[ISSUE] protocol2 , port 0, pid -100 (unknown) - in connection log

[Uj947nXmRqV2nRaWshKtHzTvckUUpD]

I have this entry in connection log (latest afwall)

Old view:

AppID : -1
App Name:
Total Packets Blocked: 100
....
[2]157.229.179.131:0(28)
....

In new view, appears
as unknown (pid -100)

What could this be?

[ghost]

thanks for sharing this, an annoyance would perhaps be better word than the issue.. but I happened to notice the Unknown(-100) instance in the new view on my new phone and actually reinstalled (almost - apart for recovery partition) android 10 from scratch.. and its right there again:

iptables.log

AFWall+ Mode (whitelist [default enabled]/blacklist)
blacklist
Android ROM + exact version number
lineage-17.1-20210531-nightly-FP3-signed.zip
AFWall+ 3.5.2
What steps will reproduce the problem?
(install lineageos 17, ruin it with google apps, root it with magisk)
set the mode to blacklist, enable logs, show logs
What is the expected output? What do you see instead?
a name of the app or at least an explanation would be sufficient, seeing this makes me feel uneasy about my phones, since about lineageos 15, experimental feature 'startup data leak' is not applicable.

i am currently trying to reinstall this one more time without gapps (F-Droid seems to be good enough replacement, thanks for having updated AFWall+ there)
i will update this again later today.

[ghost]

after reinstallation of the same lineageos with magisk but without google apps, i saw the above Unknown app in logs for a while ..when logs worked, then something happened and since there there are no new log records even after phone reboot.. and deleting afwall with its data and reinstalling it via adb didn't resolve the problem with broken logs #1223

[V10lator]

Same here. Anyway, I'm pretty sure -100 isn't one app but multiple. For example I saw LAN connections on port 22000 blocked but that looks like syncthing (which is allowed to access LAN). Also there are so many different IPs ans ports in the log (around one new log/sec when the device is idle, sykrocketing when used), it's hard to believe this is one app.

[Uj947nXmRqV2nRaWshKtHzTvckUUpD]

Same here. Anyway, I'm pretty sure -100 isn't one app but multiple. For example I saw LAN connections on port 22000 blocked but that looks like syncthing (which is allowed to access LAN). Also there are so many different IPs ans ports in the log (around one new log/sec when the device is idle, sykrocketing when used), it's hard to believe this is one app.

Yes, I observed the same thing. My guess is that is the kernel itself or some very low level stuff going on (as previously afwall was reporting).

I can replicate with a very simple example. Open spotify app, then instantly there will be logged blocked entries under -100 with destination 224.0.0.22:0 on protocol 2 and source port my wifi lan ip and port 0. Indeed entries triggered from multiple apps are aggregated here.

One thing to mention is that I didn't observe any impact so far, and apps are working normally.

I managed to reduce the number of blocked connections to minimum, using Autostarts and App Manager (open source projects available on izzyondroid and f-droid) to stop a lot of android system apps i do not use from triggereing on certain events by managing the broadcasts and receivers.

[domeix]

Same problem on my new installed Galaxy S8, Android 9.
The log for "Unbekannt(-100)" (unknown(-100)) sums up connections, which are in my view initiated by different apps as I see the IP-addresses in the logs for other apps too.
In my case there is some random connection loss in different apps, e.g. the german warning app NINA, at the same time AFwall logs the blocked -100. Minutes later without any change, the connection is possible because of the correct PID.

edit: the ports are 0 and the correct ports of the addressed service (80, 433,...)

[mpotane]

Any updates on whats causing unknown -100 ?

[ukanth]

This is related to #1232. Duplicate