Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Feature Request] Allow Minecraft broadcast announcements through #813

Closed
petterreinholdtsen opened this issue Jan 22, 2023 · 12 comments
Closed

[Feature Request] Allow Minecraft broadcast announcements through #813

petterreinholdtsen opened this issue Jan 22, 2023 · 12 comments
Labels
feature a whole new feature

Comments

@petterreinholdtsen
Copy link
Contributor

Summary:

On my test box, after activating opensnitch, my Minecraft installation was no longer able to host LAN servers. I had to disable opensnitch to get this working. The Minecraft LAN server system uses broadcast packages to announce its presence on the net, as far as I know.
@petterreinholdtsen petterreinholdtsen added the feature a whole new feature label Jan 22, 2023
@gustavo-iniguez-goya
Copy link
Collaborator

Enable [x] Debug invalid connections on the Preferences -> Nodes , and see if it prompts you to allow an "outgoing connection".
I'm sure I've talked about this with someone else, but I don't find any related issues right now.

@petterreinholdtsen
Copy link
Contributor Author

petterreinholdtsen commented Jan 22, 2023 via email

@gustavo-iniguez-goya
Copy link
Collaborator

ok, let's see if we can identify what we're discarding: Set log level to DEBUG in Preferences -> Nodes.

Then filter the log as follow:

~ $ tail -f /var/log/opensnitchd.log | grep -B 5 "no inodes found"

You should see messages like this one:

[2023-01-22 22:32:30]  DBG  new connection udp => 42730:192.168.160.1 -> 239.255.255.250:3702 uid: 103
[2023-01-22 22:32:30]  DBG  netlink socket error: Warning, no message nor error from netlink, or no connections found - 42730:192.168.160.1 -> 239.255.255.250:3702
[2023-01-22 22:32:30]  DBG  Searching for udp6 netstat entry instead of udp
[2023-01-22 22:32:30]  DBG  <== no inodes found for this connection.

If you identify the destination protocol:ip:port, you can add a rule to the fw to bypass that connection in /etc/opensnitchd/system-fw.json:

            "Rule": {
                "Description": "Allow minecraft", 
                "Table": "mangle",
                "Chain": "OUTPUT",
                "Parameters": "-d 224.0.2.0/24",
                "Target": "ACCEPT", 
                "TargetParameters": ""
            }

@petterreinholdtsen
Copy link
Contributor Author

petterreinholdtsen commented Feb 1, 2023 via email

@gustavo-iniguez-goya
Copy link
Collaborator

If it's UDP, then probably because you are using "proc" monitor method.

Get the eBPF modules from here: https://github.com/evilsocket/opensnitch/actions/runs/3859316337

For kernels >= 5.19, 1.5.0 branch: https://github.com/evilsocket/opensnitch/suites/10231001363/artifacts/501509878
For kernels < 5.19, 1.5.0 branch: https://github.com/evilsocket/opensnitch/suites/10231001363/artifacts/501509880

And change proc monitor method to eBPF.

@gustavo-iniguez-goya
Copy link
Collaborator

ops, btw, the modules goes under /etc/opensnitchd/ directory (for example /etc/opensnitchd/opensnitch.o).

@petterreinholdtsen
Copy link
Contributor Author

petterreinholdtsen commented Feb 1, 2023 via email

@gustavo-iniguez-goya
Copy link
Collaborator

I am, because we were so far unable to get the build for the eBPF to
work when building the Debian package. Why is the proc monitor method
ignoring and blocking UDP packages?

Usually because we're not able to obtain the path of the process. But being a UDP connection, enabling [x] Debug invalid connections should display a pop-up to allow/deny it.

If you can reproduce again the problem with log level in DEBUG , post the file /var/log/opensnitchd.log so I can analyze it.

Look for logs like: new connection.*445

@petterreinholdtsen
Copy link
Contributor Author

petterreinholdtsen commented Feb 1, 2023 via email

@gustavo-iniguez-goya
Copy link
Collaborator

fixed in v1.5.5

@petterreinholdtsen
Copy link
Contributor Author

petterreinholdtsen commented Feb 3, 2023 via email

@gustavo-iniguez-goya
Copy link
Collaborator

Yes, eBPF detects those connections. As minecraft will be running when it sends the requests, we'll be able to get the path of the process.

In order to see these short-lived connections users will have to enable that option. Just changing it from the GUI is enough, no need to change the .json manually. We've never had a report stating that the GUI didn't update the configuration.

Enabling by default that option has undesired effects, because sometimes there're spurious packets that confuse users. In fact the option was named "Intercept unknown connections" (because the process path was unknown), making the things worse, because some users thought that something bad was happening.

This particular problem (short-lived connections/processes) was improved on 1.6.x versions with eBPF.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature a whole new feature
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@petterreinholdtsen @gustavo-iniguez-goya