Package Details: opensnitch-ebpf-module 1.6.3-1

Git Clone URL: https://aur.archlinux.org/opensnitch-ebpf-module.git (read-only, click to copy)
Package Base: opensnitch-ebpf-module
Description: eBPF process monitor module for opensnitch
Upstream URL: https://github.com/evilsocket/opensnitch
Licenses: GPL3
Submitter: nns
Maintainer: nns
Last Packager: nns
Votes: 16
Popularity: 2.07
First Submitted: 2023-02-06 09:27 (UTC)
Last Updated: 2023-08-17 17:19 (UTC)

Pinned Comments

nns commented on 2023-07-07 10:40 (UTC) (edited on 2023-07-07 10:41 (UTC) by nns)

MANJARO USERS, READ ME

Manjaro does not create the /usr/src/linux symlink, which should point to the current kernel headers and is required for this package to build properly. If you wish to use this package, your options are to:

  1. Manually edit the PKGBUILD before building and change the KDIR variable in build() to point to your kernel headers.

  2. Create a pacman hook for the kernel header package which creates the symbolic link automatically. An example can be seen in this comment: https://aur.archlinux.org/packages/opensnitch-ebpf-module?O=10#comment-919081

nns commented on 2022-11-15 09:17 (UTC) (edited on 2023-07-11 10:02 (UTC) by nns)

This is the latest RELEASE version of opensnitch's eBPF module. It is meant to be used with the regular opensnitch package, not the -git version in the AUR. If you're using the -git version of opensnitch, you're looking for this version of the eBPF module package instead.

I intend to keep this up to date with the OpenSnitch releases (as soon as the main package updates).

Latest Comments

1 2 3 4 Next › Last »

nns commented on 2023-07-07 10:40 (UTC) (edited on 2023-07-07 10:41 (UTC) by nns)

MANJARO USERS, READ ME

Manjaro does not create the /usr/src/linux symlink, which should point to the current kernel headers and is required for this package to build properly. If you wish to use this package, your options are to:

  1. Manually edit the PKGBUILD before building and change the KDIR variable in build() to point to your kernel headers.

  2. Create a pacman hook for the kernel header package which creates the symbolic link automatically. An example can be seen in this comment: https://aur.archlinux.org/packages/opensnitch-ebpf-module?O=10#comment-919081

nns commented on 2023-07-07 10:27 (UTC)

@eclairevoyant Thanks, probably will. I realize that the reason why the PKGBUILD wasn't failing in the build() phase properly when clang fatals is because it's set to explicitly pipe to llc, which means make doesn't exit. Submitted a PR upstream that should fix this.

eclairevoyant commented on 2023-07-07 10:24 (UTC)

@nns You might want to pin a comment about Manjaro et al. to save your time in the future

nns commented on 2023-07-07 10:03 (UTC)

You are using Manjaro. This is the Arch user repository.

Please see https://aur.archlinux.org/packages/opensnitch-ebpf-module?O=10#comment-919081 for Manjaro-specific instructions.

Maziar commented on 2023-07-07 09:42 (UTC) (edited on 2023-07-07 09:45 (UTC) by Maziar)

uname : 6.4.1-1.0-MANJARO #1 SMP PREEMPT_DYNAMIC Sat ,,,,, x86_64 GNU/Linux

bad linux hearder path : fatal error: '/usr/src/linux/include/linux/kconfig.h' file not found

pkgbuild : line 20 : KDIR="/usr/src/linux" !!!!!

nns commented on 2023-07-07 09:13 (UTC) (edited on 2023-07-07 09:19 (UTC) by nns)

Yes, that's not correct. Can you post the full compilation log when building the module? (please use something like https://paste.rs/)

You will have to force a rebuild of the package, with makepkg that would be makepkg -sCLf

EDIT: Also, please post the output of uname -a

Maziar commented on 2023-07-07 09:09 (UTC) (edited on 2023-07-07 09:11 (UTC) by Maziar)

rebuild:

Failed to build opensnitch.o properly, section kprobe/tcp_v4_connect missing!

perhaps similar :: this

Maziar commented on 2023-07-07 09:07 (UTC)

llvm-readelf /usr/lib/opensnitchd/ebpf/opensnitch.o --section-headers :

There are 4 section headers, starting at offset 0x70:

Section Headers: [Nr] Name Type Address Off Size ES Flg Lk Inf Al [ 0] NULL 0000000000000000 000000 000000 00 0 0 0 [ 1] .strtab STRTAB 0000000000000000 000058 000017 00 0 0 1 [ 2] .text PROGBITS 0000000000000000 000040 000000 00 AX 0 0 4 [ 3] .symtab SYMTAB 0000000000000000 000040 000018 18 1 1 8 Key to Flags: W (write), A (alloc), X (execute), M (merge), S (strings), I (info), L (link order), O (extra OS processing required), G (group), T (TLS), C (compressed), x (unknown), o (OS specific), E (exclude), R (retain), p (processor specific)

nns commented on 2023-07-07 08:52 (UTC)

I've added a check() in the PKGBUILD that checks whether the required ELF sections exist. Can you rebuild the package and see whether the check succeeds or not?

nns commented on 2023-07-07 08:02 (UTC)

What does the following command output?

llvm-readelf /usr/lib/opensnitchd/ebpf/opensnitch.o --section-headers