Bug #6250: libbpf: elf: legacy map definitions in 'maps' section are not supported by libbpf v1.0+ - Suricata - Open Information Security Foundation

Actions

Copy link

Bug #6250

open

libbpf: elf: legacy map definitions in 'maps' section are not supported by libbpf v1.0+

Added by Vincent Li about 1 year ago. Updated about 1 year ago.

Status:

New

Priority:

Normal

Assignee:

OISF Dev

Target version:

TBD

Affected Versions:

7.0.0, 6.0.14, 7.0.1, git master

Effort:

Difficulty:

Label:

Description

I followed https://docs.suricata.io/en/latest/capture-hardware/ebpf-xdp.html to compile most recent github libbpf and suricata. when I run:

suricata -c ./suricata-ebpf.yaml --pidfile /var/run/suricata.pid --af-packet -vvv

I got:

libbpf: elf: legacy map definitions in 'maps' section are not supported by libbpf v1.0+
Error: ebpf: Unable to load eBPF objects in '/usr/libexec/suricata/ebpf/xdp_filter.bpf': Operation not supported [EBPFLoadFile:util-ebpf.c:342]
Warning: af-packet: enp4s0f0: failed to load XDP filter file [ParseAFPConfig:runmode-af-packet.c:579]

libbpf: elf: legacy map definitions in 'maps' section are not supported by libbpf v1.0+
Error: ebpf: Unable to load eBPF objects in '/usr/libexec/suricata/ebpf/xdp_filter.bpf': Operation not supported [EBPFLoadFile:util-ebpf.c:342]
Warning: af-packet: enp4s0f1: failed to load XDP filter file [ParseAFPConfig:runmode-af-packet.c:579]

I think the legacy eBPF map definition needs to be updated to be BTF defined eBPF map, I could send up PR to update the map definition. what do you think?

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Bug #6250

libbpf: elf: legacy map definitions in 'maps' section are not supported by libbpf v1.0+

Updated by Vincent Li about 1 year ago

Updated by Vincent Li about 1 year ago