From: Eric Leblond <eric@regit.org>
Date: Sun, 23 Jun 2019 14:58:09 +0000 (+0200)
Subject: doc: improve doc on compiling with eBPF support
X-Git-Tag: suricata-5.0.0-rc1~131
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8f1a7de791e10c2f179dcaa86468a062f2b81a12;p=thirdparty%2Fsuricata.git

doc: improve doc on compiling with eBPF support
---

diff --git a/doc/userguide/capture-hardware/ebpf-xdp.rst b/doc/userguide/capture-hardware/ebpf-xdp.rst
index db05d82cb3..ef0c12c323 100644
--- a/doc/userguide/capture-hardware/ebpf-xdp.rst
+++ b/doc/userguide/capture-hardware/ebpf-xdp.rst
@@ -71,12 +71,17 @@ Kernel
 
 You need to run a kernel 4.13 or newer.
 
-Clang
-~~~~~
+Clang and dependencies
+~~~~~~~~~~~~~~~~~~~~~~
 
 Make sure you have clang (>=3.9) installed on the system  ::
 
- sudo apt-get install clang
+ sudo apt install clang
+
+Some i386 headers will also be needed as eBPF is not x86_64 and some include headers
+are architecture specific ::
+
+ sudo apt install libc6-dev-i386 --no-install-recommends
 
 libbpf
 ~~~~~~
@@ -93,6 +98,8 @@ Now, you can build and install the library ::
  sudo make install_headers
  sudo ldconfig
 
+In some cases your system will not find the libbpf library that is installed under
+`/usr/lib64` so you may need to modify your ldconfig configuration.
 
 Compile and install Suricata
 ----------------------------