Arch Linux User Repository

MANJARO USERS, READ ME

Manjaro does not create the /usr/src/linux symlink, which should point to the current kernel headers and is required for this package to build properly. If you wish to use this package, your options are to:

1. Manually edit the PKGBUILD before building and change the KDIR variable in build() to point to your kernel headers.

2. Create a pacman hook for the kernel header package which creates the symbolic link automatically. An example can be seen in this comment: https://aur.archlinux.org/packages/opensnitch-ebpf-module?O=30#comment-919081

This is the latest RELEASE version of opensnitch's eBPF module. It is meant to be used with the regular opensnitch package, not the -git version in the AUR. If you're using the -git version of opensnitch, you're looking for this version of the eBPF module package instead.

I intend to keep this up to date with the OpenSnitch releases (as soon as the main package updates).

@eclairevoyant Thanks, probably will. I realize that the reason why the PKGBUILD wasn't failing in the build() phase properly when clang fatals is because it's set to explicitly pipe to llc, which means make doesn't exit. Submitted a PR upstream that should fix this.

@nns You might want to pin a comment about Manjaro et al. to save your time in the future

You are using Manjaro. This is the Arch user repository.

Please see https://aur.archlinux.org/packages/opensnitch-ebpf-module?O=10#comment-919081 for Manjaro-specific instructions.

uname : 6.4.1-1.0-MANJARO #1 SMP PREEMPT_DYNAMIC Sat ,,,,, x86_64 GNU/Linux

bad linux hearder path : fatal error: '/usr/src/linux/include/linux/kconfig.h' file not found

pkgbuild : line 20 : KDIR="/usr/src/linux" !!!!!

Yes, that's not correct. Can you post the full compilation log when building the module? (please use something like https://paste.rs/)

You will have to force a rebuild of the package, with makepkg that would be makepkg -sCLf

EDIT: Also, please post the output of uname -a

rebuild:

Failed to build opensnitch.o properly, section kprobe/tcp_v4_connect missing!

perhaps similar :: this

llvm-readelf /usr/lib/opensnitchd/ebpf/opensnitch.o --section-headers :

There are 4 section headers, starting at offset 0x70:

Section Headers: [Nr] Name Type Address Off Size ES Flg Lk Inf Al [ 0] NULL 0000000000000000 000000 000000 00 0 0 0 [ 1] .strtab STRTAB 0000000000000000 000058 000017 00 0 0 1 [ 2] .text PROGBITS 0000000000000000 000040 000000 00 AX 0 0 4 [ 3] .symtab SYMTAB 0000000000000000 000040 000018 18 1 1 8 Key to Flags: W (write), A (alloc), X (execute), M (merge), S (strings), I (info), L (link order), O (extra OS processing required), G (group), T (TLS), C (compressed), x (unknown), o (OS specific), E (exclude), R (retain), p (processor specific)

I've added a check() in the PKGBUILD that checks whether the required ELF sections exist. Can you rebuild the package and see whether the check succeeds or not?

What does the following command output?

llvm-readelf /usr/lib/opensnitchd/ebpf/opensnitch.o --section-headers

opensnitch log :

Unable to set new process monitor (ebpf) method from disk: eBPF module opensnitch.o malformed, bpfmap[tcp] nil

EBPF-DNS: Failed to find symbols for uprobes.

EBPF-DNS: Unable to attach ebpf listener: Failed to find symbols for uprobes

Perhaps use this in the package