astelm
/
telemt
mirror of https://github.com/telemt/telemt.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
1,139 Commits 2 Branches 76 Tags 22 MiB
Commit Graph

406 Commits

Author SHA1 Message Date
Alexey d7716ad875
Upstream API Policy Snapshot 2026-03-06 18:52:17 +03:00
Alexey 92c22ef16d
API Zero 
Added new endpoints:
- GET /v1/system/info
- GET /v1/runtime/gates
- GET /v1/limits/effective
- GET /v1/security/posture

Added API runtime state without impacting the hot path:
- config_reload_count
- last_config_reload_epoch_secs
- admission_open
- process_started_at_epoch_secs

Added background watcher tasks in api::serve:
- configuration reload tracking
- admission gate state tracking
 2026-03-06 13:06:57 +03:00
Alexey 4e803b1412
Update load.rs 2026-03-06 12:08:43 +03:00
Alexey f32c34f126
ME NoWait Routing + Upstream Connbudget + PROXY Header t/o + allocation cuts 2026-03-06 03:58:08 +03:00
Alexey 9b84fc7a5b
Secret Atomic Snapshot + KDF Fingerprint on RwLock 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-03-05 23:18:26 +03:00
Alexey d683faf922
HybridAsyncPersistent - new ME Route NoWriter Mode 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-03-05 22:31:01 +03:00
Alexey a80be78345
DC writer floor is below required only in runtime 2026-03-05 16:32:31 +03:00
Alexey 64130dd02e
MEP not ready only after 3 attempts 2026-03-05 16:13:40 +03:00
Alexey d62a6e0417
Shutdown Timer fixes 2026-03-05 16:04:32 +03:00
Alexey 3260746785
Init + Uptime timers 2026-03-05 15:48:09 +03:00
Alexey 8066ea2163
ME Pool Init fixes 2026-03-05 15:31:36 +03:00
Alexey 09bdafa718
Performance improvements 2026-03-05 14:39:32 +03:00
Alexey 83cadc0bf3
No lock-contention in ip-tracker 2026-03-05 13:52:27 +03:00
Alexey 0b1a8cd3f8
IP Limit fixes 2026-03-05 13:41:41 +03:00
Alexey 565b4ee923
Unique IP always in Metrics+API 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-03-05 13:21:11 +03:00
Alexey ccfda10713
ME2DC Fallback + ME Init Retries 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-03-05 12:43:07 +03:00
Alexey a9209fd3c7
Hot-Reload fixes 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-03-05 12:18:09 +03:00
Alexey 4ae4ca8ca8
New IP Limit Method 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-03-05 02:28:19 +03:00
Alexey de2047adf2
API UpstreamManager 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-03-04 11:41:41 +03:00
Alexey 5df2fe9f97
Autodetect IP in API User-links 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-03-04 11:04:54 +03:00
Alexey f1efaf4491
User-links in API 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-03-04 02:48:43 +03:00
Alexey 716b4adef2
Runtime Stats in API 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-03-04 02:46:47 +03:00
Alexey 5876623bb0
Runtime API Stats 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-03-04 02:46:26 +03:00
Alexey 6b9c7f7862
Runtime API in defaults 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-03-04 02:46:12 +03:00
Alexey 7ea6387278
API ME Pool Status 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-03-04 02:45:32 +03:00
Alexey 4c2bc2f41f
Pool Status hooks in ME Registry 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-03-04 01:42:24 +03:00
Alexey 3492566842
Update mod.rs 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-03-04 01:41:43 +03:00
Alexey 349bbbb8fa
API Pool Status Model 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-03-04 01:41:33 +03:00
Alexey ead08981e7
API Pool Status pull-up 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-03-04 01:41:11 +03:00
Alexey 068cf825b9
API Pool Status 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-03-04 01:40:58 +03:00
Alexey 7269dfbdc5
API in defaults+load+reload 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-03-04 01:09:32 +03:00
Alexey 533708f885
API in defaults 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-03-04 01:08:59 +03:00
Alexey 5e93ce258f
API pull-up 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-03-04 01:08:42 +03:00
Alexey f7d451e689
API V1 Drafts 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-03-04 01:08:05 +03:00
Alexey a6132bac38
Idle tolerance + Adaptive floor by default + RPC Proxy Req 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-03-03 23:16:25 +03:00
Alexey 624870109e
Upstream Connect in defaults 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-03-03 20:50:31 +03:00
Alexey cdf829de91
Upstream Connect in Metrics 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-03-03 20:50:08 +03:00
Alexey 6ef51dbfb0
Upstream Connect pull-up 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-03-03 20:49:53 +03:00
Alexey af5f0b9692
Upstream Connect in Stats 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-03-03 20:49:29 +03:00
Alexey bd0dcfff15
Upstream Error classifier 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-03-03 20:49:09 +03:00
Alexey c01ca40b6d
ME Adaptive Floor in Tests 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-03-03 03:39:28 +03:00
Alexey cfec6dbb3c
ME Adaptive Floor pull-up 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-03-03 03:38:06 +03:00
Alexey 1fe1acadd4
ME Adaptive Floor in Metrics 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-03-03 03:37:24 +03:00
Alexey 225fc3e4ea
ME Adaptive Floor Drafts 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-03-03 03:37:00 +03:00
Alexey 4a0d88ad43
Update health.rs 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-03-03 03:35:57 +03:00
Alexey 58ff0c7971
Update pool.rs 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-03-03 03:35:47 +03:00
Alexey 235642459a
ME Keepalive 8/2 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-03-03 03:08:15 +03:00
Alexey 3799fc13c4
ME Pool in Metrics 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-03-03 03:04:45 +03:00
Alexey 71261522bd
Update pool.rs 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-03-03 03:04:07 +03:00
Alexey 762deac511
ME Healthcheck fixes 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-03-03 03:03:44 +03:00
Alexey a6d22e8a57
ME Pool Shadow Writers 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-03-02 21:04:06 +03:00
Alexey 9477103f89
Update pool.rs 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-03-02 20:45:43 +03:00
Alexey e589891706
ME Dual-Trio Pool Drafts 2026-03-02 20:41:51 +03:00
Alexey 74ad9037de
Dead-code deletion: has_proxy_tag 2026-03-02 00:54:02 +03:00
Alexey 49f4a7bb22
ME Hardswap Generation stability 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-03-02 00:39:18 +03:00
Alexey 6f1980dfd7
ME Pool improvements 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-03-02 00:17:58 +03:00
sintanial bc432f06e2
Add per-user ad_tag with global fallback and hot-reload 
- Per-user ad_tag in [access.user_ad_tags], global fallback in general.ad_tag
- User tag overrides global; if no user tag, general.ad_tag is used
- Both general.ad_tag and user_ad_tags support hot-reload (no restart)
 2026-03-01 16:28:55 +03:00
Alexey 47b12f9489
UpstreamManager Health-check for ME Pool over SOCKS 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-03-01 04:02:32 +03:00
Alexey 44cdfd4b23
ME Pool improvements 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-03-01 03:36:00 +03:00
ivulit ed93b0a030
fix: send PROXY protocol header to mask unix socket 
When mask_unix_sock is configured, mask_proxy_protocol was silently
ignored and no PROXY protocol header was sent to the backend. Apply
the same header-building logic as the TCP path in both masking relay
and TLS fetcher (raw and rustls).
 2026-03-01 00:14:55 +03:00
ivulit e27ef04c3d
fix: pass correct dst address to outgoing PROXY protocol header 
Previously handle_bad_client used stream.local_addr() (the ephemeral
socket to the mask backend) as the dst in the outgoing PROXY protocol
header. This is wrong: the dst should be the address telemt is listening
on, or the dst from the incoming PROXY protocol header if one was present.

- handle_bad_client now receives local_addr from the caller
- handle_client_stream resolves local_addr from PROXY protocol info.dst_addr
  or falls back to a synthetic address based on config.server.port
- RunningClientHandler.do_handshake resolves local_addr from stream.local_addr()
  overridden by PROXY protocol info.dst_addr when present, and passes it
  down to handle_tls_client / handle_direct_client
- masking.rs uses the caller-supplied local_addr directly, eliminating the
  stream.local_addr() call
 2026-02-28 22:47:24 +03:00
Alexey 9afaa28add
UpstreamManager: Backoff Retries 2026-02-28 14:21:09 +03:00
Alexey 6c12af2b94
ME Connectivity: socks-url 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-02-28 13:38:30 +03:00
Alexey 8b39a4ef6d
Statistics on ME + Dynamic backpressure + KDF with SOCKS 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-02-28 13:18:31 +03:00
Alexey fa2423dadf
ME/DC Method Detection fixes 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-02-28 03:21:22 +03:00
Alexey a61882af6e
TLS Fetch on unix-socket 2026-02-28 02:55:21 +03:00
Alexey 6b8aa7270e
Bind_addresses prio over interfaces 2026-02-28 01:54:29 +03:00
Alexey 3d9660f83e
Upstreams for ME + Egress-data from UM + ME-over-SOCKS + Bind-aware STUN 2026-02-28 01:20:17 +03:00
Alexey ac064fe773
STUN switch + Ad-tag fixes + DNS-overrides 2026-02-27 15:59:27 +03:00
Alexey 144f81c473
ME Dead Writer w/o dead-lock on timeout 2026-02-26 19:37:17 +03:00
Alexey 04e6135935
TLS-F Fetching Optimization 2026-02-26 19:35:34 +03:00
Alexey 4eebb4feb2
ME Pool Refactoring 2026-02-26 19:01:24 +03:00
Alexey 1f255d0aa4
ME Probe + STUN Legacy 2026-02-26 18:41:11 +03:00
Alexey 9d2ff25bf5
Unified STUN + ME Primary parallelized 
- Unified STUN server source-of-truth
- parallelize per-DC primary ME init for multi-endpoint DCs
 2026-02-26 18:18:24 +03:00
Alexey 7782336264
ME Probe parallelized 2026-02-26 17:56:22 +03:00
Alexey 8ce8348cd5
Merge branch 'main' into feat/mask-proxy-protocol 2026-02-26 15:21:58 +03:00
Alexey e25b7f5ff8
STUN List 2026-02-26 15:10:21 +03:00
Alexey d7182ae817
Update defaults.rs 2026-02-26 15:07:04 +03:00
Alexey fb1f85559c
Update load.rs 2026-02-26 14:57:28 +03:00
ivulit da684b11fe
feat: add mask_proxy_protocol option for PROXY protocol to mask_host 
Adds mask_proxy_protocol config option (0 = off, 1 = v1 text, 2 = v2 binary)
that sends a PROXY protocol header when connecting to mask_host. This lets
the backend see the real client IP address.

Particularly useful when the masking site (nginx/HAProxy) runs on the same
host as telemt and listens on a local port — without this, the backend loses
the original client IP entirely.

PROXY protocol header is also sent during TLS emulation fetches so that
backends with proxy_protocol required don't reject the connection.
 2026-02-26 13:36:33 +03:00
Alexey 896e129155
Checked defaults 2026-02-26 12:48:22 +03:00
Alexey fed9346444
New config.toml + tls_emulation enabled by default 2026-02-25 17:49:54 +03:00
Alexey f40b645c05
Defaults in-place 2026-02-25 17:28:06 +03:00
Alexey 5558900c44
Update main.rs 2026-02-25 13:29:46 +03:00
D 206f87fe64 fix: remove bracket in info 2026-02-25 09:22:26 +03:00
Alexey f83e23c521
Update defaults.rs 2026-02-25 03:08:34 +03:00
Alexey 6b8619d3c9
Create beobachten.rs 2026-02-25 02:17:48 +03:00
Alexey 618b7a1837
ME Pool Beobachter 2026-02-25 02:10:14 +03:00
Alexey c6c3d71b08
ME Pool Flap-Detect in statistics 2026-02-25 01:26:01 +03:00
Alexey 7538967d3c
ME Hardswap being softer 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-02-24 23:36:33 +03:00
Alexey 4a95f6d195
ME Pool Health + Rotation 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-02-24 22:59:59 +03:00
Alexey d2f08fb707
ME Soft Reinit tuning 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-02-24 18:19:39 +03:00
Vladislav Yaroslavlev 09f56dede2
fix: resolve clippy warnings 
Reduce clippy warnings from54 to16 by fixing mechanical issues:

- collapsible_if: collapse nested if-let chains with let-chains
- clone_on_copy: remove unnecessary .clone() on Copy types
- manual_clamp: replace .max().min() with .clamp()
- unnecessary_cast: remove redundant type casts
- collapsible_else_if: flatten else-if chains
- contains_vs_iter_any: replace .iter().any() with .contains()
- unnecessary_closure: replace .or_else(|| x) with .or(x)
- useless_conversion: remove redundant .into() calls
- is_none_or: replace .map_or(true, ...) with .is_none_or(...)
- while_let_loop: convert loop with if-let-break to while-let

Remaining16 warnings are design-level issues (too_many_arguments,
await_holding_lock, type_complexity, new_ret_no_self) that require
architectural changes to fix.
 2026-02-24 05:57:53 +03:00
Vladislav Yaroslavlev d6214c6bbf
fix: add #[cfg(test)] to unused ProxyError import 
The ProxyError import in tls.rs is only used in test code
(validate_server_hello_structure function), so guard it with
#[cfg(test)] to eliminate the unused import warning.
 2026-02-24 04:20:30 +03:00
Vladislav Yaroslavlev 1d71b7e90c
fix: add missing imports in test code 
- Add ProxyError import and fix Result type annotation in tls.rs
- Add Arc import in stats/mod.rs test module
- Add BodyExt import in metrics.rs test module

These imports were missing causing compilation failures in
cargo test --release with 10 errors.
 2026-02-24 04:07:14 +03:00
Alexey 78c45626e1
Merge pull request #220 from vladon/fix-compiler-warnings 
fix: eliminate all compiler warnings
 2026-02-24 03:49:46 +03:00
Vladislav Yaroslavlev 68c3abee6c
fix: eliminate all compiler warnings 
- Remove unused imports across multiple modules
- Add #![allow(dead_code)] for public API items preserved for future use
- Add #![allow(deprecated)] for rand::Rng::gen_range usage
- Add #![allow(unused_assignments)] in main.rs
- Add #![allow(unreachable_code)] in network/stun.rs
- Prefix unused variables with underscore (_ip_tracker, _prefer_ipv6)
- Fix unused_must_use warning in tls_front/cache.rs

This ensures clean compilation without warnings while preserving
public API items that may be used in the future.
 2026-02-24 03:40:59 +03:00
Alexey 8b47fc3575
Update defaults.rs 2026-02-24 02:12:44 +03:00
Alexey 122e4729c5
Update defaults.rs 2026-02-24 00:17:33 +03:00
Alexey 08138451d8
Update types.rs 2026-02-24 00:15:37 +03:00
Alexey f710a2192a
Update types.rs 2026-02-24 00:08:03 +03:00
Alexey 0e2d42624f
ME Pool Hardswap 2026-02-24 00:04:12 +03:00
Alexey 5a0e44e311
Merge pull request #215 from vladon/improve-cli-help 
Improve CLI help text with comprehensive options
 2026-02-23 18:47:04 +03:00
Vladislav Yaroslavlev 872b47067a
Improve CLI help text with comprehensive options 
- Add version number to help header
- Restructure help into USAGE, ARGS, OPTIONS, INIT OPTIONS, EXAMPLES sections
- Include all command-line options with descriptions
- Add usage examples for common scenarios
 2026-02-23 17:22:56 +03:00
Alexey 75bfbe6e95
Update defaults.rs 2026-02-23 16:10:39 +03:00
Alexey fc2ac3d10f
ME Pool Reinit polishing 2026-02-23 16:09:09 +03:00
Alexey d8dcbbb61e
ME Pool Updater + Soft-staged Reinit w/o Reconcile 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-02-23 16:04:19 +03:00
Alexey d08ddd718a
Desync Full Forensics 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-02-23 15:28:02 +03:00
Alexey 4011812fda
TLS FC TTL Improvements 2026-02-23 05:48:55 +03:00
Alexey b5d0564f2a
Time-To-Life for TLS Full Certificate 2026-02-23 05:47:44 +03:00
Alexey cfe8fc72a5
TLS-F tuning 
Once - full certificate chain, next - only metadata
 2026-02-23 05:42:07 +03:00
Alexey 3e4b98b002
TLS Emulator tuning 2026-02-23 05:23:28 +03:00
Alexey 427d65627c
Drafting new TLS Fetcher 2026-02-23 05:16:00 +03:00
Alexey ae8124d6c6
Drafting TLS Certificates in TLS ServerHello 2026-02-23 05:12:35 +03:00
Alexey eaba926fe5
ME Buffer reuse + Bytes Len over Full + Seq-no over Wrap-add 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-02-23 03:52:37 +03:00
Alexey ecad96374a
ME Pool tuning 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-02-23 03:41:51 +03:00
Alexey 4895217828
Bounded backpressure + Semaphore Globalgate + 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-02-23 03:32:06 +03:00
Alexey 4d83cc1f04
Merge branch 'flow' of https://github.com/telemt/telemt into flow 2026-02-23 03:20:28 +03:00
Alexey c4c91863f0
Middle-End tuning 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-02-23 03:20:13 +03:00
Alexey a5c7a41c49
Update types.rs 2026-02-23 02:48:03 +03:00
Alexey 7cc78a5746
Update types.rs 2026-02-23 02:45:16 +03:00
Alexey d4d867156a
Secure Payload length fixes 2026-02-23 02:38:25 +03:00
Alexey 6ff29e43d3
Middle-End protocol hardening 
- Secure framing / hot-path fix: enforced a single length + padding contract across the framing layer. Replaced legacy runtime `len % 4` recovery with strict validation to eliminate undefined behavior paths.

- ME RPC aligned with C reference contract: handshake now includes `flags + sender_pid + peer_pid`. Added negotiated CRC mode (CRC32 / CRC32C) and applied the negotiated mode consistently in read/write paths.

- Sequence fail-fast semantics: immediate connection termination on first sequence mismatch with dedicated counter increment.

- Keepalive reworked to RPC ping/pong: removed raw CBC keepalive frames. Introduced stale ping tracker with proper timeout accounting.

- Route/backpressure observability improvements: increased per-connection route queue to 4096. Added `RouteResult` with explicit failure reasons (NoConn, ChannelClosed, QueueFull) and per-reason counters.

- Direct-DC secure mode-gate relaxation: removed TLS/secure conflict in Direct-DC handshake path.
 2026-02-23 02:28:00 +03:00
Alexey 69be44b2b6
Merge pull request #206 from telemt/flow 
Flush on Response + Hotpath tunings + Reuseport Checker
 2026-02-23 01:03:15 +03:00
Alexey 07ca94ce57
Reuseport Checker 2026-02-23 00:55:47 +03:00
Alexey d050c4794a
Hotpath tunings 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-02-23 00:50:10 +03:00
Alexey 197f9867e0
Flush-response experiments 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-02-22 23:53:10 +03:00
Dimasssss b2aaf404e1
Add files via upload 2026-02-22 01:19:26 +03:00
Alexey 3ab56f55e9
ME Connection error handling 2026-02-21 16:28:47 +03:00
Alexey 06d2cdef78
ME Connection lost fixes 2026-02-21 16:12:19 +03:00
Alexey eaff96b8c1
Merge pull request #198 from telemt/flow 
Peer - Connection closed fixes
 2026-02-21 14:09:05 +03:00
Alexey c3ebb42120
Peer - Connection closed fixes 2026-02-21 13:56:24 +03:00
ivulit 6ce25c6600
Use mask_host for TLS emulation fetcher 2026-02-21 10:40:59 +03:00
Alexey 2dcbdbe302
Merge pull request #194 from telemt/flow 
ME Frame too large Fixes
 2026-02-21 05:04:42 +03:00
Alexey 1bd495a224
Fixed tests 2026-02-21 04:04:49 +03:00
Alexey b0e6c04c54
Merge pull request #193 from artemws/main 
Fix config reload for Docker
 2026-02-21 03:37:48 +03:00
Alexey 83fc9d6db3
Middle-End Fixes 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-02-21 03:36:13 +03:00
Alexey c9a043d8d5
ME Frame too large Fixes 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-02-21 02:15:10 +03:00
artemws a74bdf8aea
Update hot_reload.rs 2026-02-20 23:03:26 +02:00
Vladislav Yaroslavlev 100cb92ad1
feat: add hostname support for SOCKS4/SOCKS5 upstream proxies 
Previously, SOCKS proxy addresses only accepted IP:port format.
Now both IP:port and hostname:port formats are supported.

Changes:
- Try parsing as SocketAddr first (IP:port) for backward compatibility
- Fall back to tokio::net::TcpStream::connect() for hostname resolution
- Log warning if interface binding is specified with hostname (not supported)

Example usage:
[[upstreams]]
type = "socks5"
address = "proxy.example.com:1080"
username = "user"
password = "pass"
 2026-02-20 21:42:15 +03:00
Alexey 1fd78e012d
Metrics + Fixes in tests 2026-02-20 18:02:02 +03:00
Alexey 7304dacd60
Update main.rs 2026-02-20 17:42:20 +03:00
Alexey eb3245b78f
Merge branch 'main-stage' into flow 2026-02-20 17:19:23 +03:00
Alexey a303fee65f
ALPN Extract tests 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-02-20 17:12:16 +03:00
artemws 8892860490
Change whitelist to use IpNetwork for IP filtering 2026-02-20 16:04:21 +02:00
artemws 0d2958fea7
Change metrics whitelist to use IpNetwork 2026-02-20 16:03:57 +02:00
artemws dbd9b53940
Change metrics_whitelist type from Vec<IpAddr> to Vec<IpNetwork> 2026-02-20 16:03:38 +02:00
Alexey 471c680def
TLS Improvements 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-02-20 17:02:17 +03:00
Alexey 781947a08a
TlsFrontCache + X509 Parser + GREASE Tolerance 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-02-20 16:56:33 +03:00
Alexey e8454ea370
HAProxy PROXY Protocol Fixes 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-02-20 16:42:40 +03:00
artemws ea88a40c8f
Add config path canonicalization 
Canonicalize the config path to match notify events.
 2026-02-20 15:37:44 +02:00
Alexey 2ea4c83d9d
Normalize IP + Masking + TLS 2026-02-20 16:32:14 +03:00
artemws 953fab68c4
Refactor hot-reload mechanism to use notify crate 
Updated hot-reload functionality to use notify crate for file watching and improved documentation.
 2026-02-20 15:29:37 +02:00
artemws 0f6621d359
Refactor hot-reload watcher implementation 2026-02-20 15:29:20 +02:00
artemws 25b18ab064
Enhance logging for hot reload configuration changes 
Added detailed logging for various configuration changes during hot reload, including log level, ad tag, middle proxy pool size, and user access changes.
 2026-02-20 14:50:37 +02:00
artemws 3e0dc91db6
Add PartialEq to AccessConfig struct 2026-02-20 14:37:00 +02:00
artemws 26270bc651
Specify types for config_rx in main.rs 2026-02-20 14:27:31 +02:00
artemws 766806f5df
Add hot_reload module to config 2026-02-20 14:19:04 +02:00
artemws 26cf6ff4fa
Add files via upload 2026-02-20 14:18:30 +02:00
artemws b8add81018
Implement hot-reload for config and log level 
Added hot-reload functionality for configuration and log level.
 2026-02-20 14:18:09 +02:00
Alexey 4d72cb1680
TLS-F: Emu fixes 2026-02-20 14:32:09 +03:00
Alexey 79eebeb9ef
TLS-F: Fetcher fixes 2026-02-20 14:31:58 +03:00
Alexey 1045289539
TLS-F: Emu: stable CipherSuite 2026-02-20 14:15:45 +03:00
Alexey 3d0b32edf5
TLS-F: Emu researching 2026-02-20 14:02:06 +03:00
Alexey 487aa8fbce
TLS-F: Fetcher V2 2026-02-20 13:36:54 +03:00
Alexey 32a9405002
TLS-F: fixes 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-02-20 13:14:33 +03:00
Alexey 708bedc95e
TLS-F: build fixes 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-02-20 13:14:09 +03:00
Alexey ce64bf1cee
TLS-F: pulling main.rs 2026-02-20 13:02:43 +03:00
Alexey f4b79f2f79
TLS-F: ClientHello Extractor 2026-02-20 12:58:04 +03:00
Alexey 9a907a2470
TLS-F: added Emu + Cache 2026-02-20 12:55:26 +03:00
Alexey e6839adc17
TLS Front - Fake TLS V2 Core 2026-02-20 12:51:35 +03:00
Alexey 5e98b35fb7
Drafting Fake-TLS V2 2026-02-20 12:48:51 +03:00
Alexey 2926b9f5c8
ME Concurrency 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-02-19 16:02:50 +03:00
Alexey 820ed8d346
ME Keepalives 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-02-19 15:49:35 +03:00
Alexey e340b716b2
Drafting ME Healthcheck 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-02-19 15:39:30 +03:00
Alexey 4be4670668
ME Pool V2 - Agressive Healthcheck and Pool Rebuild 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-02-19 14:25:39 +03:00
Alexey 35ae455e2b
ME Pool V2 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-02-19 13:35:56 +03:00
Alexey 34f5289fc3
Merge pull request #159 from vladon/feat/version-flag 
feat: Add -V/--version flag to print version string
 2026-02-19 13:13:51 +03:00
Alexey b68e9d642e
Merge pull request #154 from ivulit/fix/stun-ipv6-enetunreach 
Handle IPv6 ENETUNREACH in STUN probe gracefully
 2026-02-19 12:35:22 +03:00
Vladislav Yaroslavlev f31d9d42fe
feat: Add -V/--version flag to print version string 
Closes #156

- Add handling for -V and --version arguments in CLI parser
- Print version to stdout using CARGO_PKG_VERSION from Cargo.toml
- Update help text to include version option
 2026-02-19 10:23:49 +03:00
ivulit e54dce5366
Handle IPv6 ENETUNREACH in STUN probe gracefully 
When IPv6 is unavailable on the host, treat NetworkUnreachable at
connect() as Ok(None) instead of propagating an error, so the dual
STUN probe succeeds with just the IPv4 result and no spurious WARN.
 2026-02-19 00:27:19 +03:00
unuunn c7464d53e1 feat: implement selective routing for "scope_*" users 
- Users with "scope_{name}" prefix are routed to upstreams where {name}
  is present in the "scopes" property (comma-separated).
- Strict separation: Scoped upstreams are excluded from general routing, and vice versa.
- Constraint: SOCKS upstreams and DIRECT(`use_middle_proxy =
false`) mode only.

Example:
  User "scope_hello" matches an upstream with `scopes = "world,hello"`
 2026-02-18 23:29:08 +03:00
Alexey d905de2dad
Nonce in Log only in DEBUG 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-02-18 20:02:43 +03:00
Alexey c7bd1c98e7
Autofallback on ME-Init 2026-02-18 19:50:16 +03:00
Alexey d3302d77d2
Blackmagics... 2026-02-18 19:49:19 +03:00
Alexey df4494c37a
New reroute algo + flush() optimized + new IPV6 Parser 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-02-18 19:08:27 +03:00
Alexey 67bae1cf2a
[network] in upstream 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-02-18 06:02:24 +03:00
Alexey eb9ac7fae4
ME Fixes 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-02-18 06:01:52 +03:00
Alexey 8046381939
[network] in main 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-02-18 06:01:08 +03:00
Alexey d4ebc7b5c6
New [network] 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-02-18 05:59:58 +03:00
Alexey c03db683a5
Improved perf for ME 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-02-17 04:16:16 +03:00
Alexey 168fd59187
Fixed critical ME Problems 2026-02-17 03:40:39 +03:00
Mikhail a1db082ec0
Add Prometheus /metrics HTTP endpoint 
Wire up unused metrics_port/metrics_whitelist config into working
HTTP server exposing proxy stats in Prometheus text format.
 2026-02-17 01:24:49 +03:00
vladon 16b5dc56f0 feat: extend announce_ip to accept hostnames 
Add new 'announce' field to ListenerConfig that accepts both IP addresses
and hostnames for proxy link generation. The old 'announce_ip' field is
deprecated but still supported via automatic migration.

Changes:
- Add 'announce: Option<String>' field to ListenerConfig
- Add migration logic: announce_ip → announce if announce not set
- Update main.rs to use announce field for link generation
- Support both hostnames (e.g., 'proxy.example.com') and IPs

Backward compatible: existing configs using announce_ip continue to work.
 2026-02-16 17:26:46 +03:00
Alexey 9e84528801
Update main.rs 2026-02-16 15:48:22 +03:00
Alexey 685c228190
Update main.rs 2026-02-16 15:16:26 +03:00
Alexey e4f90cd7c1
ME Ping in log 2026-02-16 12:10:59 +03:00
Alexey 3013291ea0
Merge pull request #97 from AndreyAkifev/main 
Fix ME relay HOL and reduce per-frame flush overhead
 2026-02-16 10:29:40 +03:00
Andrey Akifev e54fb3fffc
Reduce per-frame flush overhead 2026-02-16 12:49:49 +07:00
Andrey Akifev dddf9f30dc
Fix HOL 2026-02-16 12:49:16 +07:00