opensnitch icon indicating copy to clipboard operation
opensnitch copied to clipboard
verified publisher icon evilsocket

Use kernel build system to build EBPF prog

Open daym opened this issue 4 months ago • 3 comments

It's probably easier to use the Linux kernel build system to build EBPF modules that will be run by the Linux kernel.

That's what this PR does.

I tried to keep clang and lld, though no idea whether it's required. And it certainly takes a lot of flag patching then, and introduces risk that clang and whatever Linux was built with dont agree on the ABI.

daym avatar Sep 03 '25 21:09 daym

hi @daym , thanks for this proposal.

Unless the PR adds new interesting functionality or solves an issue, I'm usually reluctant to change things just because. Maybe the Makefile is not beautiful, but it works for compiling the modules on all the architectures Debian support.

So the first question is in what architectures have you tested your changes. We need to support the existing array or archs.

On the other hand, the Makefile seems to have a problem with the double backslash \\:

~ $ make KERNEL_DIR=../linux-6.0/ KERNEL_HEADERS=../linux-6.0/ ARCH=x86
Makefile:22: *** recipe commences before first target.  Stop.

Once fixed, it fails to compile:

~ $ make V=1 KERNEL_DIR=../linux-6.0/ KERNEL_HEADERS=../linux-6.0/ ARCH=x86
make -C ../linux-6.0/ M=/opensnitch/ebpf_prog CC=clang
make[1]: Entering directory '/opensnitch/linux-6.0'
echo >&2;							\
echo >&2 "  ERROR: Kernel configuration is invalid.";		\
echo >&2 "         include/generated/autoconf.h or include/config/auto.conf are missing.";\
echo >&2 "         Run 'make oldconfig && make prepare' on kernel src to fix it.";	\
echo >&2 ;							\
/bin/false)
warning: the compiler differs from the one used to build the kernel
  The kernel was built by: gcc (Debian 10.2.1-6) 10.2.1 20210110
  You are using:           Debian clang version 11.0.1-2
WARNING: Symbol version dump "Module.symvers" is missing.
         Modules may not have dependencies or modversions.
         You may get many unresolved symbol warnings.
  MODPOST /opensnitch/ebpf_prog/Module.symvers
make[1]: Leaving directory '/opensnitch/linux-6.0'

This is a pbuilder chroot, i686 arch. Other compilation scenarios are lxc containers for example. We also generally use kernels downloaded from kernel.org, not only the ones of the distributions.

gustavo-iniguez-goya avatar Sep 11 '25 21:09 gustavo-iniguez-goya

Hi, the background is we are trying to package opensnitch for GNU Guix, see https://codeberg.org/guix/guix/pulls/2368

The reason why we even touched it is because it's including kernel headers using manual -I. This way, you wouldn't notice if the build flags changed because the kernel config did. Do you run without kernel config in the master version? How? Do the kernel headers even work without config?

daym avatar Sep 12 '25 10:09 daym

https://github.com/evilsocket/opensnitch/issues/712 I tried and failed to convince the author. FYI

blshkv avatar Nov 03 '25 10:11 blshkv