-
Notifications
You must be signed in to change notification settings - Fork 90
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
app-admin/opensnitch: add 1.5.8 #1497
Conversation
Signed-off-by: Kai-Chun Ning <[email protected]>
Upstream added tag for 1.5.8, I would also add I also keep getting this error message when trying to use opensnitch, I have the daemon running but it doesn't seem to intercept any applications.
Config:
|
Also I keep on getting this error while trying to use opensnitch using this ebuild:
More info here: evilsocket/opensnitch#864 |
This will also require the updated ebpf module from here: https://github.com/evilsocket/opensnitch/suites/11211766286/artifacts/573542265 as mentioned in the thread in my previous comment |
Also add |
Thank you for the suggestion, I have updated the PR accordingly. For the eBPF issue, I tried to build it manually with Linux 6.2 per instructions here: https://github.com/evilsocket/opensnitch/tree/master/ebpf_prog
But even after applying the patch to this file, both the
I think there might be other breaking changes that need to be addressed by the upstream. It'd be another story however if one can use opensnitch.o built with Linux 5.8 on kernel 6.2 |
I'm running kernel 6.2.0 and had no issues installing it with this ebuild: http://sprunge.us/NpUieD If properly installed, make sure to remove opensnitch.o in /etc/opensnitchd/ and replace it with opensnitch.o from this zip file: https://github.com/evilsocket/opensnitch/suites/11211766286/artifacts/573542265 |
Do note, you need to have a lot more kernel modules as mentioned here: evilsocket/opensnitch#774 |
Updated the ebuild to have required kernel checks from the issue above: http://sprunge.us/qQxgWp |
Thank you for the input, and confirmation that the ebuild works. I'm not sure why but the link to the zip file doesn't work unless the user is logged in
Replacing What do you think @ZeroChaos- @blshkv ? |
@kcning you can't build opensnitch.o locally because the proper "out-of-tree" way is not supported, however, the upstream do publish the updated version sometimes, so you can pull it from github if it is available. |
fcd922b
to
8fbc32b
Compare
Signed-off-by: Kai-Chun Ning <[email protected]>
Signed-off-by: Kai-Chun Ning <[email protected]>
Thank you for the quick reply. I agree that a proper "out-of-tree" kernel module would be better. It might take a while however before the upstream supports it. For now, I created a temporary package that builds opensnitch.o per upstream instructions. I tested the patch set on amd64, but in theory it should also work on arm. Please let me know if anything should change. And if it's good, please merge the PR. |
This patch set fixes the build issue with go >= 1.19, and update opensnitch to version 1.5.8
A new package app-admin/opensnitch-ebpf-module is added, which builds ebpf module locally from source.
A new use flag 'bpf' is added, which pulls in app-admin/opensnitch-epbf-module if enabled.
Kernel config options required for basic operation and for ebpf are separated and checked independently.
Closes issue: #1486.
Signed-off-by: Kai-Chun Ning [email protected]