What does the following command output?
llvm-readelf /usr/lib/opensnitchd/ebpf/opensnitch.o --section-headers
Git Clone URL: | https://aur.archlinux.org/opensnitch-ebpf-module.git (read-only, click to copy) |
---|---|
Package Base: | opensnitch-ebpf-module |
Description: | eBPF process monitor module for opensnitch |
Upstream URL: | https://github.com/evilsocket/opensnitch |
Licenses: | GPL3 |
Submitter: | nns |
Maintainer: | nns |
Last Packager: | nns |
Votes: | 26 |
Popularity: | 1.12 |
First Submitted: | 2023-02-06 09:27 (UTC) |
Last Updated: | 2025-04-01 08:23 (UTC) |
What does the following command output?
llvm-readelf /usr/lib/opensnitchd/ebpf/opensnitch.o --section-headers
opensnitch log :
Unable to set new process monitor (ebpf) method from disk: eBPF module opensnitch.o malformed, bpfmap[tcp] nil
EBPF-DNS: Failed to find symbols for uprobes.
EBPF-DNS: Unable to attach ebpf listener: Failed to find symbols for uprobes
I cannot reproduce - apart from a few non-consequential warnings, it builds fine for me with 6.4.1 in both a clean chroot and my host machine. Without knowing the error you're getting, I can't really help you either.
Seems Not Compatible With kernel 6.3 6.4 ...
Randomly show library error
The opensnitch package in the repos was updated to 1.6.0 yesterday.
Thank you, @nns, I used a pacman
hook for Manjaro. In case anyone needs it:
$ cat /etc/pacman.d/hooks/linux-headers.hook
[Trigger]
Operation = Install
Operation = Upgrade
Type = Package
Target = linux612-headers
[Action]
Description = Create a symlink /usr/src/linux...
Exec = /bin/sh -c "rm -f /usr/src/linux && ln -sv linux612 /usr/src/linux"
When = PostTransaction
You can always edit the PKGBUILD before building - I imagine Manjaro's AUR helper provides that functionality?
Another alternative is to create the /usr/src/linux
symlink manually. Perhaps a pacman hook that updates the symlink every time kernel headers are updated. I'm not sure how kernel headers are provided and packaged in Manjaro, but it's surprising to me that symlink isn't provided already.
I understand, thank you. I have not thought about the changes when running the kernel update on Arch (Manjaro user here). I will build it manually from now on.
I'm not sure I follow. That symlink is provided by linux-headers
, which is a makedep for this package. You can see it on the very bottom of the file list here: https://archlinux.org/packages/core/x86_64/linux-headers/
Hardcoding the path name would break building this package on a system where the running kernel is older than the module package (which can and does often happen when updating packages).
Please update KDIR
to use the actual source instead of the symlink. Just like in opensnitch-ebpf-module-git
. Not all of us have such a path.
-KDIR="/usr/src/linux"
+KDIR="/usr/lib/modules/$(uname -r)/build"
Pinned Comments
nns commented on 2023-07-07 10:40 (UTC) (edited on 2024-04-06 06:48 (UTC) by nns)
MANJARO USERS, READ ME
Manjaro does not create the
/usr/src/linux
symlink, which should point to the current kernel headers and is required for this package to build properly. If you wish to use this package, your options are to:Manually edit the PKGBUILD before building and change the
KDIR
variable inbuild()
to point to your kernel headers.Create a pacman hook for the kernel header package which creates the symbolic link automatically. An example can be seen in this comment: https://aur.archlinux.org/packages/opensnitch-ebpf-module?O=30#comment-919081
nns commented on 2022-11-15 09:17 (UTC) (edited on 2023-07-11 10:02 (UTC) by nns)
This is the latest RELEASE version of opensnitch's eBPF module. It is meant to be used with the regular opensnitch package, not the
-git
version in the AUR. If you're using the-git
version of opensnitch, you're looking for this version of the eBPF module package instead.I intend to keep this up to date with the OpenSnitch releases (as soon as the main package updates).