See these comments: [#851](https://github.com/evilsocket/opensnitch/issues/851#issuecomment-1434624041) and [#851](https://github.com/evilsocket/opensnitch/issues/851#issuecomment-1434611009) , and issues: [#820](https://github.com/evilsocket/opensnitch/issues/820) [#768](https://github.com/evilsocket/opensnitch/issues/768)
Note: Since v1.6.0 you can use `opensnitchd -check-requirements` to know if your system is compatible.
For all the following errors:
* The daemon needs NET_ADMIN capabilities. For example, to run it in docker you need --cap-add NET_ADMIN, or you'll get some of the described errors.
*`Error while creating queue #0: Error binding to queue: operation not permitted.` ([#323](https://github.com/evilsocket/opensnitch/issues/323))
- Be sure that the daemon is not already running, check it out with: pgrep -a opensnitchd, output should be empty)
- You should only have one opensnitchd binary at /usr/bin/opensnitchd . If you have others (for example in /usr/local/bin), investigate why it's there, and rename it to opensnitchd.xx for example (that will prevent from loading).
- Having no opensnitchd process running (pgrep opensnitchd), launch it manually and see if it exits with error or not.
- If you're executing it in a container, be sure to give the daemon NET_ADMIN capabilities.
*`Error while enabling probe descriptor for opensnitch_exec_probe: write /sys/kernel/debug/tracing/kprobe_events: no such file or directory` (the kernel does not have support for CONFIG_FTRACE, or it's not loaded)
*`iptables: Protocol wrong type for socket` (modules nf_defrag_ipv4, nf_conntrack_ipv4 not loaded)
*`Error opening Queue handle: protocol not supported` (nfnetlink module not loaded)
*`Could not open socket to kernel: Address family not supported by protocol (IPv6)`
*`Error while creating queue #0: Error unbinding existing q handler from AF_INET protocol` see [#323](https://github.com/evilsocket/opensnitch/issues/323) and [#204](https://github.com/evilsocket/opensnitch/issues/204).
Usually caused because the `nfnetlink_queue` module is not loaded. Verify if it's loaded: `~ $ lsomd | grep nfnetlink_queue`
Another reason could be because `ip_queue` module is loaded. If it's loaded, unload it.
*`Subscribing to GUI rpc error: code = ResourceExhausted desc = Received message larger than max (4210785 vs. 4194304)`
Usually caused by the amount of rules. If you have 10k to 20k rules, consider grouping the rules to reduce the amount of rules.
be sure that you have NFQUEUE support in the kernel (=y or =m):
This error indicates that the network hooks are already added, you'll need to delete them manually:
```bash
$ sudo su
# > /sys/kernel/debug/tracing/kprobe_events
```
If it complains with "resource busy" or similar, restart the daemon.
### Error while loading kprobes: invalid argument
> eBPF Failed to load /etc/opensnitchd/opensnitch.o: error while loading "kprobe/tcp_v4_connect" (invalid argument):
This error may indicate that your kernel doesn't have [ftrace](https://www.kernel.org/doc/html/latest/trace/ftrace.html) support, which is needed for eBPF to work.
CONFIG_FTRACE should be **y** and the directory `/sys/kernel/debug/tracing/` must exist.
Some users reported kernel panics with kernel 5.6.16 ([#297](https://github.com/evilsocket/opensnitch/issues/297)) and other kernels ([#41](https://github.com/evilsocket/opensnitch/issues/41)). deathtrip found that the culprit was a configuration of the Arch's [linux-hardened kernel](https://www.archlinux.org/packages/extra/x86_64/linux-hardened/) command line option.
