Arch Linux User Repository

for anyone else, replace the patch with https://pastebin.com/raw/3ErurtPP, and update the sha256sum

edit: thank you lsf for fixing it

can't build anymore:

==> Starting prepare()...
patching file Makefile
Hunk #1 FAILED at 29.
Hunk #2 succeeded at 49 (offset 1 line).
1 out of 2 hunks FAILED -- saving rejects to file Makefile.rej
==> ERROR: A failure occurred in prepare().
    Aborting...
 -> error making: opensnitch-ebpf-module-git-exit status 4
 -> Failed to install the following packages. Manual intervention is required:
opensnitch-ebpf-module-git - exit status 4

binutils, flex must be removed from makedepends as they are part of base-devel.

Thank you for maintaining this package!

Looks like I'd forgotten to add 0001-Build-with-Archlinux.patch into the PKGBUILD although included in the encompassing patch. It doesn't build from AUR as a result.

UPDATE: this commit has broken the original patch. Here is a new patch to account for changes to Makefile: 0001-Build-with-Archlinux-1.patch

Fun!

@selfdenial: thank you so very much! Things should be fine again now, thanks to your efforts :)

(sorry for taking so long to get things sorted)

Edit: patches never seems to work well with markdown (patches successfully but makepkg fails). Here is a working link: 0001-Restore-build-with-later-revisions.patch

Hi I'm no expert but I've managed to make this build and might as well share what I've changed:

From 28220349944d729c2676ed34ed29aaf151f57c56 Mon Sep 17 00:00:00 2001
From: no <no@no>
Date: Thu, 25 May 2023 20:29:53 -0600
Subject: [PATCH] Restore build with later revisions.

---
 0001-Build-with-Archlinux.patch | 35 +++++++++++++++++++++++++
 PKGBUILD                        | 46 +++++++++++----------------------
 2 files changed, 50 insertions(+), 31 deletions(-)
 create mode 100644 0001-Build-with-Archlinux.patch

diff --git a/0001-Build-with-Archlinux.patch b/0001-Build-with-Archlinux.patch
new file mode 100644
index 0000000..f2b876b
--- /dev/null
+++ b/0001-Build-with-Archlinux.patch
@@ -0,0 +1,35 @@
+From 3053d8bba78596b8c587273a12a9b3eb6ad81b35 Mon Sep 17 00:00:00 2001
+From: no <no@no>
+Date: Thu, 25 May 2023 19:04:08 -0600
+Subject: [PATCH] Build with Archlinux.
+
+---
+ ebpf_prog/Makefile | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/ebpf_prog/Makefile b/ebpf_prog/Makefile
+index 1bf0b6b..b81d1b4 100644
+--- a/ebpf_prog/Makefile
++++ b/ebpf_prog/Makefile
+@@ -29,6 +29,7 @@ endif
+ 
+ BIN := opensnitch.o opensnitch-procs.o opensnitch-dns.o
+ CLANG_FLAGS = -I. \
++  -I$(KERNEL_HEADERS)/arch/x86/include/ \
+   -I$(KERNEL_HEADERS)/arch/x86/include/generated/ \
+   -I$(KERNEL_HEADERS)/include \
+   -include $(KERNEL_DIR)/include/linux/kconfig.h \
+@@ -45,7 +46,9 @@ CLANG_FLAGS = -I. \
+   $(EXTRA_FLAGS) \
+   -Wno-gnu-variable-sized-type-not-at-end \
+   -Wno-address-of-packed-member -Wno-tautological-compare \
+-  -Wno-unknown-warning-option  \
++  -Wno-unknown-warning-option \
++  -fcf-protection \
++  -fno-stack-protector \
+   -g -O2 -emit-llvm
+ 
+ all: $(BIN)
+-- 
+2.40.1
+
diff --git a/PKGBUILD b/PKGBUILD
index a9db3f9..06aec11 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -2,58 +2,42 @@

 pkgname=opensnitch-ebpf-module-git
 _pkgname=opensnitch
-pkgver=1.6.0rc3.r27.2cdbd97
-pkgrel=2
-_kver=6.0.15
+pkgver=1.6.0rc5.r71.3432c6a
+pkgrel=1
 pkgdesc="eBPF process monitor module for opensnitch"
 arch=('i686' 'x86_64' 'armv6h' 'armv7h' 'aarch64')
 url="https://github.com/evilsocket/opensnitch"
 license=('GPL3')
 makedepends=('git' 'clang' 'llvm' 'libelf'
-             'binutils' 'bc' 'rsync' 'flex')
+             'binutils' 'bc' 'rsync' 'flex'
+             'linux-headers' 'coreutils')
 depends=('opensnitch')
 provides=("${pkgname%-git}")
 conflicts=("${pkgname%-git}")
-source=('git+https://github.com/evilsocket/opensnitch.git'
-        "https://www.kernel.org/pub/linux/kernel/v${_kver%%.*}.x/linux-${_kver}.tar.xz")
-        # "https://github.com/torvalds/linux/archive/v${_kver}.tar.gz")
-sha256sums=('SKIP'
-            'd484eb3d4f88be14b42507a85ad4b0932e92e7a742acbce74e8be007124a6820')
+source=('git+https://github.com/evilsocket/opensnitch.git')
+sha256sums=('SKIP')
 options=('!strip') # we're stripping with llvm-strip

 pkgver() {
-  cd "$srcdir/${_pkgname}"
+  cd "${srcdir}/${_pkgname}"
   git describe --long | sed 's/^v//;s/-rc./rc/;s/\([^-]*-\)g/r\1/;s/-/./g'
 }

 prepare() {
-  cd ${srcdir}/linux-${_kver}
+  cd "${srcdir}/${_pkgname}/ebpf_prog"

-  patch tools/lib/bpf/bpf_helpers.h < ${srcdir}/${_pkgname}/ebpf_prog/file.patch
-  cp ${srcdir}/${_pkgname}/ebpf_prog/opensnitch.c \
-    ${srcdir}/${_pkgname}/ebpf_prog/common.h \
-    ${srcdir}/${_pkgname}/ebpf_prog/common_defs.h \
-    ${srcdir}/${_pkgname}/ebpf_prog/opensnitch-procs.c \
-    ${srcdir}/${_pkgname}/ebpf_prog/opensnitch-dns.c \
-    ${srcdir}/${_pkgname}/ebpf_prog/Makefile samples/bpf
-
-  yes "" | make oldconfig
-  make prepare
+  patch Makefile < "${srcdir}/../0001-Build-with-Archlinux.patch"
 }

 build() {
-  cd ${srcdir}/linux-${_kver}
-
-  make headers_install
+  cd "${srcdir}/${_pkgname}/ebpf_prog"

-  cd samples/bpf
-  make
-  llvm-strip -g opensnitch.o opensnitch-dns.o
+  KERNEL_DIR="/usr/lib/modules/$(uname -r)/build" KERNEL_HEADERS="${KERNEL_DIR}" ARCH="${arch}" make all
 }

 package() {
-  install -Dm644 "${srcdir}/linux-${_kver}/samples/bpf/opensnitch.o" \
-    "${srcdir}/linux-${_kver}/samples/bpf/opensnitch-procs.o" \
-    "${srcdir}/linux-${_kver}/samples/bpf/opensnitch-dns.o" -t \
-    "$pkgdir/usr/lib/opensnitchd/ebpf/"
+  install -Dm644 "${srcdir}/${_pkgname}/ebpf_prog/opensnitch.o" \
+    "${srcdir}/${_pkgname}/ebpf_prog/opensnitch-procs.o" \
+    "${srcdir}/${_pkgname}/ebpf_prog/opensnitch-dns.o" -t \
+    "${pkgdir}/usr/lib/opensnitchd/ebpf/"
 }
-- 
2.40.1

Also getting the file.patch error.

Note that new compilation instructions were pushed a few days ago.

I've been succesfully building "opensnitch-ebpf-module-git" for many months - until recently

This error seems to have been introduced recently by some source change

PKGBUILD: line 32: /tmp/xxx/.cache/yay/opensnitch-ebpf-module-git/src/opensnitch/ebpf_prog/file.patch: No such file or directory

==> Making package: opensnitch-ebpf-module-git 1.6.0rc3.r27.2cdbd97-2 (2023-05-19T13:04:15 CEST)
==> Checking runtime dependencies...
==> Checking buildtime dependencies...
==> Retrieving sources...
  -> Updating opensnitch git repo...
  -> Found linux-6.0.15.tar.xz
==> Validating source files with sha256sums...
    opensnitch ... Skipped
    linux-6.0.15.tar.xz ... Passed
==> Removing existing $srcdir/ directory...
==> Extracting sources...
  -> Creating working copy of opensnitch git repo...
Cloning into 'opensnitch'...
done.
  -> Extracting linux-6.0.15.tar.xz with bsdtar
==> Starting prepare()...
/tmp/xxx/.cache/yay/opensnitch-ebpf-module-git/PKGBUILD: line 32: /tmp/xxx/.cache/yay/opensnitch-ebpf-module-git/src/opensnitch/ebpf_prog/file.patch: No such file or directory
==> ERROR: A failure occurred in prepare().
    Aborting...
 -> error making: opensnitch-ebpf-module-git-exit status 4
 -> Failed to install the following packages. Manual intervention is required:

PKGBUILD needs to be updated due to this commit from last week: https://github.com/evilsocket/opensnitch/commit/210e843aabd82986f38914e25dbaa6ffb9bfc8b9

The building process now needs to include the newly added file common_defs.h

Last few lines when building the package:

 GEN     libbpf.pc
  CLANG-bpf  /home/arch/.cache/rua/build/opensnitch-ebpf-module-git/src/linux-6.0.9/samples/bpf/opensnitch.o
/home/arch/.cache/rua/build/opensnitch-ebpf-module-git/src/linux-6.0.9/samples/bpf/opensnitch.c:3:10: fatal error: 'common_defs.h' file not found
#include "common_defs.h"
         ^~~~~~~~~~~~~~~
1 error generated.
  CLANG-bpf  /home/arch/.cache/rua/build/opensnitch-ebpf-module-git/src/linux-6.0.9/samples/bpf/opensnitch-dns.o
  CLANG-bpf  /home/arch/.cache/rua/build/opensnitch-ebpf-module-git/src/linux-6.0.9/samples/bpf/opensnitch-procs.o
In file included from /home/arch/.cache/rua/build/opensnitch-ebpf-module-git/src/linux-6.0.9/samples/bpf/opensnitch-procs.c:3:
/home/arch/.cache/rua/build/opensnitch-ebpf-module-git/src/linux-6.0.9/samples/bpf/common.h:4:10: fatal error: 'common_defs.h' file not found
#include "common_defs.h"
         ^~~~~~~~~~~~~~~
1 error generated.

Even though the package building completes just fine without common_defs.h, eBPF as monitor method stopped working for me completely. I ran into following error when trying to set eBPF in the Opensnitch settings

error starting ebpf monitor method: eBPF module opensnitch.o malformed, bpfmap[tcp6] nil when trying to use eBPF

As per the new eBPF instructions, the location /etc/opensnitchd/ for the compiled program is deprecated, and the locations /usr/local/lib/opensnitchd/ebpf/ and /usr/lib/opensnitchd/ebpf/ are preferred instead.