astelm
/
telemt
mirror of https://github.com/telemt/telemt.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
956 Commits 2 Branches 76 Tags 22 MiB
Commit Graph

956 Commits

Author SHA1 Message Date
ivulit ed93b0a030
fix: send PROXY protocol header to mask unix socket 
When mask_unix_sock is configured, mask_proxy_protocol was silently
ignored and no PROXY protocol header was sent to the backend. Apply
the same header-building logic as the TCP path in both masking relay
and TLS fetcher (raw and rustls).
 2026-03-01 00:14:55 +03:00
Alexey 2370c8d5e4
Merge pull request #268 from radjah/patch-1 
Update install.sh
 2026-02-28 23:56:20 +03:00
Alexey a3197b0fe1
Merge pull request #270 from ivulit/fix/proxy-protocol-dst-addr 
fix: pass correct dst address to outgoing PROXY protocol header
 2026-02-28 23:56:04 +03:00
ivulit e27ef04c3d
fix: pass correct dst address to outgoing PROXY protocol header 
Previously handle_bad_client used stream.local_addr() (the ephemeral
socket to the mask backend) as the dst in the outgoing PROXY protocol
header. This is wrong: the dst should be the address telemt is listening
on, or the dst from the incoming PROXY protocol header if one was present.

- handle_bad_client now receives local_addr from the caller
- handle_client_stream resolves local_addr from PROXY protocol info.dst_addr
  or falls back to a synthetic address based on config.server.port
- RunningClientHandler.do_handshake resolves local_addr from stream.local_addr()
  overridden by PROXY protocol info.dst_addr when present, and passes it
  down to handle_tls_client / handle_direct_client
- masking.rs uses the caller-supplied local_addr directly, eliminating the
  stream.local_addr() call
 2026-02-28 22:47:24 +03:00
An0nX cf7e2ebf4b
refactor: rewrite telemt config as self-documenting deployment reference 
- Reorganize all sections with clear visual block separators
- Move inline comments to dedicated lines above each parameter
- Add Quick Start guide in the file header explaining 7-step deployment
- Add Modes of Operation explanation (Direct vs Middle-Proxy)
- Group related parameters under labeled subsections with separators
- Expand every comment to full plain-English explanation
- Remove all inline comments to prevent TOML parser edge cases
- Tune anti-censorship defaults for maximum DPI resistance:
  fast_mode_min_tls_record=1400, server_hello_delay=50-150ms,
  tls_new_session_tickets=2, tls_full_cert_ttl_secs=0,
  tls_emulation=true, desync_all_full=true, beobachten_minutes=30,
  me_reinit_every_secs=600
 2026-02-28 21:36:56 +03:00
Pavel Frolov 685bfafe74
Update install.sh 
Попытался привести к единообразию текст.
 2026-02-28 19:02:00 +03:00
Alexey 0f6fcf49a7
Merge pull request #267 from Dimasssss/main 
QUICK_START_GUIDE.en.md
 2026-02-28 17:47:30 +03:00
Dimasssss 036f0e1569
Add files via upload 2026-02-28 17:46:11 +03:00
Dimasssss 291c22583f
Update QUICK_START_GUIDE.ru.md 2026-02-28 17:39:12 +03:00
Alexey ee5b01bb31
Merge pull request #266 from Dimasssss/main 
Create QUICK_START_GUIDE.ru.md
 2026-02-28 17:21:29 +03:00
Dimasssss ccacf78890
Create QUICK_START_GUIDE.ru.md 2026-02-28 17:17:50 +03:00
Alexey 42db1191a8
Merge pull request #265 from Dimasssss/main 
install.sh
 2026-02-28 17:08:15 +03:00
Dimasssss 9ce26d16cb
Add files via upload 2026-02-28 17:04:06 +03:00
Alexey 12e68f805f
Update Cargo.toml 2026-02-28 15:51:15 +03:00
Alexey 62bf31fc73
Merge pull request #264 from telemt/flow-net 
DNS-Overrides + STUN fixes + Bind_addr prio + Fetch for unix-socket + ME/DC Method Detection + Metrics impovements
 2026-02-28 14:59:44 +03:00
Alexey 29d4636249
Merge branch 'main' into flow-net 2026-02-28 14:55:04 +03:00
Alexey 9afaa28add
UpstreamManager: Backoff Retries 2026-02-28 14:21:09 +03:00
Alexey 6c12af2b94
ME Connectivity: socks-url 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-02-28 13:38:30 +03:00
Alexey 8b39a4ef6d
Statistics on ME + Dynamic backpressure + KDF with SOCKS 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-02-28 13:18:31 +03:00
Alexey fa2423dadf
ME/DC Method Detection fixes 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-02-28 03:21:22 +03:00
Alexey 449a87d2e3
Merge branch 'flow-net' of https://github.com/telemt/telemt into flow-net 2026-02-28 02:55:23 +03:00
Alexey a61882af6e
TLS Fetch on unix-socket 2026-02-28 02:55:21 +03:00
Alexey bf11ebbaa3
Update TUNING.ru.md 2026-02-28 02:23:34 +03:00
Alexey e0d5561095
TUNING.md 2026-02-28 02:19:19 +03:00
Alexey 6b8aa7270e
Bind_addresses prio over interfaces 2026-02-28 01:54:29 +03:00
Alexey 372f477927
Merge pull request #263 from Dimasssss/main 
Update README.md
 2026-02-28 01:27:42 +03:00
Dimasssss 05edbab06c
Update README.md 
Нашелся тот, кто не смог найти ссылку.
 2026-02-28 01:20:49 +03:00
Alexey 3d9660f83e
Upstreams for ME + Egress-data from UM + ME-over-SOCKS + Bind-aware STUN 2026-02-28 01:20:17 +03:00
Alexey ac064fe773
STUN switch + Ad-tag fixes + DNS-overrides 2026-02-27 15:59:27 +03:00
Alexey eba158ff8b
Merge pull request #261 from nimbo78/nimbo78-patch-docker-compose-yml 
Update docker-compose.yml
 2026-02-27 02:46:12 +03:00
nimbo78 54ee6ff810
Update docker-compose.yml 
docker pull image first, if fail - build
 2026-02-27 01:53:22 +03:00
Alexey 6d6cd30227
STUN Fixes + ME Pool tweaks: merge pull request #260 from telemt/flow-mep 
STUN Fixes + ME Pool tweaks
 2026-02-26 19:47:29 +03:00
Alexey 60231224ac
Update Cargo.toml 2026-02-26 19:41:37 +03:00
Alexey 144f81c473
ME Dead Writer w/o dead-lock on timeout 2026-02-26 19:37:17 +03:00
Alexey 04e6135935
TLS-F Fetching Optimization 2026-02-26 19:35:34 +03:00
Alexey 4eebb4feb2
ME Pool Refactoring 2026-02-26 19:01:24 +03:00
Alexey 1f255d0aa4
ME Probe + STUN Legacy 2026-02-26 18:41:11 +03:00
Alexey 9d2ff25bf5
Unified STUN + ME Primary parallelized 
- Unified STUN server source-of-truth
- parallelize per-DC primary ME init for multi-endpoint DCs
 2026-02-26 18:18:24 +03:00
Alexey 7782336264
ME Probe parallelized 2026-02-26 17:56:22 +03:00
Alexey 92a3529733
Merge pull request #253 from ivulit/feat/mask-proxy-protocol 
feat: add mask_proxy_protocol option for PROXY protocol to mask_host
 2026-02-26 15:44:47 +03:00
Alexey 8ce8348cd5
Merge branch 'main' into feat/mask-proxy-protocol 2026-02-26 15:21:58 +03:00
Alexey e25b7f5ff8
STUN List 2026-02-26 15:10:21 +03:00
Alexey d7182ae817
Update defaults.rs 2026-02-26 15:07:04 +03:00
Alexey 97f2dc8489
Merge pull request #251 from telemt/flow-defaults 
Checked defaults
 2026-02-26 15:05:01 +03:00
Alexey fb1f85559c
Update load.rs 2026-02-26 14:57:28 +03:00
ivulit da684b11fe
feat: add mask_proxy_protocol option for PROXY protocol to mask_host 
Adds mask_proxy_protocol config option (0 = off, 1 = v1 text, 2 = v2 binary)
that sends a PROXY protocol header when connecting to mask_host. This lets
the backend see the real client IP address.

Particularly useful when the masking site (nginx/HAProxy) runs on the same
host as telemt and listens on a local port — without this, the backend loses
the original client IP entirely.

PROXY protocol header is also sent during TLS emulation fetches so that
backends with proxy_protocol required don't reject the connection.
 2026-02-26 13:36:33 +03:00
Alexey 896e129155
Checked defaults 2026-02-26 12:48:22 +03:00
Alexey 7ead0cd753
Update README.md 2026-02-26 11:45:50 +03:00
Alexey 6cf9687dd6
Update README.md 2026-02-26 11:43:27 +03:00
Alexey 4e30a4999c
Update config.toml 2026-02-26 11:14:52 +03:00