Package Details: opensnitch-ebpf-module 1.6.6-1

Git Clone URL: https://aur.archlinux.org/opensnitch-ebpf-module.git (read-only, click to copy)
Package Base: opensnitch-ebpf-module
Description: eBPF process monitor module for opensnitch
Upstream URL: https://github.com/evilsocket/opensnitch
Licenses: GPL3
Submitter: nns
Maintainer: nns
Last Packager: nns
Votes: 25
Popularity: 1.27
First Submitted: 2023-02-06 09:27 (UTC)
Last Updated: 2024-09-24 10:00 (UTC)

Required by (0)

Sources (1)

Pinned Comments

nns commented on 2023-07-07 10:40 (UTC) (edited on 2024-04-06 06:48 (UTC) by nns)

MANJARO USERS, READ ME

Manjaro does not create the /usr/src/linux symlink, which should point to the current kernel headers and is required for this package to build properly. If you wish to use this package, your options are to:

  1. Manually edit the PKGBUILD before building and change the KDIR variable in build() to point to your kernel headers.

  2. Create a pacman hook for the kernel header package which creates the symbolic link automatically. An example can be seen in this comment: https://aur.archlinux.org/packages/opensnitch-ebpf-module?O=30#comment-919081

nns commented on 2022-11-15 09:17 (UTC) (edited on 2023-07-11 10:02 (UTC) by nns)

This is the latest RELEASE version of opensnitch's eBPF module. It is meant to be used with the regular opensnitch package, not the -git version in the AUR. If you're using the -git version of opensnitch, you're looking for this version of the eBPF module package instead.

I intend to keep this up to date with the OpenSnitch releases (as soon as the main package updates).

Latest Comments

« First ‹ Previous 1 2 3 4 5 6 Next › Last »

Maziar commented on 2023-07-07 06:33 (UTC) (edited on 2023-07-07 06:38 (UTC) by Maziar)

opensnitch log :

Unable to set new process monitor (ebpf) method from disk: eBPF module opensnitch.o malformed, bpfmap[tcp] nil

EBPF-DNS: Failed to find symbols for uprobes.

EBPF-DNS: Unable to attach ebpf listener: Failed to find symbols for uprobes

Perhaps use this in the package

nns commented on 2023-07-06 09:08 (UTC)

I cannot reproduce - apart from a few non-consequential warnings, it builds fine for me with 6.4.1 in both a clean chroot and my host machine. Without knowing the error you're getting, I can't really help you either.

Maziar commented on 2023-07-06 06:41 (UTC)

Seems Not Compatible With kernel 6.3 6.4 ...

Randomly show library error

weru345 commented on 2023-06-22 08:13 (UTC)

The opensnitch package in the repos was updated to 1.6.0 yesterday.

stasadev commented on 2023-06-13 10:04 (UTC) (edited on 2024-09-23 19:50 (UTC) by stasadev)

Thank you, @nns, I used a pacman hook for Manjaro. In case anyone needs it:

September 2024 update:

$ cat /etc/pacman.d/hooks/linux66-headers.hook
[Trigger]
Operation = Install
Operation = Upgrade
Type = Package
Target = linux66-headers

[Action]
Description = Create a symlink /usr/src/linux...
Exec = /bin/sh -c "rm -f /usr/src/linux && ln -sv linux66 /usr/src/linux"
When = PostTransaction

nns commented on 2023-06-13 08:08 (UTC)

You can always edit the PKGBUILD before building - I imagine Manjaro's AUR helper provides that functionality?

Another alternative is to create the /usr/src/linux symlink manually. Perhaps a pacman hook that updates the symlink every time kernel headers are updated. I'm not sure how kernel headers are provided and packaged in Manjaro, but it's surprising to me that symlink isn't provided already.

stasadev commented on 2023-06-12 19:29 (UTC)

I understand, thank you. I have not thought about the changes when running the kernel update on Arch (Manjaro user here). I will build it manually from now on.

nns commented on 2023-06-12 19:04 (UTC) (edited on 2023-06-12 19:05 (UTC) by nns)

I'm not sure I follow. That symlink is provided by linux-headers, which is a makedep for this package. You can see it on the very bottom of the file list here: https://archlinux.org/packages/core/x86_64/linux-headers/

Hardcoding the path name would break building this package on a system where the running kernel is older than the module package (which can and does often happen when updating packages).

stasadev commented on 2023-06-12 18:43 (UTC)

Please update KDIR to use the actual source instead of the symlink. Just like in opensnitch-ebpf-module-git. Not all of us have such a path.

-KDIR="/usr/src/linux"
+KDIR="/usr/lib/modules/$(uname -r)/build"

nns commented on 2023-06-12 12:24 (UTC)

Thank you for the heads up. I've made the required changes.

Also, with the latest opensnitch versions, separately downloading the kernel sources is no longer required, just that headers are present. Thus, this package now depends on linux-headers.