[Oisf-users] Suricata and XDP
Peter Manev
petermanev at gmail.com
Fri Jun 7 20:04:53 UTC 2019
On Fri, Jun 7, 2019 at 7:24 PM ltishend <ltishend at uw.edu> wrote:
>
> Hey All,
>
> I'm trying to get XDP working on my system with suricata and I'm running into this error:
>
> [17298] 7/6/2019 -- 08:45:34 - (util-ebpf.c:308) <Error> (EBPFSetupXDP) -- [ERRCODE: SC_ERR_INVALID_VALUE(130)] - Unable to set XDP on 'enp175s0f1': Invalid argument (-22)
> [17298] 7/6/2019 -- 08:45:34 - (runmode-af-packet.c:486) <Warning> (ParseAFPConfig) -- [ERRCODE: SC_ERR_INVALID_VALUE(130)] - Error when setting up XDP
>
> I'm running Ubuntu 18.04.2 using kernel 4.18.0-21-generic.
> Network card uses the i40e driver (Intel X710).
>
> Interface config is:
>
> af-packet:
> - interface: enp175s0f1
> threads: 13
> cluster-id: 97
> cluster-type: cluster_qm
> xdp-mode: driver
> xdp-filter-file: /etc/suricata/xdp_filter.bpf
> bypass: yes
> defrag: yes
> use-mmap: yes
> tpacket-v3: yes
> ring-size: 200000
> block-size: 1048576
>
> After this suricata continues to load and function normally, I'm just not getting the XDP benefits for flow dropping. Any suggestions would be much appreciated.
>
Which Suricata version are you using ?
> Thanks
>
> --Leif
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
> Conference: https://suricon.net
> Trainings: https://suricata-ids.org/training/
--
Regards,
Peter Manev
More information about the Oisf-users
mailing list