Suricata 7.x XDP libbpf 1.x support

jiivas · December 16, 2023, 9:22pm

Hello team,

I’m unable to load the example xdp filters provided by the suricata 7 release:

xdp_filter.c
xdp_lb.c

The suricata log shows the following error:
“Error: ebpf: Unable to load eBPF objects in ‘/usr/libexec/suricata/ebpf/xdp_lb.bpf’: Operation not supported”

Trying to load the filter via the xdp utilities provides some additional info:
“legacy map definitions in ‘maps’ section are not supported by libbpf v1.0+”

After a quick search I found the following:

Both the xdp_filter.c and xdp_lb.c are still using the old syntax.

EDIT:

Bests,
Jiivas

Andreas_Herz · February 28, 2024, 8:14pm

Hi,

yes those files need updates, feel free to provide patches via Github if you would like to work on it.

Topic		Replies	Views
Libbpf 1.x with Suricata 6 doesn't support XDP Help	5	536	May 25, 2023
Suricata 6.0.9 no XDP support with libbpf-1.x	2	390	December 6, 2022
Suricata 6.0.11 XDP error	5	397	May 24, 2023
Suricata with ebpf Help	8	576	January 10, 2023
Unsuccessful AF_XDP Suricata 7.0.0-rc1 compile Help	5	525	March 22, 2023

Suricata 7.x XDP libbpf 1.x support

Related Topics