Unstable system, Yosemite+Latest update

General discussions about Little Snitch
rwmarvin
Posts: 2
Joined: Wed Oct 29, 2014 2:10 am

Re: Unstable system, Yosemite+Latest update

Post by rwmarvin » Wed Oct 29, 2014 2:26 am

I have noticed a similar pattern with my 27" late 2009 iMac. Seems to be triggered by launchd on port 22 (ssh) asking for permission on incoming traffic. When it happens I get similar console messages. I use ssh on 22 for remote access, so I am going to try making a rule to accept this traffic and see what happens.

10/28/14 5:22:07.000 AM kernel[0]: LS(4216) m66deaaf0:42
10/28/14 5:22:07.000 AM kernel[0]: LS(4216) m66deaaf0:56
10/28/14 5:22:07.000 AM kernel[0]: LS(4216) m66deaaf0:71
10/28/14 5:22:08.000 AM kernel[0]: LS(4216) m66deaaf0:56
10/28/14 5:22:08.000 AM kernel[0]: LS(4216) m66deaaf0:35
10/28/14 5:22:08.000 AM kernel[0]: LS(4216) m66deaaf0:56
10/28/14 5:22:08.000 AM kernel[0]: LS(4216) m66deaaf0:51
10/28/14 5:22:09.000 AM kernel[0]: LS(4216) m66deaaf0:56
10/28/14 5:22:09.000 AM kernel[0]: LS(4216) m66deaaf0:35
10/28/14 5:22:09.000 AM kernel[0]: LS(4216) m66deaaf0:56
10/28/14 5:22:09.000 AM kernel[0]: LS(4216) m66deaaf0:51
10/28/14 5:22:10.000 AM kernel[0]: LS(4216) m66deaaf0:56
10/28/14 5:22:10.000 AM kernel[0]: LS(4216) m66deaaf0:35
10/28/14 5:22:10.000 AM kernel[0]: LS(4216) m66deaaf0:0

shiva
Posts: 1
Joined: Wed Oct 29, 2014 9:54 am

Re: Unstable system, Yosemite+Latest update

Post by shiva » Wed Oct 29, 2014 9:57 am

I am running LS on a late 2013 Macbook Pro Retina 15". After the YS update, I am having problems with Skype. I have not changed any rules, but Skype cannot now connect unless I stop network filtering. I don't get any popup requests, and I have no deny rules that I am aware of that could interfere.

I tried the latest dev build, and it did not help either.

Anyone seen and solved this ?

Thanks in advance,

Shiva

adagios-pt
Posts: 1
Joined: Fri Oct 31, 2014 6:20 pm

Re: Unstable system, Yosemite+Latest update

Post by adagios-pt » Fri Oct 31, 2014 6:22 pm

Having the same problem. Crashes after waking up or after using for a while, normally showing an attempt to connect to ssh port (22).

Have the same entries on the logs (

Code: Select all

31/10/14 15:57:19,000 kernel[0]: LS(4216) m66deaaf0:0
)

brian163
Posts: 17
Joined: Thu Oct 02, 2008 5:34 pm

Re: Unstable system, Yosemite+Latest update

Post by brian163 » Sat Nov 01, 2014 5:03 am

(Prelude: All, I had reported a problem with LS and incoming port 22 connections to ObjDev on 10/18. I received a response on 10/22 but unfortunately my originally reported suspicions related to a possible DNS correlation seemed to throw off the tech and the answers were off base. I had since confirmed the problem on a second machine at work and I've been wanting to follow up with support but been really busy. I've had a browser window open to this forum since then and as I was just cleaning up some tabs in Safari I noticed this thread...)

I can't say every problem in this thread is specifically caused by what I discovered. For those that have picked up on a correlation to inbound port 22 connections it does. For others that have Remote Access enabled in the Sharing control panel, it very may well. The problem in many cases manifests itself as a screen saver or black screen you can't exit out of or a desktop session that slowly stops responding, starting with the dock, menu bar and then individual apps. There is no registered kernel panic or process spin dump. Everything just stops responding and your forced to reboot. It occurs the first time the machine receives an inbound ssh connection. Little Snitch may or may not (I've see it do so once, often not) present a connection alert dialog. Either way, your system is already doomed.

Here is the fix:
1) Boot the machine and immediately go to the Little Snitch menu bar icon and select "Stop Network Filter". (If your machine locks up before you can even get that far, your likely getting an inbound ssh connection. If you have Remote Access open to the world, your almost guaranteed to be under a brute force attack attempt at some point every day. I'm not over exaggerating. Anyhow, if this is happening to you try pulling your network cable out of your computer if on ethernet or temporarily disable your wireless router so you can at least boot.)
2) Open "Rules..." from the Little Snitch menu bar icon.
3) Click the "New" (diamond shape with a +) button at the top left.
4) Your creating an "Allow connections" rule (should be default). Pull down "Outgoing" and select "Incoming".
5) Server: Should be default to "Any Server", change to if neccessary.
6) Process: Type in /sbin/launchd <-exactly like that
7) Process Owner: Select "System"
8 ) Port: Type 22 (it will add (ssh)).
9) Protocol: 6 (it will add (TCP)).
10) Make sure "Enabled" is checked.
11) Click Ok.
12) Go to Little Snitch menu bar icon and select "Start Network Filter".

At this point if you can test a remote inbound ssh connection from another machine, you should see there is no more locking up. All is well.

I have to do a little more research but I don't recall launchd being in the mix with sshd under 10.9. I think sshd was started on demand as part of the net stack services. I looked at it a long time ago, I just can't remember the correct terms. If anyone can speak more eloquently to the exact verbiage, please do.

At the end of the day, in case anyone at ObjDev is reading this thread, I think I finally caught the error at the heart of this problem just before one of my previous lock-ups on the second machine. It's not cut and pasted because all I could was jot it on a post-it note before force rebooting:

Kernel [0]: process LittleSnitch DA [54] thread 2173 caught burning CPU! It used more than 50% CPU for over 180 seconds...

Hope this helps others. Send beers not cheers. :lol: But seriously, if this resolves your issue please let the forum know. Thanks.

p.s. lyssophobe, I don't need a kidney now but if this earns me enough beers I'll reach out to you later. :wink:

gewithers
Posts: 2
Joined: Sat Nov 01, 2014 2:30 pm

Re: Unstable system, Yosemite+Latest update

Post by gewithers » Sat Nov 01, 2014 2:34 pm

i manually created two rules. One for myself and one for the sytem owner to allow incoming port 22 connections and the the black screen is now gone and all works well.

brian163
Posts: 17
Joined: Thu Oct 02, 2008 5:34 pm

Re: Unstable system, Yosemite+Latest update

Post by brian163 » Wed Nov 05, 2014 1:51 am

FYI, I received an email from ObjDev this morning saying the issue is addressed in a nightly build. I've seen references to these made in other posts so I believe it is ok to share:

Hi Brian,

I just wanted to let you know that we released a new Little Snitch 3.5 nightly-build (4226) which should take care of the issue.

You can update via the Little Snitch Preferences > Update window or directly download the installer from

http://www.obdev.at/downloads/littlesni ... htly-(4226).dmg

• OS X Yosemite changed how incoming ssh connections are handled. Incoming connections are no longer handled by sshd directly but instead by launchd. On OS X Yosemite, this version of Little Snitch automatically converts existing rules to ensure incoming SSH connections work as expected.

privserious
Posts: 5
Joined: Fri Oct 24, 2014 5:01 am

Re: Unstable system, Yosemite+Latest update

Post by privserious » Tue Nov 18, 2014 5:48 am

Well, the nightly posted above was working great. Last night, the app notified me of an update (back to an official release). The release notes claimed this issue was resolved, but what did I find when I came home? Locked up system, same symptoms. You've got to be kidding me. I waited a long time to purchase this software, but I'm removing it and will just consider the money a loss.

coolnodje
Posts: 1
Joined: Fri Nov 21, 2014 3:58 am

Re: Unstable system, Yosemite+Latest update

Post by coolnodje » Fri Nov 21, 2014 4:03 am

Bug still occurs with latest 4228.

I had to create a rule manually with Process Owner 'Everyone' and not 'System' to enable the ssh connection again.

Coincidentally, I installed 4228 on a 10.9.5 MBP, and I get regular kernel panic since.
It says
Kernel Extensions in backtrace:
com.apple.nke.applicationfirewall(153.0)[9D914876-4363-3882-961E-22323F1FCC62]@0xffffff7f879b5000->0xffffff7f879bcfff

BSD process name corresponding to current thread: socketfilterfw
but I can't help to feel that it's related to LS.

DrGrafix
Posts: 2
Joined: Tue Nov 25, 2014 12:45 am

Re: Unstable system, Yosemite+Latest update

Post by DrGrafix » Tue Nov 25, 2014 12:57 am

You guys are light years ahead of me in understanding what is going on. I'm just a old guy who thought it would be smart to know who my circa 2008 iMac running Yosemite was sometimes talking to and perhaps curtail some of that outflowing information. I installed it and have had nothing but problems. I never saw the beach ball in mail, now I'm seeing that and getting "Mail not responding" in the monitor. Sometimes I can get to Google as a start page, but trying to go to a forum... nada. So I used time machine to restore back a couple weeks, unfortunately, I didn't eliminate Little Snitch who I suspect is the cause... and I'm having so many issues like I can't seem to permanently disable it... I think I'd like to remove the application until I get a better handle on setting it up and what should be allowed and what should not be allowed.

So my question is how do I safely remove the application that will allow me to reinstall with my license key down the road. If its impossible to do, then I'll just chalk LS v3 up to bad karma and write off the expense. Thanks for any/all help.

martinR
Posts: 4
Joined: Thu Nov 20, 2014 3:51 am

Re: Unstable system, Yosemite+Latest update

Post by martinR » Tue Dec 02, 2014 6:03 pm

DrGrafix wrote:So my question is how do I safely remove the application that will allow me to reinstall with my license key down the road. If its impossible to do, then I'll just chalk LS v3 up to bad karma and write off the expense. Thanks for any/all help.

No idea if you monitor this thread. However you need to download the installer:
http://www.obdev.at/products/littlesnitch/download.html

Double click the downloaded (.DMG) file and a window will open up, you will see two icons:
'Little Snitch Installer.app' & 'Little Snitch Uninstaller.app'

If you have already tried other methods to uninstall 'Little Snitch' then you would be best to use the installer first so everything is in the correct place, reboot your Mac! Then double click the downloaded (.DMG) again and this time run (double click) the 'Little Snitch Uninstaller.app'.

After reboot, Little Snitch will have been removed using its own script. Hope this helps. From one 'old guy' to another :D

FritzS
Posts: 5
Joined: Tue May 20, 2014 7:37 am

Re: Unstable system, Yosemite+Latest update

Post by FritzS » Wed Dec 17, 2014 2:55 pm

I have a similar problem with Yosemite and LS

I use hibernatemode = 25 (binary 0001 1001) [instead of 3 (binary 0011)] - my suggestion, this comes every times after a wakeup!

My Yosemite was a fresh installation - I only import the user settings and files.

Today in system.log I found this:

Code: Select all

Dec 17 07:36:06 mynbook kernel[0]: *** kernel exceeded 500 log message per second limit  -  remaining messages this second discarded ***
Dec 17 07:36:07 mynbook kernel[0]: LS(4228) m66deaaf0:56
Dec 17 07:36:07 mynbook kernel[0]: LS(4228) m66deaaf0:28
Dec 17 07:36:07 mynbook kernel[0]: LS(4228) m66deaaf0:0
Dec 17 07:36:07 mynbook kernel[0]: LS(4228) m66deaaf0:56
Dec 17 07:36:07 mynbook kernel[0]: LS(4228) m66deaaf0:28
Dec 17 07:36:07 mynbook kernel[0]: LS(4228) m66deaaf0:0
Dec 17 07:36:07 mynbook kernel[0]: LS(4228) m66deaaf0:56
Dec 17 07:36:07 mynbook kernel[0]: LS(4228) m66deaaf0:28
Dec 17 07:36:07 mynbook kernel[0]: LS(4228) m66deaaf0:0
Dec 17 07:36:07 mynbook kernel[0]: LS(4228) m66deaaf0:56
Dec 17 07:36:07 mynbook kernel[0]: LS(4228) m66deaaf0:28
Dec 17 07:36:07 amynbook kernel[0]: LS(4228) m66deaaf0:0
Dec 17 07:36:07 mynbook.local Little Snitch Network Monitor[7293]: 3.5 (4228): m47caa567:19


EtreCheck:

Code: Select all

EtreCheck version: 2.1.2 (105)
Report generated 17. Dezember 2014 13:36:14 MEZ

Hardware Information: ??
   MacBook Pro (15-inch, Late 2008) (Verified)
   MacBook Pro - model: MacBookPro5,1
   1 2.4 GHz Intel Core 2 Duo CPU: 2-core
   8 GB RAM Upgradeable
      BANK 0/DIMM0
         4 GB DDR3 1067 MHz ok
      BANK 0/DIMM1
         4 GB DDR3 1067 MHz ok
   Bluetooth: Old - Handoff/Airdrop2 not supported
   Wireless:  en1: 802.11 a/b/g/n

Video Information: ??
   NVIDIA GeForce 9400M - VRAM: 256 MB
   NVIDIA GeForce 9600M GT - VRAM: 256 MB
      Color LCD 1440 x 900

System Software: ??
   OS X 10.10.1 (14B25) - Uptime: 0:27:30

Disk Information: ??
   WDC WD10JPVX-22JC3T0 disk0 : (1 TB)
   S.M.A.R.T. Status: Verified
      EFI (disk0s1) <not mounted> : 210 MB
      MBP mynbook (disk0s2) / : 999.35 GB (416.66 GB free)
      Recovery HD (disk0s3) <not mounted>  [Recovery]: 650 MB

   MATSHITADVD-R   UJ-868 

USB Information: ??
   Apple Inc. Built-in iSight
   Apple, Inc. Apple Internal Keyboard / Trackpad
   Apple Computer, Inc. IR Receiver
   Apple Inc. BRCM2046 Hub
      Apple Inc. Bluetooth USB Host Controller

Gatekeeper: ??
   Mac App Store and identified developers

Kernel Extensions: ??
      /Applications/HardwareMonitor.app
   [not loaded]   com.bresink.driver.BRESINKx86Monitoring (9.0) [Support]

      /Applications/VMware Fusion.app
   [not loaded]   com.vmware.kext.vmci (90.6.3) [Support]
   [not loaded]   com.vmware.kext.vmioplug.14.1.3 (14.1.3) [Support]
   [not loaded]   com.vmware.kext.vmnet (0231.47.74) [Support]
   [not loaded]   com.vmware.kext.vmx86 (0231.47.74) [Support]
   [not loaded]   com.vmware.kext.vsockets (90.6.0) [Support]

      /Library/Extensions
   [loaded]   at.obdev.nke.LittleSnitch (4228 - SDK 10.8) [Support]

      /System/Library/Extensions
   [not loaded]   org.dungeon.driver.SATSMARTDriver (0.8 - SDK 10.6) [Support]

Launch Agents: ??
   [running]   at.obdev.LittleSnitchUIAgent.plist [Support]
   [loaded]   org.macosforge.xquartz.startx.plist [Support]
   [running]   org.macports.gpg-agent.plist [Support]

Launch Daemons: ??
   [running]   at.obdev.littlesnitchd.plist [Support]
   [loaded]   com.cocoatech.pathfinder.SMFHelper7.plist [Support]
   [loaded]   com.microsoft.office.licensing.helper.plist [Support]
   [not loaded]   hdapm.plist [Support]
   [not loaded]   hdapm.plist~ [Support]
   [loaded]   org.macosforge.xquartz.privileged_startx.plist [Support]
   [not loaded]   org.macports.slapd.plist [Support]
   [running]   org.macports.unbound.plist [Support]

User Login Items: ??
   iTunesHelper   Programm (/Applications/iTunes.app/Contents/MacOS/iTunesHelper.app)
   VMware Fusion Start Menu   Programm (/Applications/VMware Fusion.app/Contents/Library/VMware Fusion Start Menu.app)
   CrossOver CD Helper   Programm (/Applications/CrossOver.app/Contents/Resources/CrossOver CD Helper.app)

Internet Plug-ins: ??
   Default Browser: Version: 600 - SDK 10.10
   QuickTime Plugin: Version: 7.7.3
   SharePointBrowserPlugin: Version: 14.4.7 - SDK 10.6 [Support]

Safari Extensions: ??
   AdBlock
   ClickToFlash
   SafariRestore
   JavaScript Blocker

3rd Party Preference Panes: ??
   None

Time Machine: ??
   Skip System Files: NO
   Auto backup: YES
   Volumes being backed up:
      MBP MyBook: Disk size: 999.35 GB Disk used: 582.68 GB
   Destinations:
      Seagate 2TB [Local]
      Total size: 2.00 TB
      Total number of backups: 27
      Oldest backup: 2014-10-28 17:34:20 +0000
      Last backup: 2014-12-17 08:39:55 +0000
      Size of backup disk: Adequate
         Backup size 2.00 TB > (Disk used 582.68 GB X 3)
      WD 2TB My Passport [Local]
      Total size: 2.00 TB
      Total number of backups: 32
      Oldest backup: 2014-08-12 14:13:51 +0000
      Last backup: 2014-12-16 16:47:30 +0000
      Size of backup disk: Adequate
         Backup size 2.00 TB > (Disk used 582.68 GB X 3)

Top Processes by CPU: ??
       23%   WindowServer
        9%   DriveDx
        7%   Microsoft Outlook
        2%   Microsoft Database Daemon
        0%   AppleSpell

Top Processes by Memory: ??
   653 MB   Safari
   318 MB   mds_stores
   309 MB   Smultron 6
   180 MB   WindowServer
   137 MB   Console

Virtual Memory Information: ??
   1.88 GB   Free RAM
   4.97 GB   Active RAM
   466 MB   Inactive RAM
   1.00 GB   Wired RAM
   3.82 GB   Page-ins
   0 B   Page-outs

Diagnostics Information: ??
   Dec 17, 2014, 01:09:25 PM   Self test - passed

   Standard users cannot read /Library/Logs/DiagnosticReports.
   Run as an administrator account to see more information.

Post Reply