Your message dated Thu, 17 Apr 2025 17:57:59 +0200 with message-id <[email protected]> and subject line Re: opensnitch: Upstream change enables ebpf compilation has caused the Debian Bug report #1037006, regarding opensnitch: Explicitly use 'proc' fallback by default to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 1037006: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1037006 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: opensnitch Version: 1.5.8.1-1+b2 Severity: wishlist Tags: upstream Dear Maintainer, OpenSnitch in Debian is currently incompatible with (some?) kernel space network tools such as wireguard and NFS. These are entirely unusable so long as the opensnitchd service is running. An eBPF module is required when the user does not wish to completely block such traffic, but until recently the upstream build process could not be included in Debian. [0] The following information may be helpful for determining whether this change is small enough to include in a bookworm point release. I have confirmed this works with the package version mentioned above. Any new files are from the tree at commit 11baad0. [1] - Replace "ebpf_prog/Makefile" with the newer file and delete unknown targets (" opensnitch-procs.o opensnitch-dns.o") on line 30. - Remove "ebpf_prog/file.patch" since it is no longer needed. - Add directory "ebpf_prog/bpf_headers" containing 4 upstream files. - Rename "ebpf_prog/bpf_headers" to "ebpf_prog/bpf" for compatibility. With the appropriate linux-headers package installed, it should now be possible to run 'make' in the "ebpf_prog" directory and copy the resulting "opensnitch.o" file to "/etc/opensnitchd/". (The non-standard location is fixed upstream and will be deprecated in a future release.) [0] https://people.skolelinux.org/pere/blog/tags/opensnitch/ [1] https://github.com/evilsocket/opensnitch/tree/ 11baad083d5396f4d30af5ce5b1ae6ad80bb5478 -- System Information: Debian Release: 12.0 APT prefers testing-security APT policy: (500, 'testing-security'), (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 6.1.0-9-amd64 (SMP w/4 CPU threads; PREEMPT) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages opensnitch depends on: ii libc6 2.36-9 ii libnetfilter-queue1 1.0.5-3 ii libnfnetlink0 1.0.2-2 Versions of packages opensnitch recommends: ii python3-opensnitch-ui 1.5.8.1-1
--- End Message ---
--- Begin Message ---Version: 1.5.9-1 I no longer believe setting proc as the fallback is needed nor useful, as the daemon will automaticalla fall back to using proc if ebpf is unavailable. The 1.5.9-1 is picked fairly randomly as the first upload after 1.5.8.1-1, to get a semi-sensible version distribution in BTS. The 1.6.8 version currently in experimental seem to work well with ebpf, and I hope to get it into Trixie before the freeze. -- Happy hacking Petter Reinholdtsen
--- End Message ---
