To the user who marked this out of date, please see https://github.com/evilsocket/opensnitch/issues/1099#issuecomment-2033143697
Search Criteria
Package Details: opensnitch-ebpf-module 1.6.6-1
Package Actions
Git Clone URL: | https://aur.archlinux.org/opensnitch-ebpf-module.git (read-only, click to copy) |
---|---|
Package Base: | opensnitch-ebpf-module |
Description: | eBPF process monitor module for opensnitch |
Upstream URL: | https://github.com/evilsocket/opensnitch |
Licenses: | GPL3 |
Submitter: | nns |
Maintainer: | nns |
Last Packager: | nns |
Votes: | 24 |
Popularity: | 0.37 |
First Submitted: | 2023-02-06 09:27 (UTC) |
Last Updated: | 2024-09-24 10:00 (UTC) |
Dependencies (7)
- opensnitch (opensnitch-gitAUR)
- bc (bc-ghAUR) (make)
- clang (llvm-rocm-gitAUR, llvm-gitAUR, clang-minimal-gitAUR, clang17-binAUR) (make)
- libelf (elfutils-gitAUR) (make)
- linux-headers (make)
- llvm (llvm-rocm-gitAUR, llvm-gitAUR, llvm-minimal-gitAUR) (make)
- llvm (llvm-rocm-gitAUR, llvm-gitAUR, llvm-minimal-gitAUR) (check)
Required by (0)
Sources (1)
nns commented on 2024-05-12 16:21 (UTC)
99cents commented on 2024-04-06 15:44 (UTC)
don't take this the wrong way ...
not a problem! i realize i was suggesting a Manjaro specific change, though i didn't know whether the suggestion might be more 'correct' for Arch too
thanks
nns commented on 2024-04-06 15:37 (UTC)
No, since that would attempt to use the currently running kernel headers and not actually the kernel headers which you have installed. This would make the package fail to build if you've updated your kernel but haven't rebooted yet, so uname still returns the old version.
Also, don't take this the wrong way, but this is the Arch user repository, Manjaro users are not really my concern.
99cents commented on 2024-04-06 12:12 (UTC)
@nns - 'stasadev' suggested the following on the page you linked (which is what i did in the build file)...
-KDIR="/usr/src/linux"
+KDIR="/usr/lib/modules/$(uname -r)/build"
...is doing the uname thing an option?
nns commented on 2024-04-06 06:47 (UTC)
Yeah, the AUR comment pagination is a bit dumb and the link changes, correct link should be https://aur.archlinux.org/packages/opensnitch-ebpf-module?O=30#comment-919081
DKMS is not an option here - this is an eBPF program and not a kernel module and hence this package does not use DKMS.
99cents commented on 2024-04-05 14:37 (UTC)
@nns - dunno if you want to do this since the issue is Manjaro specific (although perhaps also other Arch derivatives that support multiple kernels), but a commenter in the Manjaro forum said the following...
Technically the maintainer could use dkms and thus avoid the whole debacle on where the headers are.
99cents commented on 2024-04-05 13:53 (UTC)
@linux-aarhus - i understand, which is why i was interested in the content of the comment that no longer exists apparently (https://aur.archlinux.org/packages/opensnitch-ebpf-module?O=10#comment-919081) so that i could learn how to "2. Create a pacman hook for the kernel header package ..." as mentioned in the opening comment
linux-aarhus commented on 2024-04-05 13:43 (UTC) (edited on 2024-04-05 13:45 (UTC) by linux-aarhus)
Manjaro does not create the /usr/src/linux symlink, which should point to the current kernel headers and is required for this package to build properly.
Manjaro has several kernels in the format linuxMajorMinor e.g. linux66 or linux68 and any number of kernels can installed.
To avoid confusion and possible errors when the symlink point to linux68 and booted kernel is linux66 the symlink does not exist.
99cents commented on 2024-04-05 12:34 (UTC)
link is dead...
Create a pacman hook for the kernel header package which creates the symbolic link automatically. An example can be seen in this comment: https://aur.archlinux.org/packages/opensnitch-ebpf-module?O=10#comment-919081
nns commented on 2024-04-02 21:40 (UTC)
I've just pushed 1.6.5-2 of the ebpf module on the AUR, which is really 1.6.4 in disguise, and should fix most issues with incompatible module/main package versions and the log messages being spammed, until 1.6.5 is actually released and the ebpf module package updated. Most people having issues right now should upgrade the opensnitch-ebpf-module package and it should in theory be fine for the time being.
Pinned Comments
nns commented on 2023-07-07 10:40 (UTC) (edited on 2024-04-06 06:48 (UTC) by nns)
MANJARO USERS, READ ME
Manjaro does not create the
/usr/src/linux
symlink, which should point to the current kernel headers and is required for this package to build properly. If you wish to use this package, your options are to:Manually edit the PKGBUILD before building and change the
KDIR
variable inbuild()
to point to your kernel headers.Create a pacman hook for the kernel header package which creates the symbolic link automatically. An example can be seen in this comment: https://aur.archlinux.org/packages/opensnitch-ebpf-module?O=30#comment-919081
nns commented on 2022-11-15 09:17 (UTC) (edited on 2023-07-11 10:02 (UTC) by nns)
This is the latest RELEASE version of opensnitch's eBPF module. It is meant to be used with the regular opensnitch package, not the
-git
version in the AUR. If you're using the-git
version of opensnitch, you're looking for this version of the eBPF module package instead.I intend to keep this up to date with the OpenSnitch releases (as soon as the main package updates).