Phase 2 implemented with additional guards

2026-04-18 19:14:09 +03:00 · 2026-04-03 02:08:59 +04:00
parent a9f695623d
commit 6ea867ce36
27 changed files with 2513 additions and 1131 deletions
--- a/src/maestro/listeners.rs
+++ b/src/maestro/listeners.rs
@@ -14,6 +14,7 @@ use crate::crypto::SecureRandom;
 use crate::ip_tracker::UserIpTracker;
 use crate::proxy::ClientHandler;
 use crate::proxy::route_mode::{ROUTE_SWITCH_ERROR_MSG, RouteRuntimeController};
+use crate::proxy::shared_state::ProxySharedState;
 use crate::startup::{COMPONENT_LISTENERS_BIND, StartupTracker};
 use crate::stats::beobachten::BeobachtenStore;
 use crate::stats::{ReplayChecker, Stats};
@@ -49,6 +50,7 @@ pub(crate) async fn bind_listeners(
    tls_cache: Option<Arc<TlsFrontCache>>,
    ip_tracker: Arc<UserIpTracker>,
    beobachten: Arc<BeobachtenStore>,
+    shared: Arc<ProxySharedState>,
    max_connections: Arc<Semaphore>,
 ) -> Result<BoundListeners, Box<dyn Error>> {
    startup_tracker
@@ -224,6 +226,7 @@ pub(crate) async fn bind_listeners(
        let tls_cache = tls_cache.clone();
        let ip_tracker = ip_tracker.clone();
        let beobachten = beobachten.clone();
+        let shared = shared.clone();
        let max_connections_unix = max_connections.clone();

        tokio::spawn(async move {
@@ -284,11 +287,12 @@ pub(crate) async fn bind_listeners(
                        let tls_cache = tls_cache.clone();
                        let ip_tracker = ip_tracker.clone();
                        let beobachten = beobachten.clone();
+                        let shared = shared.clone();
                        let proxy_protocol_enabled = config.server.proxy_protocol;

                        tokio::spawn(async move {
                            let _permit = permit;
-                            if let Err(e) = crate::proxy::client::handle_client_stream(
+                            if let Err(e) = crate::proxy::client::handle_client_stream_with_shared(
                                stream,
                                fake_peer,
                                config,
@@ -302,6 +306,7 @@ pub(crate) async fn bind_listeners(
                                tls_cache,
                                ip_tracker,
                                beobachten,
+                                shared,
                                proxy_protocol_enabled,
                            )
                            .await
@@ -351,6 +356,7 @@ pub(crate) fn spawn_tcp_accept_loops(
    tls_cache: Option<Arc<TlsFrontCache>>,
    ip_tracker: Arc<UserIpTracker>,
    beobachten: Arc<BeobachtenStore>,
+    shared: Arc<ProxySharedState>,
    max_connections: Arc<Semaphore>,
 ) {
    for (listener, listener_proxy_protocol) in listeners {
@@ -366,6 +372,7 @@ pub(crate) fn spawn_tcp_accept_loops(
        let tls_cache = tls_cache.clone();
        let ip_tracker = ip_tracker.clone();
        let beobachten = beobachten.clone();
+        let shared = shared.clone();
        let max_connections_tcp = max_connections.clone();

        tokio::spawn(async move {
@@ -421,13 +428,14 @@ pub(crate) fn spawn_tcp_accept_loops(
                        let tls_cache = tls_cache.clone();
                        let ip_tracker = ip_tracker.clone();
                        let beobachten = beobachten.clone();
+                        let shared = shared.clone();
                        let proxy_protocol_enabled = listener_proxy_protocol;
                        let real_peer_report = Arc::new(std::sync::Mutex::new(None));
                        let real_peer_report_for_handler = real_peer_report.clone();

                        tokio::spawn(async move {
                            let _permit = permit;
-                            if let Err(e) = ClientHandler::new(
+                            if let Err(e) = ClientHandler::new_with_shared(
                                stream,
                                peer_addr,
                                config,
@@ -441,6 +449,7 @@ pub(crate) fn spawn_tcp_accept_loops(
                                tls_cache,
                                ip_tracker,
                                beobachten,
+                                shared,
                                proxy_protocol_enabled,
                                real_peer_report_for_handler,
                            )
--- a/src/maestro/mod.rs
+++ b/src/maestro/mod.rs
@@ -33,6 +33,7 @@ use crate::crypto::SecureRandom;
 use crate::ip_tracker::UserIpTracker;
 use crate::network::probe::{decide_network_capabilities, log_probe_result, run_probe};
 use crate::proxy::route_mode::{RelayRouteMode, RouteRuntimeController};
+use crate::proxy::shared_state::ProxySharedState;
 use crate::startup::{
    COMPONENT_API_BOOTSTRAP, COMPONENT_CONFIG_LOAD, COMPONENT_ME_POOL_CONSTRUCT,
    COMPONENT_ME_POOL_INIT_STAGE1, COMPONENT_ME_PROXY_CONFIG_V4, COMPONENT_ME_PROXY_CONFIG_V6,
@@ -631,6 +632,7 @@ async fn run_inner(
    )
    .await;
    let _admission_tx_hold = admission_tx;
+    let shared_state = ProxySharedState::new();

    let bound = listeners::bind_listeners(
        &config,
@@ -651,6 +653,7 @@ async fn run_inner(
        tls_cache.clone(),
        ip_tracker.clone(),
        beobachten.clone(),
+        shared_state.clone(),
        max_connections.clone(),
    )
    .await?;
@@ -707,6 +710,7 @@ async fn run_inner(
        tls_cache.clone(),
        ip_tracker.clone(),
        beobachten.clone(),
+        shared_state,
        max_connections.clone(),
    );