Add and improve InfoOnly and ExpectInfo packet flags

firewall/interception.go

@@ -173,9 +173,13 @@ func interceptionStart() error {
 	getConfig()
 	startAPIAuth()
 
-	interceptionModule.StartServiceWorker("stat logger", 0, statLogger)
 	interceptionModule.StartServiceWorker("packet handler", 0, packetHandler)
 
+	// Start stat logger if logging is set to trace.
+	if log.GetLogLevel() == log.TraceLevel {
+		interceptionModule.StartServiceWorker("stat logger", 0, statLogger)
+	}
+	
 	return interception.Start()
 }
 
@@ -543,6 +547,11 @@ func inspectAndVerdictHandler(conn *network.Connection, pkt packet.Packet) {
 }
 
 func issueVerdict(conn *network.Connection, pkt packet.Packet, verdict network.Verdict, allowPermanent bool) {
+	// Check if packed was already fast-tracked by the OS integration.
+	if pkt.FastTrackedByIntegration() {
+		return
+	}
+
 	// enable permanent verdict
 	if allowPermanent && !conn.VerdictPermanent {
 		conn.VerdictPermanent = permanentVerdicts()

firewall/interception/ebpf/connection_listener/packet.go

@@ -13,6 +13,12 @@ type infoPacket struct {
 	pmpacket.Base
 }
 
+// InfoOnly returns whether the packet is informational only and does not
+// represent an actual packet.
+func (pkt *infoPacket) InfoOnly() bool {
+	return true
+}
+
 // LoadPacketData does nothing on Linux, as data is always fully parsed.
 func (pkt *infoPacket) LoadPacketData() error {
 	return fmt.Errorf("can't load data in info only packet")

firewall/interception/windowskext/bandwidth_stats.go

@@ -1,3 +1,6 @@
+//go:build windows
+// +build windows
+
 package windowskext
 
 // This file contains example code how to read bandwidth stats from the kext. Its not ment to be used in production.

firewall/interception/windowskext/handler.go

@@ -30,6 +30,11 @@ const (
 	// connection that was intercepted on an ALE layer instead of in the network
 	// stack itself. Thus, no packet data is available.
 	VerdictRequestFlagSocketAuth = 2
+
+	// VerdictRequestFlagExpectSocketAuth indicates that the next verdict
+	// requests is expected to be an informational socket auth request from
+	// the ALE layer.
+	VerdictRequestFlagExpectSocketAuth = 4
 )
 
 // Do not change the order of the members! The structure is used to communicate with the kernel extension.

firewall/interception/windowskext/kext.go

@@ -127,8 +127,10 @@ func RecvVerdictRequest() (*VerdictRequest, error) {
 		return nil, ErrKextNotReady
 	}
 
-	timestamp := time.Now()
-	defer log.Tracef("winkext: getting verdict request took %s", time.Since(timestamp))
+	// DEBUG:
+	// timestamp := time.Now()
+	// defer log.Tracef("winkext: getting verdict request took %s", time.Since(timestamp))
+
 	// Initialize struct for the output data
 	var new VerdictRequest
 

firewall/interception/windowskext/packet.go

@@ -24,16 +24,21 @@ type Packet struct {
 	lock          sync.Mutex
 }
 
+// FastTrackedByIntegration returns whether the packet has been fast-track
+// accepted by the OS integration.
+func (pkt *Packet) FastTrackedByIntegration() bool {
+	return pkt.verdictRequest.flags&VerdictRequestFlagFastTrackPermitted > 0
+}
+
 // InfoOnly returns whether the packet is informational only and does not
 // represent an actual packet.
 func (pkt *Packet) InfoOnly() bool {
 	return pkt.verdictRequest.flags&VerdictRequestFlagSocketAuth > 0
 }
 
-// FastTrackedByIntegration returns whether the packet has been fast-track
-// accepted by the OS integration.
-func (pkt *Packet) FastTrackedByIntegration() bool {
-	return pkt.verdictRequest.flags&VerdictRequestFlagFastTrackPermitted > 0
+// ExpectInfo returns whether the next packet is expected to be informational only.
+func (pkt *Packet) ExpectInfo() bool {
+	return pkt.verdictRequest.flags&VerdictRequestFlagExpectSocketAuth > 0
 }
 
 // GetPayload returns the full raw packet.