Hi everyone,
af_xdp mode is enable by default. When I builded source code configuration’s output showed No. I followed latest document called “19.4. eBPF and XDP — Suricata 7.0.0-rc2-dev documentation”. What am I missing? Thanks.
You’re talking about suricata --build-info right? can you post that output?
This is Suricata version 7.0.0-rc2-dev (9a4231d73 2023-05-08)
Features: PCAP_SET_BUFF AF_PACKET HAVE_PACKET_FANOUT LIBCAP_NG HAVE_HTP_URI_NORMALIZE_HOOK PCRE_JIT HAVE_NSS HTTP2_DECOMPRESSION HAVE_LIBJANSSON TLS TLS_C11 MAGIC RUST
SIMD support: SSE_4_2 SSE_4_1 SSE_3
Atomic intrinsics: 1 2 4 8 16 byte(s)
64-bits, Little-endian architecture
GCC version Ubuntu Clang 11.0.0, C version 201112
compiled with _FORTIFY_SOURCE=0
L1 cache line size (CLS)=64
thread local storage method: _Thread_local
compiled with LibHTP v0.5.43, linked against LibHTP v0.5.43
Suricata Configuration:
AF_PACKET support: yes
AF_XDP support: no
DPDK support: no
eBPF support: yes
XDP support: yes
PF_RING support: no
NFQueue support: no
NFLOG support: no
IPFW support: no
Netmap support: no
DAG enabled: no
Napatech enabled: no
WinDivert enabled: no
Unix socket enabled: yes
Detection enabled: yes
Libmagic support: yes
libjansson support: yes
hiredis support: no
hiredis async with libevent: no
PCRE jit: yes
LUA support: no
libluajit: no
GeoIP2 support: no
Non-bundled htp: no
Hyperscan support: no
Libnet support: no
liblz4 support: yes
Landlock support: no
Rust support: yes
Rust strict mode: no
Rust compiler path: /usr/bin/rustc
Rust compiler version: rustc 1.65.0
Cargo path: /usr/bin/cargo
Cargo version: cargo 1.65.0
Python support: yes
Python path: /usr/bin/python3
Install suricatactl: yes
Install suricatasc: yes
Install suricata-update: no, not bundled
Profiling enabled: no
Profiling locks enabled: no
Plugin support (experimental): yes
Development settings:
Coccinelle / spatch: no
Unit tests enabled: no
Debug output enabled: no
Debug validation enabled: no
Fuzz targets enabled: no
Generic build parameters:
Installation prefix: /usr
Configuration directory: /etc/suricata/
Log directory: /var/log/suricata/
–prefix /usr
–sysconfdir /etc
–localstatedir /var
–datarootdir /usr/share
Host: x86_64-pc-linux-gnu
Compiler: clang (exec name) / g++ (real)
GCC Protect enabled: no
GCC march native enabled: yes
GCC Profile enabled: no
Position Independent Executable enabled: no
CFLAGS -g -O2 -fPIC -std=c11 -march=native -I${srcdir}/…/rust/gen -I${srcdir}/…/rust/dist
PCAP_CFLAGS -I/usr/include
SECCFLAGS
What distribution are you using and what libxdp is installed?
I did a quck test and with libxdp 1.3.1 on ArchLinux being installed, the fresh ./configure did output AF_XDP begin enabled.
Which libxdp packages is available for ubuntu 20.04
19.4. eBPF and XDP — Suricata 7.0.0-rc2-dev documentation this document isn’t mention any libxdp package for ubuntu.
I don’t see any libxdp for Ubuntu LTS so far, see Ubuntu – Package Search Results -- libxdp
I builded libxdp from github source and copy file so files under to /usr/lib/ and run configure script but output was same. Have you any suggestion?
For ubuntu 20.04
Blockquote
GitHub - xdp-project/xdp-tools: Utilities and example programs for use with XDP
clone this repo and make libxdp_install. After that I configure suricata source code and af_xdp option was enabled.