astelm
/
telemt
mirror of https://github.com/telemt/telemt.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
584 Commits 2 Branches 76 Tags 22 MiB
Commit Graph

84 Commits

Author SHA1 Message Date
Alexey 6f1980dfd7
ME Pool improvements 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-03-02 00:17:58 +03:00
sintanial bc432f06e2
Add per-user ad_tag with global fallback and hot-reload 
- Per-user ad_tag in [access.user_ad_tags], global fallback in general.ad_tag
- User tag overrides global; if no user tag, general.ad_tag is used
- Both general.ad_tag and user_ad_tags support hot-reload (no restart)
 2026-03-01 16:28:55 +03:00
Alexey 9afaa28add
UpstreamManager: Backoff Retries 2026-02-28 14:21:09 +03:00
Alexey 8b39a4ef6d
Statistics on ME + Dynamic backpressure + KDF with SOCKS 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-02-28 13:18:31 +03:00
Alexey ac064fe773
STUN switch + Ad-tag fixes + DNS-overrides 2026-02-27 15:59:27 +03:00
Alexey 1f255d0aa4
ME Probe + STUN Legacy 2026-02-26 18:41:11 +03:00
Alexey 9d2ff25bf5
Unified STUN + ME Primary parallelized 
- Unified STUN server source-of-truth
- parallelize per-DC primary ME init for multi-endpoint DCs
 2026-02-26 18:18:24 +03:00
Alexey 7782336264
ME Probe parallelized 2026-02-26 17:56:22 +03:00
Alexey 8ce8348cd5
Merge branch 'main' into feat/mask-proxy-protocol 2026-02-26 15:21:58 +03:00
Alexey e25b7f5ff8
STUN List 2026-02-26 15:10:21 +03:00
Alexey d7182ae817
Update defaults.rs 2026-02-26 15:07:04 +03:00
Alexey fb1f85559c
Update load.rs 2026-02-26 14:57:28 +03:00
ivulit da684b11fe
feat: add mask_proxy_protocol option for PROXY protocol to mask_host 
Adds mask_proxy_protocol config option (0 = off, 1 = v1 text, 2 = v2 binary)
that sends a PROXY protocol header when connecting to mask_host. This lets
the backend see the real client IP address.

Particularly useful when the masking site (nginx/HAProxy) runs on the same
host as telemt and listens on a local port — without this, the backend loses
the original client IP entirely.

PROXY protocol header is also sent during TLS emulation fetches so that
backends with proxy_protocol required don't reject the connection.
 2026-02-26 13:36:33 +03:00
Alexey 896e129155
Checked defaults 2026-02-26 12:48:22 +03:00
Alexey fed9346444
New config.toml + tls_emulation enabled by default 2026-02-25 17:49:54 +03:00
Alexey f40b645c05
Defaults in-place 2026-02-25 17:28:06 +03:00
Alexey f83e23c521
Update defaults.rs 2026-02-25 03:08:34 +03:00
Alexey 618b7a1837
ME Pool Beobachter 2026-02-25 02:10:14 +03:00
Alexey 7538967d3c
ME Hardswap being softer 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-02-24 23:36:33 +03:00
Alexey 4a95f6d195
ME Pool Health + Rotation 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-02-24 22:59:59 +03:00
Alexey d2f08fb707
ME Soft Reinit tuning 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-02-24 18:19:39 +03:00
Vladislav Yaroslavlev 09f56dede2
fix: resolve clippy warnings 
Reduce clippy warnings from54 to16 by fixing mechanical issues:

- collapsible_if: collapse nested if-let chains with let-chains
- clone_on_copy: remove unnecessary .clone() on Copy types
- manual_clamp: replace .max().min() with .clamp()
- unnecessary_cast: remove redundant type casts
- collapsible_else_if: flatten else-if chains
- contains_vs_iter_any: replace .iter().any() with .contains()
- unnecessary_closure: replace .or_else(|| x) with .or(x)
- useless_conversion: remove redundant .into() calls
- is_none_or: replace .map_or(true, ...) with .is_none_or(...)
- while_let_loop: convert loop with if-let-break to while-let

Remaining16 warnings are design-level issues (too_many_arguments,
await_holding_lock, type_complexity, new_ret_no_self) that require
architectural changes to fix.
 2026-02-24 05:57:53 +03:00
Alexey 78c45626e1
Merge pull request #220 from vladon/fix-compiler-warnings 
fix: eliminate all compiler warnings
 2026-02-24 03:49:46 +03:00
Vladislav Yaroslavlev 68c3abee6c
fix: eliminate all compiler warnings 
- Remove unused imports across multiple modules
- Add #![allow(dead_code)] for public API items preserved for future use
- Add #![allow(deprecated)] for rand::Rng::gen_range usage
- Add #![allow(unused_assignments)] in main.rs
- Add #![allow(unreachable_code)] in network/stun.rs
- Prefix unused variables with underscore (_ip_tracker, _prefer_ipv6)
- Fix unused_must_use warning in tls_front/cache.rs

This ensures clean compilation without warnings while preserving
public API items that may be used in the future.
 2026-02-24 03:40:59 +03:00
Alexey 8b47fc3575
Update defaults.rs 2026-02-24 02:12:44 +03:00
Alexey 122e4729c5
Update defaults.rs 2026-02-24 00:17:33 +03:00
Alexey 08138451d8
Update types.rs 2026-02-24 00:15:37 +03:00
Alexey f710a2192a
Update types.rs 2026-02-24 00:08:03 +03:00
Alexey 0e2d42624f
ME Pool Hardswap 2026-02-24 00:04:12 +03:00
Alexey 75bfbe6e95
Update defaults.rs 2026-02-23 16:10:39 +03:00
Alexey fc2ac3d10f
ME Pool Reinit polishing 2026-02-23 16:09:09 +03:00
Alexey d8dcbbb61e
ME Pool Updater + Soft-staged Reinit w/o Reconcile 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-02-23 16:04:19 +03:00
Alexey d08ddd718a
Desync Full Forensics 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-02-23 15:28:02 +03:00
Alexey b5d0564f2a
Time-To-Life for TLS Full Certificate 2026-02-23 05:47:44 +03:00
Alexey a5c7a41c49
Update types.rs 2026-02-23 02:48:03 +03:00
Alexey 7cc78a5746
Update types.rs 2026-02-23 02:45:16 +03:00
Alexey 6ff29e43d3
Middle-End protocol hardening 
- Secure framing / hot-path fix: enforced a single length + padding contract across the framing layer. Replaced legacy runtime `len % 4` recovery with strict validation to eliminate undefined behavior paths.

- ME RPC aligned with C reference contract: handshake now includes `flags + sender_pid + peer_pid`. Added negotiated CRC mode (CRC32 / CRC32C) and applied the negotiated mode consistently in read/write paths.

- Sequence fail-fast semantics: immediate connection termination on first sequence mismatch with dedicated counter increment.

- Keepalive reworked to RPC ping/pong: removed raw CBC keepalive frames. Introduced stale ping tracker with proper timeout accounting.

- Route/backpressure observability improvements: increased per-connection route queue to 4096. Added `RouteResult` with explicit failure reasons (NoConn, ChannelClosed, QueueFull) and per-reason counters.

- Direct-DC secure mode-gate relaxation: removed TLS/secure conflict in Direct-DC handshake path.
 2026-02-23 02:28:00 +03:00
Alexey 69be44b2b6
Merge pull request #206 from telemt/flow 
Flush on Response + Hotpath tunings + Reuseport Checker
 2026-02-23 01:03:15 +03:00
Alexey 07ca94ce57
Reuseport Checker 2026-02-23 00:55:47 +03:00
Dimasssss b2aaf404e1
Add files via upload 2026-02-22 01:19:26 +03:00
Alexey 2dcbdbe302
Merge pull request #194 from telemt/flow 
ME Frame too large Fixes
 2026-02-21 05:04:42 +03:00
Alexey 83fc9d6db3
Middle-End Fixes 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-02-21 03:36:13 +03:00
Alexey c9a043d8d5
ME Frame too large Fixes 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-02-21 02:15:10 +03:00
artemws a74bdf8aea
Update hot_reload.rs 2026-02-20 23:03:26 +02:00
Alexey eb3245b78f
Merge branch 'main-stage' into flow 2026-02-20 17:19:23 +03:00
artemws 0d2958fea7
Change metrics whitelist to use IpNetwork 2026-02-20 16:03:57 +02:00
artemws dbd9b53940
Change metrics_whitelist type from Vec<IpAddr> to Vec<IpNetwork> 2026-02-20 16:03:38 +02:00
Alexey e8454ea370
HAProxy PROXY Protocol Fixes 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-02-20 16:42:40 +03:00
artemws ea88a40c8f
Add config path canonicalization 
Canonicalize the config path to match notify events.
 2026-02-20 15:37:44 +02:00
Alexey 2ea4c83d9d
Normalize IP + Masking + TLS 2026-02-20 16:32:14 +03:00