From: Eric Leblond <eric@regit.org>
Date: Wed, 13 Dec 2017 22:09:42 +0000 (+0100)
Subject: util-ebpf: add call to remove memlock limit
X-Git-Tag: suricata-4.1.0-beta1~217
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=43ecf0d78d5862cbda341ec9521758b6e7e9df81;p=thirdparty%2Fsuricata.git

util-ebpf: add call to remove memlock limit

Without that, user has to use ulimit to be able to load the eBPF
file.
---

diff --git a/src/util-ebpf.c b/src/util-ebpf.c
index 352f169cdd..20922977ba 100644
--- a/src/util-ebpf.c
+++ b/src/util-ebpf.c
@@ -37,6 +37,9 @@
 
 #ifdef HAVE_PACKET_EBPF
 
+#include <sys/time.h>
+#include <sys/resource.h>
+
 #include "util-ebpf.h"
 #include "util-cpu.h"
 
@@ -100,6 +103,15 @@ int EBPFLoadFile(const char *path, const char * section, int *val, uint8_t flags
         return -1;
     }
 
+    /* Sending the eBPF code to the kernel requires a large amount of
+     * locked memory so we set it to unlimited to avoid a ENOPERM error */
+    struct rlimit r = {RLIM_INFINITY, RLIM_INFINITY};
+    if (setrlimit(RLIMIT_MEMLOCK, &r) != 0) {
+        SCLogError(SC_ERR_MEM_ALLOC, "Unable to lock memory: %s (%d)",
+                   strerror(errno), errno);
+        return -1;
+    }
+
     bpfobj = bpf_object__open(path);
 
     if (libbpf_get_error(bpfobj)) {
@@ -137,8 +149,8 @@ int EBPFLoadFile(const char *path, const char * section, int *val, uint8_t flags
     if (err < 0) {
         if (err == -EPERM) {
             SCLogError(SC_ERR_MEM_ALLOC,
-                    "Permission issue when loading eBPF object try to "
-                    "increase memlock limit: %s (%d)",
+                    "Permission issue when loading eBPF object: "
+                    "%s (%d)",
                     strerror(err),
                     err);
         } else {