From b8d1002d35a2f7ffc9cc0c11af4d7b4050970069 Mon Sep 17 00:00:00 2001
From: Gouryella <q6221745@gmail.com>
Date: Wed, 14 Jan 2026 14:50:45 +0800
Subject: [PATCH] feat(tcp): add TCP transmission protocol check

---
 internal/server/tcp/listener.go | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/internal/server/tcp/listener.go b/internal/server/tcp/listener.go
index b52666a..78e71d1 100644
--- a/internal/server/tcp/listener.go
+++ b/internal/server/tcp/listener.go
@@ -197,6 +197,14 @@ func (l *Listener) handleConnection(netConn net.Conn) {
 		l.connMu.Unlock()
 	})
 
+	// Check if TCP transport is allowed
+	if !l.IsTransportAllowed("tcp") {
+		l.logger.Warn("TCP transport not allowed, rejecting connection",
+			zap.String("remote_addr", netConn.RemoteAddr().String()),
+		)
+		return
+	}
+
 	tlsConn, ok := netConn.(*tls.Conn)
 	if !ok {
 		l.logger.Error("Connection is not TLS")