LuLu
LuLu copied to clipboard
objective-see
Strange connection issue on big sur 11.3 clean install
Im made a clean install of my big sur 11.3 After install lulu, all connections were extremely slow. On macos console, without the firewall enabled, and internet working without issues:
error 14:35:06.532919-0300 kernel Sandbox: ContextStoreAgen(443) deny(1) mach-lookup com.apple.ocspd error 14:35:08.174946-0300 kernel Sandbox: routined(396) deny(1) mach-lookup com.apple.Maps.MapsSync.store error 14:35:08.175539-0300 routined error: XPC: synchronousRemoteObjectProxyWithErrorHandler encountered error: Error Domain=NSCocoaErrorDomain Code=4099 "The connection to service on pid 0 named com.apple.Maps.MapsSync.store was invalidated." UserInfo={NSDebugDescription=The connection to service on pid 0 named com.apple.Maps.MapsSync.store was invalidated.} error 14:35:08.175849-0300 routined error: XPC: synchronousRemoteObjectProxyWithErrorHandler encountered error: Error Domain=NSCocoaErrorDomain Code=4099 "The connection to service on pid 0 named com.apple.Maps.MapsSync.store was invalidated." UserInfo={NSDebugDescription=The connection to service on pid 0 named com.apple.Maps.MapsSync.store was invalidated.} error 14:35:09.199074-0300 kernel Sandbox: com.apple.WebKit(801) deny(1) mach-lookup com.apple.diagnosticd error 14:35:11.263911-0300 routined error: XPC: synchronousRemoteObjectProxyWithErrorHandler encountered error: Error Domain=NSCocoaErrorDomain Code=4099 "The connection to service on pid 0 named com.apple.Maps.MapsSync.store was invalidated." UserInfo={NSDebugDescription=The connection to service on pid 0 named com.apple.Maps.MapsSync.store was invalidated.} error 14:35:11.264565-0300 kernel Sandbox: routined(396) deny(1) mach-lookup com.apple.Maps.MapsSync.store error 14:35:14.365097-0300 routined error: XPC: synchronousRemoteObjectProxyWithErrorHandler encountered error: Error Domain=NSCocoaErrorDomain Code=4099 "The connection to service on pid 0 named com.apple.Maps.MapsSync.store was invalidated." UserInfo={NSDebugDescription=The connection to service on pid 0 named com.apple.Maps.MapsSync.store was invalidated.} error 14:35:15.381313-0300 cfprefsd rejecting read of { kCFPreferencesAnyApplication, rbernardes, kCFPreferencesAnyHost, /Users/rbernardes/Library/Preferences/.GlobalPreferences.plist, managed: 0 } from process 634 (Brave Browser Helper (GPU)) because accessing preferences outside an application's container requires user-preference-read or file-read-data sandbox access error 14:35:17.464961-0300 routined error: XPC: synchronousRemoteObjectProxyWithErrorHandler encountered error: Error Domain=NSCocoaErrorDomain Code=4099 "The connection to service on pid 0 named com.apple.Maps.MapsSync.store was invalidated." UserInfo={NSDebugDescription=The connection to service on pid 0 named com.apple.Maps.MapsSync.store was invalidated.} error 14:35:20.564407-0300 routined error: XPC: synchronousRemoteObjectProxyWithErrorHandler encountered error: Error Domain=NSCocoaErrorDomain Code=4099 "The connection to service on pid 0 named com.apple.Maps.MapsSync.store was invalidated." UserInfo={NSDebugDescription=The connection to service on pid 0 named com.apple.Maps.MapsSync.store was invalidated.} error 14:35:21.413165-0300 cfprefsd rejecting read of { kCFPreferencesAnyApplication, rbernardes, kCFPreferencesAnyHost, /Users/rbernardes/Library/Preferences/.GlobalPreferences.plist, managed: 0 } from process 634 (Brave Browser Helper (GPU)) because accessing preferences outside an application's container requires user-preference-read or file-read-data sandbox access error 14:35:23.663295-0300 routined error: XPC: synchronousRemoteObjectProxyWithErrorHandler encountered error: Error Domain=NSCocoaErrorDomain Code=4099 "The connection to service on pid 0 named com.apple.Maps.MapsSync.store was invalidated." UserInfo={NSDebugDescription=The connection to service on pid 0 named com.apple.Maps.MapsSync.store was invalidated.}
When enabled:
error 14:35:39.904803-0300 mDNSResponder [Q0] mDNSPlatformSendUDP -> sendto(6) failed to send packet on InterfaceID 0x6 en0/4 to <mask.hash: 'kIpuBtg61p0TRx/X6fp11A=='>:5353 skt 6 error -1 errno 32 (Broken pipe) 3623211914 error 14:35:40.764903-0300 kernel Sandbox: com.apple.WebKit(790) deny(1) mach-lookup com.apple.diagnosticd error 14:35:46.729562-0300 mDNSResponder sending to IPv4:BBkywCMi failed: [32: Broken pipe] error 14:35:46.742723-0300 kernel Sandbox: ContextStoreAgen(443) deny(1) mach-lookup com.apple.ocspd error 14:35:50.729568-0300 mDNSResponder sending to IPv4:BBkywCMi failed: [32: Broken pipe] error 14:35:50.970484-0300 mDNSResponder sending to IPv4:BBkywCMi failed: [32: Broken pipe] error 14:35:50.970604-0300 mDNSResponder sending to IPv4:BBkywCMi failed: [32: Broken pipe] error 14:35:50.970726-0300 mDNSResponder sending to IPv4:BBkywCMi failed: [32: Broken pipe] error 14:35:50.970833-0300 mDNSResponder sending to IPv4:BBkywCMi failed: [32: Broken pipe] error 14:35:50.971251-0300 mDNSResponder sending to IPv4:BBkywCMi failed: [32: Broken pipe] error 14:35:50.972994-0300 symptomsd failed to start ticker tickerFatal, not active, active probe: 0x0 error 14:35:50.973507-0300 symptomsd failed to start ticker tickerFatal, not active, active probe: 0x0 error 14:35:50.976296-0300 symptomsd failed to start ticker tickerFatal, not active, active probe: 0x0 error 14:35:50.976722-0300 symptomsd failed to start ticker tickerFatal, not active, active probe: 0x0 error 14:35:51.372396-0300 mDNSResponder sending to IPv4:BBkywCMi failed: [32: Broken pipe] error 14:35:51.373310-0300 symptomsd failed to start ticker tickerFatal, not active, active probe: 0x0 error 14:35:52.079577-0300 mDNSResponder sending to IPv4:BBkywCMi failed: [32: Broken pipe] error 14:35:52.080893-0300 symptomsd failed to start ticker tickerFatal, not active, active probe: 0x0 error 14:35:54.890142-0300 kernel Sandbox: com.apple.WebKit(757) deny(1) mach-lookup com.apple.diagnosticd error 14:35:55.001122-0300 mDNSResponder sending to IPv4:BBkywCMi failed: [32: Broken pipe] error 14:35:55.001312-0300 mDNSResponder sending to IPv4:BBkywCMi failed: [32: Broken pipe] error 14:35:55.001404-0300 mDNSResponder sending to IPv4:BBkywCMi failed: [32: Broken pipe] error 14:35:55.001502-0300 mDNSResponder sending to IPv4:BBkywCMi failed: [32: Broken pipe] error 14:35:55.001589-0300 mDNSResponder sending to IPv4:BBkywCMi failed: [32: Broken pipe] error 14:35:55.503511-0300 mDNSResponder sending to IPv4:BBkywCMi failed: [32: Broken pipe] error 14:35:56.279367-0300 mDNSResponder sending to IPv4:BBkywCMi failed: [32: Broken pipe] error 14:35:59.001058-0300 mDNSResponder sending to IPv4:BBkywCMi failed: [32: Broken pipe] error 14:35:59.003915-0300 symptomsd failed to start ticker tickerFatal, not active, active probe: 0x0
Anyone with this problem too?
Yes, I found it out at this moment, that LuLu made the problems. Also other tool won't work. (for example macupdater or twitteriffice)
Also facing the same issue; something to note: for me, LAN connections (i.e., to 192.168.x.y) were fast, but WAN ones were unbearably slow.
Having the same problem. WAN connections are unbearably slow. Ping does not work on WAN or LAN for that matter. I use an ethernet connection if that's important.
Solution that fixed it for me: remove Radio Silence. I guess that there are conflicts between different filtering apps that are appearing in Big Sur 11.3. Check if you have other network filtering apps active and remove them.
Seems like there are a lot of reports of LuLu having problems when used in combination with some other networking app. For example:
- Radio Silence (@danielp123, above)
- TripMode (https://github.com/objective-see/LuLu/issues/321#issuecomment-827159116, and my personal experience)
- Cisco AnyConnect (#356)
At least for me, running LuLu alone on macOS 11.3 seems to work fine. I wonder if any of the folks reporting problems are using LuLu on its own?
Solution that fixed it for me: remove Radio Silence. I guess that there are conflicts between different filtering apps that are appearing in Big Sur 11.3. Check if you have other network filtering apps active and remove them.
Thanks for the suggestion. I was using Pulse Secure VPN. Removing it seems to do the trick, but I kind of need the app. :/
Also having what I suspect is this same issue.
Running Lulu 2.3.1, on MacOS 11.3, on M1 chip. I also have TripMode running.
If Lulu is enabled, when I connect to WiFi it either comes up with ! symbol over WiFi icon, or it does connect but then Internet is basically inaccessible. I'm pretty sure it's due to DNS lookups being blocked. As I note that I can load a common site in browser (such as Google.com) for which I know there will be an entry in the DNS cache. And I can call other sites for which there is very likely an IP entry in the DNS cache. But once anything beyond what's cached is called, it doesn't load, or it takes many minutes to load.
Also using a VPN is problematic. I'd not associated it with this Lulu issue, but seeing comments above made me realise it likely is related.
Today apple release big sur 11.3.1. Maybe this problem has solved, not testing yet.
I haven't updated yet but I am not opposed to it. I just wanted to mention first that my employer-provided workstation is running Eracent for DLP I believe, and Crowdstrike as it's endpoint protection software and LuLu must be disabled or I can't ping anything and only certain activities are even possible.
But I've got a trashcan6,1 on my desk too and it's fine with LuLu running. My endpoint protection software on that workstation is BitDefender and like I do ad-hoc vt-cli and clamscans but nothing in-path for networking other than BitDefender and LuLu is happy with that arrangement.
I don't have much visibility into Eracent other than what I can figure out from it's logs, and nobody from our SIRT has contacted me about Crowdstrike melting down or anything like that so I think whatever the problem is I'm expecting the only solution for me will be a change in LuLu. I'm curious what the root cause here is though! I am def not up to speed on what changes under the hood have been made in macOS over the last couple of releases.
edit @20210503155450 — 11.3.1 doesn't resolve this issue (but should be promptly installed by everyone due to the vulnerabilities addressed) and it may just be something as simple as having more than 2 network extensions active? my trashcan6,1 only has LuLu's and one Adguard installed that I don't activate (I use an Adguard Home instance to cover the whole household and enforce safe search and youtube sans-commentary etc.)
I also have problems with Big Sur 11.3.1 latest Lulu and backup to Time Machine on NAS.
Same ping issue here on Big Sur 11.3.1, Lulu 2.3.1 and Cisco AnyConnect 4.10.00093. I think this problem is related to new versions of Cisco AnyConnect after it starts using 2 Socket Filter services in network preferences.
I just confirmed by disconnecting the Cisco AnyConnect Packet Filter i have regained connectivity with LuLu activated.
What do those packet filters even do? I was able to remove them and still connect to my AnyConnect VPN
Same ping issue here on Big Sur 11.3.1, Lulu 2.3.1 and Cisco AnyConnect 4.10.00093. I think this problem is related to new versions of Cisco AnyConnect after it starts using 2 Socket Filter services in network preferences.
Socket filtering is present in Cisco AnyConnect since version 4.9
I don't have Cisco AnyConnect installed. So I suspect that's not the specific cause.
If enabled, LuLu won't do Backups in TimeMachine. If I disable it, Backups work without problems.
On Big Sur (11.3.1), I’ve had to essentially keep Lulu permanently disabled. I consider it completely incompatible with Big Sur at this stage. It causes far too many connection issues to be useable. As shared above, I suspect it's DNS related. It seems to block DNS lookups, and there seems (but hard to be sure) to be some relationship with whether or not other network applications are active. Apps that inject themselves into the Network layer on macOS. Two examples are TripMode, ClearVPN.
I've now quit Lulu, and will have to keep it that way until there's an update. There's really no point to leave it running.
Yes, same here. I have it disabled on Big Sur 11.3, otherwise nothing works.
I am running macOS 11.x on a mid 2012 15" non retina MBP installed with patch-sur utility. I had upgraded my WiFi/BT card to the newest Broadcom version (same as apple is currently using). Versions of macOS 11.2.5 and before ran perfectly but all hell broke loose when I upgraded to 11.3. I chased it to the point of determining it was definitely related to DNS. I then fell back to macOS11.2.5 successfully and the issue was resolved. I chose at the time to just stay on 11.2.5 and try again with 11.4. So, today Apple released 11.4 and I upgraded. Same painfully slow DNS resolution once again raised its ugly head. Searching the internet once again (on my iPhone), resulted in finding a reddit thread from a M1 based MBP user reporting the same problem which meant, the issue was most decidedly not related to my hardware. That user had chased the issue to LuLu, which I have used for a couple of years without issues. I removed LuLu (ver 2.3.1), rebooted and BINGO, DNS resolution returned to normal expectations. What LuLu is doing to so screw up DNS resolution starting with macOS 11.3 is something Patrick W will have to sort out. For the meantime, I will just keep LuLu off my system but I DO hope Patrick finds the issue and resolves it as I prefer to run LuLu.
Same issue with 11.4
bummer. for now I've disabled the three packet filters network interfaces for Cisco AnyConnect v4.9.xxxx and that seems to allow Cisco Connect to still work as a vpn client as well as allowing LuLu to work as a firewall and restoring ping functionality etc.
After updating Big Sur to 11.5 it seems that Lulu is working again and I can ping
I can confirm the same ... Issue seems to be resolved on 11.5 (and 11.5.2)
Interestingly release notes for new AnyConnect client state: AnyConnect 4.10.05095 New Features This is a maintenance release that includes the following enhancements, and that resolves the defects described in AnyConnect 4.10.05095. [...redacted, irrelevant...] An Umbrella issue that could cause a total Domain Name System failure on macOS 11 and later versions, requiring a reboot or removal of AnyConnect to resolve, has been fixed. ...so maybe we can re-enable the Cisco AnyConnect packet filters (although I probably won't bother since the VPN part works fine without the packet filters enabled)
Same issue along with https://www.paloaltonetworks.com/products/globalprotect. Not sure if 11.5 fixed it.
