[Oisf-users] Suricata and XDP
Nelson, Cooper
cnelson at ucsd.edu
Sat Jun 22 00:11:58 UTC 2019
Ok that turned out to actually be a great idea, I just run suricata without the -D flag and monitor the output.
This is the specific error:
>30: (85) call bpf_trace_printk#6
unknown func bpf_trace_printk#6
>libbpf: -- END LOG --
libbpf: failed to load program 'loadbalancer'
libbpf: failed to load object '/etc/suricata/ebpf/lb.bpf'
Google tells me this is usually due to missing some EBPF features in the kernel, so I recompiled with everything enabled and rebuilt libbpf. I’m still seeing the error.
Is there a canonical list of what needs to be enabled in order for all EBPF functions to be available? Maybe you could send me your /proc/config.gz?
-Coop
-----Original Message-----
From: Eric Leblond <eric at regit.org>
Sent: Friday, June 21, 2019 2:38 PM
To: Nelson, Cooper <cnelson at ucsd.edu>; Peter Manev <petermanev at gmail.com>
Cc: oisf-users at lists.openinfosecfoundation.org
Subject: Re: [Oisf-users] Suricata and XDP
Hi,
On Fri, 2019-06-21 at 21:20 +0000, Nelson, Cooper wrote:
> Still getting these errors:
You should see libbpf output here if Suricata can access stdout. I always get that on failure.
More information about the Oisf-users
mailing list