feat(wcf): C2 spike + ConnectViaAddress/connmode — WCF transport viable, rows server-gated #1
Reference in New Issue
Block a user
Delete Branch "feat/c2-wcf-event-spike"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Summary
The C2 (event-read) investigation: a cross-platform WCF event-read diagnostic spike + the evidence and SDK additions it produced.
Result (live, cross-platform direct to the 2023 R2 historian):
NegotiateAuthenticationauth reach the 2023 R2 historian cross-platform (integrated/Windows transport security does not tunnel). The0x501event connection mode makes CM_EVENTRegisterTagssucceed (it fails on0x402/0x401).StartEventQueryreturns a 0-row buffer and long-polls over a window that holds events — registration and window ruled out → the same server-side per-connection row gate as gRPC. Not client-fixable.Changes
tests/.../WcfEventReadSpikeTests.cs— env-gated diagnostic; transport-selectable (integrated|certificate), cross-platform for the cert transport, bounded (per-call timeout + overall budget with a phase-diagnostic dump), version-gate bypassable. Sanitized output only.docs/reverse-engineering/wcf-event-read-spike-results.md— the corrected, sanitized live result.HistorianClientOptions.ConnectViaAddress— WCFVia(connect to a tunnel/proxy while addressing the SOAPTothe real endpoint), viaChannelFactory.CreateChannel(address, via)at the event/read sites.HistorianClientOptions.EventReadConnectionModeOverride— diagnostic override of the event-read OpenConnection mode (the0x501finding).Grpc/HistorianGrpcEventOrchestrator.cs+Wcf/HistorianWcfEventOrchestrator.cs— corrected gating messages (server-gated over both transports). String/comment + the two new options; no default-behavior change.Test plan
CreateMdasNetNamedPipeBinding_*— not in scope): 352 passed / 0 new fails with the historian env unset.Pairs with HistorianGateway PR
feat/c2-wcf-event-spike.https://claude.ai/code/session_012SDSQ3AcaXqPcBtDESBRii
WCF net.tcp (RemoteTcpIntegrated) against the live 2023 R2 historian is reset at the socket-write/framing layer before any auth — both the event spike and a basic Probe/ReadRaw throw the identical CommunicationException/SocketException ("forcibly closed by the remote host"). The 2023 R2 box does not serve the legacy WCF transport; C2's "route via WCF" unblock is moot on this server class. Sanitized: counts + native return codes + buffer lengths only. Claude-Session: https://claude.ai/code/session_012SDSQ3AcaXqPcBtDESBRii