eBPF Failed to load /etc/opensnitchd/opensnitch.o: open /etc/opensnitchd/opensnitch.o: no such file or directory

evilsocket / opensnitch

OpenSnitch is a GNU/Linux interactive application firewall inspired by Little Snitch.

GNU General Public License v3.0

10.96k stars 511 forks source link

eBPF Failed to load /etc/opensnitchd/opensnitch.o: open /etc/opensnitchd/opensnitch.o: no such file or directory #554

Closed Bogdan107 closed 2 years ago

Bogdan107 commented 2 years ago

Describe the bug I have ERR message inside /var/log/opensnitch.log file.

Include the following information:

OpenSnitch version: 1.4.3
OS: Gentoo
Version: profile default/linux/amd64/17.1/no-multilib/hardened/selinux
Window Manager: SDDM
Kernel version: Linux ??? 5.15.6-gentoo-x86_64 #2 SMP PREEMPT Fri Dec 3 14:56:01 EET 2021 x86_64 AMD Ryzen 5 4600H with Radeon Graphics AuthenticAMD GNU/Linux

To Reproduce Select eBPF as "Process Monitor Method" in GUI.

$ grep -r ProcMonitorMethod /etc/opensnitchd/default-config.json
    "ProcMonitorMethod": "ebpf",

gustavo-iniguez-goya commented 2 years ago

Hi @Bogdan107 , did you compile the eBPF module? https://github.com/evilsocket/opensnitch/tree/master/ebpf_prog

Bogdan107 commented 2 years ago

Hi! No, I do not compile the eBPF module. I read this instructions.

But I have some troubles: 1) Compiling module inside existing kernel source tree. If tools/lib/bpf/bpf_helpers.h file were been patched, then kernel source tree will be corrupted for the next programs, which needs bfp_helpers.h file. _May I expect, that system will be stable after this patch and I have no errors with bpf_helpers.h file in the future?_ 2) Compiling module inside separate kernel source tree, which used only for compiling opensnitch module. If I make a copy of kernel source tree for compiling this module, then I need to double > 1Gb space on the disk. May I expect, that module, compiled inside patched kernel, will be worked correctly inside the kernel, which compiled without this patch?

Bogdan107 commented 2 years ago

First changes, which I want in opensnitch: Modify "Preferences" dialog in beforeShowDialog() stage: 1) check existing of file opensnitch.o file in the /etc/opensnitch/ or /usr/<lib>/ or /usr/<lib64>/ or $LD_LIBRARY_PATH/ or something else; 2) if file opensnitch.o does not exists in predefined path - remove or disable ebpf row from "Process monitor method" listbox; 3) if file opensnitch.o does not exists and /etc/opensnitchd/default-config.json file contains "ProcMonitorMethod": "ebpf", then inform user, that predefined value changed to firstly available method, because file "opensnitch.o" does not exists.

4L3XK commented 2 years ago

Hi @Bogdan107 , did you compile the eBPF module? https://github.com/evilsocket/opensnitch/tree/master/ebpf_prog

Compiling the eBPF module fixed the error messages mentioned in this issue and the ICMP and NFS share mount issues for me. Linux version 5.10.0-11-amd64

Bogdan107 commented 2 years ago

I build ebpf_prog module for kernel version 5.18.6 (#680) and already use opensnitch with ProcMonitorMethod=ebpf !