search

safing / portmaster

🏔 Love Freedom - ❌ Block Mass Surveillance
https://safing.io
GNU General Public License v3.0
9.11k stars 284 forks source link

DNS requests from WSL can fail with dnsTunneling #1629

Open Marc05 opened 1 month ago

Marc05 commented 1 month ago

I've noticed that some connections fail under Windows Subsystem for Linux (version 2.2.4.0) when Portmaster is running.

I can reproduce it with the following python script -running this script will block the terminal session until the process is killed:

# test.py
import urllib.request
try:
   urllib.request.urlretrieve("http://www.python.org/")
except Exception as e:
   print(e)

Some debugging shows the following while using Portmaster:

$ sudo strace -f -e trace=network -s 10000 python3 ./test.py 
socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 3
connect(3, {sa_family=AF_UNIX, sun_path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 3
connect(3, {sa_family=AF_UNIX, sun_path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
socket(AF_INET, SOCK_DGRAM|SOCK_CLOEXEC|SOCK_NONBLOCK, IPPROTO_IP) = 3
setsockopt(3, SOL_IP, IP_RECVERR, [1], 4) = 0
connect(3, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("10.255.255.254")}, 16) = 0
sendmmsg(3, [{msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="c\356\1\0\0\1\0\0\0\0\0\0\3www\6python\3org\0\0\1\0\1", iov_len=32}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, msg_len=32}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\27\351\1\0\0\1\0\0\0\0\0\0\3www\6python\3org\0\0\34\0\1", iov_len=32}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, msg_len=32}], 2, MSG_NOSIGNAL) = 2
recvfrom(3, "\27\351\203\200\0\1\0\0\0\0\0\0\3www\6python\3org\0\0\34\0\1", 2048, 0, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("10.255.255.254")}, [28 => 16]) = 32
socket(AF_INET, SOCK_STREAM|SOCK_CLOEXEC, IPPROTO_IP) = 3
connect(3, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("10.255.255.254")}, 16) = 0
^Cstrace: Process 32501 detached
Raphty commented 1 month ago

WSL is considered a VM and is therefore still out of scope https://github.com/safing/portmaster/issues/166

Marc05 commented 1 month ago

I'm aware VMs are not supported; I opened the issue mainly for awareness. Is there a better place to report these?

I wasn't able to fix this in Portmsater even after disabling Block Secure DNS Bypassing. I was able to work around the issue by disabling dnsTunneling in WSL.

Raphty commented 1 month ago

I think this here is a good place, I just wanted to manage expectations 😅