Enhance TLS Emulator with ALPN Support and Add Adversarial Tests

- Modified `build_emulated_server_hello` to accept ALPN (Application-Layer Protocol Negotiation) as an optional parameter, allowing for the embedding of ALPN markers in the application data payload. - Implemented logic to handle oversized ALPN values and ensure they do not interfere with the application data payload. - Added new security tests in `emulator_security_tests.rs` to validate the behavior of the ALPN embedding, including scenarios for oversized ALPN and preference for certificate payloads over ALPN markers. - Introduced `send_adversarial_tests.rs` to cover edge cases and potential issues in the middle proxy's send functionality, ensuring robustness against various failure modes. - Updated `middle_proxy` module to include new test modules and ensure proper handling of writer commands during data transmission.
2026-04-17 18:44:10 +03:00 · 2026-03-18 17:04:50 +04:00
parent 97d4a1c5c8
commit 20e205189c
20 changed files with 2935 additions and 113 deletions
--- a/src/proxy/client.rs
+++ b/src/proxy/client.rs
@@ -31,19 +31,16 @@ struct UserConnectionReservation {
    user: String,
    ip: IpAddr,
    active: bool,
-    runtime_handle: Option<tokio::runtime::Handle>,
 }

 impl UserConnectionReservation {
    fn new(stats: Arc<Stats>, ip_tracker: Arc<UserIpTracker>, user: String, ip: IpAddr) -> Self {
-        let runtime_handle = tokio::runtime::Handle::try_current().ok();
        Self {
            stats,
            ip_tracker,
            user,
            ip,
            active: true,
-            runtime_handle,
        }
    }

@@ -64,29 +61,7 @@ impl Drop for UserConnectionReservation {
        }
        self.active = false;
        self.stats.decrement_user_curr_connects(&self.user);
-
-        if let Some(handle) = &self.runtime_handle {
-            let ip_tracker = self.ip_tracker.clone();
-            let user = self.user.clone();
-            let ip = self.ip;
-            let handle = handle.clone();
-            handle.spawn(async move {
-                ip_tracker.remove_ip(&user, ip).await;
-            });
-        } else if let Ok(handle) = tokio::runtime::Handle::try_current() {
-            let ip_tracker = self.ip_tracker.clone();
-            let user = self.user.clone();
-            let ip = self.ip;
-            handle.spawn(async move {
-                ip_tracker.remove_ip(&user, ip).await;
-            });
-        } else {
-            warn!(
-                user = %self.user,
-                ip = %self.ip,
-                "UserConnectionReservation dropped without Tokio runtime; IP reservation cleanup skipped"
-            );
-        }
+        self.ip_tracker.enqueue_cleanup(self.user.clone(), self.ip);
    }
 }