From 46ea70eab40d2a67951fe69a171c13332e4413c7 Mon Sep 17 00:00:00 2001
From: hotyue <52734432+hotyue@users.noreply.github.com>
Date: Sat, 30 May 2026 07:18:27 +0000
Subject: [PATCH] =?UTF-8?q?fix(agent):=20=E5=BD=BB=E5=BA=95=E6=A0=B9?=
 =?UTF-8?q?=E9=99=A4=E7=BA=AF=20IPv6=20=E5=8F=8A=E5=8F=8C=E6=A0=88?=
 =?UTF-8?q?=E8=8A=82=E7=82=B9=E5=9B=A0=20Socket=20=E5=8D=8F=E8=AE=AE?=
 =?UTF-8?q?=E6=A0=88=E7=BB=91=E5=AE=9A=E9=94=99=E8=AF=AF=E5=AF=BC=E8=87=B4?=
 =?UTF-8?q?=E7=9A=84=E2=80=9C=E6=8C=87=E4=BB=A4=E8=80=B3=E8=81=8B=E2=80=9D?=
 =?UTF-8?q?=E6=8B=92=E7=BB=9D=E6=9C=8D=E5=8A=A1=E6=BC=8F=E6=B4=9E?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 core/agent_daemon.sh | 30 ++++++++++++++++--------------
 1 file changed, 16 insertions(+), 14 deletions(-)

diff --git a/core/agent_daemon.sh b/core/agent_daemon.sh
index 71feec9..e4a327d 100755
--- a/core/agent_daemon.sh
+++ b/core/agent_daemon.sh
@@ -55,6 +55,16 @@ if [ -n "$AGENT_IP" ]; then
     fi
 fi
 
+# [v4.1.8 核心修复] 彻底解决 IPv6 致命耳聋漏洞 (Socket Binding Mismatch)
+# 在拉起 Python 引擎前，由 Bash 强行锁定底层网络栈监听维度，抛弃脆弱的内部解析
+if [[ "$AGENT_IP" == *":"* ]]; then
+    export BIND_ADDR="::"
+    echo "🌐 [Agent] 协议栈识别: 侦测到 IPv6 基因，底层路由强锁定至 [::]"
+else
+    export BIND_ADDR="0.0.0.0"
+    echo "🌐 [Agent] 协议栈识别: 侦测到 IPv4 基因，底层路由强锁定至 0.0.0.0"
+fi
+
 # ==========================================================
 # [加密通信] 强制构建自签名 TLS 装甲，屏蔽中间人嗅探
 # ==========================================================
@@ -472,20 +482,12 @@ import socket
 class ThreadedServer(socketserver.ThreadingMixIn, socketserver.TCPServer):
     allow_reuse_address = True
 
-# 精准探底协议栈：根据配置的 IP 类型动态执行 AF_INET/AF_INET6 单轨监听
-bind_addr = "0.0.0.0"
-ThreadedServer.address_family = socket.AF_INET
-
-config_path = '/opt/ip_sentinel/config.conf'
-if os.path.exists(config_path):
-    with open(config_path, 'r', errors='ignore') as f:
-        for line in f:
-            if line.startswith('PUBLIC_IP='):
-                pub_ip = line.split('=', 1)[1].strip('"\'')
-                if ':' in pub_ip:
-                    bind_addr = "::"
-                    ThreadedServer.address_family = socket.AF_INET6
-                break
+# [v4.1.8 终极修复] 废除脆弱的 Python 内置解析，直接读取 Bash 注入的底层环境变量
+bind_addr = os.environ.get('BIND_ADDR', '0.0.0.0')
+if bind_addr == "::":
+    ThreadedServer.address_family = socket.AF_INET6
+else:
+    ThreadedServer.address_family = socket.AF_INET
 
 httpd = ThreadedServer((bind_addr, PORT), AgentHandler)