From 4ee8b66c42ab3446212cc2a10e33b5d69bc67f6c Mon Sep 17 00:00:00 2001
From: hakansa <43675540+hakansa@users.noreply.github.com>
Date: Mon, 17 Mar 2025 17:17:13 +0800
Subject: [PATCH] [client] refactor: optimize forwarder initialization checks
 in packet handling (#3521)

[client] refactor: optimize forwarder initialization checks in packet handling (#3521)
---
 client/firewall/uspfilter/uspfilter.go | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/client/firewall/uspfilter/uspfilter.go b/client/firewall/uspfilter/uspfilter.go
index 723ef6299..92da1b240 100644
--- a/client/firewall/uspfilter/uspfilter.go
+++ b/client/firewall/uspfilter/uspfilter.go
@@ -726,12 +726,13 @@ func (m *Manager) handleNetstackLocalTraffic(packetData []byte) bool {
 		return false
 	}
 
-	if m.forwarder.Load() == nil {
+	fwd := m.forwarder.Load()
+	if fwd == nil {
 		m.logger.Trace("Dropping local packet (forwarder not initialized)")
 		return true
 	}
 
-	if err := m.forwarder.Load().InjectIncomingPacket(packetData); err != nil {
+	if err := fwd.InjectIncomingPacket(packetData); err != nil {
 		m.logger.Error("Failed to inject local packet: %v", err)
 	}
 
@@ -777,8 +778,13 @@ func (m *Manager) handleRoutedTraffic(d *decoder, srcIP, dstIP netip.Addr, packe
 	}
 
 	// Let forwarder handle the packet if it passed route ACLs
-	if err := m.forwarder.Load().InjectIncomingPacket(packetData); err != nil {
-		m.logger.Error("Failed to inject incoming packet: %v", err)
+	fwd := m.forwarder.Load()
+	if fwd == nil {
+		m.logger.Trace("failed to forward routed packet (forwarder not initialized)")
+	} else {
+		if err := fwd.InjectIncomingPacket(packetData); err != nil {
+			m.logger.Error("Failed to inject routed packet: %v", err)
+		}
 	}
 
 	// Forwarded packets shouldn't reach the native stack, hence they won't be visible in a packet capture