On the previus commit we just disabled dns uprobes for armhf/i386 to
avoid loading errors. A better fix is to initialized the structs used.
On armhf still fails after loading it, when attaching to the uprobes
(offsets?), and on i386 it doesn't seem to send anything to userspace
(more analysis needed).
- Increased the number of IPs associated with a domain that are
delivered to userspace. (getfedora.org returns 30 ipv4+ipv6).
- Fixed getting the aliases of a domain when using gethostbyname().
The opensnitch-dns module was not loading on i386/arm architectures.
With the following changes it loads and some uprobes are attached.
for-loops unrolling doesn't still work though on i386/armhf (help
needed).
And on armhf the perf_output channel fails to load for some uprobes.
We were not deleting DNS entries from the hash map, so when it reached
the maximum capacity (12k entries), we couldn't allocate new entries,
resulting in events not being sent to userspace.
- Don't rename libbpf's bpf_map_def struct, and distribute the needed bpf
headers.
The bpf_map_def struct has been deprecated for quite some time now,
and it was been removed on >= 6.2 anyway.
We still need it, because we use gobpf.
- Improved compilation behaviour:
- We don't require the kernel sources anymore. We can just use the
kernel headers from the distribution.
- There's no need to copy the sources to the kernel tree, the modules
can be compiled from the ebpf_prog/ dir.
- Compiling against kernels 6.x seems to solve the problem we had with
VPNs, where connections were not intercepted with modules compiled
against 5.8, on kernels >= 5.19.
The modules has been tested on kernels 4.17, 5.4, 5.10, 5.15, 6.1 and
6.2 (kernel connections included).
Closes: #939
When using DoT or DoH opensnitch cannot intercept the dns packets.
Therefore the UI always shows IP addresses instead of hostnames. To fix
this issue an ebpf (uprobe) filter was created to hook getaddrinfo and
gethostbyname calls.
In order to be independent of libbcc an additional module was added to
ebpf_prog. Without libbcc the libc function offsets must be resolved
manually. In order to find the loaded glibc version some cgo code was
added.
