fix: refresh ACL groups and enable TCP_NODELAY for WebSocket (#2118)

* fix: refresh ACL groups and enable TCP_NODELAY for WebSocket * add remove_peers to remove list of peer id in ospf route * fix secure tunnel for unreliable udp tunnel * fix(web-client): timeout secure tunnel handshake * fix(web-server): tolerate delayed secure hello * fix quic endpoint panic * fix replay check
2026-04-23 00:27:06 +08:00 · 2026-04-19 10:37:39 +08:00
parent c49c56612b
commit 2db655bd6d
14 changed files with 7824 additions and 1038 deletions
@@ -126,7 +126,7 @@ impl WebClient {
                }
            };

-            if support_encryption {
+            if support_encryption && security::web_secure_tunnel_supported() {
                log::info!("Server supports encryption, reconnecting with secure tunnel");
                drop(session);

@@ -159,6 +159,23 @@ impl WebClient {
                continue;
            }

+            if support_encryption {
+                if secure_mode {
+                    connected.store(false, Ordering::Release);
+                    let wait = 1;
+                    log::warn!(
+                        "secure-mode enabled but local build lacks aes-gcm support for web secure tunnel, retrying in {} seconds...",
+                        wait
+                    );
+                    tokio::time::sleep(std::time::Duration::from_secs(wait)).await;
+                    continue;
+                }
+
+                log::warn!(
+                    "Server supports encryption but local build lacks aes-gcm support for web secure tunnel, falling back to legacy tunnel"
+                );
+            }
+
            if secure_mode {
                connected.store(false, Ordering::Release);
                let wait = 1;