mirror of
https://github.com/evilsocket/opensnitch.git
synced 2025-03-04 00:24:40 +01:00
a4b7f57806
When using DoT or DoH opensnitch cannot intercept the dns packets. Therefore the UI always shows IP addresses instead of hostnames. To fix this issue an ebpf (uprobe) filter was created to hook getaddrinfo and gethostbyname calls. In order to be independent of libbcc an additional module was added to ebpf_prog. Without libbcc the libc function offsets must be resolved manually. In order to find the loaded glibc version some cgo code was added. |
||
|---|---|---|
| .. | ||
| arm-clang-asm-fix.patch | ||
| file.patch | ||
| Makefile | ||
| opensnitch-dns.c | ||
| opensnitch.c | ||
| README | ||
opensnitch.c is an eBPF program. Compilation requires getting kernel source. sudo apt install clang llvm libelf-dev libzip-dev flex bison libssl-dev bc rsync python3 cd opensnitch wget https://github.com/torvalds/linux/archive/v5.8.tar.gz tar -xf v5.8.tar.gz patch linux-5.8/tools/lib/bpf/bpf_helpers.h < ebpf_prog/file.patch cp ebpf_prog/opensnitch.c ebpf_prog/Makefile linux-5.8/samples/bpf cd linux-5.8 && yes "" | make oldconfig && make prepare && make headers_install # (1 min) cd samples/bpf && make objdump -h opensnitch.o #you should see many section, number 1 should be called kprobe/tcp_v4_connect llvm-strip -g opensnitch.o #remove debug info sudo cp opensnitch.o /etc/opensnitchd/ cd ../../../daemon --opensnitchd expects to find opensnitch.o in /etc/opensnitchd/ --start opensnitchd with: opensnitchd -rules-path /etc/opensnitchd/rules -process-monitor-method ebpf The kernel where you intend to run it must have some options activated: $ grep BPF /boot/config-$(uname -r) CONFIG_CGROUP_BPF=y CONFIG_BPF=y CONFIG_BPF_SYSCALL=y CONFIG_BPF_EVENTS=y CONFIG_KPROBES=y CONFIG_KPROBE_EVENTS=y