fb1f85559c
Update load.rs
2026-02-26 14:57:28 +03:00
da684b11fe
feat: add mask_proxy_protocol option for PROXY protocol to mask_host
...
Adds mask_proxy_protocol config option (0 = off, 1 = v1 text, 2 = v2 binary)
that sends a PROXY protocol header when connecting to mask_host. This lets
the backend see the real client IP address.
Particularly useful when the masking site (nginx/HAProxy) runs on the same
host as telemt and listens on a local port — without this, the backend loses
the original client IP entirely.
PROXY protocol header is also sent during TLS emulation fetches so that
backends with proxy_protocol required don't reject the connection.
2026-02-26 13:36:33 +03:00
896e129155
Checked defaults
2026-02-26 12:48:22 +03:00
fed9346444
New config.toml + tls_emulation enabled by default
2026-02-25 17:49:54 +03:00
f40b645c05
Defaults in-place
2026-02-25 17:28:06 +03:00
f83e23c521
Update defaults.rs
2026-02-25 03:08:34 +03:00
618b7a1837
ME Pool Beobachter
2026-02-25 02:10:14 +03:00
7538967d3c
ME Hardswap being softer
...
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com >
2026-02-24 23:36:33 +03:00
4a95f6d195
ME Pool Health + Rotation
...
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com >
2026-02-24 22:59:59 +03:00
d2f08fb707
ME Soft Reinit tuning
...
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com >
2026-02-24 18:19:39 +03:00
09f56dede2
fix: resolve clippy warnings
...
Reduce clippy warnings from54 to16 by fixing mechanical issues:
- collapsible_if: collapse nested if-let chains with let-chains
- clone_on_copy: remove unnecessary .clone() on Copy types
- manual_clamp: replace .max().min() with .clamp()
- unnecessary_cast: remove redundant type casts
- collapsible_else_if: flatten else-if chains
- contains_vs_iter_any: replace .iter().any() with .contains()
- unnecessary_closure: replace .or_else(|| x) with .or(x)
- useless_conversion: remove redundant .into() calls
- is_none_or: replace .map_or(true, ...) with .is_none_or(...)
- while_let_loop: convert loop with if-let-break to while-let
Remaining16 warnings are design-level issues (too_many_arguments,
await_holding_lock, type_complexity, new_ret_no_self) that require
architectural changes to fix.
2026-02-24 05:57:53 +03:00
78c45626e1
Merge pull request #220 from vladon/fix-compiler-warnings
...
fix: eliminate all compiler warnings
2026-02-24 03:49:46 +03:00
68c3abee6c
fix: eliminate all compiler warnings
...
- Remove unused imports across multiple modules
- Add #![allow(dead_code)] for public API items preserved for future use
- Add #![allow(deprecated)] for rand::Rng::gen_range usage
- Add #![allow(unused_assignments)] in main.rs
- Add #![allow(unreachable_code)] in network/stun.rs
- Prefix unused variables with underscore (_ip_tracker, _prefer_ipv6)
- Fix unused_must_use warning in tls_front/cache.rs
This ensures clean compilation without warnings while preserving
public API items that may be used in the future.
2026-02-24 03:40:59 +03:00
8b47fc3575
Update defaults.rs
2026-02-24 02:12:44 +03:00
122e4729c5
Update defaults.rs
2026-02-24 00:17:33 +03:00
08138451d8
Update types.rs
2026-02-24 00:15:37 +03:00
f710a2192a
Update types.rs
2026-02-24 00:08:03 +03:00
0e2d42624f
ME Pool Hardswap
2026-02-24 00:04:12 +03:00
75bfbe6e95
Update defaults.rs
2026-02-23 16:10:39 +03:00
fc2ac3d10f
ME Pool Reinit polishing
2026-02-23 16:09:09 +03:00
d8dcbbb61e
ME Pool Updater + Soft-staged Reinit w/o Reconcile
...
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com >
2026-02-23 16:04:19 +03:00
d08ddd718a
Desync Full Forensics
...
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com >
2026-02-23 15:28:02 +03:00
b5d0564f2a
Time-To-Life for TLS Full Certificate
2026-02-23 05:47:44 +03:00
a5c7a41c49
Update types.rs
2026-02-23 02:48:03 +03:00
7cc78a5746
Update types.rs
2026-02-23 02:45:16 +03:00
6ff29e43d3
Middle-End protocol hardening
...
- Secure framing / hot-path fix: enforced a single length + padding contract across the framing layer. Replaced legacy runtime `len % 4` recovery with strict validation to eliminate undefined behavior paths.
- ME RPC aligned with C reference contract: handshake now includes `flags + sender_pid + peer_pid`. Added negotiated CRC mode (CRC32 / CRC32C) and applied the negotiated mode consistently in read/write paths.
- Sequence fail-fast semantics: immediate connection termination on first sequence mismatch with dedicated counter increment.
- Keepalive reworked to RPC ping/pong: removed raw CBC keepalive frames. Introduced stale ping tracker with proper timeout accounting.
- Route/backpressure observability improvements: increased per-connection route queue to 4096. Added `RouteResult` with explicit failure reasons (NoConn, ChannelClosed, QueueFull) and per-reason counters.
- Direct-DC secure mode-gate relaxation: removed TLS/secure conflict in Direct-DC handshake path.
2026-02-23 02:28:00 +03:00
69be44b2b6
Merge pull request #206 from telemt/flow
...
Flush on Response + Hotpath tunings + Reuseport Checker
2026-02-23 01:03:15 +03:00
07ca94ce57
Reuseport Checker
2026-02-23 00:55:47 +03:00
b2aaf404e1
Add files via upload
2026-02-22 01:19:26 +03:00
2dcbdbe302
Merge pull request #194 from telemt/flow
...
ME Frame too large Fixes
2026-02-21 05:04:42 +03:00
83fc9d6db3
Middle-End Fixes
...
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com >
2026-02-21 03:36:13 +03:00
c9a043d8d5
ME Frame too large Fixes
...
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com >
2026-02-21 02:15:10 +03:00
a74bdf8aea
Update hot_reload.rs
2026-02-20 23:03:26 +02:00
eb3245b78f
Merge branch 'main-stage' into flow
2026-02-20 17:19:23 +03:00
0d2958fea7
Change metrics whitelist to use IpNetwork
2026-02-20 16:03:57 +02:00
dbd9b53940
Change metrics_whitelist type from Vec<IpAddr> to Vec<IpNetwork>
2026-02-20 16:03:38 +02:00
e8454ea370
HAProxy PROXY Protocol Fixes
...
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com >
2026-02-20 16:42:40 +03:00
ea88a40c8f
Add config path canonicalization
...
Canonicalize the config path to match notify events.
2026-02-20 15:37:44 +02:00
2ea4c83d9d
Normalize IP + Masking + TLS
2026-02-20 16:32:14 +03:00
953fab68c4
Refactor hot-reload mechanism to use notify crate
...
Updated hot-reload functionality to use notify crate for file watching and improved documentation.
2026-02-20 15:29:37 +02:00
25b18ab064
Enhance logging for hot reload configuration changes
...
Added detailed logging for various configuration changes during hot reload, including log level, ad tag, middle proxy pool size, and user access changes.
2026-02-20 14:50:37 +02:00
3e0dc91db6
Add PartialEq to AccessConfig struct
2026-02-20 14:37:00 +02:00
766806f5df
Add hot_reload module to config
2026-02-20 14:19:04 +02:00
26cf6ff4fa
Add files via upload
2026-02-20 14:18:30 +02:00
5e98b35fb7
Drafting Fake-TLS V2
2026-02-20 12:48:51 +03:00
e340b716b2
Drafting ME Healthcheck
...
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com >
2026-02-19 15:39:30 +03:00
35ae455e2b
ME Pool V2
...
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com >
2026-02-19 13:35:56 +03:00
c7464d53e1
feat: implement selective routing for "scope_*" users
...
- Users with "scope_{name}" prefix are routed to upstreams where {name}
is present in the "scopes" property (comma-separated).
- Strict separation: Scoped upstreams are excluded from general routing, and vice versa.
- Constraint: SOCKS upstreams and DIRECT(`use_middle_proxy =
false`) mode only.
Example:
User "scope_hello" matches an upstream with `scopes = "world,hello"`
2026-02-18 23:29:08 +03:00
c7bd1c98e7
Autofallback on ME-Init
2026-02-18 19:50:16 +03:00
df4494c37a
New reroute algo + flush() optimized + new IPV6 Parser
...
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com >
2026-02-18 19:08:27 +03:00
Alexey