Bug #5200
closedlibbpf: Use of legacy code in eBPF/XDP programs
Description
When running Suricata with (at least) bypass filters of eBPF (bypass_filter.bpf) or XDP (xdp_filter.bpf), libbpf library outputs warnings that certain libbpf API calls are deprecated and should be updated.
As of now, this does not affect the functionality of the examples and only outputs multiple warning lines. Warnings are shown during Suricata initialization.
Running kernel 4.18.
Cutted out part of the Suricata startup log:
[33503] 21/3/2022 -- 22:11:02 - (runmode-af-packet.c:223) <Config> (ParseAFPConfig) -- Enabling locked memory for mmap on iface ens1f1 [33503] 21/3/2022 -- 22:11:02 - (runmode-af-packet.c:231) <Config> (ParseAFPConfig) -- Enabling tpacket v3 capture on iface ens1f1 [33503] 21/3/2022 -- 22:11:02 - (runmode-af-packet.c:321) <Config> (ParseAFPConfig) -- Using queue based cluster mode for AF_PACKET (iface ens1f1) [33503] 21/3/2022 -- 22:11:02 - (runmode-af-packet.c:464) <Config> (ParseAFPConfig) -- Using bypass kernel functionality for AF_PACKET (iface ens1f1) libbpf: map 'cpu_map' (legacy): legacy map definitions are deprecated, use BTF-defined maps instead libbpf: map 'cpus_available' (legacy): legacy map definitions are deprecated, use BTF-defined maps instead libbpf: map 'cpus_count' (legacy): legacy map definitions are deprecated, use BTF-defined maps instead libbpf: map 'flow_table_v4' (legacy): legacy map definitions are deprecated, use BTF-defined maps instead libbpf: map 'flow_table_v6' (legacy): legacy map definitions are deprecated, use BTF-defined maps instead libbpf: map 'tx_peer' (legacy): legacy map definitions are deprecated, use BTF-defined maps instead libbpf: map 'tx_peer_int' (legacy): legacy map definitions are deprecated, use BTF-defined maps instead [33503] 21/3/2022 -- 22:11:02 - (util-ebpf.c:469) <Info> (EBPFLoadFile) -- Successfully loaded eBPF file '/usr/libexec/suricata/ebpf/xdp_filter.bpf' on 'ens1f1' [33503] 21/3/2022 -- 22:11:03 - (util-ioctl.c:442) <Perf> (DisableIfaceOffloadingLinux) -- ens1f1: disabling gro offloading [33503] 21/3/2022 -- 22:11:03 - (util-ioctl.c:449) <Perf> (DisableIfaceOffloadingLinux) -- ens1f1: disabling tso offloading [33503] 21/3/2022 -- 22:11:03 - (util-ioctl.c:456) <Perf> (DisableIfaceOffloadingLinux) -- ens1f1: disabling gso offloading [33503] 21/3/2022 -- 22:11:03 - (util-ioctl.c:463) <Perf> (DisableIfaceOffloadingLinux) -- ens1f1: disabling sg offloading [33503] 21/3/2022 -- 22:11:03 - (util-runmodes.c:281) <Info> (RunModeSetLiveCaptureWorkersForDevice) -- Going to use 8 thread(s) for device ens1f1
Updated by Philippe Antoine over 2 years ago
- Assignee changed from OISF Dev to Eric Leblond
Eric, would you know about this ?
Updated by Victor Julien about 2 years ago
- Tracker changed from Support to Bug
- Assignee changed from Eric Leblond to Community Ticket
- Target version set to TBD
Updated by Jay MJ almost 2 years ago
suricata compiling with 6.0.9 and libbpf 1.0.1, turned into an error and won't compile. I ran a pull from GH master (7.0.0-rc1-dev) and the legacy C code appears to have been updated, it compiles and seems to work fine now.
If 6.x series continues, I would kindly suggest the ebpf updated C code be backported.
Updated by Victor Julien almost 2 years ago
- Status changed from New to Resolved
- Assignee changed from Community Ticket to Sascha Steinbiss
- Target version changed from TBD to 7.0.0-beta1
Updated by Victor Julien almost 2 years ago
- Status changed from Resolved to Closed