
分段 | 覆盖路径 | 核心技术手段 | 解决问题 |
T1 接入段 | 终端 ↔ 边缘接入节点 | Wi-Fi/蜂窝多发择优 +公网隧道穿透 | 弱网抖动、Wi-Fi/蜂窝切换、最后一公里丢包 |
T2 骨干网段 | 边缘接入节点 ↔ 源站地域边缘节点 | EdgeOne 四层加速 + 三方专线 + 公网线路智能调度 | 跨境跨运营商高延迟、互联点拥塞、单线路抖动 |
T3 回源段 | 源站地域边缘节点 ↔ 客户源站 | 加速网关就近回源(云内网/同机房) | 回源距离、跨云跨地域时延 |


package mainimport ("crypto/hmac""crypto/sha256""errors""fmt""golang.org/x/crypto/chacha20""net")// 派生128bit密钥+64bit noncefunc deriveParams(psk []byte, ip net.IP) (key []byte, nonce []byte) {mac := hmac.New(sha256.New, psk)mac.Write(ip)derived := mac.Sum(nil)return derived[:16], derived[16:24] // key=128bit, nonce=64bit}// IPv4加密 (32bit→32bit)func EncryptIPv4(ip net.IP, psk []byte) ([]byte, error) {if len(ip) != net.IPv4len {return nil, errors.New("invalid IPv4 length")}key, nonce := deriveParams(psk, ip)cipher, _ := chacha20.NewUnauthenticatedCipher(key, nonce)// 原地加密(32bit精确输出)ciphertext := make([]byte, net.IPv4len)cipher.XORKeyStream(ciphertext, ip.To4())return ciphertext, nil}// IPv6加密 (128bit→128bit)func EncryptIPv6(ip net.IP, psk []byte) ([]byte, error) {if len(ip) != net.IPv6len {return nil, errors.New("invalid IPv6 length")}key, nonce := deriveParams(psk, ip)cipher, _ := chacha20.NewUnauthenticatedCipher(key, nonce)// 128bit精确输出ciphertext := make([]byte, net.IPv6len)cipher.XORKeyStream(ciphertext, ip.To16())return ciphertext, nil}// 解密函数(加密/解密使用相同函数)var DecryptIPv4 = EncryptIPv4var DecryptIPv6 = EncryptIPv6func main() {psk := []byte("test-datakey")// IPv4测试ipv4 := net.IPv4(192, 168, 1, 1)encV4, _ := EncryptIPv4(ipv4, psk)decV4, _ := DecryptIPv4(encV4, psk)fmt.Printf("IPv4:\\n 原IP: %v\\n 密文: %08x\\n 解密: %v\\n",ipv4, encV4, decV4)// IPv6测试ipv6 := net.ParseIP("2001:db8::a1b2")encV6, _ := EncryptIPv6(ipv6, psk)decV6, _ := DecryptIPv6(encV6, psk)fmt.Printf("\\nIPv6:\\n 原IP: %v\\n 密文: %032x\\n 解密: %v\\n",ipv6, encV6, decV6)}















Android/data/com.android.tencentvpn/files/Documentsadb logcat -b all | grep PING > $(date +\\%m\\%d-\\%H:\\%M:\\%S).log

package com.android.tencentvpn.util;import io.jsonwebtoken.Jwts;import io.jsonwebtoken.SignatureAlgorithm;import java.security.Key;import java.util.Date;import javax.crypto.spec.SecretKeySpec;public class SignGenerate {private static final long EXPIRE_TIME = 72 * 60 * 60 * 1000; // 过期时间, 单位毫秒/*** @param deviceName 业务自己控制设备唯一标识* @param SecretKey 云api返回的 应用密钥* @return 多网sdk 需要传入的签名字符串 最终通过setSign 调用**/public static String generateSign(String deviceName, String SecretKey) {try {Date now = new Date();Date expireDate = new Date(now.getTime() + EXPIRE_TIME);Key key =new SecretKeySpec(SecretKey.getBytes(), SignatureAlgorithm.HS256.getJcaName());return Jwts.builder().claim("deviceName", deviceName).expiration(expireDate).signWith(key).compact();} catch (Exception e) {e.printStackTrace();}return "";}}
//podfile中添加pod 'JWT',集成JWT库// .h文件:@interface SignGenerator : NSObject/*** @deviceName 业务自己控制设备唯一标识* @param SecretKey 云api返回的 应用密钥* @return 多网sdk 需要传入的签名字符串 最终通过setSign 调用*/+ (NSString *)generateSignWithDeviceName:(NSString *)deviceName secretKey:(NSString *)secretKey;@end// .m文件#import "SignGenerator.h"#import <JWT/JWT.h>@implementation SignGenerator+ (NSString *)generateSignWithDeviceName:(NSString *)deviceName secretKey:(NSString *)secretKey {// 1. 设置过期时间(72小时后)NSDate *currentDate = [NSDate date];NSDate *expireDate = [currentDate dateByAddingTimeInterval:72 * 60 * 60];// 2. 构建 Claims(负载)NSDictionary *claims = @{@"deviceName": deviceName,@"exp": @((long)[expireDate timeIntervalSince1970]) // Expiration};NSData *keyData = [secretKey dataUsingEncoding:NSUTF8StringEncoding];// 3. 使用 HS256 算法和密钥签名JWTBuilder *builder = [JWTBuilder encodePayload:claims].secretData(keyData).algorithmName(@"HS256"); //算法名NSString *jwt = builder.encode;// 4. 错误处理if (builder.jwtError) {NSLog(@"JWT 生成失败: %@", builder.jwtError);return @"";}return jwt;}
package mainimport ("fmt""github.com/dgrijalva/jwt-go/v4""time")func main() {sign, expireTime, err := GenerateSign("tencent-test")if err != nil {panic(err)}println(sign, expireTime)}// SignClaims JwtCustomClaimstype SignClaims struct {jwt.StandardClaimsDeviceName string `json:"deviceName"`}var (ExpireTime = 72 // 过期时间, 单位小时SecretKey = []byte("your secretkey") // APP密钥)// GenerateSign 生成签名func GenerateSign(deviceName string) (string, int64, error) {expireTime := time.Now().Add(time.Duration(ExpireTime) * time.Hour)claims := &SignClaims{StandardClaims: jwt.StandardClaims{NotBefore: jwt.Now(),ExpiresAt: jwt.At(expireTime),},DeviceName: deviceName,}println(fmt.Sprintf("%#v", claims))token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)sign, err := token.SignedString(SecretKey)if err != nil {return "", 0, err}return sign, expireTime.Unix(), nil}
文档反馈