Package Details: opensnitch-ebpf-module-git 1.6.3.r168.aea75179-1

Git Clone URL: https://aur.archlinux.org/opensnitch-ebpf-module-git.git (read-only, click to copy)
Package Base: opensnitch-ebpf-module-git
Description: eBPF process monitor module for opensnitch
Upstream URL: https://github.com/evilsocket/opensnitch
Licenses: GPL3
Conflicts: opensnitch-ebpf-module
Provides: opensnitch-ebpf-module
Submitter: lsf
Maintainer: lsf
Last Packager: lsf
Votes: 10
Popularity: 0.036166
First Submitted: 2021-07-08 17:14 (UTC)
Last Updated: 2024-09-26 12:32 (UTC)

Latest Comments

1 2 Next › Last »

Joomzie commented on 2026-02-17 04:55 (UTC) (edited on 2026-02-17 05:22 (UTC) by Joomzie)

So, it looks like CachyOS has slightly changed where kernel build data is located. The eBPF module's makefile looks in /lib/modules/*/source, but CachyOS now uses /lib/modules/*/build. With this in mind, as well as a patch from the Git issue I created, I was able to make my own patch that produces a successful build. Again, I'm not sure if this affects Arch, as well, but for CachyOS users, feel free to replace 0001-Build-with-Archlinux.patch with this one. It includes the changes it makes.

cachyos-619.patch:

--- a/ebpf_prog/Makefile
+++ b/ebpf_prog/Makefile
@@ -3,9 +3,10 @@
 # On Debian based distros we need the following 2 directories.
 # Otherwise, just use the kernel headers from the kernel sources.
 #
-KERNEL_VER ?= $(shell ls -d /lib/modules/*/source | sort | tail -1 | cut -d/ -f4)
-KERNEL_DIR ?= /lib/modules/$(KERNEL_VER)/source
+KERNEL_VER ?= $(shell ls -d /lib/modules/*/build | sort | tail -1 | cut -d/ -f4)
+KERNEL_DIR ?= /lib/modules/$(KERNEL_VER)/build
 KERNEL_HEADERS ?= /usr/src/linux-headers-$(KERNEL_VER)/
+KERNEL_6_19_CHECK = $(shell expr "$(KERNEL_VER)" \>= "6.19")
 CC = clang
 LLC ?= llc
 ARCH ?= $(shell uname -m)
@@ -32,12 +33,16 @@

 ifeq ($(ARCH),arm)
    # on previous archs, it fails with "SMP not supported on pre-ARMv6"
-   EXTRA_FLAGS = "-D__LINUX_ARM_ARCH__=7"
+   EXTRA_FLAGS = -D__LINUX_ARM_ARCH__=7
+endif
+ifeq ($(KERNEL_6_19_CHECK),1)
+       EXTRA_FLAGS += -Wno-microsoft-anon-tag -fms-extensions
 endif

 SRC := $(wildcard *.c)
 BIN := $(SRC:.c=.o)
 CFLAGS = -I. \
+   -I$(KERNEL_HEADERS)/arch/$(ARCH)/include/ \
    -I$(KERNEL_HEADERS)/arch/$(ARCH)/include/generated/ \
    -I$(KERNEL_HEADERS)/include \
    -include $(KERNEL_DIR)/include/linux/kconfig.h \
@@ -57,7 +62,8 @@
    -Wno-gnu-variable-sized-type-not-at-end \
    -Wno-address-of-packed-member \
    -Wno-tautological-compare \
-   -Wno-unknown-warning-option  \
+   -Wno-unknown-warning-option \
+   -fcf-protection \
    -fno-stack-protector \
    -g -O2 -emit-llvm

xAsh commented on 2024-09-25 14:13 (UTC) (edited on 2024-09-26 18:42 (UTC) by xAsh)

for anyone else, replace the patch with https://pastebin.com/raw/3ErurtPP, and update the sha256sum

edit: thank you lsf for fixing it

xAsh commented on 2024-09-16 06:46 (UTC)

can't build anymore:

==> Starting prepare()...
patching file Makefile
Hunk #1 FAILED at 29.
Hunk #2 succeeded at 49 (offset 1 line).
1 out of 2 hunks FAILED -- saving rejects to file Makefile.rej
==> ERROR: A failure occurred in prepare().
    Aborting...
 -> error making: opensnitch-ebpf-module-git-exit status 4
 -> Failed to install the following packages. Manual intervention is required:
opensnitch-ebpf-module-git - exit status 4

eclairevoyant commented on 2023-06-10 10:48 (UTC)

binutils, flex must be removed from makedepends as they are part of base-devel.

<deleted-account> commented on 2023-05-29 16:27 (UTC)

Thank you for maintaining this package!

Looks like I'd forgotten to add 0001-Build-with-Archlinux.patch into the PKGBUILD although included in the encompassing patch. It doesn't build from AUR as a result.

UPDATE: this commit has broken the original patch. Here is a new patch to account for changes to Makefile: 0001-Build-with-Archlinux-1.patch

Fun!

lsf commented on 2023-05-29 10:43 (UTC)

@selfdenial: thank you so very much! Things should be fine again now, thanks to your efforts :)

(sorry for taking so long to get things sorted)

<deleted-account> commented on 2023-05-26 02:46 (UTC)

Edit: patches never seems to work well with markdown (patches successfully but makepkg fails). Here is a working link: 0001-Restore-build-with-later-revisions.patch

Hi I'm no expert but I've managed to make this build and might as well share what I've changed:

From 28220349944d729c2676ed34ed29aaf151f57c56 Mon Sep 17 00:00:00 2001
From: no <no@no>
Date: Thu, 25 May 2023 20:29:53 -0600
Subject: [PATCH] Restore build with later revisions.

---
 0001-Build-with-Archlinux.patch | 35 +++++++++++++++++++++++++
 PKGBUILD                        | 46 +++++++++++----------------------
 2 files changed, 50 insertions(+), 31 deletions(-)
 create mode 100644 0001-Build-with-Archlinux.patch

diff --git a/0001-Build-with-Archlinux.patch b/0001-Build-with-Archlinux.patch
new file mode 100644
index 0000000..f2b876b
--- /dev/null
+++ b/0001-Build-with-Archlinux.patch
@@ -0,0 +1,35 @@
+From 3053d8bba78596b8c587273a12a9b3eb6ad81b35 Mon Sep 17 00:00:00 2001
+From: no <no@no>
+Date: Thu, 25 May 2023 19:04:08 -0600
+Subject: [PATCH] Build with Archlinux.
+
+---
+ ebpf_prog/Makefile | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/ebpf_prog/Makefile b/ebpf_prog/Makefile
+index 1bf0b6b..b81d1b4 100644
+--- a/ebpf_prog/Makefile
++++ b/ebpf_prog/Makefile
+@@ -29,6 +29,7 @@ endif
+ 
+ BIN := opensnitch.o opensnitch-procs.o opensnitch-dns.o
+ CLANG_FLAGS = -I. \
++  -I$(KERNEL_HEADERS)/arch/x86/include/ \
+   -I$(KERNEL_HEADERS)/arch/x86/include/generated/ \
+   -I$(KERNEL_HEADERS)/include \
+   -include $(KERNEL_DIR)/include/linux/kconfig.h \
+@@ -45,7 +46,9 @@ CLANG_FLAGS = -I. \
+   $(EXTRA_FLAGS) \
+   -Wno-gnu-variable-sized-type-not-at-end \
+   -Wno-address-of-packed-member -Wno-tautological-compare \
+-  -Wno-unknown-warning-option  \
++  -Wno-unknown-warning-option \
++  -fcf-protection \
++  -fno-stack-protector \
+   -g -O2 -emit-llvm
+ 
+ all: $(BIN)
+-- 
+2.40.1
+
diff --git a/PKGBUILD b/PKGBUILD
index a9db3f9..06aec11 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -2,58 +2,42 @@

 pkgname=opensnitch-ebpf-module-git
 _pkgname=opensnitch
-pkgver=1.6.0rc3.r27.2cdbd97
-pkgrel=2
-_kver=6.0.15
+pkgver=1.6.0rc5.r71.3432c6a
+pkgrel=1
 pkgdesc="eBPF process monitor module for opensnitch"
 arch=('i686' 'x86_64' 'armv6h' 'armv7h' 'aarch64')
 url="https://github.com/evilsocket/opensnitch"
 license=('GPL3')
 makedepends=('git' 'clang' 'llvm' 'libelf'
-             'binutils' 'bc' 'rsync' 'flex')
+             'binutils' 'bc' 'rsync' 'flex'
+             'linux-headers' 'coreutils')
 depends=('opensnitch')
 provides=("${pkgname%-git}")
 conflicts=("${pkgname%-git}")
-source=('git+https://github.com/evilsocket/opensnitch.git'
-        "https://www.kernel.org/pub/linux/kernel/v${_kver%%.*}.x/linux-${_kver}.tar.xz")
-        # "https://github.com/torvalds/linux/archive/v${_kver}.tar.gz")
-sha256sums=('SKIP'
-            'd484eb3d4f88be14b42507a85ad4b0932e92e7a742acbce74e8be007124a6820')
+source=('git+https://github.com/evilsocket/opensnitch.git')
+sha256sums=('SKIP')
 options=('!strip') # we're stripping with llvm-strip

 pkgver() {
-  cd "$srcdir/${_pkgname}"
+  cd "${srcdir}/${_pkgname}"
   git describe --long | sed 's/^v//;s/-rc./rc/;s/\([^-]*-\)g/r\1/;s/-/./g'
 }

 prepare() {
-  cd ${srcdir}/linux-${_kver}
+  cd "${srcdir}/${_pkgname}/ebpf_prog"

-  patch tools/lib/bpf/bpf_helpers.h < ${srcdir}/${_pkgname}/ebpf_prog/file.patch
-  cp ${srcdir}/${_pkgname}/ebpf_prog/opensnitch.c \
-    ${srcdir}/${_pkgname}/ebpf_prog/common.h \
-    ${srcdir}/${_pkgname}/ebpf_prog/common_defs.h \
-    ${srcdir}/${_pkgname}/ebpf_prog/opensnitch-procs.c \
-    ${srcdir}/${_pkgname}/ebpf_prog/opensnitch-dns.c \
-    ${srcdir}/${_pkgname}/ebpf_prog/Makefile samples/bpf
-
-  yes "" | make oldconfig
-  make prepare
+  patch Makefile < "${srcdir}/../0001-Build-with-Archlinux.patch"
 }

 build() {
-  cd ${srcdir}/linux-${_kver}
-
-  make headers_install
+  cd "${srcdir}/${_pkgname}/ebpf_prog"

-  cd samples/bpf
-  make
-  llvm-strip -g opensnitch.o opensnitch-dns.o
+  KERNEL_DIR="/usr/lib/modules/$(uname -r)/build" KERNEL_HEADERS="${KERNEL_DIR}" ARCH="${arch}" make all
 }

 package() {
-  install -Dm644 "${srcdir}/linux-${_kver}/samples/bpf/opensnitch.o" \
-    "${srcdir}/linux-${_kver}/samples/bpf/opensnitch-procs.o" \
-    "${srcdir}/linux-${_kver}/samples/bpf/opensnitch-dns.o" -t \
-    "$pkgdir/usr/lib/opensnitchd/ebpf/"
+  install -Dm644 "${srcdir}/${_pkgname}/ebpf_prog/opensnitch.o" \
+    "${srcdir}/${_pkgname}/ebpf_prog/opensnitch-procs.o" \
+    "${srcdir}/${_pkgname}/ebpf_prog/opensnitch-dns.o" -t \
+    "${pkgdir}/usr/lib/opensnitchd/ebpf/"
 }
-- 
2.40.1

zwei commented on 2023-05-19 19:24 (UTC) (edited on 2023-05-19 19:25 (UTC) by zwei)

Also getting the file.patch error.

Note that new compilation instructions were pushed a few days ago.

uffe commented on 2023-05-19 11:12 (UTC)

I've been succesfully building "opensnitch-ebpf-module-git" for many months - until recently

This error seems to have been introduced recently by some source change

PKGBUILD: line 32: /tmp/xxx/.cache/yay/opensnitch-ebpf-module-git/src/opensnitch/ebpf_prog/file.patch: No such file or directory

==> Making package: opensnitch-ebpf-module-git 1.6.0rc3.r27.2cdbd97-2 (2023-05-19T13:04:15 CEST)
==> Checking runtime dependencies...
==> Checking buildtime dependencies...
==> Retrieving sources...
  -> Updating opensnitch git repo...
  -> Found linux-6.0.15.tar.xz
==> Validating source files with sha256sums...
    opensnitch ... Skipped
    linux-6.0.15.tar.xz ... Passed
==> Removing existing $srcdir/ directory...
==> Extracting sources...
  -> Creating working copy of opensnitch git repo...
Cloning into 'opensnitch'...
done.
  -> Extracting linux-6.0.15.tar.xz with bsdtar
==> Starting prepare()...
/tmp/xxx/.cache/yay/opensnitch-ebpf-module-git/PKGBUILD: line 32: /tmp/xxx/.cache/yay/opensnitch-ebpf-module-git/src/opensnitch/ebpf_prog/file.patch: No such file or directory
==> ERROR: A failure occurred in prepare().
    Aborting...
 -> error making: opensnitch-ebpf-module-git-exit status 4
 -> Failed to install the following packages. Manual intervention is required:

1 2 Next › Last »