[Oisf-users] suricata 4.1 eBpf load balance
Peter Manev
petermanev at gmail.com
Mon Sep 24 20:08:54 UTC 2018
On Tue, Sep 18, 2018 at 3:42 PM mazhuang at 17paipai.cn
<mazhuang at 17paipai.cn> wrote:
>
> Hi Eric
> I used the new lb.c error report as shown below
> No permissions? The figure lb.bpf is readable
>
FYI/confirm - I get the same err as well
[28295] 24/9/2018 -- 22:05:50 - (runmode-af-packet.c:344) <Info>
(ParseAFPConfig) -- Using ebpf based cluster mode for AF_PACKET (iface
eth2)
[28295] 24/9/2018 -- 22:05:50 - (runmode-af-packet.c:376) <Config>
(ParseAFPConfig) -- af-packet will use
'/home/pevman/tmp/suricata/ebpf/lb.bpf' as eBPF load balancing file
libbpf: load bpf program failed: Permission denied
libbpf: -- BEGIN DUMP LOG ---
libbpf:
0: (18) r2 = 0xffe0000e
2: (63) *(u32 *)(r1 +48) = r2
3: (61) r0 = *(u32 *)(r1 +16)
4: (15) if r0 == 0xdd86 goto pc+5
R0=inv(id=0,umax_value=4294967295,var_off=(0x0; 0xffffffff))
R1=ctx(id=0,off=0,imm=0) R2=inv4292870158 R10=fp0,call_-1
5: (55) if r0 != 0x8 goto pc+19
R0=inv8 R1=ctx(id=0,off=0,imm=0) R2=inv4292870158 R10=fp0,call_-1
6: (61) r2 = *(u32 *)(r1 +96)
invalid bpf_context access off=96 size=4
libbpf: -- END LOG --
libbpf: failed to load program 'loadbalancer'
libbpf: failed to load object '/home/pevman/tmp/suricata/ebpf/lb.bpf'
[28295] 24/9/2018 -- 22:05:50 - (util-ebpf.c:236) <Error>
(EBPFLoadFile) -- [ERRCODE: SC_ERR_INVALID_VALUE(130)] - Unable to
load eBPF object: Kernel verifier blocks program loading (-4007)
[28295] 24/9/2018 -- 22:05:50 - (runmode-af-packet.c:387) <Warning>
(ParseAFPConfig) -- [ERRCODE: SC_ERR_INVALID_VALUE(130)] - Error when
loading eBPF lb file
Please feel free to open a bug report for the lb part.
>
> ________________________________
> mazhuang at 17paipai.cn
>
>
> From: Eric Leblond
> Date: 2018-09-18 21:24
> To: mazhuang at 17paipai.cn; Peter Manev
> CC: oisf-users
> Subject: Re: [Oisf-users] suricata 4.1 eBpf load balance
> Hello,
>
> On Tue, 2018-09-18 at 21:14 +0800, mazhuang at 17paipai.cn wrote:
> > Hi Peter
> > I'm using the suricata source code itself:
> > https://github.com/OISF/suricata/blob/master/ebpf/lb.c
>
> This code do not support VLAN maybe this is your issue.
>
> I've pushed a new version with VLAN support:
>
> https://github.com/regit/suricata/tree/ebpf-update
>
> Can you give it a try ?
>
> You can or use the branch or copy the lb.c to your source tree.
>
> BR,
> --
> Eric Leblond
>
> >
> > mazhuang at 17paipai.cn
> > >
> > > From: Peter Manev
> > > Date: 2018-09-18 21:12
> > > To: mazhuang
> > > CC: Open Information Security Foundation
> > > Subject: Re: [Oisf-users] suricata 4.1 eBpf load balance
> > > On Tue, Sep 18, 2018 at 2:48 PM mazhuang at 17paipai.cn
> > > <mazhuang at 17paipai.cn> wrote:
> > > >
> > > > Hi All
> > > > I followed
> > > https://suricata.readthedocs.io/en/latest/capture-hardware/ebpf-xdp.html#setup-ebpf-load-balancing
> > > this tutorial to configure ebpf load balancing, but the result was
> > > only one core processing the data
> > > >
> > > >
> > > > Suricata Version:4.1
> > > > OS:Centos 7
> > > > Kernel:Linux yg 4.18.8-1.el7.elrepo.x86_64 #1 SMP Sat Sep 15
> > > 10:10:09 EDT 2018 x86_64 x86_64 x86_64 GNU/Linux
> > > > CPU:Intel(R) Xeon(R) CPU E5-2640 v4 @ 2.40GHz x2
> > > > Memory:128G
> > >
> > >
> > > Can you share your balancer (lb.bpf) so i can try to reproduce?
> > >
> > >
> > >
> > > --
> > > Regards,
> > > Peter Manev
> > >
> >
> > _______________________________________________
> > Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> > Site: http://suricata-ids.org | Support:
> > http://suricata-ids.org/support/
> > List:
> > https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> >
> > Conference: https://suricon.net
> > Trainings: https://suricata-ids.org/training/
> --
> Eric Leblond <eric at regit.org>
>
--
Regards,
Peter Manev
More information about the Oisf-users
mailing list