New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Incorrect External Access Warning #5005
Comments
This may well be the cause of the warning. If your network is setup so that your access appears to be from a public IPv6 address, then OctoPrint will trigger the warning. I'm not sure of what changed here in relation to OctoPrint 1.10.0, but there was also this report on the forum. https://community.octoprint.org/t/how-is-external-access-checked/58170?u=charlie_powell |
My systems (both client and OctoPrint server) have IPv6 addresses allocated from a public range as that's pretty standard with IPv6. I would think OctoPrint could check it's hosts directly attached IP networks and compare it to the client. If the networks match, then it could consider it a local connection. Another solution might be to have a place to add trusted networks. In this case, I would manually add my local network ranges and OctoPrint would consider them local if a client is connecting from them. |
Possibly validate against localNetworks in config.yaml and if there's a match don't prompt. https://docs.octoprint.org/en/master/configuration/config_yaml.html#access-control |
I started to look through the code and I think there might be a bigger issue here. OctoPrint/src/octoprint/util/net.py Line 74 in fed2dd7
OctoPrint/src/octoprint/util/net.py Line 86 in fed2dd7
I'll keep looking, but I think this might be the cause of the issue. |
The problem is specifically this line: OctoPrint/src/octoprint/util/net.py Line 60 in fed2dd7
The element Here's the strange thing... Anyone have any thoughts on the correct way to proceed here? |
Even a little more confusing is it seems the source code for netifaces does actually use I'm really not sure why I'm seeing |
Even more findings... This seems strange to me. Is OctoPrint using some kind of custom modified build of netifaces?
|
OctoPrint switched to Line 55 in fed2dd7
Good catch! |
@ManuelMcLure ran into this issue as well - https://discord.com/channels/704958479194128507/708230829050036236/1232770439416381463 Should at least be a simple fix in OctoPrint, and can be part of a bugfix release for 1.10 when that is required. |
This issue has been mentioned on OctoPrint Community Forum. There might be relevant details there: https://community.octoprint.org/t/how-is-external-access-checked/58170/5 |
Aha!!! That means we should change the code to use I could try to do a PR some time this week. |
What I did in my plugin was to try |
I'm not as familiar with python as I am with other languages. Is there any potential issue with both netifaces and netifaces2 being installed in the venv? How do we ensure that netifaces2 is loaded when both are found? |
in netifaces2 netmask was replaced with mask, #5005
Fixed by the above commit, ready for 1.10.1. As explained in #5006, I've decide to go with an either/or approach here with regards what is fetched from the address dict. |
The problem
Ever since updating to 1.10.0, I'm not getting a
Possible external access detected
notification. My access is local only and has always been. It seems something in this detection has recently changed and is broken.Did the issue persist even in safe mode?
Yes, it did persist
If you could not test in safe mode, please state why ("currently printing" is NOT an excuse!)
No response
Version of OctoPrint
1.10.0
Operating system running OctoPrint
Ubuntu Server 22.04
Printer model & used firmware incl. version
Not applicable
Browser and version of browser, operating system running browser
Firefox 125.0.2 (64-bit) on Windows 10 22H2 with latest Windows Updates
Checklist of files to include below
Additional information & file uploads
Note: I did not include the systeminfo bundle here as it contains some public IPv6 addresses and also a domain name that I do not want to be shown publicly in the github issues. (I can share privately if needed or I can censor them.)
The text was updated successfully, but these errors were encountered: