gustavo-iniguez-goya
commented
9 months ago thanks @planetoryd ,
-fno-stack-protector was disabled for clang: https://reviews.llvm.org/D142046
BPF llvm doesn't support the stack protector so I'll add it to avoid errors on distros/environments that enforces stack protector (more info: https://lore.kernel.org/bpf/194f38f2dc7d521375e5a660baaf1be31536be9a.camel@gmail.com/).
Regarding the instructions to compile the ebpf prog, they're a bit outdated (we don't need to copy the sources to samples/bpf/ for example). As stated at the top of the README:
There's a helper script to automate this process: https://github.com/evilsocket/opensnitch/blob/master/utils/packaging/build_modules.sh
Those are the instructions. I'll also update the README.
Thank you.
https://github.com/planetoryd/opensnitch/commits/master/
I added some notes about dependencies so others can waste less time to get started.
There was one problem building the ebpf, for which i have to turn on
-fno-stack-protectorhttps://github.com/planetoryd/opensnitch/commit/d74d9a4911a35b88dda9f0e2d0c76c1ecd346adf
go checksums should be included in the tree i think
Besides, I re-wrote that nsproxy stuff https://github.com/planetoryd/nsproxy
I plan to make opensnitch work with it.
Also the instructions in https://github.com/evilsocket/opensnitch/tree/master/ebpf_prog require some file-copying which isn't actually necessary