astelm/telemt
1
0
Fork 0
mirror of https://github.com/telemt/telemt.git synced 2026-06-12 05:51:43 +03:00
Code Issues Packages Projects Releases Wiki Activity
1,698 Commits 2 Branches 94 Tags
9ff48c2028b7f0a7a2e80841e7452f21fc75df6e
Commit Graph

213 Commits

Author SHA1 Message Date
Alexey
db7ff8737c Add dynamic SNI mask target mode 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-06-11 10:36:37 +03:00
Mirotin Artem
e39aaeb5c5 feat(config): classify_config_changes (hot vs restart) via overlay_hot_fields 2026-06-09 12:03:10 +03:00
Alexey
9bbdf796d8 Rustfmt 2026-06-06 12:17:19 +03:00
Alexey
27a5f5a4ec MSS Tuning with config 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-06-06 12:11:05 +03:00
Alexey
54e40fd073 Fixes for Load mask shape security test 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-06-05 12:43:30 +03:00
Alexey
462215b53c Dual-stack fixes for Upstreams by #798 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-06-01 19:50:26 +03:00
Alexey
2264980926 User Disabler in API by #814 + Consistent Listeners in API by #800 2026-05-31 11:17:18 +03:00
Alexey
98c985091c Decomposing hot-path modules into focused submodules 
Signed-off-by: Alexey <247128645+axkurcom@users.noreply.github.com>
 2026-05-21 18:03:55 +03:00
Alexey
70d02910b7 Fixes for SILENT-mode by #792 
Signed-off-by: Alexey <247128645+axkurcom@users.noreply.github.com>
 2026-05-20 10:54:37 +03:00
Alexey
422d97a385 Update load.rs 
Signed-off-by: Alexey <247128645+axkurcom@users.noreply.github.com>
 2026-05-20 10:33:18 +03:00
Alexey
6b0cc48c2b IDN Support 
Signed-off-by: Alexey <247128645+axkurcom@users.noreply.github.com>
 2026-05-19 22:42:09 +03:00
Alexey
914f141715 Exclusive Mask + Startup Speed-up 
Signed-off-by: Alexey <247128645+axkurcom@users.noreply.github.com>
 2026-05-19 22:17:59 +03:00
Alexey
57b2aa0453 Rustfmt 2026-05-10 14:14:52 +03:00
Alexey
3f9ac87daf Bounded Rate Bursts + Cancel ME Waits 2026-05-10 13:33:54 +03:00
Alexey
b2aa9b8c9e Hardened API & Management-plane Admission 
- bound API and metrics connection handling
- default metrics listener to localhost
- reject untrusted PROXY protocol peers before parsing headers
- cap API request body size and PROXY v2 payload allocation
- validate route usernames and TLS domains consistently
 2026-05-09 20:50:23 +03:00
Alexey
f0f2bc0482 Limit&Quota Saving as File + API 2026-05-08 14:38:24 +03:00
Alexey
658a565cb3 Merge pull request #770 from konstpic/feat/user-source-deny-list 
feat(access): add per-user source IP deny list checks
 2026-05-07 11:56:54 +03:00
Alexey
4995e83236 Config Strict and Validator 2026-05-06 20:38:55 +03:00
Konstantin Pichugin
b859fb95c3 feat(access): add per-user source IP deny list checks 
Add access.user_source_deny and enforce it in TLS and MTProto handshake paths after successful authentication to fail closed for blocked source IPs.
 2026-05-06 19:11:18 +03:00
Alexey
d46bda9880 Preserve synchronous IP cleanup queue contract + Rustfmt 2026-04-30 11:05:18 +03:00
Alexey
876b74ebf7 Hot-path Cleanup and Timeout Invariants 2026-04-29 23:16:11 +03:00
Alexey
8ef5263fce Fix WorkingDirectory behavior 
Signed-off-by: Alexey <247128645+axkurcom@users.noreply.github.com>
Co-Authored-By: mikhailnov <m@mikhailnov.ru>
Signed-off-by: Alexey <247128645+axkurcom@users.noreply.github.com>
 2026-04-28 12:31:21 +03:00
Alexey
67357310f7 TLS 1.2/1.3 Correctness + Full ServerHello + Rustfmt 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-04-23 21:29:18 +03:00
Alexey
db114f09c3 Sync tests with code 2026-04-21 13:30:11 +03:00
Alexey
09310ff284 Unlimited mask_relay_max_bytes 2026-04-21 11:30:58 +03:00
Alexey
926e3aa987 Fairness Regression fixes 2026-04-21 01:11:43 +03:00
lie-must-die
5b07ffae7c Implement test for unknown_sni_action in ProxyConfig 
Added test case for unknown_sni_action configuration.
 2026-04-19 12:42:52 +03:00
lie-must-die
7bbed133ee Add RejectHandshake variant for TLS configuration 
Added a new variant 'RejectHandshake' to handle TLS handshake rejection with a specific alert.
 2026-04-19 12:40:10 +03:00
Alexey
d72cfd6bc4 Merge branch 'flow' into feature/configurable-proxy-confi-urls 2026-04-17 19:44:46 +03:00
Alexey
b447f60a72 Rustfmt + Bump 2026-04-17 19:08:57 +03:00
Alexey
093faed0c2 Conntrack Control for Docker 2026-04-17 19:06:18 +03:00
Dmitry Zarva
2a168b2600 feat: make URLS to obtain proxy_secret, getProxyConfig, getProxyConfigV6 files optionally configurable 2026-04-17 13:04:46 +00:00
Alexey
17a966b822 Rustfmt 2026-04-17 10:48:01 +03:00
Alexey
21ca1014ae Drafting Traffic Control 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-04-15 13:14:45 +03:00
Alexey
696316f919 Rustfmt 2026-04-15 01:39:47 +03:00
Alexey
d7a0319696 Server.Listeners + Upstream V4/V6 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-04-15 01:32:49 +03:00
Alexey
3fefcdd11f Fix for beobachten path by #664 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-04-14 20:09:31 +03:00
Alexey
57dca639f0 Gray Action for API by #630 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-04-14 19:19:06 +03:00
Alexey
13f86062f4 BINDTODEVICE for Direct Upstreams by #683 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-04-14 18:32:06 +03:00
Batmaev
26c40092f3 rm hardcoded mask timeouts 2026-04-12 10:46:18 +03:00
sintanial
ddeda8d914 feat: add configurable RST-on-close mode for client sockets 
Add `rst_on_close` config option (off/errors/always) to control
SO_LINGER(0) behaviour on accepted TCP connections.

- `off` (default): normal FIN on all closes, no behaviour change.
- `errors`: SO_LINGER(0) set on accept, cleared after successful
  handshake auth. Pre-handshake failures (scanners, DPI probes,
  timeouts) send RST instead of FIN, eliminating FIN-WAIT-1 and
  orphan socket accumulation. Authenticated relay sessions still
  close gracefully with FIN.
- `always`: SO_LINGER(0) on accept, never cleared — all closes
  send RST regardless of handshake outcome.
 2026-04-10 05:01:38 +03:00
Alexey
4a77335ba9 Round-bounded Retries + Bounded Retry-Round Constant 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-04-07 19:19:40 +03:00
Alexey
3b717c75da Memory Hard-bounds + Handshake Budget in Metrics + No mutable in hotpath ConnRegistry 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-04-07 18:18:47 +03:00
Alexey
d848e4a729 Fixes for test + Rustfmt 2026-04-06 16:12:46 +03:00
Alexey
8d865a980c MRU Search + Runtime user snapshot + Ordered candidate auth + Sticky hints + Overload Budgets 2026-04-06 15:04:15 +03:00
Alexey
13dc1f70bf Accept as unknown_sni_action 2026-04-06 12:03:06 +03:00
Alexey
5f5582865e Rustfmt 2026-04-05 17:23:40 +03:00
Alexey
977ee53b72 Config Fallback + Working Directory Setup 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-04-05 14:40:17 +03:00
Alexey
8fe6fcb7eb ME2DC Fast for unstoppable init 2026-04-05 13:10:35 +03:00
Alexey
7f0057acd7 Conntrack Control Method 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-04-04 11:28:32 +03:00