[kext] Resolve verdict of pending conn on shutdown

windows_kext/driver/src/device.rs

@@ -296,9 +296,21 @@ impl Device {
         }
     }
 
-    pub fn shutdown(&self) {
+    pub fn shutdown(&mut self) {
         // End blocking operations from the queue. This will end pending read requests.
         self.event_queue.rundown();
+
+		// Resolve all pending packets. This is important for proper driver unload.
+        let pending_packets = self.packet_cache.pop_all();
+        for el in pending_packets {
+            let key = el.value.0;
+            let packet = el.value.1;
+            // Set any verdict. Driver will unload after that and the filter will not be active.
+            _ = self
+                .connection_cache
+                .update_connection(key, crate::connection::Verdict::PermanentBlock);
+            _ = self.inject_packet(packet, true); // Blocked must be set, so it only handles the ALE layer.
+        }
     }
 
     pub fn inject_packet(&mut self, packet: Packet, blocked: bool) -> Result<(), String> {

windows_kext/driver/src/id_cache.rs

@@ -1,3 +1,5 @@
+use core::mem;
+
 use alloc::collections::VecDeque;
 use protocol::info::Info;
 use smoltcp::wire::{IpAddress, IpProtocol};
@@ -5,8 +7,8 @@ use wdk::rw_spin_lock::RwSpinLock;
 
 use crate::{connection::Direction, connection_map::Key, device::Packet};
 
-struct Entry<T> {
-    value: T,
+pub struct Entry<T> {
+    pub value: T,
     id: u64,
 }
 
@@ -54,6 +56,14 @@ impl IdCache {
         let _guard = self.lock.read_lock();
         return self.values.len();
     }
+
+    pub fn pop_all(&mut self) -> VecDeque<Entry<(Key, Packet)>> {
+        let mut values = VecDeque::with_capacity(1);
+        let _guard = self.lock.write_lock();
+        mem::swap(&mut self.values, &mut values);
+
+        return values;
+    }
 }
 
 fn get_payload(packet: &Packet) -> Option<&[u8]> {