unable to load eBPF objects in '/usr/libexec/suricata/ebpf/xdp_filter.bpf': Operation not supported [EBPFLoadFile:util-ebpf.c:342]
Warning: af-packet: enp4s0f1: failed to load XDP filter file [ParseAFPConfig:runmode-af-packet.c:579]

I think the legacy eBPF map definition needs to be updated to be BTF defined eBPF map, I could send up PR to update the map definition. what do you think?

Actions
Copy link

Also available in: PDF Atom