LuLu
LuLu copied to clipboard
objective-see
LuLu causing protocol errors in MacOS Sequoia?
I'm on MacOS 15.0 Beta (24A5320a) with LuLu 2.6.3 and I keep finding that I'm getting SSL protocol errors if LuLu is running, but none if I disable. Is this a known issue?
It's common that 3rd-party software has issues in the new OS betas, as generally the OS betas themselves have myriad of issues. As such I usually hold off testing until the betas reach the RC stage (especially as LuLu is running fine on the previous version of macOS).
@objective-see There's an understanding that this build is the final before RC gets released, so I wouldn't expect too many more changes?
I am now on the RC and am still observing lots of network performance issues and SSL protocol errors when LuLu is enabled, and the symptoms disappear if I disable the extension. Let me know if I can grab more logs or traces to help troubleshoot.
Note that this also appears to be an issue with Defender's network filter - I need to also disable that to address network issues.
I'm also on RC 15.0 (24A335) right now, and the only networking issues I've found so far are with Slack huddles stability. Disabling lulu solves the issues.
I can confirm the same problem, lost connections while using ssh or using rdp.
With ssh i get after a few minutes the following error since macOS 15:
Everything is working as it should if the lulu extension is disabled.
Also experiencing issues across most applications with LuLu running on 15RC. The only thing that works reliably is Microsoft Remote Desktop accessing a local network host. Otherwise there are issues with all browsers, VMware Horizon Client, Samba, SSH, Teams, etc with LuLu running.
@objective-see any schedules on releasing an update on those issues once final release of Sequoia is out ?
@objective-see Yes would be good because RC is for 99% the final release, so no beta problem. And little snitch also has no issues.
I started facing this issue as soon as I upgraded to the public release of MacOS Sequoia.
Thanks for feedback and info on this ππ½
If any of you have any relevant log message (either from the system log, or from lulu's log (which can be streamed via: log stream --level debug --predicate="subsystem='com.objective-see.lulu'") and could share those here, that would be super helpful.
Also, are there any other system extensions installed?
(View installed extensions via: systemextensionsctl list)
Digging into this more, but as everything seemed to be working fine on macOS 14.*, a bit tough to know where to dig! π
I did not see anything in the log at the time the SSH connection was dropped.
Here's the error I get on the SSH side in iTerm:
Bad packet length 2860171220.
ssh_dispatch_run_fatal: Connection to <IP-Address> port 22: Connection corrupted
It seems like LuLu is interfering with the encrypted packets in some way. When LuLu is disabled, this error does not occur. With LuLu running, the SSH connection does not last for more than 30 seconds or so. The issue seems to be worse with SSH proxy connections using the ssh -J option.
Other than LuLu, I have the iTop VPN extension. But that is disabled.
The problem seems to be related to the internal firewall of sequoia.
Just disable the internal firewall until apple will fix that.
The problem happens too without lulu. (But it is a lot rarer) A normal user would not get it but related to my work i'm connected to ssh the hole day.
Yeah, the issue happens with Defender's network filter too. I'm updating to MacOS 15.1 Beta, so will report back if it still happens, then try disabling the firwall.
MacOS 15.1 Beta 4. Firewall, LuLu and Defender network filters enabled, have yet to see a network glitch.
Must've been an OS bug. Will leave this open for others to confirm.
The problem seems to be related to the internal firewall of sequoia.
Just disable the internal firewall until apple will fix that.
The problem happens too without lulu. (But it is a lot rarer) A normal user would not get it but related to my work i'm connected to ssh the hole day.
I can confirm that after enabling Lulu and disabling the internal firewall, everything seems to be working fine.
I can also confirm that the issues are gone after deactivating the internal firewall.
This has now been confirmed, to yes, be due to an Apple bug in macOS 15, that is widely impacting many 3rd-party security tools, that then in turn causes macOS networking to break.
This has been reported to Apple (and was so before macOS 15 was released), who have now confirmed the issue and are hopefully working on a fix.
More info: "Appleβs new macOS Sequoia update is breaking some cybersecurity tools"
Yeah, I think that someone from my company tried to report it, but as you highlighted in your Twitter post, Apple isn't super responsive to these kinds of feedback, even when coming from large IT companies.
I'm on the latest 15.1 Beta with firewall and all network filters enabled and am no longer experiencing network issues.
I'm having issues too.. Mainly with connection & transferring file to my NAS.. So what to do in the meanwhile? should I disable LuLu only? macOS firewall only? both?
@yakirlog you can either disable the macOS firewall (which blocks incoming connections), or LuLu (which blocks unauthorized outgoing connections).
@objective-see Also if lulu is disabled it can also happen. (much less often but still happening)
@yakirlog ah good to know, and makes sense as its yes, a macOS bug. In that case, seems like disabling the internal firewall is the way to go. Good news is, macOS 15.1 should be out shortly with fixes from Apple π€π½
I have been encountering the same problem since I updated. I tried the beta, but contrary to other posts, it does not seem resolved - though it does seem potentially less frequent.
I watch a lot of Twitch, and it shows up as streaming video interruptions and chat disconnections. Disabling Lulu does seem to clear it up.
(2020 M1 Macbook Pro for what it's worth - first gen apple silicon)
macOS 15.0.1 out today with a fix that "Improves compatibility with third-party security software".
I'm still seeing this on macOS 15.0.1 (arm64) with LuLu 2.6.3. :(
It's easy to reproduce: just SSH into a remote machine and run top until the connection gets corrupted:
Bad packet length 2202000445.
ssh_dispatch_run_fatal: Connection to XYZ port 22: Connection corrupted
Seems like Apple is on a roll recently, between this and all the updates they pulled that ended up bricking Watches and M4 iPads.
It seemed possibly to be worse when my computer was under load, so I wonder if it's something similar to like, dropping frames in a game when you can't do the work in time. Except the work here is ... ???
Since it seems to affect network filters, I could potentially see it like a timeout waiting for the filter to complete its work. But if it's actually corrupting the network data stream, then I'd be more concerned it's actually a potential security problem, a buffer getting overwritten/mangled or something like that