Alexey
eba55e755d
Preserve TLS-F Origin Record Choreography
...
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com >
2026-06-11 13:51:58 +03:00
Alexey
c4b58ad374
Hardened TLS-F ServerHello selection
...
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com >
2026-06-11 13:07:40 +03:00
Alexey
db7ff8737c
Add dynamic SNI mask target mode
...
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com >
2026-06-11 10:36:37 +03:00
Alexey
cd2bb9c8cd
Alles muss man selber machen
...
Co-Authored-By: Mikhail I. Izmestev <355023+izmmisha@users.noreply.github.com >
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com >
Co-Authored-By: Dietmar Schreiber <376736+dginorg@users.noreply.github.com >
2026-06-11 10:13:17 +03:00
Mirotin Artem
ff7a12d5f8
fix(api): GET /v1/config returns only editable sections; tolerate commented TOML headers; doc fixes
2026-06-09 12:13:32 +03:00
Mirotin Artem
d7e16f5b26
feat(api): config-edit endpoints PATCH/GET /v1/config
2026-06-09 12:03:28 +03:00
Mirotin Artem
e39aaeb5c5
feat(config): classify_config_changes (hot vs restart) via overlay_hot_fields
2026-06-09 12:03:10 +03:00
Mirotin Artem
1628a7d822
feat(api): generic config section writer + array-table bounds
2026-06-09 12:03:01 +03:00
Alexey
9bbdf796d8
Rustfmt
2026-06-06 12:17:19 +03:00
Alexey
27a5f5a4ec
MSS Tuning with config
...
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com >
2026-06-06 12:11:05 +03:00
Alexey
7d543aeb67
Fixes for Adversarial Timing Profile Latency-flake by #761
...
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com >
2026-06-05 12:59:50 +03:00
Alexey
89a885c25f
Reset Interface Cache in Masking timing test
...
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com >
2026-06-05 12:51:54 +03:00
Alexey
54e40fd073
Fixes for Load mask shape security test
...
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com >
2026-06-05 12:43:30 +03:00
Alexey
34b48325fd
JA3+JA4 Pitfall in API + Beobachten
...
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com >
2026-06-02 08:17:56 +03:00
Alexey
462215b53c
Dual-stack fixes for Upstreams by #798
...
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com >
2026-06-01 19:50:26 +03:00
Alexey
2264980926
User Disabler in API by #814 + Consistent Listeners in API by #800
2026-05-31 11:17:18 +03:00
Alexey
3d0d575b94
Normalize rlimit type on 32-bit targets in Conntrack Control #815
2026-05-30 18:13:54 +03:00
Aleksei K
a77aedfd7a
Atomically claim pressure eviction budget in MR
2026-05-29 13:17:47 +03:00
Aleksei K
2a0fcd6e35
Align ServerHello cipher and opaque ALPN behavior in TLS-F
2026-05-28 16:11:25 +03:00
Alexey
31da0a1356
Fixes for Disable Colors
2026-05-26 12:20:28 +03:00
Alexey
d4adf0ef9a
ME: Bound writer queue waits under backpressure
2026-05-25 00:28:29 +03:00
Alexey
dc8951eae8
Reduce MR + ME Routing hot-path contention
2026-05-22 20:19:09 +03:00
Alexey
77a7f89075
Reuse ME reader scratch buffer across read loop iterations
2026-05-22 19:56:38 +03:00
Alexey
9abaf9006c
Prioritize Cancellation in MP select paths
2026-05-22 16:47:54 +03:00
Alexey
885258b85e
Prioritize Relay Flow Cancellation over Buffered Writes
2026-05-21 20:35:25 +03:00
Alexey
98c985091c
Decomposing hot-path modules into focused submodules
...
Signed-off-by: Alexey <247128645+axkurcom@users.noreply.github.com >
2026-05-21 18:03:55 +03:00
Alexey
c02c7fbe43
Reducing hot-path allocs + duplicate telemetry touchs
...
Signed-off-by: Alexey <247128645+axkurcom@users.noreply.github.com >
2026-05-20 17:07:54 +03:00
Alexey
8379b48f69
Fix hot-path replay bounds and ME control allocations
...
Signed-off-by: Alexey <247128645+axkurcom@users.noreply.github.com >
2026-05-20 14:05:22 +03:00
Alexey
70d02910b7
Fixes for SILENT-mode by #792
...
Signed-off-by: Alexey <247128645+axkurcom@users.noreply.github.com >
2026-05-20 10:54:37 +03:00
Alexey
422d97a385
Update load.rs
...
Signed-off-by: Alexey <247128645+axkurcom@users.noreply.github.com >
2026-05-20 10:33:18 +03:00
Alexey
6b0cc48c2b
IDN Support
...
Signed-off-by: Alexey <247128645+axkurcom@users.noreply.github.com >
2026-05-19 22:42:09 +03:00
Alexey
914f141715
Exclusive Mask + Startup Speed-up
...
Signed-off-by: Alexey <247128645+axkurcom@users.noreply.github.com >
2026-05-19 22:17:59 +03:00
Mirotin Artem
0af64a4d0a
Add GET /v1/users/quota endpoint
2026-05-15 16:25:56 +03:00
astronaut808
8895947414
Expose user rate limits through the API
2026-05-13 16:35:40 +05:00
Alexey
57b2aa0453
Rustfmt
2026-05-10 14:14:52 +03:00
Alexey
10c7cb2e0c
Middle Relay Cancellation Errors
2026-05-10 14:12:15 +03:00
Alexey
900b574fb8
Harden ME Writer Cancellation paths
2026-05-10 14:09:10 +03:00
Alexey
beed6b4679
Middle Wait Deadlines + Tighten Session Release State
2026-05-10 13:58:02 +03:00
Alexey
eef2a38c75
Type Route Cutovers + Reduce IP Tracker cleanup pressure
2026-05-10 13:55:01 +03:00
Alexey
6cb72b3b6c
Explicit Reasons of Session Fallback Cleanup + ME Close
2026-05-10 13:50:36 +03:00
Alexey
090b2ca636
Stats and Cleanup-proccess beyond Hot-path
2026-05-10 13:43:41 +03:00
Alexey
e10c070dc1
Observability + Cancellation for Middle Quota + Traffic Waits
2026-05-10 13:38:11 +03:00
Alexey
3f9ac87daf
Bounded Rate Bursts + Cancel ME Waits
2026-05-10 13:33:54 +03:00
Alexey
844a912b38
Expose Quota Contention + Cleanup fallback metrics
2026-05-10 13:30:59 +03:00
Alexey
ba1d9be5d4
Hardened Relays and API Security paths
2026-05-10 13:22:54 +03:00
Alexey
b2aa9b8c9e
Hardened API & Management-plane Admission
...
- bound API and metrics connection handling
- default metrics listener to localhost
- reject untrusted PROXY protocol peers before parsing headers
- cap API request body size and PROXY v2 payload allocation
- validate route usernames and TLS domains consistently
2026-05-09 20:50:23 +03:00
Alexey
b3510aa8b8
Bound HTTP API+Metrics Connection Admission
2026-05-09 16:29:30 +03:00
Alexey
f0f2bc0482
Limit&Quota Saving as File + API
2026-05-08 14:38:24 +03:00
Alexey
86573be493
Event-driven Wakeup for ME Admission-gate
2026-05-08 13:34:41 +03:00
Alexey
658a565cb3
Merge pull request #770 from konstpic/feat/user-source-deny-list
...
feat(access): add per-user source IP deny list checks
2026-05-07 11:56:54 +03:00