From 079b4e7f9a6b991cac5ae270964c8ddebd3cc1e6 Mon Sep 17 00:00:00 2001
From: Reactor Scram <ReactorScram@users.noreply.github.com>
Date: Fri, 2 Feb 2024 15:49:05 -0600
Subject: [PATCH] fix(firezone-tunnel(windows)): don't panic if the sending
 ring buffer is full (#3544)

I never saw this replicate, but in theory it could happen. This PR just
drops packets while the ring buffer is full.

Closes #3518
---
 .../tunnel/src/device_channel/tun_windows.rs  | 19 ++++++++++++-------
 1 file changed, 12 insertions(+), 7 deletions(-)

diff --git a/rust/connlib/tunnel/src/device_channel/tun_windows.rs b/rust/connlib/tunnel/src/device_channel/tun_windows.rs
index 51cf1b820..8ff937077 100644
--- a/rust/connlib/tunnel/src/device_channel/tun_windows.rs
+++ b/rust/connlib/tunnel/src/device_channel/tun_windows.rs
@@ -222,14 +222,19 @@ impl Tun {
     }
 
     fn write(&self, bytes: &[u8]) -> io::Result<usize> {
-        // TODO: If the ring buffer is full, don't panic, just return Ok(None) or an error or whatever the Unix impls do.
-        // <https://github.com/firezone/firezone/issues/3518>
-        // Make sure this doesn't block.
-        let mut pkt = self
-            .session
-            .allocate_send_packet(bytes.len().try_into().unwrap())
-            .unwrap();
+        let len = bytes
+            .len()
+            .try_into()
+            .expect("Packet length should fit into u16");
+
+        let Ok(mut pkt) = self.session.allocate_send_packet(len) else {
+            // Ring buffer is full, just drop the packet since we're at the IP layer
+            return Ok(0);
+        };
+
         pkt.bytes_mut().copy_from_slice(bytes);
+        // `send_packet` cannot fail to enqueue the packet, since we already allocated
+        // space in the ring buffer.
         self.session.send_packet(pkt);
         Ok(bytes.len())
     }