da684b11fe
feat: add mask_proxy_protocol option for PROXY protocol to mask_host
...
Adds mask_proxy_protocol config option (0 = off, 1 = v1 text, 2 = v2 binary)
that sends a PROXY protocol header when connecting to mask_host. This lets
the backend see the real client IP address.
Particularly useful when the masking site (nginx/HAProxy) runs on the same
host as telemt and listens on a local port — without this, the backend loses
the original client IP entirely.
PROXY protocol header is also sent during TLS emulation fetches so that
backends with proxy_protocol required don't reject the connection.
2026-02-26 13:36:33 +03:00
fed9346444
New config.toml + tls_emulation enabled by default
2026-02-25 17:49:54 +03:00
f40b645c05
Defaults in-place
2026-02-25 17:28:06 +03:00
5558900c44
Update main.rs
2026-02-25 13:29:46 +03:00
206f87fe64
fix: remove bracket in info
2026-02-25 09:22:26 +03:00
f83e23c521
Update defaults.rs
2026-02-25 03:08:34 +03:00
6b8619d3c9
Create beobachten.rs
2026-02-25 02:17:48 +03:00
618b7a1837
ME Pool Beobachter
2026-02-25 02:10:14 +03:00
c6c3d71b08
ME Pool Flap-Detect in statistics
2026-02-25 01:26:01 +03:00
7538967d3c
ME Hardswap being softer
...
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
2026-02-24 23:36:33 +03:00
4a95f6d195
ME Pool Health + Rotation
...
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
2026-02-24 22:59:59 +03:00
d2f08fb707
ME Soft Reinit tuning
...
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
2026-02-24 18:19:39 +03:00
09f56dede2
fix: resolve clippy warnings
...
Reduce clippy warnings from54 to16 by fixing mechanical issues:
- collapsible_if: collapse nested if-let chains with let-chains
- clone_on_copy: remove unnecessary .clone() on Copy types
- manual_clamp: replace .max().min() with .clamp()
- unnecessary_cast: remove redundant type casts
- collapsible_else_if: flatten else-if chains
- contains_vs_iter_any: replace .iter().any() with .contains()
- unnecessary_closure: replace .or_else(|| x) with .or(x)
- useless_conversion: remove redundant .into() calls
- is_none_or: replace .map_or(true, ...) with .is_none_or(...)
- while_let_loop: convert loop with if-let-break to while-let
Remaining16 warnings are design-level issues (too_many_arguments,
await_holding_lock, type_complexity, new_ret_no_self) that require
architectural changes to fix.
2026-02-24 05:57:53 +03:00
d6214c6bbf
fix: add #[cfg(test)] to unused ProxyError import
...
The ProxyError import in tls.rs is only used in test code
(validate_server_hello_structure function), so guard it with
#[cfg(test)] to eliminate the unused import warning.
2026-02-24 04:20:30 +03:00
1d71b7e90c
fix: add missing imports in test code
...
- Add ProxyError import and fix Result type annotation in tls.rs
- Add Arc import in stats/mod.rs test module
- Add BodyExt import in metrics.rs test module
These imports were missing causing compilation failures in
cargo test --release with 10 errors.
2026-02-24 04:07:14 +03:00
78c45626e1
Merge pull request #220 from vladon/fix-compiler-warnings
...
fix: eliminate all compiler warnings
2026-02-24 03:49:46 +03:00
68c3abee6c
fix: eliminate all compiler warnings
...
- Remove unused imports across multiple modules
- Add #![allow(dead_code)] for public API items preserved for future use
- Add #![allow(deprecated)] for rand::Rng::gen_range usage
- Add #![allow(unused_assignments)] in main.rs
- Add #![allow(unreachable_code)] in network/stun.rs
- Prefix unused variables with underscore (_ip_tracker, _prefer_ipv6)
- Fix unused_must_use warning in tls_front/cache.rs
This ensures clean compilation without warnings while preserving
public API items that may be used in the future.
2026-02-24 03:40:59 +03:00
8b47fc3575
Update defaults.rs
2026-02-24 02:12:44 +03:00
122e4729c5
Update defaults.rs
2026-02-24 00:17:33 +03:00
08138451d8
Update types.rs
2026-02-24 00:15:37 +03:00
f710a2192a
Update types.rs
2026-02-24 00:08:03 +03:00
0e2d42624f
ME Pool Hardswap
2026-02-24 00:04:12 +03:00
5a0e44e311
Merge pull request #215 from vladon/improve-cli-help
...
Improve CLI help text with comprehensive options
2026-02-23 18:47:04 +03:00
872b47067a
Improve CLI help text with comprehensive options
...
- Add version number to help header
- Restructure help into USAGE, ARGS, OPTIONS, INIT OPTIONS, EXAMPLES sections
- Include all command-line options with descriptions
- Add usage examples for common scenarios
2026-02-23 17:22:56 +03:00
75bfbe6e95
Update defaults.rs
2026-02-23 16:10:39 +03:00
fc2ac3d10f
ME Pool Reinit polishing
2026-02-23 16:09:09 +03:00
d8dcbbb61e
ME Pool Updater + Soft-staged Reinit w/o Reconcile
...
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
2026-02-23 16:04:19 +03:00
d08ddd718a
Desync Full Forensics
...
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
2026-02-23 15:28:02 +03:00
4011812fda
TLS FC TTL Improvements
2026-02-23 05:48:55 +03:00
b5d0564f2a
Time-To-Life for TLS Full Certificate
2026-02-23 05:47:44 +03:00
cfe8fc72a5
TLS-F tuning
...
Once - full certificate chain, next - only metadata
2026-02-23 05:42:07 +03:00
3e4b98b002
TLS Emulator tuning
2026-02-23 05:23:28 +03:00
427d65627c
Drafting new TLS Fetcher
2026-02-23 05:16:00 +03:00
ae8124d6c6
Drafting TLS Certificates in TLS ServerHello
2026-02-23 05:12:35 +03:00
eaba926fe5
ME Buffer reuse + Bytes Len over Full + Seq-no over Wrap-add
...
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
2026-02-23 03:52:37 +03:00
ecad96374a
ME Pool tuning
...
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
2026-02-23 03:41:51 +03:00
4895217828
Bounded backpressure + Semaphore Globalgate +
...
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
2026-02-23 03:32:06 +03:00
4d83cc1f04
Merge branch 'flow' of https://github.com/telemt/telemt into flow
2026-02-23 03:20:28 +03:00
c4c91863f0
Middle-End tuning
...
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
2026-02-23 03:20:13 +03:00
a5c7a41c49
Update types.rs
2026-02-23 02:48:03 +03:00
7cc78a5746
Update types.rs
2026-02-23 02:45:16 +03:00
d4d867156a
Secure Payload length fixes
2026-02-23 02:38:25 +03:00
6ff29e43d3
Middle-End protocol hardening
...
- Secure framing / hot-path fix: enforced a single length + padding contract across the framing layer. Replaced legacy runtime `len % 4` recovery with strict validation to eliminate undefined behavior paths.
- ME RPC aligned with C reference contract: handshake now includes `flags + sender_pid + peer_pid`. Added negotiated CRC mode (CRC32 / CRC32C) and applied the negotiated mode consistently in read/write paths.
- Sequence fail-fast semantics: immediate connection termination on first sequence mismatch with dedicated counter increment.
- Keepalive reworked to RPC ping/pong: removed raw CBC keepalive frames. Introduced stale ping tracker with proper timeout accounting.
- Route/backpressure observability improvements: increased per-connection route queue to 4096. Added `RouteResult` with explicit failure reasons (NoConn, ChannelClosed, QueueFull) and per-reason counters.
- Direct-DC secure mode-gate relaxation: removed TLS/secure conflict in Direct-DC handshake path.
2026-02-23 02:28:00 +03:00
69be44b2b6
Merge pull request #206 from telemt/flow
...
Flush on Response + Hotpath tunings + Reuseport Checker
2026-02-23 01:03:15 +03:00
07ca94ce57
Reuseport Checker
2026-02-23 00:55:47 +03:00
d050c4794a
Hotpath tunings
...
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
2026-02-23 00:50:10 +03:00
197f9867e0
Flush-response experiments
...
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
2026-02-22 23:53:10 +03:00
b2aaf404e1
Add files via upload
2026-02-22 01:19:26 +03:00
3ab56f55e9
ME Connection error handling
2026-02-21 16:28:47 +03:00
06d2cdef78
ME Connection lost fixes
2026-02-21 16:12:19 +03:00
ivulit