astelm/telemt
1
0
Fork 0
mirror of https://github.com/telemt/telemt.git synced 2026-06-11 05:21:43 +03:00
Code Issues Packages Projects Releases Wiki Activity

sec -> ms in mask timeouts config. allows subsecond values in tests

Browse Source
This commit is contained in:
Batmaev
2026-04-07 22:40:07 +03:00
parent 380678380d
commit 0fa4ef7455
5 changed files with 32 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
docs/CONFIG_PARAMS.en.md
View File

@@ -2466,8 +2466,8 @@ Note: This section also accepts the legacy alias `[server.admin_api]` (same sche
| [`mask_shape_above_cap_blur`](#cfg-censorship-mask_shape_above_cap_blur) | `bool` | `false` |
| [`mask_shape_above_cap_blur_max_bytes`](#cfg-censorship-mask_shape_above_cap_blur_max_bytes) | `usize` | `512` |
| [`mask_relay_max_bytes`](#cfg-censorship-mask_relay_max_bytes) | `usize` | `5242880` |
| [`mask_relay_timeout_secs`](#cfg-censorship-mask_relay_timeout_secs) | `u64` | `60` |
| [`mask_relay_idle_timeout_secs`](#cfg-censorship-mask_relay_idle_timeout_secs) | `u64` | `5` |
| [`mask_relay_timeout_ms`](#cfg-censorship-mask_relay_timeout_ms) | `u64` | `60_000` |
| [`mask_relay_idle_timeout_ms`](#cfg-censorship-mask_relay_idle_timeout_ms) | `u64` | `5_000` |
| [`mask_classifier_prefetch_timeout_ms`](#cfg-censorship-mask_classifier_prefetch_timeout_ms) | `u64` | `5` |
| [`mask_timing_normalization_enabled`](#cfg-censorship-mask_timing_normalization_enabled) | `bool` | `false` |
| [`mask_timing_normalization_floor_ms`](#cfg-censorship-mask_timing_normalization_floor_ms) | `u64` | `0` |
@@ -2738,25 +2738,25 @@ Note: This section also accepts the legacy alias `[server.admin_api]` (same sche
[censorship]
mask_relay_max_bytes = 5242880
```
<a id="cfg-censorship-mask_relay_timeout_secs"></a>
- `mask_relay_timeout_secs`
- **Constraints / validation**: Should be `>= mask_relay_idle_timeout_secs`.
- **Description**: Wall-clock cap (seconds) for the full masking relay on non-MTProto fallback paths. Raise when the mask target is a long-lived service (e.g. WebSocket).
<a id="cfg-censorship-mask_relay_timeout_ms"></a>
- `mask_relay_timeout_ms`
- **Constraints / validation**: Should be `>= mask_relay_idle_timeout_ms`.
- **Description**: Wall-clock cap (ms) for the full masking relay on non-MTProto fallback paths. Raise when the mask target is a long-lived service (e.g. WebSocket). Default: 60 000 ms (60 s).
- **Example**:
```toml
[censorship]
mask_relay_timeout_secs = 60
mask_relay_timeout_ms = 60000
```
<a id="cfg-censorship-mask_relay_idle_timeout_secs"></a>
- `mask_relay_idle_timeout_secs`
- **Constraints / validation**: Should be `<= mask_relay_timeout_secs`.
- **Description**: Per-read idle timeout (seconds) on masking relay and drain paths. Limits resource consumption by slow-loris attacks and port scanners. A read call stalling beyond this value is treated as an abandoned connection.
<a id="cfg-censorship-mask_relay_idle_timeout_ms"></a>
- `mask_relay_idle_timeout_ms`
- **Constraints / validation**: Should be `<= mask_relay_timeout_ms`.
- **Description**: Per-read idle timeout (ms) on masking relay and drain paths. Limits resource consumption by slow-loris attacks and port scanners. A read call stalling beyond this value is treated as an abandoned connection. Default: 5 000 ms (5 s).
- **Example**:
```toml
[censorship]
mask_relay_idle_timeout_secs = 5
mask_relay_idle_timeout_ms = 5000
```
<a id="cfg-censorship-mask_classifier_prefetch_timeout_ms"></a>
- `mask_classifier_prefetch_timeout_ms`

16
src/config/defaults.rs
View File

@@ -616,23 +616,23 @@ pub(crate) fn default_mask_relay_max_bytes() -> usize {
}
#[cfg(not(test))]
pub(crate) fn default_mask_relay_timeout_secs() -> u64 {
60
pub(crate) fn default_mask_relay_timeout_ms() -> u64 {
60_000
}
#[cfg(test)]
pub(crate) fn default_mask_relay_timeout_secs() -> u64 {
10
pub(crate) fn default_mask_relay_timeout_ms() -> u64 {
200
}
#[cfg(not(test))]
pub(crate) fn default_mask_relay_idle_timeout_secs() -> u64 {
5
pub(crate) fn default_mask_relay_idle_timeout_ms() -> u64 {
5_000
}
#[cfg(test)]
pub(crate) fn default_mask_relay_idle_timeout_secs() -> u64 {
1
pub(crate) fn default_mask_relay_idle_timeout_ms() -> u64 {
100
}
pub(crate) fn default_mask_classifier_prefetch_timeout_ms() -> u64 {

5
src/config/hot_reload.rs
View File

@@ -611,9 +611,8 @@ fn warn_non_hot_changes(old: &ProxyConfig, new: &ProxyConfig, non_hot_changed: b
|| old.censorship.mask_shape_above_cap_blur_max_bytes
!= new.censorship.mask_shape_above_cap_blur_max_bytes
|| old.censorship.mask_relay_max_bytes != new.censorship.mask_relay_max_bytes
|| old.censorship.mask_relay_timeout_secs != new.censorship.mask_relay_timeout_secs
|| old.censorship.mask_relay_idle_timeout_secs
!= new.censorship.mask_relay_idle_timeout_secs
|| old.censorship.mask_relay_timeout_ms != new.censorship.mask_relay_timeout_ms
|| old.censorship.mask_relay_idle_timeout_ms != new.censorship.mask_relay_idle_timeout_ms
|| old.censorship.mask_classifier_prefetch_timeout_ms
!= new.censorship.mask_classifier_prefetch_timeout_ms
|| old.censorship.mask_timing_normalization_enabled

14
src/config/types.rs
View File

@@ -1688,14 +1688,16 @@ pub struct AntiCensorshipConfig {
/// Wall-clock cap for the full masking relay on non-MTProto fallback paths.
/// Raise when the mask target is a long-lived service (e.g. WebSocket).
#[serde(default = "default_mask_relay_timeout_secs")]
pub mask_relay_timeout_secs: u64,
/// Default: 60 000 ms (60 s).
#[serde(default = "default_mask_relay_timeout_ms")]
pub mask_relay_timeout_ms: u64,
/// Per-read idle timeout on masking relay and drain paths.
/// Limits resource consumption by slow-loris attacks and port scanners.
/// A read call stalling beyond this is treated as an abandoned connection.
#[serde(default = "default_mask_relay_idle_timeout_secs")]
pub mask_relay_idle_timeout_secs: u64,
/// Default: 5 000 ms (5 s).
#[serde(default = "default_mask_relay_idle_timeout_ms")]
pub mask_relay_idle_timeout_ms: u64,
/// Prefetch timeout (ms) for extending fragmented masking classifier window.
#[serde(default = "default_mask_classifier_prefetch_timeout_ms")]
@@ -1742,8 +1744,8 @@ impl Default for AntiCensorshipConfig {
mask_shape_above_cap_blur: default_mask_shape_above_cap_blur(),
mask_shape_above_cap_blur_max_bytes: default_mask_shape_above_cap_blur_max_bytes(),
mask_relay_max_bytes: default_mask_relay_max_bytes(),
mask_relay_timeout_secs: default_mask_relay_timeout_secs(),
mask_relay_idle_timeout_secs: default_mask_relay_idle_timeout_secs(),
mask_relay_timeout_ms: default_mask_relay_timeout_ms(),
mask_relay_idle_timeout_ms: default_mask_relay_idle_timeout_ms(),
mask_classifier_prefetch_timeout_ms: default_mask_classifier_prefetch_timeout_ms(),
mask_timing_normalization_enabled: default_mask_timing_normalization_enabled(),
mask_timing_normalization_floor_ms: default_mask_timing_normalization_floor_ms(),

4
src/proxy/masking.rs
View File

@@ -643,8 +643,8 @@ pub async fn handle_bad_client<R, W>(
beobachten.record(client_type, peer.ip(), ttl);
}
let relay_timeout = Duration::from_secs(config.censorship.mask_relay_timeout_secs);
let idle_timeout = Duration::from_secs(config.censorship.mask_relay_idle_timeout_secs);
let relay_timeout = Duration::from_millis(config.censorship.mask_relay_timeout_ms);
let idle_timeout = Duration::from_millis(config.censorship.mask_relay_idle_timeout_ms);
if !config.censorship.mask {
// Masking disabled, just consume data