c2443e6f1a
Refactor auth probe eviction logic and improve performance
...
- Simplified eviction candidate selection in `auth_probe_record_failure_with_state` by tracking the oldest candidate directly.
- Enhanced the handling of stale entries to ensure newcomers are tracked even under capacity constraints.
- Added tests to verify behavior under stress conditions and ensure newcomers are correctly managed.
- Updated `decode_user_secrets` to prioritize preferred users based on SNI hints.
- Introduced new tests for TLS SNI handling and replay protection mechanisms.
- Improved deduplication hash stability and collision resistance in middle relay logic.
- Refined cutover handling in route mode to ensure consistent error messaging and session management.
2026-03-18 00:38:59 +04:00
a7cffb547e
Implement idle timeout for masking relay and add corresponding tests
...
- Introduced `copy_with_idle_timeout` function to handle reading and writing with an idle timeout.
- Updated the proxy masking logic to use the new idle timeout function.
- Added tests to verify that idle relays are closed by the idle timeout before the global relay timeout.
- Ensured that connect refusal paths respect the masking budget and that responses followed by silence are cut off by the idle timeout.
- Added tests for adversarial scenarios where clients may attempt to drip-feed data beyond the idle timeout.
2026-03-17 22:48:13 +04:00
b6206a6dfe
feat: make max_connections configurable via [server] section
...
The concurrent connection limit was hardcoded to 10,000.
Add server.max_connections config option (default: 10000, 0 = unlimited).
2026-03-16 20:40:10 +03:00
4028579068
Inherited per-user unique IP limit
2026-03-15 12:43:31 +03:00
58f26ba8a7
Configurable ME draining writer overflow threshold
2026-03-15 12:13:46 +03:00
a383f3f1a3
API Defaults
2026-03-10 00:27:36 +03:00
633af93b19
DC to Client fine tuning
2026-03-08 04:51:46 +03:00
c28b82a618
Update defaults.rs
2026-03-08 03:45:01 +03:00
9401c46727
ME Writer Pick
2026-03-08 03:05:47 +03:00
d2baa8e721
CPU/RAM improvements + removing hot-path obstacles
2026-03-07 19:33:48 +03:00
5f77f83b48
ME Adaptive Floor Upper-Limit
2026-03-07 17:27:56 +03:00
ce9698d39b
ME Adaptive Floor Planner
...
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com >
2026-03-07 02:50:11 +03:00
2ea85c00d3
Runtime API Defaults
2026-03-06 18:54:00 +03:00
f32c34f126
ME NoWait Routing + Upstream Connbudget + PROXY Header t/o + allocation cuts
2026-03-06 03:58:08 +03:00
8066ea2163
ME Pool Init fixes
2026-03-05 15:31:36 +03:00
09bdafa718
Performance improvements
2026-03-05 14:39:32 +03:00
ccfda10713
ME2DC Fallback + ME Init Retries
...
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com >
2026-03-05 12:43:07 +03:00
4ae4ca8ca8
New IP Limit Method
...
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com >
2026-03-05 02:28:19 +03:00
6b9c7f7862
Runtime API in defaults
...
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com >
2026-03-04 02:46:12 +03:00
7269dfbdc5
API in defaults+load+reload
...
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com >
2026-03-04 01:09:32 +03:00
a6132bac38
Idle tolerance + Adaptive floor by default + RPC Proxy Req
...
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com >
2026-03-03 23:16:25 +03:00
624870109e
Upstream Connect in defaults
...
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com >
2026-03-03 20:50:31 +03:00
225fc3e4ea
ME Adaptive Floor Drafts
...
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com >
2026-03-03 03:37:00 +03:00
235642459a
ME Keepalive 8/2
...
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com >
2026-03-03 03:08:15 +03:00
a6d22e8a57
ME Pool Shadow Writers
...
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com >
2026-03-02 21:04:06 +03:00
6f1980dfd7
ME Pool improvements
...
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com >
2026-03-02 00:17:58 +03:00
9afaa28add
UpstreamManager: Backoff Retries
2026-02-28 14:21:09 +03:00
8b39a4ef6d
Statistics on ME + Dynamic backpressure + KDF with SOCKS
...
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com >
2026-02-28 13:18:31 +03:00
9d2ff25bf5
Unified STUN + ME Primary parallelized
...
- Unified STUN server source-of-truth
- parallelize per-DC primary ME init for multi-endpoint DCs
2026-02-26 18:18:24 +03:00
7782336264
ME Probe parallelized
2026-02-26 17:56:22 +03:00
e25b7f5ff8
STUN List
2026-02-26 15:10:21 +03:00
d7182ae817
Update defaults.rs
2026-02-26 15:07:04 +03:00
896e129155
Checked defaults
2026-02-26 12:48:22 +03:00
f40b645c05
Defaults in-place
2026-02-25 17:28:06 +03:00
f83e23c521
Update defaults.rs
2026-02-25 03:08:34 +03:00
618b7a1837
ME Pool Beobachter
2026-02-25 02:10:14 +03:00
7538967d3c
ME Hardswap being softer
...
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com >
2026-02-24 23:36:33 +03:00
4a95f6d195
ME Pool Health + Rotation
...
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com >
2026-02-24 22:59:59 +03:00
d2f08fb707
ME Soft Reinit tuning
...
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com >
2026-02-24 18:19:39 +03:00
09f56dede2
fix: resolve clippy warnings
...
Reduce clippy warnings from54 to16 by fixing mechanical issues:
- collapsible_if: collapse nested if-let chains with let-chains
- clone_on_copy: remove unnecessary .clone() on Copy types
- manual_clamp: replace .max().min() with .clamp()
- unnecessary_cast: remove redundant type casts
- collapsible_else_if: flatten else-if chains
- contains_vs_iter_any: replace .iter().any() with .contains()
- unnecessary_closure: replace .or_else(|| x) with .or(x)
- useless_conversion: remove redundant .into() calls
- is_none_or: replace .map_or(true, ...) with .is_none_or(...)
- while_let_loop: convert loop with if-let-break to while-let
Remaining16 warnings are design-level issues (too_many_arguments,
await_holding_lock, type_complexity, new_ret_no_self) that require
architectural changes to fix.
2026-02-24 05:57:53 +03:00
8b47fc3575
Update defaults.rs
2026-02-24 02:12:44 +03:00
122e4729c5
Update defaults.rs
2026-02-24 00:17:33 +03:00
0e2d42624f
ME Pool Hardswap
2026-02-24 00:04:12 +03:00
75bfbe6e95
Update defaults.rs
2026-02-23 16:10:39 +03:00
d8dcbbb61e
ME Pool Updater + Soft-staged Reinit w/o Reconcile
...
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com >
2026-02-23 16:04:19 +03:00
d08ddd718a
Desync Full Forensics
...
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com >
2026-02-23 15:28:02 +03:00
b5d0564f2a
Time-To-Life for TLS Full Certificate
2026-02-23 05:47:44 +03:00
6ff29e43d3
Middle-End protocol hardening
...
- Secure framing / hot-path fix: enforced a single length + padding contract across the framing layer. Replaced legacy runtime `len % 4` recovery with strict validation to eliminate undefined behavior paths.
- ME RPC aligned with C reference contract: handshake now includes `flags + sender_pid + peer_pid`. Added negotiated CRC mode (CRC32 / CRC32C) and applied the negotiated mode consistently in read/write paths.
- Sequence fail-fast semantics: immediate connection termination on first sequence mismatch with dedicated counter increment.
- Keepalive reworked to RPC ping/pong: removed raw CBC keepalive frames. Introduced stale ping tracker with proper timeout accounting.
- Route/backpressure observability improvements: increased per-connection route queue to 4096. Added `RouteResult` with explicit failure reasons (NoConn, ChannelClosed, QueueFull) and per-reason counters.
- Direct-DC secure mode-gate relaxation: removed TLS/secure conflict in Direct-DC handshake path.
2026-02-23 02:28:00 +03:00
b2aaf404e1
Add files via upload
2026-02-22 01:19:26 +03:00
83fc9d6db3
Middle-End Fixes
...
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com >
2026-02-21 03:36:13 +03:00
David Osipov