Disable prompting when re-evaluating connections

firewall/master.go

@@ -116,7 +116,11 @@ func decideOnConnection(ctx context.Context, conn *network.Connection, pkt packe
 	case profile.DefaultActionPermit:
 		conn.Accept("allowed by default action", profile.CfgOptionDefaultActionKey)
 	case profile.DefaultActionAsk:
-		prompt(ctx, conn, pkt)
+		// Only prompt if there has not been a decision already.
+		// This prevents prompts from being created when re-evaluating connections.
+		if conn.Verdict.Firewall == network.VerdictUndecided {
+			prompt(ctx, conn)
+		}
 	default:
 		conn.Deny("blocked by default action", profile.CfgOptionDefaultActionKey)
 	}

firewall/prompt.go

@@ -10,7 +10,6 @@ import (
 	"github.com/safing/portbase/notifications"
 	"github.com/safing/portmaster/intel"
 	"github.com/safing/portmaster/network"
-	"github.com/safing/portmaster/network/packet"
 	"github.com/safing/portmaster/profile"
 	"github.com/safing/portmaster/profile/endpoints"
 )
@@ -47,9 +46,9 @@ type promptProfile struct {
 	LinkedPath string
 }
 
-func prompt(ctx context.Context, conn *network.Connection, pkt packet.Packet) {
+func prompt(ctx context.Context, conn *network.Connection) {
 	// Create notification.
-	n := createPrompt(ctx, conn, pkt)
+	n := createPrompt(ctx, conn)
 	if n == nil {
 		// createPrompt returns nil when no further action should be taken.
 		return
@@ -81,11 +80,11 @@ func prompt(ctx context.Context, conn *network.Connection, pkt packet.Packet) {
 	}
 }
 
-// promptIDPrefix is an identifier for privacy filter prompts. This is also use
+// promptIDPrefix is an identifier for privacy filter prompts. This is also used
 // in the UI, so don't change!
 const promptIDPrefix = "filter:prompt"
 
-func createPrompt(ctx context.Context, conn *network.Connection, pkt packet.Packet) (n *notifications.Notification) {
+func createPrompt(ctx context.Context, conn *network.Connection) (n *notifications.Notification) {
 	expires := time.Now().Add(time.Duration(askTimeout()) * time.Second).Unix()
 
 	// Get local profile.
@@ -110,7 +109,7 @@ func createPrompt(ctx context.Context, conn *network.Connection, pkt packet.Pack
 			promptIDPrefix,
 			localProfile.ID,
 			conn.Inbound,
-			pkt.Info().RemoteIP(),
+			conn.Entity.IP,
 		)
 	default: // connection to domain
 		nID = fmt.Sprintf(

network/connection.go

@@ -119,7 +119,7 @@ type Connection struct { //nolint:maligned // TODO: fix alignment
 		// This is different from the Firewall verdict in order to guarantee proper
 		// transition between verdicts that need the connection to be re-established.
 		Active Verdict
-		// Firewall holsd the last (most recent) decision by the firewall.
+		// Firewall holds the last (most recent) decision by the firewall.
 		Firewall Verdict
 	}
 	// Reason holds information justifying the verdict, as well as additional