On Thursday, June 1, 2023 6:22:14 PM EDT Gustavo Iñiguez Goya wrote: > Petter is correct: we fall back to proc when ebpf can't be used. > There's no difference in setting it to proc or let it fail.
> The error is "open /etc/opensnitchd/opensnitch.o: no such file or > directory" This causes the settings not to be saved, because the > default monitor method is 'ebpf' and it fails loading the module. > Changing it to 'proc' applies the configuration. So the only difference between 'ebpf' and 'proc' in Debian right now is whether 'Debug invalid connections' fails mysteriously when enabled? > The main problem is to decide how the modules should be distributed: > precompiled or compiled on every machine. The latter would add extra > dependencies: clang, llvm, kernel headers, etc. > And as part of the 'opensnitch' package or as a new package? If the modules cannot be distributed precompiled, I would expect a separate Suggested package to depend on any development libraries. In that case the default method in bookworm should be changed to 'proc' so that users must explicitly choose 'ebpf' before seeing this error.
