Skip to content

Use kernel build system to build EBPF prog #1422

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
daym wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Use kernel build system to build EBPF prog #1422

daym wants to merge 1 commit into from

Conversation

@daym
Copy link

@daym daym commented Sep 3, 2025
edited
Loading

It's probably easier to use the Linux kernel build system to build EBPF modules that will be run by the Linux kernel.

That's what this PR does.

I tried to keep clang and lld, though no idea whether it's required. And it certainly takes a lot of flag patching then, and introduces risk that clang and whatever Linux was built with dont agree on the ABI.

@daym daym force-pushed the ebpf branch 2 times, most recently from 16704ad to 837a3cc Compare September 3, 2025 21:31
@gustavo-iniguez-goya
Copy link
Collaborator

gustavo-iniguez-goya commented Sep 11, 2025

hi @daym , thanks for this proposal.

Unless the PR adds new interesting functionality or solves an issue, I'm usually reluctant to change things just because. Maybe the Makefile is not beautiful, but it works for compiling the modules on all the architectures Debian support.

So the first question is in what architectures have you tested your changes. We need to support the existing array or archs.

On the other hand, the Makefile seems to have a problem with the double backslash \\:

~ $ make KERNEL_DIR=../linux-6.0/ KERNEL_HEADERS=../linux-6.0/ ARCH=x86
Makefile:22: *** recipe commences before first target.  Stop.

Once fixed, it fails to compile:

~ $ make V=1 KERNEL_DIR=../linux-6.0/ KERNEL_HEADERS=../linux-6.0/ ARCH=x86
make -C ../linux-6.0/ M=/opensnitch/ebpf_prog CC=clang
make[1]: Entering directory '/opensnitch/linux-6.0'
echo >&2;							\
echo >&2 "  ERROR: Kernel configuration is invalid.";		\
echo >&2 "         include/generated/autoconf.h or include/config/auto.conf are missing.";\
echo >&2 "         Run 'make oldconfig && make prepare' on kernel src to fix it.";	\
echo >&2 ;							\
/bin/false)
warning: the compiler differs from the one used to build the kernel
  The kernel was built by: gcc (Debian 10.2.1-6) 10.2.1 20210110
  You are using:           Debian clang version 11.0.1-2
WARNING: Symbol version dump "Module.symvers" is missing.
         Modules may not have dependencies or modversions.
         You may get many unresolved symbol warnings.
  MODPOST /opensnitch/ebpf_prog/Module.symvers
make[1]: Leaving directory '/opensnitch/linux-6.0'

This is a pbuilder chroot, i686 arch. Other compilation scenarios are lxc containers for example.
We also generally use kernels downloaded from kernel.org, not only the ones of the distributions.

@daym
Copy link
Author

daym commented Sep 12, 2025
edited
Loading

Hi, the background is we are trying to package opensnitch for GNU Guix, see https://codeberg.org/guix/guix/pulls/2368

The reason why we even touched it is because it's including kernel headers using manual -I. This way, you wouldn't notice if the build flags changed because the kernel config did. Do you run without kernel config in the master version? How? Do the kernel headers even work without config?

@blshkv
Copy link

blshkv commented Nov 3, 2025

#712
I tried and failed to convince the author. FYI

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@daym @gustavo-iniguez-goya @blshkv