[Oisf-users] Suricata and XDP
ltishend
ltishend at uw.edu
Fri Jun 7 17:22:03 UTC 2019
Hey All,
I'm trying to get XDP working on my system with suricata and I'm running into this error:
[17298] 7/6/2019 -- 08:45:34 - (util-ebpf.c:308) <Error> (EBPFSetupXDP) -- [ERRCODE: SC_ERR_INVALID_VALUE(130)] - Unable to set XDP on 'enp175s0f1': Invalid argument (-22)
[17298] 7/6/2019 -- 08:45:34 - (runmode-af-packet.c:486) <Warning> (ParseAFPConfig) -- [ERRCODE: SC_ERR_INVALID_VALUE(130)] - Error when setting up XDP
I'm running Ubuntu 18.04.2 using kernel 4.18.0-21-generic.
Network card uses the i40e driver (Intel X710).
Interface config is:
af-packet:
- interface: enp175s0f1
threads: 13
cluster-id: 97
cluster-type: cluster_qm
xdp-mode: driver
xdp-filter-file: /etc/suricata/xdp_filter.bpf
bypass: yes
defrag: yes
use-mmap: yes
tpacket-v3: yes
ring-size: 200000
block-size: 1048576
After this suricata continues to load and function normally, I'm just not getting the XDP benefits for flow dropping. Any suggestions would be much appreciated.
Thanks
--Leif
More information about the Oisf-users
mailing list