Suricata 6.0.9 no XDP support with libbpf-1.x

jiivas · December 2, 2022, 5:57pm

Hello team,

trying to build suricata 6.0.9 with either

results in only eBPF but no XDP support:

“checking for bpf_set_link_xdp_fd in -lbpf… no”
eBPF support: yes
XDP support: no

Downgrading to libbpf v0.8.1 it’s successfully compiling with both eBPF and XDP support.

“checking for bpf_set_link_xdp_fd in -lbpf… yes”
eBPF support: yes
XDP support: yes

Any ideas?

Thanks in advance,
jiivas

vjulien · December 6, 2022, 10:48am

Looks like @satta did a fix for this in 7? Maybe that can be backported Sascha?

satta · December 6, 2022, 11:02am

Yes, this is likely related to ebpf: update deprecated API calls by satta · Pull Request #7870 · OISF/suricata · GitHub which I created for Suricata 7. Easily backported, see branch GitHub - satta/suricata at backport-libbpf1-fix. I can open a PR against master-6.0.x if you want.

@jiivas can you maybe try my branch above and see if that fixes things for you?

Topic		Replies	Views
Libbpf 1.x with Suricata 6 doesn't support XDP Help	5	658	May 25, 2023
Suricata 6.0.11 XDP error	5	461	May 24, 2023
Suricata 7.x XDP libbpf 1.x support Developers	1	252	February 28, 2024
Suricata with ebpf Help	8	678	January 10, 2023
Enable eBPF and XDP mode in Suricata Help	12	112	August 21, 2024