Re: Strange AVC denials without effect

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 3.7.2020 16.49, Paul Moore wrote:
On Fri, Jul 3, 2020 at 6:28 AM Topi Miettinen <toiwoton@xxxxxxxxx> wrote:

Hello,

I renamed SELinux packet types and also without using type attributes
(like packet_type etc), so that refpolicy TE rules for packets should
not apply. Then I added new rules for the new types one by one as they
were needed. But there are lots of audit entries which would seem to
indicate that kernel_t is prevented from sending packets:

type=AVC msg=audit(1593770235.180:3222): avc:  denied  { send } for
pid=408 comm="irq/30-iwlwifi" saddr=10.0.0.3 daddr=1.1.1.1 netif=wlan0
scontext=system_u:system_r:kernel_t:s0
tcontext=system_u:object_r:my_dns_client_packet_t:s0 tclass=packet
permissive=0

In reality, the packets are sent. But kernel_t is not permissive and
there should not be any rules which would allow the action, so shouldn't
this prevent packet transmission?

Hmm, that is interesting.  Are you 100% certain that the packets which
are the source of this AVC denial are the ones being sent over the
wire(less)?  Based on the permission, this is coming from the SELinux
postroute hooks which simply return a DROP to the netfilter code, so
if the packet is really getting sent it might be a case where the
kernel is ignoring the netfilter hooks ... and that seems fairly
unlikely to me.

I can reproduce this by using 'resolvectl some.uncached.domain' while running strace for systemd-resolved and also tcpdumping the interface.

My explanation is this: systemd-resolved is making two parallel DNS requests. It's happy with the response received from one socket (maybe fd 16 below) and then closes the other socket (maybe 17) before receiving the response.

But when the response packet to request from socket 17 arrives, kernel wants to reply with ICMP Unreachable packet. There's no socket (skb->sk == NULL) and thus kernel SID is used for packet AVC check. NFT conntrack rules assign the related ICMP packets to the DNS connection, so they are labeled as my_dns_client_packet_t. Kernel its not allowed to send the ICMP packet because no AVCs allow this.

Indeed if I let the kernel send the packet with setenforce 0, the blocked ICMP packet can be seen with tcpdump.

I think everything works as designed. Perhaps I should change my NFT rules for ICMP packets so that they are always labeled with generic type like icmp_packet_t, while keeping them assigned to the related connection from conntrack's point of view. This would make sense as the applications should not be allowed to see the ICMP packets related to normal TCP/UDP sockets anyway, they belong to kernel protocol stack. Of course, the kernel protocol stack does not allow that anyway. For firewall rules, such ICMP packets should belong to the related conntrack connections (so unrelated ICMP packets can be dropped).

Lots of less interesting details below.

journal:
13:07:12.873000 loora audit[417]: AVC avc: denied { send } for pid=417 comm="irq/30-iwlwifi" saddr=10.0.0.38 daddr=1.1.1.1 netif=wlan0 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:my_dns_client_packet_t:s0 tclass=packet permissive=0

tcpdump:
13:07:12.725297 IP 10.0.0.38.39473 > 1.1.1.1.53: 62526+% [1au] A? google.se. (61) 13:07:12.726345 IP 10.0.0.38.44440 > 1.1.1.1.53: 33003+% [1au] AAAA? google.se. (61) 13:07:12.726877 IP 10.0.0.38.47121 > 1.1.1.1.53: 11236+% [1au] A? google.se. (61) 13:07:12.727562 IP 10.0.0.38.57098 > 1.1.1.1.53: 13416+% [1au] AAAA? google.se. (61) 13:07:12.761679 IP 1.1.1.1.53 > 10.0.0.38.44440: 33003 1/0/1 AAAA 2a00:1450:400f:808::2003 (75) 13:07:12.762152 IP 1.1.1.1.53 > 10.0.0.38.57098: 13416 1/0/1 AAAA 2a00:1450:400f:808::2003 (75) 13:07:12.762580 IP 1.1.1.1.53 > 10.0.0.38.39473: 62526 1/0/1 A 216.58.211.131 (63) 13:07:12.762997 IP 1.1.1.1.53 > 10.0.0.38.47121: 11236 1/0/1 A 216.58.211.131 (63) 13:07:12.764114 IP 10.0.0.38.55141 > 1.1.1.1.53: 26552+% [1au] SOA? google.se. (61) 13:07:12.765265 IP 10.0.0.38.52528 > 1.1.1.1.53: 991+% [1au] SOA? google.se. (61)
13:07:12.798556 IP 1.1.1.1.53 > 10.0.0.38.55141: 26552 1/0/1 SOA (107)
13:07:12.799310 IP 1.1.1.1.53 > 10.0.0.38.52528: 991 1/0/1 SOA (107)
13:07:12.800954 IP 10.0.0.38.36977 > 1.1.1.1.53: 9459+% [1au] DS? google.se. (61) 13:07:12.802120 IP 10.0.0.38.53585 > 1.1.1.1.53: 4372+% [1au] DS? google.se. (61)
13:07:12.820652 IP 1.1.1.1.53 > 10.0.0.38.53585: 4372$ 0/4/1 (738)
13:07:12.822177 IP 10.0.0.38.52683 > 1.1.1.1.53: 52194+% [1au] DNSKEY? se. (54)
13:07:12.837627 IP 1.1.1.1.53 > 10.0.0.38.36977: 9459$ 0/4/1 (738)
13:07:12.839631 IP 1.1.1.1.53 > 10.0.0.38.52683: 52194$ 3/0/1 DNSKEY, DNSKEY, RRSIG (875) 13:07:12.839822 IP 10.0.0.38.60292 > 1.1.1.1.53: 48610+% [1au] DNSKEY? se. (54)
13:07:12.841005 IP 10.0.0.38.42149 > 1.1.1.1.53: 23889+% [1au] DS? se. (54)
13:07:12.855842 IP 1.1.1.1.53 > 10.0.0.38.60292: 48610$ 3/0/1 DNSKEY, DNSKEY, RRSIG (875)
13:07:12.858087 IP 10.0.0.38.59625 > 1.1.1.1.53: 27007+% [1au] DS? se. (54)
13:07:12.859498 IP 1.1.1.1.53 > 10.0.0.38.42149: 23889$ 2/0/1 DS, RRSIG (368)
13:07:12.860377 IP 10.0.0.38.39286 > 1.1.1.1.53: 4778+% [1au] DNSKEY? . (51)
13:07:12.875179 IP 1.1.1.1.53 > 10.0.0.38.59625: 27007$ 2/0/1 DS, RRSIG (368) 13:07:12.879008 IP 1.1.1.1.53 > 10.0.0.38.39286: 4778$ 4/0/1 DNSKEY, DNSKEY, DNSKEY, RRSIG (1139)
In total 13 requests, 13 responses. ICMP response is not sent.

With setenforce 0, this additional packet can be seen:
15:26:48.456905 IP 10.0.0.38 > 1.1.1.1: ICMP 10.0.0.38 udp port 49447 unreachable, length 556

strace (removed uninteresting lines like gettid(), setsockopt(), stuff resolved does to poll for new interfaces); 13:07:12.724780 socket(AF_INET, SOCK_DGRAM|SOCK_CLOEXEC|SOCK_NONBLOCK, IPPROTO_IP) = 15 13:07:12.725039 connect(15, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("1.1.1.1")}, 16) = 0 13:07:12.725128 epoll_ctl(4, EPOLL_CTL_ADD, 15, {EPOLLIN, {u32=3909210464, u64=99629970608480}}) = 0 13:07:12.725205 write(15, "\364>\1\20\0\1\0\0\0\0\0\1\6google\2se\0\0\1\0\1\0\0)\20\0\0\0\200\0\0\27\0\5\0\7\5\7\10\n\r\16\17\0\6\0\3\1\2\4\0\7\0\1\1", 61) = 61 13:07:12.725833 socket(AF_INET, SOCK_DGRAM|SOCK_CLOEXEC|SOCK_NONBLOCK, IPPROTO_IP) = 16 13:07:12.726074 connect(16, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("1.1.1.1")}, 16) = 0 13:07:12.726146 epoll_ctl(4, EPOLL_CTL_ADD, 16, {EPOLLIN, {u32=3908845472, u64=99629970243488}}) = 0 13:07:12.726261 write(16, "\200\353\1\20\0\1\0\0\0\0\0\1\6google\2se\0\0\34\0\1\0\0)\20\0\0\0\200\0\0\27\0\5\0\7\5\7\10\n\r\16\17\0\6\0\3\1\2\4\0\7\0\1\1", 61) = 61 13:07:12.726388 socket(AF_INET, SOCK_DGRAM|SOCK_CLOEXEC|SOCK_NONBLOCK, IPPROTO_IP) = 17 13:07:12.726658 connect(17, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("1.1.1.1")}, 16) = 0 13:07:12.726744 epoll_ctl(4, EPOLL_CTL_ADD, 17, {EPOLLIN, {u32=3909004784, u64=99629970402800}}) = 0 13:07:12.726813 write(17, "+\344\1\20\0\1\0\0\0\0\0\1\6google\2se\0\0\1\0\1\0\0)\20\0\0\0\200\0\0\27\0\5\0\7\5\7\10\n\r\16\17\0\6\0\3\1\2\4\0\7\0\1\1", 61) = 61 13:07:12.726968 socket(AF_INET, SOCK_DGRAM|SOCK_CLOEXEC|SOCK_NONBLOCK, IPPROTO_IP) = 18 13:07:12.727359 connect(18, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("1.1.1.1")}, 16) = 0 13:07:12.727430 epoll_ctl(4, EPOLL_CTL_ADD, 18, {EPOLLIN, {u32=3909100528, u64=99629970498544}}) = 0 13:07:12.727498 write(18, "4h\1\20\0\1\0\0\0\0\0\1\6google\2se\0\0\34\0\1\0\0)\20\0\0\0\200\0\0\27\0\5\0\7\5\7\10\n\r\16\17\0\6\0\3\1\2\4\0\7\0\1\1", 61) = 61 13:07:12.727741 epoll_ctl(4, EPOLL_CTL_MOD, 14, {0, {u32=3908851008, u64=99629970249024}}) = 0 13:07:12.728055 epoll_wait(4, [{EPOLLIN, {u32=3908813936, u64=99629970211952}}], 23, -1) = 1
13:07:12.728155 read(10, "\1\0\0\0\0\0\0\0", 8) = 8
13:07:12.728315 epoll_ctl(4, EPOLL_CTL_MOD, 14, {EPOLLIN, {u32=3908851008, u64=99629970249024}}) = 0 13:07:12.728380 epoll_wait(4, [{EPOLLIN, {u32=3908845472, u64=99629970243488}}], 23, -1) = 1
13:07:12.761983 recvfrom(16, NULL, 0, MSG_PEEK|MSG_TRUNC, NULL, NULL) = 75
13:07:12.762365 recvmsg(16, {msg_name={sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("1.1.1.1")}, msg_namelen=128->16, msg_iov=[{iov_base="\200\353\201\220\0\1\0\1\0\0\0\1\6google\2se\0\0\34\0\1\6google\2se\0\0\34\0\1\0\0\1,\0\20*\0\24P@\17\10\10\0\0\0\0\0\0 \3\0\0)\5\254\0\0\200\0\0\0", iov_len=3928}], msg_iovlen=1, msg_control=[{cmsg_len=28, cmsg_level=SOL_IP, cmsg_type=IP_PKTINFO, cmsg_data={ipi_ifindex=if_nametoindex("wlan0"), ipi_spec_dst=inet_addr("10.0.0.38"), ipi_addr=inet_addr("10.0.0.38")}}], msg_controllen=32, msg_flags=0}, 0) = 75 13:07:12.763653 socket(AF_INET, SOCK_DGRAM|SOCK_CLOEXEC|SOCK_NONBLOCK, IPPROTO_IP) = 19 13:07:12.763874 connect(19, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("1.1.1.1")}, 16) = 0 13:07:12.763953 epoll_ctl(4, EPOLL_CTL_ADD, 19, {EPOLLIN, {u32=3909066784, u64=99629970464800}}) = 0 13:07:12.764029 write(19, "g\270\1\20\0\1\0\0\0\0\0\1\6google\2se\0\0\6\0\1\0\0)\20\0\0\0\200\0\0\27\0\5\0\7\5\7\10\n\r\16\17\0\6\0\3\1\2\4\0\7\0\1\1", 61) = 61
13:07:12.764158 epoll_ctl(4, EPOLL_CTL_DEL, 16, NULL) = 0
13:07:12.764224 close(16)               = 0
13:07:12.764360 epoll_wait(4, [{EPOLLIN, {u32=3909100528, u64=99629970498544}}, {EPOLLIN, {u32=3909210464, u64=99629970608480}}, {EPOLLIN, {u32=3909004784, u64=99629970402800}}], 23, -1) = 3
13:07:12.764429 recvfrom(18, NULL, 0, MSG_PEEK|MSG_TRUNC, NULL, NULL) = 75
13:07:12.764507 recvmsg(18, {msg_name={sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("1.1.1.1")}, msg_namelen=128->16, msg_iov=[{iov_base="4h\201\220\0\1\0\1\0\0\0\1\6google\2se\0\0\34\0\1\6google\2se\0\0\34\0\1\0\0\1,\0\20*\0\24P@\17\10\10\0\0\0\0\0\0 \3\0\0)\5\254\0\0\200\0\0\0", iov_len=3928}], msg_iovlen=1, msg_control=[{cmsg_len=28, cmsg_level=SOL_IP, cmsg_type=IP_PKTINFO, cmsg_data={ipi_ifindex=if_nametoindex("wlan0"), ipi_spec_dst=inet_addr("10.0.0.38"), ipi_addr=inet_addr("10.0.0.38")}}], msg_controllen=32, msg_flags=0}, 0) = 75 13:07:12.764780 socket(AF_INET, SOCK_DGRAM|SOCK_CLOEXEC|SOCK_NONBLOCK, IPPROTO_IP) = 16 13:07:12.765064 connect(16, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("1.1.1.1")}, 16) = 0 13:07:12.765134 epoll_ctl(4, EPOLL_CTL_ADD, 16, {EPOLLIN, {u32=3908845472, u64=99629970243488}}) = 0 13:07:12.765202 write(16, "\3\337\1\20\0\1\0\0\0\0\0\1\6google\2se\0\0\6\0\1\0\0)\20\0\0\0\200\0\0\27\0\5\0\7\5\7\10\n\r\16\17\0\6\0\3\1\2\4\0\7\0\1\1", 61) = 61
13:07:12.765298 epoll_ctl(4, EPOLL_CTL_DEL, 18, NULL) = 0
13:07:12.765362 close(18)               = 0
13:07:12.765507 epoll_wait(4, [{EPOLLIN, {u32=3909210464, u64=99629970608480}}, {EPOLLIN, {u32=3909004784, u64=99629970402800}}], 23, 0) = 2
13:07:12.765574 recvfrom(17, NULL, 0, MSG_PEEK|MSG_TRUNC, NULL, NULL) = 63
13:07:12.765649 recvmsg(17, {msg_name={sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("1.1.1.1")}, msg_namelen=128->16, msg_iov=[{iov_base="+\344\201\220\0\1\0\1\0\0\0\1\6google\2se\0\0\1\0\1\6google\2se\0\0\1\0\1\0\0\1,\0\4\330:\323\203\0\0)\5\254\0\0\200\0\0\0", iov_len=3928}], msg_iovlen=1, msg_control=[{cmsg_len=28, cmsg_level=SOL_IP, cmsg_type=IP_PKTINFO, cmsg_data={ipi_ifindex=if_nametoindex("wlan0"), ipi_spec_dst=inet_addr("10.0.0.38"), ipi_addr=inet_addr("10.0.0.38")}}], msg_controllen=32, msg_flags=0}, 0) = 63
13:07:12.765896 epoll_ctl(4, EPOLL_CTL_DEL, 17, NULL) = 0
13:07:12.765964 close(17)               = 0
13:07:12.766089 epoll_wait(4, [{EPOLLIN, {u32=3909210464, u64=99629970608480}}], 21, 0) = 1
13:07:12.766154 recvfrom(15, NULL, 0, MSG_PEEK|MSG_TRUNC, NULL, NULL) = 63
13:07:12.766227 recvmsg(15, {msg_name={sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("1.1.1.1")}, msg_namelen=128->16, msg_iov=[{iov_base="\364>\201\220\0\1\0\1\0\0\0\1\6google\2se\0\0\1\0\1\6google\2se\0\0\1\0\1\0\0\1,\0\4\330:\323\203\0\0)\5\254\0\0\200\0\0\0", iov_len=3928}], msg_iovlen=1, msg_control=[{cmsg_len=28, cmsg_level=SOL_IP, cmsg_type=IP_PKTINFO, cmsg_data={ipi_ifindex=if_nametoindex("wlan0"), ipi_spec_dst=inet_addr("10.0.0.38"), ipi_addr=inet_addr("10.0.0.38")}}], msg_controllen=32, msg_flags=0}, 0) = 63
13:07:12.766487 epoll_ctl(4, EPOLL_CTL_DEL, 15, NULL) = 0
13:07:12.766578 close(15)               = 0
13:07:12.766756 epoll_wait(4, [{EPOLLIN, {u32=3909066784, u64=99629970464800}}], 19, -1) = 1
13:07:12.798860 recvfrom(19, NULL, 0, MSG_PEEK|MSG_TRUNC, NULL, NULL) = 107
13:07:12.799263 recvmsg(19, {msg_name={sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("1.1.1.1")}, msg_namelen=128->16, msg_iov=[{iov_base="g\270\201\220\0\1\0\1\0\0\0\1\6google\2se\0\0\6\0\1\6google\2se\0\0\6\0\1\0\0\0<\0000\3ns1\6google\3com\0\tdns-admin\3004\23\v\0253\0\0\3\204\0\0\3\204\0\0\7\10\0\0\0<\0\0)\5\254\0\0\200\0\0\0", iov_len=3928}], msg_iovlen=1, msg_control=[{cmsg_len=28, cmsg_level=SOL_IP, cmsg_type=IP_PKTINFO, cmsg_data={ipi_ifindex=if_nametoindex("wlan0"), ipi_spec_dst=inet_addr("10.0.0.38"), ipi_addr=inet_addr("10.0.0.38")}}], msg_controllen=32, msg_flags=0}, 0) = 107 13:07:12.800484 socket(AF_INET, SOCK_DGRAM|SOCK_CLOEXEC|SOCK_NONBLOCK, IPPROTO_IP) = 15 13:07:12.800716 connect(15, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("1.1.1.1")}, 16) = 0 13:07:12.800793 epoll_ctl(4, EPOLL_CTL_ADD, 15, {EPOLLIN, {u32=3909210464, u64=99629970608480}}) = 0 13:07:12.800870 write(15, "$\363\1\20\0\1\0\0\0\0\0\1\6google\2se\0\0+\0\1\0\0)\20\0\0\0\200\0\0\27\0\5\0\7\5\7\10\n\r\16\17\0\6\0\3\1\2\4\0\7\0\1\1", 61) = 61
13:07:12.800998 epoll_ctl(4, EPOLL_CTL_DEL, 19, NULL) = 0
13:07:12.801063 close(19)               = 0
13:07:12.801198 epoll_wait(4, [{EPOLLIN, {u32=3908845472, u64=99629970243488}}], 19, -1) = 1
13:07:12.801265 recvfrom(16, NULL, 0, MSG_PEEK|MSG_TRUNC, NULL, NULL) = 107
13:07:12.801342 recvmsg(16, {msg_name={sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("1.1.1.1")}, msg_namelen=128->16, msg_iov=[{iov_base="\3\337\201\220\0\1\0\1\0\0\0\1\6google\2se\0\0\6\0\1\6google\2se\0\0\6\0\1\0\0\0<\0000\3ns1\6google\3com\0\tdns-admin\3004\23\v\0253\0\0\3\204\0\0\3\204\0\0\7\10\0\0\0<\0\0)\5\254\0\0\200\0\0\0", iov_len=3928}], msg_iovlen=1, msg_control=[{cmsg_len=28, cmsg_level=SOL_IP, cmsg_type=IP_PKTINFO, cmsg_data={ipi_ifindex=if_nametoindex("wlan0"), ipi_spec_dst=inet_addr("10.0.0.38"), ipi_addr=inet_addr("10.0.0.38")}}], msg_controllen=32, msg_flags=0}, 0) = 107 13:07:12.801640 socket(AF_INET, SOCK_DGRAM|SOCK_CLOEXEC|SOCK_NONBLOCK, IPPROTO_IP) = 17 13:07:12.801916 connect(17, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("1.1.1.1")}, 16) = 0 13:07:12.801986 epoll_ctl(4, EPOLL_CTL_ADD, 17, {EPOLLIN, {u32=3909066784, u64=99629970464800}}) = 0 13:07:12.802055 write(17, "\21\24\1\20\0\1\0\0\0\0\0\1\6google\2se\0\0+\0\1\0\0)\20\0\0\0\200\0\0\27\0\5\0\7\5\7\10\n\r\16\17\0\6\0\3\1\2\4\0\7\0\1\1", 61) = 61
13:07:12.802153 epoll_ctl(4, EPOLL_CTL_DEL, 16, NULL) = 0
13:07:12.802217 close(16)               = 0
13:07:12.802345 epoll_wait(4, [{EPOLLIN, {u32=3909066784, u64=99629970464800}}], 19, -1) = 1
13:07:12.820848 recvfrom(17, NULL, 0, MSG_PEEK|MSG_TRUNC, NULL, NULL) = 738
13:07:12.821064 recvmsg(17, {msg_name={sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("1.1.1.1")}, msg_namelen=128->16, msg_iov=[{iov_base="\21\24\201\260\0\1\0\0\0\4\0\1\6google\2se\0\0+\0\1\2se\0\0\6\0\1\0\0\30p\0@\22catcher-in-the-rye\3nic\300\33\20registry-default\300<xg\324\t\0\0\7\10\0\0\7\10\0\r/\0\0\0\34 \300\33\0.\0\1\0\0\30p\1\26\0\6\10\1\0\2\243\0_\21?\200_\09\217\310\243\2se\0000\323\363\10\36\317C\366\270\23!;\312\313\210\332\30i\234I\360\253\367\201\314>s\4\6\210\264\2\277`\322e\206\376\6\314H\230w2X\49\235\34\340\226N\6\3GV\360\243r#\251\333b\202\224\4\0]i\375~C\215T\37\223Y\354\24\260@\375m\215\4\177#1\347zT\356\337g\231G[V\254\313\221\336\320O\340\210\222n\324M\333\230\231\223b\240OlG\211AQ\v\24\362\33\3654\211e\303~\336\333\251\323\274\367\224W\265\235\r[\313^\4Y.'.ue\227\5\231\351\273q\0\232\vY\325\332\230\342\360\2101\275)\321\204w3Z\310l\r\220<\377\210wYc\267J\5\203=\362\36\355%\4\226\301\361H\"\374*\3748|\1a\237\354m`I\2=g#\16;\213\206\t;\352\v`\250\351\217\244Y+\323W\253\257\274\222\30(u\265x\334Z\0T52\236\2521\333u\254\6google\300\33\0/\0\1\0\0\30p\0\27\ngoogle-ads\2se\0\0\6 \0\0\0\0\3\301\213\0.\0\1\0\0\30p\1\26\0/\10\2\0\0\34 _\16\310\222^\374\337\276\310\243\2se\0\252%\1V\325c\346\355\276H\335\352\321|J\5D\360\346x\347+\357M?\343p&Q\364^x\230\343\231!\241\200.p\"x\31\216\0\222y\322\v\256\347\270\324)\236\306\362\237\355\0016b<+\355\37\264G6\366 \333n\22\236\374\222\371\242l\372\327\225\33\21\27\357\337w6m/\25F}\373\303:\254CA\375\277 b\177\4\334\22\223\326p\357\"\35\22\212j*{\4\098\253\3353.O\246m\360_H\241\31\271]\30\0\332\256\212\215\17HJ\365\257a\342\356L\220L\320\254\3451\356M\2622\324$\354Tj\366\230\376*\365\306\r}h-QL\33y\0277E\266\337z\244t\277}\224;ec\0Z\27\216SN\23\252I\230\37-\325\0\201\343\343\255\206-\241\7\336=z\3\203r\r\205<\313\23\236\314\353=\272\334\272d\327\366M\306\0=\365\353<G=\327b\200\204E\247\220\1\0\0)\5\254\0\0\200\0\0\0", iov_len=3928}], msg_iovlen=1, msg_control=[{cmsg_len=28, cmsg_level=SOL_IP, cmsg_type=IP_PKTINFO, cmsg_data={ipi_ifindex=if_nametoindex("wlan0"), ipi_spec_dst=inet_addr("10.0.0.38"), ipi_addr=inet_addr("10.0.0.38")}}], msg_controllen=32, msg_flags=0}, 0) = 738 13:07:12.821520 socket(AF_INET, SOCK_DGRAM|SOCK_CLOEXEC|SOCK_NONBLOCK, IPPROTO_IP) = 16 13:07:12.821930 connect(16, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("1.1.1.1")}, 16) = 0 13:07:12.822012 epoll_ctl(4, EPOLL_CTL_ADD, 16, {EPOLLIN, {u32=3909004784, u64=99629970402800}}) = 0 13:07:12.822089 write(16, "\313\342\1\20\0\1\0\0\0\0\0\1\2se\0\0000\0\1\0\0)\20\0\0\0\200\0\0\27\0\5\0\7\5\7\10\n\r\16\17\0\6\0\3\1\2\4\0\7\0\1\1", 54) = 54
13:07:12.822252 epoll_ctl(4, EPOLL_CTL_DEL, 17, NULL) = 0
13:07:12.822320 close(17)               = 0
13:07:12.822456 epoll_wait(4, [{EPOLLIN, {u32=3909210464, u64=99629970608480}}], 19, -1) = 1
13:07:12.837859 recvfrom(15, NULL, 0, MSG_PEEK|MSG_TRUNC, NULL, NULL) = 738
13:07:12.838198 recvmsg(15, {msg_name={sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("1.1.1.1")}, msg_namelen=128->16, msg_iov=[{iov_base="$\363\201\260\0\1\0\0\0\4\0\1\6google\2se\0\0+\0\1\2se\0\0\6\0\1\0\0\34 \0@\22catcher-in-the-rye\3nic\300\33\20registry-default\300<xg\324\t\0\0\7\10\0\0\7\10\0\r/\0\0\0\34 \300\33\0.\0\1\0\0\34 \1\26\0\6\10\1\0\2\243\0_\21?\200_\09\217\310\243\2se\0000\323\363\10\36\317C\366\270\23!;\312\313\210\332\30i\234I\360\253\367\201\314>s\4\6\210\264\2\277`\322e\206\376\6\314H\230w2X\49\235\34\340\226N\6\3GV\360\243r#\251\333b\202\224\4\0]i\375~C\215T\37\223Y\354\24\260@\375m\215\4\177#1\347zT\356\337g\231G[V\254\313\221\336\320O\340\210\222n\324M\333\230\231\223b\240OlG\211AQ\v\24\362\33\3654\211e\303~\336\333\251\323\274\367\224W\265\235\r[\313^\4Y.'.ue\227\5\231\351\273q\0\232\vY\325\332\230\342\360\2101\275)\321\204w3Z\310l\r\220<\377\210wYc\267J\5\203=\362\36\355%\4\226\301\361H\"\374*\3748|\1a\237\354m`I\2=g#\16;\213\206\t;\352\v`\250\351\217\244Y+\323W\253\257\274\222\30(u\265x\334Z\0T52\236\2521\333u\254\6google\300\33\0/\0\1\0\0\34 \0\27\ngoogle-ads\2se\0\0\6 \0\0\0\0\3\301\213\0.\0\1\0\0\34 \1\26\0/\10\2\0\0\34 _\16\310\222^\374\337\276\310\243\2se\0\252%\1V\325c\346\355\276H\335\352\321|J\5D\360\346x\347+\357M?\343p&Q\364^x\230\343\231!\241\200.p\"x\31\216\0\222y\322\v\256\347\270\324)\236\306\362\237\355\0016b<+\355\37\264G6\366 \333n\22\236\374\222\371\242l\372\327\225\33\21\27\357\337w6m/\25F}\373\303:\254CA\375\277 b\177\4\334\22\223\326p\357\"\35\22\212j*{\4\098\253\3353.O\246m\360_H\241\31\271]\30\0\332\256\212\215\17HJ\365\257a\342\356L\220L\320\254\3451\356M\2622\324$\354Tj\366\230\376*\365\306\r}h-QL\33y\0277E\266\337z\244t\277}\224;ec\0Z\27\216SN\23\252I\230\37-\325\0\201\343\343\255\206-\241\7\336=z\3\203r\r\205<\313\23\236\314\353=\272\334\272d\327\366M\306\0=\365\353<G=\327b\200\204E\247\220\1\0\0)\5\254\0\0\200\0\0\0", iov_len=3928}], msg_iovlen=1, msg_control=[{cmsg_len=28, cmsg_level=SOL_IP, cmsg_type=IP_PKTINFO, cmsg_data={ipi_ifindex=if_nametoindex("wlan0"), ipi_spec_dst=inet_addr("10.0.0.38"), ipi_addr=inet_addr("10.0.0.38")}}], msg_controllen=32, msg_flags=0}, 0) = 738 13:07:12.839367 socket(AF_INET, SOCK_DGRAM|SOCK_CLOEXEC|SOCK_NONBLOCK, IPPROTO_IP) = 17 13:07:12.839585 connect(17, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("1.1.1.1")}, 16) = 0 13:07:12.839662 epoll_ctl(4, EPOLL_CTL_ADD, 17, {EPOLLIN, {u32=3909100528, u64=99629970498544}}) = 0 13:07:12.839737 write(17, "\275\342\1\20\0\1\0\0\0\0\0\1\2se\0\0000\0\1\0\0)\20\0\0\0\200\0\0\27\0\5\0\7\5\7\10\n\r\16\17\0\6\0\3\1\2\4\0\7\0\1\1", 54) = 54
13:07:12.839892 epoll_ctl(4, EPOLL_CTL_DEL, 15, NULL) = 0
13:07:12.839957 close(15)               = 0
13:07:12.840092 epoll_wait(4, [{EPOLLIN, {u32=3909004784, u64=99629970402800}}], 19, -1) = 1
13:07:12.840159 recvfrom(16, NULL, 0, MSG_PEEK|MSG_TRUNC, NULL, NULL) = 875
13:07:12.840236 recvmsg(16, {msg_name={sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("1.1.1.1")}, msg_namelen=128->16, msg_iov=[{iov_base="\313\342\201\260\0\1\0\3\0\0\0\1\2se\0\0000\0\1\2se\0\0000\0\1\0\0\6\355\1\10\1\0\3\10\3\1\0\1\310\2053\2\354C\243\336\256\213I+\20\365\6P\266\216\205\367\304\377\232\260f(\254\242\1_\244\17]\361U\311\302\255\300\351\320\211\237\35\236\2779\262\217F\300\201\310\206E\205\t\270\270\344$\2\376\370H\1\354J\330\361\2567\334\343\325(>\345:C\300\20#\r\373\306\336\257\207\244UWa4\356aW\7Rx\365M#\23\302<\367\326\301r\336\371\347\376\255\16,e\247\37c\303mn\247z\251\22\357`q\305+\24\30\364Stl\\\254O\r\2\23F\16/\31\263\3vR\210h\273K_B\222\325\355\3736\251\221rC>\205\370\4I\342j\264l\345=\0015n\206\20I\361;C3\4Hg \323\23\376\242\356WNd\35\237B}\336*zc\24\256F\325R\30\315\374%\311\324\3D\350ed\0Bl\265\323\32-\257\310\6FBD\247\327\vX\342wcTLX\375\322f&Uy\272s\300\24\0000\0\1\0\0\6\355\1\10\1\1\3\10\3\1\0\1\307*@\313!\326\270o\7r\26^e\231\244*\356\203\323\4\30\"\206\265\342\310\277\ni\310w\207\201\340A\233s4\247\221U\364\211\252\272\374E\np]\350G\262\335W\374K:\23\241\326wb\261\205\365ao{\266\346\211\355\214 \30E\16\200\236\247^\257\366Z'\321\233\n\254\353\350\nC\333M=\"\24'km\334\242\221\207\2~\373\341\337M\332\236\364\36L'\367\217/\233\34\344\345y\252\225h\324I\210k\3714\33\17*\227\347\236\240i\252\242\262g)\222\247\4\27\36\324\336\312\376\342[\1\245\335\307\317\335N\254\247\275uZ\362\244_.\330\3302g\v\224\371\243\1\326S-Y>^,\373\320\355\270-\200\364\5\241:\220\342r\v\207a\27\346\312\307#\t\263\316\7\317\355;\230\376\270@\250\353\270\273&;\".4\23G!\356\212\5\24\5\26\240\335\235\305i5\331\6\17\346\311\252\24/E\300\24\0.\0\1\0\0\6\355\1\26\0000\10\1\0\0\16\20_\16\326\226^\376\257\315\350\17\2se\0,xi\207\373\272\221\207'\264\353`\34V\237\207D\340\n\344M<\31\323A\"\4\341*]0\0\36\362\372\354K\25T\332?k\341T4k\204\331N\372\220\354\243\367\337\244\16#\264\337}|\336b>A\271\252e\202\31\331r6\214\355\374l\214\370\200\336\5$\232\317\220l\266\243<_[\2601\214`\377\331@\227\25\260\230'\235\21~\312\255D\26\\\241F\356Erq\230p\25\n\371sr\200M\214Y\4K\365\6m\333\17\247!\270?\326J\221\21\336D\320\306\374\324\342\\\27$M\4\306\344!-C~\234\354\26D]0c\363$>r`\3739\2122\3732ES\276\313@g\335A\315\330\277d@\360\336\178\214\372\17\3329\205O\17\324^\32\205\266\311\5\254\305\274q\10\233\272m\360\374\30\\\345\335\355)k\234f\366\370\376%\v\231%\4\366\261\3046\303\24\303,R\35uzO\214I\26\0\0)\5\254\0\0\200\0\0\0", iov_len=3928}], msg_iovlen=1, msg_control=[{cmsg_len=28, cmsg_level=SOL_IP, cmsg_type=IP_PKTINFO, cmsg_data={ipi_ifindex=if_nametoindex("wlan0"), ipi_spec_dst=inet_addr("10.0.0.38"), ipi_addr=inet_addr("10.0.0.38")}}], msg_controllen=32, msg_flags=0}, 0) = 875 13:07:12.840524 socket(AF_INET, SOCK_DGRAM|SOCK_CLOEXEC|SOCK_NONBLOCK, IPPROTO_IP) = 15 13:07:12.840803 connect(15, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("1.1.1.1")}, 16) = 0 13:07:12.840874 epoll_ctl(4, EPOLL_CTL_ADD, 15, {EPOLLIN, {u32=3908959968, u64=99629970357984}}) = 0 13:07:12.840942 write(15, "]Q\1\20\0\1\0\0\0\0\0\1\2se\0\0+\0\1\0\0)\20\0\0\0\200\0\0\27\0\5\0\7\5\7\10\n\r\16\17\0\6\0\3\1\2\4\0\7\0\1\1", 54) = 54
13:07:12.841051 epoll_ctl(4, EPOLL_CTL_DEL, 16, NULL) = 0
13:07:12.841115 close(16)               = 0
13:07:12.841241 epoll_wait(4, [{EPOLLIN, {u32=3909100528, u64=99629970498544}}], 19, -1) = 1
13:07:12.856136 recvfrom(17, NULL, 0, MSG_PEEK|MSG_TRUNC, NULL, NULL) = 875
13:07:12.856527 recvmsg(17, {msg_name={sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("1.1.1.1")}, msg_namelen=128->16, msg_iov=[{iov_base="\275\342\201\260\0\1\0\3\0\0\0\1\2se\0\0000\0\1\2se\0\0000\0\1\0\0\6\355\1\10\1\0\3\10\3\1\0\1\310\2053\2\354C\243\336\256\213I+\20\365\6P\266\216\205\367\304\377\232\260f(\254\242\1_\244\17]\361U\311\302\255\300\351\320\211\237\35\236\2779\262\217F\300\201\310\206E\205\t\270\270\344$\2\376\370H\1\354J\330\361\2567\334\343\325(>\345:C\300\20#\r\373\306\336\257\207\244UWa4\356aW\7Rx\365M#\23\302<\367\326\301r\336\371\347\376\255\16,e\247\37c\303mn\247z\251\22\357`q\305+\24\30\364Stl\\\254O\r\2\23F\16/\31\263\3vR\210h\273K_B\222\325\355\3736\251\221rC>\205\370\4I\342j\264l\345=\0015n\206\20I\361;C3\4Hg \323\23\376\242\356WNd\35\237B}\336*zc\24\256F\325R\30\315\374%\311\324\3D\350ed\0Bl\265\323\32-\257\310\6FBD\247\327\vX\342wcTLX\375\322f&Uy\272s\300\24\0000\0\1\0\0\6\355\1\10\1\1\3\10\3\1\0\1\307*@\313!\326\270o\7r\26^e\231\244*\356\203\323\4\30\"\206\265\342\310\277\ni\310w\207\201\340A\233s4\247\221U\364\211\252\272\374E\np]\350G\262\335W\374K:\23\241\326wb\261\205\365ao{\266\346\211\355\214 \30E\16\200\236\247^\257\366Z'\321\233\n\254\353\350\nC\333M=\"\24'km\334\242\221\207\2~\373\341\337M\332\236\364\36L'\367\217/\233\34\344\345y\252\225h\324I\210k\3714\33\17*\227\347\236\240i\252\242\262g)\222\247\4\27\36\324\336\312\376\342[\1\245\335\307\317\335N\254\247\275uZ\362\244_.\330\3302g\v\224\371\243\1\326S-Y>^,\373\320\355\270-\200\364\5\241:\220\342r\v\207a\27\346\312\307#\t\263\316\7\317\355;\230\376\270@\250\353\270\273&;\".4\23G!\356\212\5\24\5\26\240\335\235\305i5\331\6\17\346\311\252\24/E\300\24\0.\0\1\0\0\6\355\1\26\0000\10\1\0\0\16\20_\16\326\226^\376\257\315\350\17\2se\0,xi\207\373\272\221\207'\264\353`\34V\237\207D\340\n\344M<\31\323A\"\4\341*]0\0\36\362\372\354K\25T\332?k\341T4k\204\331N\372\220\354\243\367\337\244\16#\264\337}|\336b>A\271\252e\202\31\331r6\214\355\374l\214\370\200\336\5$\232\317\220l\266\243<_[\2601\214`\377\331@\227\25\260\230'\235\21~\312\255D\26\\\241F\356Erq\230p\25\n\371sr\200M\214Y\4K\365\6m\333\17\247!\270?\326J\221\21\336D\320\306\374\324\342\\\27$M\4\306\344!-C~\234\354\26D]0c\363$>r`\3739\2122\3732ES\276\313@g\335A\315\330\277d@\360\336\178\214\372\17\3329\205O\17\324^\32\205\266\311\5\254\305\274q\10\233\272m\360\374\30\\\345\335\355)k\234f\366\370\376%\v\231%\4\366\261\3046\303\24\303,R\35uzO\214I\26\0\0)\5\254\0\0\200\0\0\0", iov_len=3928}], msg_iovlen=1, msg_control=[{cmsg_len=28, cmsg_level=SOL_IP, cmsg_type=IP_PKTINFO, cmsg_data={ipi_ifindex=if_nametoindex("wlan0"), ipi_spec_dst=inet_addr("10.0.0.38"), ipi_addr=inet_addr("10.0.0.38")}}], msg_controllen=32, msg_flags=0}, 0) = 875 13:07:12.857634 socket(AF_INET, SOCK_DGRAM|SOCK_CLOEXEC|SOCK_NONBLOCK, IPPROTO_IP) = 16 13:07:12.857850 connect(16, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("1.1.1.1")}, 16) = 0 13:07:12.857927 epoll_ctl(4, EPOLL_CTL_ADD, 16, {EPOLLIN, {u32=3908971056, u64=99629970369072}}) = 0 13:07:12.858002 write(16, "i\177\1\20\0\1\0\0\0\0\0\1\2se\0\0+\0\1\0\0)\20\0\0\0\200\0\0\27\0\5\0\7\5\7\10\n\r\16\17\0\6\0\3\1\2\4\0\7\0\1\1", 54) = 54
13:07:12.858146 epoll_ctl(4, EPOLL_CTL_DEL, 17, NULL) = 0
13:07:12.858211 close(17)               = 0
13:07:12.858346 epoll_wait(4, [{EPOLLIN, {u32=3908959968, u64=99629970357984}}], 19, -1) = 1
13:07:12.859547 recvfrom(15, NULL, 0, MSG_PEEK|MSG_TRUNC, NULL, NULL) = 368
13:07:12.859624 recvmsg(15, {msg_name={sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("1.1.1.1")}, msg_namelen=128->16, msg_iov=[{iov_base="]Q\201\260\0\1\0\2\0\0\0\1\2se\0\0+\0\1\2se\0\0+\0\1\0\1\n\255\0$\350\17\10\2g\250\340o\316\375\3319\177w\362lA\255\344\354\24/)\233\317\241\202\177\16\370\375\207\362\3660\"\300\24\0.\0\1\0\1\n\255\1\23\0+\10\1\0\1Q\200_\20\207\220^\377V\0\266\2\0qYA\357L\354\24y\232T\22a\331S\325do\306\227(\222\334\256\3\16N}p\211\323\210B\225l\371\204\221?\214\244[K\263\263\229\304\30\214@\252H\261\215Pu\204\316\220\357\\JS\314rhZ\223\253\330\344\212\262\33\17+\2032&\306\333\35\2444\352\\\336\222\245\341\353\205Ab\317;`\211R%\2149\21\2022\310n\26\262\324g\206\251vW\373.!5\357\271q g[\243\223x-\26\243A35\346\337\f/\275\31\371\200\216\272\332J!\3305\336\350q\25\367\275I\267\v\7\2128\214\202sqr\332\203\253|\245\30\207\322\215\372\341\300\2263<\242!N!\0\362\377l\305\357z\347\223\204o\16\354\5qxw8\7:\224e\223\20\332\323\312\337\302S(\2770\0377]G\272r\256\342\217\351\207\370\263I\355\t\f6\17\330\312\330\2468C\240\342o\344H\217\366\261\350\207\344F\333\0\0)\5\254\0\0\200\0\0\0", iov_len=3928}], msg_iovlen=1, msg_control=[{cmsg_len=28, cmsg_level=SOL_IP, cmsg_type=IP_PKTINFO, cmsg_data={ipi_ifindex=if_nametoindex("wlan0"), ipi_spec_dst=inet_addr("10.0.0.38"), ipi_addr=inet_addr("10.0.0.38")}}], msg_controllen=32, msg_flags=0}, 0) = 368 13:07:12.859900 socket(AF_INET, SOCK_DGRAM|SOCK_CLOEXEC|SOCK_NONBLOCK, IPPROTO_IP) = 17 13:07:12.860175 connect(17, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("1.1.1.1")}, 16) = 0 13:07:12.860245 epoll_ctl(4, EPOLL_CTL_ADD, 17, {EPOLLIN, {u32=3909065696, u64=99629970463712}}) = 0 13:07:12.860313 write(17, "\22\252\1\20\0\1\0\0\0\0\0\1\0\0000\0\1\0\0)\20\0\0\0\200\0\0\27\0\5\0\7\5\7\10\n\r\16\17\0\6\0\3\1\2\4\0\7\0\1\1", 51) = 51
13:07:12.860410 epoll_ctl(4, EPOLL_CTL_DEL, 15, NULL) = 0
13:07:12.860473 close(15)               = 0
13:07:12.860600 epoll_wait(4, [{EPOLLIN, {u32=3908971056, u64=99629970369072}}], 19, -1) = 1
13:07:12.875475 recvfrom(16, NULL, 0, MSG_PEEK|MSG_TRUNC, NULL, NULL) = 368
13:07:12.875877 recvmsg(16, {msg_name={sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("1.1.1.1")}, msg_namelen=128->16, msg_iov=[{iov_base="i\177\201\260\0\1\0\2\0\0\0\1\2se\0\0+\0\1\2se\0\0+\0\1\0\1\n\257\0$\350\17\10\2g\250\340o\316\375\3319\177w\362lA\255\344\354\24/)\233\317\241\202\177\16\370\375\207\362\3660\"\300\24\0.\0\1\0\1\n\257\1\23\0+\10\1\0\1Q\200_\20\207\220^\377V\0\266\2\0qYA\357L\354\24y\232T\22a\331S\325do\306\227(\222\334\256\3\16N}p\211\323\210B\225l\371\204\221?\214\244[K\263\263\229\304\30\214@\252H\261\215Pu\204\316\220\357\\JS\314rhZ\223\253\330\344\212\262\33\17+\2032&\306\333\35\2444\352\\\336\222\245\341\353\205Ab\317;`\211R%\2149\21\2022\310n\26\262\324g\206\251vW\373.!5\357\271q g[\243\223x-\26\243A35\346\337\f/\275\31\371\200\216\272\332J!\3305\336\350q\25\367\275I\267\v\7\2128\214\202sqr\332\203\253|\245\30\207\322\215\372\341\300\2263<\242!N!\0\362\377l\305\357z\347\223\204o\16\354\5qxw8\7:\224e\223\20\332\323\312\337\302S(\2770\0377]G\272r\256\342\217\351\207\370\263I\355\t\f6\17\330\312\330\2468C\240\342o\344H\217\366\261\350\207\344F\333\0\0)\5\254\0\0\200\0\0\0", iov_len=3928}], msg_iovlen=1, msg_control=[{cmsg_len=28, cmsg_level=SOL_IP, cmsg_type=IP_PKTINFO, cmsg_data={ipi_ifindex=if_nametoindex("wlan0"), ipi_spec_dst=inet_addr("10.0.0.38"), ipi_addr=inet_addr("10.0.0.38")}}], msg_controllen=32, msg_flags=0}, 0) = 368
13:07:12.877166 epoll_ctl(4, EPOLL_CTL_DEL, 16, NULL) = 0
13:07:12.877234 close(16)               = 0
13:07:12.877820 epoll_ctl(4, EPOLL_CTL_DEL, 17, NULL) = 0
13:07:12.877897 close(17)               = 0
13:07:12.878011 sendmsg(14, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="l\2\1\1P\0\0\0,\0\0\0'\0\0\0\5\1u\0\2\0\0\0\6\1s\0\5\0\0\0:1.61\0\0\0\10\1g\0\ta(iiay)st\0\0", iov_len=56}, {iov_base=",\0\0\0\0\0\0\0\4\0\0\0\2\0\0\0\4\0\0\0\330:\323\203\4\0\0\0\n\0\0\0\20\0\0\0*\0\24P@\17\10\10\0\0\0\0\0\0 \3\t\0\0\0google.se\0\0\0\0\0\0\0\1\0\0\0\0\0\0\0", iov_len=80}], msg_iovlen=2, msg_controllen=0, msg_flags=0}, MSG_DONTWAIT|MSG_NOSIGNAL) = 136 13:07:12.878121 sendmsg(14, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="l\1\1\1\225\0\0\0-\0\0\0\177\0\0\0\1\1o\0\25\0\0\0/org/freedesktop/DBus\0\0\0\3\1s\0\v\0\0\0RemoveMatch\0\0\0\0\0\2\1s\0\24\0\0\0org.freedesktop.DBus\0\0\0\0\6\1s\0\24\0\0\0org.freedesktop.DBus\0\0\0\0\10\1g\0\1s\0\0", iov_len=144}, {iov_base="\220\0\0\0type='signal',sender='org.freedesktop.DBus',path='/org/freedesktop/DBus',interface='org.freedesktop.DBus',member='NameOwnerChanged',arg0=':1.61'\0", iov_len=149}], msg_iovlen=2, msg_controllen=0, msg_flags=0}, MSG_DONTWAIT|MSG_NOSIGNAL) = 293

Here we have 13 write()s but only 12 recvmsg()s. All write()s are successful.

Relevant TE rules:
type my_dns_server_packet_t; # no packet_type attribute
type my_dns_client_packet_t;
allow systemd_resolved_t my_dns_client_packet_t:packet { send recv };
allow systemd_resolved_t my_dns_server_packet_t:packet { send recv };
allow iptables_t my_dns_client_packet_t:packet relabelto;
allow iptables_t my_dns_server_packet_t:packet relabelto;

Relevant NFT SECMARK rules:
table inet security {
        secmark dns_input {
                "system_u:object_r:my_dns_server_packet_t:s0"
        }
        secmark dns_output {
                "system_u:object_r:my_dns_client_packet_t:s0"
        }

        chain INPUT {
                type filter hook input priority 150; policy accept;

                ct state new tcp dport 53 meta secmark set "dns_input"
                ct state new udp dport 53 meta secmark set "dns_input"
                ct state new tcp dport 853 meta secmark set "dns_input"

                ct state new ct secmark set meta secmark
                ct state established,related meta secmark set ct secmark
        }

        chain OUTPUT {
                type filter hook output priority 150; policy accept;

                ct state new tcp dport 53 meta secmark set "dns_output"
                ct state new udp dport 53 meta secmark set "dns_output"
                ct state new tcp dport 853 meta secmark set "dns_output"

                ct state new ct secmark set meta secmark
                ct state established,related meta secmark set ct secmark
        }
}

Policy capabilities always_check_network, extended_socket_class and network_peer_controls are enabled.

-Topi




[Index of Archives]     [Selinux Refpolicy]     [Linux SGX]     [Fedora Users]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite Camping]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux