[Petter Reinholdtsen] > I use opensnitch with NFS on Debian Bookworm, and have not noticed it > is making NFS unusable. How did you end up with this conclusion?
I may be in error here. Having personally confirmed that wireguard was broken by the default opensnitch configuration in Debian, I only assumed that NFS would be equally affected by the missing eBPF module. [0] > I had problems with UDP traffic and Minecraft earlier, as seen in > <URL: https://github.com/evilsocket/opensnitch/issues/813 >, but > managed to get it working by enabling 'Debug invalid connections' in > the Nodes tab of the preferences. With the default setting to use eBPF monitoring, the option to 'Debug invalid connections' has no effect unless /etc/opensnitchd/opensnitch.o exists. Since the eBPF method requires this module to achieve parity with proc monitoring, an alternative to patching the build process would be an emergency change of that default before the Debian 12 release. > When that is said, I would very much like to see ebpf support in > Debian. I know upstream is working on figuring this out and that > patches would be most welcome. Perhaps you can provide some? My initial bug report lists what I believe to be the minimum changes that need to be ported from upstream to enable drop-in eBPF support for our current version. If these changes are small enough to eventually include in bookworm then it would definitely be worth patching. Otherwise, the proc method should be made the default for this release and eBPF considered unsupported in Debian until opensnitch 1.6.0+. [0] https://github.com/evilsocket/opensnitch/pull/513
