[Oisf-users] Suricata and XDP
Peter Manev
petermanev at gmail.com
Fri Jun 28 07:47:15 UTC 2019
On Tue, Jun 25, 2019 at 1:58 AM Nelson, Cooper <cnelson at ucsd.edu> wrote:
>
> I feel like I'm getting closer! No libbpf errors at least this time.
>
> However, the load balancing still didn't work and all packets went to a single thread per NIC.
>
What NIC is that (i am sorry if it is a double question and i missed it before)
> After exiting I still saw this error in the logs:
>
> [22888] 24/6/2019 -- 10:03:24 - (util-ebpf.c:308) <Error> (EBPFSetupXDP) -- [ERRCODE: SC_ERR_INVALID_VALUE(130)] - Unable to set XDP on 'enp35s0f0': Invalid argument (-22)
>
> Is there a list published somewhere of what kernel features need to be enabled in order to make full use of eBPF and XDP functionality?
>
> For various reasons (security/stability) I like to run the vanilla sources with only the bare minimum of features enabled. I've turned on everything that matched the XDP/BPF keywords, however I'm wondering if there is some other dependency I'm missing:
>
> $ zcat /proc/config.gz | egrep '(XDP|BPF)'
>
> CONFIG_CGROUP_BPF=y
> CONFIG_BPF=y
> CONFIG_BPF_SYSCALL=y
> CONFIG_BPF_JIT_ALWAYS_ON=y
> CONFIG_XDP_SOCKETS=y
> CONFIG_XDP_SOCKETS_DIAG=y
> CONFIG_BPFILTER=y
> CONFIG_BPFILTER_UMH=y
> CONFIG_NET_CLS_BPF=y
> CONFIG_NET_ACT_BPF=y
> CONFIG_BPF_JIT=y
> CONFIG_BPF_STREAM_PARSER=y
> CONFIG_HAVE_EBPF_JIT=y
> CONFIG_BPF_EVENTS=y
> CONFIG_BPF_KPROBE_OVERRIDE=y
> CONFIG_TEST_BPF=m
>
This one looks good to me.
As a wild suggestion - if you follow the same build/compile process on
Ubuntu - would it compile/run ok ? (just trying to narrow it down, i
know that Ubuntu is irrelevant in this case)
> -Coop
>
> -----Original Message-----
> From: Eric Leblond <eric at regit.org>
> Sent: Friday, June 21, 2019 11:21 PM
> To: Nelson, Cooper <cnelson at ucsd.edu>; Peter Manev <petermanev at gmail.com>
> Cc: oisf-users at lists.openinfosecfoundation.org
> Subject: Re: [Oisf-users] Suricata and XDP
>
> Argh, this is a leftover debug. Can you try the branch at
> https://github.com/regit/suricata/tree/ebpf-xdp-update-5.0-v1
>
> the forgotten debug has been removed there.
>
--
Regards,
Peter Manev
More information about the Oisf-users
mailing list