Avoid using an unavailable ip version to connect to a relay

Author: Pururun

mullvad-daemon/src/tunnel.rs

@@ -160,12 +160,13 @@ impl InnerParametersGenerator {
     async fn generate(
         &mut self,
         retry_attempt: u32,
+        ipv4: bool,
         ipv6: bool,
     ) -> Result<TunnelParameters, Error> {
         let data = self.device().await?;
         let selected_relay = self
             .relay_selector
-            .get_relay(retry_attempt as usize, RuntimeParameters { ipv6 })?;
+            .get_relay(retry_attempt as usize, RuntimeParameters { ipv4, ipv6 })?;
 
         match selected_relay {
             #[cfg(not(target_os = "android"))]
@@ -299,13 +300,14 @@ impl TunnelParametersGenerator for ParametersGenerator {
     fn generate(
         &mut self,
         retry_attempt: u32,
+        ipv4: bool,
         ipv6: bool,
     ) -> Pin<Box<dyn Future<Output = Result<TunnelParameters, ParameterGenerationError>>>> {
         let generator = self.0.clone();
         Box::pin(async move {
             let mut inner = generator.lock().await;
             inner
-                .generate(retry_attempt, ipv6)
+                .generate(retry_attempt, ipv4, ipv6)
                 .await
                 .inspect_err(|error| {
                     log::error!(

mullvad-relay-selector/src/relay_selector/mod.rs

@@ -28,7 +28,6 @@ use std::{
 
 use chrono::{DateTime, Local};
 use itertools::Itertools;
-
 use mullvad_types::{
     constraints::Constraint,
     custom_list::CustomListsSettings,
@@ -186,13 +185,27 @@ pub struct AdditionalWireguardConstraints {
 /// Values which affect the choice of relay but are only known at runtime.
 #[derive(Clone, Debug)]
 pub struct RuntimeParameters {
+    /// Whether IPv6 is available
+    pub ipv4: bool,
     /// Whether IPv6 is available
     pub ipv6: bool,
 }
 
 impl RuntimeParameters {
     /// Return whether a given [query][`RelayQuery`] is valid given the current runtime parameters
     pub fn compatible(&self, query: &RelayQuery) -> bool {
+        if !self.ipv4 {
+            let must_use_ipv4 = matches!(
+                query.wireguard_constraints().ip_version,
+                Constraint::Only(talpid_types::net::IpVersion::V4)
+            );
+            if must_use_ipv4 {
+                log::trace!(
+                    "{query:?} is incompatible with {self:?} due to IPv4 not being available"
+                );
+                return false;
+            }
+        }
         if !self.ipv6 {
             let must_use_ipv6 = matches!(
                 query.wireguard_constraints().ip_version,
@@ -214,7 +227,10 @@ impl RuntimeParameters {
 #[allow(clippy::derivable_impls)]
 impl Default for RuntimeParameters {
     fn default() -> Self {
-        RuntimeParameters { ipv6: false }
+        RuntimeParameters {
+            ipv4: true,
+            ipv6: false,
+        }
     }
 }
 
@@ -655,7 +671,9 @@ impl RelaySelector {
             // Remove candidate queries based on runtime parameters before trying to merge user
             // settings
             .filter(|query| runtime_params.compatible(query))
+            .filter(|query| runtime_params.compatible(&user_query))
             .filter_map(|query| query.clone().intersection(user_query.clone()))
+            .map(|query| force_valid_ip_version(&query, runtime_params.clone()))
             .filter(|query| Self::get_relay_inner(query, parsed_relays, user_config.custom_lists).is_ok())
             .cycle() // If the above filters remove all relays, cycle will also return an empty iterator
             .nth(retry_attempt)
@@ -1187,6 +1205,23 @@ impl RelaySelector {
     }
 }
 
+fn force_valid_ip_version(query: &RelayQuery, runtime_params: RuntimeParameters) -> RelayQuery {
+    let mut wireguard_constraints = query.wireguard_constraints().clone();
+    if wireguard_constraints.ip_version.is_any() {
+        if runtime_params.ipv4 && !runtime_params.ipv6 {
+            wireguard_constraints.ip_version = Constraint::Only(talpid_types::net::IpVersion::V4)
+        }
+        if runtime_params.ipv6 && !runtime_params.ipv4 {
+            wireguard_constraints.ip_version = Constraint::Only(talpid_types::net::IpVersion::V6)
+        }
+    }
+    let mut ret = query.clone();
+    match (ret.set_wireguard_constraints(wireguard_constraints)) {
+        Ok(()) => ret,
+        _Error => query.clone(),
+    }
+}
+
 #[derive(Clone)]
 struct RelayWithDistance {
     distance: f64,

mullvad-relay-selector/tests/relay_selector.rs

@@ -394,7 +394,13 @@ fn test_wireguard_retry_order() {
     let relay_selector = default_relay_selector();
     for (retry_attempt, query) in WIREGUARD_RETRY_ORDER.iter().enumerate() {
         let relay = relay_selector
-            .get_relay(retry_attempt, RuntimeParameters { ipv6: true })
+            .get_relay(
+                retry_attempt,
+                RuntimeParameters {
+                    ipv4: true,
+                    ipv6: true,
+                },
+            )
             .unwrap_or_else(|_| panic!("Retry attempt {retry_attempt} did not yield any relay"));
         // For each relay, cross-check that the it has the expected tunnel protocol
         let tunnel_type = tunnel_type(&unwrap_relay(relay.clone()));
@@ -452,7 +458,13 @@ fn test_openvpn_retry_order() {
 
     for (retry_attempt, query) in OPENVPN_RETRY_ORDER.iter().enumerate() {
         let relay = relay_selector
-            .get_relay(retry_attempt, RuntimeParameters { ipv6: true })
+            .get_relay(
+                retry_attempt,
+                RuntimeParameters {
+                    ipv4: true,
+                    ipv6: true,
+                },
+            )
             .unwrap_or_else(|_| panic!("Retry attempt {retry_attempt} did not yield any relay"));
         // For each relay, cross-check that the it has the expected tunnel protocol
         let tunnel_type = tunnel_type(&unwrap_relay(relay.clone()));

talpid-core/src/tunnel_state_machine/connecting_state.rs

@@ -82,11 +82,13 @@ impl ConnectingState {
             }
             return ErrorState::enter(shared_values, ErrorStateCause::IsOffline);
         }
-        match shared_values.runtime.block_on(
-            shared_values
-                .tunnel_parameters_generator
-                .generate(retry_attempt, shared_values.connectivity.has_ipv6()),
-        ) {
+        match shared_values
+            .runtime
+            .block_on(shared_values.tunnel_parameters_generator.generate(
+                retry_attempt,
+                shared_values.connectivity.has_ipv4(),
+                shared_values.connectivity.has_ipv6(),
+            )) {
             Err(err) => {
                 ErrorState::enter(shared_values, ErrorStateCause::TunnelParameterError(err))
             }

talpid-core/src/tunnel_state_machine/mod.rs

@@ -452,6 +452,7 @@ pub trait TunnelParametersGenerator: Send + 'static {
     fn generate(
         &mut self,
         retry_attempt: u32,
+        ipv4: bool,
         ipv6: bool,
     ) -> Pin<Box<dyn Future<Output = Result<TunnelParameters, ParameterGenerationError>>>>;
 }

talpid-types/src/net/mod.rs

@@ -1,8 +1,10 @@
+use self::proxy::{CustomProxy, Socks5Local};
 use ipnetwork::{IpNetwork, Ipv4Network, Ipv6Network};
 #[cfg(target_os = "android")]
 use jnix::FromJava;
 use obfuscation::ObfuscatorConfig;
 use serde::{Deserialize, Serialize};
+use std::ops::Not;
 #[cfg(windows)]
 use std::path::PathBuf;
 use std::{
@@ -12,8 +14,6 @@ use std::{
     sync::LazyLock,
 };
 
-use self::proxy::{CustomProxy, Socks5Local};
-
 pub mod obfuscation;
 pub mod openvpn;
 pub mod proxy;
@@ -600,6 +600,13 @@ impl Connectivity {
         )
     }
 
+    /// Whether IPv4 connectivity seems to be available on the host.
+    ///
+    /// If IPv4 status is unknown, `true` is returned.
+    pub fn has_ipv4(&self) -> bool {
+        matches!(self, Connectivity::Status { ipv4: false, .. }).not()
+    }
+
     /// Whether IPv6 connectivity seems to be available on the host.
     ///
     /// If IPv6 status is unknown, `false` is returned.