[Oisf-users] Suricata and XDP
Eric Leblond
eric at regit.org
Sat Jun 22 06:20:55 UTC 2019
Hello,
On Sat, 2019-06-22 at 00:11 +0000, Nelson, Cooper wrote:
> Ok that turned out to actually be a great idea, I just run suricata
> without the -D flag and monitor the output.
>
> This is the specific error:
>
> > 30: (85) call bpf_trace_printk#6
> unknown func bpf_trace_printk#6
>
> > libbpf: -- END LOG --
> libbpf: failed to load program 'loadbalancer'
> libbpf: failed to load object '/etc/suricata/ebpf/lb.bpf'
Argh, this is a leftover debug. Can you try the branch at
https://github.com/regit/suricata/tree/ebpf-xdp-update-5.0-v1
the forgotten debug has been removed there.
>
> Google tells me this is usually due to missing some EBPF features in
> the kernel, so I recompiled with everything enabled and rebuilt
> libbpf. I’m still seeing the error.
>
> Is there a canonical list of what needs to be enabled in order for
> all EBPF functions to be available? Maybe you could send me your
> /proc/config.gz?
You need to have printk enable for bpf_trace_printk to work.
++
--
Eric
>
> -Coop
>
> -----Original Message-----
> From: Eric Leblond <eric at regit.org>
> Sent: Friday, June 21, 2019 2:38 PM
> To: Nelson, Cooper <cnelson at ucsd.edu>; Peter Manev <
> petermanev at gmail.com>
> Cc: oisf-users at lists.openinfosecfoundation.org
> Subject: Re: [Oisf-users] Suricata and XDP
>
> Hi,
>
> On Fri, 2019-06-21 at 21:20 +0000, Nelson, Cooper wrote:
> > Still getting these errors:
>
> You should see libbpf output here if Suricata can access stdout. I
> always get that on failure.
>
>
More information about the Oisf-users
mailing list