Af_xdp suricata yaml

ozgur · July 18, 2023, 7:32am

Hi everyone,

I want to start suricata af_xdp mode but I don’t know how to configure suricata.yaml. Can anyone share an example suricata.yaml to start af_xdp mode?

Best regards.

Andreas_Herz · July 18, 2023, 7:40am

You can read more about that on 21.4. eBPF and XDP — Suricata 7.0.0-rc3-dev documentation and 21.6. AF_XDP — Suricata 7.0.0-rc3-dev documentation also the suricata.yaml shipped has the section with some comments.

To start it in that mode you need to pass --af-xdp when you run Suricata.

ozgur · July 19, 2023, 12:56pm

Hi,

Can I use the xdp maps in order to early drop for specific packages which define in suricata.rules?
And is there any xdp program in suricata examples for do this?

Thanks.

Andreas_Herz · July 31, 2023, 7:57pm

You can see examples in https://github.com/OISF/suricata/tree/master/ebpf