[Oisf-users] Libbpf errors on Make for Suricata from Git
Jeremy A. Grove
jgrove at quadrantsec.com
Thu Aug 29 13:40:02 UTC 2019
That was the fix! Thank you for the input. Maybe this should updated for the 5.0 docs?
Regards,
Jeremy Grove, SSCP
Security Engineer
Quadrant Information Security
o: [ callto:(904)296-9100 | (904)296-9100 ] x100
t: [ callto:(800) 538-9357 | (800) 538-9357 ] x100
e: [ mailto:soc at quadrantsec.com | soc at quadrantsec.com ]
Learn more= about our managed SIEM [ https://a.quadrantsec.com/3D%22https://quadrantsec.com/SaganMSSP%22 | people + product ]
----- Original Message -----
From: "Eric Leblond" <eric at regit.org>
To: "Jeremy A. Grove" <jgrove at quadrantsec.com>, "oisf-users" <oisf-users at lists.openinfosecfoundation.org>
Sent: Wednesday, August 28, 2019 4:07:02 PM
Subject: Re: [Oisf-users] Libbpf errors on Make for Suricata from Git
Hello,
On Wed, 2019-08-28 at 12:43 -0400, Jeremy A. Grove wrote:
> Hi All!
>
> I am venturing into the land of XDP and eBPF.
>
> I am following the instructions from
> https://suricata.readthedocs.io/en/suricata-5.0.0-beta1/capture-hardware/ebpf-xdp.html
Can you try to follow this documentation:
https://suricata.readthedocs.io/en/latest/capture-hardware/ebpf-xdp.html
There is now an out of Linux tree libbpf and the documentation has been
updated to use that and features also some more information. It should
work with the beta1 of Suricata 5.0.
Best regards,
> .
>
> I receive errors from the make command for Suricata.
>
> util-ebpf.c:359:13: error: implicit declaration of function
> 'bpf_program__set_ifindex' is invalid in C99 [-Werror,-Wimplicit-
> function-declaration]
> bpf_program__set_ifindex(bpfprog, ifindex);
> ^
> util-ebpf.c:359:13: warning: this function declaration is not a
> prototype [-Wstrict-prototypes]
> util-ebpf.c:362:13: error: implicit declaration of function
> 'bpf_map__set_ifindex' is invalid in C99 [-Werror,-Wimplicit-
> function-declaration]
> bpf_map__set_ifindex(map, ifindex);
> ^
> util-ebpf.c:362:13: note: did you mean 'bpf_map__set_priv'?
> /usr/local/include/bpf/libbpf.h:244:5: note: 'bpf_map__set_priv'
> declared here
> int bpf_map__set_priv(struct bpf_map *map, void *priv,
> ^
> util-ebpf.c:362:13: warning: this function declaration is not a
> prototype [-Wstrict-prototypes]
> bpf_map__set_ifindex(map, ifindex); ^
>
> I have found where someone had this error before and it was due to
> them having more than one libbpf.h. I do not believe this is the case
> for myself.
>
> I installed libbpf per the above instructions as well and Suricata
> sees it correctly per ldd.
>
> deb10-image suricata # ldd /usr/bin/suricata | grep libbpf
> libbpf.so => /usr/local/lib64/libbpf.so (0x00007f8c9b5f9000)
>
> deb10-image suricata # ls -alh /usr/local/lib64/libbpf.so
> -rwxr-xr-x 1 root staff 108K Aug 28 16:29 /usr/local/lib64/libbpf.so
>
> Any ideas as to why I am receiving this error?
>
>
> Jeremy Grove, SSCP
> Security Engineer
> Quadrant Information Security
>
>
> Learn more= about our managed SIEM people + product
>
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support:
> http://suricata-ids.org/support/
> List:
> https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
> Conference: https://suricon.net
> Trainings: https://suricata-ids.org/training/
--
Eric Leblond <eric at regit.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2131 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20190829/bf31389f/attachment.bin>
More information about the Oisf-users
mailing list