[client] Skip down interfaces in network address collection for posture checks

[lixmal]

Describe your changes

The networkAddresses() function in client/system/info.go reports IPs from all interfaces regardless of state. On Windows, disconnected adapters retain stale DHCP addresses, so the "Peer Network Range" posture check matches those addresses against deny rules and blocks the peer entirely (0 peers, 0 routes).

• Filter out interfaces without net.FlagUp before collecting addresses for peer system metadata
• Leave a TODO on localip.go which has the same issue independently

Issue ticket number and link

#1743

Stack

Checklist

• Is it a bug fix
• Is a typo/documentation fix
• Is a feature enhancement
• It is a refactor
• Created tests that fail without the change (if possible)

By submitting this pull request, you confirm that you have read and agree to the terms of the Contributor License Agreement.

Documentation

Select exactly one:

• I added/updated documentation for this change
• Documentation is not needed for this change (explain why)

No user-facing behavior change in docs, the client simply stops reporting addresses from down interfaces.

Summary by CodeRabbit

• Bug Fixes

  • Improved network interface filtering to exclude inactive network interfaces from system information.

• Chores

  • Added planning notes for enhanced network interface detection logic.

[coderabbitai]

📝 Walkthrough

Walkthrough

Network interface filtering logic was enhanced across two files. One file added TODO comments noting future filtering improvements, while another implemented a check to skip network interfaces that are not in the "up" state before further processing.

Changes

Cohort / File(s)	Summary
Network Interface State Filtering client/firewall/uspfilter/localip.go, client/system/info.go	Added filtering to skip network interfaces not in the "up" state. localip.go includes TODO comments for future improvements; info.go implements the actual filtering check using net.FlagUp before processing interface hardware addresses and enumeration.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Suggested reviewers

• pappz
• crn4

Poem

🐰 Network interfaces standing tall,
No longer shall the down ones call,
With FlagUp checks and TODO dreams,
We filter flows like mountain streams! ✨

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately describes the main change: filtering down interfaces when collecting network addresses for posture checks.
Description check	✅ Passed	The PR description follows the template structure with all required sections completed: changes described, issue linked, bug fix marked, and documentation exemption explained.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix-posture-check-down-ifaces

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[coderabbitai]

🧹 Nitpick comments (1)

client/firewall/uspfilter/localip.go (1)

147-148: Consider linking this TODO to a concrete tracking issue.

Nice callout of the gap. To avoid this getting lost, include an issue/PR reference directly in the TODO (for example, “TODO(#1743 or follow-up issue): ...”).

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@client/firewall/uspfilter/localip.go` around lines 147 - 148, The TODO in
localip.go noting "filter out down interfaces (net.FlagUp)..." should include a
concrete tracking reference so it isn't lost; update that comment (near the
logic that refreshes interface list in the functions handling local IP
discovery, e.g., the code block around the refresh/filter logic in localip.go)
to read something like "TODO(#<issue-number>): filter out down interfaces
(net.FlagUp) and handle interfaces coming up between refreshes" or reference the
PR number you create, replacing <issue-number> with the actual issue/PR ID.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@client/firewall/uspfilter/localip.go`:
- Around line 147-148: The TODO in localip.go noting "filter out down interfaces
(net.FlagUp)..." should include a concrete tracking reference so it isn't lost;
update that comment (near the logic that refreshes interface list in the
functions handling local IP discovery, e.g., the code block around the
refresh/filter logic in localip.go) to read something like
"TODO(#<issue-number>): filter out down interfaces (net.FlagUp) and handle
interfaces coming up between refreshes" or reference the PR number you create,
replacing <issue-number> with the actual issue/PR ID.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 74b87413-d733-48f3-848e-f3102716980f

📥 Commits

Reviewing files that changed from the base of the PR and between d97fe84 and bc2c07b.

📒 Files selected for processing (2)

• client/firewall/uspfilter/localip.go
• client/system/info.go