[Oisf-users] libbpf: failed to create map (name: 'global_bypass'): Invalid argument(-22)

Vincent Li vincent.mc.li at gmail.com
Wed Nov 13 16:32:05 UTC 2019 

Hi,

I am running Ubuntu 18.04 server with kernel 5.0.0-32-generic,   following
https://suricata.readthedocs.io/en/latest/capture-hardware/ebpf-xdp.html to
test the xdp_filter global bypass feature. Ideally I want to xdp redirect
packet even when suricata is down. I made the changes in xdp_filter.c and
recompile it as below:


*diff --git a/ebpf/xdp_filter.c b/ebpf/xdp_filter.c*

*index 9ef2d92f7..0053f16b1 100644*

*--- a/ebpf/xdp_filter.c*

*+++ b/ebpf/xdp_filter.c*

@@ -58,7 +58,7 @@



 /* no vlan tracking: set it to 0 if you don't use VLAN for tracking. Can

  * also be used as workaround of some hardware offload issue */

-#define VLAN_TRACKING    1

+#define VLAN_TRACKING    0



 struct vlan_hdr {

     __u16      h_vlan_TCI;

@@ -176,7 +176,7 @@ struct bpf_map_def SEC("maps") tx_peer_int = {

 };

 #endif



-#define USE_GLOBAL_BYPASS   0

+#define USE_GLOBAL_BYPASS   1

 #if USE_GLOBAL_BYPASS

 /* single entry to indicate if global bypass switch is on */

 struct bpf_map_def SEC("maps") global_bypass = {



then I started the suricata as:


#strace -e trace=bpf  suricata -c /etc/suricata/suricata.yaml --pidfile
/var/run/suricata.pid  --af-packet  -vvv

..............CUT.........

[5405] 13/11/2019 -- 08:13:06 - (runmode-af-packet.c:272) <Info> (
ParseAFPConfig) -- AF_PACKET IPS mode activated enp4s0f0->enp4s0f1

[5405] 13/11/2019 -- 08:13:06 - (runmode-af-packet.c:328) <Config> (
ParseAFPConfig) -- Using queue based cluster mode for AF_PACKET (iface
enp4s0f0)

[5405] 13/11/2019 -- 08:13:06 - (runmode-af-packet.c:391) <Config> (
ParseAFPConfig) -- Using pinned maps on iface enp4s0f0

bpf(BPF_OBJ_GET, {pathname="/sys/fs/bpf/suricata-enp4s0f0-flow_table_v4",
bpf_fd=0}, 112) = -1 ENOENT (No such file or directory)

bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SOCKET_FILTER, insn_cnt=2,
insns=0x7fffb3a31a10, license="GPL", log_level=0, log_size=0, log_buf=0,
kern_version=0, prog_flags=0}, 112) = 8

bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SOCKET_FILTER, insn_cnt=2,
insns=0x7fffb3a31a10, license="GPL", log_level=0, log_size=0, log_buf=0,
kern_version=0, prog_flags=0, ...}, 112) = 8

bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4,
value_size=32, max_entries=1, map_flags=0, inner_map_fd=0}, 112) = 8

bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SOCKET_FILTER, insn_cnt=5,
insns=0x7fffb3a319f0, license="GPL", log_level=0, log_size=0, log_buf=0,
kern_version=0, prog_flags=0}, 112) = -1 EINVAL (Invalid argument)

bpf(0x12 /* BPF_??? */, 0x7fffb3a31980, 112) = 8

bpf(0x12 /* BPF_??? */, 0x7fffb3a31980, 112) = -1 EINVAL (Invalid argument)

bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_PERCPU_HASH, key_size=16,
value_size=16, max_entries=32768, map_flags=0, inner_map_fd=0, ...}, 112) =
7

bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_PERCPU_HASH, key_size=40,
value_size=16, max_entries=32768, map_flags=0, inner_map_fd=0, ...}, 112) =
8

bpf(BPF_MAP_CREATE, {map_type=0x10 /* BPF_MAP_TYPE_??? */, key_size=4,
value_size=4, max_entries=64, map_flags=0, inner_map_fd=0, ...}, 112) = 9

bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=4,
max_entries=64, map_flags=0, inner_map_fd=0, ...}, 112) = 10

bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=4,
max_entries=1, map_flags=0, inner_map_fd=0, ...}, 112) = 11

bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_DEVMAP, key_size=4,
value_size=4, max_entries=1, map_flags=0, inner_map_fd=0, ...}, 112) = 12

bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=4, value_size=4,
max_entries=1, map_flags=0, inner_map_fd=0, ...}, 112) = 13

bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_ARRAY, key_size=1, value_size=1,
max_entries=1, map_flags=0, inner_map_fd=0, ...}, 112) = -1 EINVAL (Invalid
argument)

libbpf: failed to create map (name: 'global_bypass'): Invalid argument(-22)

libbpf: failed to load object '/usr/libexec/suricata/ebpf/xdp_filter.bpf'

[5405] 13/11/2019 -- 08:13:06 - (util-ebpf.c:400) <*Error*> (EBPFLoadFile)
-- [ERRCODE: SC_ERR_INVALID_VALUE(130)] - Unable to load eBPF object:
Invalid argument (-22)

[5405] 13/11/2019 -- 08:13:06 - (runmode-af-packet.c:532) <Warning> (
ParseAFPConfig) -- [ERRCODE: SC_ERR_INVALID_VALUE(130)] - Error when
loading XDP filter file


Here is my suricata config:


af-packet:

  - interface: enp4s0f0

    threads: auto

    cluster-id: 99

    cluster-type: cluster_qm

    defrag: yes

    use-mmap: yes

    ring-size: 200000

    copy-mode: ips

    copy-iface: enp4s0f1

    xdp-mode: driver

    pinned-maps: true

    pinned-maps-name: ipv4_drop

    xdp-filter-file:  /usr/libexec/suricata/ebpf/xdp_filter.bpf

  - interface: enp4s0f1

    threads: auto

    cluster-id: 100

    cluster-type: cluster_qm

    defrag: yes

    use-mmap: yes

    ring-size: 200000

    copy-mode: ips

    copy-iface: enp4s0f0

    xdp-mode: driver

    pinned-maps: true

    pinned-maps-name: ipv4_drop

    xdp-filter-file:  /usr/libexec/suricata/ebpf/xdp_filter.bpf


any clue?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20191113/51ca4c81/attachment-0001.html>

More information about the Oisf-users mailing list