Feature request: Please add support for eBPF

[Danny3]

Hello!

For quite some time I wondered why does OpenSnitch application firewall doesn't work with the Xanmod kernel, until today, when I installed the latest version (v1.6.0-rc.3) which shows alerts related to eBPF and custom/hardened kernels:

https://github.com/evilsocket/opensnitch/releases/tag/v1.6.0-rc.3

I though up until now that it doesn't work because of missing support for nftables: https://github.com/xanmod/linux/issues/310

But after the installation of the new version of this firewall the problem became very clear with its alert message:

Unable to set new process monitor (ebpf) method from disk: exit status 32 Unable to access debugfs filesystem, needed for eBPF to work, likely caused by a hardened or customized kernel. Change process monitor method to 'proc' to stop receiving this alert

Which led me to find this page with very good explanation of what a kernel needs and what does Xanmod kernel doesn't have for it to work properly: https://github.com/evilsocket/opensnitch/issues/774

I switched the "process monitor method" from ebpf to proc as they recommend to not receive that alert anymore and the firewall works again normally.

But I'm not satisfied having to downgrade the process monitoring method to something less secure as explained here: https://github.com/evilsocket/opensnitch/wiki/monitor-method-ebpf The only reason why I'm trying to use a firewall, especially this one that is an application firewall and auto-detects connections initiated from the computer is because I want to have privacy and security on my computer. Pretty much the same main reasons why I chose to use Linux in the first place.

With MGLRU and other performance improvements already in the upstream Linux kernel 6.1 and more coming in the 6.2 version, I'm now wondering if running the Xanmod kernel is still worth the privacy and security risk of not running a firewall, especially one can detect new connections automatically and do it with a fast and accurate method such as eBPF.

The Xanmod kernel has visible performance improvements, but running games and other closed source programs, either native or through WINE poses serious risks which I rather not have and I rather not have all those performance improvements if I have to trade my privacy and security for it.

With all the performance improvements all over the place in the upstream Linux 6.1 and 6.1, I am willing to trade some performance gains, if that's needed, for the ability to have this firewall work as it should and protect my privacy and security as best it can.

I see that in the future Google engineers hope to integrate MGLRU with eBPF https://www.phoronix.com/news/MGLRU-LPC-2022 And there are many interesting things that can be done or people are preparing to do with eBPF: https://www.phoronix.com/search/eBPF

So, could you please add support for eBPF? Or, could you please add alternative files for the releases, with support for eBPF?

Thank you very much!