From 532396d25c6a4b54a94d5893d55453f9bef9cca0 Mon Sep 17 00:00:00 2001
From: icpz <cc@icpz.dev>
Date: Tue, 22 Dec 2020 15:13:44 +0800
Subject: [PATCH] Fix: PROCESS-NAME rule for UDP sessions on Windows (#1140)

---
 component/process/process_windows.go | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/component/process/process_windows.go b/component/process/process_windows.go
index 39953111..ba96c7e4 100644
--- a/component/process/process_windows.go
+++ b/component/process/process_windows.go
@@ -133,7 +133,8 @@ func (s *searcher) Search(b []byte, ip net.IP, port uint16) (uint32, error) {
 		}
 
 		srcIP := net.IP(row[s.ip : s.ip+s.ipSize])
-		if !ip.Equal(srcIP) {
+		// windows binds an unbound udp socket to 0.0.0.0/[::] while first sendto
+		if !ip.Equal(srcIP) && (!srcIP.IsUnspecified() || s.tcpState != -1) {
 			continue
 		}