From b2974cdc95fdbe5f428024eb0a427fecb9979915 Mon Sep 17 00:00:00 2001 From: MaxFan Date: Mon, 11 May 2026 20:30:02 +0330 Subject: [PATCH] Clarify protected leak attempts in health status --- AppTunnel/Services/TrafficRouterService.Core.cs | 8 +++++--- .../Services/TrafficRouterService.NetworkSniffing.cs | 6 +++--- AppTunnel/ViewModels/MainViewModel.Core.cs | 6 +++--- 3 files changed, 11 insertions(+), 9 deletions(-) diff --git a/AppTunnel/Services/TrafficRouterService.Core.cs b/AppTunnel/Services/TrafficRouterService.Core.cs index 2d5d6bc..a194c2b 100644 --- a/AppTunnel/Services/TrafficRouterService.Core.cs +++ b/AppTunnel/Services/TrafficRouterService.Core.cs @@ -293,9 +293,11 @@ public partial class TrafficRouterService : IDisposable public long LeakCount => Interlocked.Read(ref _statLeakConfirmed); /// /// Number of attempted leaks blocked locally by leak-guard. - /// Diagnostic-only signal for policy-transition races. + /// Diagnostic-only signal; these packets did not escape the machine. /// public long LeakBlockedCount => Interlocked.Read(ref _statLeakBlocked); + public long LeakBlockedRecoveredCount => Interlocked.Read(ref _statLeakBlockedRecovered); + public long LeakBlockedSuppressedCount => Interlocked.Read(ref _statLeakBlockedSuppressed); public long Ipv6BlockedCount => Interlocked.Read(ref _statFlowIPv6Blocked); public long DnsRedirectCount => Interlocked.Read(ref _redirectCount); public long ActiveRouteCount => _addedRoutes.Count; @@ -540,13 +542,13 @@ public partial class TrafficRouterService : IDisposable long netOutFail = Interlocked.Read(ref _statNetOutSendFailed); string mode = _fullRouteEnabled ? "full-route" : "split"; string leakState = leakConfirmed > 0 ? "LEAK-DETECTED" : - (leakBlocked > 0 ? "BLOCKING-ATTEMPTS" : "OK"); + (leakBlocked > 0 ? "PROTECTED" : "OK"); Logger.Info( $"[STATS] mode={mode} health={leakState} " + $"flows={flowEst}/{flowDel} targetHit={flowHit} excluded={flowExcl} ipv6Drop={ipv6Blocked} " + $"routes={Interlocked.Read(ref _statRoutesAdded)}({Interlocked.Read(ref _statRoutesFailed)}fail)/{_addedRoutes.Count}active " + $"rewriteOut={netOutRw} rewriteIn={netInRw} rewriteFail={netOutFail} nat={_natTable.Count} " + - $"leakConfirmed={leakConfirmed} leakBlocked={leakBlocked} recovered={leakBlockedRecovered} suppressed={leakBlockedSuppressed} " + + $"leakConfirmed={leakConfirmed} protectedBlocked={leakBlocked} recovered={leakBlockedRecovered} suppressed={leakBlockedSuppressed} " + $"targets={_targetExecutables.Count} blockedApps={_blockedExecutables.Count}"); // Loop health check — warn if any background loop has exited unexpectedly diff --git a/AppTunnel/Services/TrafficRouterService.NetworkSniffing.cs b/AppTunnel/Services/TrafficRouterService.NetworkSniffing.cs index 1beacdb..700f824 100644 --- a/AppTunnel/Services/TrafficRouterService.NetworkSniffing.cs +++ b/AppTunnel/Services/TrafficRouterService.NetworkSniffing.cs @@ -235,11 +235,11 @@ public partial class TrafficRouterService leakLogCount++; if (recovered) - Logger.Warning($"[LEAK-BLOCKED] Packet with VPN srcIP exiting PHYSICAL ifIdx={addrBuf.IfIdx} → dst={dst} (proto={buffer[9]}) — blocked locally, route restored for retransmit via VPN"); + Logger.Info($"[LEAK-PROTECTED] Packet with VPN srcIP exiting PHYSICAL ifIdx={addrBuf.IfIdx} → dst={dst} (proto={buffer[9]}) — blocked locally, route restored for retransmit via VPN"); else if (graceSuppressed) - Logger.Info($"[LEAK-BLOCKED-TRANSITION] Packet with VPN srcIP exiting PHYSICAL ifIdx={addrBuf.IfIdx} → dst={dst} (proto={buffer[9]}) — blocked during policy transition grace"); + Logger.Info($"[LEAK-PROTECTED-TRANSITION] Packet with VPN srcIP exiting PHYSICAL ifIdx={addrBuf.IfIdx} → dst={dst} (proto={buffer[9]}) — blocked during policy transition grace"); else - Logger.Warning($"[LEAK-BLOCKED] Packet with VPN srcIP exiting PHYSICAL ifIdx={addrBuf.IfIdx} → dst={dst} (proto={buffer[9]}) — blocked by split policy, route not restored"); + Logger.Info($"[LEAK-PROTECTED] Packet with VPN srcIP exiting PHYSICAL ifIdx={addrBuf.IfIdx} → dst={dst} (proto={buffer[9]}) — blocked by split policy, route not restored"); } } } diff --git a/AppTunnel/ViewModels/MainViewModel.Core.cs b/AppTunnel/ViewModels/MainViewModel.Core.cs index fc76500..294145e 100644 --- a/AppTunnel/ViewModels/MainViewModel.Core.cs +++ b/AppTunnel/ViewModels/MainViewModel.Core.cs @@ -403,20 +403,20 @@ public partial class MainViewModel : INotifyPropertyChanged ? (_trafficRouter.LeakCount == 0 ? (_trafficRouter.LeakBlockedCount == 0 ? "Leak: OK" - : $"Leak: OK (blocked {_trafficRouter.LeakBlockedCount})") + : $"Leak: Protected {_trafficRouter.LeakBlockedCount}") : $"Leak: {_trafficRouter.LeakCount}") : "Leak: -"; public string HeaderLeakColor => !IsConnected ? "#6CCB5F" : _trafficRouter.LeakCount > 0 ? "#E05252" - : (_trafficRouter.LeakBlockedCount > 0 ? "#E07820" : "#6CCB5F"); + : "#6CCB5F"; public string HealthLeakText => IsConnected ? (_trafficRouter.LeakCount == 0 ? (_trafficRouter.LeakBlockedCount == 0 ? "0 leak" - : $"0 leak / {_trafficRouter.LeakBlockedCount} blocked") + : $"0 leak / {_trafficRouter.LeakBlockedCount} protected") : $"{_trafficRouter.LeakCount} leak") : "-"; public string HealthDnsText => IsConnected