Admission-timeouts + Global Each TCP Connections

Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
2026-04-18 11:04:09 +03:00 · 2026-03-31 11:14:55 +03:00
parent 5bf56b6dd8
commit b8cf596e7d
17 changed files with 275 additions and 71 deletions
--- a/src/maestro/helpers.rs
+++ b/src/maestro/helpers.rs
@@ -149,7 +149,9 @@ fn print_help() {
    }
    eprintln!();
    eprintln!("Options:");
-    eprintln!("  --data-path <DIR>       Set data directory (absolute path; overrides config value)");
+    eprintln!(
+        "  --data-path <DIR>       Set data directory (absolute path; overrides config value)"
+    );
    eprintln!("  --silent, -s            Suppress info logs");
    eprintln!("  --log-level <LEVEL>     debug|verbose|normal|silent");
    eprintln!("  --help, -h              Show this help");
@@ -173,16 +175,10 @@ fn print_help() {
        eprintln!();
    }
    eprintln!("Setup (fire-and-forget):");
-    eprintln!(
-        "  --init                  Generate config, install systemd service, start"
-    );
+    eprintln!("  --init                  Generate config, install systemd service, start");
    eprintln!("    --port <PORT>          Listen port (default: 443)");
-    eprintln!(
-        "    --domain <DOMAIN>      TLS domain for masking (default: www.google.com)"
-    );
-    eprintln!(
-        "    --secret <HEX>         32-char hex secret (auto-generated if omitted)"
-    );
+    eprintln!("    --domain <DOMAIN>      TLS domain for masking (default: www.google.com)");
+    eprintln!("    --secret <HEX>         32-char hex secret (auto-generated if omitted)");
    eprintln!("    --user <NAME>          Username (default: user)");
    eprintln!("    --config-dir <DIR>     Config directory (default: /etc/telemt)");
    eprintln!("    --no-start             Don't start the service after install");
--- a/src/maestro/mod.rs
+++ b/src/maestro/mod.rs
@@ -83,7 +83,6 @@ pub async fn run() -> std::result::Result<(), Box<dyn std::error::Error>> {
 async fn run_inner(
    daemon_opts: DaemonOptions,
 ) -> std::result::Result<(), Box<dyn std::error::Error>> {
-
    // Acquire PID file if daemonizing or if explicitly requested
    // Keep it alive until shutdown (underscore prefix = intentionally kept for RAII cleanup)
    let _pid_file = if daemon_opts.daemonize || daemon_opts.pid_file.is_some() {
@@ -665,10 +664,7 @@ async fn run_inner(

    // Drop privileges after binding sockets (which may require root for port < 1024)
    if daemon_opts.user.is_some() || daemon_opts.group.is_some() {
-        if let Err(e) = drop_privileges(
-            daemon_opts.user.as_deref(),
-            daemon_opts.group.as_deref(),
-        ) {
+        if let Err(e) = drop_privileges(daemon_opts.user.as_deref(), daemon_opts.group.as_deref()) {
            error!(error = %e, "Failed to drop privileges");
            std::process::exit(1);
        }
--- a/src/maestro/shutdown.rs
+++ b/src/maestro/shutdown.rs
@@ -11,10 +11,10 @@
 use std::sync::Arc;
 use std::time::{Duration, Instant};

-#[cfg(unix)]
-use tokio::signal::unix::{SignalKind, signal};
 #[cfg(not(unix))]
 use tokio::signal;
+#[cfg(unix)]
+use tokio::signal::unix::{SignalKind, signal};
 use tracing::{info, warn};

 use crate::stats::Stats;
@@ -94,7 +94,8 @@ async fn perform_shutdown(

    // Graceful ME pool shutdown
    if let Some(pool) = &me_pool {
-        match tokio::time::timeout(Duration::from_secs(2), pool.shutdown_send_close_conn_all()).await
+        match tokio::time::timeout(Duration::from_secs(2), pool.shutdown_send_close_conn_all())
+            .await
        {
            Ok(total) => {
                info!(
@@ -159,15 +160,12 @@ fn dump_stats(stats: &Stats, process_started_at: Instant) {
 /// - SIGUSR1: Log rotation acknowledgment (for external log rotation tools)
 /// - SIGUSR2: Dump runtime status to log
 #[cfg(unix)]
-pub(crate) fn spawn_signal_handlers(
-    stats: Arc<Stats>,
-    process_started_at: Instant,
-) {
+pub(crate) fn spawn_signal_handlers(stats: Arc<Stats>, process_started_at: Instant) {
    tokio::spawn(async move {
-        let mut sigusr1 = signal(SignalKind::user_defined1())
-            .expect("Failed to register SIGUSR1 handler");
-        let mut sigusr2 = signal(SignalKind::user_defined2())
-            .expect("Failed to register SIGUSR2 handler");
+        let mut sigusr1 =
+            signal(SignalKind::user_defined1()).expect("Failed to register SIGUSR1 handler");
+        let mut sigusr2 =
+            signal(SignalKind::user_defined2()).expect("Failed to register SIGUSR2 handler");

        loop {
            tokio::select! {
@@ -184,10 +182,7 @@ pub(crate) fn spawn_signal_handlers(

 /// No-op on non-Unix platforms.
 #[cfg(not(unix))]
-pub(crate) fn spawn_signal_handlers(
-    _stats: Arc<Stats>,
-    _process_started_at: Instant,
-) {
+pub(crate) fn spawn_signal_handlers(_stats: Arc<Stats>, _process_started_at: Instant) {
    // No SIGUSR1/SIGUSR2 on non-Unix
 }