Sometimes appear eBPF warning messages after reboot.

[Tandaran3]

Describe the bug About once for ten reboots opensnitch show two warning messages about kernel incompatibility with eBPF. Despite this, opensnitch and gui works fine. If they did not appear immediately after reboot/cold start, then in the future during the high hours work they will not appear.

Include the following information:

• OpenSnitch 1.6.0rc4/rc5
• OS: Devuan 4.0
• Version Chimaera
• Window Manager: XFCE4
• Kernel version: Linux devuan 5.10.0-21-amd64 1 SMP Debian 5.10.162-1 (2023-01-21) x86_64 GNU/Linux

To Reproduce Whean DE fully loaded a few seconds after this, two warning messages appear.

Steps to reproduce the behavior: Just reboot 10-15 times and messages appear.

Post error logs: [2023-02-28 10:40:28]  IMP  Start writing logs to /var/log/opensnitchd.log [2023-02-28 10:40:28]  ERR  unable to load eBPF module (opensnitch.o). Your kernel version (5.10.0-21-amd64) might not be compatible. If this error persists, change process monitor method to 'proc' [2023-02-28 10:40:28]  ERR  [eBPF]: unable to load eBPF module (opensnitch.o). Your kernel version (5.10.0-21-amd64) might not be compatible. If this error persists, change process monitor method to 'proc' [2023-02-28 10:40:28]  WAR  error starting ebpf monitor method: unable to load eBPF module (opensnitch.o). Your kernel version (5.10.0-21-amd64) might not be compatible. If this error persists, change process monitor method to 'proc' [2023-02-28 10:40:28]  WAR  Unable to set new process monitor (ebpf) method from disk: unable to load eBPF module (opensnitch.o). Your kernel version (5.10.0-21-amd64) might not be compatible. If this error persists, change process monitor method to 'proc' [2023-02-28 10:40:47]  IMP  UI connected, dispathing queued alerts: 0 [2023-02-28 10:40:47]  WAR  notification channel closed by the server [2023-02-28 10:40:48]  ERR  Connection to the UI service lost. [2023-02-28 10:40:49]  IMP  UI connected, dispathing queued alerts: 0

Screenshots

[gustavo-iniguez-goya]

Hi @Tandaran3 ,

Please, set log level to DEBUG under Preferences -> Nodes, reproduce the issue again and post the logs. It'll offer more info on why is failing.

[Tandaran3]

Sure. Sorry. I`m remove some IP for privacy purpose.

[2023-02-28 17:33:25]  DBG  ebpf module not found: open /etc/opensnitchd/opensnitch.o: no such file or directory, /etc/opensnitchd/opensnitch.o [2023-02-28 17:33:25]  ERR  unable to load eBPF module (opensnitch.o). Your kernel version (5.10.0-21-amd64) might not be compatible. If this error persists, change process monitor method to 'proc' [2023-02-28 17:33:25]  ERR  [eBPF]: unable to load eBPF module (opensnitch.o). Your kernel version (5.10.0-21-amd64) might not be compatible. If this error persists, change process monitor method to 'proc' [2023-02-28 17:33:25]  WAR  error starting ebpf monitor method: unable to load eBPF module (opensnitch.o). Your kernel version (5.10.0-21-amd64) might not be compatible. If this error persists, change process monitor method to 'proc' [2023-02-28 17:33:25]  INF  Process monitor method /proc [2023-02-28 17:33:25]  WAR  Unable to set new process monitor (ebpf) method from disk: unable to load eBPF module (opensnitch.o). Your kernel version (5.10.0-21-amd64) might not be compatible. If this error persists, change process monitor method to 'proc' [2023-02-28 17:33:25]  DBG  UI not connected, queueing alert: 0 [2023-02-28 17:33:25]  INF  Stats, max events: 25, max stats: 150, max workers: 6 [2023-02-28 17:33:25]  DBG  Starting 16 workers ... [2023-02-28 17:33:25]  DBG  Stats worker #4 started. [2023-02-28 17:33:25]  DBG  Stats worker #2 started. [2023-02-28 17:33:25]  DBG  Stats worker #3 started. [2023-02-28 17:33:25]  DBG  Worker #6 started. [2023-02-28 17:33:25]  DBG  Stats worker #5 started. [2023-02-28 17:33:25]  DBG  Worker #0 started. [2023-02-28 17:33:25]  DBG  Stats worker #1 started. [2023-02-28 17:33:25]  DBG  Worker #10 started. [2023-02-28 17:33:25]  DBG  Worker #4 started. [2023-02-28 17:33:25]  DBG  Worker #12 started. [2023-02-28 17:33:25]  DBG  Worker #13 started. [2023-02-28 17:33:25]  DBG  Worker #1 started. [2023-02-28 17:33:25]  DBG  Worker #2 started. [2023-02-28 17:33:25]  DBG  Worker #3 started. [2023-02-28 17:33:25]  DBG  Stats worker #0 started. [2023-02-28 17:33:25]  DBG  Worker #8 started. [2023-02-28 17:33:25]  DBG  Worker #9 started. [2023-02-28 17:33:25]  DBG  Worker #7 started. [2023-02-28 17:33:25]  DBG  Worker #5 started. [2023-02-28 17:33:25]  DBG  Worker #11 started. [2023-02-28 17:33:25]  DBG  Worker #14 started. [2023-02-28 17:33:25]  DBG  Worker #15 started. [2023-02-28 17:33:25]  INF  nftables config changed, reloading [2023-02-28 17:33:25]  INF  fw configuration loaded [2023-02-28 17:33:26]  INF  Using nftables firewall [2023-02-28 17:33:26]  INF  Running on netfilter queue #0 ... [2023-02-28 17:33:26]  DBG  UI not connected, queueing alert: 0 [2023-02-28 17:33:26]  DBG  UI service poller started for socket /tmp/osui.sock [2023-02-28 17:33:26]  DBG  ebpf module not found: open /usr/local/lib/opensnitchd/ebpf/opensnitch-dns.o: no such file or directory, /usr/local/lib/opensnitchd/ebpf/opensnitch-dns.o [2023-02-28 17:33:26]  INF  [eBPF] module loaded: /usr/lib/opensnitchd/ebpf/opensnitch-dns.o [2023-02-28 17:33:26]  DBG  dns worker initialized #1 [2023-02-28 17:33:26]  DBG  dns worker initialized #3 [2023-02-28 17:33:26]  DBG  dns worker initialized #0 [2023-02-28 17:33:26]  DBG  dns worker initialized #2 [2023-02-28 17:33:26]  DBG  dns worker initialized #4 [2023-02-28 17:33:27]  DBG  client.disconnect() [2023-02-28 17:33:28]  DBG  client.disconnect() [2023-02-28 17:33:29]  DBG  client.disconnect() [2023-02-28 17:33:30]  DBG  client.disconnect() [2023-02-28 17:33:31]  DBG  new connection tcp => XXXXX:XXX.XXX.XXX.XXX -> XXX.XXX.XXX.XXX ():XXX uid: 101 [2023-02-28 17:33:31]  DBG  client.disconnect() [2023-02-28 17:33:31]  DBG  [0/1] outgoing connection uid: 101, XXXXX:XXX.XXX.XXX.XXX -> XXX.XXX.XXX.XXX:XXX || netlink response: XXXXX:XXX.XXX.XXX.XXX -> XXX.XXX.XXX.XXX:XXXX inode: 15887 - loopback: false multicast: false unspecified: false linklocalunicast: false ifaceLocalMulticast: false GlobalUni: true [2023-02-28 17:33:31]  DBG  new pid lookup took (1599): 2.947216ms [2023-02-28 17:33:31]  DBG  [0] PID found 1599 [15887] [2023-02-28 17:33:31]  DBG  ✔ /XXX/XXX/XXX -> XXX.XXX.XXX.XXX:XXX (XXX) [2023-02-28 17:33:32]  DBG  client.disconnect() [2023-02-28 17:33:33]  DBG  client.disconnect() [2023-02-28 17:33:34]  DBG  client.disconnect() [2023-02-28 17:33:36]  DBG  client.disconnect() [2023-02-28 17:33:37]  DBG  client.disconnect() [2023-02-28 17:33:38]  DBG  client.disconnect() [2023-02-28 17:33:39]  DBG  client.disconnect() [2023-02-28 17:33:40]  DBG  client.disconnect() [2023-02-28 17:33:41]  DBG  client.disconnect() [2023-02-28 17:33:42]  DBG  client.disconnect() [2023-02-28 17:33:43]  DBG  client.disconnect() [2023-02-28 17:33:44]  DBG  client.disconnect() [2023-02-28 17:33:45]  DBG  client.disconnect() [2023-02-28 17:33:46]  DBG  client.disconnect() [2023-02-28 17:33:47]  INF  Connected to the UI service on /tmp/osui.sock [2023-02-28 17:33:47]  IMP  UI connected, dispathing queued alerts: 0 [2023-02-28 17:33:47]  INF  Start receiving notifications [2023-02-28 17:33:47]  WAR  notification channel closed by the server [2023-02-28 17:33:47]  INF  Stop receiving notifications [2023-02-28 17:33:47]  DBG  client.disconnect() [2023-02-28 17:33:48]  ERR  Connection to the UI service lost. [2023-02-28 17:33:49]  INF  Connected to the UI service on /tmp/osui.sock [2023-02-28 17:33:49]  IMP  UI connected, dispathing queued alerts: 0 [2023-02-28 17:33:49]  INF  Start receiving notifications

[gustavo-iniguez-goya]

Thank you @Tandaran3 ,

You can delete everything after the lines dns worker initialized , the logs I'm interested in are before that line.

I think there're some log lines missing, so could you empty the log (truncate -s0 /var/log/opensnitchd.log) and try again please?

there should be a few attempts to load the file opensnitch.o, like: ebpf module not found: open /etc/opensnitchd/opensnitch.o

but from: /usr/local/lib/opensnitchd/ebpf/opensnitch.o

[Tandaran3]

Here. I did "sudo truncate -s0 /var/log/opensnitchd.log ; sudo reboot" before have posibility reproduce bag. Part 1

[2023-03-01 09:06:21]  DBG  [eBPF exit event] -> 2013 [2023-03-01 09:06:21]  DBG  [eBPF exit event inCache] -> 2013 [2023-03-01 09:06:21]  DBG  [eBPF exit event] -> 2012 [2023-03-01 09:06:21]  DBG  [eBPF exit event inCache] -> 2012 [2023-03-01 09:06:21]  DBG  [eBPF exec event] ppid: 0, pid: 2014, /usr/bin/sudo -> [sudo reboot] [2023-03-01 09:06:21]  DBG  (1) EBPF-DNS: LookupEvent 272 02000000 7f000001000000000000000000000000 64657675616e000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 [2023-03-01 09:06:21]  DBG  (1) EBPF-DNS: Tracking Resolved Message: devuan -> 127.0.0.1 [2023-03-01 09:06:21]  DBG  (4) EBPF-DNS: LookupEvent 272 02000000 7f000001000000000000000000000000 64657675616e000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 [2023-03-01 09:06:21]  DBG  (4) EBPF-DNS: Tracking Resolved Message: devuan -> 127.0.0.1 [2023-03-01 09:06:21]  DBG  (2) EBPF-DNS: LookupEvent 272 02000000 7f000001000000000000000000000000 64657675616e000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 [2023-03-01 09:06:21]  DBG  (2) EBPF-DNS: Tracking Resolved Message: devuan -> 127.0.0.1 [2023-03-01 09:06:21]  DBG  [eBPF exec event] ppid: 0, pid: 2015, /sbin/reboot -> [reboot] [2023-03-01 09:06:21]  DBG  [eBPF event inCache] -> 2015 [2023-03-01 09:06:21]  DBG  [eBPF exit event] -> 2016 [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 2004 [2023-03-01 09:06:22]  DBG  [eBPF exit event inCache] -> 2004 [2023-03-01 09:06:22]  DBG  [eBPF event inCache] -> 2015 [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 2015 [2023-03-01 09:06:22]  DBG  [eBPF exit event inCache] -> 2015 [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 1658 [2023-03-01 09:06:22]  DBG  [eBPF exit event inCache] -> 1658 [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 1660 [2023-03-01 09:06:22]  DBG  [eBPF exit event inCache] -> 1660 [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 1656 [2023-03-01 09:06:22]  DBG  [eBPF exit event inCache] -> 1656 [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 1659 [2023-03-01 09:06:22]  DBG  [eBPF exit event inCache] -> 1659 [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 1657 [2023-03-01 09:06:22]  DBG  [eBPF exit event inCache] -> 1657 [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 2014 [2023-03-01 09:06:22]  DBG  [eBPF exit event inCache] -> 2014 [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 1661 [2023-03-01 09:06:22]  DBG  [eBPF exit event inCache] -> 1661 [2023-03-01 09:06:22]  DBG  [eBPF exec event] ppid: 0, pid: 2017, /etc/init.d/rc -> [/etc/init.d/rc 6] [2023-03-01 09:06:22]  DBG  [eBPF exec event] ppid: 0, pid: 2018, /bin/stty -> [stty onlcr] [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 2018 [2023-03-01 09:06:22]  DBG  [eBPF exit event inCache] -> 2018 [2023-03-01 09:06:22]  DBG  [eBPF exec event] ppid: 0, pid: 2019, /bin/run-parts -> [run-parts --lsbsysinit --list /lib/lsb/init-functions.d] [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 2019 [2023-03-01 09:06:22]  DBG  [eBPF exit event inCache] -> 2019 [2023-03-01 09:06:22]  DBG  [eBPF exec event] ppid: 0, pid: 2020, /bin/grep -> [grep -wqs concurrency=none /proc/cmdline] [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 2020 [2023-03-01 09:06:22]  DBG  [eBPF exit event inCache] -> 2020 [2023-03-01 09:06:22]  DBG  [eBPF exec event] ppid: 0, pid: 2021, /bin/startpar -> [startpar -p 4 -t 20 -T 3 -M stop -P 2 -R 6] [2023-03-01 09:06:22]  DBG  [eBPF exec event] ppid: 0, pid: 2022, /etc/init.d/alsa-utils -> [/etc/rc6.d/K01alsa-utils stop] [2023-03-01 09:06:22]  DBG  [eBPF exec event] ppid: 0, pid: 2023, /etc/init.d/bluetooth -> [/etc/rc6.d/K01bluetooth stop] [2023-03-01 09:06:22]  DBG  [eBPF exec event] ppid: 0, pid: 2024, /etc/init.d/brightness -> [/etc/rc6.d/K01brightness stop] [2023-03-01 09:06:22]  DBG  [eBPF exec event] ppid: 0, pid: 2025, /etc/init.d/elogind -> [/etc/rc6.d/K01elogind stop] [2023-03-01 09:06:22]  DBG  [eBPF exec event] ppid: 0, pid: 2026, /etc/init.d/hddtemp -> [/etc/rc6.d/K01hddtemp stop] [2023-03-01 09:06:22]  DBG  [eBPF exec event] ppid: 0, pid: 2027, /etc/init.d/lvm2-lvmpolld -> [/etc/rc6.d/K01lvm2-lvmpolld stop] [2023-03-01 09:06:22]  DBG  [eBPF exec event] ppid: 0, pid: 2028, /etc/init.d/network-manager -> [/etc/rc6.d/K01network-manager stop] [2023-03-01 09:06:22]  DBG  [eBPF exec event] ppid: 0, pid: 2029, /etc/init.d/opensnitch -> [/etc/rc6.d/K01opensnitch stop] [2023-03-01 09:06:22]  DBG  [eBPF exec event] ppid: 0, pid: 2030, /etc/init.d/pulseaudio-enable-autospawn -> [/etc/rc6.d/K01pulseaudio-enable-autospawn stop] [2023-03-01 09:06:22]  DBG  [eBPF exec event] ppid: 0, pid: 2031, /etc/init.d/saned -> [/etc/rc6.d/K01saned stop] [2023-03-01 09:06:22]  DBG  [eBPF exec event] ppid: 0, pid: 2032, /etc/init.d/slim -> [/etc/rc6.d/K01slim stop] [2023-03-01 09:06:22]  DBG  [eBPF exec event] ppid: 0, pid: 2033, /etc/init.d/tor -> [/etc/rc6.d/K01tor stop] [2023-03-01 09:06:22]  DBG  [eBPF exec event] ppid: 0, pid: 2034, /etc/init.d/urandom -> [/etc/rc6.d/K01urandom stop] [2023-03-01 09:06:22]  DBG  [eBPF exec event] ppid: 0, pid: 2035, /etc/init.d/uuidd -> [/etc/rc6.d/K01uuidd stop] [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 2023 [2023-03-01 09:06:22]  DBG  [eBPF exit event inCache] -> 2023 [2023-03-01 09:06:22]  DBG  [eBPF exec event] ppid: 0, pid: 2037, /bin/run-parts -> [run-parts --lsbsysinit --list /lib/lsb/init-functions.d] [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 2037 [2023-03-01 09:06:22]  DBG  [eBPF exit event inCache] -> 2037 [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 2038 [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 2044 [2023-03-01 09:06:22]  DBG  [eBPF exec event] ppid: 0, pid: 2051, /usr/bin/tput -> [/usr/bin/tput hpa 60] [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 2051 [2023-03-01 09:06:22]  DBG  [eBPF exit event inCache] -> 2051 [2023-03-01 09:06:22]  DBG  [eBPF exec event] ppid: 0, pid: 2052, /bin/run-parts -> [run-parts --lsbsysinit --list /lib/lsb/init-functions.d] [2023-03-01 09:06:22]  DBG  [eBPF exec event] ppid: 0, pid: 2036, /bin/cat -> [cat /proc/cmdline] [2023-03-01 09:06:22]  DBG  [eBPF exec event] ppid: 0, pid: 2042, /bin/run-parts -> [run-parts --lsbsysinit --list /lib/lsb/init-functions.d] [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 2052 [2023-03-01 09:06:22]  DBG  [eBPF exit event inCache] -> 2052 [2023-03-01 09:06:22]  DBG  [eBPF exec event] ppid: 0, pid: 2054, /usr/bin/tput -> [/usr/bin/tput setaf 1] [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 2054 [2023-03-01 09:06:22]  DBG  [eBPF exit event inCache] -> 2054 [2023-03-01 09:06:22]  DBG  [eBPF exec event] ppid: 0, pid: 2057, /usr/bin/tput -> [/usr/bin/tput setaf 1] [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 2057 [2023-03-01 09:06:22]  DBG  [eBPF exit event inCache] -> 2057 [2023-03-01 09:06:22]  DBG  [eBPF exec event] ppid: 0, pid: 2059, /bin/run-parts -> [run-parts --lsbsysinit --list /lib/lsb/init-functions.d] [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 2036 [2023-03-01 09:06:22]  DBG  [eBPF exit event inCache] -> 2036 [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 2030 [2023-03-01 09:06:22]  DBG  [eBPF exit event inCache] -> 2030 [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 2042 [2023-03-01 09:06:22]  DBG  [eBPF exit event inCache] -> 2042 [2023-03-01 09:06:22]  DBG  [eBPF exec event] ppid: 0, pid: 2044, /sbin/start-stop-daemon -> [start-stop-daemon --stop --quiet --oknodo --pidfile /run/elogind.pid] [2023-03-01 09:06:22]  DBG  [eBPF exec event] ppid: 0, pid: 2038, /bin/run-parts -> [run-parts --lsbsysinit --list /lib/lsb/init-functions.d] [2023-03-01 09:06:22]  DBG  [eBPF exec event] ppid: 0, pid: 2056, /bin/run-parts -> [run-parts --lsbsysinit --list /lib/lsb/init-functions.d] [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 2056 [2023-03-01 09:06:22]  DBG  [eBPF exit event inCache] -> 2056 [2023-03-01 09:06:22]  DBG  [eBPF exec event] ppid: 0, pid: 2043, /usr/bin/basename -> [basename /usr/bin/slim] [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 1555 [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 2059 [2023-03-01 09:06:22]  DBG  [eBPF exit event inCache] -> 2059 [2023-03-01 09:06:22]  DBG  [eBPF exec event] ppid: 0, pid: 2061, /usr/bin/tput -> [/usr/bin/tput setaf 3] [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 2061 [2023-03-01 09:06:22]  DBG  [eBPF exit event inCache] -> 2061 [2023-03-01 09:06:22]  DBG  [eBPF exec event] ppid: 0, pid: 2066, /usr/bin/tput -> [/usr/bin/tput op] [2023-03-01 09:06:22]  DBG  [eBPF exec event] ppid: 0, pid: 2065, /bin/run-parts -> [run-parts --lsbsysinit --list /lib/lsb/init-functions.d] [2023-03-01 09:06:22]  DBG  [eBPF exec event] ppid: 0, pid: 2058, /sbin/start-stop-daemon -> [start-stop-daemon --stop --retry 5 --quiet --pidfile /run/NetworkManager/NetworkManager.pid --exec /usr/sbin/NetworkManager] [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 2041 [2023-03-01 09:06:22]  DBG  [eBPF exec event] ppid: 0, pid: 2039, /bin/run-parts -> [run-parts --lsbsysinit --list /lib/lsb/init-functions.d] [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 2043 [2023-03-01 09:06:22]  DBG  [eBPF exit event inCache] -> 2043 [2023-03-01 09:06:22]  DBG  [eBPF exec event] ppid: 0, pid: 2063, /usr/bin/basename -> [basename /usr/bin/slim] [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 2063 [2023-03-01 09:06:22]  DBG  [eBPF exit event inCache] -> 2063 [2023-03-01 09:06:22]  DBG  [eBPF exec event] ppid: 0, pid: 2069, /bin/sed -> [sed -e s/^-(.)/\1/] [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 2066 [2023-03-01 09:06:22]  DBG  [eBPF exit event inCache] -> 2066 [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 2065 [2023-03-01 09:06:22]  DBG  [eBPF exit event inCache] -> 2065 [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 2025 [2023-03-01 09:06:22]  DBG  [eBPF exit event inCache] -> 2025 [2023-03-01 09:06:22]  DBG  [eBPF exec event] ppid: 0, pid: 2074, /sbin/start-stop-daemon -> [start-stop-daemon --stop --oknodo --quiet --pidfile /var/run/saned.pid --retry 10 --exec /usr/sbin/saned] [2023-03-01 09:06:22]  DBG  [eBPF exec event] ppid: 0, pid: 2062, /bin/cat -> [cat /sys/class/backlight/acpi_video0/brightness] [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 2062 [2023-03-01 09:06:22]  DBG  [eBPF exit event inCache] -> 2062 [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 2074 [2023-03-01 09:06:22]  DBG  [eBPF exit event inCache] -> 2074 [2023-03-01 09:06:22]  DBG  [eBPF exec event] ppid: 0, pid: 2076, /usr/bin/tput -> [/usr/bin/tput hpa 60] [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 2026 [2023-03-01 09:06:22]  DBG  [eBPF exit event inCache] -> 2026 [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 2024 [2023-03-01 09:06:22]  DBG  [eBPF exit event inCache] -> 2024 [2023-03-01 09:06:22]  DBG  [eBPF exec event] ppid: 0, pid: 2060, /usr/sbin/alsactl -> [alsactl -E HOME=/run/alsa -E XDG_RUNTIME_DIR= store] [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 1427 [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 2068 [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 2069 [2023-03-01 09:06:22]  DBG  [eBPF exit event inCache] -> 2069 [2023-03-01 09:06:22]  DBG  [eBPF exec event] ppid: 0, pid: 2041, /usr/bin/which -> [which amixer] [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 2064 [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 2039 [2023-03-01 09:06:22]  DBG  [eBPF exit event inCache] -> 2039 [2023-03-01 09:06:22]  DBG  [eBPF exec event] ppid: 0, pid: 2073, /bin/sed -> [sed -e s/^SIG(.)/\1/] [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 2073 [2023-03-01 09:06:22]  DBG  [eBPF exit event inCache] -> 2073 [2023-03-01 09:06:22]  DBG  [eBPF exec event] ppid: 0, pid: 2075, /sbin/start-stop-daemon -> [/sbin/start-stop-daemon --stop --retry 5 --quiet --name uuidd --pidfile /run/uuidd/uuidd.pid] [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 2072 [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 1585 [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 2071 [2023-03-01 09:06:22]  DBG  [eBPF exec event] ppid: 0, pid: 2077, /usr/lib/dbus-1.0/dbus-daemon-launch-helper -> [/usr/lib/dbus-1.0/dbus-daemon-launch-helper org.freedesktop.nm_dispatcher] [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 1587 [2023-03-01 09:06:22]  DBG  [eBPF exec event] ppid: 0, pid: 2077, /usr/lib/NetworkManager/nm-dispatcher -> [/usr/lib/NetworkManager/nm-dispatcher] [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 2076 [2023-03-01 09:06:22]  DBG  [eBPF exit event inCache] -> 2076 [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 1555 [2023-03-01 09:06:22]  DBG  [eBPF exec event] ppid: 0, pid: 2040, /bin/run-parts -> [run-parts --lsbsysinit --list /lib/lsb/init-functions.d] [2023-03-01 09:06:22]  DBG  [eBPF exec event] ppid: 0, pid: 2055, /bin/cat -> [cat /proc/sys/kernel/random/poolsize] [2023-03-01 09:06:22]  DBG  [eBPF exec event] ppid: 0, pid: 2045, /bin/run-parts -> [run-parts --lsbsysinit --list /lib/lsb/init-functions.d] [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 2053 [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 2045 [2023-03-01 09:06:22]  DBG  [eBPF exit event inCache] -> 2045 [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 2040 [2023-03-01 09:06:22]  DBG  [eBPF exit event inCache] -> 2040 [2023-03-01 09:06:22]  DBG  [eBPF exec event] ppid: 0, pid: 2078, /usr/bin/tput -> [/usr/bin/tput setaf 1] [2023-03-01 09:06:22]  DBG  [eBPF exec event] ppid: 0, pid: 2079, /sbin/start-stop-daemon -> [start-stop-daemon --stop --quiet --pidfile /var/run/slim.lock --name slim --retry TERM/5/TERM/5] [2023-03-01 09:06:22]  DBG  [eBPF exec event] ppid: 0, pid: 2083, /usr/bin/basename -> [basename /etc/init.d/lvm2-lvmpolld] [2023-03-01 09:06:22]  DBG  [eBPF exec event] ppid: 0, pid: 2053, /bin/cat -> [cat /proc/cmdline] [2023-03-01 09:06:22]  DBG  [eBPF exec event] ppid: 0, pid: 2067, /bin/run-parts -> [run-parts --lsbsysinit --list /lib/lsb/init-functions.d] [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 2060 [2023-03-01 09:06:22]  DBG  [eBPF exit event inCache] -> 2060 [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 2067 [2023-03-01 09:06:22]  DBG  [eBPF exit event inCache] -> 2067 [2023-03-01 09:06:22]  DBG  [eBPF exec event] ppid: 0, pid: 2081, /sbin/start-stop-daemon -> [start-stop-daemon --stop --quiet --signal QUIT --name opensnitchd] [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 2083 [2023-03-01 09:06:22]  DBG  [eBPF exit event inCache] -> 2083 [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 1860 [2023-03-01 09:06:22]  DBG  [eBPF exit event inCache] -> 1860 [2023-03-01 09:06:22]  DBG  [eBPF exec event] ppid: 0, pid: 2086, /bin/sleep -> [sleep 1] [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 1860 [2023-03-01 09:06:22]  DBG  Lost ebpf events: 2 [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 1849 [2023-03-01 09:06:22]  DBG  [eBPF exec event] ppid: 0, pid: 2085, /usr/bin/tput -> [/usr/bin/tput setaf 1] [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 2078 [2023-03-01 09:06:22]  DBG  [eBPF exit event inCache] -> 2078 [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 1804 [2023-03-01 09:06:22]  DBG  [eBPF exit event inCache] -> 1804 [2023-03-01 09:06:22]  DBG  [eBPF exec event] ppid: 0, pid: 2089, /usr/bin/tput -> [/usr/bin/tput setaf 3] [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 1555 [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 1690 [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 1555 [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 2089 [2023-03-01 09:06:22]  DBG  [eBPF exit event inCache] -> 2089 [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 1555 [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 2091 [2023-03-01 09:06:22]  DBG  [eBPF exec event] ppid: 0, pid: 2092, /usr/bin/tput -> [/usr/bin/tput hpa 60] [2023-03-01 09:06:22]  DBG  [eBPF exec event] ppid: 0, pid: 2095, /usr/bin/tput -> [/usr/bin/tput setaf 1] [2023-03-01 09:06:22]  DBG  [eBPF exec event] ppid: 0, pid: 2096, /sbin/start-stop-daemon -> [start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec /sbin/lvmpolld] [2023-03-01 09:06:22]  DBG  [eBPF exec event] ppid: 0, pid: 2097, /usr/bin/tput -> [/usr/bin/tput setaf 1] [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 2097 [2023-03-01 09:06:22]  DBG  [eBPF exit event inCache] -> 2097 [2023-03-01 09:06:22]  DBG  [eBPF exec event] ppid: 0, pid: 2091, /bin/cat -> [cat /proc/cmdline] [2023-03-01 09:06:22]  DBG  [eBPF exec event] ppid: 0, pid: 2098, /usr/bin/tput -> [/usr/bin/tput setaf 3] [2023-03-01 09:06:22]  DBG  [eBPF exec event] ppid: 0, pid: 2099, /bin/rm -> [rm -f /run/lvmpolld.pid] [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 2092 [2023-03-01 09:06:22]  DBG  [eBPF exit event inCache] -> 2092 [2023-03-01 09:06:22]  DBG  [eBPF exec event] ppid: 0, pid: 2100, /usr/bin/tput -> [/usr/bin/tput hpa 60] [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 2085 [2023-03-01 09:06:22]  DBG  [eBPF exit event inCache] -> 2085 [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 2100 [2023-03-01 09:06:22]  DBG  [eBPF exit event inCache] -> 2100 [2023-03-01 09:06:22]  ERR  getting notifications: rpc error: code = Unavailable desc = transport is closing [2023-03-01 09:06:22]  INF  Stop receiving notifications [2023-03-01 09:06:22]  DBG  client.disconnect()

[2023-03-01 09:06:22]  IMP  Got signal: quit [2023-03-01 09:06:22]  INF  Cleaning up ... [2023-03-01 09:06:22]  DBG  stop monitoring firewall config file [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 2099 [2023-03-01 09:06:22]  DBG  [eBPF exit event inCache] -> 2099 [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 1936 [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 1925 [2023-03-01 09:06:22]  DBG  [eBPF exit event inCache] -> 1925 [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 1910 [2023-03-01 09:06:22]  DBG  [eBPF exit event inCache] -> 1910 [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 1910 [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 1863 [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 1863 [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 1862 [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 1860 [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 1860 [2023-03-01 09:06:22]  DBG  [eBPF exec event] ppid: 0, pid: 2102, /usr/bin/tput -> [/usr/bin/tput setaf 1] [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 1860 [2023-03-01 09:06:22]  DBG  worker channel closed 6 [2023-03-01 09:06:22]  DBG  worker #6 exit [2023-03-01 09:06:22]  DBG  worker channel closed 15 [2023-03-01 09:06:22]  DBG  worker #15 exit [2023-03-01 09:06:22]  DBG  worker channel closed 14 [2023-03-01 09:06:22]  DBG  worker #14 exit [2023-03-01 09:06:22]  DBG  worker channel closed 13 [2023-03-01 09:06:22]  DBG  worker #13 exit [2023-03-01 09:06:22]  DBG  worker channel closed 11 [2023-03-01 09:06:22]  DBG  worker #11 exit [2023-03-01 09:06:22]  DBG  worker channel closed 12 [2023-03-01 09:06:22]  DBG  worker #12 exit [2023-03-01 09:06:22]  DBG  worker channel closed 9 [2023-03-01 09:06:22]  DBG  worker #9 exit [2023-03-01 09:06:22]  DBG  worker channel closed 8 [2023-03-01 09:06:22]  DBG  worker #8 exit [2023-03-01 09:06:22]  DBG  worker channel closed 7 [2023-03-01 09:06:22]  DBG  worker #7 exit [2023-03-01 09:06:22]  DBG  worker channel closed 10 [2023-03-01 09:06:22]  DBG  worker #10 exit [2023-03-01 09:06:22]  DBG  worker channel closed 5 [2023-03-01 09:06:22]  DBG  worker #5 exit [2023-03-01 09:06:22]  DBG  worker channel closed 2 [2023-03-01 09:06:22]  DBG  worker #2 exit [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 2102 [2023-03-01 09:06:22]  DBG  worker channel closed 1 [2023-03-01 09:06:22]  DBG  worker #1 exit [2023-03-01 09:06:22]  DBG  worker channel closed 0 [2023-03-01 09:06:22]  DBG  worker #0 exit [2023-03-01 09:06:22]  DBG  worker channel closed 4 [2023-03-01 09:06:22]  DBG  worker #4 exit [2023-03-01 09:06:22]  DBG  worker channel closed 3 [2023-03-01 09:06:22]  DBG  worker #3 exit [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 1912 [2023-03-01 09:06:22]  DBG  [eBPF exit event inCache] -> 1912 [2023-03-01 09:06:22]  DBG  [eBPF exit event inCache] -> 2102 [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 1860 [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 1849 [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 1860 [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 1804 [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 2081 [2023-03-01 09:06:22]  DBG  [eBPF exit event inCache] -> 2081 [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 2087 [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 2075 [2023-03-01 09:06:22]  DBG  [eBPF exit event inCache] -> 2075 [2023-03-01 09:06:22]  DBG  [eBPF exec event] ppid: 0, pid: 2087, /usr/bin/basename -> [basename /sbin/lvmpolld] [2023-03-01 09:06:22]  DBG  [eBPF exec event] ppid: 0, pid: 2090, /bin/sleep -> [sleep 1] [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 2093 [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 2031 [2023-03-01 09:06:22]  DBG  [eBPF exit event inCache] -> 2031 [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 1860 [2023-03-01 09:06:22]  DBG  [eBPF exec event] ppid: 0, pid: 2094, /sbin/start-stop-daemon -> [start-stop-daemon --stop --quiet --oknodo --retry=TERM/30/KILL/5 --pidfile /run/lvmpolld.pid --name lvmpolld --exec /sbin/lvmpolld] [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 1441 [2023-03-01 09:06:22]  DBG  [eBPF exec event] ppid: 0, pid: 2093, /usr/bin/tput -> [/usr/bin/tput op] [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 2094 [2023-03-01 09:06:22]  DBG  [eBPF exit event inCache] -> 2094 [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 2005 [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 2005 [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 2095 [2023-03-01 09:06:22]  DBG  [eBPF exit event inCache] -> 2095 [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 2005 [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 1863 [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 2005 [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 1860 [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 1860 [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 2096 [2023-03-01 09:06:22]  DBG  [eBPF exit event inCache] -> 2096 [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 1860 [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 1860 [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 1860 [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 1860 [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 1849 [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 1862 [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 1860 [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 1804 [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 1845 [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 1845 [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 1909 [2023-03-01 09:06:22]  DBG  [eBPF exec event] ppid: 0, pid: 2103, /usr/bin/tput -> [/usr/bin/tput setaf 1] [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 1906 [2023-03-01 09:06:22]  DBG  [eBPF exit event inCache] -> 1906 [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 1911 [2023-03-01 09:06:22]  DBG  [eBPF exit event inCache] -> 1911 [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 1892 [2023-03-01 09:06:22]  DBG  [eBPF exit event inCache] -> 1892 [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 1860 [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 1857 [2023-03-01 09:06:22]  DBG  [eBPF exit event inCache] -> 1857 [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 1860 [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 1845 [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 1860 [2023-03-01 09:06:22]  DBG  [eBPF event inCache] -> 1873 [2023-03-01 09:06:22]  DBG  [eBPF event inCache] -> 1873 [2023-03-01 09:06:22]  DBG  [eBPF event inCache] -> 1873 [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 1882 [2023-03-01 09:06:22]  INF  exit checking firewall rules [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 1882 [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 1882 [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 1892 [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 1904 [2023-03-01 09:06:22]  DBG  [eBPF exit event inCache] -> 1904 [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 1906 [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 1892 [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 1909 [2023-03-01 09:06:22]  DBG  perfMap goroutine exited #3 [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 1909 [2023-03-01 09:06:22]  DBG  perfMap goroutine exited #2 [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 1906 [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 1909 [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 1910 [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 1911 [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 1911 [2023-03-01 09:06:22]  DBG  perfMap goroutine exited #0 [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 1862 [2023-03-01 09:06:22]  DBG  [eBPF exit event] -> 1912 [2023-03-01 09:06:22]  DBG  perfMap goroutine exited #1 [2023-03-01 09:06:22]  DBG  [ebpf] tcp6 map: 0 active items [2023-03-01 09:06:22]  DBG  [ebpf] udp map: 0 active items [2023-03-01 09:06:22]  DBG  [ebpf] udp6 map: 0 active items [2023-03-01 09:06:22]  DBG  [ebpf] tcp map: 0 active items [2023-03-01 09:06:23]  INF  Client.poller() exit, Done() [2023-03-01 09:06:23]  INF  uiClient exit [2023-03-01 09:06:27]  WAR  queue stuck, closing by timeout [2023-03-01 09:06:27]  WAR  Queue.destroy(), nfq_close() not closed: -1 [2023-03-01 09:06:53]  IMP  Start writing logs to /var/log/opensnitchd.log [2023-03-01 09:06:53]  DBG  ebpf module not found: open /usr/local/lib/opensnitchd/ebpf/opensnitch.o: no such file or directory, /usr/local/lib/opensnitchd/ebpf/opensnitch.o [2023-03-01 09:06:53]  DBG  ebpf module not found: error while loading "kretprobe/tcp_v4_connect" (resource temporarily unavailable): processed 1 insns (limit 1000000) max_states_per_insn 0 total_states 0 peak_states 0 mark_read 0 ��14 3: (7b) (u64 )(r10 -16) = r0 4: (bf) r2 = r10 5: (07) r2 += -16 6: (bf) r3 = r10 7: (07) r3 += -8 8: (18) r1 = 0xffff8fa284960c00 10: (b7) r4 = 0 11: (85) call bpf_map_update_elem#2 12: (b7) r0 = 0 13: (95) exit

[Tandaran3]

Part 2

[2023-03-01 09:06:53]  DBG  ebpf module not found: open /etc/opensnitchd/opensnitch.o: no such file or directory, /etc/opensnitchd/opensnitch.o [2023-03-01 09:06:53]  ERR  unable to load eBPF module (opensnitch.o). Your kernel version (5.10.0-21-amd64) might not be compatible. If this error persists, change process monitor method to 'proc' [2023-03-01 09:06:53]  ERR  [eBPF]: unable to load eBPF module (opensnitch.o). Your kernel version (5.10.0-21-amd64) might not be compatible. If this error persists, change process monitor method to 'proc' [2023-03-01 09:06:53]  WAR  error starting ebpf monitor method: unable to load eBPF module (opensnitch.o). Your kernel version (5.10.0-21-amd64) might not be compatible. If this error persists, change process monitor method to 'proc' [2023-03-01 09:06:53]  INF  Process monitor method /proc [2023-03-01 09:06:53]  WAR  Unable to set new process monitor (ebpf) method from disk: unable to load eBPF module (opensnitch.o). Your kernel version (5.10.0-21-amd64) might not be compatible. If this error persists, change process monitor method to 'proc' [2023-03-01 09:06:53]  DBG  UI not connected, queueing alert: 0 [2023-03-01 09:06:53]  INF  Stats, max events: 25, max stats: 150, max workers: 6 [2023-03-01 09:06:53]  DBG  Starting 16 workers ... [2023-03-01 09:06:53]  DBG  Worker #0 started. [2023-03-01 09:06:53]  DBG  Worker #15 started. [2023-03-01 09:06:53]  DBG  Stats worker #1 started. [2023-03-01 09:06:53]  DBG  Worker #2 started. [2023-03-01 09:06:53]  DBG  Worker #1 started. [2023-03-01 09:06:53]  DBG  Stats worker #0 started. [2023-03-01 09:06:53]  DBG  Worker #11 started. [2023-03-01 09:06:53]  DBG  Worker #13 started. [2023-03-01 09:06:53]  DBG  Worker #8 started. [2023-03-01 09:06:53]  DBG  Worker #14 started. [2023-03-01 09:06:53]  DBG  Worker #10 started. [2023-03-01 09:06:53]  DBG  Worker #3 started. [2023-03-01 09:06:53]  DBG  Worker #4 started. [2023-03-01 09:06:53]  DBG  Worker #5 started. [2023-03-01 09:06:53]  DBG  Worker #6 started. [2023-03-01 09:06:53]  DBG  Stats worker #2 started. [2023-03-01 09:06:53]  DBG  Stats worker #3 started. [2023-03-01 09:06:53]  DBG  Stats worker #4 started. [2023-03-01 09:06:53]  DBG  Stats worker #5 started. [2023-03-01 09:06:53]  DBG  Worker #12 started. [2023-03-01 09:06:53]  DBG  Worker #9 started. [2023-03-01 09:06:53]  DBG  Worker #7 started. [2023-03-01 09:06:53]  INF  nftables config changed, reloading [2023-03-01 09:06:53]  INF  fw configuration loaded [2023-03-01 09:06:54]  INF  Using nftables firewall [2023-03-01 09:06:54]  INF  Running on netfilter queue #0 ... [2023-03-01 09:06:54]  DBG  ebpf module not found: open /usr/local/lib/opensnitchd/ebpf/opensnitch-dns.o: no such file or directory, /usr/local/lib/opensnitchd/ebpf/opensnitch-dns.o [2023-03-01 09:06:54]  DBG  UI not connected, queueing alert: 0 [2023-03-01 09:06:54]  DBG  UI service poller started for socket /tmp/osui.sock [2023-03-01 09:06:54]  INF  [eBPF] module loaded: /usr/lib/opensnitchd/ebpf/opensnitch-dns.o

[Maziar123]

I have same problem in arch linux & Manjaro with kernel 6.1

[gustavo-iniguez-goya]

thank you @Tandaran3 ! this is the error:

ebpf module not found: error while loading "kretprobe/tcp_v4_connect" (resource temporarily unavailable):
processed 1 insns (limit 1000000) max_states_per_insn 0 total_states 0 peak_states 0 mark_read 0

3: (7b) *(u64 *)(r10 -16) = r0
4: (bf) r2 = r10
5: (07) r2 += -16
6: (bf) r3 = r10
7: (07) r3 += -8
8: (18) r1 = 0xffff8fa284960c00
10: (b7) r4 = 0
11: (85) call bpf_map_update_elem#2
12: (b7) r0 = 0
13: (95) exit

I'll try to reproduce it.

@Maziar123 , without logs, it's hard to determine if your problem is the same than this issue (different distro, different kernel)

[gustavo-iniguez-goya]

I've rebooted my Devuan Chimaera like 40 times, and it hasn't failed not a single time :( It also worked on Manjaro (kernel 5.15.x)

If I remember correctly (with v1.4.x), this issue ("kretprobe/tcp_v4_connect" (resource temporarily unavailable) used to happen when stopping the daemon. But never when booting up the computer.

[Tandaran3]

Maybe you dig in a wrong place? I believe that "kretprobe/tcp_v4_connect" debag code that you think the problem, arose before last reboot, before appearing bug. Apparmor with apparmor-profiles-extra may conflict with opensnitch? I will try later fully remove apparmor and reproduce problem. @Maziar123 do you use apparmor? I

[red-gecko27]

Same issue in archlinux 6.3.9-arch1-1 after update opensnitch from 1.5.8-1 to 1.6.0-1

[2023-06-23 13:02:56]  IMP  Start writing logs to /var/log/opensnitchd.log
[2023-06-23 13:02:56]  DBG  ebpf module not found: open /usr/local/lib/opensnitchd/ebpf/opensnitch.o: no such file or directory, /usr/local/lib/opensnitchd/ebpf/opensnitch.o
[2023-06-23 13:02:56]  DBG  ebpf module not found: open /usr/lib/opensnitchd/ebpf/opensnitch.o: no such file or directory, /usr/lib/opensnitchd/ebpf/opensnitch.o
[2023-06-23 13:02:56]  DBG  ebpf module not found: open /etc/opensnitchd/opensnitch.o: no such file or directory, /etc/opensnitchd/opensnitch.o
[2023-06-23 13:02:56]  ERR  
unable to load eBPF module (opensnitch.o). Your kernel version (6.3.9-arch1-1) might not be compatible.
If this error persists, change process monitor method to 'proc'
[2023-06-23 13:02:56]  ERR  [eBPF]: 
unable to load eBPF module (opensnitch.o). Your kernel version (6.3.9-arch1-1) might not be compatible.
If this error persists, change process monitor method to 'proc'
[2023-06-23 13:02:56]  WAR  error starting ebpf monitor method: 
unable to load eBPF module (opensnitch.o). Your kernel version (6.3.9-arch1-1) might not be compatible.
If this error persists, change process monitor method to 'proc'
[2023-06-23 13:02:56]  INF  Process monitor method /proc
[2023-06-23 13:02:56]  WAR  Unable to set new process monitor (ebpf) method from disk: 
unable to load eBPF module (opensnitch.o). Your kernel version (6.3.9-arch1-1) might not be compatible.
If this error persists, change process monitor method to 'proc'
[2023-06-23 13:02:56]  IMP  Start writing logs to /var/log/opensnitchd.log
[2023-06-23 13:02:56]  DBG  ebpf module not found: open /usr/local/lib/opensnitchd/ebpf/opensnitch.o: no such file or directory, /usr/local/lib/opensnitchd/ebpf/opensnitch.o
[2023-06-23 13:02:56]  DBG  ebpf module not found: open /usr/lib/opensnitchd/ebpf/opensnitch.o: no such file or directory, /usr/lib/opensnitchd/ebpf/opensnitch.o
[2023-06-23 13:02:56]  DBG  ebpf module not found: open /etc/opensnitchd/opensnitch.o: no such file or directory, /etc/opensnitchd/opensnitch.o
[2023-06-23 13:02:56]  ERR  
unable to load eBPF module (opensnitch.o). Your kernel version (6.3.9-arch1-1) might not be compatible.
If this error persists, change process monitor method to 'proc'
[2023-06-23 13:02:56]  ERR  [eBPF]: 
unable to load eBPF module (opensnitch.o). Your kernel version (6.3.9-arch1-1) might not be compatible.
If this error persists, change process monitor method to 'proc'
[2023-06-23 13:02:56]  WAR  error starting ebpf monitor method: 
unable to load eBPF module (opensnitch.o). Your kernel version (6.3.9-arch1-1) might not be compatible.
If this error persists, change process monitor method to 'proc'
[2023-06-23 13:02:56]  INF  Process monitor method /proc
[2023-06-23 13:02:56]  WAR  Unable to set new process monitor (ebpf) method from disk: 
unable to load eBPF module (opensnitch.o). Your kernel version (6.3.9-arch1-1) might not be compatible.
If this error persists, change process monitor method to 'proc'

[ra1nb0w]

Same issue with archlinux 6.1.35-1-lts after upgrading to 1.6.0

[fractalf]

Same here..

[2023-07-04 18:32:24]  IMP  Start writing logs to /var/log/opensnitchd.log
[2023-07-04 18:32:24]  ERR  
unable to load eBPF module (opensnitch.o). Your kernel version (6.3.3.15.realtime2-1-rt) might not be compatible.
If this error persists, change process monitor method to 'proc'
[2023-07-04 18:32:24]  ERR  [eBPF]: 
unable to load eBPF module (opensnitch.o). Your kernel version (6.3.3.15.realtime2-1-rt) might not be compatible.
If this error persists, change process monitor method to 'proc'
[2023-07-04 18:32:24]  WAR  error starting ebpf monitor method: 
unable to load eBPF module (opensnitch.o). Your kernel version (6.3.3.15.realtime2-1-rt) might not be compatible.
If this error persists, change process monitor method to 'proc'
[2023-07-04 18:32:24]  WAR  Unable to set new process monitor (ebpf) method from disk: 
unable to load eBPF module (opensnitch.o). Your kernel version (6.3.3.15.realtime2-1-rt) might not be compatible.
If this error persists, change process monitor method to 'proc'
[2023-07-04 18:32:24]  ERR  [eBPF DNS]: 
unable to load eBPF module (opensnitch-dns.o). Your kernel version (6.3.3.15.realtime2-1-rt) might not be compatible.
If this error persists, change process monitor method to 'proc'
[2023-07-04 18:32:24]  WAR  EBPF-DNS: Unable to attach ebpf listener: 
unable to load eBPF module (opensnitch-dns.o). Your kernel version (6.3.3.15.realtime2-1-rt) might not be compatible.
If this error persists, change process monitor method to 'proc'
[2023-07-04 18:33:35]  IMP  UI connected, dispathing queued alerts: 0
[2023-07-04 18:33:35]  WAR  notification channel closed by the server
[2023-07-04 18:33:36]  ERR  Connection to the UI service lost.
[2023-07-04 18:33:37]  IMP  UI connected, dispathing queued alerts: 0

$ opensnitchd --version
1.6.0

$ neofetch --off 
alf@studio 
---------- 
OS: EndeavourOS Linux x86_64 
Host: B650 GAMING X AX 
Kernel: 6.3.3.15.realtime2-1-rt 
Uptime: 17 mins 
Packages: 986 (pacman) 
Shell: zsh 5.9 
Resolution: 1920x1200, 1920x1200 
DE: Cinnamon 5.8.3 
WM: Mutter (Muffin) 
WM Theme: CBlack (Adwaita) 
Theme: CBlack [GTK2/3] 
Icons: Adwaita [GTK2/3] 
Terminal: terminator 
CPU: AMD Ryzen 7 7700 (16) @ 3.800GHz 
GPU: AMD ATI 0f:00.0 Raphael 
Memory: 1849MiB / 31238MiB 

[gustavo-iniguez-goya]

according to @red-gecko27's logs, the ebpf modules are not installed:

[2023-06-23 13:02:56]  DBG  ebpf module not found: open /usr/local/lib/opensnitchd/ebpf/opensnitch.o: no such file or directory, /usr/local/lib/opensnitchd/ebpf/opensnitch.o
[2023-06-23 13:02:56]  DBG  ebpf module not found: open /usr/lib/opensnitchd/ebpf/opensnitch.o: no such file or directory, /usr/lib/opensnitchd/ebpf/opensnitch.o
[2023-06-23 13:02:56]  DBG  ebpf module not found: open /etc/opensnitchd/opensnitch.o: no such file or directory, /etc/opensnitchd/opensnitch.o

You need those modules in order ebpf to work.

[gustavo-iniguez-goya]

You can download precompiled modules from the github Action (at the bottom of the page, opensnitch-ebpf-modules-6.0-master): https://github.com/evilsocket/opensnitch/actions/runs/5322202159

And copy the modules to /usr/lib/opensnitchd/ebpf/ (create the dirs if they don't exist).

[fractalf]

@gustavo-iniguez-goya Thanks, that worked very well for me

[jiripospisil]

If you're on Arch Linux, you need to install opensnitch-ebpf-module from AUR to make ebpf work (no idea why it's not part of the official package, seems broken).

$ pacman -Ql opensnitch-ebpf-module
opensnitch-ebpf-module /usr/
opensnitch-ebpf-module /usr/lib/
opensnitch-ebpf-module /usr/lib/opensnitchd/
opensnitch-ebpf-module /usr/lib/opensnitchd/ebpf/
opensnitch-ebpf-module /usr/lib/opensnitchd/ebpf/opensnitch-dns.o
opensnitch-ebpf-module /usr/lib/opensnitchd/ebpf/opensnitch-procs.o
opensnitch-ebpf-module /usr/lib/opensnitchd/ebpf/opensnitch.o

[fractalf]

@jiripospisil Nice, even better! Then I can just use yay/pacman. Weird that this "suddenly" happened after some update a few weeks back, but who cares as long as it works! Will put this into my Brain Notes (tm) . Thanks :)

[gustavo-iniguez-goya]

I've changed the behaviour to send 2 errors: one if the module is not found in any of the paths, and another one if there have been any errors loading the module.

Hopefully it'll help users to identify better what went wrong. Thank you everyone!