Driver: fortcout: Improve 127.0.0.1, 255.255.255.255 addresses handling

src/driver/common/fortconf.h

@@ -171,14 +171,16 @@ typedef struct fort_conf_rule_flag
 
 typedef struct fort_conf_meta_conn
 {
-    UCHAR is_reauth : 1;
-    UCHAR inbound : 1;
-    UCHAR isIPv6 : 1;
-    UCHAR is_tcp : 1;
-    UCHAR is_loopback : 1;
-    UCHAR is_local_net : 1;
-    UCHAR inherited : 1;
-    UCHAR blocked : 1;
+    UINT16 is_reauth : 1;
+    UINT16 inbound : 1;
+    UINT16 isIPv6 : 1;
+    UINT16 is_tcp : 1;
+    UINT16 is_loopback : 1;
+    UINT16 is_multicast : 1;
+    UINT16 is_local_net : 1;
+    UINT16 inherited : 1;
+    UINT16 blocked : 1;
+
     UCHAR block_reason;
 
     UCHAR ip_proto;

src/driver/fortcout.c

@@ -360,7 +360,7 @@ inline static BOOL fort_callout_ale_check_filter_lan_flags(
 inline static BOOL fort_callout_ale_check_filter_inet_flags(
         PFORT_CONF_META_CONN conn, FORT_CONF_FLAGS conf_flags)
 {
-    if (conf_flags.block_inet_traffic) {
+    if (conf_flags.block_inet_traffic && !conn->is_multicast) {
         return TRUE; /* block Internet */
     }
 
@@ -510,20 +510,24 @@ inline static BOOL fort_callout_ale_is_local_address(PFORT_CALLOUT_ARG ca,
 {
     PFORT_CONF_META_CONN conn = &cx->conn;
 
-    conn->is_loopback = (classify_flags & FWP_CONDITION_FLAG_IS_LOOPBACK) != 0;
-
     if (conf_flags.filter_locals)
         return FALSE;
 
     /* Loopback */
-    if (!conn->is_loopback || conf_flags.block_traffic)
-        return FALSE;
+    conn->is_loopback = (classify_flags & FWP_CONDITION_FLAG_IS_LOOPBACK) != 0;
+
+    if (conn->is_loopback) {
+        return !conf_flags.block_traffic;
+    }
 
     /* Multicast */
-    if (!fort_addr_is_local_multicast(conn) || conf_flags.block_lan_traffic)
-        return FALSE;
+    conn->is_multicast = (UINT16) fort_addr_is_local_multicast(conn);
 
-    return TRUE;
+    if (conn->is_multicast) {
+        return !conf_flags.block_lan_traffic;
+    }
+
+    return FALSE;
 }
 
 static void fort_callout_ale_classify(PFORT_CALLOUT_ARG ca)