[Oisf-users] Suricata and XDP

Peter Manev petermanev at gmail.com
Fri Jun 7 20:41:19 UTC 2019 

On Fri, Jun 7, 2019 at 10:07 PM ltishend <ltishend at uw.edu> wrote:
>
> > Which Suricata version are you using ?
>
> 5.0.0-dev
>

What is your start command?

>
> > -----Original Message-----
> > From: Peter Manev <petermanev at gmail.com>
> > Sent: Friday, June 7, 2019 1:05 PM
> > To: ltishend <ltishend at uw.edu>
> > Cc: oisf-users at lists.openinfosecfoundation.org
> > Subject: Re: [Oisf-users] Suricata and XDP
> >
> > On Fri, Jun 7, 2019 at 7:24 PM ltishend <ltishend at uw.edu> wrote:
> > >
> > > Hey All,
> > >
> > > I'm trying to get XDP working on my system with suricata and I'm running into
> > this error:
> > >
> > > [17298] 7/6/2019 -- 08:45:34 - (util-ebpf.c:308) <Error> (EBPFSetupXDP) --
> > [ERRCODE: SC_ERR_INVALID_VALUE(130)] - Unable to set XDP on 'enp175s0f1':
> > Invalid argument (-22)
> > > [17298] 7/6/2019 -- 08:45:34 - (runmode-af-packet.c:486) <Warning>
> > (ParseAFPConfig) -- [ERRCODE: SC_ERR_INVALID_VALUE(130)] - Error when
> > setting up XDP
> > >
> > > I'm running Ubuntu 18.04.2 using kernel 4.18.0-21-generic.
> > > Network card uses the i40e driver (Intel X710).
> > >
> > > Interface config is:
> > >
> > > af-packet:
> > >   - interface: enp175s0f1
> > >     threads: 13
> > >     cluster-id: 97
> > >     cluster-type: cluster_qm
> > >     xdp-mode: driver
> > >     xdp-filter-file: /etc/suricata/xdp_filter.bpf
> > >     bypass: yes
> > >     defrag: yes
> > >     use-mmap: yes
> > >     tpacket-v3: yes
> > >     ring-size: 200000
> > >     block-size: 1048576
> > >
> > > After this suricata continues to load and function normally, I'm just not getting
> > the XDP benefits for flow dropping.  Any suggestions would be much
> > appreciated.
> > >
> >
> >
> > Which Suricata version are you using ?
> >
> > > Thanks
> > >
> > > --Leif
> > >
> > > _______________________________________________
> > > Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> > > Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> > > List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> > >
> > > Conference: https://suricon.net
> > > Trainings: https://suricata-ids.org/training/
> >
> >
> >
> > --
> > Regards,
> > Peter Manev



-- 
Regards,
Peter Manev

More information about the Oisf-users mailing list