safing / portmaster Goto Github PK

🏔 Love Freedom - ❌ Block Mass Surveillance

License: GNU General Public License v3.0

Go 50.59% Shell 0.33% C 32.49% Earthly 0.21% CSS 0.13% Dockerfile 0.02% TypeScript 10.38% JavaScript 0.11% HTML 3.50% SCSS 1.00% Less 0.01% Rust 1.25%

application-firewall dns firewall go golang privacy privacy-by-design privacy-protection privacy-enhancing-technologies privacy-tools

portmaster's People

Contributors

Stargazers

Watchers

Forkers

xi1314 shammishailaj fossabot bansicloud simhaonline northys codingspiderfox ridhubharan sjas socialsky-io zeyad-azima piterpentester askmetoo notabombe backup-fork jordan-mr glacier-db hobbit19 qbit ozymandis500 m132 neat8 linuxerwang apachescribe rchavp abduikadir tpgone isgasho jeff-bouchard przemas-k grala96 suryach24 abdulroufsidhu haxormad ebfork mewbak midi-in tekh-ops ramihadji niilante curtcox skyhoshi seeu3 chaoscalm 5l1v3r1 drk1rd naseberry accordingtomark iasoncl go-awesome sidgotama developgo wasabikoolaid wesslim jamesli0011 karachikorai ldseraph spread0x manhtran91 positioner jannik-behringer qi-xm karama300 classicvalues product-think2049 3vfxvc linux-devices latorredev ioneks hanok2 andy-shi88 mrsinghchem abood640 vlabo new-quaere dnsoa weiplanet jackwiy coolboyly killvxk yibit nonomal wisdark dudw dangquochuy1993 buyersystem sanyuesiyuewuyue sinsixx davgit jiazengp royswale awesome-archive coolashel xymbian ironnman typicaldev4fun shoklan14 avinal mbijon paultyng

portmaster's Issues

Add cleanup command to portmaster-control

Add a cleanup-command which forces to stop Portmaster (core, app and notifier) and which cleans up iptables rules.

Normally this shouldn't be needed but to give people an option to limit the cause of other bugs. Additionally, the stop-Part would otherwise still need to be done in the systemd service-file.

TeamSpeak 3 connection issue

Checklist:

I'm using the official portmaster release (i.e no custom builds)
I searched for similar/existing issues first.
My issue is not mentioned in the Known Issues section of my OS

What happened:
When connecting to a TeamSpeak 3 server given a domain like ts.example.com(points to IP address) it don't connect.

What you expected to happen:
For the client to connect to the TeamSpeak 3 server.

How to reproduce it (as minimally and precisely as possible):
Find a TeamSpeak 3 server that uses a domain name, try and connect to it while Portmaster is enabled.

Anything else we need to know?:
I have not tried it with a plain IP address only a domain that points to their relative IP address.

I found a fix for this issue kinda...
Copy the domain name into the url of the browser and hit enter.

From what I understand when I try and connect the domain through the TeamSpeak 3 first it don't query the domain? until I goto the browser and do what I said above, But now I have found that sometimes it works and other times it don't.

Environment:

Portmaster Version:

Versions from the `About` page in Portmaster's UI

I will update this when I'm able to, but I'm pretty sure I'm running the latest build.

Operating System:

Windows 7
Windows 8/8.1
Windows 10
Linux

Improve Portmaster API authentication failure error message

What would you like to be added:

Return a helpful error message when authentication in the Portmaster API fails. Especially explain why the request was denied and what workarounds exists (eg. dev mode).

Why is this needed:

When accessing the Portmaster API from outside the portmaster ecosystem, the feedback ("Forbidden") is not helpful at all.

High CPU usage when Wi-Fi disconnected after wake up

Checklist:

I'm using the official portmaster release (i.e no custom builds)
I searched for similar/existing issues first.
My issue is not mentioned in the Known Issues section of my OS

What happened:

I have changed Wi-Fi SSDI of known network used by laptop where portmaster is running. After system wake up the laptop did not connect to the Wi-Fi and I have noticed that fans started running at full speed. In log there was only spam from resolver because it couldn't connect to cloudflare dns servers in loop while using 400% CPU.

After connecting to the Wi-Fi network again the DNS requests from apps were resolved and the load caused by portmaster dropped immediately.

What you expected to happen:

Resolver should wait for network connection before querying configured DNS servers in loop.

How to reproduce it (as minimally and precisely as possible):

fresh ubuntu + portmaster
disconnect from network
open page in browser / run dig / be creative
portmaster resolver starts to spam could not connect to Cloudflare

Anything else we need to know?:

Environment:

Portmaster Version:

Name: Portmaster
Version: 0.4.9
Commit: tags/v0.4.9-0-g1ea376fb03fb57a9c44a1bdbe45238f3b7d59f5c
Build Options: main.go
Build User: user
Build Host: docker
Build Date: 16.06.2020
Build Source: https://github.com/Safing/portmaster

Operating System:

Windows 7
Windows 8/8.1
Windows 10
Linux

NAME="Ubuntu"
VERSION="20.04 LTS (Focal Fossa)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 20.04 LTS"
VERSION_ID="20.04"
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
VERSION_CODENAME=focal
UBUNTU_CODENAME=focal

Add data usage monitoring

Portmaster is really a great piece of software. Does the all things that is advertised. It will be the ultimate tool if you consider to add the following features.

A visual way to represent the telemetries something like monitoring graph.
Network data usage monitoring.

Switch to Go Modules

Also switch portbase und portmaster-ui in the process.

API address is empty if not overridden via cli flag

AWS Console assets from CDN are blocked because of low lms score

Checklist:

I'm using the official portmaster release (i.e no custom builds)
I searched for similar/existing issues first.
My issue is not mentioned in the Known Issues section of my OS

What happened:

Tried to access aws console from both firefox (deb) and chromium (snap). When I logged successfully the js assets did not load.

What you expected to happen:

aws console assets not being blocked

How to reproduce it (as minimally and precisely as possible):

northys at northys-laptop in ~
» curl https://d2q66yyjeovezo.cloudfront.net/js/mezz-35gbnwov975sjdhcbsf/mezz-302ea86b8673e28960dc31df5e965a17d2c64474.gz.js
curl: (7) Failed to connect to d2q66yyjeovezo.cloudfront.net port 443: Connection refused
northys at northys-laptop in ~
» dig d2q66yyjeovezo.cloudfront.net

; <<>> DiG 9.16.1-Ubuntu <<>> d2q66yyjeovezo.cloudfront.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3616
;; flags: qr rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;d2q66yyjeovezo.cloudfront.net.	IN	A

;; ANSWER SECTION:
d2q66yyjeovezo.cloudfront.net. 0 IN	A	0.0.0.0

;; Query time: 256 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Čt srp 06 18:57:35 CEST 2020
;; MSG SIZE  rcvd: 92

Anything else we need to know?:

Environment:

LOGLEVEL=debug
PORTMASTER_ARGS="--experimental-nfqueue"

Portmaster Version:

Name: Portmaster
Version: 0.4.18
Commit: tags/v0.4.18-0-gdefd88d3a0bf4932b9152f8549d5ee39d44c4c51-dirty
Build Options: main.go
Build User: user
Build Host: docker
Build Date: 31.07.2020
Build Source: https://github.com/safing/portmaster

Operating System:

Windows 7
Windows 8/8.1
Windows 10
Linux

NAME="Ubuntu"
VERSION="20.04.1 LTS (Focal Fossa)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 20.04.1 LTS"
VERSION_ID="20.04"
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
VERSION_CODENAME=focal
UBUNTU_CODENAME=focal

If applicable you can provide related sections from the log files and ensure to remove sensitive or otherwise private information.

srp 06 18:50:23 northys-laptop portmaster-start[1374]: 200806 18:50:23.310 connection:235 ▶ INFO 755 filter: dropping connection Unknown::-1 <- 192.168.31.150, endpoint is not whitelisted (incoming is always default=block)
srp 06 18:50:23 northys-laptop portmaster-start[1374]: 200806 18:50:23.319 connection:207 ▶ INFO 756 filter: granting connection root:/var/lib/portmaster/updates/linux_amd64/core/portmaster-core_v0-4-18:1557 -> 192.168.31.1, internally approved
srp 06 18:50:23 northys-laptop portmaster-start[1374]: 200806 18:50:23.457 terception:110 ▶ DEBU 757 accepting local dns: OUT UDP 127.0.0.1:42116 <-> 127.0.0.53:53
srp 06 18:50:23 northys-laptop portmaster-start[1374]: 200806 18:50:23.507 exp/packet:076 ▶ WARN 758 nfqexp: failed to set verdict AcceptAlways for 2545 (127.0.0.1 -> 127.0.0.53): netlink send: sendmsg: i/o timeout
srp 06 18:50:23 northys-laptop portmaster-start[1374]: 200806 18:50:23.557 exp/packet:076 ▶ WARN 759 nfqexp: failed to set verdict AcceptAlways for 2545 (127.0.0.1 -> 127.0.0.53): netlink send: sendmsg: i/o timeout
srp 06 18:50:23 northys-laptop portmaster-start[1374]: 200806 18:50:23.608 exp/packet:076 ▶ WARN 760 nfqexp: failed to set verdict AcceptAlways for 2545 (127.0.0.1 -> 127.0.0.53): netlink send: sendmsg: i/o timeout
srp 06 18:50:23 northys-laptop portmaster-start[1374]: 200806 18:50:23.658 exp/packet:076 ▶ WARN 761 nfqexp: failed to set verdict AcceptAlways for 2545 (127.0.0.1 -> 127.0.0.53): netlink send: sendmsg: i/o timeout
srp 06 18:50:23 northys-laptop portmaster-start[1374]: 200806 18:50:23.708 exp/packet:076 ▶ WARN 762 nfqexp: failed to set verdict AcceptAlways for 2545 (127.0.0.1 -> 127.0.0.53): netlink send: sendmsg: i/o timeout
srp 06 18:50:23 northys-laptop portmaster-start[1374]: 200806 18:50:23.759 exp/packet:076 ▶ WARN 763 nfqexp: failed to set verdict AcceptAlways for 2545 (127.0.0.1 -> 127.0.0.53): netlink send: sendmsg: i/o timeout
srp 06 18:50:23 northys-laptop portmaster-start[1374]: 200806 18:50:23.809 exp/packet:076 ▶ WARN 764 nfqexp: failed to set verdict AcceptAlways for 2545 (127.0.0.1 -> 127.0.0.53): netlink send: sendmsg: i/o timeout
srp 06 18:50:23 northys-laptop portmaster-start[1374]: 200806 18:50:23.859 exp/packet:076 ▶ WARN 765 nfqexp: failed to set verdict AcceptAlways for 2545 (127.0.0.1 -> 127.0.0.53): netlink send: sendmsg: i/o timeout
srp 06 18:50:23 northys-laptop portmaster-start[1374]: 200806 18:50:23.868 nameserver:220 ▶ WARN 766 nameserver: possible data tunnel by northys:/snap/chromium/1244/usr/lib/chromium-browser/chrome:6845: d2q66yyjeovezo.cloudfront.net. has lms score of 7.142857, returning nxdomain
srp 06 18:50:23 northys-laptop portmaster-start[1374]: 200806 18:50:23.868 connection:221 ▶ INFO 767 filter: blocking connection northys:/snap/chromium/1244/usr/lib/chromium-browser/chrome:6845 to d2q66yyjeovezo.cloudfront.net. (<nil>), Possible data tunnel
srp 06 18:50:23 northys-laptop portmaster-start[1374]: 200806 18:50:23.961 ocess/find:023 ▶ DEBU 768 process: failed to find PID of connection: could not find connection in system state tables
srp 06 18:50:23 northys-laptop portmaster-start[1374]: 200806 18:50:23.961 connection:106 ▶ DEBU 769 network: failed to find process of packet OUT TCP ::1:33038 <-> ::1:9229: could not find connection in system state tables
srp 06 18:50:23 northys-laptop portmaster-start[1374]: 200806 18:50:23.961 connection:207 ▶ INFO 770 filter: granting connection Unknown::-1 -> ::1, endpoint is not blacklisted (default=permit)
srp 06 18:50:24 northys-laptop portmaster-start[1374]: 200806 18:50:24.072 all/master:108 ▶ WARN 771 filter: failed to find local peer process PID: could not find connection in system state tables
srp 06 18:50:24 northys-laptop portmaster-start[1374]: 200806 18:50:24.072 connection:207 ▶ INFO 772 filter: granting connection northys:/snap/chromium/1244/usr/lib/chromium-browser/chrome:6845 -> 127.0.0.1, endpoint is not blacklisted (default=permit)
srp 06 18:50:24 northys-laptop portmaster-start[1374]: 200806 18:50:24.080 all/master:108 ▶ WARN 773 filter: failed to find local peer process PID: could not find connection in system state tables
srp 06 18:50:24 northys-laptop portmaster-start[1374]: 200806 18:50:24.080 connection:207 ▶ INFO 774 filter: granting connection northys:/snap/chromium/1244/usr/lib/chromium-browser/chrome:6845 -> 127.0.0.1, endpoint is not blacklisted (default=permit)
srp 06 18:50:24 northys-laptop portmaster-start[1374]: 200806 18:50:24.080 all/master:108 ▶ WARN 775 filter: failed to find local peer process PID: could not find connection in system state tables

DNS response TTL is dropped and always returns 17

Checklist:

I'm using the official portmaster release (i.e no custom builds)
I searched for similar/existing issues first.
My issue is not mentioned in the Known Issues section of my OS

What happened:

When using portmaster as local DNS every query returns TTL 17 no matter what actual TTL is.

What you expected to happen:

Repeated dig calls every second should count the TTL down to 0.

How to reproduce it (as minimally and precisely as possible):

Install portmaster on Ubuntu (or probably any other OS) and make DNS query using dig or similar tool. Then try the same with nextdns client / cloudflare client / default dnsmasq...

// ensure next dns is running
northys at northys-laptop in ~
» sudo nextdns status
running

// query root.cz multiple times and get lower TTL each call - 600, 598, 595... I've removed all but answer section from dig output to make it readable
northys at northys-laptop in ~
» dig root.cz
;; ANSWER SECTION:
root.cz.		600	IN	A	91.213.160.188

northys at northys-laptop in ~
» dig root.cz
;; ANSWER SECTION:
root.cz.		598	IN	A	91.213.160.188

northys at northys-laptop in ~
» dig root.cz
;; ANSWER SECTION:
root.cz.		595	IN	A	91.213.160.188



// stop nextdns and start portmaster to use it as local dns
northys at northys-laptop in ~
» sudo systemctl stop nextdns.service 
northys at northys-laptop in ~
» sudo systemctl start portmaster.service 

// sudenly all calls returns ttl 17 no matter what DNS I try to use (quad9, cloudflare..). you can see that it is making actual DNS queries with no cache because it took around 150ms for each query to finish
northys at northys-laptop in ~
» dig root.cz
;; ANSWER SECTION:
root.cz.		17	IN	A	91.213.160.188

;; Query time: 132 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: So čen 06 00:37:00 CEST 2020
;; MSG SIZE  rcvd: 48

northys at northys-laptop in ~
» dig root.cz
;; ANSWER SECTION:
root.cz.		17	IN	A	91.213.160.188

;; Query time: 144 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: So čen 06 00:44:13 CEST 2020
;; MSG SIZE  rcvd: 48

northys at northys-laptop in ~
» dig root.cz
;; ANSWER SECTION:
root.cz.		17	IN	A	91.213.160.188

;; Query time: 156 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: So čen 06 00:44:20 CEST 2020
;; MSG SIZE  rcvd: 48

Anything else we need to know?:

Environment:

Name: Portmaster
Version: 0.4.8
Commit: tags/v0.4.8-0-g88322262d863b749b643402fb6de0c6f38495299
Build Options: main.go
Build User: user
Build Host: docker
Build Date: 05.06.2020
Build Source: https://github.com/Safing/portmaster

Operating System:

Windows 7
Windows 8/8.1
Windows 10
Linux

NAME="Ubuntu"
VERSION="20.04 LTS (Focal Fossa)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 20.04 LTS"
VERSION_ID="20.04"
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
VERSION_CODENAME=focal
UBUNTU_CODENAME=focal

If applicable you can provide related sections from the log files and ensure to remove sensitive or otherwise private information.

Silent NFQueue Fail

Creating a new issue for something that came up in another thread:

The network has stopped working in bar :( systemctl restart portmaster fixed it as usually.

Sadly I have recently changed log level to info..

čec 25 23:01:37 northys-laptop portmaster-control[42451]: 200725 23:01:37.682 connection:207 ▶ INFO 076 filter: granting connection Unknown::-1 to maps.gstatic.com. (172.217.23.195), endpoint is not blacklisted (default=permit)
čec 25 23:01:37 northys-laptop portmaster-control[42451]: 200725 23:01:37.775 connection:207 ▶ INFO 077 filter: granting connection Unknown::-1 to maps.gstatic.com. (172.217.23.195), endpoint is not blacklisted (default=permit)
čec 25 23:01:37 northys-laptop portmaster-control[42451]: 200725 23:01:37.867 connection:207 ▶ INFO 078 filter: granting connection Unknown::-1 to maps.gstatic.com. (172.217.23.195), endpoint is not blacklisted (default=permit)
čec 25 23:01:49 northys-laptop portmaster-control[42451]: 200725 23:01:49.145 er/resolve:204 ▶ WARN 079 resolver: async query for www.gstatic.com.A failed: all 3 query-compliant resolvers failed, last error: read udp 192.168.101.52:58825->213.46.172.37:53: i/o timeout
čec 25 23:01:53 northys-laptop portmaster-control[42451]: 200725 23:01:53.983 tel/entity:170 ▶ WARN 080 intel: failed to resolve IP 192.168.101.42: failed to resolve 42.101.168.192.in-addr.arpa.PTR: all 1 query-compliant resolvers failed, last error: failed to send query: write udp6 [::]:44732->[ff02::fb]:5353: sendto: cannot assign requested address
čec 25 23:01:53 northys-laptop portmaster-control[42451]: 200725 23:01:53.983 connection:235 ▶ INFO 081 filter: dropping connection Unknown::-1 <- 192.168.101.42, endpoint is not whitelisted (incoming is always default=block)
čec 25 23:02:05 northys-laptop portmaster-control[42451]: 200725 23:02:05.556 tel/entity:170 ▶ WARN 082 intel: failed to resolve IP 192.168.101.1: failed to resolve 1.101.168.192.in-addr.arpa.PTR: all 1 query-compliant resolvers failed, last error: failed to send query: write udp6 [::]:44732->[ff02::fb]:5353: sendto: cannot assign requested address
čec 25 23:02:05 northys-laptop portmaster-control[42451]: 200725 23:02:05.556 connection:235 ▶ INFO 083 filter: dropping connection Unknown::-1 <- 192.168.101.1, endpoint is not whitelisted (incoming is always default=block)
čec 25 23:03:43 northys-laptop portmaster-control[42451]: 200725 23:03:43.552 tel/entity:170 ▶ WARN 084 intel: failed to resolve IP 192.168.101.11: failed to resolve 11.101.168.192.in-addr.arpa.PTR: all 1 query-compliant resolvers failed, last error: failed to send query: write udp6 [::]:44732->[ff02::fb]:5353: sendto: cannot assign requested address
čec 25 23:03:43 northys-laptop portmaster-control[42451]: 200725 23:03:43.552 connection:235 ▶ INFO 085 filter: dropping connection Unknown::-1 <- 192.168.101.11, endpoint is not whitelisted (incoming is always default=block)
čec 25 23:03:43 northys-laptop portmaster-control[42451]: 200725 23:03:43.556 all/master:081 ▶ INFO 086 filter: granting own connection root:/var/lib/portmaster/updates/linux_amd64/core/portmaster-core_v0-4-16:43322 <- 192.168.101.11
čec 25 23:03:43 northys-laptop portmaster-control[42451]: 200725 23:03:43.556 tel/entity:170 ▶ WARN 087 intel: failed to resolve IP fe80::149a:f07a:fe67:6b7c: failed to resolve c.7.b.6.7.6.e.f.a.7.0.f.a.9.4.1.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa.PTR: all 1 query-compliant resolvers failed, last error: failed to send query: write udp6 [::]:44732->[ff02::fb]:5353: sendto: cannot assign requested address
čec 25 23:03:43 northys-laptop portmaster-control[42451]: 200725 23:03:43.556 connection:235 ▶ INFO 088 filter: dropping connection Unknown::-1 <- fe80::149a:f07a:fe67:6b7c, endpoint is not whitelisted (incoming is always default=block)





Welcome to fish, the friendly interactive shell
northys at northys-laptop in ~/c/b/backend (staging|✚1…3)
» dig root.cz
^C⏎ # did not work
northys at northys-laptop in ~/c/b/backend (staging|✚1…3)
» ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
^C
--- 8.8.8.8 ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 1026ms

northys at northys-laptop in ~/c/b/backend (staging|✚1…3)
»

Originally posted by @northys in #86 (comment)

I have to restart portmaster almost every wake up.

Originally posted by @northys in a follow-up comment.

A few minutes ago I was logged to a server via SSH and I was able to execute commands but I couldn't start any new connection on my laptop (e.g. ping to 8.8.8.8.8 either without or with -n).

Originally posted by @northys in a follow-up comment.

Special handling for API access

In order to ensure connectivity between all components all the time, the Portmaster should always allow access to its API and then check for permissions after the connection has been established.

Nameserver/Resolving Improvements

Fetching nameserver and resolving can be a complex matter. Check out additional edge cases and situations:

Linux: Research if resolving over dbus could bypass Portmaster
Linux: Get name servers from systemd service resolver
Windows: Get DHCP name servers incl. scopes
Netenv:
- Parse and provide /etc/hosts file access: lookup by Domain, lookup by IP
- use before DNS query
- use after no domain is found for IP

Improve "support" for conflicting services

We should support service takeover only for a handful of selected service where we know how to gracefully stop and restart them afterwards (and that we won't interfere with some other functionality). If the Portmaster discovers some unknown or unsupported service it should refuse to start and notify the user about the problem. I'd also add some command-line flag or environment variable to disable the hard takeover completely.

Originally posted by @ppacher in #93 (comment)

error loading indexes: open /var/lib/portmaster/updates/stable.json: no such file or directory

Checklist:

I'm using the official portmaster release (i.e no custom builds)
I searched for similar/existing issues first.
My issue is not mentioned in the Known Issues section of my OS

What happened:
I get the following error, right after following the manual installation instructions and trying to start the systemd service:

error loading indexes: open /var/lib/portmaster/updates/stable.json: no such file or directory

What you expected to happen:
No error, portmaster daemon starting.

How to reproduce it (as minimally and precisely as possible):

Tested on: 5.6.16-1-MANJARO
freshly installed portmaster-control 0.4.9
systemd service fails

Anything else we need to know?:
Not sure :S

Environment:
Manjaro Linux
Kernel: 5.6.16-1-MANJARO

Portmaster Version: latest (0.4.9)

Operating System:

Windows 7
Windows 8/8.1
Windows 10
Linux
- Please provide the output of cat /etc/os-release

NAME="Manjaro Linux"
ID=manjaro
ID_LIKE=arch
BUILD_ID=rolling
PRETTY_NAME="Manjaro Linux"
ANSI_COLOR="32;2;24;144;200"
HOME_URL="https://manjaro.org/"
DOCUMENTATION_URL="https://wiki.manjaro.org/"
SUPPORT_URL="https://manjaro.org/"
BUG_REPORT_URL="https://bugs.manjaro.org/"
LOGO=manjarolinux

Systemd full log:

Jun 20 01:34:33 Thin systemd[1]: Started Portmaster Privacy App.
Jun 20 01:34:33 Thin portmaster-control[35500]: [control] 2020/06/19 23:34:33 WARNING: error loading indexes: open /var/lib/portmaster/updates/stable.json: no such file or directory
Jun 20 01:34:33 Thin portmaster-control[35500]: [control] 2020/06/19 23:34:33 execution of core/portmaster-core failed: could not get component: the requested file could not be found
Jun 20 01:34:33 Thin portmaster-control[35500]: [control] 2020/06/19 23:34:33 trying again...
Jun 20 01:34:33 Thin portmaster-control[35500]: [control] 2020/06/19 23:34:33 execution of core/portmaster-core failed: could not get component: the requested file could not be found
Jun 20 01:34:33 Thin portmaster-control[35500]: [control] 2020/06/19 23:34:33 trying again...
Jun 20 01:34:33 Thin portmaster-control[35500]: [control] 2020/06/19 23:34:33 execution of core/portmaster-core failed: could not get component: the requested file could not be found
Jun 20 01:34:33 Thin portmaster-control[35500]: [control] 2020/06/19 23:34:33 trying again...
Jun 20 01:34:33 Thin portmaster-control[35500]: [control] 2020/06/19 23:34:33 execution of core/portmaster-core failed: could not get component: the requested file could not be found
Jun 20 01:34:33 Thin portmaster-control[35500]: [control] 2020/06/19 23:34:33 trying again...
Jun 20 01:34:33 Thin portmaster-control[35500]: [control] 2020/06/19 23:34:33 execution of core/portmaster-core failed: could not get component: the requested file could not be found
Jun 20 01:34:33 Thin portmaster-control[35500]: [control] 2020/06/19 23:34:33 error seems to be permanent, giving up...
Jun 20 01:34:33 Thin portmaster-control[35500]: Error: could not get component: the requested file could not be found
Jun 20 01:34:33 Thin systemd[1]: portmaster.service: Main process exited, code=exited, status=1/FAILURE
Jun 20 01:34:33 Thin sh[35541]: iptables: No chain/target/match by that name.
Jun 20 01:34:33 Thin sh[35546]: iptables: No chain/target/match by that name.
Jun 20 01:34:33 Thin sh[35550]: iptables: No chain/target/match by that name.
Jun 20 01:34:33 Thin systemd[1]: portmaster.service: Failed with result 'exit-code'.

worker dns client failed: panic: runtime error: invalid memory address or nil pointer dereference

Checklist:

I'm using the official portmaster release (i.e no custom builds)
I searched for similar/existing issues first.
My issue is not mentioned in the Known Issues section of my OS

What happened:

DNS stopps working randomly. systemctl restart portmaster.server usually fixes this issue but sometimes I have to reboot the system.

What you expected to happen:

0 dns panic error reports in log.

How to reproduce it (as minimally and precisely as possible):

using Ubuntu 20.04
running latest portmaster
the only option I have changed in DNS section is DNS server list - dot://1.1.1.2:853?verify=cloudflare-dns.com&name=Cloudflare&blockedif=zeroip, dot://1.0.0.2:853?verify=cloudflare-dns.com&name=Cloudflare&blockedif=zeroip, dns://9.9.9.9:53?name=Quad9&blockedif=empty, dns://149.112.112.112:53?name=Quad9&blockedif=empty, dns://1.1.1.2:53?name=Cloudflare&blockedif=zeroip, dns://1.0.0.2:53?name=Cloudflare&blockedif=zeroip
dns service reports panic randomly a few times a day

Anything else we need to know?:

I had ping running for few minutes before and after the error happened. When I stopped the ping to 8.8.8.8 (direct ip, no dns resolve, at least I hope) and started it again it didn't work at all and reported 100% packet loss.

ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
^C
--- 8.8.8.8 ping statistics ---
8 packets transmitted, 0 received, 100% packet loss, time 7150ms

Environment:

Portmaster Version:

Name: Portmaster
Version: 0.4.10
Commit: tags/v0.4.10-0-g2afd9cd1438b6fe71b981938aad734ee3de81e07
Build Options: main.go
Build User: user
Build Host: docker
Build Date: 27.06.2020
Build Source: https://github.com/safing/portmaster

Operating System:

Windows 7
Windows 8/8.1
Windows 10
Linux

NAME="Ubuntu"
VERSION="20.04 LTS (Focal Fossa)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 20.04 LTS"
VERSION_ID="20.04"
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
VERSION_CODENAME=focal
UBUNTU_CODENAME=focal

If applicable you can provide related sections from the log files and ensure to remove sensitive or otherwise private information.

čec 02 13:53:24 northys-laptop portmaster-control[124979]: 200702 13:53:23.996 nameserver:293 ▶ DEBU 636 nameserver: returning response detectportal.firefox.com.AAAA to northys:/usr/lib/firefox/firefox:3730 Σ=19.54987ms
čec 02 13:53:24 northys-laptop portmaster-control[124979]:             4.304µs nameserver:175 ▶ TRAC     nameserver: handling new request for detectportal.firefox.com.AAAA from 127.0.0.1:55541, getting connection
čec 02 13:53:24 northys-laptop portmaster-control[124979]:         19.291012ms ocess/find:025 ▶ TRAC     process: getting pid from system network state
čec 02 13:53:24 northys-laptop portmaster-control[124979]:             4.201µs ss/process:082 ▶ TRAC     process: getting primary process for PID 3730
čec 02 13:53:24 northys-laptop portmaster-control[124979]:            40.556µs ss/profile:017 ▶ TRAC     process: profile already loaded
čec 02 13:53:24 northys-laptop portmaster-control[124979]:            48.932µs er/resolve:099 ▶ TRAC     resolver: resolving detectportal.firefox.com.AAAA
čec 02 13:53:24 northys-laptop portmaster-control[124979]:              4.63µs er/resolve:175 ▶ TRAC     resolver: using cached RR (expires in 9m58.003846551s)
čec 02 13:53:24 northys-laptop portmaster-control[124979]:           156.235µs nameserver:276 ▶ TRAC     nameserver: deciding on resolved dns
čec 02 13:53:24 northys-laptop portmaster-control[124979]: ===== Error Report =====
čec 02 13:53:24 northys-laptop portmaster-control[124979]: Message: panic: runtime error: invalid memory address or nil pointer dereference
čec 02 13:53:24 northys-laptop portmaster-control[124979]: Timestamp: 2020-07-02 13:53:24.014607972 +0200 CEST m=+2725.816721631
čec 02 13:53:24 northys-laptop portmaster-control[124979]: ModuleName: resolver
čec 02 13:53:24 northys-laptop portmaster-control[124979]: TaskName: dns client
čec 02 13:53:24 northys-laptop portmaster-control[124979]: TaskType: worker
čec 02 13:53:24 northys-laptop portmaster-control[124979]: Severity: panic
čec 02 13:53:24 northys-laptop portmaster-control[124979]: PanicValue: runtime error: invalid memory address or nil pointer dereference
čec 02 13:53:24 northys-laptop portmaster-control[124979]: StackTrace:
čec 02 13:53:24 northys-laptop portmaster-control[124979]: goroutine 2955 [running]:
čec 02 13:53:24 northys-laptop portmaster-control[124979]: runtime/debug.Stack(0xbff3e6, 0x9, 0xc0006d57a8)
čec 02 13:53:24 northys-laptop portmaster-control[124979]:         /usr/local/go/src/runtime/debug/stack.go:24 +0x9d
čec 02 13:53:24 northys-laptop portmaster-control[124979]: github.com/safing/portbase/modules.(*Module).NewPanicError(0xc000393040, 0xc00aeb, 0xa, 0xbfa234, 0x6, 0xb1a7a0, 0x1211500, 0x7efef8262718)
čec 02 13:53:24 northys-laptop portmaster-control[124979]:         /home/user/go/src/github.com/safing/portbase/modules/error.go:59 +0x91
čec 02 13:53:24 northys-laptop portmaster-control[124979]: github.com/safing/portbase/modules.(*Module).runWorker.func1(0xc000393040, 0xc00aeb, 0xa, 0xc000c2bef0)
čec 02 13:53:24 northys-laptop portmaster-control[124979]:         /home/user/go/src/github.com/safing/portbase/modules/worker.go:110 +0x89
čec 02 13:53:24 northys-laptop portmaster-control[124979]: panic(0xb1a7a0, 0x1211500)
čec 02 13:53:24 northys-laptop portmaster-control[124979]:         /usr/local/go/src/runtime/panic.go:969 +0x166
čec 02 13:53:24 northys-laptop portmaster-control[124979]: github.com/safing/portmaster/resolver.(*TCPResolver).client(0xc0001da0e0, 0xd1e280, 0xc0009141c0, 0xa5a75a, 0xc0015fc7e0)
čec 02 13:53:24 northys-laptop portmaster-control[124979]:         /home/user/go/src/github.com/safing/portmaster/resolver/resolver-tcp.go:125 +0x18a8
čec 02 13:53:24 northys-laptop portmaster-control[124979]: github.com/safing/portbase/modules.(*Module).runWorker(0xc000393040, 0xc00aeb, 0xa, 0xc0019efd10, 0x0, 0x0)
čec 02 13:53:24 northys-laptop portmaster-control[124979]:         /home/user/go/src/github.com/safing/portbase/modules/worker.go:117 +0xa0
čec 02 13:53:24 northys-laptop portmaster-control[124979]: github.com/safing/portbase/modules.(*Module).RunWorker(0xc000393040, 0xc00aeb, 0xa, 0xc0019efd10, 0x0, 0x0)
čec 02 13:53:24 northys-laptop portmaster-control[124979]:         /home/user/go/src/github.com/safing/portbase/modules/worker.go:48 +0xb5
čec 02 13:53:24 northys-laptop portmaster-control[124979]: github.com/safing/portbase/modules.(*Module).StartWorker.func1(0xc000393040, 0xc00aeb, 0xa, 0xc0019efd10)
čec 02 13:53:24 northys-laptop portmaster-control[124979]:         /home/user/go/src/github.com/safing/portbase/modules/worker.go:27 +0x59
čec 02 13:53:24 northys-laptop portmaster-control[124979]: created by github.com/safing/portbase/modules.(*Module).StartWorker
čec 02 13:53:24 northys-laptop portmaster-control[124979]:         /home/user/go/src/github.com/safing/portbase/modules/worker.go:26 +0x5d
čec 02 13:53:24 northys-laptop portmaster-control[124979]: ===== End of Report =====
čec 02 13:53:24 northys-laptop portmaster-control[124979]: 200702 13:53:24.014 r/resolver:177 ▶ TRAC 637 resolver: created new connection to Quad9 (9.9.9.9:53)
čec 02 13:53:24 northys-laptop portmaster-control[124979]: 200702 13:53:24.014 les/worker:029 ▶ WARN 638 resolver: worker dns client failed: panic: runtime error: invalid memory address or nil pointer dereference
čec 02 13:53:24 northys-laptop portmaster-control[124979]: 200702 13:53:24.019 er/resolve:249 ▶ TRAC 639 resolver: skipping resolver Cloudflare, because it failed recently
čec 02 13:53:24 northys-laptop portmaster-control[124979]: 200702 13:53:24.019 r/resolver:177 ▶ TRAC 640 resolver: created new connection to Quad9 (9.9.9.9:53)
čec 02 13:53:24 northys-laptop portmaster-control[124979]: 200702 13:53:24.022 connection:198 ▶ INFO 641 filter: granting connection root:/var/lib/portmaster/updates/linux_amd64/core/portmaster-core_v0-4-10:125003 -> 9.9.9.9, internally approved

Unable to connect to the Internet after sleep mode

Checklist:

I'm using the official portmaster release (i.e no custom builds)
searched for similar/existing issues first.
My issue is not mentioned in the Known Issues section of my OS

What happened:

oneki reported this on reddit: After starting the computer from sleep mode it was unable to connect to the Internet.

What you expected to happen:

Still being able to connect to the Internet.

How to reproduce it (as minimally and precisely as possible):

Install Portmaster, let computer go to sleep, wake up. Enjoy a stress free life without Internet.

Anything else we need to know?:

Restarting the Portmaster seems to be a fix for now, but not very convenient for users in the long run...

Environment:

Portmaster Version: 4.10

Versions from the `About` page in Portmaster's UI

Operating System:

Windows 7
Windows 8/8.1
Windows 10
Linux
- Please provide the output of cat /etc/os-release

If applicable you can provide related sections from the log files and ensure to remove sensitive or otherwise private information.

Linux: /var/lib/portmaster/logs
Windows: %PROGRAMDATA%\Portmaster\ļogs

First day enduser issues

Checklist:

I'm using the official portmaster release (i.e no custom builds)
I searched for similar/existing issues first.
My issue is not mentioned in the Known Issues section of my OS

What happened:
I installed Portmaster, and then when I tried to spin up my VPN, it couldn’t connect. I also am experiencing speed issues with my data. It’s half what it should be. Also, when click any of the links on the support section of Portmaster, I error out. (I was able to finally get the popup to go away by clicking yes a bunch of times) I am attaching screenshots at the bottom.

What you expected to happen:
I expected there to be issues with my VPN, but I wasn’t sure if my speed would be affected by half.

How to reproduce it (as minimally and precisely as possible):

Anything else we need to know?:
I am still very interested in acting as one of your nodes! On twitter I am blindside0x01

Environment:Win10 Pro. All updates applied

Portmaster Version: 0.4.0 pre-Alpha

Versions from the `About` page in Portmaster's UI

Operating System:

Windows 7
Windows 8/8.1
Windows 10
Linux
- Please provide the output of cat /etc/os-release

If applicable you can provide related sections from the log files and ensure to remove sensitive or otherwise private information.

Linux: /var/lib/portmaster/logs
Windows: %PROGRAMDATA%\Portmaster\ļogs

NJ{"Created":1587760483,"Modified":1587760483,"Expires":1590352483,"Deleted":0}S
executing app/portmaster-app.exe version 0.1.7 on windows amd64

Unable to open

I've installed Portmaster on Windows multiple times properly (according to the installation steps), however Portmaster never shows me the GUI when I open it. I've made sure that all startup processes are running and the Portmaster core is also running, however I cannot get Portmaster to open and show me its GUI. My build of Windows is 19041.264 and the version of Portmaster I was installing was 0.4.3

inspectThenVerdict() called twice

inspectThenVerdict() is called twice, once synchron, once in a gorouting:

portmaster/firewall/firewall.go

Line 271 in 321a355

link.SetFirewallHandler(inspectThenVerdict)

portmaster/network/link.go

Line 78 in 321a355

go link.packetHandler()

portmaster/network/link.go

Line 182 in 321a355

fwH(pkt, link)

and

portmaster/firewall/firewall.go

Line 272 in 321a355

inspectThenVerdict(pkt, link)

registered Inspector not called in some circumstances, eg. Portscan

Some Packets get dropped before entering the Portscan-Detector (see branch feature/portscan_detection)

Log-Slice while scanned via nmap:

190823 12:26:28.824 l/firewall:343 ▶ INFO 432 firewall: Drop Unknown::-1 to IL (TCP:172.17.174.213:42512) Σ=1.058375ms
            4.979µs l/firewall:171 ▶ TRAC     firewall: handling packet: IN TCP 172.17.174.219:993 <-> 172.17.174.213:42512
           23.204µs twork/link:307 ▶ TRAC     network: created new link 6-172.17.174.219-993-172.17.174.213-42512
            3.015µs l/firewall:191 ▶ TRAC     firewall: [initial handler]
           703.65µs ocess/find:059 ▶ TRAC     process: getting process and profile by packet
            4.538µs ocess/find:064 ▶ ERRO     process: failed to find PID of connection: could not find socket
            6.513µs l/firewall:221 ▶ WARN     firewall: could not get process, denying link: could not find socket
            3.186µs l/firewall:242 ▶ TRAC     firewall: link attached to Unknown::-1 <- *
           16.521µs l/firewall:252 ▶ TRAC     firewall: starting decision process
          292.769µs l/firewall:272 ▶ TRAC     firewall: start inspecting
190823 12:26:28.827 l/firewall:343 ▶ INFO 433 firewall: Drop Unknown::-1 to IL (TCP:172.17.174.213:37042) Σ=954.24µs

Use destination port for Service Endpoint List matching

What I wanted to do:

I tried to use the "Service endpoint list" configuration option to allow inbound SSH connection to my machine. I want to allow inbound connections to tcp/22 from any host as well as any localhost-only traffic.

What I expected to happen:

I expected that the following settings value would allow inbound SSH from everywhere and all localhost-only traffic:

+ * tcp/22, + localhost, - *

What happened instead

Instead, I encountered multiple issues:

+ localhost (+ Localhost; the default) is an invalid value (regex mismatch). It seems like + localhost. (notice the dot at the end) does work. So even the default value is invalid.
+ * tcp/22 does not allow inbound SSH connections. Instead, it allows inbound connections to every port only if the connection source used tcp/22 as the source port. This behavior does not make any sense at all for incoming connections.

How to reproduce it (as minimally and precisely as possible):

Described above.

Let core download app and notifier

Currently, pmctl downloads app and notifier directly when requested to run these. We want the update directory only to writeable by root, but want to execute app and notifier as a normal user. Therefore, the main Portmaster process must do the download.

App dosn't work [Ubuntu / ZorinOS]

The firewall works flawlessly but whenever I try to open the app with

./pmctl run app --db=/opt/pm_db

I just get a black window. In the browser console it says:

Could not connect: Connection refused

option to disable "no addresses returned for this domain are permitted"

What would you like to be added:

Option to disable "permitted addresses" to filter DNS responses. I use domain names which resolves to 10.0.0.0/8 IPs on regular basis and I get used to SSH using IP instead of comfortable using an hostname. But the fact that there is no way to access OBB railnet is driving me crazy. When I stop portmaster the DNS on my laptop doesn't work at all and when portmaster is running the 0.0.0.0 is returned.

 blocking connection northys:/usr/bin/dig:511278 to railnet.oebb.at. (<nil>), no addresses returned for this domain are permitted

Why is this needed:

Because we live in 21st century where web is accessed using encrypted HTTPS.

Add short build instructions

What would you like to be added:
I would like some simple build instructions added. Go is not a familiar language for lots of people.

Why is this needed:
Because for a tool like this I think people would like to be able to build it from source. Make that easy for us as well!

Use default port for DNS resolver according to given protocol

Checklist:

I'm using the official portmaster release (i.e no custom builds)
I searched for similar/existing issues first.
My issue is not mentioned in the Known Issues section of my OS

What happened:

Trying to set dns://8.8.8.8 but I wasn't successful.

What you expected to happen:

The default port is used automatically, 53 in this case.

Portmaster automatically uses default port for given protocol when no port specified.

How to reproduce it (as minimally and precisely as possible):

ubuntu 20.04
latest portmaster
set DNS servers to dns://8.8.8.8
DNS doesn't work because the port 53 is not used automatically

Anything else we need to know?:

Environment:

Portmaster Version:

Name: Portmaster
Version: 0.5.4
Commit: tags/v0.5.4-0-g6093c5b8476e488b63d3a735b2ad178b7625114b
Build Options: main.go
Build User: user
Build Host: docker
Build Date: 19.08.2020
Build Source: https://github.com/safing/portmaster

Operating System:

Windows 7
Windows 8/8.1
Windows 10
Linux

NAME="Ubuntu"
VERSION="20.04.1 LTS (Focal Fossa)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 20.04.1 LTS"
VERSION_ID="20.04"
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
VERSION_CODENAME=focal
UBUNTU_CODENAME=focal

Filtered DNS response leaks into cache.

What happened:

Reference: #98 (comment)

A query was blocked because all addresses were filtered out.
The settings were changed to allow that query to succeed.
A query for the same domain returns an empty response, but with a success RCODE.

What you expected to happen:

A fresh query to work with immediately with the changed settings.

How to reproduce it (as minimally and precisely as possible):

See ref. 😉

Improve information about DNS queries in the additional section

What would you like to be added:

Add more information to the additional section when returning DNS records:

Add generic information that the request was intercepted and handled by the Portmaster
Add real TTL of requested record(s)

About adding the TTL, there are multiple options here. Should we add the highest / lowest / average TTL? I think adding all TTLs would be a bit too much.

Examples:

info.portmaster.    0 IN TXT "This query was intercepted and handled by the Portmaster"
min.real.ttl.portmaster. 0 IN TXT "3596"
avg.real.ttl.portmaster. 0 IN TXT "3599"
max.real.ttl.portmaster. 0 IN TXT "3600"

These entries should be fully self-explanatory.

Why is this needed:

This information is both helpful for troubleshooting and for users, see #74 (comment).

Can't turn off (disable, shutdown) portmaster on Linux

Checklist:

I'm using the official portmaster release (i.e no custom builds)
I searched for similar/existing issues first.
My issue is not mentioned in the Known Issues section of my OS

What happened:
I tried to turn portmaster off by system-monitor or shutdown it through the UI. I pressed on shutdown in the UI and it said that I should reboot to fully work but after pressing ok, on the bottom left the status says "Not connected to Core!" (new line) "Retrying..." and after a bit it is activated again and it continues to protect me (which i don't want for now). After rebooting nothing happens except portmaster automaticly is running and protecting me. If I close the process in the system-monitor then I have no internet anymore which I also don't want.

What you expected to happen:
I expected to use the internet as I usually do without protection.

How to reproduce it (as minimally and precisely as possible):
Install Portmaster.deb on Pop!_os 20.04, reboot, try to shut it down over UI or end it through system-monitor.

Anything else we need to know?:
There is no simple function to disable it for a minute (which would be useful if you just want to try to connect your virtual machine (virt-manager) with internet or any other program that for some reasons don't work. Can't even find it in the app settings nor monitor)

Environment:

Portmaster Version:

Name: Portmaster
Version: 0.5.4
Commit: tags/v0.5.4-0-g6093c5b8476e488b63d3a735b2ad178b7625114b
Build Options: main.go
Build User: user
Build Host: docker
Build Date: 19.08.2020
Build Source: https://github.com/safing/portmaster

Operating System:

Windows 7
Windows 8/8.1
Windows 10
Linux

NAME="Pop!_OS"
VERSION="20.04 LTS"
ID=pop
ID_LIKE="ubuntu debian"
PRETTY_NAME="Pop!_OS 20.04 LTS"
VERSION_ID="20.04"
HOME_URL="https://pop.system76.com"
SUPPORT_URL="https://support.system76.com"
BUG_REPORT_URL="https://github.com/pop-os/pop/issues"
PRIVACY_POLICY_URL="https://system76.com/privacy"
VERSION_CODENAME=focal
UBUNTU_CODENAME=focal
LOGO=distributor-logo-pop-os

If applicable you can provide related sections from the log files and ensure to remove sensitive or otherwise private information.

Linux: /var/lib/portmaster/logs

Logname: 2020-09-18-18-28-15.log

�NJ{"Created":1600453695,"Modified":1600453695,"Expires":1603045695,"Deleted":0}S
executing core/portmaster-core version 0.5.4 on linux amd64
�[34m200918 20:28:15.835 ▶ BOF�[0m
�[34m200918 20:28:15.835 ules/start:089 ▶ INFO 001�[0m modules: initiating...
�[31m200918 20:28:15.835 e/asm_amd6:1373 ▶ ERRO 002�[0m modules: tasks should only be started when the module is online or starting
�[34m200918 20:28:15.835 ules/start:186 ▶ INFO 003�[0m modules: started database
�[34m200918 20:28:15.836 ules/start:186 ▶ INFO 004�[0m modules: started config
�[34m200918 20:28:15.837 ules/start:186 ▶ INFO 005�[0m modules: started rng
�[34m200918 20:28:15.837 ules/start:186 ▶ INFO 006�[0m modules: started base
�[34m200918 20:28:15.837 ules/start:186 ▶ INFO 007�[0m modules: started subsystems
�[34m200918 20:28:15.837 ules/start:098 ▶ INFO 008�[0m modules: initiated subsystems manager
�[34m200918 20:28:15.938 dules/mgmt:070 ▶ INFO 009�[0m modules: managing changes
�[34m200918 20:28:15.938 ules/start:186 ▶ INFO 010�[0m modules: started api
�[34m200918 20:28:15.938 api/router:062 ▶ INFO 011�[0m api: starting to listen on 127.0.0.1:817
�[34m200918 20:28:15.938 ules/start:186 ▶ INFO 012�[0m modules: started netenv
�[34m200918 20:28:15.938 ules/start:186 ▶ INFO 013�[0m modules: started notifications
�[34m200918 20:28:15.949 ules/start:186 ▶ INFO 014�[0m modules: started status
�[33m200918 20:28:15.953 ment_linux:144 ▶ WARN 015�[0m environment: could not get nameservers from dbus: No such interface “org.freedesktop.DBus.Properties” on object at path /
�[34m200918 20:28:15.953 /resolvers:248 ▶ INFO 016�[0m resolver: no local resolvers loaded
�[34m200918 20:28:15.953 /resolvers:258 ▶ INFO 017�[0m resolver: no system/network-assigned resolvers loaded
�[34m200918 20:28:15.953 /resolvers:272 ▶ INFO 018�[0m resolver: no scopes loaded
�[34m200918 20:28:15.953 ules/start:186 ▶ INFO 019�[0m modules: started resolver
�[34m200918 20:28:15.967 ules/start:186 ▶ INFO 020�[0m modules: started updates
�[34m200918 20:28:15.967 ules/start:186 ▶ INFO 021�[0m modules: started geoip
�[34m200918 20:28:15.967 ules/start:186 ▶ INFO 022�[0m modules: started ui
�[34m200918 20:28:15.971 ine-status:194 ▶ INFO 023�[0m netenv: setting online status to Online (all checks passed)
�[34m200918 20:28:15.984 ules/start:186 ▶ INFO 024�[0m modules: started profiles
�[34m200918 20:28:15.984 ules/start:186 ▶ INFO 025�[0m modules: started processes
�[34m200918 20:28:15.984 ules/start:186 ▶ INFO 026�[0m modules: started network
�[34m200918 20:28:16.065 ules/start:186 ▶ INFO 027�[0m modules: started filterlists
�[34m200918 20:28:16.065 ules/start:186 ▶ INFO 028�[0m modules: started intel
�[34m200918 20:28:16.084 ules/start:186 ▶ INFO 029�[0m modules: started interception
�[34m200918 20:28:16.084 ules/start:186 ▶ INFO 030�[0m modules: started core
�[34m200918 20:28:16.084 ules/start:186 ▶ INFO 031�[0m modules: started filter
�[34m200918 20:28:16.084 ules/start:186 ▶ INFO 032�[0m modules: started nameserver
�[34m200918 20:28:16.084 dules/mgmt:088 ▶ INFO 033�[0m modules: finished managing
�[34m200918 20:28:16.100 les/worker:100 ▶ INFO 034�[0m nameserver: service-worker dns resolver requested restart: stopped conflicting name service with pid 9496 - restarting now
�[34m200918 20:28:16.115 connection:207 ▶ INFO 035�[0m filter: granting connection libvirt-dnsmasq:/usr/sbin/dnsmasq:1441 <- 127.0.0.53, endpoint in allowlist: scope matches Localhost
�[34m200918 20:28:16.468 d-response:051 ▶ INFO 036�[0m api request: 127.0.0.1:50722 HIJ /api/database/v1
�[34m200918 20:28:16.468 i/database:084 ▶ INFO 037�[0m api request: init websocket 127.0.0.1:50722 /api/database/v1
�[34m200918 20:28:16.469 d-response:051 ▶ INFO 038�[0m api request: 127.0.0.1:50720 HIJ /api/database/v1
�[34m200918 20:28:16.469 i/database:084 ▶ INFO 039�[0m api request: init websocket 127.0.0.1:50720 /api/database/v1
�[34m200918 20:28:16.484 d-response:051 ▶ INFO 040�[0m api request: 127.0.0.1:50726 HIJ /api/database/v1
�[34m200918 20:28:16.484 i/database:084 ▶ INFO 041�[0m api request: init websocket 127.0.0.1:50726 /api/database/v1
�[34m200918 20:28:16.484 d-response:051 ▶ INFO 042�[0m api request: 127.0.0.1:50728 HIJ /api/database/v1
�[34m200918 20:28:16.484 i/database:084 ▶ INFO 043�[0m api request: init websocket 127.0.0.1:50728 /api/database/v1
�[34m200918 20:28:16.490 d-response:051 ▶ INFO 044�[0m api request: 127.0.0.1:50732 HIJ /api/database/v1
�[34m200918 20:28:16.490 d-response:051 ▶ INFO 045�[0m api request: 127.0.0.1:50730 HIJ /api/database/v1
�[34m200918 20:28:16.490 i/database:084 ▶ INFO 046�[0m api request: init websocket 127.0.0.1:50732 /api/database/v1
�[34m200918 20:28:16.490 i/database:084 ▶ INFO 047�[0m api request: init websocket 127.0.0.1:50730 /api/database/v1
�[34m200918 20:28:19.121 all/master:084 ▶ INFO 048�[0m filter: granting own connection root:/var/lib/portmaster/updates/linux_amd64/core/portmaster-core_v0-5-4:9562 <- 192.168.2.127
�[33m200918 20:28:22.032 tel/entity:170 ▶ WARN 049�[0m intel: failed to resolve IP 192.168.2.104: failed to resolve 104.2.168.192.in-addr.arpa.PTR: query was blocked: no compliant resolvers for this query
�[34m200918 20:28:22.041 connection:235 ▶ INFO 050�[0m filter: dropping connection Unknown::-1 <- 192.168.2.104, endpoint is not allowed (incoming is always default=block)
�[34m200918 20:28:25.952 all/master:084 ▶ INFO 051 [2x]�[0m filter: granting own connection root:/var/lib/portmaster/updates/linux_amd64/core/portmaster-core_v0-5-4:9562 to updates.safing.io. (<nil>)
�[34m200918 20:28:25.957 all/master:084 ▶ INFO 052�[0m filter: granting own connection root:/var/lib/portmaster/updates/linux_amd64/core/portmaster-core_v0-5-4:9562 to updates.safing.io. (116.203.130.137)
�[34m200918 20:28:26.092 r/updating:077 ▶ INFO 053�[0m updates: updated index stable.json
�[34m200918 20:28:26.110 r/updating:077 ▶ INFO 054�[0m updates: updated index beta.json
�[34m200918 20:28:26.128 r/updating:077 ▶ INFO 055�[0m updates: updated index all/intel/intel.json
�[34m200918 20:28:26.128 r/updating:108 ▶ INFO 056�[0m updates: everything up to date
�[34m200918 20:28:26.143 s/upgrader:200 ▶ INFO 057�[0m updates: upgraded /var/lib/portmaster/portmaster-start
�[33m200918 20:28:28.033 tel/entity:170 ▶ WARN 058�[0m intel: failed to resolve IP 192.168.2.104: failed to resolve 104.2.168.192.in-addr.arpa.PTR: query was blocked: no compliant resolvers for this query

unimportant content in-between

�[33m200918 20:28:41.797 ore/events:037 ▶ WARN 117�[0m core: user requested shutdown
�[33m200918 20:28:41.797 dules/stop:043 ▶ WARN 118�[0m modules: starting shutdown...
�[34m200918 20:28:41.797 dules/stop:098 ▶ INFO 119�[0m modules: stopped filter
�[34m200918 20:28:41.797 dules/stop:098 ▶ INFO 120�[0m modules: stopped intel
�[34m200918 20:28:41.797 dules/stop:098 ▶ INFO 121�[0m modules: stopped geoip
�[34m200918 20:28:41.797 dules/stop:098 ▶ INFO 122�[0m modules: stopped nameserver
�[34m200918 20:28:41.797 dules/stop:098 ▶ INFO 123�[0m modules: stopped filterlists
�[34m200918 20:28:41.797 dules/stop:098 ▶ INFO 124�[0m modules: stopped core
�[34m200918 20:28:41.797 dules/stop:098 ▶ INFO 125�[0m modules: stopped notifications
�[34m200918 20:28:41.797 dules/stop:098 ▶ INFO 126�[0m modules: stopped subsystems
�[34m200918 20:28:41.797 dules/stop:098 ▶ INFO 127�[0m modules: stopped ui
�[34m200918 20:28:41.797 dules/stop:098 ▶ INFO 128�[0m modules: stopped status
�[34m200918 20:28:41.797 dules/stop:098 ▶ INFO 129�[0m modules: stopped resolver
�[34m200918 20:28:41.797 dules/stop:098 ▶ INFO 130�[0m modules: stopped netenv
�[34m200918 20:28:41.797 dules/stop:098 ▶ INFO 131�[0m modules: stopped api
�[34m200918 20:28:41.844 dules/stop:098 ▶ INFO 132�[0m modules: stopped interception
�[34m200918 20:28:41.844 dules/stop:098 ▶ INFO 133�[0m modules: stopped network
�[34m200918 20:28:41.844 dules/stop:098 ▶ INFO 134�[0m modules: stopped processes
�[34m200918 20:28:41.844 dules/stop:098 ▶ INFO 135�[0m modules: stopped profiles
�[34m200918 20:28:41.844 dules/stop:098 ▶ INFO 136�[0m modules: stopped updates
�[34m200918 20:28:41.844 dules/stop:098 ▶ INFO 137�[0m modules: stopped base
�[34m200918 20:28:41.844 dules/stop:098 ▶ INFO 138�[0m modules: stopped config
�[34m200918 20:28:41.844 dules/stop:098 ▶ INFO 139�[0m modules: stopped database
�[34m200918 20:28:41.856 dules/stop:098 ▶ INFO 140�[0m modules: stopped rng
�[34m200918 20:28:41.856 dules/stop:052 ▶ INFO 141�[0m modules: shutdown completed
�[34m200918 20:28:41.866 ◀ EOF�[0m

Next Logname: 2020-09-18-18-28-52.log

�NJ{"Created":1600453732,"Modified":1600453732,"Expires":1603045732,"Deleted":0}S
executing core/portmaster-core version 0.5.4 on linux amd64
�[34m200918 20:28:52.329 ▶ BOF�[0m
�[34m200918 20:28:52.329 ules/start:089 ▶ INFO 001�[0m modules: initiating...
�[34m200918 20:28:52.329 ules/start:186 ▶ INFO 002�[0m modules: started database
�[31m200918 20:28:52.329 e/asm_amd6:1373 ▶ ERRO 003�[0m modules: tasks should only be started when the module is online or starting
�[34m200918 20:28:52.330 ules/start:186 ▶ INFO 004�[0m modules: started config
�[34m200918 20:28:52.332 ules/start:186 ▶ INFO 005�[0m modules: started rng
�[34m200918 20:28:52.332 ules/start:186 ▶ INFO 006�[0m modules: started base
�[34m200918 20:28:52.332 ules/start:186 ▶ INFO 007�[0m modules: started subsystems
�[34m200918 20:28:52.332 ules/start:098 ▶ INFO 008�[0m modules: initiated subsystems manager
�[34m200918 20:28:52.432 dules/mgmt:070 ▶ INFO 009�[0m modules: managing changes
�[34m200918 20:28:52.432 ules/start:186 ▶ INFO 010�[0m modules: started netenv
�[34m200918 20:28:52.432 ules/start:186 ▶ INFO 011�[0m modules: started api
�[34m200918 20:28:52.432 ules/start:186 ▶ INFO 012�[0m modules: started notifications
�[34m200918 20:28:52.432 api/router:062 ▶ INFO 013�[0m api: starting to listen on 127.0.0.1:817
�[34m200918 20:28:52.443 ules/start:186 ▶ INFO 014�[0m modules: started updates
�[34m200918 20:28:52.443 ules/start:186 ▶ INFO 015�[0m modules: started geoip
�[34m200918 20:28:52.443 ules/start:186 ▶ INFO 016�[0m modules: started ui
�[34m200918 20:28:52.444 ules/start:186 ▶ INFO 017�[0m modules: started status
�[33m200918 20:28:52.447 ment_linux:144 ▶ WARN 018�[0m environment: could not get nameservers from dbus: No such interface “org.freedesktop.DBus.Properties” on object at path /
�[34m200918 20:28:52.447 /resolvers:248 ▶ INFO 019�[0m resolver: no local resolvers loaded
�[34m200918 20:28:52.447 /resolvers:258 ▶ INFO 020�[0m resolver: no system/network-assigned resolvers loaded
�[34m200918 20:28:52.447 /resolvers:272 ▶ INFO 021�[0m resolver: no scopes loaded
�[34m200918 20:28:52.447 ules/start:186 ▶ INFO 022�[0m modules: started resolver
�[34m200918 20:28:52.462 ules/start:186 ▶ INFO 023�[0m modules: started profiles
�[34m200918 20:28:52.462 ules/start:186 ▶ INFO 024�[0m modules: started processes
�[34m200918 20:28:52.462 ules/start:186 ▶ INFO 025�[0m modules: started network
�[34m200918 20:28:52.507 ules/start:186 ▶ INFO 026�[0m modules: started filterlists
�[34m200918 20:28:52.507 ules/start:186 ▶ INFO 027�[0m modules: started intel
�[34m200918 20:28:52.535 ules/start:186 ▶ INFO 028�[0m modules: started interception
�[34m200918 20:28:52.535 ules/start:186 ▶ INFO 029�[0m modules: started core
�[34m200918 20:28:52.535 ules/start:186 ▶ INFO 030�[0m modules: started nameserver
�[34m200918 20:28:52.535 ules/start:186 ▶ INFO 031�[0m modules: started filter
�[34m200918 20:28:52.535 dules/mgmt:088 ▶ INFO 032�[0m modules: finished managing
�[34m200918 20:28:52.544 connection:207 ▶ INFO 033�[0m filter: granting connection Unknown::-1 -> 127.0.0.1, special grant for connectivity domain during network bootstrap
�[34m200918 20:28:52.545 ine-status:194 ▶ INFO 034�[0m netenv: setting online status to SemiOnline (dns check query failed)
�[34m200918 20:28:52.552 les/worker:100 ▶ INFO 035�[0m nameserver: service-worker dns resolver requested restart: stopped conflicting name service with pid 9748 - restarting now
�[34m200918 20:28:52.883 d-response:051 ▶ INFO 036�[0m api request: 127.0.0.1:50860 HIJ /api/database/v1
�[34m200918 20:28:52.883 i/database:084 ▶ INFO 037�[0m api request: init websocket 127.0.0.1:50860 /api/database/v1
�[34m200918 20:28:52.885 d-response:051 ▶ INFO 038�[0m api request: 127.0.0.1:50862 HIJ /api/database/v1
�[34m200918 20:28:52.885 i/database:084 ▶ INFO 039�[0m api request: init websocket 127.0.0.1:50862 /api/database/v1
�[34m200918 20:28:52.901 d-response:051 ▶ INFO 040�[0m api request: 127.0.0.1:50866 HIJ /api/database/v1
�[34m200918 20:28:52.901 d-response:051 ▶ INFO 041�[0m api request: 127.0.0.1:50868 HIJ /api/database/v1
�[34m200918 20:28:52.901 i/database:084 ▶ INFO 042�[0m api request: init websocket 127.0.0.1:50866 /api/database/v1
�[34m200918 20:28:52.901 i/database:084 ▶ INFO 043�[0m api request: init websocket 127.0.0.1:50868 /api/database/v1
�[34m200918 20:28:52.902 d-response:051 ▶ INFO 044�[0m api request: 127.0.0.1:50864 HIJ /api/database/v1
�[34m200918 20:28:52.903 i/database:084 ▶ INFO 045�[0m api request: init websocket 127.0.0.1:50864 /api/database/v1
�[34m200918 20:28:52.906 d-response:051 ▶ INFO 046�[0m api request: 127.0.0.1:50870 HIJ /api/database/v1
�[34m200918 20:28:52.906 i/database:084 ▶ INFO 047�[0m api request: init websocket 127.0.0.1:50870 /api/database/v1
�[33m200918 20:28:58.039 tel/entity:170 ▶ WARN 048�[0m intel: failed to resolve IP 192.168.2.104: failed to resolve 104.2.168.192.in-addr.arpa.PTR: query was blocked: no compliant resolvers for this query
�[34m200918 20:28:58.039 connection:235 ▶ INFO 049�[0m filter: dropping connection Unknown::-1 <- 192.168.2.104, endpoint is not allowed (incoming is always default=block)
�[33m200918 20:29:01.455 tel/entity:170 ▶ WARN 050�[0m intel: failed to resolve IP 192.168.2.127: failed to resolve 127.2.168.192.in-addr.arpa.PTR: query was blocked: no compliant resolvers for this query
�[34m200918 20:29:01.455 connection:235 ▶ INFO 051�[0m filter: dropping connection Unknown::-1 <- 192.168.2.127, endpoint is not allowed (incoming is always default=block)
�[33m200918 20:29:01.543 tel/entity:170 ▶ WARN 052�[0m intel: failed to resolve IP 192.168.2.127: failed to resolve 127.2.168.192.in-addr.arpa.PTR: query was blocked: no compliant resolvers for this query
�[34m200918 20:29:01.543 connection:235 ▶ INFO 053�[0m filter: dropping connection Unknown::-1 <- 192.168.2.127, endpoint is not allowed (incoming is always default=block)
�[34m200918 20:29:02.470 all/master:084 ▶ INFO 054 [2x]�[0m filter: granting own connection root:/var/lib/portmaster/updates/linux_amd64/core/portmaster-core_v0-5-4:9804 to updates.safing.io. (<nil>)
�[34m200918 20:29:02.475 all/master:084 ▶ INFO 055�[0m filter: granting own connection root:/var/lib/portmaster/updates/linux_amd64/core/portmaster-core_v0-5-4:9804 to updates.safing.io. (116.203.130.137)
�[34m200918 20:29:02.565 r/updating:077 ▶ INFO 056�[0m updates: updated index stable.json
�[34m200918 20:29:02.582 r/updating:077 ▶ INFO 057�[0m updates: updated index beta.json
�[34m200918 20:29:02.601 r/updating:077 ▶ INFO 058�[0m updates: updated index all/intel/intel.json
�[34m200918 20:29:02.601 r/updating:108 ▶ INFO 059�[0m updates: everything up to date
�[34m200918 20:29:02.613 s/upgrader:200 ▶ INFO 060�[0m updates: upgraded /var/lib/portmaster/portmaster-start
�[33m200918 20:29:04.039 tel/entity:170 ▶ WARN 061�[0m intel: failed to resolve IP 192.168.2.104: failed to resolve 104.2.168.192.in-addr.arpa.PTR: query was blocked: no compliant resolvers for this query
�[34m200918 20:29:04.039 connection:235 ▶ INFO 062�[0m filter: dropping connection Unknown::-1 <- 192.168.2.104, endpoint is not allowed (incoming is always default=block)
�[33m200918 20:29:09.447 ore/events:037 ▶ WARN 063�[0m core: user requested shutdown
�[33m200918 20:29:09.447 dules/stop:043 ▶ WARN 064�[0m modules: starting shutdown...
�[34m200918 20:29:09.447 dules/stop:098 ▶ INFO 065�[0m modules: stopped filter
�[34m200918 20:29:09.447 dules/stop:098 ▶ INFO 066�[0m modules: stopped intel
�[34m200918 20:29:09.447 dules/stop:098 ▶ INFO 067�[0m modules: stopped geoip
�[34m200918 20:29:09.447 dules/stop:098 ▶ INFO 068�[0m modules: stopped nameserver
�[34m200918 20:29:09.447 dules/stop:098 ▶ INFO 069�[0m modules: stopped filterlists
�[34m200918 20:29:09.447 dules/stop:098 ▶ INFO 070�[0m modules: stopped core
�[34m200918 20:29:09.447 dules/stop:098 ▶ INFO 071�[0m modules: stopped ui
�[34m200918 20:29:09.447 dules/stop:098 ▶ INFO 072�[0m modules: stopped resolver
�[34m200918 20:29:09.449 dules/stop:098 ▶ INFO 073�[0m modules: stopped status
�[34m200918 20:29:09.449 dules/stop:098 ▶ INFO 074�[0m modules: stopped api
�[34m200918 20:29:09.449 dules/stop:098 ▶ INFO 075�[0m modules: stopped netenv
�[34m200918 20:29:09.450 dules/stop:098 ▶ INFO 076�[0m modules: stopped subsystems
�[34m200918 20:29:09.450 dules/stop:098 ▶ INFO 077�[0m modules: stopped notifications
�[34m200918 20:29:09.519 dules/stop:098 ▶ INFO 078�[0m modules: stopped interception
�[34m200918 20:29:09.519 dules/stop:098 ▶ INFO 079�[0m modules: stopped network
�[34m200918 20:29:09.519 dules/stop:098 ▶ INFO 080�[0m modules: stopped processes
�[34m200918 20:29:09.519 dules/stop:098 ▶ INFO 081�[0m modules: stopped profiles
�[34m200918 20:29:09.519 dules/stop:098 ▶ INFO 082�[0m modules: stopped updates
�[34m200918 20:29:09.519 dules/stop:098 ▶ INFO 083�[0m modules: stopped base
�[34m200918 20:29:09.519 dules/stop:098 ▶ INFO 084�[0m modules: stopped config
�[34m200918 20:29:09.519 dules/stop:098 ▶ INFO 085�[0m modules: stopped database
�[34m200918 20:29:09.542 dules/stop:098 ▶ INFO 086�[0m modules: stopped rng
�[34m200918 20:29:09.542 dules/stop:052 ▶ INFO 087�[0m modules: shutdown completed
�[34m200918 20:29:09.552 ◀ EOF�[0m

Stop upgrading portmaster-control in $PATH on linux

This is follow-up issue for safing/portmaster-packaging#1

Also, check if portmaster-control is in path and remove for a couple versions.

Follow-up issue: create new issue to remove portmaster-control purging.

DNS Stats and History

What would you like to be added:

Currently I wasn't able to use NextDNS resolver together with Portmaster. I though it was because I haven't specified port (#147) but it doesn't work even with appending :853.

NextDNS over TLS works by providing unique subdomain to each user. e.g. iamnorthys.dns.nextdns.io. But when I try to set dot://iamnorthys.dns.nextdns.io:853 it does nothing and fallbacks to resolvers specified by DHCP server.

Why is this needed:

It's not killer feature for me. It would be much better if you cold add stats similar to NextDNS.io + improve official blocklists (I think they use the same blocklists used by adblockers in browsers) or let users to load their own blocklists.

This is how NextDNS stats looks like. All I need is Top resolved, Top blocked and Top root domains + the list of queries DNS. I think it is not had to implement (it's just nice UI from some relational database and I suppose you don't collect those data locally now which is the hardest pard of this feature request IMHO) and customers will love it. It saves your customers another 3$ a month for nextdns or similar service and I'm willing to pay for it. I've stopped nextdns subscription just because you don't support it and I prefer portmaster over NextDNS ;)

Certain database entries disappear after some time

Certain database entries, such as core:status/status and the special profiles cannot be loaded via the API anymore after some time. This is somewhat reproducible, but it is unclear if there are certain conditions that cause this.

Update dir permissions

Allow anyone to read updates in order to let a normal user execute the app and notifier.

SPN tab outdated message

It's August already. Someone should update the Arriving here in July message.

Okay, enough of trolling I'm curious what is the current state of SPN. I'm really looking forward to see it working =)

Core Version Info

Name: Portmaster
Version: 0.4.18
Commit: tags/v0.4.18-0-gdefd88d3a0bf4932b9152f8549d5ee39d44c4c51-dirty
Build Options: main.go
Build User: user
Build Host: docker
Build Date: 31.07.2020
Build Source: https://github.com/safing/portmaster

Add mechanisms to clear the DNS cache to portmasterctl

What would you like to be added:

The DNS cache should be clearable, either in full or for specific records. This could be achieved using the following mechanisms, which should be understood as suggestions:

If there are three consecutive requests (without any other in the middle) for the same domain, clear the cache for that domain and make a new request.
If a query for orf.at.clear.portmaster. is made, the dns cache for orf.at. with the same query type is cleared.
If a query for clear.portmaster. is made, the complete dns cache is cleared.
If a query for orf.at.fresh.portmaster is made, the dns cache for orf.at. with the same query type is cleared, a fresh query is run and the results returned (unchanged?).

Before this is implemented, we should also think about potential attacks this could enable. For example, an attacker could circumvent being blocked by just resolving using bad.example.com.fresh.portmaster.. Also, it would be easy to determine if a user is running the Portmaster or not.

Why is this needed:

Developers and system administration often have to wait for updated DNS records to arrive at their machine. This would let them speed up the process.

Slow portmaster restart after portmaster-start release

Checklist:

I'm using the official portmaster release (i.e no custom builds)
I searched for similar/existing issues first.
My issue is not mentioned in the Known Issues section of my OS

What happened:

Since portmaster-start was introduced together with new systemd unit file the systemctl restart portmaster.service takes really long. Let's say 2 minutes.

What you expected to happen:

Portmaster restarts as usually in few seconds.

How to reproduce it (as minimally and precisely as possible):

ubuntu with systemd-resolve, no custom dns stuff + portmaster
systemctl restart portmaster
wait 2 minutes untill restart

Anything else we need to know?:

When I restart portmaster using the restart button in dashboard it takes ~2 seconds.

Environment:

LOGLEVEL=trace
PORTMASTER_ARGS="--experimental-nfqueue"

Portmaster Version:

Name: Portmaster
Version: 0.5.1
Commit: tags/v0.5.1-0-g6ded9b3f8cf9b0bff1ccb310eca3367bd6292d5b
Build Options: main.go
Build User: user
Build Host: docker
Build Date: 10.08.2020
Build Source: https://github.com/safing/portmaster

Operating System:

Windows 7
Windows 8/8.1
Windows 10
Linux

NAME="Ubuntu"
VERSION="20.04.1 LTS (Focal Fossa)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 20.04.1 LTS"
VERSION_ID="20.04"
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
VERSION_CODENAME=focal
UBUNTU_CODENAME=focal

If applicable you can provide related sections from the log files and ensure to remove sensitive or otherwise private information.

Access to nfqueue denied

This issue is the continuation of an existing thread, beginning with this comment: #79 (comment)

The original reporter is @markusressel.

Checklist:

I'm using the official portmaster release (i.e no custom builds)
I searched for similar/existing issues first.
My issue is not mentioned in the Known Issues section of my OS

What happened:
Portmaster was denied access to nfqueue.

200621 23:14:16.975 dules/mgmt:084 ▶ WARN 025 modules: could not start module interception: interception: failed to create nfqueue(IPv4, in): could not create queue: operation not permitted

What you expected to happen:
Portmaster should be able to integrate with Linux by interacting with the nfqueue system.

How to reproduce it (as minimally and precisely as possible):
unknown

Anything else we need to know?:

Environment:

Portmaster Version: latest (0.4.9)

Versions from the `About` page in Portmaster's UI

Operating System:

Windows 7
Windows 8/8.1
Windows 10
Linux
- Please provide the output of cat /etc/os-release

NAME="Manjaro Linux"
ID=manjaro
ID_LIKE=arch
BUILD_ID=rolling
PRETTY_NAME="Manjaro Linux"
ANSI_COLOR="32;2;24;144;200"
HOME_URL="https://manjaro.org/"
DOCUMENTATION_URL="https://wiki.manjaro.org/"
SUPPORT_URL="https://manjaro.org/"
BUG_REPORT_URL="https://bugs.manjaro.org/"
LOGO=manjarolinux

As mentioned in #79 (comment), this also applies to a pure Arch Linux based system.

If applicable you can provide related sections from the log files and ensure to remove sensitive or otherwise private information.

Linux: /var/lib/portmaster/logs
Windows: %PROGRAMDATA%\Portmaster\ļogs

Add Portmaster API authentication bypass/extensions settings

Status: This is an idea and not currently planned. Please comment to tell us how and why you would use this feature so we know how much it is needed and how it would be applied.

What would you like to be added:

Add settings to the Portmaster Core that allow for bypassing/extending the API authentication.

For example, we could have a setting where you can add paths of executables that are also allowed to access the api. This could also support wildcards.

Why is this needed:

In order to deploy 3rd party software that uses the Portmaster API, or if a user just wants to use the UI in their browser instead.

Improve update handling

Right now, updates served within core always prefer the stable/beta release, then the latest that is locally available.
Control, however, always first goes for the locally latest (because most of the time, control should not trigger a download)

To converge these two:

After downloading the new releases, delete all releases that are "newer"
- Note: This allows for downgrading in case a broken update gets released
- Except in dev mode, then always prefer locally latest to stable/beta and never delete any updates

offline installer/install updates from different location

For people with difficult internet-access (censorship, bad internet, expensive internet), an offline installer and the ability to upgrade from a different location (local mirror of updates.safing.io inside a company, USB drive, ...) would be great.

Improve Process Detection

What would you like to be added:

Instead of backing off with individual requests to find the PID of a packet, update the state tables every 5ms when a request is waiting for new data.

Wait for refresh here:

portmaster/network/state/lookup.go

Lines 101 to 106 in fe3b61f

 // we found nothing, we could have been too fast, give the kernel some time to think 

 // back off timer: with 3ms baseWaitTime: 3, 6, 9, 12, 15, 18, 21ms - 84ms in total 

 time.Sleep(time.Duration(i+1) * baseWaitTime) 

 // refetch lists 

 table.updateTables()

Refresh every 5ms here when a request is waiting:

portmaster/network/state/tables.go

Line 8 in fe3b61f

table.fetchOnceAgain.Do(func() {

Currently, only requests that are made at the same time are deduplicated.
This does not yet improve finding the PID of a socket on Linux, we still have to come up with something better for that:

portmaster/network/proc/findpid.go

Line 53 in fe3b61f

func findPID(uid, inode int) (pid int) { //nolint:gocognit // TODO

Why is this needed:

Improves performance while decreasing load.

Update errors not reported by portmaster-start

Checklist:

I'm using the official portmaster release (i.e no custom builds)
I searched for similar/existing issues first.
My issue is not mentioned in the Known Issues section of my OS

What happened:

/var/lib/portmaster/portmaster-start --data /var/lib/portmaster update did not report any errors although it failed to correctly download the required portmaster modules.

What you expected to happen:

The update to either succeed or log an error message. (If failed because of missing permissions, i.e. no sudo).

How to reproduce it (as minimally and precisely as possible):

Download latest installer from safing.io
Stop networking (downloading during install should fail) or export PM_SKIP_DOWNLOAD=yes
Install .dep via dpkg (there should be a warning)
/var/lib/portmaster/updates should not exist
Run the update manually: /var/lib/portmaster/portmaster-start --data /var/lib/portmaster update
/var/lib/portmaster/udpates should exist but does not. (and no error was logged during 5).

Environment:

Portmaster Version:

portmaster-start version

Portmaster Start
version 0.4.1

commit tags/v0.4.17-0-g04c846a0da3df4fc3fda02afdc366c102f447c54
built with go1.14.2 (gc) linux/amd64
  using options 
  by user@docker
  on 24.07.2020

Licensed under the AGPLv3 license.
The source code is available here: https://github.com/safing/portmaster

Operating System:

Windows 7
Windows 8/8.1
Windows 10
Linux
- latest Ubuntu 20.04

Let core upgrade control

Moving the upgrade process of portmaster-control from itself to portmaster-core will make upgrades more predictable and stable.
Also, reducing logic inside portmaster-control is always good, as this reduces the amount of upgrades needed.

Change `string list` to `oneof`

What would you like to be changed:

Change the external option type string list to oneof. This way it's more generic and can even be used on other option types as well.

Why is this needed:

Currently some string option types are marked as string list which causes some confusion as the UI is meant to display some kind of select box. The term string list is even more confusing when thinking about our string array option type.

Additional Notes:

While doing that we should also switch the external option type to a dedicated type (string alias) and provide constants for them:

type OptionHint string
const (
    SecurityLevel OptionHint = "security level"
    FilterList    OptionHint = "filter list"
    OneOf         OptionHint = "one of"
)

restart default dns-resolver after closing Portmaster

What happened:
After closing Portmaster, the DNS-Resolver is not restarted and therefore Name-Resolution doesn't work until you do a sudo systemctl restart systemd-resolved.

What you expected to happen:
The Linux-internal DNS-Resolver (which is made non-working by portmaster) is restored into a working state when closing Portmaster.

How to reproduce it (as minimally and precisely as possible):
Open Portmaster, shutdown Portmaster, open a Website.

Environment:
Portmaster Version: v0.4.10 custom build

Operating System: Linux Mint 19.1 Cinnamon

DNS not working at all

Checklist:

I'm using the official portmaster release (i.e no custom builds)
I searched for similar/existing issues first.
My issue is not mentioned in the Known Issues section of my OS

What happened:

Today I had troubles with connecting to hotel wifi so I used my phone for share internet to my laptop. DNS query timeouted and second call returned result in ~3 seconds. I couldn't figure out what's happening and I didn't find the negative cache problem in log mentioned in comments of #87. Ping was replying in ~30s with bigger jitter (100ms) caused by ~5% packet loss. I've decided it doesn't make sence to do anything so I went to the office while having laptop suspended.

In the office the DNS didn't work at all. I didn't get a single response after 3 same dig calls which should clear the cache for given domain. There is not captive portal, no enterprise stuff. Regular home router from T-Mobile. I tried to stop docker and restarted portmaster. Didn't help. Ping was working all the time though.

What you expected to happen:

My networking is working as perfectly as it does with stopped portmaster.

How to reproduce it (as minimally and precisely as possible):

I don't know, but I can make a trip to Vienna with my laptop! :D

Anything else we need to know?:

Environment:

LOGLEVEL=trace
PORTMASTER_ARGS="--experimental-nfqueue"

Portmaster Version:

Name: Portmaster
Version: 0.5.1
Commit: tags/v0.5.1-0-g6ded9b3f8cf9b0bff1ccb310eca3367bd6292d5b
Build Options: main.go
Build User: user
Build Host: docker
Build Date: 10.08.2020
Build Source: https://github.com/safing/portmaster

Operating System:

Windows 7
Windows 8/8.1
Windows 10
Linux

NAME="Ubuntu"
VERSION="20.04.1 LTS (Focal Fossa)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 20.04.1 LTS"
VERSION_ID="20.04"
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
VERSION_CODENAME=focal
UBUNTU_CODENAME=focal

If applicable you can provide related sections from the log files and ensure to remove sensitive or otherwise private information.


northys at northys-laptop in ~/c/b/docker-browserless (master|✔)
» ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=119 time=132 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=119 time=49.8 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=119 time=28.8 ms
^C
--- 8.8.8.8 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2001ms
rtt min/avg/max/mdev = 28.800/70.251/132.114/44.578 ms


northys at northys-laptop in ~/c/b/docker-browserless (master|✔)
» dig google.com

; <<>> DiG 9.16.1-Ubuntu <<>> google.com
;; global options: +cmd
;; connection timed out; no servers could be reached


logs produced between dig start and timeout:
srp 12 11:45:46 northys-laptop portmaster-start[190748]: 200812 11:45:46.183 work/clean:082 ▶ TRAC 632 network.clean: deleted tree/1370/ntp.ubuntu.com./17-192.168.8.165-39823-91.189.89.198-123 (ended at 2020-08-12 11:40:41 +0200 CEST)
srp 12 11:45:46 northys-laptop portmaster-start[190748]: 200812 11:45:46.183 work/clean:082 ▶ TRAC 633 network.clean: deleted tree/-1/PL/2-192.168.8.165-224.0.0.22 (ended at 2020-08-12 11:40:41 +0200 CEST)
srp 12 11:45:47 northys-laptop portmaster-start[190748]: 200812 11:45:47.606 exp/nfqexp:080 ▶ TRAC 634 nfqexp: queued packet 54 (::1 -> ::1) after 53.054µs
srp 12 11:45:47 northys-laptop portmaster-start[190748]: 200812 11:45:47.606 exp/nfqexp:080 ▶ TRAC 635 nfqexp: queued packet 1191 (127.0.0.1 -> 127.0.0.1) after 58.361µs
srp 12 11:45:47 northys-laptop portmaster-start[190748]: 200812 11:45:47.606 exp/nfqexp:080 ▶ TRAC 636 nfqexp: queued packet 1192 (127.0.0.1 -> 127.0.0.53) after 20.198µs
srp 12 11:45:47 northys-laptop portmaster-start[190748]: 200812 11:45:47.694 connection:106 ▶ DEBU 637 network: failed to find process of packet OUT UDP ::1:57203 <-> ::1:57203: could not find connection in system state tables
srp 12 11:45:47 northys-laptop portmaster-start[190748]: 200812 11:45:47.695 oip/lookup:052 ▶ TRAC 638 geoip: record: &{Continent:{Code:} Country:{ISOCode:} Coordinates:{AccuracyRadius:0 Latitude:0 Longitude:0} AutonomousSystemNumber:0 AutonomousSystemOrganization:}
srp 12 11:45:47 northys-laptop portmaster-start[190748]: 200812 11:45:47.695 connection:207 ▶ INFO 639 filter: granting connection Unknown::-1 -> ::1, endpoint is not blacklisted (default=permit)
srp 12 11:45:47 northys-laptop portmaster-start[190748]: 200812 11:45:47.706 exp/packet:087 ▶ TRAC 640 nfqexp: marking packet 54 (::1 -> ::1) on queue 17060 with AcceptAlways after 100.856214ms
srp 12 11:45:47 northys-laptop portmaster-start[190748]: 200812 11:45:47.695 terception:224 ▶ TRAC 641 filter: starting decision process Σ=88.831575ms
srp 12 11:45:47 northys-laptop portmaster-start[190748]:             6.009µs terception:174 ▶ TRAC     filter: handling packet: OUT UDP ::1:57203 <-> ::1:57203
srp 12 11:45:47 northys-laptop portmaster-start[190748]:         88.568594ms ocess/find:019 ▶ TRAC     process: getting pid from system network state
srp 12 11:45:47 northys-laptop portmaster-start[190748]:            98.785µs ocess/find:023 ▶ DEBU     process: failed to find PID of connection: could not find connection in system state tables
srp 12 11:45:47 northys-laptop portmaster-start[190748]:           130.986µs terception:183 ▶ TRAC     filter: created new connection 17-::1-57203-::1-57203
srp 12 11:45:47 northys-laptop portmaster-start[190748]:            27.201µs terception:192 ▶ TRAC     filter: [initial handler]
srp 12 11:45:47 northys-laptop portmaster-start[190748]: 200812 11:45:47.783 connection:106 ▶ DEBU 642 network: failed to find process of packet OUT UDP 127.0.0.1:34588 <-> 127.0.0.1:34588: could not find connection in system state tables
srp 12 11:45:47 northys-laptop portmaster-start[190748]: 200812 11:45:47.783 terception:113 ▶ DEBU 643 accepting local dns: OUT UDP 127.0.0.1:59733 <-> 127.0.0.53:53
srp 12 11:45:47 northys-laptop portmaster-start[190748]: 200812 11:45:47.784 oip/lookup:052 ▶ TRAC 644 geoip: record: &{Continent:{Code:} Country:{ISOCode:} Coordinates:{AccuracyRadius:0 Latitude:0 Longitude:0} AutonomousSystemNumber:0 AutonomousSystemOrganization:}
srp 12 11:45:47 northys-laptop portmaster-start[190748]: 200812 11:45:47.784 connection:207 ▶ INFO 645 filter: granting connection Unknown::-1 -> 127.0.0.1, endpoint is not blacklisted (default=permit)
srp 12 11:45:47 northys-laptop portmaster-start[190748]: 200812 11:45:47.807 exp/packet:087 ▶ TRAC 646 nfqexp: marking packet 1192 (127.0.0.1 -> 127.0.0.53) on queue 17040 with AcceptAlways after 201.495538ms
srp 12 11:45:47 northys-laptop portmaster-start[190748]: 200812 11:45:47.807 exp/packet:087 ▶ TRAC 647 nfqexp: marking packet 1191 (127.0.0.1 -> 127.0.0.1) on queue 17040 with AcceptAlways after 201.676707ms
srp 12 11:45:47 northys-laptop portmaster-start[190748]: 200812 11:45:47.783 terception:224 ▶ TRAC 648 filter: starting decision process Σ=88.873154ms
srp 12 11:45:47 northys-laptop portmaster-start[190748]:            19.588µs terception:174 ▶ TRAC     filter: handling packet: OUT UDP 127.0.0.1:34588 <-> 127.0.0.1:34588
srp 12 11:45:47 northys-laptop portmaster-start[190748]:         88.630521ms ocess/find:019 ▶ TRAC     process: getting pid from system network state
srp 12 11:45:47 northys-laptop portmaster-start[190748]:            97.538µs ocess/find:023 ▶ DEBU     process: failed to find PID of connection: could not find connection in system state tables
srp 12 11:45:47 northys-laptop portmaster-start[190748]:            96.203µs terception:183 ▶ TRAC     filter: created new connection 17-127.0.0.1-34588-127.0.0.1-34588
srp 12 11:45:47 northys-laptop portmaster-start[190748]:            29.304µs terception:192 ▶ TRAC     filter: [initial handler]
srp 12 11:45:47 northys-laptop portmaster-start[190748]: 200812 11:45:47.866 tel/entity:280 ▶ TRAC 649 intel: CNAME filtering enabled, checking [] too
srp 12 11:45:47 northys-laptop portmaster-start[190748]: 200812 11:45:47.866 tel/entity:297 ▶ TRAC 650 intel: loading domain list for google.com.
srp 12 11:45:47 northys-laptop portmaster-start[190748]: 200812 11:45:47.866 connection:207 ▶ INFO 651 filter: granting connection northys:/usr/bin/dig:195199 to google.com. (<nil>), endpoint is not blacklisted (default=permit)
srp 12 11:45:48 northys-laptop portmaster-start[190748]: 200812 11:45:48.720 tel/entity:280 ▶ TRAC 652 intel: CNAME filtering enabled, checking [] too
srp 12 11:45:48 northys-laptop portmaster-start[190748]: 200812 11:45:48.720 tel/entity:297 ▶ TRAC 653 intel: loading domain list for connectivity-check.ubuntu.com.
srp 12 11:45:48 northys-laptop portmaster-start[190748]: 200812 11:45:48.720 tel/entity:297 ▶ TRAC 654 intel: loading domain list for ubuntu.com.
srp 12 11:45:48 northys-laptop portmaster-start[190748]: 200812 11:45:48.720 connection:207 ▶ INFO 655 filter: granting connection systemd-resolve:/usr/lib/systemd/systemd-resolved:191003 to connectivity-check.ubuntu.com. (<nil>), endpoint is not blacklisted (default=permit)
srp 12 11:45:48 northys-laptop portmaster-start[190748]: 200812 11:45:48.720 tel/entity:280 ▶ TRAC 656 intel: CNAME filtering enabled, checking [] too
srp 12 11:45:48 northys-laptop portmaster-start[190748]: 200812 11:45:48.720 tel/entity:297 ▶ TRAC 657 intel: loading domain list for connectivity-check.ubuntu.com.
srp 12 11:45:48 northys-laptop portmaster-start[190748]: 200812 11:45:48.720 tel/entity:297 ▶ TRAC 658 intel: loading domain list for ubuntu.com.
srp 12 11:45:48 northys-laptop portmaster-start[190748]: 200812 11:45:48.720 connection:207 ▶ INFO 659 filter: granting connection systemd-resolve:/usr/lib/systemd/systemd-resolved:191003 to connectivity-check.ubuntu.com. (<nil>), endpoint is not blacklisted (default=permit)
srp 12 11:45:49 northys-laptop portmaster-start[190748]: 200812 11:45:49.275 exp/nfqexp:080 ▶ TRAC 660 nfqexp: queued packet 117 (192.168.8.152 -> 192.168.8.255) after 39.328µs
srp 12 11:45:49 northys-laptop portmaster-start[190748]: 200812 11:45:49.276 exp/packet:087 ▶ TRAC 661 nfqexp: marking packet 117 (192.168.8.152 -> 192.168.8.255) on queue 17140 with DropAlways after 354.208µs
srp 12 11:45:49 northys-laptop portmaster-start[190748]: 200812 11:45:49.276 exp/nfqexp:080 ▶ TRAC 662 nfqexp: queued packet 118 (192.168.8.152 -> 224.0.0.251) after 36.413µs
srp 12 11:45:49 northys-laptop portmaster-start[190748]: 200812 11:45:49.276 exp/nfqexp:080 ▶ TRAC 663 nfqexp: queued packet 119 (192.168.8.152 -> 224.0.0.251) after 20.738µs
srp 12 11:45:49 northys-laptop portmaster-start[190748]: 200812 11:45:49.276 exp/packet:087 ▶ TRAC 664 nfqexp: marking packet 118 (192.168.8.152 -> 224.0.0.251) on queue 17140 with DropAlways after 330.621µs
srp 12 11:45:49 northys-laptop portmaster-start[190748]: 200812 11:45:49.327 exp/packet:076 ▶ WARN 665 nfqexp: failed to set verdict DropAlways for 119 (192.168.8.152 -> 224.0.0.251): netlink send: sendmsg: i/o timeout
srp 12 11:45:49 northys-laptop portmaster-start[190748]: 200812 11:45:49.377 exp/packet:087 ▶ TRAC 666 nfqexp: marking packet 119 (192.168.8.152 -> 224.0.0.251) on queue 17140 with DropAlways after 100.543137ms
srp 12 11:45:49 northys-laptop portmaster-start[190748]: 200812 11:45:49.991 exp/nfqexp:080 ▶ TRAC 667 nfqexp: queued packet 120 (192.168.8.152 -> 192.168.8.255) after 12.661µs
srp 12 11:45:50 northys-laptop portmaster-start[190748]: 200812 11:45:50.041 exp/packet:076 ▶ WARN 668 nfqexp: failed to set verdict DropAlways for 120 (192.168.8.152 -> 192.168.8.255): netlink send: sendmsg: i/o timeout
srp 12 11:45:50 northys-laptop portmaster-start[190748]: 200812 11:45:50.091 exp/packet:076 ▶ WARN 669 nfqexp: failed to set verdict DropAlways for 120 (192.168.8.152 -> 192.168.8.255): netlink send: sendmsg: i/o timeout
srp 12 11:45:50 northys-laptop portmaster-start[190748]: 200812 11:45:50.142 exp/packet:076 ▶ WARN 670 nfqexp: failed to set verdict DropAlways for 120 (192.168.8.152 -> 192.168.8.255): netlink send: sendmsg: i/o timeout
srp 12 11:45:50 northys-laptop portmaster-start[190748]: 200812 11:45:50.192 exp/packet:076 ▶ WARN 671 nfqexp: failed to set verdict DropAlways for 120 (192.168.8.152 -> 192.168.8.255): netlink send: sendmsg: i/o timeout
srp 12 11:45:50 northys-laptop portmaster-start[190748]: 200812 11:45:50.243 exp/packet:087 ▶ TRAC 672 nfqexp: marking packet 120 (192.168.8.152 -> 192.168.8.255) on queue 17140 with DropAlways after 252.095715ms
srp 12 11:45:50 northys-laptop portmaster-start[190748]: 200812 11:45:50.261 exp/nfqexp:080 ▶ TRAC 673 nfqexp: queued packet 1193 (10.10.0.20 -> 10.10.0.3) after 27.32µs
srp 12 11:45:50 northys-laptop portmaster-start[190748]: 200812 11:45:50.279 oip/lookup:052 ▶ TRAC 674 geoip: record: &{Continent:{Code:} Country:{ISOCode:} Coordinates:{AccuracyRadius:0 Latitude:0 Longitude:0} AutonomousSystemNumber:0 AutonomousSystemOrganization:}
srp 12 11:45:50 northys-laptop portmaster-start[190748]: 200812 11:45:50.279 connection:207 ▶ INFO 675 filter: granting connection northys:/usr/bin/nextcloud:2989 -> 10.10.0.3, endpoint is not blacklisted (default=permit)
srp 12 11:45:50 northys-laptop portmaster-start[190748]: 200812 11:45:50.299 exp/nfqexp:080 ▶ TRAC 676 nfqexp: queued packet 121 (192.168.8.152 -> 224.0.0.251) after 23.683µs
srp 12 11:45:50 northys-laptop portmaster-start[190748]: 200812 11:45:50.299 exp/nfqexp:080 ▶ TRAC 677 nfqexp: queued packet 122 (192.168.8.152 -> 224.0.0.251) after 44.713µs
srp 12 11:45:50 northys-laptop portmaster-start[190748]: 200812 11:45:50.299 exp/packet:087 ▶ TRAC 678 nfqexp: marking packet 121 (192.168.8.152 -> 224.0.0.251) on queue 17140 with DropAlways after 271.832µs
srp 12 11:45:50 northys-laptop portmaster-start[190748]: 200812 11:45:50.312 exp/packet:087 ▶ TRAC 679 nfqexp: marking packet 1193 (10.10.0.20 -> 10.10.0.3) on queue 17040 with AcceptAlways after 50.330132ms
srp 12 11:45:50 northys-laptop portmaster-start[190748]: 200812 11:45:50.279 terception:224 ▶ TRAC 680 filter: starting decision process Σ=17.451525ms
srp 12 11:45:50 northys-laptop portmaster-start[190748]:            15.294µs terception:174 ▶ TRAC     filter: handling packet: OUT TCP 10.10.0.20:33956 <-> 10.10.0.3:8383
srp 12 11:45:50 northys-laptop portmaster-start[190748]:         17.339447ms ocess/find:019 ▶ TRAC     process: getting pid from system network state
srp 12 11:45:50 northys-laptop portmaster-start[190748]:             6.526µs ss/process:082 ▶ TRAC     process: getting primary process for PID 2989
srp 12 11:45:50 northys-laptop portmaster-start[190748]:            29.491µs ss/profile:017 ▶ TRAC     process: profile already loaded
srp 12 11:45:50 northys-laptop portmaster-start[190748]:            46.847µs terception:183 ▶ TRAC     filter: created new connection 6-10.10.0.20-33956-10.10.0.3-8383
srp 12 11:45:50 northys-laptop portmaster-start[190748]:             13.92µs terception:192 ▶ TRAC     filter: [initial handler]
srp 12 11:45:50 northys-laptop portmaster-start[190748]: 200812 11:45:50.349 exp/packet:076 ▶ WARN 681 nfqexp: failed to set verdict DropAlways for 122 (192.168.8.152 -> 224.0.0.251): netlink send: sendmsg: i/o timeout
srp 12 11:45:50 northys-laptop portmaster-start[190748]: 200812 11:45:50.400 exp/packet:076 ▶ WARN 682 nfqexp: failed to set verdict DropAlways for 122 (192.168.8.152 -> 224.0.0.251): netlink send: sendmsg: i/o timeout
srp 12 11:45:50 northys-laptop portmaster-start[190748]: 200812 11:45:50.450 exp/packet:076 ▶ WARN 683 nfqexp: failed to set verdict DropAlways for 122 (192.168.8.152 -> 224.0.0.251): netlink send: sendmsg: i/o timeout
srp 12 11:45:50 northys-laptop portmaster-start[190748]: 200812 11:45:50.501 exp/packet:076 ▶ WARN 684 nfqexp: failed to set verdict DropAlways for 122 (192.168.8.152 -> 224.0.0.251): netlink send: sendmsg: i/o timeout
srp 12 11:45:50 northys-laptop portmaster-start[190748]: 200812 11:45:50.551 exp/packet:076 ▶ WARN 685 nfqexp: failed to set verdict DropAlways for 122 (192.168.8.152 -> 224.0.0.251): netlink send: sendmsg: i/o timeout
srp 12 11:45:50 northys-laptop portmaster-start[190748]: 200812 11:45:50.602 exp/packet:076 ▶ WARN 686 nfqexp: failed to set verdict DropAlways for 122 (192.168.8.152 -> 224.0.0.251): netlink send: sendmsg: i/o timeout
srp 12 11:45:50 northys-laptop portmaster-start[190748]: 200812 11:45:50.652 exp/packet:076 ▶ WARN 687 nfqexp: failed to set verdict DropAlways for 122 (192.168.8.152 -> 224.0.0.251): netlink send: sendmsg: i/o timeout
srp 12 11:45:50 northys-laptop portmaster-start[190748]: 200812 11:45:50.702 exp/packet:076 ▶ WARN 688 nfqexp: failed to set verdict DropAlways for 122 (192.168.8.152 -> 224.0.0.251): netlink send: sendmsg: i/o timeout
srp 12 11:45:50 northys-laptop portmaster-start[190748]: 200812 11:45:50.753 exp/packet:076 ▶ WARN 689 nfqexp: failed to set verdict DropAlways for 122 (192.168.8.152 -> 224.0.0.251): netlink send: sendmsg: i/o timeout
srp 12 11:45:50 northys-laptop portmaster-start[190748]: 200812 11:45:50.803 exp/packet:076 ▶ WARN 690 nfqexp: failed to set verdict DropAlways for 122 (192.168.8.152 -> 224.0.0.251): netlink send: sendmsg: i/o timeout
srp 12 11:45:50 northys-laptop portmaster-start[190748]: 200812 11:45:50.810 exp/packet:087 ▶ TRAC 691 nfqexp: marking packet 122 (192.168.8.152 -> 224.0.0.251) on queue 17140 with DropAlways after 511.078346ms
srp 12 11:45:50 northys-laptop portmaster-start[190748]: 200812 11:45:50.810 exp/nfqexp:080 ▶ TRAC 692 nfqexp: queued packet 123 (192.168.8.152 -> 192.168.8.255) after 49.943µs
srp 12 11:45:50 northys-laptop portmaster-start[190748]: 200812 11:45:50.861 exp/packet:076 ▶ WARN 693 nfqexp: failed to set verdict DropAlways for 123 (192.168.8.152 -> 192.168.8.255): netlink send: sendmsg: i/o timeout
srp 12 11:45:50 northys-laptop portmaster-start[190748]: 200812 11:45:50.911 exp/packet:076 ▶ WARN 694 nfqexp: failed to set verdict DropAlways for 123 (192.168.8.152 -> 192.168.8.255): netlink send: sendmsg: i/o timeout
srp 12 11:45:50 northys-laptop portmaster-start[190748]: 200812 11:45:50.962 exp/packet:076 ▶ WARN 695 nfqexp: failed to set verdict DropAlways for 123 (192.168.8.152 -> 192.168.8.255): netlink send: sendmsg: i/o timeout
srp 12 11:45:51 northys-laptop portmaster-start[190748]: 200812 11:45:51.012 exp/packet:076 ▶ WARN 696 nfqexp: failed to set verdict DropAlways for 123 (192.168.8.152 -> 192.168.8.255): netlink send: sendmsg: i/o timeout
srp 12 11:45:51 northys-laptop portmaster-start[190748]: 200812 11:45:51.063 exp/packet:076 ▶ WARN 697 nfqexp: failed to set verdict DropAlways for 123 (192.168.8.152 -> 192.168.8.255): netlink send: sendmsg: i/o timeout
srp 12 11:45:51 northys-laptop portmaster-start[190748]: 200812 11:45:51.113 exp/packet:076 ▶ WARN 698 nfqexp: failed to set verdict DropAlways for 123 (192.168.8.152 -> 192.168.8.255): netlink send: sendmsg: i/o timeout
srp 12 11:45:51 northys-laptop portmaster-start[190748]: 200812 11:45:51.164 exp/packet:076 ▶ WARN 699 nfqexp: failed to set verdict DropAlways for 123 (192.168.8.152 -> 192.168.8.255): netlink send: sendmsg: i/o timeout
srp 12 11:45:51 northys-laptop portmaster-start[190748]: 200812 11:45:51.164 exp/packet:087 ▶ TRAC 700 nfqexp: marking packet 123 (192.168.8.152 -> 192.168.8.255) on queue 17140 with DropAlways after 353.604829ms
srp 12 11:45:51 northys-laptop portmaster-start[190748]: 200812 11:45:51.183 work/clean:082 ▶ TRAC 701 network.clean: deleted tree/24144/PI/6-192.168.8.165-37174-149.154.167.92-80 (ended at 2020-08-12 11:40:46 +0200 CEST)
srp 12 11:45:51 northys-laptop portmaster-start[190748]: 200812 11:45:51.183 work/clean:095 ▶ TRAC 702 network.clean: deleted tree/80101/mtalk.google.com. (ended at 2020-08-12 11:40:49 +0200 CEST)
srp 12 11:45:52 northys-laptop portmaster-start[190748]: 200812 11:45:52.571 terception:356 ▶ TRAC 703 filter: packets accepted 3, blocked 0, dropped 7, failed 0
srp 12 11:45:52 northys-laptop portmaster-start[190748]: 200812 11:45:52.609 tel/entity:280 ▶ TRAC 704 intel: CNAME filtering enabled, checking [] too
srp 12 11:45:52 northys-laptop portmaster-start[190748]: 200812 11:45:52.609 tel/entity:297 ▶ TRAC 705 intel: loading domain list for google.com.
srp 12 11:45:52 northys-laptop portmaster-start[190748]: 200812 11:45:52.609 connection:207 ▶ INFO 706 filter: granting connection northys:/usr/bin/dig:195199 to google.com. (<nil>), endpoint is not blacklisted (default=permit)
srp 12 11:45:53 northys-laptop portmaster-start[190748]: 200812 11:45:53.655 exp/nfqexp:080 ▶ TRAC 707 nfqexp: queued packet 1194 (192.168.8.165 -> 255.255.255.254) after 24.098µs
srp 12 11:45:53 northys-laptop portmaster-start[190748]: 200812 11:45:53.666 connection:207 ▶ INFO 708 filter: granting connection root:/var/lib/portmaster/updates/linux_amd64/core/portmaster-core_v0-5-1:190909 -> 255.255.255.254, internally approved
srp 12 11:45:53 northys-laptop portmaster-start[190748]: 200812 11:45:53.705 exp/packet:087 ▶ TRAC 709 nfqexp: marking packet 1194 (192.168.8.165 -> 255.255.255.254) on queue 17040 with AcceptAlways after 50.530175ms
srp 12 11:45:53 northys-laptop portmaster-start[190748]: 200812 11:45:53.666 terception:192 ▶ TRAC 710 filter: [initial handler] Σ=10.9236ms
srp 12 11:45:53 northys-laptop portmaster-start[190748]:            19.641µs terception:174 ▶ TRAC     filter: handling packet: OUT TCP 192.168.8.165:57185 <-> 255.255.255.254:80
srp 12 11:45:53 northys-laptop portmaster-start[190748]:         10.772202ms ocess/find:019 ▶ TRAC     process: getting pid from system network state
srp 12 11:45:53 northys-laptop portmaster-start[190748]:            11.031µs ss/process:082 ▶ TRAC     process: getting primary process for PID 190909
srp 12 11:45:53 northys-laptop portmaster-start[190748]:            44.753µs ss/profile:017 ▶ TRAC     process: profile already loaded
srp 12 11:45:53 northys-laptop portmaster-start[190748]:            75.973µs terception:183 ▶ TRAC     filter: created new connection 6-192.168.8.165-57185-255.255.255.254-80
srp 12 11:45:53 northys-laptop portmaster-start[190748]: 200812 11:45:53.970 tel/entity:280 ▶ TRAC 711 intel: CNAME filtering enabled, checking [] too
srp 12 11:45:53 northys-laptop portmaster-start[190748]: 200812 11:45:53.970 tel/entity:297 ▶ TRAC 712 intel: loading domain list for connectivity-check.ubuntu.com.
srp 12 11:45:53 northys-laptop portmaster-start[190748]: 200812 11:45:53.970 tel/entity:297 ▶ TRAC 713 intel: loading domain list for ubuntu.com.
srp 12 11:45:53 northys-laptop portmaster-start[190748]: 200812 11:45:53.970 connection:207 ▶ INFO 714 filter: granting connection systemd-resolve:/usr/lib/systemd/systemd-resolved:191003 to connectivity-check.ubuntu.com. (<nil>), endpoint is not blacklisted (default=permit)
srp 12 11:45:53 northys-laptop portmaster-start[190748]: 200812 11:45:53.970 tel/entity:280 ▶ TRAC 715 intel: CNAME filtering enabled, checking [] too
srp 12 11:45:53 northys-laptop portmaster-start[190748]: 200812 11:45:53.970 tel/entity:297 ▶ TRAC 716 intel: loading domain list for connectivity-check.ubuntu.com.
srp 12 11:45:53 northys-laptop portmaster-start[190748]: 200812 11:45:53.970 tel/entity:297 ▶ TRAC 717 intel: loading domain list for ubuntu.com.
srp 12 11:45:53 northys-laptop portmaster-start[190748]: 200812 11:45:53.970 connection:207 ▶ INFO 718 filter: granting connection systemd-resolve:/usr/lib/systemd/systemd-resolved:191003 to connectivity-check.ubuntu.com. (<nil>), endpoint is not blacklisted (default=permit)
srp 12 11:45:54 northys-laptop portmaster-start[190748]: 200812 11:45:54.655 exp/nfqexp:080 ▶ TRAC 719 nfqexp: queued packet 1195 (127.0.0.1 -> 127.0.0.53) after 43.782µs
srp 12 11:45:54 northys-laptop portmaster-start[190748]: 200812 11:45:54.656 terception:113 ▶ DEBU 720 accepting local dns: OUT UDP 127.0.0.1:46012 <-> 127.0.0.53:53
srp 12 11:45:54 northys-laptop portmaster-start[190748]: 200812 11:45:54.656 exp/nfqexp:080 ▶ TRAC 721 nfqexp: queued packet 1196 (127.0.0.1 -> 127.0.0.53) after 35.008µs
srp 12 11:45:54 northys-laptop portmaster-start[190748]: 200812 11:45:54.656 exp/packet:087 ▶ TRAC 722 nfqexp: marking packet 1195 (127.0.0.1 -> 127.0.0.53) on queue 17040 with AcceptAlways after 445.738µs
srp 12 11:45:54 northys-laptop portmaster-start[190748]: 200812 11:45:54.656 terception:113 ▶ DEBU 723 accepting local dns: OUT UDP 127.0.0.1:46012 <-> 127.0.0.53:53
srp 12 11:45:54 northys-laptop portmaster-start[190748]: 200812 11:45:54.706 exp/packet:087 ▶ TRAC 724 nfqexp: marking packet 1196 (127.0.0.1 -> 127.0.0.53) on queue 17040 with AcceptAlways after 50.382609ms
srp 12 11:45:56 northys-laptop portmaster-start[190748]: 200812 11:45:56.183 work/clean:082 ▶ TRAC 725 network.clean: deleted tree/19100/slack-imgs.com./6-192.168.8.165-43192-99.86.243.114-443 (ended at 2020-08-12 11:40:51 +0200 CEST)
srp 12 11:45:56 northys-laptop portmaster-start[190748]: 200812 11:45:56.183 work/clean:082 ▶ TRAC 726 network.clean: deleted tree/2808/api.openweathermap.org./6-192.168.43.122-33352-188.166.16.132-443 (ended at 2020-08-12 11:40:51 +0200 CEST)
srp 12 11:45:57 northys-laptop portmaster-start[190748]: 200812 11:45:57.614 tel/entity:280 ▶ TRAC 728 intel: CNAME filtering enabled, checking [] too
srp 12 11:45:57 northys-laptop portmaster-start[190748]: 200812 11:45:57.614 tel/entity:297 ▶ TRAC 729 intel: loading domain list for google.com.
srp 12 11:45:57 northys-laptop portmaster-start[190748]: 200812 11:45:57.614 connection:207 ▶ INFO 730 filter: granting connection northys:/usr/bin/dig:195199 to google.com. (<nil>), endpoint is not blacklisted (default=permit)
srp 12 11:45:59 northys-laptop portmaster-start[190748]: 200812 11:45:59.220 tel/entity:280 ▶ TRAC 731 intel: CNAME filtering enabled, checking [] too
srp 12 11:45:59 northys-laptop portmaster-start[190748]: 200812 11:45:59.220 tel/entity:297 ▶ TRAC 732 intel: loading domain list for connectivity-check.ubuntu.com.
srp 12 11:45:59 northys-laptop portmaster-start[190748]: 200812 11:45:59.220 tel/entity:297 ▶ TRAC 733 intel: loading domain list for ubuntu.com.
srp 12 11:45:59 northys-laptop portmaster-start[190748]: 200812 11:45:59.220 connection:207 ▶ INFO 734 filter: granting connection systemd-resolve:/usr/lib/systemd/systemd-resolved:191003 to connectivity-check.ubuntu.com. (<nil>), endpoint is not blacklisted (default=permit)
srp 12 11:45:59 northys-laptop portmaster-start[190748]: 200812 11:45:59.220 tel/entity:280 ▶ TRAC 735 intel: CNAME filtering enabled, checking [] too
srp 12 11:45:59 northys-laptop portmaster-start[190748]: 200812 11:45:59.220 tel/entity:297 ▶ TRAC 736 intel: loading domain list for connectivity-check.ubuntu.com.
srp 12 11:45:59 northys-laptop portmaster-start[190748]: 200812 11:45:59.220 tel/entity:297 ▶ TRAC 737 intel: loading domain list for ubuntu.com.
srp 12 11:45:59 northys-laptop portmaster-start[190748]: 200812 11:45:59.220 connection:207 ▶ INFO 738 filter: granting connection systemd-resolve:/usr/lib/systemd/systemd-resolved:191003 to connectivity-check.ubuntu.com. (<nil>), endpoint is not blacklisted (default=permit)
srp 12 11:46:01 northys-laptop portmaster-start[190748]: 200812 11:46:01.183 work/clean:095 ▶ TRAC 739 network.clean: deleted tree/4971/ssl.gstatic.com. (ended at 2020-08-12 11:40:59 +0200 CEST)
srp 12 11:46:01 northys-laptop portmaster-start[190748]: 200812 11:46:01.183 work/clean:095 ▶ TRAC 740 network.clean: deleted tree/4971/mer.stdout.cz. (ended at 2020-08-12 11:41:00 +0200 CEST)
srp 12 11:46:02 northys-laptop portmaster-start[190748]: 200812 11:46:02.572 terception:356 ▶ TRAC 741 filter: packets accepted 1, blocked 0, dropped 0, failed 0

portmaster-control should only download core

With #2, portmaster-control should only download core and nothing else in order to honor the rights management.
Instead control should wait and poll if app or notifier are not yet available. This only an issue immediately after install.

403 forbidden when accessing control panel from localhost

Checklist:

I'm using the official portmaster release (i.e no custom builds)
I searched for similar/existing issues first.
My issue is not mentioned in the Known Issues section of my OS

What happened:

installed postmaster using deb package downloaded from official website - https://updates.safing.io/latest/linux_amd64/packages/portmaster-installer.deb
opened http://localhost:817/ and got "Forbidden"

curl -vvv http://localhost:817/
*   Trying 127.0.0.1:817...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 817 (#0)
> GET / HTTP/1.1
> Host: localhost:817
> User-Agent: curl/7.68.0
> Accept: */*
> 
* Mark bundle as not supporting multiuse
< HTTP/1.1 403 Forbidden
< Content-Type: text/plain; charset=utf-8
< X-Content-Type-Options: nosniff
< Date: Tue, 02 Jun 2020 23:55:57 GMT
< Content-Length: 10
< 
Forbidden
* Connection #0 to host localhost left intact

What you expected to happen:

See control panel in my browser instead of 403.

How to reproduce it (as minimally and precisely as possible):

Please see What happened and Operating System.

Anything else we need to know?:

I used to use nextdns client which was killed on portmaster startup. I've got notification about it in loop because systemd always started nextdns again so I had to uninstall nextdns client and reboot my computer.

Environment:

Portmaster Version:

I know there is already version v0.4.3 but the official deb package contains 0.3.4 and portmaster-control update returns only 200603 02:06:12.222 ▶ BOF.

# cannot post version summary from control panel because it's not working :)
portmaster-control --ver
0.3.4

Operating System:

Windows 7
Windows 8/8.1
Windows 10
Linux

NAME="Ubuntu"
VERSION="20.04 LTS (Focal Fossa)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 20.04 LTS"
VERSION_ID="20.04"
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
VERSION_CODENAME=focal
UBUNTU_CODENAME=focal

If applicable you can provide related sections from the log files and ensure to remove sensitive or otherwise private information.

jun 03 01:55:57 northys-laptop portmaster-control[1423]: 200603 01:55:57.119 entication:089 ▶ WARN 647 api: denying api access to 127.0.0.1:59560

Change SecurityLevels to string enum

What would you like to be changed:

Instead of using an integer bitmask for security levels consider using a simple string enumeration:

type SecurityLevel string

const (
    SecurityLevelOff     SecurityLevel = "" // default value
    SecurityLevelNormal  SecurityLevel = "normal"
    SecurityLevelHigh    SecurityLevel = "high"
    SecurityLevelExtreme SecurityLevel = "extreme"
)

Why is this needed:

Currently a bitmask is used for security levels because in the old (and obsolete) config system a setting could have been enabled/disabled in each level separately. In the current configuration system the security levels are ordered and higher levels are automatically included in lower levels. That is, SecurityLevelExtreme is always part of SecurityLevelNormal and SecurityLevelHigh. Due to this stacking of levels (they are actually usage-thresholds) there's no need for a bitmask anymore. Instead of this bitmask we could just go with either number (Normal < High < Extreme < Off) or use string constants instead. I'd prefer string constants over integers as it's more easy to reason about them (in the API for example) and to place them into the configuration file (config.json) by hand.

Random unable to connect errors for new domains in firefox

Checklist:

I'm using the official portmaster release (i.e no custom builds)
I searched for similar/existing issues first.
My issue is not mentioned in the Known Issues section of my OS

What happened:

I randomly get Unable to connect error in firefox. Usually when entering new domains and domains I haven't been at for ~ 4 hours.

What you expected to happen:

There are no connection errors.

How to reproduce it (as minimally and precisely as possible):

Ubuntu 20.04, latest portmaster, docker
use latest firefox to browse the internet
the error occurs like every 10 minutes, its not happening with every new domain visited though
when I instantly hit ctrl + r the page loads with no problem

Anything else we need to know?:

I have docker installed and previously I had problem with connection reset error in firefox which was regarding bad routing of IPv6 or something like this. I'm not sure if this is similar problem or if docker has its play in this.

Environment:

Portmaster Version:

Name: Portmaster
Version: 0.4.10
Commit: tags/v0.4.10-0-g2afd9cd1438b6fe71b981938aad734ee3de81e07
Build Options: main.go
Build User: user
Build Host: docker
Build Date: 27.06.2020
Build Source: https://github.com/safing/portmaster

Operating System:

Windows 7
Windows 8/8.1
Windows 10
Linux

NAME="Ubuntu"
VERSION="20.04 LTS (Focal Fossa)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 20.04 LTS"
VERSION_ID="20.04"
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
VERSION_CODENAME=focal
UBUNTU_CODENAME=focal

If applicable you can provide related sections from the log files and ensure to remove sensitive or otherwise private information.

The error happened for domain accounts.hetzner.com

čec 02 14:46:29 northys-laptop portmaster-control[129039]: 200702 14:46:29.561 terception:121 ▶ DEBU 702 accepting local dns: OUT UDP 127.0.0.1:34685 <-> 127.0.0.53:53
čec 02 14:46:29 northys-laptop portmaster-control[129039]: 200702 14:46:29.574 connection:198 ▶ INFO 703 filter: granting connection northys:/usr/lib/firefox/firefox:3730 to dns.hetzner.com. (<nil>), endpoint is not blacklisted (default=permit)
čec 02 14:46:29 northys-laptop portmaster-control[129039]: 200702 14:46:29.575 nameserver:293 ▶ DEBU 704 nameserver: returning response dns.hetzner.com.A to northys:/usr/lib/firefox/firefox:3730
čec 02 14:46:29 northys-laptop portmaster-control[129039]: 200702 14:46:29.587 connection:198 ▶ INFO 705 filter: granting connection northys:/usr/lib/firefox/firefox:3730 to dns.hetzner.com. (159.69.255.131), endpoint is not blacklisted (default=permit)
čec 02 14:46:29 northys-laptop portmaster-control[129039]: 200702 14:46:29.821 terception:121 ▶ DEBU 706 accepting local dns: OUT UDP 127.0.0.1:53856 <-> 127.0.0.53:53
čec 02 14:46:29 northys-laptop portmaster-control[129039]: 200702 14:46:29.821 terception:121 ▶ DEBU 707 accepting local dns: OUT UDP 127.0.0.1:53856 <-> 127.0.0.53:53
čec 02 14:46:29 northys-laptop portmaster-control[129039]: 200702 14:46:29.833 connection:198 ▶ INFO 708 filter: granting connection northys:/usr/lib/firefox/firefox:3730 to accounts.hetzner.com. (<nil>), endpoint is not blacklisted (default=permit)
čec 02 14:46:29 northys-laptop portmaster-control[129039]: 200702 14:46:29.833 nameserver:293 ▶ DEBU 709 nameserver: returning response accounts.hetzner.com.A to northys:/usr/lib/firefox/firefox:3730
čec 02 14:46:29 northys-laptop portmaster-control[129039]: 200702 14:46:29.918 connection:198 ▶ INFO 710 filter: granting connection Unknown::-1 to accounts.hetzner.com. (<nil>), endpoint is not blacklisted (default=permit)
čec 02 14:46:29 northys-laptop portmaster-control[129039]: 200702 14:46:29.918 nameserver:293 ▶ DEBU 711 nameserver: returning response accounts.hetzner.com.AAAA to Unknown::-1
čec 02 14:46:35 northys-laptop portmaster-control[129039]: 200702 14:46:35.422 terception:121 ▶ DEBU 712 accepting local dns: OUT UDP 127.0.0.1:38084 <-> 127.0.0.53:53
čec 02 14:46:35 northys-laptop portmaster-control[129039]: 200702 14:46:35.422 terception:121 ▶ DEBU 713 accepting local dns: OUT UDP 127.0.0.1:38084 <-> 127.0.0.53:53
čec 02 14:46:35 northys-laptop portmaster-control[129039]: 200702 14:46:35.426 connection:198 ▶ INFO 714 filter: granting connection geoclue:/usr/libexec/geoclue:2140 to location.services.mozilla.com. (<nil>), endpoint is not blacklisted (default=permit)
čec 02 14:46:35 northys-laptop portmaster-control[129039]: 200702 14:46:35.426 nameserver:293 ▶ DEBU 715 nameserver: returning response location.services.mozilla.com.AAAA to geoclue:/usr/libexec/geoclue:2140
čec 02 14:46:35 northys-laptop portmaster-control[129039]: 200702 14:46:35.511 connection:198 ▶ INFO 716 filter: granting connection Unknown::-1 to location.services.mozilla.com. (<nil>), endpoint is not blacklisted (default=permit)
čec 02 14:46:35 northys-laptop portmaster-control[129039]: 200702 14:46:35.512 nameserver:293 ▶ DEBU 717 nameserver: returning response location.services.mozilla.com.A to Unknown::-1

Grepped last 60minutes for accounts.hetzner.com:

sudo journalctl -u portmaster.service --since "60 minutes ago" | grep accounts.hetzner.com
čec 02 14:44:09 northys-laptop portmaster-control[129039]: 200702 14:44:09.890 connection:198 ▶ INFO 397 filter: granting connection northys:/usr/lib/firefox/firefox:3730 to accounts.hetzner.com. (<nil>), endpoint is not blacklisted (default=permit)
čec 02 14:44:09 northys-laptop portmaster-control[129039]: 200702 14:44:09.890 nameserver:293 ▶ DEBU 398 nameserver: returning response accounts.hetzner.com.AAAA to northys:/usr/lib/firefox/firefox:3730
čec 02 14:44:09 northys-laptop portmaster-control[129039]: 200702 14:44:09.982 connection:198 ▶ INFO 400 filter: granting connection Unknown::-1 to accounts.hetzner.com. (<nil>), endpoint is not blacklisted (default=permit)
čec 02 14:44:09 northys-laptop portmaster-control[129039]: 200702 14:44:09.982 nameserver:293 ▶ DEBU 401 nameserver: returning response accounts.hetzner.com.A to Unknown::-1
čec 02 14:44:10 northys-laptop portmaster-control[129039]: 200702 14:44:09.996 connection:198 ▶ INFO 402 filter: granting connection northys:/usr/lib/firefox/firefox:3730 to accounts.hetzner.com. (213.133.105.184), endpoint is not blacklisted (default=permit)
čec 02 14:44:10 northys-laptop portmaster-control[129039]: 200702 14:44:10.228 connection:198 ▶ INFO 405 filter: granting connection northys:/usr/lib/firefox/firefox:3730 to accounts.hetzner.com. (<nil>), endpoint is not blacklisted (default=permit)
čec 02 14:44:10 northys-laptop portmaster-control[129039]: 200702 14:44:10.228 nameserver:293 ▶ DEBU 406 nameserver: returning response accounts.hetzner.com.A to northys:/usr/lib/firefox/firefox:3730
čec 02 14:44:10 northys-laptop portmaster-control[129039]: 200702 14:44:10.313 connection:198 ▶ INFO 407 filter: granting connection Unknown::-1 to accounts.hetzner.com. (<nil>), endpoint is not blacklisted (default=permit)
čec 02 14:44:10 northys-laptop portmaster-control[129039]: 200702 14:44:10.314 nameserver:293 ▶ DEBU 408 nameserver: returning response accounts.hetzner.com.AAAA to Unknown::-1
čec 02 14:44:10 northys-laptop portmaster-control[129039]: 200702 14:44:10.383 connection:198 ▶ INFO 409 filter: granting connection northys:/usr/lib/firefox/firefox:3730 to accounts.hetzner.com. (213.133.105.184), endpoint is not blacklisted (default=permit)
čec 02 14:44:10 northys-laptop portmaster-control[129039]: 200702 14:44:10.394 connection:198 ▶ INFO 410 filter: granting connection northys:/usr/lib/firefox/firefox:3730 to accounts.hetzner.com. (213.133.105.184), endpoint is not blacklisted (default=permit)
čec 02 14:44:10 northys-laptop portmaster-control[129039]: 200702 14:44:10.542 connection:198 ▶ INFO 411 filter: granting connection northys:/usr/lib/firefox/firefox:3730 to accounts.hetzner.com. (213.133.105.184), endpoint is not blacklisted (default=permit)
čec 02 14:44:10 northys-laptop portmaster-control[129039]: 200702 14:44:10.552 connection:198 ▶ INFO 412 filter: granting connection northys:/usr/lib/firefox/firefox:3730 to accounts.hetzner.com. (213.133.105.184), endpoint is not blacklisted (default=permit)
čec 02 14:44:10 northys-laptop portmaster-control[129039]: 200702 14:44:10.560 connection:198 ▶ INFO 413 filter: granting connection northys:/usr/lib/firefox/firefox:3730 to accounts.hetzner.com. (213.133.105.184), endpoint is not blacklisted (default=permit)
čec 02 14:44:10 northys-laptop portmaster-control[129039]: 200702 14:44:10.729 connection:198 ▶ INFO 416 filter: granting connection Unknown::-1 to accounts.hetzner.com. (213.133.105.184), endpoint is not blacklisted (default=permit)
čec 02 14:45:16 northys-laptop portmaster-control[129039]: 200702 14:45:16.400 connection:198 ▶ INFO 498 filter: granting connection northys:/usr/lib/firefox/firefox:3730 to accounts.hetzner.com. (<nil>), endpoint is not blacklisted (default=permit)
čec 02 14:45:16 northys-laptop portmaster-control[129039]: 200702 14:45:16.400 nameserver:293 ▶ DEBU 499 nameserver: returning response accounts.hetzner.com.A to northys:/usr/lib/firefox/firefox:3730
čec 02 14:45:16 northys-laptop portmaster-control[129039]: 200702 14:45:16.485 connection:198 ▶ INFO 500 filter: granting connection Unknown::-1 to accounts.hetzner.com. (<nil>), endpoint is not blacklisted (default=permit)
čec 02 14:45:16 northys-laptop portmaster-control[129039]: 200702 14:45:16.485 nameserver:293 ▶ DEBU 501 nameserver: returning response accounts.hetzner.com.AAAA to Unknown::-1
čec 02 14:45:18 northys-laptop portmaster-control[129039]: 200702 14:45:18.003 connection:198 ▶ INFO 511 filter: granting connection northys:/usr/lib/firefox/firefox:3730 to accounts.hetzner.com. (<nil>), endpoint is not blacklisted (default=permit)
čec 02 14:45:18 northys-laptop portmaster-control[129039]: 200702 14:45:18.003 nameserver:293 ▶ DEBU 512 nameserver: returning response accounts.hetzner.com.A to northys:/usr/lib/firefox/firefox:3730
čec 02 14:45:18 northys-laptop portmaster-control[129039]: 200702 14:45:18.088 connection:198 ▶ INFO 513 filter: granting connection Unknown::-1 to accounts.hetzner.com. (<nil>), endpoint is not blacklisted (default=permit)
čec 02 14:45:18 northys-laptop portmaster-control[129039]: 200702 14:45:18.089 nameserver:293 ▶ DEBU 514 nameserver: returning response accounts.hetzner.com.AAAA to Unknown::-1
čec 02 14:45:18 northys-laptop portmaster-control[129039]: 200702 14:45:18.127 connection:198 ▶ INFO 515 filter: granting connection northys:/usr/lib/firefox/firefox:3730 to accounts.hetzner.com. (213.133.105.184), endpoint is not blacklisted (default=permit)
čec 02 14:45:24 northys-laptop portmaster-control[129039]: 200702 14:45:24.094 connection:198 ▶ INFO 568 filter: granting connection northys:/usr/lib/firefox/firefox:3730 to accounts.hetzner.com. (213.133.105.184), endpoint is not blacklisted (default=permit)
čec 02 14:45:24 northys-laptop portmaster-control[129039]: 200702 14:45:24.102 connection:198 ▶ INFO 570 filter: granting connection northys:/usr/lib/firefox/firefox:3730 to accounts.hetzner.com. (213.133.105.184), endpoint is not blacklisted (default=permit)
čec 02 14:45:24 northys-laptop portmaster-control[129039]: 200702 14:45:24.109 connection:198 ▶ INFO 571 filter: granting connection northys:/usr/lib/firefox/firefox:3730 to accounts.hetzner.com. (<nil>), endpoint is not blacklisted (default=permit)
čec 02 14:45:24 northys-laptop portmaster-control[129039]: 200702 14:45:24.109 nameserver:293 ▶ DEBU 572 nameserver: returning response accounts.hetzner.com.A to northys:/usr/lib/firefox/firefox:3730
čec 02 14:45:24 northys-laptop portmaster-control[129039]: 200702 14:45:24.118 connection:198 ▶ INFO 573 filter: granting connection northys:/usr/lib/firefox/firefox:3730 to accounts.hetzner.com. (213.133.105.184), endpoint is not blacklisted (default=permit)
čec 02 14:45:24 northys-laptop portmaster-control[129039]: 200702 14:45:24.126 connection:198 ▶ INFO 574 [2x] filter: granting connection northys:/usr/lib/firefox/firefox:3730 to accounts.hetzner.com. (213.133.105.184), endpoint is not blacklisted (default=permit)
čec 02 14:45:24 northys-laptop portmaster-control[129039]: 200702 14:45:24.367 connection:198 ▶ INFO 577 filter: granting connection Unknown::-1 to accounts.hetzner.com. (213.133.105.184), endpoint is not blacklisted (default=permit)
čec 02 14:46:29 northys-laptop portmaster-control[129039]: 200702 14:46:29.833 connection:198 ▶ INFO 708 filter: granting connection northys:/usr/lib/firefox/firefox:3730 to accounts.hetzner.com. (<nil>), endpoint is not blacklisted (default=permit)
čec 02 14:46:29 northys-laptop portmaster-control[129039]: 200702 14:46:29.833 nameserver:293 ▶ DEBU 709 nameserver: returning response accounts.hetzner.com.A to northys:/usr/lib/firefox/firefox:3730
čec 02 14:46:29 northys-laptop portmaster-control[129039]: 200702 14:46:29.918 connection:198 ▶ INFO 710 filter: granting connection Unknown::-1 to accounts.hetzner.com. (<nil>), endpoint is not blacklisted (default=permit)
čec 02 14:46:29 northys-laptop portmaster-control[129039]: 200702 14:46:29.918 nameserver:293 ▶ DEBU 711 nameserver: returning response accounts.hetzner.com.AAAA to Unknown::-1
čec 02 14:47:44 northys-laptop portmaster-control[129039]: 200702 14:47:44.226 connection:198 ▶ INFO 839 filter: granting connection northys:/usr/lib/firefox/firefox:3730 to accounts.hetzner.com. (213.133.105.184), endpoint is not blacklisted (default=permit)
čec 02 14:47:44 northys-laptop portmaster-control[129039]: 200702 14:47:44.238 connection:198 ▶ INFO 841 filter: granting connection northys:/usr/lib/firefox/firefox:3730 to accounts.hetzner.com. (<nil>), endpoint is not blacklisted (default=permit)
čec 02 14:47:44 northys-laptop portmaster-control[129039]: 200702 14:47:44.238 nameserver:293 ▶ DEBU 842 nameserver: returning response accounts.hetzner.com.A to northys:/usr/lib/firefox/firefox:3730
čec 02 14:47:44 northys-laptop portmaster-control[129039]: 200702 14:47:44.324 connection:198 ▶ INFO 843 filter: granting connection Unknown::-1 to accounts.hetzner.com. (<nil>), endpoint is not blacklisted (default=permit)
čec 02 14:47:44 northys-laptop portmaster-control[129039]: 200702 14:47:44.324 nameserver:293 ▶ DEBU 844 nameserver: returning response accounts.hetzner.com.AAAA to Unknown::-1

	// we found nothing, we could have been too fast, give the kernel some time to think
	// back off timer: with 3ms baseWaitTime: 3, 6, 9, 12, 15, 18, 21ms - 84ms in total
	time.Sleep(time.Duration(i+1) * baseWaitTime)

	// refetch lists
	table.updateTables()

safing / portmaster Goto Github PK

portmaster's People

Contributors

Stargazers

Watchers

Forkers

portmaster's Issues

Recommend Projects

Recommend Topics

Recommend Org