Global option to disable network broadcast traffic from backend drivers
I am using libsane 1.0.27 and colord 1.4.3 on Debian 10 buster. When plugging in my USB printer/scanner, colord-sane is started and sends out some UDP broadcasts over the network. From audit log:
type=PROCTITLE msg=audit(09/04/2019 19:10:03.186:4371) : proctitle=/usr/lib/colord/colord-sane
type=SOCKADDR msg=audit(09/04/2019 19:10:03.186:4371) : saddr={ fam=inet laddr=192.168.1.255 lport=8612 }
type=SYSCALL msg=audit(09/04/2019 19:10:03.186:4371) : arch=x86_64 syscall=sendto success=yes exit=16 a0=0xd a1=0x7ffcc15958b0 a2=0x10 a3=0x0 items=0 ppid=765 pid=31679 auid=unset uid=colord gid=colord euid=colord suid=colord fsuid=colord egid=colord sgid=colord fsgid=colord tty=(none) ses=unset comm=colord-sane exe=/usr/lib/colord/colord-sane subj==unconfined key=send
type=PROCTITLE msg=audit(09/04/2019 19:10:03.186:4372) : proctitle=/usr/lib/colord/colord-sane
type=SOCKADDR msg=audit(09/04/2019 19:10:03.186:4372) : saddr={ fam=inet laddr=192.168.1.255 lport=8610 }
type=SYSCALL msg=audit(09/04/2019 19:10:03.186:4372) : arch=x86_64 syscall=sendto success=yes exit=16 a0=0xd a1=0x7ffcc15958b0 a2=0x10 a3=0x0 items=0 ppid=765 pid=31679 auid=unset uid=colord gid=colord euid=colord suid=colord fsuid=colord egid=colord sgid=colord fsgid=colord tty=(none) ses=unset comm=colord-sane exe=/usr/lib/colord/colord-sane subj==unconfined key=send
type=PROCTITLE msg=audit(09/04/2019 19:10:03.726:4379) : proctitle=/usr/lib/colord/colord-sane
type=SOCKADDR msg=audit(09/04/2019 19:10:03.726:4379) : saddr={ fam=inet laddr=255.255.255.255 lport=161 }
type=SYSCALL msg=audit(09/04/2019 19:10:03.726:4379) : arch=x86_64 syscall=sendmsg success=yes exit=73 a0=0xe a1=0x7ffcc159cc60 a2=MSG_DONTWAIT|MSG_NOSIGNAL a3=0x55ea0bed5147 items=0 ppid=765 pid=31679 auid=unset uid=colord gid=colord euid=colord suid=colord fsuid=colord egid=colord sgid=colord fsgid=colord tty=(none) ses=unset comm=colord-sane exe=/usr/lib/colord/colord-sane subj==unconfined key=send
type=PROCTITLE msg=audit(09/04/2019 19:10:05.246:4390) : proctitle=/usr/lib/colord/colord-sane
type=SOCKADDR msg=audit(09/04/2019 19:10:05.246:4390) : saddr={ fam=inet laddr=255.255.255.255 lport=3289 }
type=SYSCALL msg=audit(09/04/2019 19:10:05.246:4390) : arch=x86_64 syscall=sendto success=yes exit=15 a0=0xe a1=0x7f32ce62e540 a2=0xf a3=0x0 items=0 ppid=765 pid=31679 auid=unset uid=colord gid=colord euid=colord suid=colord fsuid=colord egid=colord sgid=colord fsgid=colord tty=(none) ses=unset comm=colord-sane exe=/usr/lib/colord/colord-sane subj==unconfined key=send
type=PROCTITLE msg=audit(09/04/2019 19:10:07.250:4392) : proctitle=/usr/lib/colord/colord-sane
type=SOCKADDR msg=audit(09/04/2019 19:10:07.250:4392) : saddr={ fam=inet laddr=255.255.255.255 lport=1124 }
type=SYSCALL msg=audit(09/04/2019 19:10:07.250:4392) : arch=x86_64 syscall=sendto success=yes exit=37 a0=0xd a1=0x55ea0beba000 a2=0x25 a3=0x0 items=0 ppid=765 pid=31679 auid=unset uid=colord gid=colord euid=colord suid=colord fsuid=colord egid=colord sgid=colord fsgid=colord tty=(none) ses=unset comm=colord-sane exe=/usr/lib/colord/colord-sane subj==unconfined key=send
The same happens again when I unplug the USB connection.
I would expect no network traffic to be generated at all.
Others reported this issue last year with colord (Bug 104465 - Colord produces network broadcast traffic), but then noticed that the traffic is actually generated by libsane, which is used by colord-sane, and that all the SANE backend drivers would need to be configured one-by-one to disable the network discovery.
The colord-sane source code has the following SANE function call:
status = sane_get_devices (&device_list, TRUE);
From the SANE Standard Version 1.0.6 API documentation:
SANE_Status sane_get_devices (const SANE_Device *** device_list, SANE_Bool local_only);
If argument local_only is true, only local devices are returned (devices directly attached to the machine that SANE is running on). If it is false, the device list includes all remote devices that are accessible to the SANE library.
So, with local_only
already set to TRUE, I don't know how else SANE could be instructed not to look for remote devices.
As far as I can tell, there is currently also no global option in /etc/sane.d
to disable all network discovery. Would such an option be difficult to implement? I can imagine the individual backend drivers are quite free now in deciding if and how they discover network scanners.