Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Sometimes appear eBPF warning messages after reboot. #868

Closed
Tandaran3 opened this issue Feb 28, 2023 · 18 comments
Closed

Sometimes appear eBPF warning messages after reboot. #868

Tandaran3 opened this issue Feb 28, 2023 · 18 comments

Comments

@Tandaran3
Copy link

Tandaran3 commented Feb 28, 2023
edited
Loading

Describe the bug
About once for ten reboots opensnitch show two warning messages about kernel incompatibility with eBPF. Despite this, opensnitch and gui works fine. If they did not appear immediately after reboot/cold start, then in the future during the high hours work they will not appear.

Include the following information:

  • OpenSnitch 1.6.0rc4/rc5
  • OS: Devuan 4.0
  • Version Chimaera
  • Window Manager: XFCE4
  • Kernel version: Linux devuan 5.10.0-21-amd64 1 SMP Debian 5.10.162-1 (2023-01-21) x86_64 GNU/Linux

To Reproduce
Whean DE fully loaded a few seconds after this, two warning messages appear.

Steps to reproduce the behavior:
Just reboot 10-15 times and messages appear.

Post error logs:
�[2m[2023-02-28 10:40:28]�[0m �[97m�[104m IMP �[0m Start writing logs to /var/log/opensnitchd.log
�[2m[2023-02-28 10:40:28]�[0m �[97m�[41m ERR �[0m
unable to load eBPF module (opensnitch.o). Your kernel version (5.10.0-21-amd64) might not be compatible.
If this error persists, change process monitor method to 'proc'
�[2m[2023-02-28 10:40:28]�[0m �[97m�[41m ERR �[0m [eBPF]:
unable to load eBPF module (opensnitch.o). Your kernel version (5.10.0-21-amd64) might not be compatible.
If this error persists, change process monitor method to 'proc'
�[2m[2023-02-28 10:40:28]�[0m �[97m�[43m WAR �[0m error starting ebpf monitor method:
unable to load eBPF module (opensnitch.o). Your kernel version (5.10.0-21-amd64) might not be compatible.
If this error persists, change process monitor method to 'proc'
�[2m[2023-02-28 10:40:28]�[0m �[97m�[43m WAR �[0m Unable to set new process monitor (ebpf) method from disk:
unable to load eBPF module (opensnitch.o). Your kernel version (5.10.0-21-amd64) might not be compatible.
If this error persists, change process monitor method to 'proc'
�[2m[2023-02-28 10:40:47]�[0m �[97m�[104m IMP �[0m UI connected, dispathing queued alerts: 0
�[2m[2023-02-28 10:40:47]�[0m �[97m�[43m WAR �[0m notification channel closed by the server
�[2m[2023-02-28 10:40:48]�[0m �[97m�[41m ERR �[0m Connection to the UI service lost.
�[2m[2023-02-28 10:40:49]�[0m �[97m�[104m IMP �[0m UI connected, dispathing queued alerts: 0

Screenshots
1
@Tandaran3 Tandaran3 changed the title Sometimes appear eBPF warning message after reboot. Sometimes appear eBPF warning messages after reboot. Feb 28, 2023
@gustavo-iniguez-goya
Copy link
Collaborator

Hi @Tandaran3 ,

Please, set log level to DEBUG under Preferences -> Nodes, reproduce the issue again and post the logs.
It'll offer more info on why is failing.

@Tandaran3
Copy link
Author

Sure. Sorry. I`m remove some IP for privacy purpose.

�[2m[2023-02-28 17:33:25]�[0m �[2m�[30m�[100m DBG �[0m ebpf module not found: open /etc/opensnitchd/opensnitch.o: no such file or directory, /etc/opensnitchd/opensnitch.o �[2m[2023-02-28 17:33:25]�[0m �[97m�[41m ERR �[0m unable to load eBPF module (opensnitch.o). Your kernel version (5.10.0-21-amd64) might not be compatible. If this error persists, change process monitor method to 'proc' �[2m[2023-02-28 17:33:25]�[0m �[97m�[41m ERR �[0m [eBPF]: unable to load eBPF module (opensnitch.o). Your kernel version (5.10.0-21-amd64) might not be compatible. If this error persists, change process monitor method to 'proc' �[2m[2023-02-28 17:33:25]�[0m �[97m�[43m WAR �[0m error starting ebpf monitor method: unable to load eBPF module (opensnitch.o). Your kernel version (5.10.0-21-amd64) might not be compatible. If this error persists, change process monitor method to 'proc' �[2m[2023-02-28 17:33:25]�[0m �[97m�[42m INF �[0m Process monitor method /proc �[2m[2023-02-28 17:33:25]�[0m �[97m�[43m WAR �[0m Unable to set new process monitor (ebpf) method from disk: unable to load eBPF module (opensnitch.o). Your kernel version (5.10.0-21-amd64) might not be compatible. If this error persists, change process monitor method to 'proc' �[2m[2023-02-28 17:33:25]�[0m �[2m�[30m�[100m DBG �[0m UI not connected, queueing alert: 0 �[2m[2023-02-28 17:33:25]�[0m �[97m�[42m INF �[0m Stats, max events: 25, max stats: 150, max workers: 6 �[2m[2023-02-28 17:33:25]�[0m �[2m�[30m�[100m DBG �[0m Starting 16 workers ... �[2m[2023-02-28 17:33:25]�[0m �[2m�[30m�[100m DBG �[0m Stats worker #4 started. �[2m[2023-02-28 17:33:25]�[0m �[2m�[30m�[100m DBG �[0m Stats worker #2 started. �[2m[2023-02-28 17:33:25]�[0m �[2m�[30m�[100m DBG �[0m Stats worker #3 started. �[2m[2023-02-28 17:33:25]�[0m �[2m�[30m�[100m DBG �[0m Worker #6 started. �[2m[2023-02-28 17:33:25]�[0m �[2m�[30m�[100m DBG �[0m Stats worker #5 started. �[2m[2023-02-28 17:33:25]�[0m �[2m�[30m�[100m DBG �[0m Worker #0 started. �[2m[2023-02-28 17:33:25]�[0m �[2m�[30m�[100m DBG �[0m Stats worker #1 started. �[2m[2023-02-28 17:33:25]�[0m �[2m�[30m�[100m DBG �[0m Worker #10 started. �[2m[2023-02-28 17:33:25]�[0m �[2m�[30m�[100m DBG �[0m Worker #4 started. �[2m[2023-02-28 17:33:25]�[0m �[2m�[30m�[100m DBG �[0m Worker #12 started. �[2m[2023-02-28 17:33:25]�[0m �[2m�[30m�[100m DBG �[0m Worker #13 started. �[2m[2023-02-28 17:33:25]�[0m �[2m�[30m�[100m DBG �[0m Worker #1 started. �[2m[2023-02-28 17:33:25]�[0m �[2m�[30m�[100m DBG �[0m Worker #2 started. �[2m[2023-02-28 17:33:25]�[0m �[2m�[30m�[100m DBG �[0m Worker #3 started. �[2m[2023-02-28 17:33:25]�[0m �[2m�[30m�[100m DBG �[0m Stats worker #0 started. �[2m[2023-02-28 17:33:25]�[0m �[2m�[30m�[100m DBG �[0m Worker #8 started. �[2m[2023-02-28 17:33:25]�[0m �[2m�[30m�[100m DBG �[0m Worker #9 started. �[2m[2023-02-28 17:33:25]�[0m �[2m�[30m�[100m DBG �[0m Worker #7 started. �[2m[2023-02-28 17:33:25]�[0m �[2m�[30m�[100m DBG �[0m Worker #5 started. �[2m[2023-02-28 17:33:25]�[0m �[2m�[30m�[100m DBG �[0m Worker #11 started. �[2m[2023-02-28 17:33:25]�[0m �[2m�[30m�[100m DBG �[0m Worker #14 started. �[2m[2023-02-28 17:33:25]�[0m �[2m�[30m�[100m DBG �[0m Worker #15 started. �[2m[2023-02-28 17:33:25]�[0m �[97m�[42m INF �[0m nftables config changed, reloading �[2m[2023-02-28 17:33:25]�[0m �[97m�[42m INF �[0m fw configuration loaded �[2m[2023-02-28 17:33:26]�[0m �[97m�[42m INF �[0m Using nftables firewall �[2m[2023-02-28 17:33:26]�[0m �[97m�[42m INF �[0m Running on netfilter queue #0 ... �[2m[2023-02-28 17:33:26]�[0m �[2m�[30m�[100m DBG �[0m UI not connected, queueing alert: 0 �[2m[2023-02-28 17:33:26]�[0m �[2m�[30m�[100m DBG �[0m UI service poller started for socket /tmp/osui.sock �[2m[2023-02-28 17:33:26]�[0m �[2m�[30m�[100m DBG �[0m ebpf module not found: open /usr/local/lib/opensnitchd/ebpf/opensnitch-dns.o: no such file or directory, /usr/local/lib/opensnitchd/ebpf/opensnitch-dns.o �[2m[2023-02-28 17:33:26]�[0m �[97m�[42m INF �[0m [eBPF] module loaded: /usr/lib/opensnitchd/ebpf/opensnitch-dns.o �[2m[2023-02-28 17:33:26]�[0m �[2m�[30m�[100m DBG �[0m dns worker initialized #1 �[2m[2023-02-28 17:33:26]�[0m �[2m�[30m�[100m DBG �[0m dns worker initialized #3 �[2m[2023-02-28 17:33:26]�[0m �[2m�[30m�[100m DBG �[0m dns worker initialized #0 �[2m[2023-02-28 17:33:26]�[0m �[2m�[30m�[100m DBG �[0m dns worker initialized #2 �[2m[2023-02-28 17:33:26]�[0m �[2m�[30m�[100m DBG �[0m dns worker initialized #4 �[2m[2023-02-28 17:33:27]�[0m �[2m�[30m�[100m DBG �[0m client.disconnect() �[2m[2023-02-28 17:33:28]�[0m �[2m�[30m�[100m DBG �[0m client.disconnect() �[2m[2023-02-28 17:33:29]�[0m �[2m�[30m�[100m DBG �[0m client.disconnect() �[2m[2023-02-28 17:33:30]�[0m �[2m�[30m�[100m DBG �[0m client.disconnect() �[2m[2023-02-28 17:33:31]�[0m �[2m�[30m�[100m DBG �[0m new connection tcp => XXXXX:XXX.XXX.XXX.XXX -> XXX.XXX.XXX.XXX ():XXX uid: 101 �[2m[2023-02-28 17:33:31]�[0m �[2m�[30m�[100m DBG �[0m client.disconnect() �[2m[2023-02-28 17:33:31]�[0m �[2m�[30m�[100m DBG �[0m [0/1] outgoing connection uid: 101, XXXXX:XXX.XXX.XXX.XXX -> XXX.XXX.XXX.XXX:XXX || netlink response: XXXXX:XXX.XXX.XXX.XXX -> XXX.XXX.XXX.XXX:XXXX inode: 15887 - loopback: false multicast: false unspecified: false linklocalunicast: false ifaceLocalMulticast: false GlobalUni: true �[2m[2023-02-28 17:33:31]�[0m �[2m�[30m�[100m DBG �[0m new pid lookup took (1599): 2.947216ms �[2m[2023-02-28 17:33:31]�[0m �[2m�[30m�[100m DBG �[0m [0] PID found 1599 [15887] �[2m[2023-02-28 17:33:31]�[0m �[2m�[30m�[100m DBG �[0m �[1m�[32m��[0m�[0m �[1m/XXX/XXX/XXX�[0m -> �[1mXXX.XXX.XXX.XXX�[0m:XXX (�[32mXXX�[0m) �[2m[2023-02-28 17:33:32]�[0m �[2m�[30m�[100m DBG �[0m client.disconnect() �[2m[2023-02-28 17:33:33]�[0m �[2m�[30m�[100m DBG �[0m client.disconnect() �[2m[2023-02-28 17:33:34]�[0m �[2m�[30m�[100m DBG �[0m client.disconnect() �[2m[2023-02-28 17:33:36]�[0m �[2m�[30m�[100m DBG �[0m client.disconnect() �[2m[2023-02-28 17:33:37]�[0m �[2m�[30m�[100m DBG �[0m client.disconnect() �[2m[2023-02-28 17:33:38]�[0m �[2m�[30m�[100m DBG �[0m client.disconnect() �[2m[2023-02-28 17:33:39]�[0m �[2m�[30m�[100m DBG �[0m client.disconnect() �[2m[2023-02-28 17:33:40]�[0m �[2m�[30m�[100m DBG �[0m client.disconnect() �[2m[2023-02-28 17:33:41]�[0m �[2m�[30m�[100m DBG �[0m client.disconnect() �[2m[2023-02-28 17:33:42]�[0m �[2m�[30m�[100m DBG �[0m client.disconnect() �[2m[2023-02-28 17:33:43]�[0m �[2m�[30m�[100m DBG �[0m client.disconnect() �[2m[2023-02-28 17:33:44]�[0m �[2m�[30m�[100m DBG �[0m client.disconnect() �[2m[2023-02-28 17:33:45]�[0m �[2m�[30m�[100m DBG �[0m client.disconnect() �[2m[2023-02-28 17:33:46]�[0m �[2m�[30m�[100m DBG �[0m client.disconnect() �[2m[2023-02-28 17:33:47]�[0m �[97m�[42m INF �[0m Connected to the UI service on /tmp/osui.sock �[2m[2023-02-28 17:33:47]�[0m �[97m�[104m IMP �[0m UI connected, dispathing queued alerts: 0 �[2m[2023-02-28 17:33:47]�[0m �[97m�[42m INF �[0m Start receiving notifications �[2m[2023-02-28 17:33:47]�[0m �[97m�[43m WAR �[0m notification channel closed by the server �[2m[2023-02-28 17:33:47]�[0m �[97m�[42m INF �[0m Stop receiving notifications �[2m[2023-02-28 17:33:47]�[0m �[2m�[30m�[100m DBG �[0m client.disconnect() �[2m[2023-02-28 17:33:48]�[0m �[97m�[41m ERR �[0m Connection to the UI service lost. �[2m[2023-02-28 17:33:49]�[0m �[97m�[42m INF �[0m Connected to the UI service on /tmp/osui.sock �[2m[2023-02-28 17:33:49]�[0m �[97m�[104m IMP �[0m UI connected, dispathing queued alerts: 0 �[2m[2023-02-28 17:33:49]�[0m �[97m�[42m INF �[0m Start receiving notifications

@gustavo-iniguez-goya
Copy link
Collaborator

Thank you @Tandaran3 ,

You can delete everything after the lines dns worker initialized , the logs I'm interested in are before that line.

I think there're some log lines missing, so could you empty the log (truncate -s0 /var/log/opensnitchd.log) and try again please?

there should be a few attempts to load the file opensnitch.o, like:
ebpf module not found: open /etc/opensnitchd/opensnitch.o

but from: /usr/local/lib/opensnitchd/ebpf/opensnitch.o

@Tandaran3
Copy link
Author

Here. I did "sudo truncate -s0 /var/log/opensnitchd.log ; sudo reboot" before have posibility reproduce bag.
Part 1

�[2m[2023-03-01 09:06:21]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 2013
�[2m[2023-03-01 09:06:21]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event inCache] -> 2013
�[2m[2023-03-01 09:06:21]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 2012
�[2m[2023-03-01 09:06:21]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event inCache] -> 2012
�[2m[2023-03-01 09:06:21]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exec event] ppid: 0, pid: 2014, /usr/bin/sudo -> [sudo reboot]
�[2m[2023-03-01 09:06:21]�[0m �[2m�[30m�[100m DBG �[0m (1) EBPF-DNS: LookupEvent 272 02000000 7f000001000000000000000000000000 64657675616e000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
�[2m[2023-03-01 09:06:21]�[0m �[2m�[30m�[100m DBG �[0m (1) EBPF-DNS: Tracking Resolved Message: devuan -> 127.0.0.1
�[2m[2023-03-01 09:06:21]�[0m �[2m�[30m�[100m DBG �[0m (4) EBPF-DNS: LookupEvent 272 02000000 7f000001000000000000000000000000 64657675616e000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
�[2m[2023-03-01 09:06:21]�[0m �[2m�[30m�[100m DBG �[0m (4) EBPF-DNS: Tracking Resolved Message: devuan -> 127.0.0.1
�[2m[2023-03-01 09:06:21]�[0m �[2m�[30m�[100m DBG �[0m (2) EBPF-DNS: LookupEvent 272 02000000 7f000001000000000000000000000000 64657675616e000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
�[2m[2023-03-01 09:06:21]�[0m �[2m�[30m�[100m DBG �[0m (2) EBPF-DNS: Tracking Resolved Message: devuan -> 127.0.0.1
�[2m[2023-03-01 09:06:21]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exec event] ppid: 0, pid: 2015, /sbin/reboot -> [reboot]
�[2m[2023-03-01 09:06:21]�[0m �[2m�[30m�[100m DBG �[0m [eBPF event inCache] -> 2015
�[2m[2023-03-01 09:06:21]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 2016
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 2004
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event inCache] -> 2004
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF event inCache] -> 2015
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 2015
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event inCache] -> 2015
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 1658
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event inCache] -> 1658
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 1660
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event inCache] -> 1660
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 1656
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event inCache] -> 1656
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 1659
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event inCache] -> 1659
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 1657
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event inCache] -> 1657
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 2014
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event inCache] -> 2014
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 1661
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event inCache] -> 1661
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exec event] ppid: 0, pid: 2017, /etc/init.d/rc -> [/etc/init.d/rc 6]
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exec event] ppid: 0, pid: 2018, /bin/stty -> [stty onlcr]
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 2018
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event inCache] -> 2018
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exec event] ppid: 0, pid: 2019, /bin/run-parts -> [run-parts --lsbsysinit --list /lib/lsb/init-functions.d]
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 2019
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event inCache] -> 2019
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exec event] ppid: 0, pid: 2020, /bin/grep -> [grep -wqs concurrency=none /proc/cmdline]
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 2020
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event inCache] -> 2020
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exec event] ppid: 0, pid: 2021, /bin/startpar -> [startpar -p 4 -t 20 -T 3 -M stop -P 2 -R 6]
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exec event] ppid: 0, pid: 2022, /etc/init.d/alsa-utils -> [/etc/rc6.d/K01alsa-utils stop]
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exec event] ppid: 0, pid: 2023, /etc/init.d/bluetooth -> [/etc/rc6.d/K01bluetooth stop]
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exec event] ppid: 0, pid: 2024, /etc/init.d/brightness -> [/etc/rc6.d/K01brightness stop]
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exec event] ppid: 0, pid: 2025, /etc/init.d/elogind -> [/etc/rc6.d/K01elogind stop]
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exec event] ppid: 0, pid: 2026, /etc/init.d/hddtemp -> [/etc/rc6.d/K01hddtemp stop]
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exec event] ppid: 0, pid: 2027, /etc/init.d/lvm2-lvmpolld -> [/etc/rc6.d/K01lvm2-lvmpolld stop]
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exec event] ppid: 0, pid: 2028, /etc/init.d/network-manager -> [/etc/rc6.d/K01network-manager stop]
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exec event] ppid: 0, pid: 2029, /etc/init.d/opensnitch -> [/etc/rc6.d/K01opensnitch stop]
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exec event] ppid: 0, pid: 2030, /etc/init.d/pulseaudio-enable-autospawn -> [/etc/rc6.d/K01pulseaudio-enable-autospawn stop]
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exec event] ppid: 0, pid: 2031, /etc/init.d/saned -> [/etc/rc6.d/K01saned stop]
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exec event] ppid: 0, pid: 2032, /etc/init.d/slim -> [/etc/rc6.d/K01slim stop]
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exec event] ppid: 0, pid: 2033, /etc/init.d/tor -> [/etc/rc6.d/K01tor stop]
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exec event] ppid: 0, pid: 2034, /etc/init.d/urandom -> [/etc/rc6.d/K01urandom stop]
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exec event] ppid: 0, pid: 2035, /etc/init.d/uuidd -> [/etc/rc6.d/K01uuidd stop]
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 2023
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event inCache] -> 2023
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exec event] ppid: 0, pid: 2037, /bin/run-parts -> [run-parts --lsbsysinit --list /lib/lsb/init-functions.d]
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 2037
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event inCache] -> 2037
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 2038
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 2044
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exec event] ppid: 0, pid: 2051, /usr/bin/tput -> [/usr/bin/tput hpa 60]
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 2051
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event inCache] -> 2051
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exec event] ppid: 0, pid: 2052, /bin/run-parts -> [run-parts --lsbsysinit --list /lib/lsb/init-functions.d]
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exec event] ppid: 0, pid: 2036, /bin/cat -> [cat /proc/cmdline]
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exec event] ppid: 0, pid: 2042, /bin/run-parts -> [run-parts --lsbsysinit --list /lib/lsb/init-functions.d]
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 2052
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event inCache] -> 2052
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exec event] ppid: 0, pid: 2054, /usr/bin/tput -> [/usr/bin/tput setaf 1]
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 2054
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event inCache] -> 2054
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exec event] ppid: 0, pid: 2057, /usr/bin/tput -> [/usr/bin/tput setaf 1]
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 2057
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event inCache] -> 2057
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exec event] ppid: 0, pid: 2059, /bin/run-parts -> [run-parts --lsbsysinit --list /lib/lsb/init-functions.d]
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 2036
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event inCache] -> 2036
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 2030
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event inCache] -> 2030
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 2042
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event inCache] -> 2042
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exec event] ppid: 0, pid: 2044, /sbin/start-stop-daemon -> [start-stop-daemon --stop --quiet --oknodo --pidfile /run/elogind.pid]
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exec event] ppid: 0, pid: 2038, /bin/run-parts -> [run-parts --lsbsysinit --list /lib/lsb/init-functions.d]
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exec event] ppid: 0, pid: 2056, /bin/run-parts -> [run-parts --lsbsysinit --list /lib/lsb/init-functions.d]
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 2056
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event inCache] -> 2056
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exec event] ppid: 0, pid: 2043, /usr/bin/basename -> [basename /usr/bin/slim]
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 1555
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 2059
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event inCache] -> 2059
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exec event] ppid: 0, pid: 2061, /usr/bin/tput -> [/usr/bin/tput setaf 3]
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 2061
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event inCache] -> 2061
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exec event] ppid: 0, pid: 2066, /usr/bin/tput -> [/usr/bin/tput op]
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exec event] ppid: 0, pid: 2065, /bin/run-parts -> [run-parts --lsbsysinit --list /lib/lsb/init-functions.d]
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exec event] ppid: 0, pid: 2058, /sbin/start-stop-daemon -> [start-stop-daemon --stop --retry 5 --quiet --pidfile /run/NetworkManager/NetworkManager.pid --exec /usr/sbin/NetworkManager]
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 2041
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exec event] ppid: 0, pid: 2039, /bin/run-parts -> [run-parts --lsbsysinit --list /lib/lsb/init-functions.d]
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 2043
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event inCache] -> 2043
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exec event] ppid: 0, pid: 2063, /usr/bin/basename -> [basename /usr/bin/slim]
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 2063
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event inCache] -> 2063
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exec event] ppid: 0, pid: 2069, /bin/sed -> [sed -e s/^-(.)/\1/]
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 2066
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event inCache] -> 2066
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 2065
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event inCache] -> 2065
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 2025
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event inCache] -> 2025
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exec event] ppid: 0, pid: 2074, /sbin/start-stop-daemon -> [start-stop-daemon --stop --oknodo --quiet --pidfile /var/run/saned.pid --retry 10 --exec /usr/sbin/saned]
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exec event] ppid: 0, pid: 2062, /bin/cat -> [cat /sys/class/backlight/acpi_video0/brightness]
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 2062
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event inCache] -> 2062
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 2074
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event inCache] -> 2074
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exec event] ppid: 0, pid: 2076, /usr/bin/tput -> [/usr/bin/tput hpa 60]
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 2026
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event inCache] -> 2026
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 2024
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event inCache] -> 2024
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exec event] ppid: 0, pid: 2060, /usr/sbin/alsactl -> [alsactl -E HOME=/run/alsa -E XDG_RUNTIME_DIR= store]
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 1427
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 2068
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 2069
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event inCache] -> 2069
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exec event] ppid: 0, pid: 2041, /usr/bin/which -> [which amixer]
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 2064
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 2039
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event inCache] -> 2039
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exec event] ppid: 0, pid: 2073, /bin/sed -> [sed -e s/^SIG(.)/\1/]
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 2073
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event inCache] -> 2073
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exec event] ppid: 0, pid: 2075, /sbin/start-stop-daemon -> [/sbin/start-stop-daemon --stop --retry 5 --quiet --name uuidd --pidfile /run/uuidd/uuidd.pid]
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 2072
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 1585
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 2071
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exec event] ppid: 0, pid: 2077, /usr/lib/dbus-1.0/dbus-daemon-launch-helper -> [/usr/lib/dbus-1.0/dbus-daemon-launch-helper org.freedesktop.nm_dispatcher]
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 1587
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exec event] ppid: 0, pid: 2077, /usr/lib/NetworkManager/nm-dispatcher -> [/usr/lib/NetworkManager/nm-dispatcher]
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 2076
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event inCache] -> 2076
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 1555
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exec event] ppid: 0, pid: 2040, /bin/run-parts -> [run-parts --lsbsysinit --list /lib/lsb/init-functions.d]
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exec event] ppid: 0, pid: 2055, /bin/cat -> [cat /proc/sys/kernel/random/poolsize]
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exec event] ppid: 0, pid: 2045, /bin/run-parts -> [run-parts --lsbsysinit --list /lib/lsb/init-functions.d]
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 2053
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 2045
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event inCache] -> 2045
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 2040
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event inCache] -> 2040
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exec event] ppid: 0, pid: 2078, /usr/bin/tput -> [/usr/bin/tput setaf 1]
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exec event] ppid: 0, pid: 2079, /sbin/start-stop-daemon -> [start-stop-daemon --stop --quiet --pidfile /var/run/slim.lock --name slim --retry TERM/5/TERM/5]
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exec event] ppid: 0, pid: 2083, /usr/bin/basename -> [basename /etc/init.d/lvm2-lvmpolld]
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exec event] ppid: 0, pid: 2053, /bin/cat -> [cat /proc/cmdline]
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exec event] ppid: 0, pid: 2067, /bin/run-parts -> [run-parts --lsbsysinit --list /lib/lsb/init-functions.d]
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 2060
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event inCache] -> 2060
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 2067
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event inCache] -> 2067
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exec event] ppid: 0, pid: 2081, /sbin/start-stop-daemon -> [start-stop-daemon --stop --quiet --signal QUIT --name opensnitchd]
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 2083
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event inCache] -> 2083
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 1860
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event inCache] -> 1860
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exec event] ppid: 0, pid: 2086, /bin/sleep -> [sleep 1]
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 1860
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m Lost ebpf events: 2
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 1849
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exec event] ppid: 0, pid: 2085, /usr/bin/tput -> [/usr/bin/tput setaf 1]
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 2078
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event inCache] -> 2078
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 1804
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event inCache] -> 1804
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exec event] ppid: 0, pid: 2089, /usr/bin/tput -> [/usr/bin/tput setaf 3]
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 1555
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 1690
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 1555
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 2089
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event inCache] -> 2089
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 1555
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 2091
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exec event] ppid: 0, pid: 2092, /usr/bin/tput -> [/usr/bin/tput hpa 60]
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exec event] ppid: 0, pid: 2095, /usr/bin/tput -> [/usr/bin/tput setaf 1]
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exec event] ppid: 0, pid: 2096, /sbin/start-stop-daemon -> [start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec /sbin/lvmpolld]
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exec event] ppid: 0, pid: 2097, /usr/bin/tput -> [/usr/bin/tput setaf 1]
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 2097
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event inCache] -> 2097
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exec event] ppid: 0, pid: 2091, /bin/cat -> [cat /proc/cmdline]
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exec event] ppid: 0, pid: 2098, /usr/bin/tput -> [/usr/bin/tput setaf 3]
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exec event] ppid: 0, pid: 2099, /bin/rm -> [rm -f /run/lvmpolld.pid]
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 2092
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event inCache] -> 2092
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exec event] ppid: 0, pid: 2100, /usr/bin/tput -> [/usr/bin/tput hpa 60]
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 2085
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event inCache] -> 2085
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 2100
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event inCache] -> 2100
�[2m[2023-03-01 09:06:22]�[0m �[97m�[41m ERR �[0m getting notifications: rpc error: code = Unavailable desc = transport is closing
�[2m[2023-03-01 09:06:22]�[0m �[97m�[42m INF �[0m Stop receiving notifications
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m client.disconnect()

�[2m[2023-03-01 09:06:22]�[0m �[97m�[104m IMP �[0m Got signal: quit
�[2m[2023-03-01 09:06:22]�[0m �[97m�[42m INF �[0m Cleaning up ...
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m stop monitoring firewall config file
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 2099
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event inCache] -> 2099
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 1936
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 1925
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event inCache] -> 1925
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 1910
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event inCache] -> 1910
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 1910
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 1863
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 1863
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 1862
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 1860
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 1860
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exec event] ppid: 0, pid: 2102, /usr/bin/tput -> [/usr/bin/tput setaf 1]
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 1860
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m worker channel closed 6
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m worker #6 exit
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m worker channel closed 15
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m worker #15 exit
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m worker channel closed 14
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m worker #14 exit
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m worker channel closed 13
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m worker #13 exit
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m worker channel closed 11
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m worker #11 exit
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m worker channel closed 12
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m worker #12 exit
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m worker channel closed 9
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m worker #9 exit
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m worker channel closed 8
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m worker #8 exit
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m worker channel closed 7
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m worker #7 exit
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m worker channel closed 10
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m worker #10 exit
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m worker channel closed 5
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m worker #5 exit
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m worker channel closed 2
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m worker #2 exit
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 2102
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m worker channel closed 1
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m worker #1 exit
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m worker channel closed 0
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m worker #0 exit
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m worker channel closed 4
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m worker #4 exit
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m worker channel closed 3
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m worker #3 exit
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 1912
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event inCache] -> 1912
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event inCache] -> 2102
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 1860
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 1849
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 1860
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 1804
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 2081
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event inCache] -> 2081
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 2087
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 2075
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event inCache] -> 2075
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exec event] ppid: 0, pid: 2087, /usr/bin/basename -> [basename /sbin/lvmpolld]
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exec event] ppid: 0, pid: 2090, /bin/sleep -> [sleep 1]
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 2093
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 2031
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event inCache] -> 2031
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 1860
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exec event] ppid: 0, pid: 2094, /sbin/start-stop-daemon -> [start-stop-daemon --stop --quiet --oknodo --retry=TERM/30/KILL/5 --pidfile /run/lvmpolld.pid --name lvmpolld --exec /sbin/lvmpolld]
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 1441
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exec event] ppid: 0, pid: 2093, /usr/bin/tput -> [/usr/bin/tput op]
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 2094
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event inCache] -> 2094
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 2005
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 2005
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 2095
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event inCache] -> 2095
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 2005
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 1863
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 2005
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 1860
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 1860
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 2096
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event inCache] -> 2096
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 1860
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 1860
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 1860
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 1860
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 1849
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 1862
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 1860
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 1804
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 1845
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 1845
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 1909
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exec event] ppid: 0, pid: 2103, /usr/bin/tput -> [/usr/bin/tput setaf 1]
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 1906
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event inCache] -> 1906
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 1911
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event inCache] -> 1911
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 1892
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event inCache] -> 1892
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 1860
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 1857
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event inCache] -> 1857
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 1860
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 1845
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 1860
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF event inCache] -> 1873
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF event inCache] -> 1873
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF event inCache] -> 1873
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 1882
�[2m[2023-03-01 09:06:22]�[0m �[97m�[42m INF �[0m exit checking firewall rules
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 1882
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 1882
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 1892
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 1904
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event inCache] -> 1904
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 1906
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 1892
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 1909
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m perfMap goroutine exited #3
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 1909
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m perfMap goroutine exited #2
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 1906
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 1909
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 1910
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 1911
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 1911
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m perfMap goroutine exited #0
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 1862
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [eBPF exit event] -> 1912
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m perfMap goroutine exited #1
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [ebpf] tcp6 map: 0 active items
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [ebpf] udp map: 0 active items
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [ebpf] udp6 map: 0 active items
�[2m[2023-03-01 09:06:22]�[0m �[2m�[30m�[100m DBG �[0m [ebpf] tcp map: 0 active items
�[2m[2023-03-01 09:06:23]�[0m �[97m�[42m INF �[0m Client.poller() exit, Done()
�[2m[2023-03-01 09:06:23]�[0m �[97m�[42m INF �[0m uiClient exit
�[2m[2023-03-01 09:06:27]�[0m �[97m�[43m WAR �[0m queue stuck, closing by timeout
�[2m[2023-03-01 09:06:27]�[0m �[97m�[43m WAR �[0m Queue.destroy(), nfq_close() not closed: -1
�[2m[2023-03-01 09:06:53]�[0m �[97m�[104m IMP �[0m Start writing logs to /var/log/opensnitchd.log
�[2m[2023-03-01 09:06:53]�[0m �[2m�[30m�[100m DBG �[0m ebpf module not found: open /usr/local/lib/opensnitchd/ebpf/opensnitch.o: no such file or directory, /usr/local/lib/opensnitchd/ebpf/opensnitch.o
�[2m[2023-03-01 09:06:53]�[0m �[2m�[30m�[100m DBG �[0m ebpf module not found: error while loading "kretprobe/tcp_v4_connect" (resource temporarily unavailable):
processed 1 insns (limit 1000000) max_states_per_insn 0 total_states 0 peak_states 0 mark_read 0
��14
3: (7b) *(u64 *)(r10 -16) = r0
4: (bf) r2 = r10
5: (07) r2 += -16
6: (bf) r3 = r10
7: (07) r3 += -8
8: (18) r1 = 0xffff8fa284960c00
10: (b7) r4 = 0
11: (85) call bpf_map_update_elem#2
12: (b7) r0 = 0
13: (95) exit

@Tandaran3
Copy link
Author

Part 2

�[2m[2023-03-01 09:06:53]�[0m �[2m�[30m�[100m DBG �[0m ebpf module not found: open /etc/opensnitchd/opensnitch.o: no such file or directory, /etc/opensnitchd/opensnitch.o
�[2m[2023-03-01 09:06:53]�[0m �[97m�[41m ERR �[0m
unable to load eBPF module (opensnitch.o). Your kernel version (5.10.0-21-amd64) might not be compatible.
If this error persists, change process monitor method to 'proc'
�[2m[2023-03-01 09:06:53]�[0m �[97m�[41m ERR �[0m [eBPF]:
unable to load eBPF module (opensnitch.o). Your kernel version (5.10.0-21-amd64) might not be compatible.
If this error persists, change process monitor method to 'proc'
�[2m[2023-03-01 09:06:53]�[0m �[97m�[43m WAR �[0m error starting ebpf monitor method:
unable to load eBPF module (opensnitch.o). Your kernel version (5.10.0-21-amd64) might not be compatible.
If this error persists, change process monitor method to 'proc'
�[2m[2023-03-01 09:06:53]�[0m �[97m�[42m INF �[0m Process monitor method /proc
�[2m[2023-03-01 09:06:53]�[0m �[97m�[43m WAR �[0m Unable to set new process monitor (ebpf) method from disk:
unable to load eBPF module (opensnitch.o). Your kernel version (5.10.0-21-amd64) might not be compatible.
If this error persists, change process monitor method to 'proc'
�[2m[2023-03-01 09:06:53]�[0m �[2m�[30m�[100m DBG �[0m UI not connected, queueing alert: 0
�[2m[2023-03-01 09:06:53]�[0m �[97m�[42m INF �[0m Stats, max events: 25, max stats: 150, max workers: 6
�[2m[2023-03-01 09:06:53]�[0m �[2m�[30m�[100m DBG �[0m Starting 16 workers ...
�[2m[2023-03-01 09:06:53]�[0m �[2m�[30m�[100m DBG �[0m Worker #0 started.
�[2m[2023-03-01 09:06:53]�[0m �[2m�[30m�[100m DBG �[0m Worker #15 started.
�[2m[2023-03-01 09:06:53]�[0m �[2m�[30m�[100m DBG �[0m Stats worker #1 started.
�[2m[2023-03-01 09:06:53]�[0m �[2m�[30m�[100m DBG �[0m Worker #2 started.
�[2m[2023-03-01 09:06:53]�[0m �[2m�[30m�[100m DBG �[0m Worker #1 started.
�[2m[2023-03-01 09:06:53]�[0m �[2m�[30m�[100m DBG �[0m Stats worker #0 started.
�[2m[2023-03-01 09:06:53]�[0m �[2m�[30m�[100m DBG �[0m Worker #11 started.
�[2m[2023-03-01 09:06:53]�[0m �[2m�[30m�[100m DBG �[0m Worker #13 started.
�[2m[2023-03-01 09:06:53]�[0m �[2m�[30m�[100m DBG �[0m Worker #8 started.
�[2m[2023-03-01 09:06:53]�[0m �[2m�[30m�[100m DBG �[0m Worker #14 started.
�[2m[2023-03-01 09:06:53]�[0m �[2m�[30m�[100m DBG �[0m Worker #10 started.
�[2m[2023-03-01 09:06:53]�[0m �[2m�[30m�[100m DBG �[0m Worker #3 started.
�[2m[2023-03-01 09:06:53]�[0m �[2m�[30m�[100m DBG �[0m Worker #4 started.
�[2m[2023-03-01 09:06:53]�[0m �[2m�[30m�[100m DBG �[0m Worker #5 started.
�[2m[2023-03-01 09:06:53]�[0m �[2m�[30m�[100m DBG �[0m Worker #6 started.
�[2m[2023-03-01 09:06:53]�[0m �[2m�[30m�[100m DBG �[0m Stats worker #2 started.
�[2m[2023-03-01 09:06:53]�[0m �[2m�[30m�[100m DBG �[0m Stats worker #3 started.
�[2m[2023-03-01 09:06:53]�[0m �[2m�[30m�[100m DBG �[0m Stats worker #4 started.
�[2m[2023-03-01 09:06:53]�[0m �[2m�[30m�[100m DBG �[0m Stats worker #5 started.
�[2m[2023-03-01 09:06:53]�[0m �[2m�[30m�[100m DBG �[0m Worker #12 started.
�[2m[2023-03-01 09:06:53]�[0m �[2m�[30m�[100m DBG �[0m Worker #9 started.
�[2m[2023-03-01 09:06:53]�[0m �[2m�[30m�[100m DBG �[0m Worker #7 started.
�[2m[2023-03-01 09:06:53]�[0m �[97m�[42m INF �[0m nftables config changed, reloading
�[2m[2023-03-01 09:06:53]�[0m �[97m�[42m INF �[0m fw configuration loaded
�[2m[2023-03-01 09:06:54]�[0m �[97m�[42m INF �[0m Using nftables firewall
�[2m[2023-03-01 09:06:54]�[0m �[97m�[42m INF �[0m Running on netfilter queue #0 ...
�[2m[2023-03-01 09:06:54]�[0m �[2m�[30m�[100m DBG �[0m ebpf module not found: open /usr/local/lib/opensnitchd/ebpf/opensnitch-dns.o: no such file or directory, /usr/local/lib/opensnitchd/ebpf/opensnitch-dns.o
�[2m[2023-03-01 09:06:54]�[0m �[2m�[30m�[100m DBG �[0m UI not connected, queueing alert: 0
�[2m[2023-03-01 09:06:54]�[0m �[2m�[30m�[100m DBG �[0m UI service poller started for socket /tmp/osui.sock
�[2m[2023-03-01 09:06:54]�[0m �[97m�[42m INF �[0m [eBPF] module loaded: /usr/lib/opensnitchd/ebpf/opensnitch-dns.o

@Maziar123
Copy link

I have same problem in arch linux & Manjaro with kernel 6.1

@gustavo-iniguez-goya
Copy link
Collaborator

thank you @Tandaran3 ! this is the error:

ebpf module not found: error while loading "kretprobe/tcp_v4_connect" (resource temporarily unavailable):
processed 1 insns (limit 1000000) max_states_per_insn 0 total_states 0 peak_states 0 mark_read 0

3: (7b) *(u64 *)(r10 -16) = r0
4: (bf) r2 = r10
5: (07) r2 += -16
6: (bf) r3 = r10
7: (07) r3 += -8
8: (18) r1 = 0xffff8fa284960c00
10: (b7) r4 = 0
11: (85) call bpf_map_update_elem#2
12: (b7) r0 = 0
13: (95) exit

I'll try to reproduce it.

@Maziar123 , without logs, it's hard to determine if your problem is the same than this issue (different distro, different kernel)

@gustavo-iniguez-goya
Copy link
Collaborator

I've rebooted my Devuan Chimaera like 40 times, and it hasn't failed not a single time :(
It also worked on Manjaro (kernel 5.15.x)

If I remember correctly (with v1.4.x), this issue ("kretprobe/tcp_v4_connect" (resource temporarily unavailable) used to happen when stopping the daemon. But never when booting up the computer.

@Tandaran3
Copy link
Author

Maybe you dig in a wrong place? I believe that "kretprobe/tcp_v4_connect" debag code that you think the problem, arose before last reboot, before appearing bug.
Apparmor with apparmor-profiles-extra may conflict with opensnitch? I will try later fully remove apparmor and reproduce problem. @Maziar123 do you use apparmor? I

@red-gecko27
Copy link

Same issue in archlinux 6.3.9-arch1-1 after update opensnitch from 1.5.8-1 to 1.6.0-1

[2023-06-23 13:02:56]  IMP  Start writing logs to /var/log/opensnitchd.log
[2023-06-23 13:02:56]  DBG  ebpf module not found: open /usr/local/lib/opensnitchd/ebpf/opensnitch.o: no such file or directory, /usr/local/lib/opensnitchd/ebpf/opensnitch.o
[2023-06-23 13:02:56]  DBG  ebpf module not found: open /usr/lib/opensnitchd/ebpf/opensnitch.o: no such file or directory, /usr/lib/opensnitchd/ebpf/opensnitch.o
[2023-06-23 13:02:56]  DBG  ebpf module not found: open /etc/opensnitchd/opensnitch.o: no such file or directory, /etc/opensnitchd/opensnitch.o
[2023-06-23 13:02:56]  ERR  
unable to load eBPF module (opensnitch.o). Your kernel version (6.3.9-arch1-1) might not be compatible.
If this error persists, change process monitor method to 'proc'
[2023-06-23 13:02:56]  ERR  [eBPF]: 
unable to load eBPF module (opensnitch.o). Your kernel version (6.3.9-arch1-1) might not be compatible.
If this error persists, change process monitor method to 'proc'
[2023-06-23 13:02:56]  WAR  error starting ebpf monitor method: 
unable to load eBPF module (opensnitch.o). Your kernel version (6.3.9-arch1-1) might not be compatible.
If this error persists, change process monitor method to 'proc'
[2023-06-23 13:02:56]  INF  Process monitor method /proc
[2023-06-23 13:02:56]  WAR  Unable to set new process monitor (ebpf) method from disk: 
unable to load eBPF module (opensnitch.o). Your kernel version (6.3.9-arch1-1) might not be compatible.
If this error persists, change process monitor method to 'proc'
[2023-06-23 13:02:56]  IMP  Start writing logs to /var/log/opensnitchd.log
[2023-06-23 13:02:56]  DBG  ebpf module not found: open /usr/local/lib/opensnitchd/ebpf/opensnitch.o: no such file or directory, /usr/local/lib/opensnitchd/ebpf/opensnitch.o
[2023-06-23 13:02:56]  DBG  ebpf module not found: open /usr/lib/opensnitchd/ebpf/opensnitch.o: no such file or directory, /usr/lib/opensnitchd/ebpf/opensnitch.o
[2023-06-23 13:02:56]  DBG  ebpf module not found: open /etc/opensnitchd/opensnitch.o: no such file or directory, /etc/opensnitchd/opensnitch.o
[2023-06-23 13:02:56]  ERR  
unable to load eBPF module (opensnitch.o). Your kernel version (6.3.9-arch1-1) might not be compatible.
If this error persists, change process monitor method to 'proc'
[2023-06-23 13:02:56]  ERR  [eBPF]: 
unable to load eBPF module (opensnitch.o). Your kernel version (6.3.9-arch1-1) might not be compatible.
If this error persists, change process monitor method to 'proc'
[2023-06-23 13:02:56]  WAR  error starting ebpf monitor method: 
unable to load eBPF module (opensnitch.o). Your kernel version (6.3.9-arch1-1) might not be compatible.
If this error persists, change process monitor method to 'proc'
[2023-06-23 13:02:56]  INF  Process monitor method /proc
[2023-06-23 13:02:56]  WAR  Unable to set new process monitor (ebpf) method from disk: 
unable to load eBPF module (opensnitch.o). Your kernel version (6.3.9-arch1-1) might not be compatible.
If this error persists, change process monitor method to 'proc'

@ra1nb0w
Copy link

ra1nb0w commented Jun 30, 2023

Same issue with archlinux 6.1.35-1-lts after upgrading to 1.6.0

@fractalf
Copy link

fractalf commented Jul 4, 2023

Same here..

[2023-07-04 18:32:24]  IMP  Start writing logs to /var/log/opensnitchd.log
[2023-07-04 18:32:24]  ERR  
unable to load eBPF module (opensnitch.o). Your kernel version (6.3.3.15.realtime2-1-rt) might not be compatible.
If this error persists, change process monitor method to 'proc'
[2023-07-04 18:32:24]  ERR  [eBPF]: 
unable to load eBPF module (opensnitch.o). Your kernel version (6.3.3.15.realtime2-1-rt) might not be compatible.
If this error persists, change process monitor method to 'proc'
[2023-07-04 18:32:24]  WAR  error starting ebpf monitor method: 
unable to load eBPF module (opensnitch.o). Your kernel version (6.3.3.15.realtime2-1-rt) might not be compatible.
If this error persists, change process monitor method to 'proc'
[2023-07-04 18:32:24]  WAR  Unable to set new process monitor (ebpf) method from disk: 
unable to load eBPF module (opensnitch.o). Your kernel version (6.3.3.15.realtime2-1-rt) might not be compatible.
If this error persists, change process monitor method to 'proc'
[2023-07-04 18:32:24]  ERR  [eBPF DNS]: 
unable to load eBPF module (opensnitch-dns.o). Your kernel version (6.3.3.15.realtime2-1-rt) might not be compatible.
If this error persists, change process monitor method to 'proc'
[2023-07-04 18:32:24]  WAR  EBPF-DNS: Unable to attach ebpf listener: 
unable to load eBPF module (opensnitch-dns.o). Your kernel version (6.3.3.15.realtime2-1-rt) might not be compatible.
If this error persists, change process monitor method to 'proc'
[2023-07-04 18:33:35]  IMP  UI connected, dispathing queued alerts: 0
[2023-07-04 18:33:35]  WAR  notification channel closed by the server
[2023-07-04 18:33:36]  ERR  Connection to the UI service lost.
[2023-07-04 18:33:37]  IMP  UI connected, dispathing queued alerts: 0
$ opensnitchd --version
1.6.0

$ neofetch --off 
alf@studio 
---------- 
OS: EndeavourOS Linux x86_64 
Host: B650 GAMING X AX 
Kernel: 6.3.3.15.realtime2-1-rt 
Uptime: 17 mins 
Packages: 986 (pacman) 
Shell: zsh 5.9 
Resolution: 1920x1200, 1920x1200 
DE: Cinnamon 5.8.3 
WM: Mutter (Muffin) 
WM Theme: CBlack (Adwaita) 
Theme: CBlack [GTK2/3] 
Icons: Adwaita [GTK2/3] 
Terminal: terminator 
CPU: AMD Ryzen 7 7700 (16) @ 3.800GHz 
GPU: AMD ATI 0f:00.0 Raphael 
Memory: 1849MiB / 31238MiB

@gustavo-iniguez-goya
Copy link
Collaborator

according to @red-gecko27's logs, the ebpf modules are not installed:

[2023-06-23 13:02:56]  DBG  ebpf module not found: open /usr/local/lib/opensnitchd/ebpf/opensnitch.o: no such file or directory, /usr/local/lib/opensnitchd/ebpf/opensnitch.o
[2023-06-23 13:02:56]  DBG  ebpf module not found: open /usr/lib/opensnitchd/ebpf/opensnitch.o: no such file or directory, /usr/lib/opensnitchd/ebpf/opensnitch.o
[2023-06-23 13:02:56]  DBG  ebpf module not found: open /etc/opensnitchd/opensnitch.o: no such file or directory, /etc/opensnitchd/opensnitch.o

You need those modules in order ebpf to work.

@gustavo-iniguez-goya
Copy link
Collaborator

You can download precompiled modules from the github Action (at the bottom of the page, opensnitch-ebpf-modules-6.0-master): https://github.com/evilsocket/opensnitch/actions/runs/5322202159

And copy the modules to /usr/lib/opensnitchd/ebpf/ (create the dirs if they don't exist).

@fractalf
Copy link

@gustavo-iniguez-goya Thanks, that worked very well for me

@jiripospisil
Copy link

If you're on Arch Linux, you need to install opensnitch-ebpf-module from AUR to make ebpf work (no idea why it's not part of the official package, seems broken).

$ pacman -Ql opensnitch-ebpf-module
opensnitch-ebpf-module /usr/
opensnitch-ebpf-module /usr/lib/
opensnitch-ebpf-module /usr/lib/opensnitchd/
opensnitch-ebpf-module /usr/lib/opensnitchd/ebpf/
opensnitch-ebpf-module /usr/lib/opensnitchd/ebpf/opensnitch-dns.o
opensnitch-ebpf-module /usr/lib/opensnitchd/ebpf/opensnitch-procs.o
opensnitch-ebpf-module /usr/lib/opensnitchd/ebpf/opensnitch.o

@fractalf
Copy link

@jiripospisil
Nice, even better! Then I can just use yay/pacman. Weird that this "suddenly" happened after some update a few weeks back, but who cares as long as it works! Will put this into my Brain Notes (tm) .
Thanks :)

@gustavo-iniguez-goya
Copy link
Collaborator

I've changed the behaviour to send 2 errors: one if the module is not found in any of the paths, and another one if there have been any errors loading the module.

Hopefully it'll help users to identify better what went wrong. Thank you everyone!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@jiripospisil @ra1nb0w @gustavo-iniguez-goya @fractalf @Maziar123 @red-gecko27 @Tandaran3