Revamp connection handling flow to fix race condition and support info-only packets

firewall/interception/windowskext/handler.go

@@ -8,8 +8,11 @@ import (
 	"errors"
 	"fmt"
 	"net"
+	"time"
 	"unsafe"
 
+	"github.com/safing/portmaster/process"
+
 	"github.com/tevino/abool"
 
 	"github.com/safing/portbase/log"
@@ -103,21 +106,28 @@ func Handler(packets chan packet.Packet) {
 			verdictRequest: packetInfo,
 			verdictSet:     abool.NewBool(false),
 		}
-
 		info := new.Info()
 		info.Inbound = packetInfo.direction > 0
 		info.InTunnel = false
 		info.Protocol = packet.IPProtocol(packetInfo.protocol)
-		info.PID = packetInfo.pid
+		info.PID = int(packetInfo.pid)
+		info.SeenAt = time.Now()
 
-		// IP version
+		// Check PID
+		if info.PID == 0 {
+			// Windows does not have zero PIDs.
+			// Set to UndefinedProcessID.
+			info.PID = process.UndefinedProcessID
+		}
+
+		// Set IP version
 		if packetInfo.ipV6 == 1 {
 			info.Version = packet.IPv6
 		} else {
 			info.Version = packet.IPv4
 		}
 
-		// IPs
+		// Set IPs
 		if info.Version == packet.IPv4 {
 			// IPv4
 			if info.Inbound {
@@ -142,7 +152,7 @@ func Handler(packets chan packet.Packet) {
 			}
 		}
 
-		// Ports
+		// Set Ports
 		if info.Inbound {
 			// Inbound
 			info.SrcPort = packetInfo.remotePort

firewall/interception/windowskext/packet.go

@@ -1,3 +1,4 @@
+//go:build windows
 // +build windows
 
 package windowskext
@@ -23,6 +24,12 @@ type Packet struct {
 	lock          sync.Mutex
 }
 
+// InfoOnly returns whether the packet is informational only and does not
+// represent an actual packet.
+func (pkt *Packet) InfoOnly() bool {
+	return pkt.verdictRequest.flags&VerdictRequestFlagSocketAuth > 0
+}
+
 // FastTrackedByIntegration returns whether the packet has been fast-track
 // accepted by the OS integration.
 func (pkt *Packet) FastTrackedByIntegration() bool {