+Opera Browser

Discussion in 'LnS English Forum' started by Stem, Jan 15, 2008.

Thread Status:
Not open for further replies.
  1. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hello Frederic,

    I have been running the latest build for a while, without any problems, but, I did decide to run opera browser, for some reason I am seeing blocked outbound packets for DNS(raw rule) and TCP connections(open outbound TCP rule with changed remote port to 80). Is there any know conflict with L`n`S + Opera?

    (Please note that these are outbound packets (requests/ TCP SYN), not inbound)

    Regards,
    Stem
     
  2. Frederic

    Frederic LnS Developer

    Joined:
    Jan 9, 2003
    Posts:
    4,354
    Location:
    France
    Hi Stem,

    No, there is currently no known issue with Opera.

    Do you mean the DNS SPF rule didn't allowed a first DNS packet, and just after another packet was not allowed by a TCP port 80 rule ?
    One reason could be the local port for both packets was not in 1024-5000 range. But it would be strange this is specific to Opera.
    Do you have more information on the blocked packets (local port especially) ?

    Did it finally work, or any web page with Opera presented the issue ?

    Thanks,

    Frederic
     
  3. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hi Frederic,
    blocked.gif

    The blocked packets are random, but all outbound. The packet where within the port list to allow, as seen above, those are the packets dropped while connecting here, since that screen grab there have been 6 more blocked outbound TCP connections to this site.

    It is only when using Opera browser, and just wanted to check if there was a known issue.

    I will re-install Opera.

    Regards,
    Stem
     
  4. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Stem,

    Can you export and post the two corresponding authorizing rules?

    Also what version of Windows you running?
     
  5. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    XP pro sp2 all up-dates.

    If I thought it was a rule problem, and posting them could help, then I would, but, the problem is only with opera, when using firefox there are no blocked outbound.

    I have just re-installed Opera (latest build), so will run it for a while to re-check.

    Regards,
     
  6. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    So then you using official unmodified pre-packed authorizing rules... Thanks for the clarity!

    It's not an enough to see just the window capture of the Look 'n' Stop - Log screen, can you post the Packet's content screens for the two types of blockings?
     
  7. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    As I mentioned in my first post, the default TCP Authorize rule as been edited to only allow remote port 80.

    After re-installing Opera, there are no DNS lookups (currently) being dropped, but still outbound TCP connections. I have run FF and IE without problems.

    After 10 min of browsing this forum with Opera, I see:-

    blocked_TCP.gif

    example.gif
     
  8. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    First guess..., Perhaps there's an problem with 'Equal my @' or 'Local In' criterias, you could rule them out.. :)
     
  9. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    But as I have mentioned, if it is a rule problem, then why is it only a problem with Opera?
    I am currently running FF, with the exact same ruleset with no blocked packets.
     
  10. Thomas M

    Thomas M Registered Member

    Joined:
    Jan 12, 2003
    Posts:
    355
    Actually this is a known issue! I do see these outbound entries, too!

    A long time ago I reported this to Frederic. As far as I remember he told me that LnS might be too slow to react to the outbound request (too slow in regard to use the correct rule "TCP: allow port 80"). Therefore it blocks the packets at least ones before it is finally passed.

    By the way: I have one more application that reacts in the same way: it is called "Winbiff.exe" (an E-Mail notification tool). It produces log entries (blocked traffic) on port 993 (IMAP-SSL).

    I learned to ignore these blocks. However, it prevented me from generally using Opera, because it dramatically slows down browsing speed :(

    Thomas :)
     
  11. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hi Thomas,

    Yes, it is a problem with the rule activation.
    If I leave the rule open for all applications then no blocked packets when using Opera, but if I place Applications within the rule (Opera included) then the first packet is dropped.
    [It looks like there is a time out of about 5 seconds for the rule. So any new packet sent within this time out is allowed, but any new outbound connection attempt outside this time, then the first connection attempt is blocked]

    Regards,
    Stem
     
  12. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Associating Applications..., no wonders! Exporting the two associated authorizing rules and posting would have helped from the beginning! :p
     
  13. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    So, are you now saying there are issues with Opera? or simply issues with Application association?
    It would of helped at the beginning if Frederic had mentioned the known problems rather than clearly stating:-
    So will this be fixed?
    Are do some applications just send packets too fast? :blink:
     
  14. Frederic

    Frederic LnS Developer

    Joined:
    Jan 9, 2003
    Posts:
    4,354
    Location:
    France
    I'm sorry, this is really what I thought when I've written it.
    If there was common support cases on this issue, I would have said something else. But it is not the case.
    And unfortunately, I didn't remember the following post:
    https://www.wilderssecurity.com/showthread.php?t=76207&highlight=opera
    And there are probably many other posts I no longer have in mind...
    I've to investigate further to know if a fix is possible.
    Something to try: increase the priority of Look 'n' Stop application. Even if this would be only a workaround, it may help to understand more about the issue.

    Frederic
     
  15. Frederic

    Frederic LnS Developer

    Joined:
    Jan 9, 2003
    Posts:
    4,354
    Location:
    France
    I've reproduced the issue with Opera.
    If I set the priority of Look 'n' Stop process to High, then the issue disappears.

    I will try to propose a patch for lnsfw1.sys.

    Frederic
     
  16. Thomas M

    Thomas M Registered Member

    Joined:
    Jan 12, 2003
    Posts:
    355
    :thumb: :thumb: :thumb:
    That would be great!

    Thomas :)
     
  17. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hello Frederic,
    Thank you for checking.
    I prefer not to change interupt priority.
    I have seen that there is no problem with placing a blocking rule with associated applications, even Opera is blocked with a specfic rule, so the problem is only with allow rules (so not a security problem).
    So I can work-around this without problems.

    That would be good, and certainly appricaiated, as it may not just be Opera that causes problems?

    Regards,
    Stem
     
Thread Status:
Not open for further replies.