Ipv6 support (#231)

* Basic IPv6 support

Still missing: manual connection, QR-Code support needs to be changed to accomodate both IP versions (preferrably without breaking existing support

* Add manual connection with IPv6 addresses

This adds the ability to connect be connected from IPv6 addresses.
This also fixes the way IP addresses are validated on input.

Still currently broken: QR code connection

* Added IPv6 to QR code connection

On devices with support for IPv4 (example: 192.168.1.10) and IPv6 (example: 2a02::1), the code will look like this:
warpinator://192.168.1.10:42001/ipv6=2a02%3A%3A1 (%3A is ':')

On devices that only do IPv6 but not IPv4, the IPv6 address will be used for the host part in the QR code url:
warpinator://[2a02::1]:42001 (brackets indicate IPv6)

* Split shown data for manual connection into two lines

This splits the shown data for manual connection into two lines, one of which contains the data for IPv4 conenction, the other shows the one for IPv6.

Author: Cobinja

resources/manual-connect.ui

@@ -192,7 +192,7 @@
           </packing>
         </child>
         <child>
-          <object class="GtkLabel">
+          <object class="GtkLabel" id="url_description_label">
             <property name="visible">True</property>
             <property name="can-focus">False</property>
             <property name="label" translatable="yes" comments="The user's ip address and port are displayed here">Or connect to the address below</property>
@@ -204,7 +204,7 @@
           </packing>
         </child>
         <child>
-          <object class="GtkLabel" id="our_ip_label">
+          <object class="GtkLabel" id="local_ip4_label">
             <property name="visible">True</property>
             <property name="can-focus">False</property>
             <property name="label">192.168.0.50:42001</property>
@@ -222,6 +222,25 @@
             <property name="position">4</property>
           </packing>
         </child>
+        <child>
+          <object class="GtkLabel" id="local_ip6_label">
+            <property name="visible">True</property>
+            <property name="can-focus">False</property>
+            <property name="label">[2a02::1]:42001</property>
+            <attributes>
+              <attribute name="weight" value="bold"/>
+              <attribute name="scale" value="1.8"/>
+            </attributes>
+            <style>
+              <class name="monospace"/>
+            </style>
+          </object>
+          <packing>
+            <property name="expand">False</property>
+            <property name="fill">True</property>
+            <property name="position">5</property>
+          </packing>
+        </child>
       </object>
       <packing>
         <property name="expand">False</property>

src/auth.py

@@ -69,13 +69,13 @@ def get_server_creds(self):
 
     def get_cached_cert(self, hostname, ip_info):
         try:
-            return self.remote_certs["%s.%s" % (hostname, ip_info.ip4_address)]
+            return self.remote_certs["%s.%s" % (hostname, ip_info)]
         except KeyError:
             return None
 
     def process_remote_cert(self, hostname, ip_info, server_data):
         if server_data is None:
-            return False
+            return util.CertProcessingResult.FAILURE
         decoded = base64.decodebytes(server_data)
 
         hasher = hashlib.sha256()
@@ -89,11 +89,20 @@ def process_remote_cert(self, hostname, ip_info, server_data):
             logging.debug("Decryption failed for remote '%s': %s" % (hostname, str(e)))
             cert = None
 
+        res = util.CertProcessingResult.FAILURE
         if cert:
-            self.remote_certs["%s.%s" % (hostname, ip_info.ip4_address)] = cert
-            return True
-        else:
-            return False
+            key = "%s.%s" % (hostname, ip_info)
+            val = self.remote_certs.get(key)
+
+            if val is None:
+                res = util.CertProcessingResult.CERT_INSERTED
+            elif val == cert:
+                res = util.CertProcessingResult.CERT_UP_TO_DATE
+                return res
+            else:
+                res = util.CertProcessingResult.CERT_UPDATED
+            self.remote_certs[key] = cert
+        return res
 
     def get_encoded_local_cert(self):
         hasher = hashlib.sha256()
@@ -133,6 +142,8 @@ def _make_key_cert_pair(self):
 
         if self.ip_info.ip4_address is not None:
             alt_names.append(x509.IPAddress(ipaddress.IPv4Address(self.ip_info.ip4_address)))
+        if self.ip_info.ip6_address is not None:
+            alt_names.append(x509.IPAddress(ipaddress.IPv6Address(self.ip_info.ip6_address)))
 
         builder = builder.add_extension(x509.SubjectAlternativeName(alt_names), critical=True)
 

src/networkmonitor.py

@@ -102,65 +102,89 @@ def get_valid_interface_infos(self):
 
             try:
                 ip4 = iface[netifaces.AF_INET][0]
+            except KeyError:
+                ip4 = None
+            try:
+                ip6 = iface[netifaces.AF_INET6][0]
+            except KeyError:
+                ip6 = None
 
-                try:
-                    ip6 = iface[netifaces.AF_INET6][0]
-                except KeyError:
-                    ip6 = None
-
+            if ip4 is not None or ip6 is not None:
                 info = util.InterfaceInfo(ip4, ip6, iname)
                 valid.append(info)
-            except KeyError:
-                continue
 
         return valid
 
     def get_default_interface_info(self):
-        ip = self.get_default_ip()
+        ip4 = self.get_default_ip4()
+        ip6 = self.get_default_ip6()
         fallback_info = None
 
         for info in self.get_valid_interface_infos():
             if fallback_info is None:
                 fallback_info = info
             try:
-                if ip == info.ip4["addr"]:
+                if ip4 == info.ip4["addr"]:
+                    return info
+            except:
+                pass
+            try:
+                if ip6 == info.ip6["addr"]:
                     return info
             except:
                 pass
 
         return fallback_info
 
-    def get_default_ip(self):
-        with socket.socket(socket.AF_INET, socket.SOCK_DGRAM) as s:
-            try:
-                s.connect(("8.8.8.8", 80))
-            except OSError as e:
-                # print("Unable to retrieve IP address: %s" % str(e))
-                return "0.0.0.0"
+    def get_default_ip(self, ip_version):
+        with socket.socket(ip_version, socket.SOCK_DGRAM) as s:
+            if ip_version == socket.AF_INET:
+                try:
+                    s.connect(("8.8.8.8", 80))
+                except OSError as e:
+                    # print("Unable to retrieve IP address: %s" % str(e))
+                    return "0.0.0.0"
+            else:
+                try:
+                    s.connect(("2001:4860:4860::8888", 80))
+                except OSError as e:
+                    # print("Unable to retrieve IP address: %s" % str(e))
+                    return "[::]"
             ans = s.getsockname()[0]
             return ans
 
+    def get_default_ip4(self):
+        return self.get_default_ip(socket.AF_INET)
+
+    def get_default_ip6(self):
+        return self.get_default_ip(socket.AF_INET6)
+
     def emit_state_changed(self):
         logging.debug("Network state changed: online = %s" % str(self.online))
         self.emit("state-changed", self.online)
 
     # TODO: Do this with libnm
     def same_subnet(self, other_ip_info):
-        iface = ipaddress.IPv4Interface("%s/%s" % (self.current_ip_info.ip4_address,
-                                                   self.current_ip_info.ip4["netmask"]))
+        if self.current_ip_info.ip4_address is not None and other_ip_info.ip4_address is not None:
+            iface = ipaddress.IPv4Interface("%s/%s" % (self.current_ip_info.ip4_address,
+                                                    self.current_ip_info.ip4["netmask"]))
 
-        my_net = iface.network
+            my_net = iface.network
 
-        if my_net is None:
-            # We're more likely to have failed here than to have found something on a different subnet.
-            return True
+            if my_net is None:
+                # We're more likely to have failed here than to have found something on a different subnet.
+                return True
 
-        if my_net.netmask.exploded == "255.255.255.255":
-            logging.warning("Discovery: netmask is 255.255.255.255 - are you on a vpn?")
-            return False
+            if my_net.netmask.exploded == "255.255.255.255":
+                logging.warning("Discovery: netmask is 255.255.255.255 - are you on a vpn?")
+                return False
 
-        for addr in list(my_net.hosts()):
-            if other_ip_info.ip4_address == addr.exploded:
-                return True
+            for addr in list(my_net.hosts()):
+                if other_ip_info.ip4_address == addr.exploded:
+                    return True
 
+            return False
+        if self.current_ip_info.ip6_address is not None and other_ip_info.ip6_address is not None:
+            return True # TODO: Verify that this is actually true
+        logging.debug("No IP address found: %s" % (self))
         return False

src/remote.py

@@ -4,6 +4,7 @@
 import gettext
 import threading
 import logging
+import socket
 
 from gi.repository import GObject, GLib
 
@@ -79,6 +80,8 @@ def __init__(self, ident, hostname, display_hostname, ip_info, port, local_ident
 
         self.has_zc_presence = False # This is currently unused.
 
+        self.last_register = 0
+
     def start_remote_thread(self):
         # func = lambda: return
 
@@ -104,7 +107,7 @@ def remote_thread_v1(self):
 
         def run_secure_loop():
             logging.debug("Remote: Starting a new connection loop for %s (%s:%d)"
-                              % (self.display_hostname, self.ip_info.ip4_address, self.port))
+                              % (self.display_hostname, self.ip_info, self.port))
 
             cert = auth.get_singleton().get_cached_cert(self.hostname, self.ip_info)
             creds = grpc.ssl_channel_credentials(cert)
@@ -121,7 +124,7 @@ def run_secure_loop():
 
                     if not self.ping_timer.is_set():
                         logging.debug("Remote: Unable to establish secure connection with %s (%s:%d). Trying again in %ds"
-                                          % (self.display_hostname, self.ip_info.ip4_address, self.port, CHANNEL_RETRY_WAIT_TIME))
+                                          % (self.display_hostname, self.ip_info, self.port, CHANNEL_RETRY_WAIT_TIME))
                         self.ping_timer.wait(CHANNEL_RETRY_WAIT_TIME)
                         return True # run_secure_loop()
 
@@ -134,13 +137,13 @@ def run_secure_loop():
 
                     if self.busy:
                         logging.debug("Remote Ping: Skipping keepalive ping to %s (%s:%d) (busy)"
-                                          % (self.display_hostname, self.ip_info.ip4_address, self.port))
+                                          % (self.display_hostname, self.ip_info, self.port))
                         self.busy = False
                     else:
                         try:
                             # t = GLib.get_monotonic_time()
                             logging.debug("Remote Ping: to   %s (%s:%d)"
-                                          % (self.display_hostname, self.ip_info.ip4_address, self.port))
+                                          % (self.display_hostname, self.ip_info, self.port))
                             self.stub.Ping(warp_pb2.LookupName(id=self.local_ident,
                                                                readable_name=util.get_hostname()),
                                            timeout=5)
@@ -150,7 +153,7 @@ def run_secure_loop():
                                 self.set_remote_status(RemoteStatus.AWAITING_DUPLEX)
                                 if self.check_duplex_connection():
                                     logging.debug("Remote: Connected to %s (%s:%d)"
-                                                      % (self.display_hostname, self.ip_info.ip4_address, self.port))
+                                                      % (self.display_hostname, self.ip_info, self.port))
 
                                     self.set_remote_status(RemoteStatus.ONLINE)
 
@@ -161,12 +164,12 @@ def run_secure_loop():
                                     duplex_fail_counter += 1
                                     if duplex_fail_counter > DUPLEX_MAX_FAILURES:
                                         logging.debug("Remote: CheckDuplexConnection to %s (%s:%d) failed too many times"
-                                                          % (self.display_hostname, self.ip_info.ip4_address, self.port))
+                                                          % (self.display_hostname, self.ip_info, self.port))
                                         self.ping_timer.wait(CHANNEL_RETRY_WAIT_TIME)
                                         return True
                         except grpc.RpcError as e:
                             logging.debug("Remote: Ping failed, shutting down %s (%s:%d)"
-                                              % (self.display_hostname, self.ip_info.ip4_address, self.port))
+                                              % (self.display_hostname, self.ip_info, self.port))
                             break
 
                     self.ping_timer.wait(CONNECTED_PING_TIME if self.status == RemoteStatus.ONLINE else DUPLEX_WAIT_PING_TIME)
@@ -185,7 +188,7 @@ def run_secure_loop():
                 continue
         except Exception as e:
             logging.critical("!! Major problem starting connection loop for %s (%s:%d): %s"
-                                 % (self.display_hostname, self.ip_info.ip4_address, self.port, e))
+                                 % (self.display_hostname, self.ip_info, self.port, e))
 
         self.set_remote_status(RemoteStatus.OFFLINE)
         self.run_thread_alive = False
@@ -195,7 +198,9 @@ def remote_thread_v2(self):
 
         self.emit_machine_info_changed() # Let's make sure the button doesn't have junk in it if we fail to connect.
 
-        logging.debug("Remote: Attempting to connect to %s (%s) - api version 2" % (self.display_hostname, self.ip_info.ip4_address))
+        remote_ip, _, ip_version = self.ip_info.get_usable_ip()
+        logging.debug("Remote: Attempting to connect to %s (%s) - api version 2" % (self.display_hostname, remote_ip))
+        remote_ip = remote_ip if ip_version == socket.AF_INET else "[%s]" % (remote_ip,)
 
         self.set_remote_status(RemoteStatus.INIT_CONNECTING)
 
@@ -212,7 +217,7 @@ def run_secure_loop():
                 ('grpc.http2.min_ping_interval_without_data_ms', 5000)
             )
 
-            with grpc.secure_channel("%s:%d" % (self.ip_info.ip4_address, self.port), creds, options=opts) as channel:
+            with grpc.secure_channel("%s:%d" % (remote_ip, self.port), creds, options=opts) as channel:
 
                 def channel_state_changed(state):
                     if state != grpc.ChannelConnectivity.READY:
@@ -335,7 +340,7 @@ def rpc_call(self, func, *args, **kargs):
         except Exception as e:
             # exception concurrent.futures.thread.BrokenThreadPool is not available in bionic/python3 < 3.7
             logging.critical("!! RPC threadpool failure while submitting call to %s (%s:%d): %s"
-                                 % (self.display_hostname, self.ip_info.ip4_address, self.port, e))
+                                 % (self.display_hostname, self.ip_info, self.port, e))
 
     # Not added to thread pool
     def check_duplex_connection(self):