suricata-xdp: resolve memlock and stack smashing

suricata XDP support requires xdp-tools with
libbpf 1.4 to resolve stack smash issue.

also workaround memlock operation not permitted
by running suricata as root since load/attach
XDP program requires root privilige anyway.

see: https://github.com/vincentmli/BPFire/issues/54

Usage scenario:

since suricata IPS XDP capture mode works as
layer 2 bridge, BPFire netfilter firewall, NAT
IP route  will be bypassed. no IP address should
be assigned to red0 and green0 interface.

172.16.1.0/24          inline              172.16.1.0/24
red network<-->red0(xdp)<-->green0(xdp)<-->green network

we can run setup command to assign IP/Mask 0.0.0.0/0.0.0.0
to red0 and green0, then reboot BPFire, BPFire DHCP
will stops working after reboot. green network client
can get DHCP IP from upstream dhcp server.

start suricata manually

suricata -c /etc/suricata/suricata-xdp.yaml --af-packet
xdp_filter.bpf program will be attached to red0 and gree0
interface

not sure if we should add GUI for suricata XDP capture mode
since this is not common use case.

Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>

lfs/suricata

@@ -40,7 +40,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = 52e2d64a9afe1e231fdc4b0aed8f920a5b80d5f8a0a78b41641069356947b3003902f9117f113b526f499379e1b1f1885461396713a748d4b3fb50571eec2fa3
+$(DL_FILE)_BLAKE2 = eef2500a22d581b37dafe496a57e664e6cb3aed879f138df5708ffd350bc985b4af875907c7e6cd0cf746ad6495e60414beaecf6069ba9d68b963831359362fc
 
 install : $(TARGET)