Basic IPv6 support

Still missing: manual connection, QR-Code support needs to be changed to accomodate both IP versions (preferrably without breaking existing support

Author: Cobinja

src/auth.py

@@ -69,13 +69,13 @@ def get_server_creds(self):
 
     def get_cached_cert(self, hostname, ip_info):
         try:
-            return self.remote_certs["%s.%s" % (hostname, ip_info.ip4_address)]
+            return self.remote_certs["%s.%s" % (hostname, ip_info)]
         except KeyError:
             return None
 
     def process_remote_cert(self, hostname, ip_info, server_data):
         if server_data is None:
-            return False
+            return util.CertProcessingResult.FAILURE
         decoded = base64.decodebytes(server_data)
 
         hasher = hashlib.sha256()
@@ -89,11 +89,20 @@ def process_remote_cert(self, hostname, ip_info, server_data):
             logging.debug("Decryption failed for remote '%s': %s" % (hostname, str(e)))
             cert = None
 
+        res = util.CertProcessingResult.FAILURE
         if cert:
-            self.remote_certs["%s.%s" % (hostname, ip_info.ip4_address)] = cert
-            return True
-        else:
-            return False
+            key = "%s.%s" % (hostname, ip_info)
+            val = self.remote_certs.get(key)
+
+            if val is None:
+                res = util.CertProcessingResult.CERT_INSERTED
+            elif val == cert:
+                res = util.CertProcessingResult.CERT_UP_TO_DATE
+                return res
+            else:
+                res = util.CertProcessingResult.CERT_UPDATED
+            self.remote_certs[key] = cert
+        return res
 
     def get_encoded_local_cert(self):
         hasher = hashlib.sha256()
@@ -133,6 +142,8 @@ def _make_key_cert_pair(self):
 
         if self.ip_info.ip4_address is not None:
             alt_names.append(x509.IPAddress(ipaddress.IPv4Address(self.ip_info.ip4_address)))
+        if self.ip_info.ip6_address is not None:
+            alt_names.append(x509.IPAddress(ipaddress.IPv6Address(self.ip_info.ip6_address)))
 
         builder = builder.add_extension(x509.SubjectAlternativeName(alt_names), critical=True)
 

src/networkmonitor.py

@@ -102,65 +102,89 @@ def get_valid_interface_infos(self):
 
             try:
                 ip4 = iface[netifaces.AF_INET][0]
+            except KeyError:
+                ip4 = None
+            try:
+                ip6 = iface[netifaces.AF_INET6][0]
+            except KeyError:
+                ip6 = None
 
-                try:
-                    ip6 = iface[netifaces.AF_INET6][0]
-                except KeyError:
-                    ip6 = None
-
+            if ip4 is not None or ip6 is not None:
                 info = util.InterfaceInfo(ip4, ip6, iname)
                 valid.append(info)
-            except KeyError:
-                continue
 
         return valid
 
     def get_default_interface_info(self):
-        ip = self.get_default_ip()
+        ip4 = self.get_default_ip4()
+        ip6 = self.get_default_ip6()
         fallback_info = None
 
         for info in self.get_valid_interface_infos():
             if fallback_info is None:
                 fallback_info = info
             try:
-                if ip == info.ip4["addr"]:
+                if ip4 == info.ip4["addr"]:
+                    return info
+            except:
+                pass
+            try:
+                if ip6 == info.ip6["addr"]:
                     return info
             except:
                 pass
 
         return fallback_info
 
-    def get_default_ip(self):
-        with socket.socket(socket.AF_INET, socket.SOCK_DGRAM) as s:
-            try:
-                s.connect(("8.8.8.8", 80))
-            except OSError as e:
-                # print("Unable to retrieve IP address: %s" % str(e))
-                return "0.0.0.0"
+    def get_default_ip(self, ip_version):
+        with socket.socket(ip_version, socket.SOCK_DGRAM) as s:
+            if ip_version == socket.AF_INET:
+                try:
+                    s.connect(("8.8.8.8", 80))
+                except OSError as e:
+                    # print("Unable to retrieve IP address: %s" % str(e))
+                    return "0.0.0.0"
+            else:
+                try:
+                    s.connect(("2001:4860:4860::8888", 80))
+                except OSError as e:
+                    # print("Unable to retrieve IP address: %s" % str(e))
+                    return "[::]"
             ans = s.getsockname()[0]
             return ans
 
+    def get_default_ip4(self):
+        return self.get_default_ip(socket.AF_INET)
+
+    def get_default_ip6(self):
+        return self.get_default_ip(socket.AF_INET6)
+
     def emit_state_changed(self):
         logging.debug("Network state changed: online = %s" % str(self.online))
         self.emit("state-changed", self.online)
 
     # TODO: Do this with libnm
     def same_subnet(self, other_ip_info):
-        iface = ipaddress.IPv4Interface("%s/%s" % (self.current_ip_info.ip4_address,
-                                                   self.current_ip_info.ip4["netmask"]))
+        if self.current_ip_info.ip4_address is not None and other_ip_info.ip4_address is not None:
+            iface = ipaddress.IPv4Interface("%s/%s" % (self.current_ip_info.ip4_address,
+                                                    self.current_ip_info.ip4["netmask"]))
 
-        my_net = iface.network
+            my_net = iface.network
 
-        if my_net is None:
-            # We're more likely to have failed here than to have found something on a different subnet.
-            return True
+            if my_net is None:
+                # We're more likely to have failed here than to have found something on a different subnet.
+                return True
 
-        if my_net.netmask.exploded == "255.255.255.255":
-            logging.warning("Discovery: netmask is 255.255.255.255 - are you on a vpn?")
-            return False
+            if my_net.netmask.exploded == "255.255.255.255":
+                logging.warning("Discovery: netmask is 255.255.255.255 - are you on a vpn?")
+                return False
 
-        for addr in list(my_net.hosts()):
-            if other_ip_info.ip4_address == addr.exploded:
-                return True
+            for addr in list(my_net.hosts()):
+                if other_ip_info.ip4_address == addr.exploded:
+                    return True
 
+            return False
+        if self.current_ip_info.ip6_address is not None and other_ip_info.ip6_address is not None:
+            return True # TODO: Verify that this is actually true
+        logging.debug("No IP address found: %s" % (self))
         return False

src/remote.py

@@ -4,6 +4,7 @@
 import gettext
 import threading
 import logging
+import socket
 
 from gi.repository import GObject, GLib
 
@@ -79,6 +80,8 @@ def __init__(self, ident, hostname, display_hostname, ip_info, port, local_ident
 
         self.has_zc_presence = False # This is currently unused.
 
+        self.last_register = 0
+
     def start_remote_thread(self):
         # func = lambda: return
 
@@ -104,7 +107,7 @@ def remote_thread_v1(self):
 
         def run_secure_loop():
             logging.debug("Remote: Starting a new connection loop for %s (%s:%d)"
-                              % (self.display_hostname, self.ip_info.ip4_address, self.port))
+                              % (self.display_hostname, self.ip_info, self.port))
 
             cert = auth.get_singleton().get_cached_cert(self.hostname, self.ip_info)
             creds = grpc.ssl_channel_credentials(cert)
@@ -121,7 +124,7 @@ def run_secure_loop():
 
                     if not self.ping_timer.is_set():
                         logging.debug("Remote: Unable to establish secure connection with %s (%s:%d). Trying again in %ds"
-                                          % (self.display_hostname, self.ip_info.ip4_address, self.port, CHANNEL_RETRY_WAIT_TIME))
+                                          % (self.display_hostname, self.ip_info, self.port, CHANNEL_RETRY_WAIT_TIME))
                         self.ping_timer.wait(CHANNEL_RETRY_WAIT_TIME)
                         return True # run_secure_loop()
 
@@ -134,13 +137,13 @@ def run_secure_loop():
 
                     if self.busy:
                         logging.debug("Remote Ping: Skipping keepalive ping to %s (%s:%d) (busy)"
-                                          % (self.display_hostname, self.ip_info.ip4_address, self.port))
+                                          % (self.display_hostname, self.ip_info, self.port))
                         self.busy = False
                     else:
                         try:
                             # t = GLib.get_monotonic_time()
                             logging.debug("Remote Ping: to   %s (%s:%d)"
-                                          % (self.display_hostname, self.ip_info.ip4_address, self.port))
+                                          % (self.display_hostname, self.ip_info, self.port))
                             self.stub.Ping(warp_pb2.LookupName(id=self.local_ident,
                                                                readable_name=util.get_hostname()),
                                            timeout=5)
@@ -150,7 +153,7 @@ def run_secure_loop():
                                 self.set_remote_status(RemoteStatus.AWAITING_DUPLEX)
                                 if self.check_duplex_connection():
                                     logging.debug("Remote: Connected to %s (%s:%d)"
-                                                      % (self.display_hostname, self.ip_info.ip4_address, self.port))
+                                                      % (self.display_hostname, self.ip_info, self.port))
 
                                     self.set_remote_status(RemoteStatus.ONLINE)
 
@@ -161,12 +164,12 @@ def run_secure_loop():
                                     duplex_fail_counter += 1
                                     if duplex_fail_counter > DUPLEX_MAX_FAILURES:
                                         logging.debug("Remote: CheckDuplexConnection to %s (%s:%d) failed too many times"
-                                                          % (self.display_hostname, self.ip_info.ip4_address, self.port))
+                                                          % (self.display_hostname, self.ip_info, self.port))
                                         self.ping_timer.wait(CHANNEL_RETRY_WAIT_TIME)
                                         return True
                         except grpc.RpcError as e:
                             logging.debug("Remote: Ping failed, shutting down %s (%s:%d)"
-                                              % (self.display_hostname, self.ip_info.ip4_address, self.port))
+                                              % (self.display_hostname, self.ip_info, self.port))
                             break
 
                     self.ping_timer.wait(CONNECTED_PING_TIME if self.status == RemoteStatus.ONLINE else DUPLEX_WAIT_PING_TIME)
@@ -185,7 +188,7 @@ def run_secure_loop():
                 continue
         except Exception as e:
             logging.critical("!! Major problem starting connection loop for %s (%s:%d): %s"
-                                 % (self.display_hostname, self.ip_info.ip4_address, self.port, e))
+                                 % (self.display_hostname, self.ip_info, self.port, e))
 
         self.set_remote_status(RemoteStatus.OFFLINE)
         self.run_thread_alive = False
@@ -195,7 +198,9 @@ def remote_thread_v2(self):
 
         self.emit_machine_info_changed() # Let's make sure the button doesn't have junk in it if we fail to connect.
 
-        logging.debug("Remote: Attempting to connect to %s (%s) - api version 2" % (self.display_hostname, self.ip_info.ip4_address))
+        remote_ip, _, ip_version = self.ip_info.get_usable_ip()
+        logging.debug("Remote: Attempting to connect to %s (%s) - api version 2" % (self.display_hostname, remote_ip))
+        remote_ip = remote_ip if ip_version == socket.AF_INET else "[%s]" % (remote_ip,)
 
         self.set_remote_status(RemoteStatus.INIT_CONNECTING)
 
@@ -212,7 +217,7 @@ def run_secure_loop():
                 ('grpc.http2.min_ping_interval_without_data_ms', 5000)
             )
 
-            with grpc.secure_channel("%s:%d" % (self.ip_info.ip4_address, self.port), creds, options=opts) as channel:
+            with grpc.secure_channel("%s:%d" % (remote_ip, self.port), creds, options=opts) as channel:
 
                 def channel_state_changed(state):
                     if state != grpc.ChannelConnectivity.READY:
@@ -335,7 +340,7 @@ def rpc_call(self, func, *args, **kargs):
         except Exception as e:
             # exception concurrent.futures.thread.BrokenThreadPool is not available in bionic/python3 < 3.7
             logging.critical("!! RPC threadpool failure while submitting call to %s (%s:%d): %s"
-                                 % (self.display_hostname, self.ip_info.ip4_address, self.port, e))
+                                 % (self.display_hostname, self.ip_info, self.port, e))
 
     # Not added to thread pool
     def check_duplex_connection(self):