astelm
/
telemt
mirror of https://github.com/telemt/telemt.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
1,187 Commits 2 Branches 76 Tags 22 MiB
Commit Graph

1187 Commits

Author SHA1 Message Date
David Osipov 456c433875
Обновил версию 2026-03-20 17:34:09 +04:00
David Osipov 8f1ffe8c25
fix(proxy): исправление wire-transparency при fallback и усиление безопасности 
Исправлена критическая логическая ошибка в цепочке Fake TLS -> MTProto.
Ранее при валидном TLS-хендшейке, но неверном MTProto-пакете, прокси
ошибочно передавал в маскирующий релей обернутый (FakeTls) поток.
Теперь транспорт корректно разворачивается (unwrap) до сырого сокета
через .into_inner(), обеспечивая полную прозрачность (wire-transparency)
для DPI и маскирующего бэкенда.

Security & Hardening:
- Логика приведена в соответствие с требованиями OWASP ASVS L2 (V5: Validation, Sanitization and Encoding).
- Реализовано поведение "fail-closed": при любой ошибке верификации прокси мимикрирует под обычный веб-сервер, не раскрывая своей роли.
- Улучшена диагностика и логирование состояний аутентификации для защиты от активного пробинга.

Adversarial Testing (Black-hat mindset):
- Добавлен отдельный пакет `client_tls_mtproto_fallback_security_tests.rs` (18+ тестов).
- Покрыты сценарии: хаос-фрагментация (побайтовая нарезка TLS-записей), record-splitting,
  half-close состояния, сбросы бэкенда и replay-pressure.
- В `client_adversarial_tests.rs` добавлено 10+ тестов на "злые" гонки (race conditions),
  утечки лимитов по IP и проверку изоляции состояний параллельных сессий.
- Все 832 теста проходят (passed) в locked-режиме.
 2026-03-20 17:33:46 +04:00
Alexey 342b0119dd
Merge pull request #509 from telemt/bump 
Update Cargo.toml
 2026-03-20 16:27:39 +03:00
Alexey 2605929b93
Update Cargo.toml 2026-03-20 16:26:57 +03:00
Alexey 36814b6355
ME Draining on Dual-Stack + TLS Fetcher Upstream Selection: merge pull request #508 from telemt/flow 
ME Draining on Dual-Stack + TLS Fetcher Upstream Selection
 2026-03-20 16:24:17 +03:00
Alexey 269ba537ad
ME Draining on Dual-Stack 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-03-20 16:07:12 +03:00
Alexey 5c0eb6dbe8
TLS Fetcher Upstream Selection 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-03-20 16:05:24 +03:00
David Osipov a78c3e3ebd
One more small test fix 2026-03-20 16:48:14 +04:00
David Osipov a4b70405b8
Add adversarial tests module for client security testing 2026-03-20 16:47:26 +04:00
David Osipov 3afc3e1775
Changed version 2026-03-20 16:46:09 +04:00
David Osipov 512bee6a8d
Add security tests for middle relay idle policy and enhance stats tracking 
- Introduced a new test module for middle relay idle policy security tests, covering various scenarios including soft mark, hard close, and grace periods.
- Implemented functions to create crypto readers and encrypt data for testing.
- Enhanced the Stats struct to include counters for relay idle soft marks, hard closes, pressure evictions, and protocol desync closes.
- Added corresponding increment and retrieval methods for the new stats fields.
 2026-03-20 16:43:50 +04:00
Maxim Myalin 66867d3f5b
Merge branch 'main' into feat/shadowsocks-upstream 
# Conflicts:
#	Cargo.lock
#	src/api/runtime_stats.rs
 2026-03-20 15:22:36 +03:00
Dmitry Dzhus db36945293
Fix typo in systemd service metadata 2026-03-20 12:00:41 +00:00
David Osipov 5c5fdcb124
Updated cargo 2026-03-20 15:03:42 +04:00
David Osipov 0ded366199
Changed version 2026-03-20 14:29:45 +04:00
David Osipov 84a34cea3d
Merge latest upstream/main into test/main-into-flow-sec 2026-03-20 14:26:49 +04:00
David Osipov 7dc3c3666d
Merge upstream/main into test/main-into-flow-sec 2026-03-20 14:20:20 +04:00
Alexey dd07fa9453
Merge pull request #505 from telemt/flow-me 
Teardown Monitoring in API and Metrics
 2026-03-20 12:59:39 +03:00
Alexey bb1a372ac4
Merge branch 'main' into flow-me 2026-03-20 12:59:32 +03:00
Alexey 6661401a34
Merge pull request #506 from telemt/about-releases 
Update README.md
 2026-03-20 12:59:09 +03:00
Alexey cd65fb432b
Update README.md 2026-03-20 12:58:55 +03:00
Alexey caf0717789
Merge branch 'main' into flow-me 2026-03-20 12:57:27 +03:00
Alexey 4a610d83a3
Update Cargo.toml 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-03-20 12:56:13 +03:00
Alexey aba4205dcc
Teardown Monitoring in Metrics 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-03-20 12:46:35 +03:00
Alexey ef9b7b1492
Teardown Monitoring in API 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-03-20 12:45:53 +03:00
Alexey d112f15b90
ME Writers Anti-stuck + Quarantine fixes + ME Writers Advanced Cleanup + Authoritative Teardown + Orphan Watchdog + Force-Close Safery Policy: merge pull request #504 from telemt/flow-me 
ME Writers Anti-stuck + Quarantine fixes + ME Writers Advanced Cleanup + Authoritative Teardown + Orphan Watchdog + Force-Close Safery Policy
 2026-03-20 12:41:45 +03:00
Alexey b55b264345
Merge branch 'main' into flow-me 2026-03-20 12:20:51 +03:00
Alexey f61d25ebe0
Authoritative Teardown + Orphan Watchdog + Force-Close Safery Policy 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-03-20 12:11:47 +03:00
Alexey ed4d1167dd
ME Writers Advanced Cleanup 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-03-20 12:09:23 +03:00
Alexey dc6948cf39
Merge pull request #502 from telemt/about-releases 
Update README.md
 2026-03-20 11:25:19 +03:00
Alexey 4f11aa0772
Update README.md 2026-03-20 11:25:07 +03:00
David Osipov 6ea8ba25c4
Refactor OpenBSD build workflow for clarity 2026-03-20 02:27:21 +04:00
Alexey e40361b171
Cargo.toml + Cargo.lock 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-03-20 00:45:04 +03:00
Alexey 1c6c73beda
ME Writers Anti-stuck and Quarantine fixes 
Co-Authored-By: Nook Scheel <nook@live.ru>
 2026-03-20 00:41:40 +03:00
David Osipov 3f3bf5bbd2
Update build-openbsd.yml 2026-03-20 01:27:11 +04:00
David Osipov ec793f3065
Added cargo.toml 2026-03-20 01:06:00 +04:00
David Osipov e83d366518
Fixed issues with an action 2026-03-20 00:58:11 +04:00
David Osipov 5a4209fe00
Changed version 2026-03-20 00:53:32 +04:00
David Osipov e7daf51193
Added runner for Openbsd 2026-03-20 00:43:05 +04:00
David Osipov 754e4db8a9
Add security tests for pool writer and pool refill functionality 2026-03-20 00:07:41 +04:00
David Osipov 7416829e89
Merge remote-tracking branch 'upstream/main' into test/main-into-flow-sec 
# Conflicts:
#	Cargo.toml
#	src/api/model.rs
#	src/api/runtime_stats.rs
#	src/transport/middle_proxy/health.rs
#	src/transport/middle_proxy/health_regression_tests.rs
#	src/transport/middle_proxy/pool_status.rs
 2026-03-19 23:48:40 +04:00
David Osipov c07b600acb
Integration hardening: reconcile main+flow-sec API drift and restore green suite 2026-03-19 20:24:44 +04:00
David Osipov 7b44496706
Integration test merge: upstream/main into flow-sec security branch (prefer flow-sec on conflicts) 2026-03-19 19:42:04 +04:00
Alexey 67dc1e8d18
Merge pull request #498 from telemt/bump 
Update Cargo.toml
 2026-03-19 18:25:14 +03:00
Alexey ad8ada33c9
Update Cargo.toml 2026-03-19 18:24:01 +03:00
Alexey bbb201b433
Instadrain + Hard-remove for long draining-state: merge pull request #497 from telemt/flow-stuck-writer 
Instadrain + Hard-remove for long draining-state
 2026-03-19 18:23:38 +03:00
Alexey 8d1faece60
Instadrain + Hard-remove for long draining-state 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-03-19 17:45:17 +03:00
Alexey a603505f90
Merge pull request #492 from temandroid/main 
fix(docker): expose port 9091 and allow external API access
 2026-03-19 17:32:49 +03:00
Alexey f8c42c324f
Merge pull request #494 from Dimasssss/patch-1 
Update install.sh
 2026-03-19 17:32:05 +03:00
Alexey dd8ef4d996
Merge branch 'main' into feat/shadowsocks-upstream 2026-03-19 17:19:01 +03:00