search

harporoeder / ebpfsnitch

Linux Application Level Firewall based on eBPF and NFQUEUE.
BSD 3-Clause "New" or "Revised" License
692 stars 34 forks source link

compilation error where `cf-protection=return` isn't available #6

Open myyc opened 3 years ago

myyc commented 3 years ago

i suspect it has to do with my CPU (AMD Ryzen 5 5600X).

error: option 'cf-protection=return' cannot be specified on this target
error: option 'cf-protection=branch' cannot be specified on this target

my knowledge of llvm is very little ~so i don't know how much of a deal-breaker removing this is, but it compiles nevertheless~ disregard, i tried it, it seems to work fine.

bonus: not worth including this in a separate ticket, but on arch linux you need to add vim to the dependencies since apparently xxd is included there – my excuse for not having vim installed is that i use neovim which apparently doesn't ship xxd.

harporoeder commented 3 years ago

Oh thanks for pointing out the xxd issue. It is annoying how Arch packages that but oh well. I will update the package list in the README, and also the PKGBUILD for the AUR.

As to your primary problem: I'm not sure what the context is of your error. Is this during the compilation of the eBPF or during the compilation of the main application? Are you adding a flag somewhere to resolve this? Except for enabling compilation warnings I don't really have any build flags in the CMake file.

myyc commented 3 years ago

sorry i should elaborate more as i did some work to fix the PKGBUILD to sort this out. so, i'm not sure where this happens because you don't seem to specify any weird CFLAGS, but for some reason cf-protection=return gets added, and it breaks the build. i edited PKGBUILD to sort it out, but it's a hack and i would not recommend it.

build() {
    cd "$srcdir/ebpfsnitch-$pkgver"
    mkdir build && cd build
    cmake -D CMAKE_INSTALL_PREFIX="/usr/bin" ..
    # the following two lines are the CFLAGS in the cmake cache, minus cf-protection=return
    cmake -D CMAKE_C_FLAGS:STRING="-march=x86-64 -mtune=generic -O2 -pipe -fno-plt -fexceptions         -Wp,-D_FORTIFY_SOURCE=2,-D_GLIBCXX_ASSERTIONS         -Wformat -Werror=format-security         -fstack-clash-protection" ..
    cmake -D CMAKE_CXX_FLAGS:STRING="-march=x86-64 -mtune=generic -O2 -pipe -fno-plt -fexceptions         -Wp,-D_FORTIFY_SOURCE=2,-D_GLIBCXX_ASSERTIONS         -Wformat -Werror=format-security         -fstack-clash-protection" ..
   make
}
harporoeder commented 3 years ago

Hey @myyc I have a follow up.

I had a friend reproduce this on a couple machines I would of expected it to work on so this does not seem to be a weird one off issue. I'll try and get a fix up in the near future.