Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Same destination over and over again (still an issue) #671

Open
zaqes opened this issue Dec 23, 2024 · 3 comments
Open

Same destination over and over again (still an issue) #671

zaqes opened this issue Dec 23, 2024 · 3 comments

Comments

@zaqes
Copy link

zaqes commented Dec 23, 2024

#665 is still an issue.

What logs will the debug appear?
@objective-see
Copy link
Owner

Can you confirm you're on the latest version? (2.9.7).

If so, from a terminal run: log stream --level debug --predicate="subsystem='com.objective-see.lulu'"

And post relevant output (the next time this happens), that should start with a log message:
-[Rules endpointAddrMatch:rule:]

Then in the logs, you'll see LuLu performing the endpoint matching ...which (may) still be broken, so I'm hoping these log message shed some insight into why.

I'm not 100% what specific log message will appear, however, you should see log messages related to the process (e.g. privatecloudcomputed) and to the endpoint matching of the existing rule.

@zaqes
Copy link
Author

zaqes commented Dec 23, 2024

I do use 2.9.7

I will try to remove it all and see when it happens again.

@zaqes
Copy link
Author

zaqes commented Jan 9, 2025

This is what I see

2025-01-09 08:09:55.000708+0100 0x8711c8 Debug 0x0 63582 0 com.objective-see.lulu.extension: [com.objective-see.lulu:extension] checking gateway-oblivious.apple.com vs. https://gateway-oblivious.apple.com/pcc/bag 2025-01-09 08:09:55.001139+0100 0x8711c8 Debug 0x0 63582 0 com.objective-see.lulu.extension: [com.objective-see.lulu:extension] checking gateway-oblivious.apple.com vs. 172.64.68.74 2025-01-09 08:09:55.001173+0100 0x8711c8 Debug 0x0 63582 0 com.objective-see.lulu.extension: [com.objective-see.lulu:extension] checking gateway-oblivious.apple.com vs. apple-relay.cloudflare.com 2025-01-09 08:09:55.001204+0100 0x8711c8 Debug 0x0 63582 0 com.objective-see.lulu.extension: [com.objective-see.lulu:extension] no (saved) rule found for 82783/privatecloudcomputed 2025-01-09 08:09:55.001301+0100 0x8711c8 Debug 0x0 63582 0 com.objective-see.lulu.extension: [com.objective-see.lulu:extension] client not in passive mode... 2025-01-09 08:09:55.001320+0100 0x8711c8 Debug 0x0 63582 0 com.objective-see.lulu.extension: [com.objective-see.lulu:extension] no related alert, currently shown... 2025-01-09 08:09:55.001335+0100 0x8711c8 Debug 0x0 63582 0 com.objective-see.lulu.extension: [com.objective-see.lulu:extension] 'Allow Apple' preference not set, so skipped 'Is Apple' check 2025-01-09 08:09:55.001355+0100 0x8711c8 Debug 0x0 63582 0 com.objective-see.lulu.extension: [com.objective-see.lulu:extension] 'allow DNS traffic' is enabled, so checking port/protocol 2025-01-09 08:09:55.001405+0100 0x8711c8 Debug 0x0 63582 0 com.objective-see.lulu.extension: [com.objective-see.lulu:extension] created alert... 2025-01-09 08:09:55.001541+0100 0x8711c8 Debug 0x0 63582 0 com.objective-see.lulu.extension: [com.objective-see.lulu:extension] delivering alert { ancestors = ( { index = 0; name = launchd; path = "/sbin/launchd"; pid = 1; }, { index = 1; name = privatecloudcomputed; path = "/System/Library/PrivateFrameworks/PrivateCloudCompute.framework/privatecloudcomputed.app/Contents/MacOS/privatecloudcomputed"; pid = 82783; } ); args = ( "/System/Library/PrivateFrameworks/PrivateCloudCompute.framework/privatecloudcomputed.app/Contents/MacOS/privatecloudcomputed" ); csChange = 0; endpointPort = 443; host = "172.64.68.74"; key = "com.apple.privatecloudcomputed"; name = privatecloudcomputed; path = "/System/Library/PrivateFrameworks/PrivateCloudCompute.framework/privatecloudcomputed.app"; pid = 82783; protocol = 17; signingInfo = { signatureAuthorities = ( "Software Signing", "Apple Code Signing Certificat 2025-01-09 08:09:55.001571+0100 0x8711c8 Debug 0x0 63582 0 com.objective-see.lulu.extension: [com.objective-see.lulu:extension] invoking user XPC method: 'alertShow:reply:' 2025-01-09 08:09:55.001815+0100 0x8711c8 Debug 0x0 63582 0 com.objective-see.lulu.extension: [com.objective-see.lulu:extension] adding alert to 'shown': com.apple.privatecloudcomputed -> { ancestors = ( { index = 0; name = launchd; path = "/sbin/launchd"; pid = 1; }, { index = 1; name = privatecloudcomputed; path = "/System/Library/PrivateFrameworks/PrivateCloudCompute.framework/privatecloudcomputed.app/Contents/MacOS/privatecloudcomputed"; pid = 82783; } ); args = ( "/System/Library/PrivateFrameworks/PrivateCloudCompute.framework/privatecloudcomputed.app/Contents/MacOS/privatecloudcomputed" ); csChange = 0; endpointPort = 443; host = "172.64.68.74"; key = "com.apple.privatecloudcomputed"; name = privatecloudcomputed; path = "/System/Library/PrivateFrameworks/PrivateCloudCompute.framework/privatecloudcomputed.app"; pid = 82783; protocol = 17; signingInfo = { signatureAuthorities = ( "Software Signing", 2025-01-09 08:09:55.001915+0100 0x87b277 Debug 0x0 63558 0 LuLu: [com.objective-see.lulu:application] daemon invoked user XPC method, '-[XPCUser alertShow:reply:]', with { ancestors = ( { index = 0; name = launchd; path = "/sbin/launchd"; pid = 1; }, { index = 1; name = privatecloudcomputed; path = "/System/Library/PrivateFrameworks/PrivateCloudCompute.framework/privatecloudcomputed.app/Contents/MacOS/privatecloudcomputed"; pid = 82783; } ); args = ( "/System/Library/PrivateFrameworks/PrivateCloudCompute.framework/privatecloudcomputed.app/Contents/MacOS/privatecloudcomputed" ); csChange = 0; endpointPort = 443; host = "172.64.68.74"; key = "com.apple.privatecloudcomputed"; name = privatecloudcomputed; path = "/System/Library/PrivateFrameworks/PrivateCloudCompute.framework/privatecloudcomputed.app"; pid = 82783; protocol = 17; signingInfo = { signatureAuthorities = ( "Software Signing", 2025-01-09 08:09:55.022773+0100 0x3b47e9 Debug 0x0 63558 0 LuLu: [com.objective-see.lulu:application] extracted parent ID 1 for process: 82783 2025-01-09 08:09:55.023733+0100 0x3b47e9 Debug 0x0 63558 0 LuLu: [com.objective-see.lulu:application] extracted parent ID 0 for process: 1 2025-01-09 08:09:55.023782+0100 0x3b47e9 Debug 0x0 63558 0 LuLu: [com.objective-see.lulu:application] (re)generated process hierarchy: ( { index = 0; name = launchd; path = "/sbin/launchd"; pid = 1; }, { index = 1; name = privatecloudcomputed; path = "/System/Library/PrivateFrameworks/PrivateCloudCompute.framework/privatecloudcomputed.app/Contents/MacOS/privatecloudcomputed"; pid = 82783; } ) 2025-01-09 08:09:55.024786+0100 0x3b47e9 Debug 0x0 63558 0 LuLu: [com.objective-see.lulu:application] signing info: { signatureAuthorities = ( "Software Signing", "Apple Code Signing Certification Authority", "Apple Root CA" ); signatureIdentifier = "com.apple.privatecloudcomputed"; signatureSigner = 1; signatureStatus = 0; }

2025-01-09 08:09:55.971472+0100 0x3b47e9 Debug 0xb63b25 63558 0 LuLu: [com.objective-see.lulu:application] replying to alert { action = 1; ancestors = ( { index = 0; name = launchd; path = "/sbin/launchd"; pid = 1; }, { index = 1; name = privatecloudcomputed; path = "/System/Library/PrivateFrameworks/PrivateCloudCompute.framework/privatecloudcomputed.app/Contents/MacOS/privatecloudcomputed"; pid = 82783; } ); args = ( "/System/Library/PrivateFrameworks/PrivateCloudCompute.framework/privatecloudcomputed.app/Contents/MacOS/privatecloudcomputed" ); csChange = 0; endpointAddr = "gateway-oblivious.apple.com"; endpointPort = 443; host = "172.64.68.74"; key = "com.apple.privatecloudcomputed"; name = privatecloudcomputed; path = "/System/Library/PrivateFrameworks/PrivateCloudCompute.framework/privatecloudcomputed.app"; pid = 82783; protocol = 17; scope = 1; signingInfo = { signatureAuthorities = 2025-01-09 08:09:55.971555+0100 0x3b47e9 Debug 0xb63b25 63558 0 LuLu: [com.objective-see.lulu:application] method '-[AppDelegate setActivationPolicy]' invoked 2025-01-09 08:09:55.971573+0100 0x3b47e9 Debug 0xb63b25 63558 0 LuLu: [com.objective-see.lulu:application] window(s) visible, setting policy: NSApplicationActivationPolicyRegular 2025-01-09 08:09:55.972464+0100 0x8711c8 Debug 0x0 63582 0 com.objective-see.lulu.extension: [com.objective-see.lulu:extension] reply: { ancestors = ( { index = 0; name = launchd; path = "/sbin/launchd"; pid = 1; }, { index = 1; name = privatecloudcomputed; path = "/System/Library/PrivateFrameworks/PrivateCloudCompute.framework/privatecloudcomputed.app/Contents/MacOS/privatecloudcomputed"; pid = 82783; } ); args = ( "/System/Library/PrivateFrameworks/PrivateCloudCompute.framework/privatecloudcomputed.app/Contents/MacOS/privatecloudcomputed" ); csChange = 0; endpointPort = 443; host = "172.64.68.74"; key = "com.apple.privatecloudcomputed"; name = privatecloudcomputed; path = "/System/Library/PrivateFrameworks/PrivateCloudCompute.framework/privatecloudcomputed.app"; pid = 82783; protocol = 17; signingInfo = { signatureAuthorities = ( "Software Signing", "Apple Code Signing Certificat 2025-01-09 08:09:55.972587+0100 0x8711c8 Default 0x0 63582 0 com.objective-see.lulu.extension: [com.objective-see.lulu:extension] (user) response: "allow" for /System/Library/PrivateFrameworks/PrivateCloudCompute.framework/privatecloudcomputed.app, that was trying to connect to gateway-oblivious.apple.com:443 2025-01-09 08:09:55.973010+0100 0x8711c8 Debug 0x0 63582 0 com.objective-see.lulu.extension: [com.objective-see.lulu:extension] creating rule with: { action = 1; ancestors = ( { index = 0; name = launchd; path = "/sbin/launchd"; pid = 1; }, { index = 1; name = privatecloudcomputed; path = "/System/Library/PrivateFrameworks/PrivateCloudCompute.framework/privatecloudcomputed.app/Contents/MacOS/privatecloudcomputed"; pid = 82783; } ); args = ( "/System/Library/PrivateFrameworks/PrivateCloudCompute.framework/privatecloudcomputed.app/Contents/MacOS/privatecloudcomputed" ); csChange = 0; endpointAddr = "gateway-oblivious.apple.com"; endpointPort = 443; host = "172.64.68.74"; key = "com.apple.privatecloudcomputed"; name = privatecloudcomputed; path = "/System/Library/PrivateFrameworks/PrivateCloudCompute.framework/privatecloudcomputed.app"; pid = 82783; protocol = 17; scope = 1; signingInfo = { signatureAuthorities = 2025-01-09 08:09:55.973170+0100 0x8711c8 Debug 0x0 63582 0 com.objective-see.lulu.extension: [com.objective-see.lulu:extension] adding rule: com.apple.privatecloudcomputed -> RULE: pid: all, path: /System/Library/PrivateFrameworks/PrivateCloudCompute.framework/privatecloudcomputed.app, name: privatecloudcomputed, code signing info: { signatureAuthorities = ( "Software Signing", "Apple Code Signing Certification Authority", "Apple Root CA" ); signatureIdentifier = "com.apple.privatecloudcomputed"; signatureSigner = 1; signatureStatus = 0; }, endpoint addr: gateway-oblivious.apple.com, endpoint port: 443, action: 1, type: 3, creation: 2025-01-09 07:09:55 +0000, expiration: (null) 2025-01-09 08:09:55.973209+0100 0x8711c8 Debug 0x0 63582 0 com.objective-see.lulu.extension: [com.objective-see.lulu:extension] saving (non-temp) rules to /Library/Objective-See/LuLu/rules.plist 2025-01-09 08:09:56.079671+0100 0x8711c8 Debug 0x0 63582 0 com.objective-see.lulu.extension: [com.objective-see.lulu:extension] serialized rules 2025-01-09 08:09:56.081167+0100 0x8711c8 Debug 0x0 63582 0 com.objective-see.lulu.extension: [com.objective-see.lulu:extension] saved rule to disk 2025-01-09 08:09:56.081304+0100 0x8711c8 Debug 0x0 63582 0 com.objective-see.lulu.extension: [com.objective-see.lulu:extension] removing alert from 'shown': com.apple.privatecloudcomputed -> { action = 1; ancestors = ( { index = 0; name = launchd; path = "/sbin/launchd"; pid = 1; }, { index = 1; name = privatecloudcomputed; path = "/System/Library/PrivateFrameworks/PrivateCloudCompute.framework/privatecloudcomputed.app/Contents/MacOS/privatecloudcomputed"; pid = 82783; } ); args = ( "/System/Library/PrivateFrameworks/PrivateCloudCompute.framework/privatecloudcomputed.app/Contents/MacOS/privatecloudcomputed" ); csChange = 0; endpointAddr = "gateway-oblivious.apple.com"; endpointPort = 443; host = "172.64.68.74"; key = "com.apple.privatecloudcomputed"; name = privatecloudcomputed; path = "/System/Library/PrivateFrameworks/PrivateCloudCompute.framework/privatecloudcomputed.app"; pid = 82783; protocol = 17; scope = 1; signingInfo = 2025-01-09 08:09:56.081327+0100 0x8711c8 Debug 0x0 63582 0 com.objective-see.lulu.extension: [com.objective-see.lulu:extension] invoking user XPC method, '-[XPCUserClient rulesChanged]' 2025-01-09 08:09:56.081365+0100 0x8711c8 Debug 0x0 63582 0 com.objective-see.lulu.extension: [com.objective-see.lulu:extension] processing 0 related flow(s) for com.apple.privatecloudcomputed

Then later

2025-01-06 08:24:58.279121+0100 0x7e35f4 Debug 0x0 63582 0 com.objective-see.lulu.extension: [com.objective-see.lulu:extension] no (saved) rule found for 82783/privatecloudcomputed 2025-01-06 08:24:58.279146+0100 0x7e35f4 Debug 0x0 63582 0 com.objective-see.lulu.extension: [com.objective-see.lulu:extension] client not in passive mode... 2025-01-06 08:24:58.279170+0100 0x7e35f4 Debug 0x0 63582 0 com.objective-see.lulu.extension: [com.objective-see.lulu:extension] no related alert, currently shown... 2025-01-06 08:24:58.279194+0100 0x7e35f4 Debug 0x0 63582 0 com.objective-see.lulu.extension: [com.objective-see.lulu:extension] 'Allow Apple' preference not set, so skipped 'Is Apple' check 2025-01-06 08:24:58.279219+0100 0x7e35f4 Debug 0x0 63582 0 com.objective-see.lulu.extension: [com.objective-see.lulu:extension] 'allow DNS traffic' is enabled, so checking port/protocol 2025-01-06 08:24:58.279277+0100 0x7e35f4 Debug 0x0 63582 0 com.objective-see.lulu.extension: [com.objective-see.lulu:extension] created alert... 2025-01-06 08:24:58.279431+0100 0x7e35f4 Debug 0x0 63582 0 com.objective-see.lulu.extension: [com.objective-see.lulu:extension] delivering alert { ancestors = ( { index = 0; name = launchd; path = "/sbin/launchd"; pid = 1; }, { index = 1; name = privatecloudcomputed; path = "/System/Library/PrivateFrameworks/PrivateCloudCompute.framework/privatecloudcomputed.app/Contents/MacOS/privatecloudcomputed"; pid = 82783; } ); args = ( "/System/Library/PrivateFrameworks/PrivateCloudCompute.framework/privatecloudcomputed.app/Contents/MacOS/privatecloudcomputed" ); csChange = 0; endpointPort = 443; host = "172.64.69.74"; key = "com.apple.privatecloudcomputed"; name = privatecloudcomputed; path = "/System/Library/PrivateFrameworks/PrivateCloudCompute.framework/privatecloudcomputed.app"; pid = 82783; protocol = 17; signingInfo = { signatureAuthorities = ( "Software Signing", "Apple Code Signing Certificat 2025-01-06 08:24:58.279457+0100 0x7e35f4 Debug 0x0 63582 0 com.objective-see.lulu.extension: [com.objective-see.lulu:extension] invoking user XPC method: 'alertShow:reply:' 2025-01-06 08:24:58.279739+0100 0x7e35f4 Debug 0x0 63582 0 com.objective-see.lulu.extension: [com.objective-see.lulu:extension] adding alert to 'shown': com.apple.privatecloudcomputed -> { ancestors = ( { index = 0; name = launchd; path = "/sbin/launchd"; pid = 1; }, { index = 1; name = privatecloudcomputed; path = "/System/Library/PrivateFrameworks/PrivateCloudCompute.framework/privatecloudcomputed.app/Contents/MacOS/privatecloudcomputed"; pid = 82783; } ); args = ( "/System/Library/PrivateFrameworks/PrivateCloudCompute.framework/privatecloudcomputed.app/Contents/MacOS/privatecloudcomputed" ); csChange = 0; endpointPort = 443; host = "172.64.69.74"; key = "com.apple.privatecloudcomputed"; name = privatecloudcomputed; path = "/System/Library/PrivateFrameworks/PrivateCloudCompute.framework/privatecloudcomputed.app"; pid = 82783; protocol = 17; signingInfo = { signatureAuthorities = ( "Software Signing", 2025-01-06 08:24:58.279828+0100 0x7e5e1f Debug 0x0 63558 0 LuLu: [com.objective-see.lulu:application] daemon invoked user XPC method, '-[XPCUser alertShow:reply:]', with { ancestors = ( { index = 0; name = launchd; path = "/sbin/launchd"; pid = 1; }, { index = 1; name = privatecloudcomputed; path = "/System/Library/PrivateFrameworks/PrivateCloudCompute.framework/privatecloudcomputed.app/Contents/MacOS/privatecloudcomputed"; pid = 82783; } ); args = ( "/System/Library/PrivateFrameworks/PrivateCloudCompute.framework/privatecloudcomputed.app/Contents/MacOS/privatecloudcomputed" ); csChange = 0; endpointPort = 443; host = "172.64.69.74"; key = "com.apple.privatecloudcomputed"; name = privatecloudcomputed; path = "/System/Library/PrivateFrameworks/PrivateCloudCompute.framework/privatecloudcomputed.app"; pid = 82783; protocol = 17; signingInfo = { signatureAuthorities = ( "Software Signing", 2025-01-06 08:24:58.299333+0100 0x3b47e9 Debug 0x0 63558 0 LuLu: [com.objective-see.lulu:application] extracted parent ID 1 for process: 82783 2025-01-06 08:24:58.299475+0100 0x3b47e9 Debug 0x0 63558 0 LuLu: [com.objective-see.lulu:application] extracted parent ID 0 for process: 1 2025-01-06 08:24:58.299522+0100 0x3b47e9 Debug 0x0 63558 0 LuLu: [com.objective-see.lulu:application] (re)generated process hierarchy: ( { index = 0; name = launchd; path = "/sbin/launchd"; pid = 1; }, { index = 1; name = privatecloudcomputed; path = "/System/Library/PrivateFrameworks/PrivateCloudCompute.framework/privatecloudcomputed.app/Contents/MacOS/privatecloudcomputed"; pid = 82783; } ) 2025-01-06 08:24:58.300487+0100 0x3b47e9 Debug 0x0 63558 0 LuLu: [com.objective-see.lulu:application] signing info: { signatureAuthorities = ( "Software Signing", "Apple Code Signing Certification Authority", "Apple Root CA" ); signatureIdentifier = "com.apple.privatecloudcomputed"; signatureSigner = 1; signatureStatus = 0; }

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@objective-see @zaqes