astelm/telemt
1
0
Fork 0
mirror of https://github.com/telemt/telemt.git synced 2026-06-22 10:51:15 +03:00
Code Issues Packages Projects Releases Wiki Activity
1,713 Commits 2 Branches 96 Tags
50b67a93d63be5db1d84676ea03a7e0d1f42c629
Commit Graph

1713 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Andrey Osipuk 50b67a93d6 feat(server): client_mss_bulk — raise MSS after handshake to cut pps 
client_mss (e.g. "tspu", MSS=92) fragments the whole connection to evade
DPI on the ServerHello, but it also fragments bulk payload, multiplying
outgoing packets-per-second ~10x. On hosts whose abuse detection counts
pps (not bandwidth) this trips packet-flood limits.

Add an optional [server].client_mss_bulk: keep the low client_mss for the
handshake (ServerHello stays fragmented => DPI bypass intact), then raise
the client socket MSS to client_mss_bulk once the connection enters the
post-handshake (bulk transfer) phase, so bulk data uses normal-size
segments and pps drops back to normal. Same preset/int grammar as
client_mss. Opt-in: when unset, the handshake MSS is kept for the whole
connection (unchanged behavior).

Linux-only (setsockopt TCP_MAXSEG via raw fd, mirroring TCP_USER_TIMEOUT);
no-op on other unix. Documented in CONFIG_PARAMS.{en,ru}.
 2026-06-19 11:11:01 +03:00
Alexey d1a97fe10f Update README.md 2026-06-14 12:03:55 +03:00
Alexey 9dc67727b0 Merge pull request #840 from telemt/flow 
Restore single-record TLS-F primary application flight + Fix SYN limiter lifecycle and default burst
3.4.18 		2026-06-12 15:23:23 +03:00
Alexey 2d02fbe548 Bump 2026-06-12 15:06:14 +03:00
Alexey 2675779915 Fix SYN limiter lifecycle and default burst 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-06-12 14:40:26 +03:00
Alexey c4954f745f Restore single-record TLS-F primary application flight 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-06-12 12:44:22 +03:00
Alexey f33abfb09e Merge pull request #838 from telemt/flow 
SYN limiter for Netfilter control + Syntactic key shares for TLS-F
3.4.17 		2026-06-12 10:08:25 +03:00
Alexey 9904da737a Rustfmt 2026-06-12 01:28:41 +03:00
Alexey 9a3ff726b2 Use token-bucket SYN limiter backends 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-06-12 01:27:03 +03:00
Alexey 942882f9de SYN Limiter interval and hitcount in Config 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-06-12 00:29:23 +03:00
Alexey eeff16c3fd Rustfmt 2026-06-12 00:01:01 +03:00
Alexey c86dc2f65e Docs for SYN Limiter 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-06-11 23:59:47 +03:00
Alexey 1cbde70a14 Add per-listener SYN limiter for Netfilter control 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-06-11 23:58:48 +03:00
Alexey 26cd4734de Update tls.rs 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-06-11 23:29:10 +03:00
Alexey 52a1b66ad7 Syntactic key shares for TLS-F 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-06-11 23:13:21 +03:00
Alexey 9ff48c2028 Merge pull request #836 from telemt/flow 
API + TLS-F Advanced tuning
3.4.16 		2026-06-11 21:08:11 +03:00
Alexey b43c683615 Rustfmt 2026-06-11 19:59:48 +03:00
Alexey e41470fb4c Update fetcher.rs 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-06-11 19:52:23 +03:00
Alexey 09dc0cb76c Update handshake_security_tests.rs 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-06-11 19:44:39 +03:00
Alexey c36eb81808 Fix for TLS-F, ALPN и SNI/ALPN helpers 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-06-11 19:17:06 +03:00
Alexey 0f8aca56d9 Fix fallback test record iterator lifetime 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-06-11 17:56:21 +03:00
Alexey 4e66933a35 Fix TLS masking test ClientHello fixtures and tail write ordering 2026-06-11 17:51:05 +03:00
Alexey 7cf00db242 Update client_masking_budget_security_tests.rs 2026-06-11 17:32:26 +03:00
Alexey 8bc1ac06d6 Update client_masking_budget_security_tests.rs 2026-06-11 17:31:23 +03:00
Alexey 59cfcf05d3 Update client_masking_blackhat_campaign_tests.rs 2026-06-11 17:23:35 +03:00
Alexey fcbedf66ea Update client_masking_blackhat_campaign_tests.rs 2026-06-11 17:21:54 +03:00
Alexey f5c402d9fc Update metrics.rs 2026-06-11 16:43:24 +03:00
Alexey 118d53239a Merge pull request #835 from telemt/flow-ey 
TLS Fixes escalating
 2026-06-11 16:38:10 +03:00
Alexey 607f5442ad Merge pull request #834 from telemt/flow-11ec 
TLS Fixes
 2026-06-11 16:37:15 +03:00
Alexey 1edd63bfb1 Rustfmt + Bump 2026-06-11 16:36:33 +03:00
Alexey a808dc2815 Fix TLS fetch test constants scope 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-06-11 16:34:58 +03:00
Alexey 6dc9f8c27a Replay-safe TLS-F ServerHello profile consistency 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-06-11 16:11:41 +03:00
Alexey 409b0ef5ee Expose TLS Fetcher Profile Quality for ServerHello fidelity 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-06-11 14:53:21 +03:00
Alexey 3d0560d583 Select ServerHello key share from TLS Fetcher Profile 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-06-11 14:43:03 +03:00
Alexey 62af515504 Generate Valid X25519MLKEM768 ServerHello key shares 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-06-11 14:14:09 +03:00
Alexey eba55e755d Preserve TLS-F Origin Record Choreography 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-06-11 13:51:58 +03:00
Alexey c4b58ad374 Hardened TLS-F ServerHello selection 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-06-11 13:07:40 +03:00
Alexey db7ff8737c Add dynamic SNI mask target mode 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-06-11 10:36:37 +03:00
Alexey cd2bb9c8cd Alles muss man selber machen 
Co-Authored-By: Mikhail I. Izmestev <355023+izmmisha@users.noreply.github.com>
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
Co-Authored-By: Dietmar Schreiber <376736+dginorg@users.noreply.github.com>
 2026-06-11 10:13:17 +03:00
Alexey 8d3f8a8215 Merge pull request #828 from amirotin/feat/config-edit-api 
Add config-edit HTTP API: PATCH/GET /v1/config
 2026-06-10 10:30:52 +03:00
Mirotin Artem ff7a12d5f8 fix(api): GET /v1/config returns only editable sections; tolerate commented TOML headers; doc fixes 2026-06-09 12:13:32 +03:00
Mirotin Artem 27ee634f4a docs(api): document PATCH/GET /v1/config 2026-06-09 12:03:35 +03:00
Mirotin Artem d7e16f5b26 feat(api): config-edit endpoints PATCH/GET /v1/config 2026-06-09 12:03:28 +03:00
Mirotin Artem e39aaeb5c5 feat(config): classify_config_changes (hot vs restart) via overlay_hot_fields 2026-06-09 12:03:10 +03:00
Mirotin Artem 1628a7d822 feat(api): generic config section writer + array-table bounds 2026-06-09 12:03:01 +03:00
Alexey e9c62b6d8d Merge pull request #827 from Rightarion/fix-rate-limits-document-bits-per-second 
Document rate limits as bits per second
 2026-06-08 20:04:10 +03:00
Alexey 36cf3b035c Merge pull request #825 from groozchique/main 
[docs] change fingerprint for xray double hop instruction
 2026-06-08 20:01:20 +03:00
Samat Gilmanov 8491f5183c Document rate limits as bits per second 2026-06-08 12:39:32 -04:00
Nick Parfyonov 357852cc59 [docs] change fingerprint for xray double hop 2026-06-08 11:14:15 +03:00
Alexey 504cafb129 Merge pull request #824 from telemt/flow 
MSS Tuning
3.4.15 		2026-06-06 12:25:33 +03:00