astelm
/
telemt
mirror of https://github.com/telemt/telemt.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
584 Commits 2 Branches 76 Tags 22 MiB
Commit Graph

201 Commits

Author SHA1 Message Date
Alexey fc2ac3d10f
ME Pool Reinit polishing 2026-02-23 16:09:09 +03:00
Alexey d8dcbbb61e
ME Pool Updater + Soft-staged Reinit w/o Reconcile 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-02-23 16:04:19 +03:00
Alexey d08ddd718a
Desync Full Forensics 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-02-23 15:28:02 +03:00
Alexey 4011812fda
TLS FC TTL Improvements 2026-02-23 05:48:55 +03:00
Alexey b5d0564f2a
Time-To-Life for TLS Full Certificate 2026-02-23 05:47:44 +03:00
Alexey cfe8fc72a5
TLS-F tuning 
Once - full certificate chain, next - only metadata
 2026-02-23 05:42:07 +03:00
Alexey 3e4b98b002
TLS Emulator tuning 2026-02-23 05:23:28 +03:00
Alexey 427d65627c
Drafting new TLS Fetcher 2026-02-23 05:16:00 +03:00
Alexey ae8124d6c6
Drafting TLS Certificates in TLS ServerHello 2026-02-23 05:12:35 +03:00
Alexey eaba926fe5
ME Buffer reuse + Bytes Len over Full + Seq-no over Wrap-add 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-02-23 03:52:37 +03:00
Alexey ecad96374a
ME Pool tuning 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-02-23 03:41:51 +03:00
Alexey 4895217828
Bounded backpressure + Semaphore Globalgate + 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-02-23 03:32:06 +03:00
Alexey 4d83cc1f04
Merge branch 'flow' of https://github.com/telemt/telemt into flow 2026-02-23 03:20:28 +03:00
Alexey c4c91863f0
Middle-End tuning 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-02-23 03:20:13 +03:00
Alexey a5c7a41c49
Update types.rs 2026-02-23 02:48:03 +03:00
Alexey 7cc78a5746
Update types.rs 2026-02-23 02:45:16 +03:00
Alexey d4d867156a
Secure Payload length fixes 2026-02-23 02:38:25 +03:00
Alexey 6ff29e43d3
Middle-End protocol hardening 
- Secure framing / hot-path fix: enforced a single length + padding contract across the framing layer. Replaced legacy runtime `len % 4` recovery with strict validation to eliminate undefined behavior paths.

- ME RPC aligned with C reference contract: handshake now includes `flags + sender_pid + peer_pid`. Added negotiated CRC mode (CRC32 / CRC32C) and applied the negotiated mode consistently in read/write paths.

- Sequence fail-fast semantics: immediate connection termination on first sequence mismatch with dedicated counter increment.

- Keepalive reworked to RPC ping/pong: removed raw CBC keepalive frames. Introduced stale ping tracker with proper timeout accounting.

- Route/backpressure observability improvements: increased per-connection route queue to 4096. Added `RouteResult` with explicit failure reasons (NoConn, ChannelClosed, QueueFull) and per-reason counters.

- Direct-DC secure mode-gate relaxation: removed TLS/secure conflict in Direct-DC handshake path.
 2026-02-23 02:28:00 +03:00
Alexey 69be44b2b6
Merge pull request #206 from telemt/flow 
Flush on Response + Hotpath tunings + Reuseport Checker
 2026-02-23 01:03:15 +03:00
Alexey 07ca94ce57
Reuseport Checker 2026-02-23 00:55:47 +03:00
Alexey d050c4794a
Hotpath tunings 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-02-23 00:50:10 +03:00
Alexey 197f9867e0
Flush-response experiments 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-02-22 23:53:10 +03:00
Dimasssss b2aaf404e1
Add files via upload 2026-02-22 01:19:26 +03:00
Alexey 3ab56f55e9
ME Connection error handling 2026-02-21 16:28:47 +03:00
Alexey 06d2cdef78
ME Connection lost fixes 2026-02-21 16:12:19 +03:00
Alexey eaff96b8c1
Merge pull request #198 from telemt/flow 
Peer - Connection closed fixes
 2026-02-21 14:09:05 +03:00
Alexey c3ebb42120
Peer - Connection closed fixes 2026-02-21 13:56:24 +03:00
ivulit 6ce25c6600
Use mask_host for TLS emulation fetcher 2026-02-21 10:40:59 +03:00
Alexey 2dcbdbe302
Merge pull request #194 from telemt/flow 
ME Frame too large Fixes
 2026-02-21 05:04:42 +03:00
Alexey 1bd495a224
Fixed tests 2026-02-21 04:04:49 +03:00
Alexey b0e6c04c54
Merge pull request #193 from artemws/main 
Fix config reload for Docker
 2026-02-21 03:37:48 +03:00
Alexey 83fc9d6db3
Middle-End Fixes 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-02-21 03:36:13 +03:00
Alexey c9a043d8d5
ME Frame too large Fixes 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-02-21 02:15:10 +03:00
artemws a74bdf8aea
Update hot_reload.rs 2026-02-20 23:03:26 +02:00
Vladislav Yaroslavlev 100cb92ad1
feat: add hostname support for SOCKS4/SOCKS5 upstream proxies 
Previously, SOCKS proxy addresses only accepted IP:port format.
Now both IP:port and hostname:port formats are supported.

Changes:
- Try parsing as SocketAddr first (IP:port) for backward compatibility
- Fall back to tokio::net::TcpStream::connect() for hostname resolution
- Log warning if interface binding is specified with hostname (not supported)

Example usage:
[[upstreams]]
type = "socks5"
address = "proxy.example.com:1080"
username = "user"
password = "pass"
 2026-02-20 21:42:15 +03:00
Alexey 1fd78e012d
Metrics + Fixes in tests 2026-02-20 18:02:02 +03:00
Alexey 7304dacd60
Update main.rs 2026-02-20 17:42:20 +03:00
Alexey eb3245b78f
Merge branch 'main-stage' into flow 2026-02-20 17:19:23 +03:00
Alexey a303fee65f
ALPN Extract tests 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-02-20 17:12:16 +03:00
artemws 8892860490
Change whitelist to use IpNetwork for IP filtering 2026-02-20 16:04:21 +02:00
artemws 0d2958fea7
Change metrics whitelist to use IpNetwork 2026-02-20 16:03:57 +02:00
artemws dbd9b53940
Change metrics_whitelist type from Vec<IpAddr> to Vec<IpNetwork> 2026-02-20 16:03:38 +02:00
Alexey 471c680def
TLS Improvements 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-02-20 17:02:17 +03:00
Alexey 781947a08a
TlsFrontCache + X509 Parser + GREASE Tolerance 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-02-20 16:56:33 +03:00
Alexey e8454ea370
HAProxy PROXY Protocol Fixes 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-02-20 16:42:40 +03:00
artemws ea88a40c8f
Add config path canonicalization 
Canonicalize the config path to match notify events.
 2026-02-20 15:37:44 +02:00
Alexey 2ea4c83d9d
Normalize IP + Masking + TLS 2026-02-20 16:32:14 +03:00
artemws 953fab68c4
Refactor hot-reload mechanism to use notify crate 
Updated hot-reload functionality to use notify crate for file watching and improved documentation.
 2026-02-20 15:29:37 +02:00
artemws 0f6621d359
Refactor hot-reload watcher implementation 2026-02-20 15:29:20 +02:00
artemws 25b18ab064
Enhance logging for hot reload configuration changes 
Added detailed logging for various configuration changes during hot reload, including log level, ad tag, middle proxy pool size, and user access changes.
 2026-02-20 14:50:37 +02:00
artemws 3e0dc91db6
Add PartialEq to AccessConfig struct 2026-02-20 14:37:00 +02:00
artemws 26270bc651
Specify types for config_rx in main.rs 2026-02-20 14:27:31 +02:00
artemws 766806f5df
Add hot_reload module to config 2026-02-20 14:19:04 +02:00
artemws 26cf6ff4fa
Add files via upload 2026-02-20 14:18:30 +02:00
artemws b8add81018
Implement hot-reload for config and log level 
Added hot-reload functionality for configuration and log level.
 2026-02-20 14:18:09 +02:00
Alexey 4d72cb1680
TLS-F: Emu fixes 2026-02-20 14:32:09 +03:00
Alexey 79eebeb9ef
TLS-F: Fetcher fixes 2026-02-20 14:31:58 +03:00
Alexey 1045289539
TLS-F: Emu: stable CipherSuite 2026-02-20 14:15:45 +03:00
Alexey 3d0b32edf5
TLS-F: Emu researching 2026-02-20 14:02:06 +03:00
Alexey 487aa8fbce
TLS-F: Fetcher V2 2026-02-20 13:36:54 +03:00
Alexey 32a9405002
TLS-F: fixes 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-02-20 13:14:33 +03:00
Alexey 708bedc95e
TLS-F: build fixes 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-02-20 13:14:09 +03:00
Alexey ce64bf1cee
TLS-F: pulling main.rs 2026-02-20 13:02:43 +03:00
Alexey f4b79f2f79
TLS-F: ClientHello Extractor 2026-02-20 12:58:04 +03:00
Alexey 9a907a2470
TLS-F: added Emu + Cache 2026-02-20 12:55:26 +03:00
Alexey e6839adc17
TLS Front - Fake TLS V2 Core 2026-02-20 12:51:35 +03:00
Alexey 5e98b35fb7
Drafting Fake-TLS V2 2026-02-20 12:48:51 +03:00
Alexey 2926b9f5c8
ME Concurrency 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-02-19 16:02:50 +03:00
Alexey 820ed8d346
ME Keepalives 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-02-19 15:49:35 +03:00
Alexey e340b716b2
Drafting ME Healthcheck 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-02-19 15:39:30 +03:00
Alexey 4be4670668
ME Pool V2 - Agressive Healthcheck and Pool Rebuild 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-02-19 14:25:39 +03:00
Alexey 35ae455e2b
ME Pool V2 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-02-19 13:35:56 +03:00
Alexey 34f5289fc3
Merge pull request #159 from vladon/feat/version-flag 
feat: Add -V/--version flag to print version string
 2026-02-19 13:13:51 +03:00
Alexey b68e9d642e
Merge pull request #154 from ivulit/fix/stun-ipv6-enetunreach 
Handle IPv6 ENETUNREACH in STUN probe gracefully
 2026-02-19 12:35:22 +03:00
Vladislav Yaroslavlev f31d9d42fe
feat: Add -V/--version flag to print version string 
Closes #156

- Add handling for -V and --version arguments in CLI parser
- Print version to stdout using CARGO_PKG_VERSION from Cargo.toml
- Update help text to include version option
 2026-02-19 10:23:49 +03:00
ivulit e54dce5366
Handle IPv6 ENETUNREACH in STUN probe gracefully 
When IPv6 is unavailable on the host, treat NetworkUnreachable at
connect() as Ok(None) instead of propagating an error, so the dual
STUN probe succeeds with just the IPv4 result and no spurious WARN.
 2026-02-19 00:27:19 +03:00
unuunn c7464d53e1 feat: implement selective routing for "scope_*" users 
- Users with "scope_{name}" prefix are routed to upstreams where {name}
  is present in the "scopes" property (comma-separated).
- Strict separation: Scoped upstreams are excluded from general routing, and vice versa.
- Constraint: SOCKS upstreams and DIRECT(`use_middle_proxy =
false`) mode only.

Example:
  User "scope_hello" matches an upstream with `scopes = "world,hello"`
 2026-02-18 23:29:08 +03:00
Alexey d905de2dad
Nonce in Log only in DEBUG 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-02-18 20:02:43 +03:00
Alexey c7bd1c98e7
Autofallback on ME-Init 2026-02-18 19:50:16 +03:00
Alexey d3302d77d2
Blackmagics... 2026-02-18 19:49:19 +03:00
Alexey df4494c37a
New reroute algo + flush() optimized + new IPV6 Parser 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-02-18 19:08:27 +03:00
Alexey 67bae1cf2a
[network] in upstream 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-02-18 06:02:24 +03:00
Alexey eb9ac7fae4
ME Fixes 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-02-18 06:01:52 +03:00
Alexey 8046381939
[network] in main 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-02-18 06:01:08 +03:00
Alexey d4ebc7b5c6
New [network] 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-02-18 05:59:58 +03:00
Alexey c03db683a5
Improved perf for ME 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-02-17 04:16:16 +03:00
Alexey 168fd59187
Fixed critical ME Problems 2026-02-17 03:40:39 +03:00
Mikhail a1db082ec0
Add Prometheus /metrics HTTP endpoint 
Wire up unused metrics_port/metrics_whitelist config into working
HTTP server exposing proxy stats in Prometheus text format.
 2026-02-17 01:24:49 +03:00
vladon 16b5dc56f0 feat: extend announce_ip to accept hostnames 
Add new 'announce' field to ListenerConfig that accepts both IP addresses
and hostnames for proxy link generation. The old 'announce_ip' field is
deprecated but still supported via automatic migration.

Changes:
- Add 'announce: Option<String>' field to ListenerConfig
- Add migration logic: announce_ip → announce if announce not set
- Update main.rs to use announce field for link generation
- Support both hostnames (e.g., 'proxy.example.com') and IPs

Backward compatible: existing configs using announce_ip continue to work.
 2026-02-16 17:26:46 +03:00
Alexey 9e84528801
Update main.rs 2026-02-16 15:48:22 +03:00
Alexey 685c228190
Update main.rs 2026-02-16 15:16:26 +03:00
Alexey e4f90cd7c1
ME Ping in log 2026-02-16 12:10:59 +03:00
Alexey 3013291ea0
Merge pull request #97 from AndreyAkifev/main 
Fix ME relay HOL and reduce per-frame flush overhead
 2026-02-16 10:29:40 +03:00
Andrey Akifev e54fb3fffc
Reduce per-frame flush overhead 2026-02-16 12:49:49 +07:00
Andrey Akifev dddf9f30dc
Fix HOL 2026-02-16 12:49:16 +07:00
Жора Змейкин 3091b5168f
Fix: public_host/public_port + unix socket 2026-02-16 04:22:26 +03:00
Alexey 305c088bb7
Grabbing unknown dc into unknown-dc.txt 2026-02-15 23:59:53 +03:00
Alexey debdbfd73c
Ping for [dc_overrides] 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-02-15 23:46:49 +03:00
Alexey 904c17c1b3
DC=203 by default + IP Autodetect by STUN 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-02-15 23:30:21 +03:00
artemws 4a80bc8988 Refactor connectivity logging for upstream results 2026-02-15 22:33:25 +03:00