doc: pointer to bpfctrl

As bpfctrl is currently the easiest way to manage pinned maps, let's point to it. We will switch doc to suricatacl once support has been added.
6 years ago · 4be6701836
parent 8f1a7de791
commit 4be6701836
1 changed files with 2 additions and 2 deletions
--- a/doc/userguide/capture-hardware/ebpf-xdp.rst
+++ b/doc/userguide/capture-hardware/ebpf-xdp.rst
@ -456,7 +456,7 @@ XDP and pinned-maps

 This option can be used to expose the maps of a socket filter to other processes.
 This allows for example, the external handling of a accept list or block list of
-IP addresses. See `scbpf` tool avalable in the `ebpf/scpbf` directory for an example
+IP addresses. See `bpfctrl <https://github.com/StamusNetworks/bpfctrl/>`_ for an example
 of external list handling.

 In the case of XDP, the eBPF filter is attached to the interface so if you
@ -501,7 +501,7 @@ The eBPF filter `filter.bpf` uses a `ipv4_drop` map that contains the set of IPv
 If `pinned-maps` is set to `true` in the interface configuration then the map will be pinned
 under `/sys/fs/bpf/suricata-eth0-ipv4_drop`.

-You can then use a tool to manage the IPv4 addresses in the map.
+You can then use a tool like `bpfctrl` to manage the IPv4 addresses in the map.

 Hardware bypass with Netronome
 ------------------------------