0

I have a piece of code which scans 256 IPv4 addresses within user's network, checks each one for a particular TCP port and checks if it is a server which it can connect to. The concept is fairly simple...

type
  TIPAddressV4 = record
    IP1: Byte;
    IP2: Byte;
    IP3: Byte;
    IP4: Byte;
    function AsString: String;
  end;

  TServerResult = class(TObject)
  //Some proprietary properties...
  end;

  TServerSearchCallback = Reference to procedure(AItem: TServerResult);

  TProgressCallback = Reference to procedure(ACurrent, AMax: Integer);

procedure ServerSearch(ACallback: TServerSearchCallback; AProgressCallback: TProgressCallback);
begin
  TThread.CreateAnonymousThread(
    procedure
    var
      Cli: TIdHTTP;
      Url, Res, T: String;
      IP: TIPAddressV4;
      X: Integer;
      O: ISuperObject;
      S: TServerResult;
    begin
      IP:= GetThisDeviceIPv4Address;
      Cli:= TIdHTTP.Create(nil);
      try
        Cli.ConnectTimeout:= 50;
        //Iterate every possible IPv4 address in same range...
        for X := 0 to 255 do begin
          //Concatenate IP address and URL...
          T:= IntToStr(IP.IP1)+'.'+IntToStr(IP.IP2)+'.'+IntToStr(IP.IP3)+'.'+IntToStr(X);
          Url:= 'http://'+T+':12345/ServerInfo';
          try
            //Test HTTP GET request and check if JSON...
            Res:= Cli.Get(Url);
            O:= SO(Res);
            if O <> nil then begin
              //Check if JSON is really expected format...
              if O.S['Name'] = 'My Unique Name' then begin
                //Trigger callback...
                S:= TServerResult.Create;
                try

                  //Populate with proprietary properties...
                  S.Host:= O.S['host'];
                  //...

                finally
                  TThread.Synchronize(TThread.CurrentThread,
                    procedure
                    begin
                      if Assigned(ACallback) then
                        ACallback(S);
                    end);
                  //Object is NOT free'd here, receiver takes ownership.
                end;
              end;
            end;
          except
            on E: Exception do begin
              //We don't care about handling exceptions here...
            end;
          end;
          //Used for progress bar...
          TThread.Synchronize(TThread.CurrentThread,
            procedure
            begin
              if Assigned(AProgressCallback) then
                AProgressCallback(X, 255);
            end);
        end;
      finally
        Cli.Free;
      end;
    end).Start;
end;

For example, if this device's IP is 192.168.0.5, it will scan IP addresses from 192.168.0.0 to 192.168.0.255 to find particular servers it can connect to.

The problem arises with the fact that Apple requires IPv6 support. This code is of course only supporting IPv4 at the moment. IPv6 works entirely differently, and not to mention, a single server might be found on both IPv4 and IPv6.

What do I need to do to make this also work for IPv6, thus fulfilling Apple's IPv6 support requirement?

EDIT

I'm actually thinking that this may not be absolutely required in particular for Apple's requirement. General communication with the API, of course. But for this particular feature of the app, I question whether it falls into the category of this requirement.

Jerry Dodge
  • 26,858
  • 31
  • 155
  • 327
  • 3
    There can be more or less than 256 IPv4 addresses in a subnet. How many addresses are in a subnet depends on the subnet mask. For example, `10.11.0.0/22` has 1024 possible IPv4 addresses, and `192.168.10.0/25` has 128 possible IPv4 addresses. If you simply assume 256 hosts per subnet, you are doing it wrong. A standard IPv6 `/64` network has 18,446,744,073,709,551,616 possible addresses, and at 1,000,000 scanned per second, it will take you over 584,542 years. – Ron Maupin Oct 05 '17 at 17:04
  • @Ron Indeed, you see my concern too. I know this isn't perfect, and I'm actually kinda hoping for a separate more established solution which accomplishes the same. As for the number of possible IPv6 addresses in a single network ............ does that size of a number even have a name? :-/ Are there even that many network-connected devices existing in the entire galaxy? :P – Jerry Dodge Oct 05 '17 at 17:18
  • 6
    You don't scan the network. You set up the server to listen to a specific multicast group and respond to the sender with, "Here I am!" That is what you should be doing with IPv4, too. Bothering every host on a network is a good way to have your application banned in many companies. Multicast only interrupts hosts subscribed to the multicast group. – Ron Maupin Oct 05 '17 at 17:22
  • @Ron Thanks, that really puts a different perspective on the task. – Jerry Dodge Oct 05 '17 at 17:26
  • 1
    Be careful when choosing an IPv6 multicast group because there are flags and scopes that you need to account for. With IPv4, you really should use a group in the administratively scope range of `239.0.0.0/8`. – Ron Maupin Oct 05 '17 at 17:31
  • In IPv4, you can use a simpler UDP subnet broadcast instead of multicast. But in IPv6, subnet broadcasting is not supported, you have to use multicast. – Remy Lebeau Oct 05 '17 at 19:03
  • 1
    Good luck making IPv6 multicasting work on iOS (at least with Indy). I've been trying for months (off and on). Check this link (and related links) when it is back up (down for me right now): https://forums.embarcadero.com/message.jspa?messageID=887903 – Dave Nottage Oct 05 '17 at 21:48
  • 1
    @DaveNottage Hmm, perhaps I'm in over my head on this one. If you're not having success, then I should probably put this piece of it on the side, at least for now. Not a critical feature, but extremely helpful for our customers to configure their app. By the way, our company's looking forward to your consulting/help, just waiting for the boss to approve (I had posted on behalf of Bruce on Emba)... – Jerry Dodge Oct 05 '17 at 21:55
  • 1
    @JerryDodge I've put aside the IPv6 thing for now, because the project is in prototyping stage, but if it becomes fully funded, we're going to need it, and I'm sure it'll be useful elsewhere anyway.. and thanks for the reference, too :-) – Dave Nottage Oct 05 '17 at 21:59
  • @RemyLebeau, as I wrote above, interrupting every host on a LAN, which is what broadcast does, is a good way to get your application banned at many companies. Broadcast has been misused for this type of thing, but it interrupts every LAN host, including network devices (routers, switches, etc.) that have addresses on the LAN. This is one of the reasons that IPv6 has done away with broadcast. Even ARP has gone away in IPv6, replaced by ND that probably only interrupts the target, or maybe one other host, rather than every LAN host. – Ron Maupin Oct 06 '17 at 00:49
  • @Ron When you say "banned", do you mean by company decision, or by network equipment automatically taking action? Because if it's the prior, that is perfectly acceptable considering the nature of the app. – Jerry Dodge Oct 06 '17 at 15:12
  • By company decision. For example, the company where I work will put an application through paces by several groups, including security, to see what it does and how it performs. If it sends broadcasts (other than something like ARP), or scans other hosts, especially network devices, it is rejected as a security risk. Network security is becoming a real hot topic. – Ron Maupin Oct 06 '17 at 15:17
  • @Ron The app in question is an extension to a legacy system directly related to business management. This scan would only occur on demand, and very rarely, most of the time only once, just to get the initial connection between the device and the company's server hosting our software's database and API. The app has nothing to do with any sort of continuous scanning, etc, and is not an app which will be readily available for users to install stand-alone without already having the larger software system we provide. – Jerry Dodge Oct 06 '17 at 15:19
  • I understand what you are saying, but applications are now under a microscope with all the high-profile breaches that have occurred over the last few years, and it will just get harder to get things approved. We are large enough that we have a lot of clout, and have made some software vendors make big application changes in order to have a chance at our business. Our company talks to other companies, even competitors, and shares this type of information. – Ron Maupin Oct 06 '17 at 15:24

0 Answers0