From 3545837a0cbbc59603d1dc31b84988cf6c95dd8c Mon Sep 17 00:00:00 2001
From: Kai-Chun Ning <kaichun.ning@gmail.com>
Date: Wed, 1 Mar 2023 22:54:05 +0000
Subject: [PATCH] app-admin/opensnitch-ebpf-module: add new package

Signed-off-by: Kai-Chun Ning <kaichun.ning@gmail.com>
---
 app-admin/opensnitch-ebpf-module/Manifest     |  2 +
 .../opensnitch-ebpf-module-1.5.8.ebuild       | 92 +++++++++++++++++++
 2 files changed, 94 insertions(+)
 create mode 100644 app-admin/opensnitch-ebpf-module/Manifest
 create mode 100644 app-admin/opensnitch-ebpf-module/opensnitch-ebpf-module-1.5.8.ebuild

diff --git a/app-admin/opensnitch-ebpf-module/Manifest b/app-admin/opensnitch-ebpf-module/Manifest
new file mode 100644
index 000000000..8abc4a7d1
--- /dev/null
+++ b/app-admin/opensnitch-ebpf-module/Manifest
@@ -0,0 +1,2 @@
+DIST linux-6.0.14.tar.gz 214150171 BLAKE2B 98ec9c9d25416fe757712d629818a51b3f2fbb42b792a2e991f32841487de3115d593a72f61ceefeb92ddc8f75e7d6161eff74d017243fe1115f9e116c0850f6 SHA512 b5b33c25f6bcdc644bfe852ecc50d9ef516660de2e5bc6b42a675cd67c67740ce62a6e6f775de35a823d82bfeec773f6b94cedc79957fbf43a0b6c964887d681
+DIST opensnitch-ebpf-module-1.5.8.tar.gz 1054833 BLAKE2B a4ff85524cbe533977cb7740d5c26202444f26286dcb2ebaf081111e6b6152148b0b76c0da7c43e50aeb6ff164ea9154e505c400fac8a292e116e15ba28d4ecf SHA512 d3027f1b84ead4ca870c3aa6442811e1cf1056a29429a069de35d73a3366b474d3d95e5cf8f3666dcf3277375af49e13794290d9914fbeec169d84e2dd610a04
diff --git a/app-admin/opensnitch-ebpf-module/opensnitch-ebpf-module-1.5.8.ebuild b/app-admin/opensnitch-ebpf-module/opensnitch-ebpf-module-1.5.8.ebuild
new file mode 100644
index 000000000..65c9e26d2
--- /dev/null
+++ b/app-admin/opensnitch-ebpf-module/opensnitch-ebpf-module-1.5.8.ebuild
@@ -0,0 +1,92 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit linux-info
+
+DESCRIPTION="eBPF process monitor module for opensnitch"
+HOMEPAGE="https://github.com/evilsocket/opensnitch"
+
+LICENSE="GPL-3"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+
+# latest kernel that builds: 6.0.14
+_KV_MAJOR=6
+_KV_MINOR=0
+_KV_PATCH=14
+
+SRC_URI="
+	https://github.com/evilsocket/opensnitch/archive/refs/tags/v${PV}.tar.gz -> ${P}.tar.gz
+	https://cdn.kernel.org/pub/linux/kernel/v${_KV_MAJOR}.x/linux-${_KV_MAJOR}.${_KV_MINOR}.${_KV_PATCH}.tar.gz
+"
+
+S="${WORKDIR}/linux-${_KV_MAJOR}.${_KV_MINOR}.${_KV_PATCH}"
+_BPF_S="${WORKDIR}/opensnitch-${PV}/ebpf_prog"
+_KERNEL_BPF_PATH=samples/bpf
+
+BDEPEND="
+	sys-devel/bc
+	sys-devel/clang
+	sys-devel/llvm
+	net-misc/rsync
+"
+
+RESTRICT="strip test"
+QA_PREBUILT="*"
+
+PATCHES=(
+	"${_BPF_S}/file.patch"
+)
+
+# see https://github.com/evilsocket/opensnitch/issues/774
+# and https://github.com/evilsocket/opensnitch/tree/master/ebpf_prog
+CONFIG_CHECK="
+	DEBUG_FS
+	FTRACE
+	CGROUP_BPF
+	BPF
+	BPF_SYSCALL
+	BPF_EVENTS
+	KPROBES
+	KPROBES_ON_FTRACE
+	HAVE_KPROBES
+	HAVE_KPROBES_ON_FTRACE
+	KPROBE_EVENTS
+	HAVE_SYSCALL_TRACEPOINTS
+	FTRACE_SYSCALLS
+	UPROBE_EVENTS
+"
+
+pkg_pretend() {
+	linux-info_pkg_setup
+}
+
+src_prepare() {
+	default
+	local MY_SRC=(
+		"${_BPF_S}/opensnitch.c"
+		"${_BPF_S}/Makefile"
+	)
+	cp "${MY_SRC[@]}" "${_KERNEL_BPF_PATH}" || die
+}
+
+src_configure() {
+	set_arch_to_kernel
+	yes "" | make oldconfig
+	emake prepare
+}
+
+src_compile() {
+	emake headers_install
+
+	emake -C "${_KERNEL_BPF_PATH}"
+
+	llvm-strip -g "${_KERNEL_BPF_PATH}"/opensnitch.o
+}
+
+src_install(){
+	insinto /etc/opensnitchd
+	doins "${_KERNEL_BPF_PATH}"/opensnitch.o
+}