From 4ae29c604ca8bebdfc219e348e3a5004533b4ca3 Mon Sep 17 00:00:00 2001
From: Thomas Eizinger <thomas@eizinger.io>
Date: Thu, 26 Sep 2024 07:19:15 +1000
Subject: [PATCH] fix(windows): only consider online adapters (#6810)

When deciding which interface we are going to use for connecting to the
portal API, we need to filter through all adapters on Windows and
exclude our own TUN adapter to avoid routing loops. In addition, we also
need to filter for only online adapters, otherwise we might pick one
that is not actually routable.

Resolves: #6802.
---
 rust/bin-shared/src/windows.rs           | 6 ++++++
 website/src/components/Changelog/GUI.tsx | 3 +++
 2 files changed, 9 insertions(+)

diff --git a/rust/bin-shared/src/windows.rs b/rust/bin-shared/src/windows.rs
index f4502607f..801cccecc 100644
--- a/rust/bin-shared/src/windows.rs
+++ b/rust/bin-shared/src/windows.rs
@@ -19,6 +19,7 @@ use windows::Win32::{
         CreateIpForwardEntry2, DeleteIpForwardEntry2, GetBestRoute2, GetIpForwardTable2,
         GET_ADAPTERS_ADDRESSES_FLAGS, IP_ADAPTER_ADDRESSES_LH, MIB_IPFORWARD_ROW2,
     },
+    NetworkManagement::Ndis::IfOperStatusUp,
     Networking::WinSock::{ADDRESS_FAMILY, AF_INET, AF_INET6, AF_UNSPEC, SOCKADDR_INET},
 };
 
@@ -216,6 +217,7 @@ impl Drop for RoutingTableEntry {
 fn get_best_non_tunnel_route(dst: IpAddr) -> io::Result<Route> {
     let route = list_adapters()?
         .filter(|adapter| !is_tun(adapter))
+        .filter(|adapter| is_up(adapter))
         .filter_map(|adapter| find_best_route_for_luid(&adapter.Luid, dst).ok())
         .min()
         .ok_or(io::Error::other("No route to host"))?;
@@ -299,6 +301,10 @@ fn is_tun(adapter: &IP_ADAPTER_ADDRESSES_LH) -> bool {
     friendly_name == TUNNEL_NAME
 }
 
+fn is_up(adapter: &IP_ADAPTER_ADDRESSES_LH) -> bool {
+    adapter.OperStatus == IfOperStatusUp
+}
+
 struct Route {
     metric: u32,
     addr: IpAddr,
diff --git a/website/src/components/Changelog/GUI.tsx b/website/src/components/Changelog/GUI.tsx
index 732761b5f..7890db68b 100644
--- a/website/src/components/Changelog/GUI.tsx
+++ b/website/src/components/Changelog/GUI.tsx
@@ -32,6 +32,9 @@ export default function GUI({ title }: { title: string }) {
             Fixes a bug where auto-sign-in with an expired token would cause a
             "Couldn't send Disconnect" error message.
           </ChangeItem>
+          <ChangeItem enable={title === "Windows"} pull="6810">
+            Fixes a bug where roaming from Ethernet to WiFi would cause Firezone to fail to connect to the portal.
+          </ChangeItem>
         </ul>
       </Entry>
       <Entry version="1.3.4" date={new Date("2024-09-19")}>