Merge pull request #203 from Dimasssss/main

Moving parameters from config.toml to the code
2026-02-22 16:36:12 +03:00 · 2026-02-22 16:36:12 +03:00 · fcf37a1a69
parent d552ae84d0 c5f5b43494
commit fcf37a1a69
3 changed files with 17 additions and 143 deletions
--- a/README.md
+++ b/README.md
@ -178,147 +178,21 @@ then Ctrl+X -> Y -> Enter to save
 ```toml
 # === General Settings ===
 [general]
 fast_mode = true
 use_middle_proxy = true
 # ad_tag = "00000000000000000000000000000000"
 # Path to proxy-secret binary (auto-downloaded if missing).
 proxy_secret_path = "proxy-secret"
 # disable_colors = false  # Disable colored output in logs (useful for files/systemd)
 # === Log Level ===
 # Log level: debug | verbose | normal | silent
 # Can be overridden with --silent or --log-level CLI flags
 # RUST_LOG env var takes absolute priority over all of these
 log_level = "normal"
 # === Middle Proxy - ME ===
 # Public IP override for ME KDF when behind NAT; leave unset to auto-detect.
 # middle_proxy_nat_ip = "203.0.113.10"
 # Enable STUN probing to discover public IP:port for ME.
 middle_proxy_nat_probe = true
 # Primary STUN server (host:port); defaults to Telegram STUN when empty.
 middle_proxy_nat_stun = "stun.l.google.com:19302"
 # Optional fallback STUN servers list.
 middle_proxy_nat_stun_servers = ["stun1.l.google.com:19302", "stun2.l.google.com:19302"]
 # Desired number of concurrent ME writers in pool.
 middle_proxy_pool_size = 16
 # Pre-initialized warm-standby ME connections kept idle.
 middle_proxy_warm_standby = 8
 # Ignore STUN/interface mismatch and keep ME enabled even if IP differs.
 stun_iface_mismatch_ignore = false
 # Keepalive padding frames - fl==4
 me_keepalive_enabled = true
 me_keepalive_interval_secs = 25           # Period between keepalives
 me_keepalive_jitter_secs = 5              # Jitter added to interval
 me_keepalive_payload_random = true        # Randomize 4-byte payload (vs zeros)
 # Stagger extra ME connections on warmup to de-phase lifecycles.
 me_warmup_stagger_enabled = true
 me_warmup_step_delay_ms = 500             # Base delay between extra connects
 me_warmup_step_jitter_ms = 300            # Jitter for warmup delay
 # Reconnect policy knobs.
 me_reconnect_max_concurrent_per_dc = 1    # Parallel reconnects per DC - EXPERIMENTAL! UNSTABLE!
 me_reconnect_backoff_base_ms = 500        # Backoff start
 me_reconnect_backoff_cap_ms = 30000       # Backoff cap
 me_reconnect_fast_retry_count = 11        # Quick retries before backoff
 [general.modes]
 classic = false
 secure = false
 tls = true
 [general.links]
 show = "*"
 # show = ["alice", "bob"] # Only show links for alice and bob
 # show = "*"              # Show links for all users
 # public_host = "proxy.example.com"  # Host (IP or domain) for tg:// links
 # public_port = 443                  # Port for tg:// links (default: server.port)
 # === Network Parameters ===
 [network]
 # Enable/disable families: true/false/auto(None)
 ipv4 = true
 ipv6 = false # UNSTABLE WITH ME
 # prefer = 4 or 6
 prefer = 4
 multipath = false # EXPERIMENTAL!
 # === Server Binding ===
 [server]
 port = 443
 listen_addr_ipv4 = "0.0.0.0"
 listen_addr_ipv6 = "::"
 # listen_unix_sock = "/var/run/telemt.sock" # Unix socket
 # listen_unix_sock_perm = "0666" # Socket file permissions
 # metrics_port = 9090
 # metrics_whitelist = [
 #    "192.168.0.0/24",
 #    "172.16.0.0/12",
 #    "127.0.0.1/32",
 #    "::1/128"
 #]
 # Listen on multiple interfaces/IPs - IPv4
 [[server.listeners]]
 ip = "0.0.0.0"
 # Listen on multiple interfaces/IPs - IPv6
 [[server.listeners]]
 ip = "::"
 # === Timeouts (in seconds) ===
 [timeouts]
 client_handshake = 30
 tg_connect = 10
 client_keepalive = 60
 client_ack = 300
 # Quick ME reconnects for single-address DCs (count and per-attempt timeout, ms).
 me_one_retry = 12
 me_one_timeout_ms = 1200
 # === Anti-Censorship & Masking ===
 [censorship]
 tls_domain = "petrovich.ru"
 mask = true
 mask_port = 443
 # mask_host = "petrovich.ru" # Defaults to tls_domain if not set
 # mask_unix_sock = "/var/run/nginx.sock" # Unix socket (mutually exclusive with mask_host)
 fake_cert_len = 2048
 # === Access Control & Users ===
 [access]
 replay_check_len = 65536
 replay_window_secs = 1800
 ignore_time_skew = false
 [access.users]
 # format: "username" = "32_hex_chars_secret"
 hello = "00000000000000000000000000000000"
 # [access.user_max_tcp_conns]
 # hello = 50
 # [access.user_max_unique_ips]
 # hello = 5
 # [access.user_data_quota]
 # hello = 1073741824 # 1 GB
 # === Upstreams & Routing ===
 [[upstreams]]
 type = "direct"
 enabled = true
 weight = 10
 # [[upstreams]]
 # type = "socks5"
 # address = "127.0.0.1:1080"
 # enabled = false
 # weight = 1
 # === DC Address Overrides ===
 # [dc_overrides]
 # "203" = "91.105.192.100:443"
 ```
 ### Advanced
 #### Adtag
--- a/src/config/defaults.rs
+++ b/src/config/defaults.rs
@ -37,7 +37,7 @@ pub(crate) fn default_replay_window_secs() -> u64 {
 }
 pub(crate) fn default_handshake_timeout() -> u64 {
-    15
+    30
 }
 pub(crate) fn default_connect_timeout() -> u64 {
@ -52,11 +52,11 @@ pub(crate) fn default_ack_timeout() -> u64 {
    300
 }
 pub(crate) fn default_me_one_retry() -> u8 {
-    3
+    12
 }
 pub(crate) fn default_me_one_timeout() -> u64 {
-    1500
+    1200
 }
 pub(crate) fn default_listen_addr() -> String {
@ -83,7 +83,7 @@ pub(crate) fn default_unknown_dc_log_path() -> Option<String> {
 }
 pub(crate) fn default_pool_size() -> usize {
-    2
+    16
 }
 pub(crate) fn default_keepalive_interval() -> u64 {
--- a/src/config/types.rs
+++ b/src/config/types.rs
@ -118,7 +118,7 @@ impl Default for NetworkConfig {
    fn default() -> Self {
        Self {
            ipv4: true,
-            ipv6: None,
+            ipv6: Some(false),
            prefer: 4,
            multipath: false,
            stun_servers: default_stun_servers(),
@ -140,7 +140,7 @@ pub struct GeneralConfig {
    #[serde(default = "default_true")]
    pub fast_mode: bool,
-    #[serde(default)]
+    #[serde(default = "default_true")]
    pub use_middle_proxy: bool,
    #[serde(default)]
@ -157,7 +157,7 @@ pub struct GeneralConfig {
    pub middle_proxy_nat_ip: Option<IpAddr>,
    /// Enable STUN-based NAT probing to discover public IP:port for ME KDF.
-    #[serde(default)]
+    #[serde(default = "default_true")]
    pub middle_proxy_nat_probe: bool,
    /// Optional STUN server address (host:port) for NAT probing.
@ -283,15 +283,15 @@ impl Default for GeneralConfig {
            modes: ProxyModes::default(),
            prefer_ipv6: false,
            fast_mode: true,
-            use_middle_proxy: false,
+            use_middle_proxy: true,
            ad_tag: None,
            proxy_secret_path: None,
            middle_proxy_nat_ip: None,
-            middle_proxy_nat_probe: false,
+            middle_proxy_nat_probe: true,
            middle_proxy_nat_stun: None,
            middle_proxy_nat_stun_servers: Vec::new(),
            middle_proxy_pool_size: default_pool_size(),
-            middle_proxy_warm_standby: 0,
+            middle_proxy_warm_standby: 8,
            me_keepalive_enabled: true,
            me_keepalive_interval_secs: default_keepalive_interval(),
            me_keepalive_jitter_secs: default_keepalive_jitter(),
@ -302,7 +302,7 @@ impl Default for GeneralConfig {
            me_reconnect_max_concurrent_per_dc: 1,
            me_reconnect_backoff_base_ms: default_reconnect_backoff_base_ms(),
            me_reconnect_backoff_cap_ms: default_reconnect_backoff_cap_ms(),
-            me_reconnect_fast_retry_count: 1,
+            me_reconnect_fast_retry_count: 11,
            stun_iface_mismatch_ignore: false,
            unknown_dc_log_path: default_unknown_dc_log_path(),
            log_level: LogLevel::Normal,
@ -455,7 +455,7 @@ pub struct AntiCensorshipConfig {
    pub fake_cert_len: usize,
    /// Enable TLS certificate emulation using cached real certificates.
-    #[serde(default)]
+    #[serde(default = "default_true")]
    pub tls_emulation: bool,
    /// Directory to store TLS front cache (on disk).
@ -489,7 +489,7 @@ impl Default for AntiCensorshipConfig {
            mask_port: default_mask_port(),
            mask_unix_sock: None,
            fake_cert_len: default_fake_cert_len(),
-            tls_emulation: false,
+            tls_emulation: true,
            tls_front_dir: default_tls_front_dir(),
            server_hello_delay_min_ms: default_server_hello_delay_min_ms(),
            server_hello_delay_max_ms: default_server_hello_delay_max_ms(),
@ -615,9 +615,9 @@ pub struct ListenerConfig {
 /// - omitted                    — show no links (default)
 #[derive(Debug, Clone)]
 pub enum ShowLink {
-    /// Don't show any links (default when omitted).
+    /// Don't show any links.
    None,
-    /// Show links for all configured users.
+    /// Show links for all configured users (default).
    All,
    /// Show links for specific users.
    Specific(Vec<String>),
@ -625,7 +625,7 @@ pub enum ShowLink {
 impl Default for ShowLink {
    fn default() -> Self {
-        ShowLink::None
+        ShowLink::All
    }
 }