Desync Full Forensics

Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
2026-04-18 11:04:09 +03:00 · 2026-02-23 15:28:02 +03:00
parent 1dfe38c5db
commit d08ddd718a
7 changed files with 304 additions and 31 deletions
--- a/src/config/defaults.rs
+++ b/src/config/defaults.rs
@@ -118,6 +118,10 @@ pub(crate) fn default_max_client_frame() -> usize {
    16 * 1024 * 1024
 }

+pub(crate) fn default_desync_all_full() -> bool {
+    false
+}
+
 pub(crate) fn default_tls_new_session_tickets() -> u8 {
    0
 }
--- a/src/config/hot_reload.rs
+++ b/src/config/hot_reload.rs
@@ -10,6 +10,7 @@
 //! | `general` | `ad_tag`                      | Passed on next connection         |
 //! | `general` | `middle_proxy_pool_size`      | Passed on next connection         |
 //! | `general` | `me_keepalive_*`              | Passed on next connection         |
+//! | `general` | `desync_all_full`             | Applied immediately               |
 //! | `access`  | All user/quota fields         | Effective immediately             |
 //!
 //! Fields that require re-binding sockets (`server.port`, `censorship.*`,
@@ -34,6 +35,7 @@ pub struct HotFields {
    pub log_level:               LogLevel,
    pub ad_tag:                  Option<String>,
    pub middle_proxy_pool_size:  usize,
+    pub desync_all_full:         bool,
    pub me_keepalive_enabled:    bool,
    pub me_keepalive_interval_secs: u64,
    pub me_keepalive_jitter_secs:   u64,
@@ -47,6 +49,7 @@ impl HotFields {
            log_level:               cfg.general.log_level.clone(),
            ad_tag:                  cfg.general.ad_tag.clone(),
            middle_proxy_pool_size:  cfg.general.middle_proxy_pool_size,
+            desync_all_full:         cfg.general.desync_all_full,
            me_keepalive_enabled:    cfg.general.me_keepalive_enabled,
            me_keepalive_interval_secs: cfg.general.me_keepalive_interval_secs,
            me_keepalive_jitter_secs:   cfg.general.me_keepalive_jitter_secs,
@@ -175,6 +178,13 @@ fn log_changes(
        );
    }

+    if old_hot.desync_all_full != new_hot.desync_all_full {
+        info!(
+            "config reload: desync_all_full: {} → {}",
+            old_hot.desync_all_full, new_hot.desync_all_full,
+        );
+    }
+
    if old_hot.me_keepalive_enabled        != new_hot.me_keepalive_enabled
    || old_hot.me_keepalive_interval_secs  != new_hot.me_keepalive_interval_secs
    || old_hot.me_keepalive_jitter_secs    != new_hot.me_keepalive_jitter_secs
--- a/src/config/types.rs
+++ b/src/config/types.rs
@@ -201,6 +201,11 @@ pub struct GeneralConfig {
    #[serde(default = "default_max_client_frame")]
    pub max_client_frame: usize,

+    /// Emit full crypto-desync forensic logs for every event.
+    /// When false, full forensic details are emitted once per key window.
+    #[serde(default = "default_desync_all_full")]
+    pub desync_all_full: bool,
+
    /// Enable staggered warmup of extra ME writers.
    #[serde(default = "default_true")]
    pub me_warmup_stagger_enabled: bool,
@@ -310,6 +315,7 @@ impl Default for GeneralConfig {
            links: LinksConfig::default(),
            crypto_pending_buffer: default_crypto_pending_buffer(),
            max_client_frame: default_max_client_frame(),
+            desync_all_full: default_desync_all_full(),
            fast_mode_min_tls_record: default_fast_mode_min_tls_record(),
            proxy_secret_auto_reload_secs: default_proxy_secret_reload_secs(),
            proxy_config_auto_reload_secs: default_proxy_config_reload_secs(),