# Copyright 1999-2024 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2

EAPI=8

inherit linux-info

DESCRIPTION="eBPF process monitor module for opensnitch"
HOMEPAGE="https://github.com/evilsocket/opensnitch"
# NOTE: app-admin/opensnitch and this ebuild share the same source
SRC_URI="
	https://github.com/evilsocket/opensnitch/archive/refs/tags/v${PV}.tar.gz -> opensnitch-${PV}.gh.tar.gz
"

S="${WORKDIR}/opensnitch-${PV}"
LICENSE="GPL-3"
SLOT="0"
KEYWORDS="amd64"
IUSE="dist-kernel"

EBPF_DIR=ebpf_prog
MINKV=5.5 # only compatible with kernels >= 5.5

RDEPEND="
	dist-kernel? ( virtual/dist-kernel:= )
	~app-admin/opensnitch-$PV
"

DEPEND="
	virtual/linux-sources
	>=sys-kernel/linux-headers-${MINKV}
"

BDEPEND="
	sys-devel/bc
	llvm-core/clang
	llvm-core/llvm
"

RESTRICT="strip test"
QA_PREBUILT="*"

pkg_setup() {
	# see https://github.com/evilsocket/opensnitch/discussions/978
	local CONFIG_CHECK="
		CGROUP_BPF
		BPF_EVENTS
		FTRACE_SYSCALLS
		KPROBES_ON_FTRACE
		KPROBE_EVENTS
		UPROBE_EVENTS
	"

	linux-info_pkg_setup
	kernel_is -ge ${MINKV//./ } || die "Kernel version at least ${MINKV} required"
}

src_compile() {
	MODULES_MAKEARGS+=(
		ARCH="x86"
		EXTRA_FLAGS="-fno-stack-protector -fcf-protection"
		KERNEL_DIR="${KV_DIR}"
		KERNEL_HEADERS=/usr # gentoo installs linux-headers to /usr
	)
	emake "${MODULES_MAKEARGS[@]}" -C "$EBPF_DIR" || die
	llvm-strip -g "$EBPF_DIR"/opensnitch*.o
}

src_install(){
	insinto /usr/lib/opensnitchd/ebpf/
	doins "$EBPF_DIR"/opensnitch.o
	doins "$EBPF_DIR"/opensnitch-dns.o
	doins "$EBPF_DIR"/opensnitch-procs.o
}