Project

General

Profile

Actions
Copy link

Bug #5200

closed

libbpf: Use of legacy code in eBPF/XDP programs

Added by Lukas Sismis over 2 years ago. Updated almost 2 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Sascha Steinbiss
Target version:
7.0.0-beta1
Affected Versions:
Effort:
Difficulty:
Label:

Description

When running Suricata with (at least) bypass filters of eBPF (bypass_filter.bpf) or XDP (xdp_filter.bpf), libbpf library outputs warnings that certain libbpf API calls are deprecated and should be updated.
As of now, this does not affect the functionality of the examples and only outputs multiple warning lines. Warnings are shown during Suricata initialization.
Running kernel 4.18.

Cutted out part of the Suricata startup log:

[33503] 21/3/2022 -- 22:11:02 - (runmode-af-packet.c:223) <Config> (ParseAFPConfig) -- Enabling locked memory for mmap on iface ens1f1                                                                                                                
[33503] 21/3/2022 -- 22:11:02 - (runmode-af-packet.c:231) <Config> (ParseAFPConfig) -- Enabling tpacket v3 capture on iface ens1f1                                                                                                                    
[33503] 21/3/2022 -- 22:11:02 - (runmode-af-packet.c:321) <Config> (ParseAFPConfig) -- Using queue based cluster mode for AF_PACKET (iface ens1f1)                                                                                                    
[33503] 21/3/2022 -- 22:11:02 - (runmode-af-packet.c:464) <Config> (ParseAFPConfig) -- Using bypass kernel functionality for AF_PACKET (iface ens1f1)                                                                                                 
libbpf: map 'cpu_map' (legacy): legacy map definitions are deprecated, use BTF-defined maps instead                                        
libbpf: map 'cpus_available' (legacy): legacy map definitions are deprecated, use BTF-defined maps instead                                  
libbpf: map 'cpus_count' (legacy): legacy map definitions are deprecated, use BTF-defined maps instead                             
libbpf: map 'flow_table_v4' (legacy): legacy map definitions are deprecated, use BTF-defined maps instead                                
libbpf: map 'flow_table_v6' (legacy): legacy map definitions are deprecated, use BTF-defined maps instead                                
libbpf: map 'tx_peer' (legacy): legacy map definitions are deprecated, use BTF-defined maps instead                                             
libbpf: map 'tx_peer_int' (legacy): legacy map definitions are deprecated, use BTF-defined maps instead                                         
[33503] 21/3/2022 -- 22:11:02 - (util-ebpf.c:469) <Info> (EBPFLoadFile) -- Successfully loaded eBPF file '/usr/libexec/suricata/ebpf/xdp_filter.bpf' on 'ens1f1'                                                                                      
[33503] 21/3/2022 -- 22:11:03 - (util-ioctl.c:442) <Perf> (DisableIfaceOffloadingLinux) -- ens1f1: disabling gro offloading                      
[33503] 21/3/2022 -- 22:11:03 - (util-ioctl.c:449) <Perf> (DisableIfaceOffloadingLinux) -- ens1f1: disabling tso offloading                        
[33503] 21/3/2022 -- 22:11:03 - (util-ioctl.c:456) <Perf> (DisableIfaceOffloadingLinux) -- ens1f1: disabling gso offloading                  
[33503] 21/3/2022 -- 22:11:03 - (util-ioctl.c:463) <Perf> (DisableIfaceOffloadingLinux) -- ens1f1: disabling sg offloading                     
[33503] 21/3/2022 -- 22:11:03 - (util-runmodes.c:281) <Info> (RunModeSetLiveCaptureWorkersForDevice) -- Going to use 8 thread(s) for device ens1f1

Subtasks 1 (0 open1 closed)

Bug #5763: libbpf: Use of legacy code in eBPF/XDP programs (6.0.x backport)ClosedSascha SteinbissActions
Actions
Copy link

Also available in: Atom PDF