What does the following command output?
llvm-readelf /usr/lib/opensnitchd/ebpf/opensnitch.o --section-headers
Search Criteria
Package Details: opensnitch-ebpf-module 1.6.8-1
Package Actions
| Git Clone URL: | https://aur.archlinux.org/opensnitch-ebpf-module.git (read-only, click to copy) |
|---|---|
| Package Base: | opensnitch-ebpf-module |
| Description: | eBPF process monitor module for opensnitch |
| Upstream URL: | https://github.com/evilsocket/opensnitch |
| Licenses: | GPL3 |
| Submitter: | nns |
| Maintainer: | nns |
| Last Packager: | nns |
| Votes: | 26 |
| Popularity: | 1.12 |
| First Submitted: | 2023-02-06 09:27 (UTC) |
| Last Updated: | 2025-04-01 08:23 (UTC) |
Dependencies (7)
- opensnitch (opensnitch-gitAUR)
- bc (bc-ghAUR) (make)
- clang (llvm-gitAUR, clang-minimal-gitAUR, clang17-binAUR) (make)
- libelf (elfutils-gitAUR) (make)
- linux-headers (make)
- llvm (llvm-gitAUR, llvm-minimal-gitAUR) (make)
- llvm (llvm-gitAUR, llvm-minimal-gitAUR) (check)
Required by (1)
Sources (1)
nns commented on 2023-07-07 08:02 (UTC)
Maziar commented on 2023-07-07 06:33 (UTC) (edited on 2023-07-07 06:38 (UTC) by Maziar)
opensnitch log :
Unable to set new process monitor (ebpf) method from disk: eBPF module opensnitch.o malformed, bpfmap[tcp] nil
EBPF-DNS: Failed to find symbols for uprobes.
EBPF-DNS: Unable to attach ebpf listener: Failed to find symbols for uprobes
nns commented on 2023-07-06 09:08 (UTC)
I cannot reproduce - apart from a few non-consequential warnings, it builds fine for me with 6.4.1 in both a clean chroot and my host machine. Without knowing the error you're getting, I can't really help you either.
Maziar commented on 2023-07-06 06:41 (UTC)
Seems Not Compatible With kernel 6.3 6.4 ...
Randomly show library error
weru345 commented on 2023-06-22 08:13 (UTC)
The opensnitch package in the repos was updated to 1.6.0 yesterday.
stasadev commented on 2023-06-13 10:04 (UTC) (edited on 2025-02-08 12:50 (UTC) by stasadev)
Thank you, @nns, I used a pacman hook for Manjaro. In case anyone needs it:
$ cat /etc/pacman.d/hooks/linux-headers.hook
[Trigger]
Operation = Install
Operation = Upgrade
Type = Package
Target = linux612-headers
[Action]
Description = Create a symlink /usr/src/linux...
Exec = /bin/sh -c "rm -f /usr/src/linux && ln -sv linux612 /usr/src/linux"
When = PostTransaction
nns commented on 2023-06-13 08:08 (UTC)
You can always edit the PKGBUILD before building - I imagine Manjaro's AUR helper provides that functionality?
Another alternative is to create the /usr/src/linux symlink manually. Perhaps a pacman hook that updates the symlink every time kernel headers are updated. I'm not sure how kernel headers are provided and packaged in Manjaro, but it's surprising to me that symlink isn't provided already.
stasadev commented on 2023-06-12 19:29 (UTC)
I understand, thank you. I have not thought about the changes when running the kernel update on Arch (Manjaro user here). I will build it manually from now on.
nns commented on 2023-06-12 19:04 (UTC) (edited on 2023-06-12 19:05 (UTC) by nns)
I'm not sure I follow. That symlink is provided by linux-headers, which is a makedep for this package. You can see it on the very bottom of the file list here: https://archlinux.org/packages/core/x86_64/linux-headers/
Hardcoding the path name would break building this package on a system where the running kernel is older than the module package (which can and does often happen when updating packages).
stasadev commented on 2023-06-12 18:43 (UTC)
Please update KDIR to use the actual source instead of the symlink. Just like in opensnitch-ebpf-module-git. Not all of us have such a path.
-KDIR="/usr/src/linux"
+KDIR="/usr/lib/modules/$(uname -r)/build"
Pinned Comments
nns commented on 2023-07-07 10:40 (UTC) (edited on 2024-04-06 06:48 (UTC) by nns)
MANJARO USERS, READ ME
Manjaro does not create the
/usr/src/linuxsymlink, which should point to the current kernel headers and is required for this package to build properly. If you wish to use this package, your options are to:Manually edit the PKGBUILD before building and change the
KDIRvariable inbuild()to point to your kernel headers.Create a pacman hook for the kernel header package which creates the symbolic link automatically. An example can be seen in this comment: https://aur.archlinux.org/packages/opensnitch-ebpf-module?O=30#comment-919081
nns commented on 2022-11-15 09:17 (UTC) (edited on 2023-07-11 10:02 (UTC) by nns)
This is the latest RELEASE version of opensnitch's eBPF module. It is meant to be used with the regular opensnitch package, not the
-gitversion in the AUR. If you're using the-gitversion of opensnitch, you're looking for this version of the eBPF module package instead.I intend to keep this up to date with the OpenSnitch releases (as soon as the main package updates).