[Petter Reinholdtsen] > I believe this is a misunderstanding. Even if the default setting is > ebpf, it will fall back to using proc when it fail to find the ebpf > module.
My testing suggests this is not reliable with the default eBPF setting. Applying the 'Debug invalid connections' setting (in the absence of the module) only produces an error message about the file not existing. Clicking the Save button allows the option state to persist between invocations of the settings dialog, but it does not survive a reboot and wireguard is silently denied regardless. I suppose that could be a bug against the GUI package; I did not test it headless. It may be possible to use /etc/opensnitchd/system-fw.json as a workaround, but I did not try that since I was satisfied with the results of the procedure outlined at the beginning of this bug report. > I believe upstream would be pleased with help with this even if it do > not make it into bookworm. I think I used the 'upstream' tag wrong. The eBPF build process has already received a Debian-specific fix upstream, which will be part of OpenSnitch 1.6.0 when it is released. In this case, any patches would only be meaningful for bookworm, to exclude unrelated changes. I am interested in working on the patches to implement this fix, but if the change will not be compliant with bookworm update policy then the default monitor should be set to proc instead before it is too late.
