From 99b41543b8ba4f5edf23dd959c1c6502cc996ca7 Mon Sep 17 00:00:00 2001
From: Viktor Liu <17948409+lixmal@users.noreply.github.com>
Date: Sat, 22 Mar 2025 18:51:48 +0100
Subject: [PATCH] [client] Fix flows for embedded listeners (#3564)

---
 client/firewall/uspfilter/uspfilter.go | 7 ++-----
 client/internal/netflow/manager.go     | 2 +-
 2 files changed, 3 insertions(+), 6 deletions(-)

diff --git a/client/firewall/uspfilter/uspfilter.go b/client/firewall/uspfilter/uspfilter.go
index 92da1b240..eb4438dbd 100644
--- a/client/firewall/uspfilter/uspfilter.go
+++ b/client/firewall/uspfilter/uspfilter.go
@@ -710,21 +710,18 @@ func (m *Manager) handleLocalTraffic(d *decoder, srcIP, dstIP netip.Addr, packet
 	}
 
 	// if running in netstack mode we need to pass this to the forwarder
-	if m.netstack {
+	if m.netstack && m.localForwarding {
 		return m.handleNetstackLocalTraffic(packetData)
 	}
 
 	// track inbound packets to get the correct direction and session id for flows
 	m.trackInbound(d, srcIP, dstIP, ruleID, size)
 
+	// pass to either native or virtual stack (to be picked up by listeners)
 	return false
 }
 
 func (m *Manager) handleNetstackLocalTraffic(packetData []byte) bool {
-	if !m.localForwarding {
-		// pass to virtual tcp/ip stack to be picked up by listeners
-		return false
-	}
 
 	fwd := m.forwarder.Load()
 	if fwd == nil {
diff --git a/client/internal/netflow/manager.go b/client/internal/netflow/manager.go
index b9068774c..ce642b86a 100644
--- a/client/internal/netflow/manager.go
+++ b/client/internal/netflow/manager.go
@@ -198,7 +198,7 @@ func (m *Manager) receiveACKs(client *client.GRPCClient) {
 			return nil
 		}
 		log.Tracef("received flow event ack: %s", id)
-		m.logger.DeleteEvents([]uuid.UUID{uuid.UUID(ack.EventId)})
+		m.logger.DeleteEvents([]uuid.UUID{id})
 		return nil
 	})