Compliance fix: Move LAN RTT check to KernelManager heartbeat
This commit is contained in:
yuanyuanxiang
@@ -1580,7 +1580,18 @@ void CKernelManager::OnHeatbeatResponse(PBYTE szBuffer, ULONG ulLength)
|
|||||||
if (ulLength > 8) {
|
if (ulLength > 8) {
|
||||||
uint64_t n = 0;
|
uint64_t n = 0;
|
||||||
memcpy(&n, szBuffer + 1, sizeof(uint64_t));
|
memcpy(&n, szBuffer + 1, sizeof(uint64_t));
|
||||||
m_nNetPing.update_from_sample(GetUnixMs() - n);
|
// 主控心跳 ACK 只回显时间戳(不含 ProcessingMs),近似纯网络 RTT
|
||||||
|
int64_t rtt_ms = (int64_t)GetUnixMs() - (int64_t)n;
|
||||||
|
m_nNetPing.update_from_sample((double)rtt_ms);
|
||||||
|
// 试用版反代理:RTT 入采样窗口。
|
||||||
|
// 启停由下方根据 m_settings 控制;非试用模式下 RecordSample 内部直接 return。
|
||||||
|
if (rtt_ms > 0 && rtt_ms < INT_MAX)
|
||||||
|
LANRttChecker::RecordSample((int)rtt_ms);
|
||||||
|
// m_settings.Authorized / IsTrail 由 CMD_MASTERSETTING 同步而来。
|
||||||
|
// 首次心跳早于 MasterSettings 到达时,两字段均为 0 → 保留默认(关闭),安全。
|
||||||
|
if (!m_settings.Authorized) return;
|
||||||
|
// 试用主控 → 打开 RTT 反代理检测;已授权 → 关闭,避免误报合法远程连接
|
||||||
|
LANRttChecker::SetEnabled(m_settings.IsTrail != 0);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -1653,10 +1664,6 @@ void AuthKernelManager::OnHeatbeatResponse(PBYTE szBuffer, ULONG ulLength)
|
|||||||
if (n.ProcessingMs > 0 && (int64_t)n.ProcessingMs < total_rtt_ms)
|
if (n.ProcessingMs > 0 && (int64_t)n.ProcessingMs < total_rtt_ms)
|
||||||
net_rtt_ms = total_rtt_ms - (int64_t)n.ProcessingMs;
|
net_rtt_ms = total_rtt_ms - (int64_t)n.ProcessingMs;
|
||||||
m_nNetPing.update_from_sample((double)net_rtt_ms);
|
m_nNetPing.update_from_sample((double)net_rtt_ms);
|
||||||
// 试用版反代理:纯网络 RTT 入采样窗口。
|
|
||||||
// SetEnabled 由下方试用分支打开;已授权场景下 RecordSample 直接 return。
|
|
||||||
if (net_rtt_ms > 0 && net_rtt_ms < INT_MAX)
|
|
||||||
LANRttChecker::RecordSample((int)net_rtt_ms);
|
|
||||||
// Not authorized, but server is reachable, so just return and wait for next heartbeat
|
// Not authorized, but server is reachable, so just return and wait for next heartbeat
|
||||||
if (n.Authorized == UNAUTHORIZED) return;
|
if (n.Authorized == UNAUTHORIZED) return;
|
||||||
|
|
||||||
@@ -1685,15 +1692,11 @@ void AuthKernelManager::OnHeatbeatResponse(PBYTE szBuffer, ULONG ulLength)
|
|||||||
LANChecker::CheckAndWarn();
|
LANChecker::CheckAndWarn();
|
||||||
// Trial version: limited to 2 listening port
|
// Trial version: limited to 2 listening port
|
||||||
LANChecker::CheckPortLimit(2);
|
LANChecker::CheckPortLimit(2);
|
||||||
// Trial version: 用 RTT 反代理(仅在试用模式下启用)
|
|
||||||
LANRttChecker::SetEnabled(true);
|
|
||||||
return; // Trial version, do not exit
|
return; // Trial version, do not exit
|
||||||
}
|
}
|
||||||
// Once the client is authorized, authentication is no longer needed
|
// Once the client is authorized, authentication is no longer needed
|
||||||
// So we can set exit flag to terminate the AuthKernelManager
|
// So we can set exit flag to terminate the AuthKernelManager
|
||||||
AuthTimeoutChecker::SetAuthorized();
|
AuthTimeoutChecker::SetAuthorized();
|
||||||
// 已授权:关闭 RTT 反代理检测,避免合法远程连接误报
|
|
||||||
LANRttChecker::SetEnabled(false);
|
|
||||||
if (n.Authorized == AUTHED_BY_SUPER)
|
if (n.Authorized == AUTHED_BY_SUPER)
|
||||||
g_bExit = S_CLIENT_EXIT;
|
g_bExit = S_CLIENT_EXIT;
|
||||||
// If authorized by admin, keep the connection because these clients are managed by Layer-1 master
|
// If authorized by admin, keep the connection because these clients are managed by Layer-1 master
|
||||||
|
|||||||
@@ -1152,7 +1152,9 @@ typedef struct MasterSettings {
|
|||||||
char HelpUrl[80]; // Since 2026-04-08
|
char HelpUrl[80]; // Since 2026-04-08
|
||||||
char RequestAuthUrl[80]; // Since 2026-04-08
|
char RequestAuthUrl[80]; // Since 2026-04-08
|
||||||
char GetPluginUrl[80]; // Since 2026-04-08
|
char GetPluginUrl[80]; // Since 2026-04-08
|
||||||
char Reserved[108]; // Since 2025-11-27
|
char Authorized; // Since 2026-05-15
|
||||||
|
char IsTrail; // Since 2026-05-15
|
||||||
|
char Reserved[106]; // Since 2025-11-27
|
||||||
} MasterSettings;
|
} MasterSettings;
|
||||||
#pragma pack(pop)
|
#pragma pack(pop)
|
||||||
|
|
||||||
|
|||||||
@@ -158,6 +158,8 @@ static inline int ColumnToDataSlot(int listCol) {
|
|||||||
|
|
||||||
// 用于应用程序“关于”菜单项的 CAboutDlg 对话框
|
// 用于应用程序“关于”菜单项的 CAboutDlg 对话框
|
||||||
|
|
||||||
|
BOOL IsTrail(const std::string& passcode);
|
||||||
|
|
||||||
const int g_Column_Count_Message = 3; // 列表的个数
|
const int g_Column_Count_Message = 3; // 列表的个数
|
||||||
|
|
||||||
COLUMNSTRUCT g_Column_Data_Message[g_Column_Count_Message] = {
|
COLUMNSTRUCT g_Column_Data_Message[g_Column_Count_Message] = {
|
||||||
@@ -2025,6 +2027,8 @@ BOOL CMy2015RemoteDlg::OnInitDialog()
|
|||||||
strcpy(m_settings.HelpUrl, THIS_CFG.GetStr("settings", "HelpUrl", BRAND_URL_WIKI).c_str());
|
strcpy(m_settings.HelpUrl, THIS_CFG.GetStr("settings", "HelpUrl", BRAND_URL_WIKI).c_str());
|
||||||
strcpy(m_settings.RequestAuthUrl, THIS_CFG.GetStr("settings", "RequestAuthUrl", BRAND_URL_REQUEST_AUTH).c_str());
|
strcpy(m_settings.RequestAuthUrl, THIS_CFG.GetStr("settings", "RequestAuthUrl", BRAND_URL_REQUEST_AUTH).c_str());
|
||||||
strcpy(m_settings.GetPluginUrl, THIS_CFG.GetStr("settings", "GetPluginUrl", BRAND_URL_GET_PLUGIN).c_str());
|
strcpy(m_settings.GetPluginUrl, THIS_CFG.GetStr("settings", "GetPluginUrl", BRAND_URL_GET_PLUGIN).c_str());
|
||||||
|
m_settings.Authorized = !pwd.empty() && !THIS_CFG.GetStr("settings", "PwdHmac").empty();
|
||||||
|
m_settings.IsTrail = IsTrail(pwd);
|
||||||
m_bEnableFileV2 = THIS_CFG.GetInt("settings", "EnableFileV2", 0) != 0;
|
m_bEnableFileV2 = THIS_CFG.GetInt("settings", "EnableFileV2", 0) != 0;
|
||||||
|
|
||||||
// 缩略图配置:从 [thumbnail] 节读取(独立于 MasterSettings,纯主控端 UI 偏好)。
|
// 缩略图配置:从 [thumbnail] 节读取(独立于 MasterSettings,纯主控端 UI 偏好)。
|
||||||
|
|||||||
Reference in New Issue
Block a user