astelm
/
telemt
mirror of https://github.com/telemt/telemt.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
1,214 Commits 2 Branches 76 Tags 22 MiB
Commit Graph

157 Commits

Author SHA1 Message Date
Alexey d2baa8e721
CPU/RAM improvements + removing hot-path obstacles 2026-03-07 19:33:48 +03:00
Alexey 5f77f83b48
ME Adaptive Floor Upper-Limit 2026-03-07 17:27:56 +03:00
Alexey ce9698d39b
ME Adaptive Floor Planner 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-03-07 02:50:11 +03:00
Alexey 2ea85c00d3
Runtime API Defaults 2026-03-06 18:54:00 +03:00
Alexey 4e803b1412
Update load.rs 2026-03-06 12:08:43 +03:00
Alexey f32c34f126
ME NoWait Routing + Upstream Connbudget + PROXY Header t/o + allocation cuts 2026-03-06 03:58:08 +03:00
Alexey 9b84fc7a5b
Secret Atomic Snapshot + KDF Fingerprint on RwLock 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-03-05 23:18:26 +03:00
Alexey d683faf922
HybridAsyncPersistent - new ME Route NoWriter Mode 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-03-05 22:31:01 +03:00
Alexey 8066ea2163
ME Pool Init fixes 2026-03-05 15:31:36 +03:00
Alexey 09bdafa718
Performance improvements 2026-03-05 14:39:32 +03:00
Alexey ccfda10713
ME2DC Fallback + ME Init Retries 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-03-05 12:43:07 +03:00
Alexey a9209fd3c7
Hot-Reload fixes 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-03-05 12:18:09 +03:00
Alexey 4ae4ca8ca8
New IP Limit Method 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-03-05 02:28:19 +03:00
Alexey 6b9c7f7862
Runtime API in defaults 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-03-04 02:46:12 +03:00
Alexey 7269dfbdc5
API in defaults+load+reload 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-03-04 01:09:32 +03:00
Alexey 533708f885
API in defaults 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-03-04 01:08:59 +03:00
Alexey a6132bac38
Idle tolerance + Adaptive floor by default + RPC Proxy Req 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-03-03 23:16:25 +03:00
Alexey 624870109e
Upstream Connect in defaults 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-03-03 20:50:31 +03:00
Alexey c01ca40b6d
ME Adaptive Floor in Tests 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-03-03 03:39:28 +03:00
Alexey cfec6dbb3c
ME Adaptive Floor pull-up 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-03-03 03:38:06 +03:00
Alexey 225fc3e4ea
ME Adaptive Floor Drafts 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-03-03 03:37:00 +03:00
Alexey 235642459a
ME Keepalive 8/2 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-03-03 03:08:15 +03:00
Alexey a6d22e8a57
ME Pool Shadow Writers 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-03-02 21:04:06 +03:00
Alexey 6f1980dfd7
ME Pool improvements 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-03-02 00:17:58 +03:00
sintanial bc432f06e2
Add per-user ad_tag with global fallback and hot-reload 
- Per-user ad_tag in [access.user_ad_tags], global fallback in general.ad_tag
- User tag overrides global; if no user tag, general.ad_tag is used
- Both general.ad_tag and user_ad_tags support hot-reload (no restart)
 2026-03-01 16:28:55 +03:00
Alexey 9afaa28add
UpstreamManager: Backoff Retries 2026-02-28 14:21:09 +03:00
Alexey 8b39a4ef6d
Statistics on ME + Dynamic backpressure + KDF with SOCKS 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-02-28 13:18:31 +03:00
Alexey ac064fe773
STUN switch + Ad-tag fixes + DNS-overrides 2026-02-27 15:59:27 +03:00
Alexey 1f255d0aa4
ME Probe + STUN Legacy 2026-02-26 18:41:11 +03:00
Alexey 9d2ff25bf5
Unified STUN + ME Primary parallelized 
- Unified STUN server source-of-truth
- parallelize per-DC primary ME init for multi-endpoint DCs
 2026-02-26 18:18:24 +03:00
Alexey 7782336264
ME Probe parallelized 2026-02-26 17:56:22 +03:00
Alexey 8ce8348cd5
Merge branch 'main' into feat/mask-proxy-protocol 2026-02-26 15:21:58 +03:00
Alexey e25b7f5ff8
STUN List 2026-02-26 15:10:21 +03:00
Alexey d7182ae817
Update defaults.rs 2026-02-26 15:07:04 +03:00
Alexey fb1f85559c
Update load.rs 2026-02-26 14:57:28 +03:00
ivulit da684b11fe
feat: add mask_proxy_protocol option for PROXY protocol to mask_host 
Adds mask_proxy_protocol config option (0 = off, 1 = v1 text, 2 = v2 binary)
that sends a PROXY protocol header when connecting to mask_host. This lets
the backend see the real client IP address.

Particularly useful when the masking site (nginx/HAProxy) runs on the same
host as telemt and listens on a local port — without this, the backend loses
the original client IP entirely.

PROXY protocol header is also sent during TLS emulation fetches so that
backends with proxy_protocol required don't reject the connection.
 2026-02-26 13:36:33 +03:00
Alexey 896e129155
Checked defaults 2026-02-26 12:48:22 +03:00
Alexey fed9346444
New config.toml + tls_emulation enabled by default 2026-02-25 17:49:54 +03:00
Alexey f40b645c05
Defaults in-place 2026-02-25 17:28:06 +03:00
Alexey f83e23c521
Update defaults.rs 2026-02-25 03:08:34 +03:00
Alexey 618b7a1837
ME Pool Beobachter 2026-02-25 02:10:14 +03:00
Alexey 7538967d3c
ME Hardswap being softer 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-02-24 23:36:33 +03:00
Alexey 4a95f6d195
ME Pool Health + Rotation 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-02-24 22:59:59 +03:00
Alexey d2f08fb707
ME Soft Reinit tuning 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-02-24 18:19:39 +03:00
Vladislav Yaroslavlev 09f56dede2
fix: resolve clippy warnings 
Reduce clippy warnings from54 to16 by fixing mechanical issues:

- collapsible_if: collapse nested if-let chains with let-chains
- clone_on_copy: remove unnecessary .clone() on Copy types
- manual_clamp: replace .max().min() with .clamp()
- unnecessary_cast: remove redundant type casts
- collapsible_else_if: flatten else-if chains
- contains_vs_iter_any: replace .iter().any() with .contains()
- unnecessary_closure: replace .or_else(|| x) with .or(x)
- useless_conversion: remove redundant .into() calls
- is_none_or: replace .map_or(true, ...) with .is_none_or(...)
- while_let_loop: convert loop with if-let-break to while-let

Remaining16 warnings are design-level issues (too_many_arguments,
await_holding_lock, type_complexity, new_ret_no_self) that require
architectural changes to fix.
 2026-02-24 05:57:53 +03:00
Alexey 78c45626e1
Merge pull request #220 from vladon/fix-compiler-warnings 
fix: eliminate all compiler warnings
 2026-02-24 03:49:46 +03:00
Vladislav Yaroslavlev 68c3abee6c
fix: eliminate all compiler warnings 
- Remove unused imports across multiple modules
- Add #![allow(dead_code)] for public API items preserved for future use
- Add #![allow(deprecated)] for rand::Rng::gen_range usage
- Add #![allow(unused_assignments)] in main.rs
- Add #![allow(unreachable_code)] in network/stun.rs
- Prefix unused variables with underscore (_ip_tracker, _prefer_ipv6)
- Fix unused_must_use warning in tls_front/cache.rs

This ensures clean compilation without warnings while preserving
public API items that may be used in the future.
 2026-02-24 03:40:59 +03:00
Alexey 8b47fc3575
Update defaults.rs 2026-02-24 02:12:44 +03:00
Alexey 122e4729c5
Update defaults.rs 2026-02-24 00:17:33 +03:00
Alexey 08138451d8
Update types.rs 2026-02-24 00:15:37 +03:00
Alexey f710a2192a
Update types.rs 2026-02-24 00:08:03 +03:00
Alexey 0e2d42624f
ME Pool Hardswap 2026-02-24 00:04:12 +03:00
Alexey 75bfbe6e95
Update defaults.rs 2026-02-23 16:10:39 +03:00
Alexey fc2ac3d10f
ME Pool Reinit polishing 2026-02-23 16:09:09 +03:00
Alexey d8dcbbb61e
ME Pool Updater + Soft-staged Reinit w/o Reconcile 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-02-23 16:04:19 +03:00
Alexey d08ddd718a
Desync Full Forensics 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-02-23 15:28:02 +03:00
Alexey b5d0564f2a
Time-To-Life for TLS Full Certificate 2026-02-23 05:47:44 +03:00
Alexey a5c7a41c49
Update types.rs 2026-02-23 02:48:03 +03:00
Alexey 7cc78a5746
Update types.rs 2026-02-23 02:45:16 +03:00
Alexey 6ff29e43d3
Middle-End protocol hardening 
- Secure framing / hot-path fix: enforced a single length + padding contract across the framing layer. Replaced legacy runtime `len % 4` recovery with strict validation to eliminate undefined behavior paths.

- ME RPC aligned with C reference contract: handshake now includes `flags + sender_pid + peer_pid`. Added negotiated CRC mode (CRC32 / CRC32C) and applied the negotiated mode consistently in read/write paths.

- Sequence fail-fast semantics: immediate connection termination on first sequence mismatch with dedicated counter increment.

- Keepalive reworked to RPC ping/pong: removed raw CBC keepalive frames. Introduced stale ping tracker with proper timeout accounting.

- Route/backpressure observability improvements: increased per-connection route queue to 4096. Added `RouteResult` with explicit failure reasons (NoConn, ChannelClosed, QueueFull) and per-reason counters.

- Direct-DC secure mode-gate relaxation: removed TLS/secure conflict in Direct-DC handshake path.
 2026-02-23 02:28:00 +03:00
Alexey 69be44b2b6
Merge pull request #206 from telemt/flow 
Flush on Response + Hotpath tunings + Reuseport Checker
 2026-02-23 01:03:15 +03:00
Alexey 07ca94ce57
Reuseport Checker 2026-02-23 00:55:47 +03:00
Dimasssss b2aaf404e1
Add files via upload 2026-02-22 01:19:26 +03:00
Alexey 2dcbdbe302
Merge pull request #194 from telemt/flow 
ME Frame too large Fixes
 2026-02-21 05:04:42 +03:00
Alexey 83fc9d6db3
Middle-End Fixes 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-02-21 03:36:13 +03:00
Alexey c9a043d8d5
ME Frame too large Fixes 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-02-21 02:15:10 +03:00
artemws a74bdf8aea
Update hot_reload.rs 2026-02-20 23:03:26 +02:00
Alexey eb3245b78f
Merge branch 'main-stage' into flow 2026-02-20 17:19:23 +03:00
artemws 0d2958fea7
Change metrics whitelist to use IpNetwork 2026-02-20 16:03:57 +02:00
artemws dbd9b53940
Change metrics_whitelist type from Vec<IpAddr> to Vec<IpNetwork> 2026-02-20 16:03:38 +02:00
Alexey e8454ea370
HAProxy PROXY Protocol Fixes 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-02-20 16:42:40 +03:00
artemws ea88a40c8f
Add config path canonicalization 
Canonicalize the config path to match notify events.
 2026-02-20 15:37:44 +02:00
Alexey 2ea4c83d9d
Normalize IP + Masking + TLS 2026-02-20 16:32:14 +03:00
artemws 953fab68c4
Refactor hot-reload mechanism to use notify crate 
Updated hot-reload functionality to use notify crate for file watching and improved documentation.
 2026-02-20 15:29:37 +02:00
artemws 25b18ab064
Enhance logging for hot reload configuration changes 
Added detailed logging for various configuration changes during hot reload, including log level, ad tag, middle proxy pool size, and user access changes.
 2026-02-20 14:50:37 +02:00
artemws 3e0dc91db6
Add PartialEq to AccessConfig struct 2026-02-20 14:37:00 +02:00
artemws 766806f5df
Add hot_reload module to config 2026-02-20 14:19:04 +02:00
artemws 26cf6ff4fa
Add files via upload 2026-02-20 14:18:30 +02:00
Alexey 5e98b35fb7
Drafting Fake-TLS V2 2026-02-20 12:48:51 +03:00
Alexey e340b716b2
Drafting ME Healthcheck 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-02-19 15:39:30 +03:00
Alexey 35ae455e2b
ME Pool V2 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-02-19 13:35:56 +03:00
unuunn c7464d53e1 feat: implement selective routing for "scope_*" users 
- Users with "scope_{name}" prefix are routed to upstreams where {name}
  is present in the "scopes" property (comma-separated).
- Strict separation: Scoped upstreams are excluded from general routing, and vice versa.
- Constraint: SOCKS upstreams and DIRECT(`use_middle_proxy =
false`) mode only.

Example:
  User "scope_hello" matches an upstream with `scopes = "world,hello"`
 2026-02-18 23:29:08 +03:00
Alexey c7bd1c98e7
Autofallback on ME-Init 2026-02-18 19:50:16 +03:00
Alexey df4494c37a
New reroute algo + flush() optimized + new IPV6 Parser 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-02-18 19:08:27 +03:00
Alexey 8046381939
[network] in main 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-02-18 06:01:08 +03:00
vladon 16b5dc56f0 feat: extend announce_ip to accept hostnames 
Add new 'announce' field to ListenerConfig that accepts both IP addresses
and hostnames for proxy link generation. The old 'announce_ip' field is
deprecated but still supported via automatic migration.

Changes:
- Add 'announce: Option<String>' field to ListenerConfig
- Add migration logic: announce_ip → announce if announce not set
- Update main.rs to use announce field for link generation
- Support both hostnames (e.g., 'proxy.example.com') and IPs

Backward compatible: existing configs using announce_ip continue to work.
 2026-02-16 17:26:46 +03:00
Жора Змейкин 3091b5168f
Fix: public_host/public_port + unix socket 2026-02-16 04:22:26 +03:00
Alexey 305c088bb7
Grabbing unknown dc into unknown-dc.txt 2026-02-15 23:59:53 +03:00
Alexey 904c17c1b3
DC=203 by default + IP Autodetect by STUN 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-02-15 23:30:21 +03:00
Alexey da108b2d8c
Middle Proxy läuft wie auf Schienen... 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-02-15 14:02:00 +03:00
artemws c837a9b0c6
Add disable_colors field to GeneralConfig 
Add option to disable colored output in logs
 2026-02-15 10:12:33 +02:00
artemws 50ec753c05
Add user_max_unique_ips to configuration 2026-02-14 23:01:09 +02:00
Alexey b03312fa2e
Merge pull request #65 from telemt/2.0.0.0-h 
2.0.0.1
 2026-02-14 22:20:43 +03:00
Alexey 7f8cde8317
NAT + STUN Probes... 2026-02-14 12:44:20 +03:00
Alexey 70859aa5cf
Middle Proxy is so real 2026-02-14 01:36:14 +03:00
Max Vorobev fc47e4d584
feature: support show_links = "*" 2026-02-14 01:02:47 +03:00
Alexey f1c1f42de8
Key derivation + me_health_monitor + QuickACK 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-02-13 12:51:49 +03:00
Жора Змейкин d8ff958481
Add mask_unix_sock for censorship masking via Unix socket 2026-02-12 21:11:20 +03:00
Alexey 84668e671e
Default Cluster Drafts 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-02-12 18:25:41 +03:00
Жора Змейкин 9304d5256a
Refactor startup logging 
Move all startup output (DC pings, proxy links) from println!() to
      info!() for consistent tracing format. Add reload::Layer so startup
      messages stay visible even in silent mode.
 2026-02-12 05:14:23 +03:00