Merge pull request #209 from telemt/flow

ME Pool + ME Hotpath + ME Buffers tuning

.github/codeql/codeql-config.yml

@@ -0,0 +1,19 @@
+name: "Rust without tests"
+
+disable-default-queries: false
+
+queries:
+  - uses: security-extended
+  - uses: security-and-quality
+  - uses: ./.github/codeql/queries
+
+query-filters:
+  - exclude:
+      id:
+        - rust/unwrap-on-option
+        - rust/unwrap-on-result
+        - rust/expect-used
+
+analysis:
+  dataflow:
+    default-precision: high

.github/codeql/queries/common/ProductionOnly.qll

@@ -0,0 +1,20 @@
+import rust
+
+predicate isTestOnly(Item i) {
+  exists(ConditionalCompilation cc |
+    cc.getItem() = i and
+    cc.getCfg().toString() = "test"
+  )
+}
+
+predicate hasTestAttribute(Item i) {
+  exists(Attribute a |
+    a.getItem() = i and
+    a.getName() = "test"
+  )
+}
+
+predicate isProductionCode(Item i) {
+  not isTestOnly(i) and
+  not hasTestAttribute(i)
+}

.github/codeql/queries/qlpack.yml

@@ -0,0 +1,4 @@
+name: rust-production-only
+version: 0.0.1
+dependencies:
+  codeql/rust-all: "*"

.github/workflows/codeql.yml

@@ -0,0 +1,45 @@
+name: "CodeQL Advanced"
+
+on:
+  push:
+    branches: [ "*" ]
+  pull_request:
+    branches: [ "*" ]
+  schedule:
+    - cron: '0 0 * * 0'
+
+jobs:
+  analyze:
+    name: Analyze (${{ matrix.language }})
+    runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }}
+
+    permissions:
+      security-events: write
+      packages: read
+      actions: read
+      contents: read
+
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - language: actions
+            build-mode: none
+          - language: rust
+            build-mode: none
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v4
+        with:
+          languages: ${{ matrix.language }}
+          build-mode: ${{ matrix.build-mode }}
+          config-file: .github/codeql/codeql-config.yml
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v4
+        with:
+          category: "/language:${{ matrix.language }}"

.github/workflows/release.yml

@@ -0,0 +1,161 @@
+name: Release
+
+on:
+  push:
+    tags:
+      - '[0-9]+.[0-9]+.[0-9]+' # Matches tags like 3.0.0, 3.1.2, etc.
+  workflow_dispatch: # Manual trigger from GitHub Actions UI
+
+permissions:
+  contents: read
+
+env:
+  CARGO_TERM_COLOR: always
+
+jobs:
+  build:
+    name: Build ${{ matrix.target }}
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - target: x86_64-unknown-linux-gnu
+            artifact_name: telemt
+            asset_name: telemt-x86_64-linux-gnu
+          - target: aarch64-unknown-linux-gnu
+            artifact_name: telemt
+            asset_name: telemt-aarch64-linux-gnu
+          - target: x86_64-unknown-linux-musl
+            artifact_name: telemt
+            asset_name: telemt-x86_64-linux-musl
+          - target: aarch64-unknown-linux-musl
+            artifact_name: telemt
+            asset_name: telemt-aarch64-linux-musl
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: Install stable Rust toolchain
+        uses: dtolnay/rust-toolchain@888c2e1ea69ab0d4330cbf0af1ecc7b68f368cc1 # v1
+        with:
+          toolchain: stable
+          targets: ${{ matrix.target }}
+
+      - name: Install cross-compilation tools
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y gcc-aarch64-linux-gnu
+
+      - name: Cache cargo registry & build artifacts
+        uses: actions/cache@d4323d4df104b026a6aa633fdb11d772146be0bf # v4.2.2
+        with:
+          path: |
+            ~/.cargo/registry
+            ~/.cargo/git
+            target
+          key: ${{ runner.os }}-${{ matrix.target }}-cargo-${{ hashFiles('**/Cargo.lock') }}
+          restore-keys: |
+            ${{ runner.os }}-${{ matrix.target }}-cargo-
+
+      - name: Install cross
+        run: cargo install cross --git https://github.com/cross-rs/cross
+
+      - name: Build Release
+        env:
+          RUSTFLAGS: ${{ contains(matrix.target, 'musl') && '-C target-feature=+crt-static' || '' }}
+        run: cross build --release --target ${{ matrix.target }}
+
+      - name: Package binary
+        run: |
+          cd target/${{ matrix.target }}/release
+          tar -czvf ${{ matrix.asset_name }}.tar.gz ${{ matrix.artifact_name }}
+          sha256sum ${{ matrix.asset_name }}.tar.gz > ${{ matrix.asset_name }}.sha256
+
+      - name: Upload artifact
+        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        with:
+          name: ${{ matrix.asset_name }}
+          path: |
+            target/${{ matrix.target }}/release/${{ matrix.asset_name }}.tar.gz
+            target/${{ matrix.target }}/release/${{ matrix.asset_name }}.sha256
+
+  build-docker-image:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v2
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.TOKEN_GH_DEPLOY }}
+
+      - name: Build and push
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          push: true
+          tags: ${{ github.ref }}
+
+  release:
+    name: Create Release
+    needs: build
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          fetch-depth: 0
+          token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Download all artifacts
+        uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
+        with:
+          path: artifacts
+
+      - name: Update version in Cargo.toml and Cargo.lock
+        run: |
+          # Extract version from tag (remove 'v' prefix if present)
+          VERSION="${GITHUB_REF#refs/tags/}"
+          VERSION="${VERSION#v}"
+
+          # Install cargo-edit for version bumping
+          cargo install cargo-edit
+
+          # Update Cargo.toml version
+          cargo set-version "$VERSION"
+
+          # Configure git
+          git config user.name "github-actions[bot]"
+          git config user.email "github-actions[bot]@users.noreply.github.com"
+
+          # Commit and push changes
+          #git add Cargo.toml Cargo.lock
+          #git commit -m "chore: bump version to $VERSION" || echo "No changes to commit"
+          #git push origin HEAD:main
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Create Release
+        uses: softprops/action-gh-release@v2
+        with:
+          files: artifacts/**/*
+          generate_release_notes: true
+          draft: false
+          prerelease: ${{ contains(github.ref, '-rc') || contains(github.ref, '-beta') || contains(github.ref, '-alpha') }}

.github/workflows/rust.yml

@@ -2,18 +2,23 @@ name: Rust
 
 on:
   push:
-    branches: [ main ]
+    branches: [ "*" ]
   pull_request:
-    branches: [ main ]
+    branches: [ "*" ]
 
 env:
   CARGO_TERM_COLOR: always
 
 jobs:
-  build-and-test:
-    name: Build & Test
+  build:
+    name: Build
     runs-on: ubuntu-latest
 
+    permissions:
+      contents: read
+      actions: write
+      checks: write
+
     steps:
     - name: Checkout repository
       uses: actions/checkout@v4
@@ -37,5 +42,13 @@ jobs:
     - name: Build Release
       run: cargo build --release --verbose
 
+    - name: Run tests
+      run: cargo test --verbose
+
+# clippy dont fail on warnings because of active development of telemt 
+# and many warnings
+    - name: Run clippy
+      run: cargo clippy -- --cap-lints warn
+
     - name: Check for unused dependencies
       run: cargo udeps || true

.kilocode/rules-architect/AGENTS.md

@@ -0,0 +1,58 @@
+# Architect Mode Rules for Telemt
+
+## Architecture Overview
+
+```mermaid
+graph TB
+    subgraph Entry
+        Client[Clients] --> Listener[TCP/Unix Listener]
+    end
+    
+    subgraph Proxy Layer
+        Listener --> ClientHandler[ClientHandler]
+        ClientHandler --> Handshake[Handshake Validator]
+        Handshake --> |Valid| Relay[Relay Layer]
+        Handshake --> |Invalid| Masking[Masking/TLS Fronting]
+    end
+    
+    subgraph Transport
+        Relay --> MiddleProxy[Middle-End Proxy Pool]
+        Relay --> DirectRelay[Direct DC Relay]
+        MiddleProxy --> TelegramDC[Telegram DCs]
+        DirectRelay --> TelegramDC
+    end
+```
+
+## Module Dependencies
+- [`src/main.rs`](src/main.rs) - Entry point, spawns all async tasks
+- [`src/config/`](src/config/) - Configuration loading with auto-migration
+- [`src/error.rs`](src/error.rs) - Error types, must be used by all modules
+- [`src/crypto/`](src/crypto/) - AES, SHA, random number generation
+- [`src/protocol/`](src/protocol/) - MTProto constants, frame encoding, obfuscation
+- [`src/stream/`](src/stream/) - Stream wrappers, buffer pool, frame codecs
+- [`src/proxy/`](src/proxy/) - Client handling, handshake, relay logic
+- [`src/transport/`](src/transport/) - Upstream management, middle-proxy, SOCKS support
+- [`src/stats/`](src/stats/) - Statistics and replay protection
+- [`src/ip_tracker.rs`](src/ip_tracker.rs) - Per-user IP tracking
+
+## Key Architectural Constraints
+
+### Middle-End Proxy Mode
+- Requires public IP on interface OR 1:1 NAT with STUN probing
+- Uses separate `proxy-secret` from Telegram (NOT user secrets)
+- Falls back to direct mode automatically on STUN mismatch
+
+### TLS Fronting
+- Invalid handshakes are transparently proxied to `mask_host`
+- This is critical for DPI evasion - do not change this behavior
+- `mask_unix_sock` and `mask_host` are mutually exclusive
+
+### Stream Architecture
+- Buffer pool is shared globally via Arc - prevents allocation storms
+- Frame codecs implement tokio-util Encoder/Decoder traits
+- State machine in [`src/stream/state.rs`](src/stream/state.rs) manages stream transitions
+
+### Configuration Migration
+- [`ProxyConfig::load()`](src/config/mod.rs:641) mutates config in-place
+- New fields must have sensible defaults
+- DC203 override is auto-injected for CDN/media support

.kilocode/rules-code/AGENTS.md

@@ -0,0 +1,23 @@
+# Code Mode Rules for Telemt
+
+## Error Handling
+- Always use [`ProxyError`](src/error.rs:168) from [`src/error.rs`](src/error.rs) for proxy operations
+- [`HandshakeResult<T,R,W>`](src/error.rs:292) returns streams on bad client - these MUST be returned for masking, never dropped
+- Use [`Recoverable`](src/error.rs:110) trait to check if errors are retryable
+
+## Configuration Changes
+- [`ProxyConfig::load()`](src/config/mod.rs:641) auto-mutates config - new fields should have defaults
+- DC203 override is auto-injected if missing - do not remove this behavior
+- When adding config fields, add migration logic in [`ProxyConfig::load()`](src/config/mod.rs:641)
+
+## Crypto Code
+- [`SecureRandom`](src/crypto/random.rs) from [`src/crypto/random.rs`](src/crypto/random.rs) must be used for all crypto operations
+- Never use `rand::thread_rng()` directly - use the shared `Arc<SecureRandom>`
+
+## Stream Handling
+- Buffer pool [`BufferPool`](src/stream/buffer_pool.rs) is shared via Arc - always use it instead of allocating
+- Frame codecs in [`src/stream/frame_codec.rs`](src/stream/frame_codec.rs) implement tokio-util's Encoder/Decoder traits
+
+## Testing
+- Tests are inline in modules using `#[cfg(test)]`
+- Use `cargo test --lib <module_name>` to run tests for specific modules

.kilocode/rules-debug/AGENTS.md

@@ -0,0 +1,27 @@
+# Debug Mode Rules for Telemt
+
+## Logging
+- `RUST_LOG` environment variable takes absolute priority over all config log levels
+- Log levels: `trace`, `debug`, `info`, `warn`, `error`
+- Use `RUST_LOG=debug cargo run` for detailed operational logs
+- Use `RUST_LOG=trace cargo run` for full protocol-level debugging
+
+## Middle-End Proxy Debugging
+- Set `ME_DIAG=1` environment variable for high-precision cryptography diagnostics
+- STUN probe results are logged at startup - check for mismatch between local and reflected IP
+- If Middle-End fails, check `proxy_secret_path` points to valid file from https://core.telegram.org/getProxySecret
+
+## Connection Issues
+- DC connectivity is logged at startup with RTT measurements
+- If DC ping fails, check `dc_overrides` for custom addresses
+- Use `prefer_ipv6=false` in config if IPv6 is unreliable
+
+## TLS Fronting Issues
+- Invalid handshakes are proxied to `mask_host` - check this host is reachable
+- `mask_unix_sock` and `mask_host` are mutually exclusive - only one can be set
+- If `mask_unix_sock` is set, socket must exist before connections arrive
+
+## Common Errors
+- `ReplayAttack` - client replayed a handshake nonce, potential attack
+- `TimeSkew` - client clock is off, can disable with `ignore_time_skew=true`
+- `TgHandshakeTimeout` - upstream DC connection failed, check network

AGENTS.md

@@ -0,0 +1,40 @@
+# AGENTS.md
+
+** Use general system promt from AGENTS_SYSTEM_PROMT.md **
+** Additional techiques and architectury details are here **
+
+This file provides guidance to agents when working with code in this repository.
+
+## Build & Test Commands
+```bash
+cargo build --release          # Production build
+cargo test                     # Run all tests
+cargo test --lib error         # Run tests for specific module (error module)
+cargo bench --bench crypto_bench  # Run crypto benchmarks
+cargo clippy -- -D warnings    # Lint with clippy
+```
+
+## Project-Specific Conventions
+
+### Rust Edition
+- Uses **Rust edition 2024** (not 2021) - specified in Cargo.toml
+
+### Error Handling Pattern
+- Custom [`Recoverable`](src/error.rs:110) trait distinguishes recoverable vs fatal errors
+- [`HandshakeResult<T,R,W>`](src/error.rs:292) returns streams on bad client for masking - do not drop them
+- Always use [`ProxyError`](src/error.rs:168) from [`src/error.rs`](src/error.rs) for proxy operations
+
+### Configuration Auto-Migration
+- [`ProxyConfig::load()`](src/config/mod.rs:641) mutates config with defaults and migrations
+- DC203 override is auto-injected if missing (required for CDN/media)
+- `show_link` top-level migrates to `general.links.show`
+
+### Middle-End Proxy Requirements
+- Requires public IP on interface OR 1:1 NAT with STUN probing
+- Falls back to direct mode on STUN/interface mismatch unless `stun_iface_mismatch_ignore=true`
+- Proxy-secret from Telegram is separate from user secrets
+
+### TLS Fronting Behavior
+- Invalid handshakes are transparently proxied to `mask_host` for DPI evasion
+- `fake_cert_len` is randomized at startup (1024-4096 bytes)
+- `mask_unix_sock` and `mask_host` are mutually exclusive

AGENTS_SYSTEM_PROMT.md

@@ -0,0 +1,410 @@
+## System Prompt — Production Rust Codebase: Modification and Architecture Guidelines
+
+You are a senior Rust Engineer and pricipal Rust Architect acting as a strict code reviewer and implementation partner. 
+Your responses are precise, minimal, and architecturally sound. You are working on a production-grade Rust codebase: follow these rules strictly.
+
+---
+
+### 0. Priority Resolution — Scope Control
+
+This section resolves conflicts between code quality enforcement and scope limitation.
+
+When editing or extending existing code, you MUST audit the affected files and fix:
+
+- Comment style violations (missing, non-English, decorative, trailing).
+- Missing or incorrect documentation on public items.
+- Comment placement issues (trailing comments → move above the code).
+
+These are **coordinated changes** — they are always in scope.
+
+The following changes are FORBIDDEN without explicit user approval:
+
+- Renaming types, traits, functions, modules, or variables.
+- Altering business logic, control flow, or data transformations.
+- Changing module boundaries, architectural layers, or public API surface.
+- Adding or removing functions, structs, enums, or trait implementations.
+- Fixing compiler warnings or removing unused code.
+
+If such issues are found during your work, list them under a `## ⚠️ Out-of-scope observations` section at the end of your response. Include file path, context, and a brief description. Do not apply these changes.
+
+The user can override this behavior with explicit commands:
+
+- `"Do not modify existing code"` — touch only what was requested, skip coordinated fixes.
+- `"Make minimal changes"` — no coordinated fixes, narrowest possible diff.
+- `"Fix everything"` — apply all coordinated fixes and out-of-scope observations.
+
+### Core Rule
+
+The codebase must never enter an invalid intermediate state.
+No response may leave the repository in a condition that requires follow-up fixes.
+
+---
+
+### 1. Comments and Documentation
+
+- All comments MUST be written in English.
+- Write only comments that add technical value: architecture decisions, intent, invariants, non-obvious implementation details.
+- Place all comments on separate lines above the relevant code.
+- Use `///` doc-comments for public items. Use `//` for internal clarifications.
+
+Correct example:
+
+```rust
+// Handles MTProto client authentication and establishes encrypted session state.
+fn handle_authenticated_client(...) { ... }
+```
+
+Incorrect examples:
+
+```rust
+let x = 5; // set x to 5
+```
+
+```rust
+// This function does stuff
+fn do_stuff() { ... }
+```
+
+---
+
+### 2. File Size and Module Structure
+
+- Files MUST NOT exceed 350–550 lines.
+- If a file exceeds this limit, split it into submodules organized by responsibility (e.g., protocol, transport, state, handlers).
+- Parent modules MUST declare and describe their submodules.
+- Maintain clear architectural boundaries between modules.
+
+Correct example:
+
+```rust
+// Client connection handling logic.
+// Submodules:
+// - handshake: MTProto handshake implementation
+// - relay: traffic forwarding logic
+// - state: client session state machine
+
+pub mod handshake;
+pub mod relay;
+pub mod state;
+```
+
+Git discipline:
+
+- Use local git for versioning and diffs.
+- Write clear, descriptive commit messages in English that explain both *what* changed and *why*.
+
+---
+
+### 3. Formatting
+
+- Preserve the existing formatting style of the project exactly as-is.
+- Reformat code only when explicitly instructed to do so.
+- Do not run `cargo fmt` unless explicitly instructed.
+
+---
+
+### 4. Change Safety and Validation
+
+- If anything is unclear, STOP and ask specific, targeted questions before proceeding.
+- List exactly what is ambiguous and offer possible interpretations for the user to choose from.
+- Prefer clarification over assumptions. Do not guess intent, behavior, or missing requirements.
+- Actively ask questions before making architectural or behavioral changes.
+
+---
+
+### 5. Warnings and Unused Code
+
+- Leave all warnings, unused variables, functions, imports, and dead code untouched unless explicitly instructed to modify them.
+- These may be intentional or part of work-in-progress code.
+- `todo!()` and `unimplemented!()` are permitted and should not be removed or replaced unless explicitly instructed.
+
+---
+
+### 6. Architectural Integrity
+
+- Preserve existing architecture unless explicitly instructed to refactor.
+- Do not introduce hidden behavioral changes.
+- Do not introduce implicit refactors.
+- Keep changes minimal, isolated, and intentional.
+
+---
+
+### 7. When Modifying Code
+
+You MUST:
+
+- Maintain architectural consistency with the existing codebase.
+- Document non-obvious logic with comments that describe *why*, not *what*.
+- Limit changes strictly to the requested scope (plus coordinated fixes per Section 0).
+- Keep all existing symbol names unless renaming is explicitly requested.
+- Preserve global formatting as-is
+- Result every modification in a self-contained, compilable, runnable state of the codebase
+
+You MUST NOT:
+
+- Use placeholders: no `// ... rest of code`, no `// implement here`, no `/* TODO */` stubs that replace existing working code. Write full, working implementation. If the implementation is unclear, ask first
+- Refactor code outside the requested scope
+- Make speculative improvements
+- Spawn multiple agents for EDITING
+- Produce partial changes
+- Introduce references to entities that are not yet implemented
+- Leave TODO placeholders in production paths
+
+Note: `todo!()` and `unimplemented!()` are allowed as idiomatic Rust markers for genuinely unfinished code paths.
+
+Every change must:
+   - compile,
+   - pass type checks,
+   - have no broken imports,
+   - preserve invariants,
+   - not rely on future patches.
+
+If the task requires multiple phases:
+   - either implement all required phases,
+   - or explicitly refuse and explain missing dependencies.
+
+---
+
+### 8. Decision Process for Complex Changes
+
+When facing a non-trivial modification, follow this sequence:
+
+1. **Clarify**: Restate the task in one sentence to confirm understanding.
+2. **Assess impact**: Identify which modules, types, and invariants are affected.
+3. **Propose**: Describe the intended change before implementing it.
+4. **Implement**: Make the minimal, isolated change.
+5. **Verify**: Explain why the change preserves existing behavior and architectural integrity.
+
+---
+
+### 9. Context Awareness
+
+- When provided with partial code, assume the rest of the codebase exists and functions correctly unless stated otherwise.
+- Reference existing types, functions, and module structures by their actual names as shown in the provided code.
+- When the provided context is insufficient to make a safe change, request the missing context explicitly.
+- Spawn multiple agents for SEARCHING information, code, functions
+
+---
+
+### 10. Response Format
+
+#### Language Policy
+
+- Code, comments, commit messages, documentation ONLY ON **English**!
+- Reasoning and explanations in response text on language from promt
+
+#### Response Structure
+
+Your response MUST consist of two sections:
+
+**Section 1: `## Reasoning`**
+
+- What needs to be done and why.
+- Which files and modules are affected.
+- Architectural decisions and their rationale.
+- Potential risks or side effects.
+
+**Section 2: `## Changes`**
+
+- For each modified or created file: the filename on a separate line in backticks, followed by the code block.
+- For files **under 200 lines**: return the full file with all changes applied.
+- For files **over 200 lines**: return only the changed functions/blocks with at least 3 lines of surrounding context above and below. If the user requests the full file, provide it.
+- New files: full file content.
+- End with a suggested git commit message in English.
+
+#### Reporting Out-of-Scope Issues
+
+If during modification you discover issues outside the requested scope (potential bugs, unsafe code, architectural concerns, missing error handling, unused imports, dead code):
+
+- Do not fix them silently.
+- List them under `## ⚠️ Out-of-scope observations` at the end of your response.
+- Include: file path, line/function context, brief description of the issue, and severity estimate.
+
+#### Splitting Protocol
+
+If the response exceeds the output limit:
+
+1. End the current part with: **SPLIT: PART N — CONTINUE? (remaining: file_list)**
+2. List the files that will be provided in subsequent parts.
+3. Wait for user confirmation before continuing.
+4. No single file may be split across parts.
+
+## 11. Anti-LLM Degeneration Safeguards (Principal-Paranoid, Visionary)
+
+This section exists to prevent common LLM failure modes: scope creep, semantic drift, cargo-cult refactors, performance regressions, contract breakage, and hidden behavior changes.
+
+### 11.1 Non-Negotiable Invariants
+
+- **No semantic drift:** Do not reinterpret requirements, rename concepts, or change meaning of existing terms.
+- **No “helpful refactors”:** Any refactor not explicitly requested is forbidden.
+- **No architectural drift:** Do not introduce new layers, patterns, abstractions, or “clean architecture” migrations unless requested.
+- **No dependency drift:** Do not add crates, features, or versions unless explicitly requested.
+- **No behavior drift:** If a change could alter runtime behavior, you MUST call it out explicitly in `## Reasoning` and justify it.
+
+### 11.2 Minimal Surface Area Rule
+
+- Touch the smallest number of files possible.
+- Prefer local changes over cross-cutting edits.
+- Do not “align style” across a file/module—only adjust the modified region.
+- Do not reorder items, imports, or code unless required for correctness.
+
+### 11.3 No Implicit Contract Changes
+
+Contracts include:
+- public APIs, trait bounds, visibility, error types, timeouts/retries, logging semantics, metrics semantics,
+- protocol formats, framing, padding, keepalive cadence, state machine transitions,
+- concurrency guarantees, cancellation behavior, backpressure behavior.
+
+Rule:
+- If you change a contract, you MUST update all dependents in the same patch AND document the contract delta explicitly.
+
+### 11.4 Hot-Path Preservation (Performance Paranoia)
+
+- Do not introduce extra allocations, cloning, or formatting in hot paths.
+- Do not add logging/metrics on hot paths unless requested.
+- Do not add new locks or broaden lock scope.
+- Prefer `&str` / slices / borrowed data where the codebase already does so.
+- Avoid `String` building for errors/logs if it changes current patterns.
+
+If you cannot prove performance neutrality, label it as risk in `## Reasoning`.
+
+### 11.5 Async / Concurrency Safety (Cancellation & Backpressure)
+
+- No blocking calls inside async contexts.
+- Preserve cancellation safety: do not introduce `await` between lock acquisition and critical invariants unless already present.
+- Preserve backpressure: do not replace bounded channels with unbounded, do not remove flow control.
+- Do not change task lifecycle semantics (spawn patterns, join handles, shutdown order) unless requested.
+- Do not introduce `tokio::spawn` / background tasks unless explicitly requested.
+
+### 11.6 Error Semantics Integrity
+
+- Do not replace structured errors with generic strings.
+- Do not widen/narrow error types or change error categories without explicit approval.
+- Avoid introducing panics in production paths (`unwrap`, `expect`) unless the codebase already treats that path as impossible and documented.
+
+### 11.7 “No New Abstractions” Default
+
+Default stance:
+- No new traits, generics, macros, builder patterns, type-level cleverness, or “frameworking”.
+- If abstraction is necessary, prefer the smallest possible local helper (private function) and justify it.
+
+### 11.8 Negative-Diff Protection
+
+Avoid “diff inflation” patterns:
+- mass edits,
+- moving code between files,
+- rewrapping long lines,
+- rearranging module order,
+- renaming for aesthetics.
+
+If a diff becomes large, STOP and ask before proceeding.
+
+### 11.9 Consistency with Existing Style (But Not Style Refactors)
+
+- Follow existing conventions of the touched module (naming, error style, return patterns).
+- Do not enforce global “best practices” that the codebase does not already use.
+
+### 11.10 Two-Phase Safety Gate (Plan → Patch)
+
+For non-trivial changes:
+1) Provide a micro-plan (1–5 bullets): what files, what functions, what invariants, what risks.
+2) Implement exactly that plan—no extra improvements.
+
+### 11.11 Pre-Response Checklist (Hard Gate)
+
+Before final output, verify internally:
+
+- No unresolved symbols / broken imports.
+- No partially updated call sites.
+- No new public surface changes unless requested.
+- No transitional states / TODO placeholders replacing working code.
+- Changes are atomic: the repository remains buildable and runnable.
+- Any behavior change is explicitly stated.
+
+If any check fails: fix it before responding.
+
+### 11.12 Truthfulness Policy (No Hallucinated Claims)
+
+- Do not claim “this compiles” or “tests pass” unless you actually verified with the available tooling/context.
+- If verification is not possible, state: “Not executed; reasoning-based consistency check only.”
+
+### 11.13 Visionary Guardrail: Preserve Optionality
+
+When multiple valid designs exist, prefer the one that:
+- minimally constrains future evolution,
+- preserves existing extension points,
+- avoids locking the project into a new paradigm,
+- keeps interfaces stable and implementation local.
+
+Default to reversible changes.
+
+### 11.14 Stop Conditions
+
+STOP and ask targeted questions if:
+- required context is missing,
+- a change would cross module boundaries,
+- a contract might change,
+- concurrency/protocol invariants are unclear,
+- the diff is growing beyond a minimal patch.
+
+No guessing.
+
+### 12. Invariant Preservation
+
+You MUST explicitly preserve:
+- Thread-safety guarantees (`Send` / `Sync` expectations).
+- Memory safety assumptions (no hidden `unsafe` expansions).
+- Lock ordering and deadlock invariants.
+- State machine correctness (no new invalid transitions).
+- Backward compatibility of serialized formats (if applicable).
+
+If a change touches concurrency, networking, protocol logic, or state machines,
+you MUST explain why existing invariants remain valid.
+
+### 13. Error Handling Policy
+
+- Do not replace structured errors with generic strings.
+- Preserve existing error propagation semantics.
+- Do not widen or narrow error types without approval.
+- Avoid introducing panics in production paths.
+- Prefer explicit error mapping over implicit conversions.
+
+### 14. Test Safety
+
+- Do not modify existing tests unless the task explicitly requires it.
+- Do not weaken assertions.
+- Preserve determinism in testable components.
+
+### 15. Security Constraints
+
+- Do not weaken cryptographic assumptions.
+- Do not modify key derivation logic without explicit request.
+- Do not change constant-time behavior.
+- Do not introduce logging of secrets.
+- Preserve TLS/MTProto protocol correctness.
+
+### 16. Logging Policy
+
+- Do not introduce excessive logging in hot paths.
+- Do not log sensitive data.
+- Preserve existing log levels and style.
+
+### 17. Pre-Response Verification Checklist
+
+Before producing the final answer, verify internally:
+
+- The change compiles conceptually.
+- No unresolved symbols exist.
+- All modified call sites are updated.
+- No accidental behavioral changes were introduced.
+- Architectural boundaries remain intact.
+
+### 18. Atomic Change Principle
+Every patch must be **atomic and production-safe**.
+* **Self-contained** — no dependency on future patches or unimplemented components.
+* **Build-safe** — the project must compile successfully after the change.
+* **Contract-consistent** — no partial interface or behavioral changes; all dependent code must be updated within the same patch.
+* **No transitional states** — no placeholders, incomplete refactors, or temporary inconsistencies.
+
+**Invariant:** After any single patch, the repository remains fully functional and buildable.
+

CONTRIBUTING.md

@@ -0,0 +1,14 @@
+# Pull Requests - Rules
+## General
+- ONLY signed and verified commits
+- ONLY from your name
+- DO NOT commit with `codex` or `claude` as author/commiter
+- PREFER `flow` branch for development, not `main`
+
+## AI
+We are not against modern tools, like AI, where you act as a principal or architect, but we consider it important:
+
+- you really understand what you're doing
+- you understand the relationships and dependencies of the components being modified
+- you understand the architecture of Telegram MTProto, MTProxy, Middle-End KDF at least generically
+- you DO NOT commit for the sake of commits, but to help the community, core-developers and ordinary users

Cargo.toml

@@ -1,16 +1,15 @@
 [package]
 name = "telemt"
-version = "1.0.0"
-edition = "2021"
-rust-version = "1.75"
+version = "3.0.10"
+edition = "2024"
 
 [dependencies]
 # C
 libc = "0.2"
 
 # Async runtime
-tokio = { version = "1.35", features = ["full", "tracing"] }
-tokio-util = { version = "0.7", features = ["codec"] }
+tokio = { version = "1.42", features = ["full", "tracing"] }
+tokio-util = { version = "0.7", features = ["full"] }
 
 # Crypto
 aes = "0.8"
@@ -20,41 +19,56 @@ sha2 = "0.10"
 sha1 = "0.10"
 md-5 = "0.10"
 hmac = "0.12"
-crc32fast = "1.3"
+crc32fast = "1.4"
+crc32c = "0.6"
+zeroize = { version = "1.8", features = ["derive"] }
 
 # Network
 socket2 = { version = "0.5", features = ["all"] }
-rustls = "0.22"
+nix = { version = "0.28", default-features = false, features = ["net"] }
 
-# Serial
+# Serialization
 serde = { version = "1.0", features = ["derive"] }
 serde_json = "1.0"
 toml = "0.8"
+x509-parser = "0.15"
 
 # Utils
-bytes = "1.5"
-thiserror = "1.0"
+bytes = "1.9"
+thiserror = "2.0"
 tracing = "0.1"
 tracing-subscriber = { version = "0.3", features = ["env-filter"] }
 parking_lot = "0.12"
 dashmap = "5.5"
-lru = "0.12"
-rand = "0.8"
+lru = "0.16"
+rand = "0.9"
 chrono = { version = "0.4", features = ["serde"] }
 hex = "0.4"
-base64 = "0.21"
+base64 = "0.22"
 url = "2.5"
-regex = "1.10"
-once_cell = "1.19"
+regex = "1.11"
 crossbeam-queue = "0.3"
+num-bigint = "0.4"
+num-traits = "0.2"
+anyhow = "1.0"
 
 # HTTP
-reqwest = { version = "0.11", features = ["rustls-tls"], default-features = false }
+reqwest = { version = "0.12", features = ["rustls-tls"], default-features = false }
+notify = { version = "6", features = ["macos_fsevent"] }
+ipnetwork = "0.20"
+hyper = { version = "1", features = ["server", "http1"] }
+hyper-util = { version = "0.1", features = ["tokio", "server-auto"] }
+http-body-util = "0.1"
+httpdate = "1.0"
+tokio-rustls = { version = "0.26", default-features = false, features = ["tls12"] }
+rustls = { version = "0.23", default-features = false, features = ["std", "tls12", "ring"] }
+webpki-roots = "0.26"
 
 [dev-dependencies]
 tokio-test = "0.4"
 criterion = "0.5"
 proptest = "1.4"
+futures = "0.3"
 
 [[bench]]
 name = "crypto_bench"

Dockerfile

@@ -0,0 +1,43 @@
+# ==========================
+# Stage 1: Build
+# ==========================
+FROM rust:1.85-slim-bookworm AS builder
+
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    pkg-config \
+    && rm -rf /var/lib/apt/lists/*
+
+WORKDIR /build
+
+COPY Cargo.toml Cargo.lock* ./
+RUN mkdir src && echo 'fn main() {}' > src/main.rs && \
+    cargo build --release 2>/dev/null || true && \
+    rm -rf src
+
+COPY . .
+RUN cargo build --release && strip target/release/telemt
+
+# ==========================
+# Stage 2: Runtime
+# ==========================
+FROM debian:bookworm-slim
+
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    ca-certificates \
+    && rm -rf /var/lib/apt/lists/*
+
+RUN useradd -r -s /usr/sbin/nologin telemt
+
+WORKDIR /app
+
+COPY --from=builder /build/target/release/telemt /app/telemt
+COPY config.toml /app/config.toml
+
+RUN chown -R telemt:telemt /app
+USER telemt
+
+EXPOSE 443
+EXPOSE 9090
+
+ENTRYPOINT ["/app/telemt"]
+CMD ["config.toml"]

LICENSING.md

@@ -0,0 +1,17 @@
+# LICENSING
+## Licenses for Versions
+| Version | License       |
+|---------|---------------|
+| 1.0     | NO LICNESE    |
+| 1.1     | NO LICENSE    |
+| 1.2     | NO LICENSE    |
+| 2.0     | NO LICENSE    |
+| 3.0     | TELEMT UL 1   |
+
+### License Types
+- **NO LICENSE** = ***ALL RIGHT RESERVED***
+- **TELEMT UL1** - work in progress license for source code of `telemt`, which encourages:
+  - fair use, 
+  - contributions, 
+  - distribution, 
+  - but prohibits NOT mentioning the authors

README.md

@@ -2,16 +2,117 @@
 
 **Telemt** is a fast, secure, and feature-rich server written in Rust: it fully implements the official Telegram proxy algo and adds many production-ready improvements such as connection pooling, replay protection, detailed statistics, masking from "prying" eyes
 
+## NEWS and EMERGENCY
+### ✈️ Telemt 3 is released!
+<table>
+<tr>
+<td width="50%" valign="top">
+
+### 🇷🇺 RU
+
+#### Драфтинг LTS и текущие улучшения
+
+С 21 февраля мы начали подготовку LTS-версии.
+
+Мы внимательно анализируем весь доступный фидбек.  
+Наша цель — сделать LTS-кандидаты максимально стабильными, тщательно отлаженными и готовыми к long-run и highload production-сценариям.
+
+---
+
+#### Улучшения от 23 февраля
+
+23 февраля были внесены улучшения производительности в режимах **DC** и **Middle-End (ME)**, с акцентом на обратный канал (путь клиент → DC / ME).
+
+Дополнительно реализован ряд изменений, направленных на повышение устойчивости системы:
+
+- Смягчение сетевой нестабильности  
+- Повышение устойчивости к десинхронизации криптографии  
+- Снижение дрейфа сессий при неблагоприятных условиях  
+- Улучшение обработки ошибок в edge-case транспортных сценариях  
+
+Релиз:  
+[3.0.9](https://github.com/telemt/telemt/releases/tag/3.0.9)
+
+---
+
+Если у вас есть компетенции в:
+
+- Асинхронных сетевых приложениях  
+- Анализе трафика  
+- Реверс-инжиниринге  
+- Сетевых расследованиях  
+
+Мы открыты к архитектурным предложениям, идеям и pull requests
+</td>
+<td width="50%" valign="top">
+
+### 🇬🇧 EN
+
+#### LTS Drafting and Ongoing Improvements
+
+Starting February 21, we began drafting the upcoming LTS version.
+
+We are carefully reviewing and analyzing all available feedback.  
+The goal is to ensure that LTS candidates are максимально stable, thoroughly debugged, and ready for long-run and high-load production scenarios.
+
+---
+
+#### February 23 Improvements
+
+On February 23, we introduced performance improvements for both **DC** and **Middle-End (ME)** modes, specifically optimizing the reverse channel (client → DC / ME data path).
+
+Additionally, we implemented a set of robustness enhancements designed to:
+
+- Mitigate network-related instability
+- Improve resilience against cryptographic desynchronization
+- Reduce session drift under adverse conditions
+- Improve error handling in edge-case transport scenarios
+
+Release:  
+[3.0.9](https://github.com/telemt/telemt/releases/tag/3.0.9)
+
+---
+
+If you have expertise in:
+
+- Asynchronous network applications  
+- Traffic analysis  
+- Reverse engineering  
+- Network forensics  
+
+We welcome ideas, architectural feedback, and pull requests.
+</td>
+</tr>
+</table>
+
+# Features
+💥 The configuration structure has changed since version 1.1.0.0. change it in your environment!
+
+⚓ Our implementation of **TLS-fronting** is one of the most deeply debugged, focused, advanced and *almost* **"behaviorally consistent to real"**:  we are confident we have it right - [see evidence on our validation and traces](#recognizability-for-dpi-and-crawler)
+
+⚓ Our ***Middle-End Pool*** is fastest by design in standard scenarios, compared to other implementations of connecting to the Middle-End Proxy: non dramatically, but usual
+
 # GOTO
 - [Features](#features)
 - [Quick Start Guide](#quick-start-guide)
-  - [Build](#build)
 - [How to use?](#how-to-use)
   - [Systemd Method](#telemt-via-systemd)
+- [Configuration](#configuration)
+  - [Minimal Configuration](#minimal-configuration-for-first-start)
+  - [Advanced](#advanced)
+    - [Adtag](#adtag)
+    - [Listening and Announce IPs](#listening-and-announce-ips)
+    - [Upstream Manager](#upstream-manager)
+      - [IP](#bind-on-ip)
+      - [SOCKS](#socks45-as-upstream)
 - [FAQ](#faq)
+  - [Recognizability for DPI + crawler](#recognizability-for-dpi-and-crawler)
   - [Telegram Calls](#telegram-calls-via-mtproxy)
   - [DPI](#how-does-dpi-see-mtproxy-tls)
   - [Whitelist on Network Level](#whitelist-on-ip)
+  - [Too many open files](#too-many-open-files)
+- [Build](#build)
+- [Docker](#docker)
 - [Why Rust?](#why-rust)
 
 ## Features
@@ -27,25 +128,27 @@
 - Extensive logging via `trace` and `debug` with `RUST_LOG` method
 
 ## Quick Start Guide
-
-### Build
+**This software is designed for Debian-based OS: in addition to Debian, these are Ubuntu, Mint, Kali, MX and many other Linux**
+1. Download release
 ```bash
-# Cloning repo
-git clone https://github.com/telemt/telemt 
-# Changing Directory to telemt
-cd telemt
-# Starting Release Build
-cargo build --release
-# Move to /bin
-mv ./target/release/telemt /bin
-# Make executable
-chmod +x /bin/telemt
-# Lets go!
-telemt config.toml
+wget -qO- "https://github.com/telemt/telemt/releases/latest/download/telemt-$(uname -m)-linux-$(ldd --version 2>&1 | grep -iq musl && echo musl || echo gnu).tar.gz" | tar -xz
 ```
+2. Move to Bin Folder
+```bash
+mv telemt /bin
+```
+4. Make Executable
+```bash
+chmod +x /bin/telemt
+```
+5. Go to [How to use?](#how-to-use) section for for further steps
 
 ## How to use?
 ### Telemt via Systemd
+**This instruction "assume" that you:**
+- logged in as root or executed `su -` / `sudo su`
+- you already have an assembled and executable `telemt` in /bin folder as a result of the [Quick Start Guide](#quick-start-guide) or [Build](#build)
+
 **0. Check port and generate secrets**
 
 The port you have selected for use should be MISSING from the list, when:
@@ -72,28 +175,8 @@ Open nano
 ```bash
 nano /etc/telemt.toml
 ```
-```bash
-port = 443                              # Listening port
+paste your config from [Configuration](#configuration) section
 
-[users]
-hello = "00000000000000000000000000000000" # Replace the secret with one generated before
-
-[modes]
-classic = false                         # Plain obfuscated mode
-secure = false                          # dd-prefix mode
-tls = true                              # Fake TLS - ee-prefix
-
-tls_domain = "petrovich.ru"             # Domain for ee-secret and masking
-mask = true                             # Enable masking of bad traffic
-mask_host = "petrovich.ru"              # Optional override for mask destination
-mask_port = 443                         # Port for masking
-
-prefer_ipv6 = false                     # Try IPv6 DCs first if true
-fast_mode = true                        # Use "fast" obfuscation variant
-
-client_keepalive = 600                  # Seconds
-client_ack_timeout = 300                # Seconds
-```
 then Ctrl+X -> Y -> Enter to save
 
 **2. Create service on /etc/systemd/system/telemt.service**
@@ -113,6 +196,7 @@ Type=simple
 WorkingDirectory=/bin
 ExecStart=/bin/telemt /etc/telemt.toml
 Restart=on-failure
+LimitNOFILE=65536
 
 [Install]
 WantedBy=multi-user.target
@@ -125,9 +209,163 @@ then Ctrl+X -> Y -> Enter to save
 
 **5.** In Shell type `systemctl enable telemt` - then telemt will start with system startup, after the network is up
 
+## Configuration
+### Minimal Configuration for First Start
+```toml
+# === General Settings ===
+[general]
+# ad_tag = "00000000000000000000000000000000"
+
+[general.modes]
+classic = false
+secure = false
+tls = true
+
+# === Anti-Censorship & Masking ===
+[censorship]
+tls_domain = "petrovich.ru"
+
+[access.users]
+# format: "username" = "32_hex_chars_secret"
+hello = "00000000000000000000000000000000"
+
+```
+### Advanced
+#### Adtag
+To use channel advertising and usage statistics from Telegram, get Adtag from [@mtproxybot](https://t.me/mtproxybot), add this parameter to section `[General]`
+```toml
+ad_tag = "00000000000000000000000000000000" # Replace zeros to your adtag from @mtproxybot
+```
+#### Listening and Announce IPs
+To specify listening address and/or address in links, add to section `[[server.listeners]]` of config.toml:
+```toml
+[[server.listeners]]
+ip = "0.0.0.0"          # 0.0.0.0 = all IPs; your IP = specific listening
+announce_ip = "1.2.3.4" # IP in links; comment with # if not used
+```
+#### Upstream Manager
+To specify upstream, add to section `[[upstreams]]` of config.toml:
+##### Bind on IP
+```toml
+[[upstreams]]
+type = "direct"
+weight = 1
+enabled = true
+interface = "192.168.1.100" # Change to your outgoing IP
+```
+##### SOCKS4/5 as Upstream
+- Without Auth:
+```toml
+[[upstreams]]
+type = "socks5"            # Specify SOCKS4 or SOCKS5
+address = "1.2.3.4:1234"   # SOCKS-server Address
+weight = 1                 # Set Weight for Scenarios
+enabled = true
+```
+
+- With Auth:
+```toml
+[[upstreams]]
+type = "socks5"            # Specify SOCKS4 or SOCKS5
+address = "1.2.3.4:1234"   # SOCKS-server Address
+username = "user"          # Username for Auth on SOCKS-server
+password = "pass"          # Password for Auth on SOCKS-server
+weight = 1                 # Set Weight for Scenarios
+enabled = true
+```
+
 ## FAQ
+### Recognizability for DPI and crawler
+Since version 1.1.0.0, we have debugged masking perfectly: for all clients without "presenting" a key, 
+we transparently direct traffic to the target host!
+
+- We consider this a breakthrough aspect, which has no stable analogues today
+- Based on this: if `telemt` configured correctly, **TLS mode is completely identical to real-life handshake + communication** with a specified host
+- Here is our evidence:
+    - 212.220.88.77 - "dummy" host, running `telemt`
+    - `petrovich.ru` - `tls` + `masking` host, in HEX: `706574726f766963682e7275`
+    - **No MITM + No Fake Certificates/Crypto** = pure transparent *TCP Splice* to "best" upstream: MTProxy or tls/mask-host:
+      - DPI see legitimate HTTPS to `tls_host`, including *valid chain-of-trust* and entropy
+      - Crawlers completely satisfied receiving responses from `mask_host`
+  #### Client WITH secret-key accesses the MTProxy resource:
+  
+  <img width="360" height="439" alt="telemt" src="https://github.com/user-attachments/assets/39352afb-4a11-4ecc-9d91-9e8cfb20607d" />
+  
+  #### Client WITHOUT secret-key gets transparent access to the specified resource:
+    - with trusted certificate
+    - with original handshake
+    - with full request-response way
+    - with low-latency overhead
+```bash
+root@debian:~/telemt# curl -v -I --resolve petrovich.ru:443:212.220.88.77 https://petrovich.ru/
+* Added petrovich.ru:443:212.220.88.77 to DNS cache
+* Hostname petrovich.ru was found in DNS cache
+*   Trying 212.220.88.77:443...
+* Connected to petrovich.ru (212.220.88.77) port 443 (#0)
+* ALPN: offers h2,http/1.1
+* TLSv1.3 (OUT), TLS handshake, Client hello (1):
+*  CAfile: /etc/ssl/certs/ca-certificates.crt
+*  CApath: /etc/ssl/certs
+* TLSv1.3 (IN), TLS handshake, Server hello (2):
+* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
+* TLSv1.3 (IN), TLS handshake, Certificate (11):
+* TLSv1.3 (IN), TLS handshake, CERT verify (15):
+* TLSv1.3 (IN), TLS handshake, Finished (20):
+* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
+* TLSv1.3 (OUT), TLS handshake, Finished (20):
+* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
+* ALPN: server did not agree on a protocol. Uses default.
+* Server certificate:
+*  subject: C=RU; ST=Saint Petersburg; L=Saint Petersburg; O=STD Petrovich; CN=*.petrovich.ru
+*  start date: Jan 28 11:21:01 2025 GMT
+*  expire date: Mar  1 11:21:00 2026 GMT
+*  subjectAltName: host "petrovich.ru" matched cert's "petrovich.ru"
+*  issuer: C=BE; O=GlobalSign nv-sa; CN=GlobalSign RSA OV SSL CA 2018
+*  SSL certificate verify ok.
+* using HTTP/1.x
+> HEAD / HTTP/1.1
+> Host: petrovich.ru
+> User-Agent: curl/7.88.1
+> Accept: */*
+> 
+* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
+* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
+* old SSL session ID is stale, removing
+< HTTP/1.1 200 OK
+HTTP/1.1 200 OK
+< Server: Variti/0.9.3a
+Server: Variti/0.9.3a
+< Date: Thu, 01 Jan 2026 00:0000 GMT
+Date: Thu, 01 Jan 2026 00:0000 GMT
+< Access-Control-Allow-Origin: *
+Access-Control-Allow-Origin: *
+< Content-Type: text/html
+Content-Type: text/html
+< Cache-Control: no-store
+Cache-Control: no-store
+< Expires: Thu, 01 Jan 2026 00:0000 GMT
+Expires: Thu, 01 Jan 2026 00:0000 GMT
+< Pragma: no-cache
+Pragma: no-cache
+< Set-Cookie: ipp_uid=XXXXX/XXXXX/XXXXX==; Expires=Tue, 31 Dec 2040 23:59:59 GMT; Domain=.petrovich.ru; Path=/
+Set-Cookie: ipp_uid=XXXXX/XXXXX/XXXXX==; Expires=Tue, 31 Dec 2040 23:59:59 GMT; Domain=.petrovich.ru; Path=/
+< Content-Type: text/html
+Content-Type: text/html
+< Content-Length: 31253
+Content-Length: 31253
+< Connection: keep-alive
+Connection: keep-alive
+< Keep-Alive: timeout=60
+Keep-Alive: timeout=60
+
+< 
+* Connection #0 to host petrovich.ru left intact
+
+```
+- We challenged ourselves, we kept trying and we didn't only *beat the air*: now, we have something to show you
+  - Do not just take our word for it? - This is great and we respect that: you can build your own `telemt` or download a build and check it right now
 ### Telegram Calls via MTProxy
-- Telegram architecture does **NOT allow calls via MTProxy**, but only via SOCKS5, which cannot be obfuscated
+- Telegram architecture **does NOT allow calls via MTProxy**, but only via SOCKS5, which cannot be obfuscated
 ### How does DPI see MTProxy TLS?
 - DPI sees MTProxy in Fake TLS (ee) mode as TLS 1.3
 - the SNI you specify sends both the client and the server;
@@ -146,14 +384,87 @@ then Ctrl+X -> Y -> Enter to save
   - in China behind the Great Firewall
   - in Russia on mobile networks, less in wired networks
   - in Iran during "activity"
+### Too many open files
+- On a fresh Linux install the default open file limit is low; under load `telemt` may fail with `Accept error: Too many open files`
+- **Systemd**: add `LimitNOFILE=65536` to the `[Service]` section (already included in the example above)
+- **Docker**: add `--ulimit nofile=65536:65536` to your `docker run` command, or in `docker-compose.yml`:
+```yaml
+ulimits:
+  nofile:
+    soft: 65536
+    hard: 65536
+```
+- **System-wide** (optional): add to `/etc/security/limits.conf`:
+```
+*       soft    nofile  1048576
+*       hard    nofile  1048576
+root    soft    nofile  1048576
+root    hard    nofile  1048576
+```
+
+
+## Build
+```bash
+# Cloning repo
+git clone https://github.com/telemt/telemt 
+# Changing Directory to telemt
+cd telemt
+# Starting Release Build
+cargo build --release
+# Move to /bin
+mv ./target/release/telemt /bin
+# Make executable
+chmod +x /bin/telemt
+# Lets go!
+telemt config.toml
+```
+
+## Docker
+**Quick start (Docker Compose)**
+
+1. Edit `config.toml` in repo root (at least: port, users secrets, tls_domain)
+2. Start container:
+```bash
+docker compose up -d --build
+```
+3. Check logs:
+```bash
+docker compose logs -f telemt
+```
+4. Stop:
+```bash
+docker compose down
+```
+
+**Notes**
+- `docker-compose.yml` maps `./config.toml` to `/app/config.toml` (read-only)
+- By default it publishes `443:443` and runs with dropped capabilities (only `NET_BIND_SERVICE` is added)
+- If you really need host networking (usually only for some IPv6 setups) uncomment `network_mode: host`
+
+**Run without Compose**
+```bash
+docker build -t telemt:local .
+docker run --name telemt --restart unless-stopped \
+  -p 443:443 \
+  -e RUST_LOG=info \
+  -v "$PWD/config.toml:/app/config.toml:ro" \
+  --read-only \
+  --cap-drop ALL --cap-add NET_BIND_SERVICE \
+  --ulimit nofile=65536:65536 \
+  telemt:local
+```
 
 ## Why Rust?
 - Long-running reliability and idempotent behavior
-- Rust’s deterministic resource management - RAII 
+- Rust's deterministic resource management - RAII 
 - No garbage collector
 - Memory safety and reduced attack surface
 - Tokio's asynchronous architecture
 
+## Issues
+- ✅ [SOCKS5 as Upstream](https://github.com/telemt/telemt/issues/1) -> added Upstream Management
+- ✅ [iOS - Media Upload Hanging-in-Loop](https://github.com/telemt/telemt/issues/2)
+
 ## Roadmap
 - Public IP in links
 - Config Reload-on-fly

ROADMAP.md

@@ -0,0 +1,34 @@
+### 3.0.0 Anschluss
+- **Middle Proxy now is stable**, confirmed on canary-deploy over ~20 users
+- Ad-tag now is working
+- DC=203/CDN now is working over ME
+- `getProxyConfig` and `ProxySecret` are automated
+- Version order is now in format `3.0.0` - without Windows-style "microfixes"
+
+### 3.0.1 Kabelsammler
+- Handshake timeouts fixed
+- Connectivity logging refactored
+- Docker: tmpfs for ProxyConfig and ProxySecret
+- Public Host and Port in config
+- ME Relays Head-of-Line Blocking fixed
+- ME Ping
+
+### 3.0.2 Microtrencher
+- New [network] section
+- ME Fixes
+- Small bugs coverage
+
+### 3.0.3 Ausrutscher
+- ME as stateful, no conn-id migration
+- No `flush()` on datapath after RpcWriter
+- Hightech parser for IPv6 without regexp
+- `nat_probe = true` by default
+- Timeout for `recv()` in STUN-client
+- ConnRegistry review
+- Dualstack emergency reconnect
+
+### 3.0.4 Schneeflecken
+- Only WARN and Links in Normal log
+- Consistent IP-family detection
+- Includes for config
+- `nonce_frame_hex` in log only with `DEBUG`

config.toml

@@ -1,13 +1,147 @@
-port = 443
+# === General Settings ===
+[general]
+fast_mode = true
+use_middle_proxy = true
+# ad_tag = "00000000000000000000000000000000"
+# Path to proxy-secret binary (auto-downloaded if missing).
+proxy_secret_path = "proxy-secret"
+# disable_colors = false  # Disable colored output in logs (useful for files/systemd)
 
-[users]
-user1 = "00000000000000000000000000000000"
+# === Log Level ===
+# Log level: debug | verbose | normal | silent
+# Can be overridden with --silent or --log-level CLI flags
+# RUST_LOG env var takes absolute priority over all of these
+log_level = "normal"
 
-[modes]
-classic = true
-secure = true
+# === Middle Proxy - ME ===
+# Public IP override for ME KDF when behind NAT; leave unset to auto-detect.
+# middle_proxy_nat_ip = "203.0.113.10"
+# Enable STUN probing to discover public IP:port for ME.
+middle_proxy_nat_probe = true
+# Primary STUN server (host:port); defaults to Telegram STUN when empty.
+middle_proxy_nat_stun = "stun.l.google.com:19302"
+# Optional fallback STUN servers list.
+middle_proxy_nat_stun_servers = ["stun1.l.google.com:19302", "stun2.l.google.com:19302"]
+# Desired number of concurrent ME writers in pool.
+middle_proxy_pool_size = 16
+# Pre-initialized warm-standby ME connections kept idle.
+middle_proxy_warm_standby = 8
+# Ignore STUN/interface mismatch and keep ME enabled even if IP differs.
+stun_iface_mismatch_ignore = false
+# Keepalive padding frames - fl==4
+me_keepalive_enabled = true
+me_keepalive_interval_secs = 25           # Period between keepalives
+me_keepalive_jitter_secs = 5              # Jitter added to interval
+me_keepalive_payload_random = true        # Randomize 4-byte payload (vs zeros)
+# Stagger extra ME connections on warmup to de-phase lifecycles.
+me_warmup_stagger_enabled = true
+me_warmup_step_delay_ms = 500             # Base delay between extra connects
+me_warmup_step_jitter_ms = 300            # Jitter for warmup delay
+# Reconnect policy knobs.
+me_reconnect_max_concurrent_per_dc = 1    # Parallel reconnects per DC - EXPERIMENTAL! UNSTABLE!
+me_reconnect_backoff_base_ms = 500        # Backoff start
+me_reconnect_backoff_cap_ms = 30000       # Backoff cap
+me_reconnect_fast_retry_count = 11        # Quick retries before backoff
+
+[general.modes]
+classic = false
+secure = false
 tls = true
 
-tls_domain = "www.github.com"
-fast_mode = true
-prefer_ipv6 = false
+[general.links]
+show = "*"
+# show = ["alice", "bob"] # Only show links for alice and bob
+# show = "*"              # Show links for all users
+# public_host = "proxy.example.com"  # Host (IP or domain) for tg:// links
+# public_port = 443                  # Port for tg:// links (default: server.port)
+
+# === Network Parameters ===
+[network]
+# Enable/disable families: true/false/auto(None)
+ipv4 = true
+ipv6 = false # UNSTABLE WITH ME
+# prefer = 4 or 6
+prefer = 4
+multipath = false # EXPERIMENTAL!
+
+# === Server Binding ===
+[server]
+port = 443
+listen_addr_ipv4 = "0.0.0.0"
+listen_addr_ipv6 = "::"
+# listen_unix_sock = "/var/run/telemt.sock" # Unix socket
+# listen_unix_sock_perm = "0666" # Socket file permissions
+# proxy_protocol = false           # Enable if behind HAProxy/nginx with PROXY protocol
+# metrics_port = 9090
+# metrics_whitelist = ["127.0.0.1", "::1"]
+
+# Listen on multiple interfaces/IPs - IPv4
+[[server.listeners]]
+ip = "0.0.0.0"
+
+# Listen on multiple interfaces/IPs - IPv6
+[[server.listeners]]
+ip = "::"
+
+# === Timeouts (in seconds) ===
+[timeouts]
+client_handshake = 30
+tg_connect = 10
+client_keepalive = 60
+client_ack = 300
+# Quick ME reconnects for single-address DCs (count and per-attempt timeout, ms).
+me_one_retry = 12
+me_one_timeout_ms = 1200
+
+# === Anti-Censorship & Masking ===
+[censorship]
+tls_domain = "petrovich.ru"
+# tls_domains = ["example.com", "cdn.example.net"] # Additional domains for EE links
+mask = true
+mask_port = 443
+# mask_host = "petrovich.ru" # Defaults to tls_domain if not set
+# mask_unix_sock = "/var/run/nginx.sock" # Unix socket (mutually exclusive with mask_host)
+fake_cert_len = 2048
+# tls_emulation = false        # Fetch real cert lengths and emulate TLS records
+# tls_front_dir = "tlsfront"   # Cache directory for TLS emulation
+
+# === Access Control & Users ===
+[access]
+replay_check_len = 65536
+replay_window_secs = 1800
+ignore_time_skew = false
+
+[access.users]
+# format: "username" = "32_hex_chars_secret"
+hello = "00000000000000000000000000000000"
+
+# [access.user_max_tcp_conns]
+# hello = 50
+
+# [access.user_max_unique_ips]
+# hello = 5
+
+# [access.user_data_quota]
+# hello = 1073741824 # 1 GB
+
+# [access.user_expirations]
+# format: username = "[year]-[month]-[day]T[hour]:[minute]:[second]Z" UTC
+# hello = "2027-01-01T00:00:00Z"
+
+# === Upstreams & Routing ===
+[[upstreams]]
+type = "direct"
+enabled = true
+weight = 10
+# interface = "192.168.1.100"           # Bind outgoing to specific IP or iface name
+# bind_addresses = ["192.168.1.100"]    # List for round-robin binding (family must match target)
+
+# [[upstreams]]
+# type = "socks5"
+# address = "127.0.0.1:1080"
+# enabled = false
+# weight = 1
+
+# === DC Address Overrides ===
+# [dc_overrides]
+# "203" = "91.105.192.100:443"

docker-compose.yml

@@ -0,0 +1,29 @@
+services:
+  telemt:
+    build: .
+    container_name: telemt
+    restart: unless-stopped
+    ports:
+      - "443:443"
+      - "9090:9090"
+    # Allow caching 'proxy-secret' in read-only container
+    working_dir: /run/telemt
+    volumes:
+      - ./config.toml:/run/telemt/config.toml:ro
+    tmpfs:
+      - /run/telemt:rw,mode=1777,size=1m
+    environment:
+      - RUST_LOG=info
+    # Uncomment this line if you want to use host network for IPv6, but bridge is default and usually better
+    # network_mode: host
+    cap_drop:
+      - ALL
+    cap_add:
+      - NET_BIND_SERVICE   # allow binding to port 443
+    read_only: true
+    security_opt:
+      - no-new-privileges:true
+    ulimits:
+      nofile:
+        soft: 65536
+        hard: 65536

src/cli.rs

@@ -0,0 +1,308 @@
+//! CLI commands: --init (fire-and-forget setup)
+
+use std::fs;
+use std::path::{Path, PathBuf};
+use std::process::Command;
+use rand::Rng;
+
+/// Options for the init command
+pub struct InitOptions {
+    pub port: u16,
+    pub domain: String,
+    pub secret: Option<String>,
+    pub username: String,
+    pub config_dir: PathBuf,
+    pub no_start: bool,
+}
+
+impl Default for InitOptions {
+    fn default() -> Self {
+        Self {
+            port: 443,
+            domain: "www.google.com".to_string(),
+            secret: None,
+            username: "user".to_string(),
+            config_dir: PathBuf::from("/etc/telemt"),
+            no_start: false,
+        }
+    }
+}
+
+/// Parse --init subcommand options from CLI args.
+///
+/// Returns `Some(InitOptions)` if `--init` was found, `None` otherwise.
+pub fn parse_init_args(args: &[String]) -> Option<InitOptions> {
+    if !args.iter().any(|a| a == "--init") {
+        return None;
+    }
+    
+    let mut opts = InitOptions::default();
+    let mut i = 0;
+    
+    while i < args.len() {
+        match args[i].as_str() {
+            "--port" => {
+                i += 1;
+                if i < args.len() {
+                    opts.port = args[i].parse().unwrap_or(443);
+                }
+            }
+            "--domain" => {
+                i += 1;
+                if i < args.len() {
+                    opts.domain = args[i].clone();
+                }
+            }
+            "--secret" => {
+                i += 1;
+                if i < args.len() {
+                    opts.secret = Some(args[i].clone());
+                }
+            }
+            "--user" => {
+                i += 1;
+                if i < args.len() {
+                    opts.username = args[i].clone();
+                }
+            }
+            "--config-dir" => {
+                i += 1;
+                if i < args.len() {
+                    opts.config_dir = PathBuf::from(&args[i]);
+                }
+            }
+            "--no-start" => {
+                opts.no_start = true;
+            }
+            _ => {}
+        }
+        i += 1;
+    }
+    
+    Some(opts)
+}
+
+/// Run the fire-and-forget setup.
+pub fn run_init(opts: InitOptions) -> Result<(), Box<dyn std::error::Error>> {
+    eprintln!("[telemt] Fire-and-forget setup");
+    eprintln!();
+    
+    // 1. Generate or validate secret
+    let secret = match opts.secret {
+        Some(s) => {
+            if s.len() != 32 || !s.chars().all(|c| c.is_ascii_hexdigit()) {
+                eprintln!("[error] Secret must be exactly 32 hex characters");
+                std::process::exit(1);
+            }
+            s
+        }
+        None => generate_secret(),
+    };
+    
+    eprintln!("[+] Secret: {}", secret);
+    eprintln!("[+] User:   {}", opts.username);
+    eprintln!("[+] Port:   {}", opts.port);
+    eprintln!("[+] Domain: {}", opts.domain);
+    
+    // 2. Create config directory
+    fs::create_dir_all(&opts.config_dir)?;
+    let config_path = opts.config_dir.join("config.toml");
+    
+    // 3. Write config
+    let config_content = generate_config(&opts.username, &secret, opts.port, &opts.domain);
+    fs::write(&config_path, &config_content)?;
+    eprintln!("[+] Config written to {}", config_path.display());
+    
+    // 4. Write systemd unit
+    let exe_path = std::env::current_exe()
+        .unwrap_or_else(|_| PathBuf::from("/usr/local/bin/telemt"));
+    
+    let unit_path = Path::new("/etc/systemd/system/telemt.service");
+    let unit_content = generate_systemd_unit(&exe_path, &config_path);
+    
+    match fs::write(unit_path, &unit_content) {
+        Ok(()) => {
+            eprintln!("[+] Systemd unit written to {}", unit_path.display());
+        }
+        Err(e) => {
+            eprintln!("[!] Cannot write systemd unit (run as root?): {}", e);
+            eprintln!("[!] Manual unit file content:");
+            eprintln!("{}", unit_content);
+            
+            // Still print links and config
+            print_links(&opts.username, &secret, opts.port, &opts.domain);
+            return Ok(());
+        }
+    }
+    
+    // 5. Reload systemd
+    run_cmd("systemctl", &["daemon-reload"]);
+    
+    // 6. Enable service
+    run_cmd("systemctl", &["enable", "telemt.service"]);
+    eprintln!("[+] Service enabled");
+    
+    // 7. Start service (unless --no-start)
+    if !opts.no_start {
+        run_cmd("systemctl", &["start", "telemt.service"]);
+        eprintln!("[+] Service started");
+        
+        // Brief delay then check status
+        std::thread::sleep(std::time::Duration::from_secs(1));
+        let status = Command::new("systemctl")
+            .args(["is-active", "telemt.service"])
+            .output();
+        
+        match status {
+            Ok(out) if out.status.success() => {
+                eprintln!("[+] Service is running");
+            }
+            _ => {
+                eprintln!("[!] Service may not have started correctly");
+                eprintln!("[!] Check: journalctl -u telemt.service -n 20");
+            }
+        }
+    } else {
+        eprintln!("[+] Service not started (--no-start)");
+        eprintln!("[+] Start manually: systemctl start telemt.service");
+    }
+    
+    eprintln!();
+    
+    // 8. Print links
+    print_links(&opts.username, &secret, opts.port, &opts.domain);
+    
+    Ok(())
+}
+
+fn generate_secret() -> String {
+    let mut rng = rand::rng();
+    let bytes: Vec<u8> = (0..16).map(|_| rng.random::<u8>()).collect();
+    hex::encode(bytes)
+}
+
+fn generate_config(username: &str, secret: &str, port: u16, domain: &str) -> String {
+    format!(
+r#"# Telemt MTProxy — auto-generated config
+# Re-run `telemt --init` to regenerate
+
+show_link = ["{username}"]
+
+[general]
+# prefer_ipv6 is deprecated; use [network].prefer
+prefer_ipv6 = false
+fast_mode = true
+use_middle_proxy = false
+log_level = "normal"
+
+[network]
+ipv4 = true
+ipv6 = true
+prefer = 4
+multipath = false
+
+[general.modes]
+classic = false
+secure = false
+tls = true
+
+[server]
+port = {port}
+listen_addr_ipv4 = "0.0.0.0"
+listen_addr_ipv6 = "::"
+
+[[server.listeners]]
+ip = "0.0.0.0"
+# reuse_allow = false # Set true only when intentionally running multiple telemt instances on same port
+
+[[server.listeners]]
+ip = "::"
+
+[timeouts]
+client_handshake = 15
+tg_connect = 10
+client_keepalive = 60
+client_ack = 300
+
+[censorship]
+tls_domain = "{domain}"
+mask = true
+mask_port = 443
+fake_cert_len = 2048
+
+[access]
+replay_check_len = 65536
+replay_window_secs = 1800
+ignore_time_skew = false
+
+[access.users]
+{username} = "{secret}"
+
+[[upstreams]]
+type = "direct"
+enabled = true
+weight = 10
+"#,
+        username = username,
+        secret = secret,
+        port = port,
+        domain = domain,
+    )
+}
+
+fn generate_systemd_unit(exe_path: &Path, config_path: &Path) -> String {
+    format!(
+r#"[Unit]
+Description=Telemt MTProxy
+Documentation=https://github.com/nicepkg/telemt
+After=network-online.target
+Wants=network-online.target
+
+[Service]
+Type=simple
+ExecStart={exe} {config}
+Restart=always
+RestartSec=5
+LimitNOFILE=65535
+# Security hardening
+NoNewPrivileges=true
+ProtectSystem=strict
+ProtectHome=true
+ReadWritePaths=/etc/telemt
+PrivateTmp=true
+
+[Install]
+WantedBy=multi-user.target
+"#,
+        exe = exe_path.display(),
+        config = config_path.display(),
+    )
+}
+
+fn run_cmd(cmd: &str, args: &[&str]) {
+    match Command::new(cmd).args(args).output() {
+        Ok(output) => {
+            if !output.status.success() {
+                let stderr = String::from_utf8_lossy(&output.stderr);
+                eprintln!("[!] {} {} failed: {}", cmd, args.join(" "), stderr.trim());
+            }
+        }
+        Err(e) => {
+            eprintln!("[!] Failed to run {} {}: {}", cmd, args.join(" "), e);
+        }
+    }
+}
+
+fn print_links(username: &str, secret: &str, port: u16, domain: &str) {
+    let domain_hex = hex::encode(domain);
+    
+    println!("=== Proxy Links ===");
+    println!("[{}]", username);
+    println!("  EE-TLS:  tg://proxy?server=YOUR_SERVER_IP&port={}&secret=ee{}{}", 
+        port, secret, domain_hex);
+    println!();
+    println!("Replace YOUR_SERVER_IP with your server's public IP.");
+    println!("The proxy will auto-detect and display the correct link on startup.");
+    println!("Check: journalctl -u telemt.service | head -30");
+    println!("===================");
+}

src/config/defaults.rs

@@ -0,0 +1,210 @@
+use std::net::IpAddr;
+use std::collections::HashMap;
+use ipnetwork::IpNetwork;
+use serde::Deserialize;
+
+// Helper defaults kept private to the config module.
+pub(crate) fn default_true() -> bool {
+    true
+}
+
+pub(crate) fn default_port() -> u16 {
+    443
+}
+
+pub(crate) fn default_tls_domain() -> String {
+    "www.google.com".to_string()
+}
+
+pub(crate) fn default_mask_port() -> u16 {
+    443
+}
+
+pub(crate) fn default_fake_cert_len() -> usize {
+    2048
+}
+
+pub(crate) fn default_tls_front_dir() -> String {
+    "tlsfront".to_string()
+}
+
+pub(crate) fn default_replay_check_len() -> usize {
+    65_536
+}
+
+pub(crate) fn default_replay_window_secs() -> u64 {
+    1800
+}
+
+pub(crate) fn default_handshake_timeout() -> u64 {
+    15
+}
+
+pub(crate) fn default_connect_timeout() -> u64 {
+    10
+}
+
+pub(crate) fn default_keepalive() -> u64 {
+    60
+}
+
+pub(crate) fn default_ack_timeout() -> u64 {
+    300
+}
+pub(crate) fn default_me_one_retry() -> u8 {
+    3
+}
+
+pub(crate) fn default_me_one_timeout() -> u64 {
+    1500
+}
+
+pub(crate) fn default_listen_addr() -> String {
+    "0.0.0.0".to_string()
+}
+
+pub(crate) fn default_weight() -> u16 {
+    1
+}
+
+pub(crate) fn default_metrics_whitelist() -> Vec<IpNetwork> {
+    vec![
+        "127.0.0.1/32".parse().unwrap(),
+        "::1/128".parse().unwrap(),
+    ]
+}
+
+pub(crate) fn default_prefer_4() -> u8 {
+    4
+}
+
+pub(crate) fn default_unknown_dc_log_path() -> Option<String> {
+    Some("unknown-dc.txt".to_string())
+}
+
+pub(crate) fn default_pool_size() -> usize {
+    2
+}
+
+pub(crate) fn default_keepalive_interval() -> u64 {
+    25
+}
+
+pub(crate) fn default_keepalive_jitter() -> u64 {
+    5
+}
+
+pub(crate) fn default_warmup_step_delay_ms() -> u64 {
+    500
+}
+
+pub(crate) fn default_warmup_step_jitter_ms() -> u64 {
+    300
+}
+
+pub(crate) fn default_reconnect_backoff_base_ms() -> u64 {
+    500
+}
+
+pub(crate) fn default_reconnect_backoff_cap_ms() -> u64 {
+    30_000
+}
+
+pub(crate) fn default_crypto_pending_buffer() -> usize {
+    256 * 1024
+}
+
+pub(crate) fn default_max_client_frame() -> usize {
+    16 * 1024 * 1024
+}
+
+pub(crate) fn default_tls_new_session_tickets() -> u8 {
+    0
+}
+
+pub(crate) fn default_server_hello_delay_min_ms() -> u64 {
+    0
+}
+
+pub(crate) fn default_server_hello_delay_max_ms() -> u64 {
+    0
+}
+
+pub(crate) fn default_alpn_enforce() -> bool {
+    true
+}
+
+pub(crate) fn default_stun_servers() -> Vec<String> {
+    vec![
+        "stun.l.google.com:19302".to_string(),
+        "stun1.l.google.com:19302".to_string(),
+        "stun2.l.google.com:19302".to_string(),
+        "stun.stunprotocol.org:3478".to_string(),
+        "stun.voip.eutelia.it:3478".to_string(),
+    ]
+}
+
+pub(crate) fn default_http_ip_detect_urls() -> Vec<String> {
+    vec![
+        "https://ifconfig.me/ip".to_string(),
+        "https://api.ipify.org".to_string(),
+    ]
+}
+
+pub(crate) fn default_cache_public_ip_path() -> String {
+    "cache/public_ip.txt".to_string()
+}
+
+pub(crate) fn default_proxy_secret_reload_secs() -> u64 {
+    12 * 60 * 60
+}
+
+pub(crate) fn default_proxy_config_reload_secs() -> u64 {
+    12 * 60 * 60
+}
+
+pub(crate) fn default_ntp_check() -> bool {
+    true
+}
+
+pub(crate) fn default_ntp_servers() -> Vec<String> {
+    vec!["pool.ntp.org".to_string()]
+}
+
+pub(crate) fn default_fast_mode_min_tls_record() -> usize {
+    0
+}
+
+pub(crate) fn default_degradation_min_unavailable_dc_groups() -> u8 {
+    2
+}
+
+// Custom deserializer helpers
+
+#[derive(Deserialize)]
+#[serde(untagged)]
+pub(crate) enum OneOrMany {
+    One(String),
+    Many(Vec<String>),
+}
+
+pub(crate) fn deserialize_dc_overrides<'de, D>(
+    deserializer: D,
+) -> std::result::Result<HashMap<String, Vec<String>>, D::Error>
+where
+    D: serde::de::Deserializer<'de>,
+{
+    let raw: HashMap<String, OneOrMany> = HashMap::deserialize(deserializer)?;
+    let mut out = HashMap::new();
+    for (dc, val) in raw {
+        let mut addrs = match val {
+            OneOrMany::One(s) => vec![s],
+            OneOrMany::Many(v) => v,
+        };
+        addrs.retain(|s| !s.trim().is_empty());
+        if !addrs.is_empty() {
+            out.insert(dc, addrs);
+        }
+    }
+    Ok(out)
+}

src/config/hot_reload.rs

@@ -0,0 +1,421 @@
+//! Hot-reload: watches the config file via inotify (Linux) / FSEvents (macOS)
+//! / ReadDirectoryChangesW (Windows) using the `notify` crate.
+//! SIGHUP is also supported on Unix as an additional manual trigger.
+//!
+//! # What can be reloaded without restart
+//!
+//! | Section   | Field                         | Effect                            |
+//! |-----------|-------------------------------|-----------------------------------|
+//! | `general` | `log_level`                   | Filter updated via `log_level_tx` |
+//! | `general` | `ad_tag`                      | Passed on next connection         |
+//! | `general` | `middle_proxy_pool_size`      | Passed on next connection         |
+//! | `general` | `me_keepalive_*`              | Passed on next connection         |
+//! | `access`  | All user/quota fields         | Effective immediately             |
+//!
+//! Fields that require re-binding sockets (`server.port`, `censorship.*`,
+//! `network.*`, `use_middle_proxy`) are **not** applied; a warning is emitted.
+
+use std::net::IpAddr;
+use std::path::PathBuf;
+use std::sync::Arc;
+
+use notify::{EventKind, RecursiveMode, Watcher, recommended_watcher};
+use tokio::sync::{mpsc, watch};
+use tracing::{error, info, warn};
+
+use crate::config::LogLevel;
+use super::load::ProxyConfig;
+
+// ── Hot fields ────────────────────────────────────────────────────────────────
+
+/// Fields that are safe to swap without restarting listeners.
+#[derive(Debug, Clone, PartialEq)]
+pub struct HotFields {
+    pub log_level:               LogLevel,
+    pub ad_tag:                  Option<String>,
+    pub middle_proxy_pool_size:  usize,
+    pub me_keepalive_enabled:    bool,
+    pub me_keepalive_interval_secs: u64,
+    pub me_keepalive_jitter_secs:   u64,
+    pub me_keepalive_payload_random: bool,
+    pub access:                  crate::config::AccessConfig,
+}
+
+impl HotFields {
+    pub fn from_config(cfg: &ProxyConfig) -> Self {
+        Self {
+            log_level:               cfg.general.log_level.clone(),
+            ad_tag:                  cfg.general.ad_tag.clone(),
+            middle_proxy_pool_size:  cfg.general.middle_proxy_pool_size,
+            me_keepalive_enabled:    cfg.general.me_keepalive_enabled,
+            me_keepalive_interval_secs: cfg.general.me_keepalive_interval_secs,
+            me_keepalive_jitter_secs:   cfg.general.me_keepalive_jitter_secs,
+            me_keepalive_payload_random: cfg.general.me_keepalive_payload_random,
+            access:                  cfg.access.clone(),
+        }
+    }
+}
+
+// ── Helpers ───────────────────────────────────────────────────────────────────
+
+/// Warn if any non-hot fields changed (require restart).
+fn warn_non_hot_changes(old: &ProxyConfig, new: &ProxyConfig) {
+    if old.server.port != new.server.port {
+        warn!(
+            "config reload: server.port changed ({} → {}); restart required",
+            old.server.port, new.server.port
+        );
+    }
+    if old.censorship.tls_domain != new.censorship.tls_domain {
+        warn!(
+            "config reload: censorship.tls_domain changed ('{}' → '{}'); restart required",
+            old.censorship.tls_domain, new.censorship.tls_domain
+        );
+    }
+    if old.network.ipv4 != new.network.ipv4 || old.network.ipv6 != new.network.ipv6 {
+        warn!("config reload: network.ipv4/ipv6 changed; restart required");
+    }
+    if old.general.use_middle_proxy != new.general.use_middle_proxy {
+        warn!("config reload: use_middle_proxy changed; restart required");
+    }
+}
+
+/// Resolve the public host for link generation — mirrors the logic in main.rs.
+///
+/// Priority:
+/// 1. `[general.links] public_host` — explicit override in config
+/// 2. `detected_ip_v4` — from STUN/interface probe at startup
+/// 3. `detected_ip_v6` — fallback
+/// 4. `"UNKNOWN"` — warn the user to set `public_host`
+fn resolve_link_host(
+    cfg: &ProxyConfig,
+    detected_ip_v4: Option<IpAddr>,
+    detected_ip_v6: Option<IpAddr>,
+) -> String {
+    if let Some(ref h) = cfg.general.links.public_host {
+        return h.clone();
+    }
+    detected_ip_v4
+        .or(detected_ip_v6)
+        .map(|ip| ip.to_string())
+        .unwrap_or_else(|| {
+            warn!(
+                "config reload: could not determine public IP for proxy links. \
+                 Set [general.links] public_host in config."
+            );
+            "UNKNOWN".to_string()
+        })
+}
+
+/// Print TG proxy links for a single user — mirrors print_proxy_links() in main.rs.
+fn print_user_links(user: &str, secret: &str, host: &str, port: u16, cfg: &ProxyConfig) {
+    info!(target: "telemt::links", "--- New user: {} ---", user);
+    if cfg.general.modes.classic {
+        info!(
+            target: "telemt::links",
+            "  Classic: tg://proxy?server={}&port={}&secret={}",
+            host, port, secret
+        );
+    }
+    if cfg.general.modes.secure {
+        info!(
+            target: "telemt::links",
+            "  DD:      tg://proxy?server={}&port={}&secret=dd{}",
+            host, port, secret
+        );
+    }
+    if cfg.general.modes.tls {
+        let mut domains = vec![cfg.censorship.tls_domain.clone()];
+        for d in &cfg.censorship.tls_domains {
+            if !domains.contains(d) {
+                domains.push(d.clone());
+            }
+        }
+        for domain in &domains {
+            let domain_hex = hex::encode(domain.as_bytes());
+            info!(
+                target: "telemt::links",
+                "  EE-TLS:  tg://proxy?server={}&port={}&secret=ee{}{}",
+                host, port, secret, domain_hex
+            );
+        }
+    }
+    info!(target: "telemt::links", "--------------------");
+}
+
+/// Log all detected changes and emit TG links for new users.
+fn log_changes(
+    old_hot: &HotFields,
+    new_hot: &HotFields,
+    new_cfg: &ProxyConfig,
+    log_tx: &watch::Sender<LogLevel>,
+    detected_ip_v4: Option<IpAddr>,
+    detected_ip_v6: Option<IpAddr>,
+) {
+    if old_hot.log_level != new_hot.log_level {
+        info!(
+            "config reload: log_level: '{}' → '{}'",
+            old_hot.log_level, new_hot.log_level
+        );
+        log_tx.send(new_hot.log_level.clone()).ok();
+    }
+
+    if old_hot.ad_tag != new_hot.ad_tag {
+        info!(
+            "config reload: ad_tag: {} → {}",
+            old_hot.ad_tag.as_deref().unwrap_or("none"),
+            new_hot.ad_tag.as_deref().unwrap_or("none"),
+        );
+    }
+
+    if old_hot.middle_proxy_pool_size != new_hot.middle_proxy_pool_size {
+        info!(
+            "config reload: middle_proxy_pool_size: {} → {}",
+            old_hot.middle_proxy_pool_size, new_hot.middle_proxy_pool_size,
+        );
+    }
+
+    if old_hot.me_keepalive_enabled        != new_hot.me_keepalive_enabled
+    || old_hot.me_keepalive_interval_secs  != new_hot.me_keepalive_interval_secs
+    || old_hot.me_keepalive_jitter_secs    != new_hot.me_keepalive_jitter_secs
+    || old_hot.me_keepalive_payload_random != new_hot.me_keepalive_payload_random
+    {
+        info!(
+            "config reload: me_keepalive: enabled={} interval={}s jitter={}s random_payload={}",
+            new_hot.me_keepalive_enabled,
+            new_hot.me_keepalive_interval_secs,
+            new_hot.me_keepalive_jitter_secs,
+            new_hot.me_keepalive_payload_random,
+        );
+    }
+
+    if old_hot.access.users != new_hot.access.users {
+        let mut added: Vec<&String> = new_hot.access.users.keys()
+            .filter(|u| !old_hot.access.users.contains_key(*u))
+            .collect();
+        added.sort();
+
+        let mut removed: Vec<&String> = old_hot.access.users.keys()
+            .filter(|u| !new_hot.access.users.contains_key(*u))
+            .collect();
+        removed.sort();
+
+        let mut changed: Vec<&String> = new_hot.access.users.keys()
+            .filter(|u| {
+                old_hot.access.users.get(*u)
+                    .map(|s| s != &new_hot.access.users[*u])
+                    .unwrap_or(false)
+            })
+            .collect();
+        changed.sort();
+
+        if !added.is_empty() {
+            info!(
+                "config reload: users added: [{}]",
+                added.iter().map(|s| s.as_str()).collect::<Vec<_>>().join(", ")
+            );
+            let host = resolve_link_host(new_cfg, detected_ip_v4, detected_ip_v6);
+            let port = new_cfg.general.links.public_port.unwrap_or(new_cfg.server.port);
+            for user in &added {
+                if let Some(secret) = new_hot.access.users.get(*user) {
+                    print_user_links(user, secret, &host, port, new_cfg);
+                }
+            }
+        }
+        if !removed.is_empty() {
+            info!(
+                "config reload: users removed: [{}]",
+                removed.iter().map(|s| s.as_str()).collect::<Vec<_>>().join(", ")
+            );
+        }
+        if !changed.is_empty() {
+            info!(
+                "config reload: users secret changed: [{}]",
+                changed.iter().map(|s| s.as_str()).collect::<Vec<_>>().join(", ")
+            );
+        }
+    }
+
+    if old_hot.access.user_max_tcp_conns != new_hot.access.user_max_tcp_conns {
+        info!(
+            "config reload: user_max_tcp_conns updated ({} entries)",
+            new_hot.access.user_max_tcp_conns.len()
+        );
+    }
+    if old_hot.access.user_expirations != new_hot.access.user_expirations {
+        info!(
+            "config reload: user_expirations updated ({} entries)",
+            new_hot.access.user_expirations.len()
+        );
+    }
+    if old_hot.access.user_data_quota != new_hot.access.user_data_quota {
+        info!(
+            "config reload: user_data_quota updated ({} entries)",
+            new_hot.access.user_data_quota.len()
+        );
+    }
+    if old_hot.access.user_max_unique_ips != new_hot.access.user_max_unique_ips {
+        info!(
+            "config reload: user_max_unique_ips updated ({} entries)",
+            new_hot.access.user_max_unique_ips.len()
+        );
+    }
+}
+
+/// Load config, validate, diff against current, and broadcast if changed.
+fn reload_config(
+    config_path: &PathBuf,
+    config_tx: &watch::Sender<Arc<ProxyConfig>>,
+    log_tx: &watch::Sender<LogLevel>,
+    detected_ip_v4: Option<IpAddr>,
+    detected_ip_v6: Option<IpAddr>,
+) {
+    let new_cfg = match ProxyConfig::load(config_path) {
+        Ok(c) => c,
+        Err(e) => {
+            error!("config reload: failed to parse {:?}: {}", config_path, e);
+            return;
+        }
+    };
+
+    if let Err(e) = new_cfg.validate() {
+        error!("config reload: validation failed: {}; keeping old config", e);
+        return;
+    }
+
+    let old_cfg = config_tx.borrow().clone();
+    let old_hot = HotFields::from_config(&old_cfg);
+    let new_hot = HotFields::from_config(&new_cfg);
+
+    if old_hot == new_hot {
+        return;
+    }
+
+    warn_non_hot_changes(&old_cfg, &new_cfg);
+    log_changes(&old_hot, &new_hot, &new_cfg, log_tx, detected_ip_v4, detected_ip_v6);
+    config_tx.send(Arc::new(new_cfg)).ok();
+}
+
+// ── Public API ────────────────────────────────────────────────────────────────
+
+/// Spawn the hot-reload watcher task.
+///
+/// Uses `notify` (inotify on Linux) to detect file changes instantly.
+/// SIGHUP is also handled on Unix as an additional manual trigger.
+///
+/// `detected_ip_v4` / `detected_ip_v6` are the IPs discovered during the
+/// startup probe — used when generating proxy links for newly added users,
+/// matching the same logic as the startup output.
+pub fn spawn_config_watcher(
+    config_path: PathBuf,
+    initial: Arc<ProxyConfig>,
+    detected_ip_v4: Option<IpAddr>,
+    detected_ip_v6: Option<IpAddr>,
+) -> (watch::Receiver<Arc<ProxyConfig>>, watch::Receiver<LogLevel>) {
+    let initial_level = initial.general.log_level.clone();
+    let (config_tx, config_rx) = watch::channel(initial);
+    let (log_tx, log_rx)       = watch::channel(initial_level);
+
+    // Bridge: sync notify callbacks → async task via mpsc.
+    let (notify_tx, mut notify_rx) = mpsc::channel::<()>(4);
+
+    // Canonicalize so path matches what notify returns (absolute) in events.
+    let config_path = match config_path.canonicalize() {
+        Ok(p) => p,
+        Err(_) => config_path.to_path_buf(),
+    };
+
+    // Watch the parent directory rather than the file itself, because many
+    // editors (vim, nano) and systemd write via rename, which would cause
+    // inotify to lose track of the original inode.
+    let watch_dir = config_path
+        .parent()
+        .unwrap_or_else(|| std::path::Path::new("."))
+        .to_path_buf();
+
+    // ── inotify watcher (instant on local fs) ────────────────────────────
+    let config_file = config_path.clone();
+    let tx_inotify  = notify_tx.clone();
+    let inotify_ok = match recommended_watcher(move |res: notify::Result<notify::Event>| {
+        let Ok(event) = res else { return };
+        let is_our_file = event.paths.iter().any(|p| p == &config_file);
+        if !is_our_file { return; }
+        if matches!(event.kind, EventKind::Modify(_) | EventKind::Create(_) | EventKind::Remove(_)) {
+            let _ = tx_inotify.try_send(());
+        }
+    }) {
+        Ok(mut w) => match w.watch(&watch_dir, RecursiveMode::NonRecursive) {
+            Ok(()) => {
+                info!("config watcher: inotify active on {:?}", config_path);
+                Box::leak(Box::new(w));
+                true
+            }
+            Err(e) => { warn!("config watcher: inotify watch failed: {}", e); false }
+        },
+        Err(e) => { warn!("config watcher: inotify unavailable: {}", e); false }
+    };
+
+    // ── poll watcher (always active, fixes Docker bind mounts / NFS) ─────
+    // inotify does not receive events for files mounted from the host into
+    // a container. PollWatcher compares file contents every 3 s and fires
+    // on any change regardless of the underlying fs.
+    let config_file2 = config_path.clone();
+    let tx_poll      = notify_tx.clone();
+    match notify::poll::PollWatcher::new(
+        move |res: notify::Result<notify::Event>| {
+            let Ok(event) = res else { return };
+            let is_our_file = event.paths.iter().any(|p| p == &config_file2);
+            if !is_our_file { return; }
+            if matches!(event.kind, EventKind::Modify(_) | EventKind::Create(_) | EventKind::Remove(_)) {
+                let _ = tx_poll.try_send(());
+            }
+        },
+        notify::Config::default()
+            .with_poll_interval(std::time::Duration::from_secs(3))
+            .with_compare_contents(true),
+    ) {
+        Ok(mut w) => match w.watch(&config_path, RecursiveMode::NonRecursive) {
+            Ok(()) => {
+                if inotify_ok {
+                    info!("config watcher: poll watcher also active (Docker/NFS safe)");
+                } else {
+                    info!("config watcher: poll watcher active on {:?} (3s interval)", config_path);
+                }
+                Box::leak(Box::new(w));
+            }
+            Err(e) => warn!("config watcher: poll watch failed: {}", e),
+        },
+        Err(e) => warn!("config watcher: poll watcher unavailable: {}", e),
+    }
+
+    // ── event loop ───────────────────────────────────────────────────────
+    tokio::spawn(async move {
+        #[cfg(unix)]
+        let mut sighup = {
+            use tokio::signal::unix::{SignalKind, signal};
+            signal(SignalKind::hangup()).expect("Failed to register SIGHUP handler")
+        };
+
+        loop {
+            #[cfg(unix)]
+            tokio::select! {
+                msg = notify_rx.recv() => {
+                    if msg.is_none() { break; }
+                }
+                _ = sighup.recv() => {
+                    info!("SIGHUP received — reloading {:?}", config_path);
+                }
+            }
+            #[cfg(not(unix))]
+            if notify_rx.recv().await.is_none() { break; }
+
+            // Debounce: drain extra events that arrive within 50 ms.
+            tokio::time::sleep(std::time::Duration::from_millis(50)).await;
+            while notify_rx.try_recv().is_ok() {}
+
+            reload_config(&config_path, &config_tx, &log_tx, detected_ip_v4, detected_ip_v6);
+        }
+    });
+
+    (config_rx, log_rx)
+}

src/config/load.rs

@@ -0,0 +1,350 @@
+use std::collections::HashMap;
+use std::net::IpAddr;
+use std::path::Path;
+
+use rand::Rng;
+use tracing::warn;
+use serde::{Serialize, Deserialize};
+
+use crate::error::{ProxyError, Result};
+
+use super::defaults::*;
+use super::types::*;
+
+fn preprocess_includes(content: &str, base_dir: &Path, depth: u8) -> Result<String> {
+    if depth > 10 {
+        return Err(ProxyError::Config("Include depth > 10".into()));
+    }
+    let mut output = String::with_capacity(content.len());
+    for line in content.lines() {
+        let trimmed = line.trim();
+        if let Some(rest) = trimmed.strip_prefix("include") {
+            let rest = rest.trim();
+            if let Some(rest) = rest.strip_prefix('=') {
+                let path_str = rest.trim().trim_matches('"');
+                let resolved = base_dir.join(path_str);
+                let included = std::fs::read_to_string(&resolved)
+                    .map_err(|e| ProxyError::Config(e.to_string()))?;
+                let included_dir = resolved.parent().unwrap_or(base_dir);
+                output.push_str(&preprocess_includes(&included, included_dir, depth + 1)?);
+                output.push('\n');
+                continue;
+            }
+        }
+        output.push_str(line);
+        output.push('\n');
+    }
+    Ok(output)
+}
+
+fn validate_network_cfg(net: &mut NetworkConfig) -> Result<()> {
+    if !net.ipv4 && matches!(net.ipv6, Some(false)) {
+        return Err(ProxyError::Config(
+            "Both ipv4 and ipv6 are disabled in [network]".to_string(),
+        ));
+    }
+
+    if net.prefer != 4 && net.prefer != 6 {
+        return Err(ProxyError::Config(
+            "network.prefer must be 4 or 6".to_string(),
+        ));
+    }
+
+    if !net.ipv4 && net.prefer == 4 {
+        warn!("prefer=4 but ipv4=false; forcing prefer=6");
+        net.prefer = 6;
+    }
+
+    if matches!(net.ipv6, Some(false)) && net.prefer == 6 {
+        warn!("prefer=6 but ipv6=false; forcing prefer=4");
+        net.prefer = 4;
+    }
+
+    Ok(())
+}
+
+// ============= Main Config =============
+
+#[derive(Debug, Clone, Serialize, Deserialize, Default)]
+pub struct ProxyConfig {
+    #[serde(default)]
+    pub general: GeneralConfig,
+
+    #[serde(default)]
+    pub network: NetworkConfig,
+
+    #[serde(default)]
+    pub server: ServerConfig,
+
+    #[serde(default)]
+    pub timeouts: TimeoutsConfig,
+
+    #[serde(default)]
+    pub censorship: AntiCensorshipConfig,
+
+    #[serde(default)]
+    pub access: AccessConfig,
+
+    #[serde(default)]
+    pub upstreams: Vec<UpstreamConfig>,
+
+    #[serde(default)]
+    pub show_link: ShowLink,
+
+    /// DC address overrides for non-standard DCs (CDN, media, test, etc.)
+    /// Keys are DC indices as strings, values are one or more "ip:port" addresses.
+    /// Matches the C implementation's `proxy_for <dc_id> <ip>:<port>` config directive.
+    /// Example in config.toml:
+    ///   [dc_overrides]
+    ///   "203" = ["149.154.175.100:443", "91.105.192.100:443"]
+    #[serde(default, deserialize_with = "deserialize_dc_overrides")]
+    pub dc_overrides: HashMap<String, Vec<String>>,
+
+    /// Default DC index (1-5) for unmapped non-standard DCs.
+    /// Matches the C implementation's `default <dc_id>` config directive.
+    /// If not set, defaults to 2 (matching Telegram's official `default 2;` in proxy-multi.conf).
+    #[serde(default)]
+    pub default_dc: Option<u8>,
+}
+
+impl ProxyConfig {
+    pub fn load<P: AsRef<Path>>(path: P) -> Result<Self> {
+        let content =
+            std::fs::read_to_string(&path).map_err(|e| ProxyError::Config(e.to_string()))?;
+        let base_dir = path.as_ref().parent().unwrap_or(Path::new("."));
+        let processed = preprocess_includes(&content, base_dir, 0)?;
+
+        let mut config: ProxyConfig =
+            toml::from_str(&processed).map_err(|e| ProxyError::Config(e.to_string()))?;
+
+        // Validate secrets.
+        for (user, secret) in &config.access.users {
+            if !secret.chars().all(|c| c.is_ascii_hexdigit()) || secret.len() != 32 {
+                return Err(ProxyError::InvalidSecret {
+                    user: user.clone(),
+                    reason: "Must be 32 hex characters".to_string(),
+                });
+            }
+        }
+
+        // Validate tls_domain.
+        if config.censorship.tls_domain.is_empty() {
+            return Err(ProxyError::Config("tls_domain cannot be empty".to_string()));
+        }
+
+        // Validate mask_unix_sock.
+        if let Some(ref sock_path) = config.censorship.mask_unix_sock {
+            if sock_path.is_empty() {
+                return Err(ProxyError::Config(
+                    "mask_unix_sock cannot be empty".to_string(),
+                ));
+            }
+            #[cfg(unix)]
+            if sock_path.len() > 107 {
+                return Err(ProxyError::Config(format!(
+                    "mask_unix_sock path too long: {} bytes (max 107)",
+                    sock_path.len()
+                )));
+            }
+            #[cfg(not(unix))]
+            return Err(ProxyError::Config(
+                "mask_unix_sock is only supported on Unix platforms".to_string(),
+            ));
+
+            if config.censorship.mask_host.is_some() {
+                return Err(ProxyError::Config(
+                    "mask_unix_sock and mask_host are mutually exclusive".to_string(),
+                ));
+            }
+        }
+
+        // Default mask_host to tls_domain if not set and no unix socket configured.
+        if config.censorship.mask_host.is_none() && config.censorship.mask_unix_sock.is_none() {
+            config.censorship.mask_host = Some(config.censorship.tls_domain.clone());
+        }
+
+        // Merge primary + extra TLS domains, deduplicate (primary always first).
+        if !config.censorship.tls_domains.is_empty() {
+            let mut all = Vec::with_capacity(1 + config.censorship.tls_domains.len());
+            all.push(config.censorship.tls_domain.clone());
+            for d in std::mem::take(&mut config.censorship.tls_domains) {
+                if !d.is_empty() && !all.contains(&d) {
+                    all.push(d);
+                }
+            }
+            // keep primary as tls_domain; store remaining back to tls_domains
+            if all.len() > 1 {
+                config.censorship.tls_domains = all[1..].to_vec();
+            }
+        }
+
+        // Migration: prefer_ipv6 -> network.prefer.
+        if config.general.prefer_ipv6 {
+            if config.network.prefer == 4 {
+                config.network.prefer = 6;
+            }
+            warn!("prefer_ipv6 is deprecated, use [network].prefer = 6");
+        }
+
+        // Auto-enable NAT probe when Middle Proxy is requested.
+        if config.general.use_middle_proxy && !config.general.middle_proxy_nat_probe {
+            config.general.middle_proxy_nat_probe = true;
+            warn!("Auto-enabled middle_proxy_nat_probe for middle proxy mode");
+        }
+
+        validate_network_cfg(&mut config.network)?;
+
+        if config.general.use_middle_proxy && config.network.ipv6 == Some(true) {
+            warn!("IPv6 with Middle Proxy is experimental and may cause KDF address mismatch; consider disabling IPv6 or ME");
+        }
+
+        // Random fake_cert_len only when default is in use.
+        if !config.censorship.tls_emulation && config.censorship.fake_cert_len == default_fake_cert_len() {
+            config.censorship.fake_cert_len = rand::rng().gen_range(1024..4096);
+        }
+
+        // Resolve listen_tcp: explicit value wins, otherwise auto-detect.
+        // If unix socket is set → TCP only when listen_addr_ipv4 or listeners are explicitly provided.
+        // If no unix socket → TCP always (backward compat).
+        let listen_tcp = config.server.listen_tcp.unwrap_or_else(|| {
+            if config.server.listen_unix_sock.is_some() {
+                // Unix socket present: TCP only if user explicitly set addresses or listeners.
+                config.server.listen_addr_ipv4.is_some()
+                    || !config.server.listeners.is_empty()
+            } else {
+                true
+            }
+        });
+
+        // Migration: Populate listeners if empty (skip when listen_tcp = false).
+        if config.server.listeners.is_empty() && listen_tcp {
+            let ipv4_str = config.server.listen_addr_ipv4
+                .as_deref()
+                .unwrap_or("0.0.0.0");
+            if let Ok(ipv4) = ipv4_str.parse::<IpAddr>() {
+                config.server.listeners.push(ListenerConfig {
+                    ip: ipv4,
+                    announce: None,
+                    announce_ip: None,
+                    proxy_protocol: None,
+                    reuse_allow: false,
+                });
+            }
+            if let Some(ipv6_str) = &config.server.listen_addr_ipv6 {
+                if let Ok(ipv6) = ipv6_str.parse::<IpAddr>() {
+                    config.server.listeners.push(ListenerConfig {
+                        ip: ipv6,
+                        announce: None,
+                        announce_ip: None,
+                        proxy_protocol: None,
+                        reuse_allow: false,
+                    });
+                }
+            }
+        }
+
+        // Migration: announce_ip → announce for each listener.
+        for listener in &mut config.server.listeners {
+            if listener.announce.is_none() && listener.announce_ip.is_some() {
+                listener.announce = Some(listener.announce_ip.unwrap().to_string());
+            }
+        }
+
+        // Migration: show_link (top-level) → general.links.show.
+        if !config.show_link.is_empty() && config.general.links.show.is_empty() {
+            config.general.links.show = config.show_link.clone();
+        }
+
+        // Migration: Populate upstreams if empty (Default Direct).
+        if config.upstreams.is_empty() {
+            config.upstreams.push(UpstreamConfig {
+                upstream_type: UpstreamType::Direct { interface: None, bind_addresses: None },
+                weight: 1,
+                enabled: true,
+                scopes: String::new(),
+                selected_scope: String::new(),
+            });
+        }
+
+        // Ensure default DC203 override is present.
+        config
+            .dc_overrides
+            .entry("203".to_string())
+            .or_insert_with(|| vec!["91.105.192.100:443".to_string()]);
+
+        Ok(config)
+    }
+
+    pub fn validate(&self) -> Result<()> {
+        if self.access.users.is_empty() {
+            return Err(ProxyError::Config("No users configured".to_string()));
+        }
+
+        if !self.general.modes.classic && !self.general.modes.secure && !self.general.modes.tls {
+            return Err(ProxyError::Config("No modes enabled".to_string()));
+        }
+
+        if self.censorship.tls_domain.contains(' ') || self.censorship.tls_domain.contains('/') {
+            return Err(ProxyError::Config(format!(
+                "Invalid tls_domain: '{}'. Must be a valid domain name",
+                self.censorship.tls_domain
+            )));
+        }
+
+        if let Some(tag) = &self.general.ad_tag {
+            let zeros = "00000000000000000000000000000000";
+            if tag == zeros {
+                warn!("ad_tag is all zeros; register a valid proxy tag via @MTProxybot to enable sponsored channel");
+            }
+            if tag.len() != 32 || tag.chars().any(|c| !c.is_ascii_hexdigit()) {
+                warn!("ad_tag is not a 32-char hex string; ensure you use value issued by @MTProxybot");
+            }
+        }
+
+        Ok(())
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    #[test]
+    fn dc_overrides_allow_string_and_array() {
+        let toml = r#"
+            [dc_overrides]
+            "201" = "149.154.175.50:443"
+            "202" = ["149.154.167.51:443", "149.154.175.100:443"]
+        "#;
+        let cfg: ProxyConfig = toml::from_str(toml).unwrap();
+        assert_eq!(cfg.dc_overrides["201"], vec!["149.154.175.50:443"]);
+        assert_eq!(
+            cfg.dc_overrides["202"],
+            vec!["149.154.167.51:443", "149.154.175.100:443"]
+        );
+    }
+
+    #[test]
+    fn dc_overrides_inject_dc203_default() {
+        let toml = r#"
+            [general]
+            use_middle_proxy = false
+
+            [censorship]
+            tls_domain = "example.com"
+
+            [access.users]
+            user = "00000000000000000000000000000000"
+        "#;
+        let dir = std::env::temp_dir();
+        let path = dir.join("telemt_dc_override_test.toml");
+        std::fs::write(&path, toml).unwrap();
+        let cfg = ProxyConfig::load(&path).unwrap();
+        assert!(cfg
+            .dc_overrides
+            .get("203")
+            .map(|v| v.contains(&"91.105.192.100:443".to_string()))
+            .unwrap_or(false));
+        let _ = std::fs::remove_file(path);
+    }
+}

src/config/mod.rs

@@ -1,287 +1,9 @@
-//! Configuration
+//! Configuration.
 
-use std::collections::HashMap;
-use std::net::IpAddr;
-use std::path::Path;
-use chrono::{DateTime, Utc};
-use serde::{Deserialize, Serialize};
-use crate::error::{ProxyError, Result};
+pub(crate) mod defaults;
+mod types;
+mod load;
+pub mod hot_reload;
 
-#[derive(Debug, Clone, Serialize, Deserialize)]
-pub struct ProxyModes {
-    #[serde(default)]
-    pub classic: bool,
-    #[serde(default)]
-    pub secure: bool,
-    #[serde(default = "default_true")]
-    pub tls: bool,
-}
-
-fn default_true() -> bool { true }
-fn default_weight() -> u16 { 1 }
-
-impl Default for ProxyModes {
-    fn default() -> Self {
-        Self { classic: true, secure: true, tls: true }
-    }
-}
-
-#[derive(Debug, Clone, Serialize, Deserialize, PartialEq)]
-#[serde(tag = "type", rename_all = "lowercase")]
-pub enum UpstreamType {
-    Direct {
-        #[serde(default)]
-        interface: Option<String>, // Bind to specific IP/Interface
-    },
-    Socks4 {
-        address: String, // IP:Port of SOCKS server
-        #[serde(default)]
-        interface: Option<String>, // Bind to specific IP/Interface for connection to SOCKS
-        #[serde(default)]
-        user_id: Option<String>,
-    },
-    Socks5 {
-        address: String,
-        #[serde(default)]
-        interface: Option<String>,
-        #[serde(default)]
-        username: Option<String>,
-        #[serde(default)]
-        password: Option<String>,
-    },
-}
-
-#[derive(Debug, Clone, Serialize, Deserialize)]
-pub struct UpstreamConfig {
-    #[serde(flatten)]
-    pub upstream_type: UpstreamType,
-    #[serde(default = "default_weight")]
-    pub weight: u16,
-    #[serde(default = "default_true")]
-    pub enabled: bool,
-}
-
-#[derive(Debug, Clone, Serialize, Deserialize)]
-pub struct ListenerConfig {
-    pub ip: IpAddr,
-    #[serde(default)]
-    pub announce_ip: Option<IpAddr>, // IP to show in tg:// links
-}
-
-#[derive(Debug, Clone, Serialize, Deserialize)]
-pub struct ProxyConfig {
-    #[serde(default = "default_port")]
-    pub port: u16,
-    
-    #[serde(default)]
-    pub users: HashMap<String, String>,
-    
-    #[serde(default)]
-    pub ad_tag: Option<String>,
-    
-    #[serde(default)]
-    pub modes: ProxyModes,
-    
-    #[serde(default = "default_tls_domain")]
-    pub tls_domain: String,
-    
-    #[serde(default = "default_true")]
-    pub mask: bool,
-    
-    #[serde(default)]
-    pub mask_host: Option<String>,
-    
-    #[serde(default = "default_mask_port")]
-    pub mask_port: u16,
-    
-    #[serde(default)]
-    pub prefer_ipv6: bool,
-    
-    #[serde(default = "default_true")]
-    pub fast_mode: bool,
-    
-    #[serde(default)]
-    pub use_middle_proxy: bool,
-    
-    #[serde(default)]
-    pub user_max_tcp_conns: HashMap<String, usize>,
-    
-    #[serde(default)]
-    pub user_expirations: HashMap<String, DateTime<Utc>>,
-    
-    #[serde(default)]
-    pub user_data_quota: HashMap<String, u64>,
-    
-    #[serde(default = "default_replay_check_len")]
-    pub replay_check_len: usize,
-    
-    #[serde(default)]
-    pub ignore_time_skew: bool,
-    
-    #[serde(default = "default_handshake_timeout")]
-    pub client_handshake_timeout: u64,
-    
-    #[serde(default = "default_connect_timeout")]
-    pub tg_connect_timeout: u64,
-    
-    #[serde(default = "default_keepalive")]
-    pub client_keepalive: u64,
-    
-    #[serde(default = "default_ack_timeout")]
-    pub client_ack_timeout: u64,
-    
-    #[serde(default = "default_listen_addr")]
-    pub listen_addr_ipv4: String,
-    
-    #[serde(default)]
-    pub listen_addr_ipv6: Option<String>,
-    
-    #[serde(default)]
-    pub listen_unix_sock: Option<String>,
-    
-    #[serde(default)]
-    pub metrics_port: Option<u16>,
-    
-    #[serde(default = "default_metrics_whitelist")]
-    pub metrics_whitelist: Vec<IpAddr>,
-    
-    #[serde(default = "default_fake_cert_len")]
-    pub fake_cert_len: usize,
-
-    // New fields
-    #[serde(default)]
-    pub upstreams: Vec<UpstreamConfig>,
-
-    #[serde(default)]
-    pub listeners: Vec<ListenerConfig>,
-
-    #[serde(default)]
-    pub show_link: Vec<String>,
-}
-
-fn default_port() -> u16 { 443 }
-fn default_tls_domain() -> String { "www.google.com".to_string() }
-fn default_mask_port() -> u16 { 443 }
-fn default_replay_check_len() -> usize { 65536 }
-fn default_handshake_timeout() -> u64 { 10 }
-fn default_connect_timeout() -> u64 { 10 }
-fn default_keepalive() -> u64 { 600 }
-fn default_ack_timeout() -> u64 { 300 }
-fn default_listen_addr() -> String { "0.0.0.0".to_string() }
-fn default_fake_cert_len() -> usize { 2048 }
-
-fn default_metrics_whitelist() -> Vec<IpAddr> {
-    vec![
-        "127.0.0.1".parse().unwrap(),
-        "::1".parse().unwrap(),
-    ]
-}
-
-impl Default for ProxyConfig {
-    fn default() -> Self {
-        let mut users = HashMap::new();
-        users.insert("default".to_string(), "00000000000000000000000000000000".to_string());
-        
-        Self {
-            port: default_port(),
-            users,
-            ad_tag: None,
-            modes: ProxyModes::default(),
-            tls_domain: default_tls_domain(),
-            mask: true,
-            mask_host: None,
-            mask_port: default_mask_port(),
-            prefer_ipv6: false,
-            fast_mode: true,
-            use_middle_proxy: false,
-            user_max_tcp_conns: HashMap::new(),
-            user_expirations: HashMap::new(),
-            user_data_quota: HashMap::new(),
-            replay_check_len: default_replay_check_len(),
-            ignore_time_skew: false,
-            client_handshake_timeout: default_handshake_timeout(),
-            tg_connect_timeout: default_connect_timeout(),
-            client_keepalive: default_keepalive(),
-            client_ack_timeout: default_ack_timeout(),
-            listen_addr_ipv4: default_listen_addr(),
-            listen_addr_ipv6: Some("::".to_string()),
-            listen_unix_sock: None,
-            metrics_port: None,
-            metrics_whitelist: default_metrics_whitelist(),
-            fake_cert_len: default_fake_cert_len(),
-            upstreams: Vec::new(),
-            listeners: Vec::new(),
-            show_link: Vec::new(),
-        }
-    }
-}
-
-impl ProxyConfig {
-    pub fn load<P: AsRef<Path>>(path: P) -> Result<Self> {
-        let content = std::fs::read_to_string(path)
-            .map_err(|e| ProxyError::Config(e.to_string()))?;
-        
-        let mut config: ProxyConfig = toml::from_str(&content)
-            .map_err(|e| ProxyError::Config(e.to_string()))?;
-        
-        // Validate secrets
-        for (user, secret) in &config.users {
-            if !secret.chars().all(|c| c.is_ascii_hexdigit()) || secret.len() != 32 {
-                return Err(ProxyError::InvalidSecret {
-                    user: user.clone(),
-                    reason: "Must be 32 hex characters".to_string(),
-                });
-            }
-        }
-        
-        // Default mask_host
-        if config.mask_host.is_none() {
-            config.mask_host = Some(config.tls_domain.clone());
-        }
-        
-        // Random fake_cert_len
-        use rand::Rng;
-        config.fake_cert_len = rand::thread_rng().gen_range(1024..4096);
-        
-        // Migration: Populate listeners if empty
-        if config.listeners.is_empty() {
-            if let Ok(ipv4) = config.listen_addr_ipv4.parse::<IpAddr>() {
-                config.listeners.push(ListenerConfig {
-                    ip: ipv4,
-                    announce_ip: None,
-                });
-            }
-            if let Some(ipv6_str) = &config.listen_addr_ipv6 {
-                 if let Ok(ipv6) = ipv6_str.parse::<IpAddr>() {
-                    config.listeners.push(ListenerConfig {
-                        ip: ipv6,
-                        announce_ip: None,
-                    });
-                }
-            }
-        }
-
-        // Migration: Populate upstreams if empty (Default Direct)
-        if config.upstreams.is_empty() {
-             config.upstreams.push(UpstreamConfig {
-                upstream_type: UpstreamType::Direct { interface: None },
-                weight: 1,
-                enabled: true,
-            });
-        }
-        
-        Ok(config)
-    }
-    
-    pub fn validate(&self) -> Result<()> {
-        if self.users.is_empty() {
-            return Err(ProxyError::Config("No users configured".to_string()));
-        }
-        
-        if !self.modes.classic && !self.modes.secure && !self.modes.tls {
-            return Err(ProxyError::Config("No modes enabled".to_string()));
-        }
-        
-        Ok(())
-    }
-}
+pub use load::ProxyConfig;
+pub use types::*;

src/config/types.rs

@@ -0,0 +1,705 @@
+use chrono::{DateTime, Utc};
+use ipnetwork::IpNetwork;
+use serde::{Deserialize, Serialize};
+use std::collections::HashMap;
+use std::net::IpAddr;
+
+use super::defaults::*;
+
+// ============= Log Level =============
+
+/// Logging verbosity level.
+#[derive(Debug, Clone, PartialEq, Serialize, Deserialize, Default)]
+#[serde(rename_all = "lowercase")]
+pub enum LogLevel {
+    /// All messages including trace (trace + debug + info + warn + error).
+    Debug,
+    /// Detailed operational logs (debug + info + warn + error).
+    Verbose,
+    /// Standard operational logs (info + warn + error).
+    #[default]
+    Normal,
+    /// Minimal output: only warnings and errors (warn + error).
+    /// Startup messages (config, DC connectivity, proxy links) are always shown
+    /// via info! before the filter is applied.
+    Silent,
+}
+
+impl LogLevel {
+    /// Convert to tracing EnvFilter directive string.
+    pub fn to_filter_str(&self) -> &'static str {
+        match self {
+            LogLevel::Debug => "trace",
+            LogLevel::Verbose => "debug",
+            LogLevel::Normal => "info",
+            LogLevel::Silent => "warn",
+        }
+    }
+
+    /// Parse from a loose string (CLI argument).
+    pub fn from_str_loose(s: &str) -> Self {
+        match s.to_lowercase().as_str() {
+            "debug" | "trace" => LogLevel::Debug,
+            "verbose" => LogLevel::Verbose,
+            "normal" | "info" => LogLevel::Normal,
+            "silent" | "quiet" | "error" | "warn" => LogLevel::Silent,
+            _ => LogLevel::Normal,
+        }
+    }
+}
+
+impl std::fmt::Display for LogLevel {
+    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
+        match self {
+            LogLevel::Debug => write!(f, "debug"),
+            LogLevel::Verbose => write!(f, "verbose"),
+            LogLevel::Normal => write!(f, "normal"),
+            LogLevel::Silent => write!(f, "silent"),
+        }
+    }
+}
+
+// ============= Sub-Configs =============
+
+#[derive(Debug, Clone, Serialize, Deserialize)]
+pub struct ProxyModes {
+    #[serde(default)]
+    pub classic: bool,
+    #[serde(default)]
+    pub secure: bool,
+    #[serde(default = "default_true")]
+    pub tls: bool,
+}
+
+impl Default for ProxyModes {
+    fn default() -> Self {
+        Self {
+            classic: false,
+            secure: false,
+            tls: true,
+        }
+    }
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize)]
+pub struct NetworkConfig {
+    #[serde(default = "default_true")]
+    pub ipv4: bool,
+
+    /// None = auto-detect IPv6 availability.
+    #[serde(default)]
+    pub ipv6: Option<bool>,
+
+    /// 4 or 6.
+    #[serde(default = "default_prefer_4")]
+    pub prefer: u8,
+
+    #[serde(default)]
+    pub multipath: bool,
+
+    /// STUN servers list for public IP discovery.
+    #[serde(default = "default_stun_servers")]
+    pub stun_servers: Vec<String>,
+
+    /// Enable TCP STUN fallback when UDP is blocked.
+    #[serde(default)]
+    pub stun_tcp_fallback: bool,
+
+    /// HTTP-based public IP detection endpoints (fallback after STUN).
+    #[serde(default = "default_http_ip_detect_urls")]
+    pub http_ip_detect_urls: Vec<String>,
+
+    /// Cache file path for detected public IP.
+    #[serde(default = "default_cache_public_ip_path")]
+    pub cache_public_ip_path: String,
+}
+
+impl Default for NetworkConfig {
+    fn default() -> Self {
+        Self {
+            ipv4: true,
+            ipv6: Some(false),
+            prefer: 4,
+            multipath: false,
+            stun_servers: default_stun_servers(),
+            stun_tcp_fallback: true,
+            http_ip_detect_urls: default_http_ip_detect_urls(),
+            cache_public_ip_path: default_cache_public_ip_path(),
+        }
+    }
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize)]
+pub struct GeneralConfig {
+    #[serde(default)]
+    pub modes: ProxyModes,
+
+    #[serde(default)]
+    pub prefer_ipv6: bool,
+
+    #[serde(default = "default_true")]
+    pub fast_mode: bool,
+
+    #[serde(default)]
+    pub use_middle_proxy: bool,
+
+    #[serde(default)]
+    pub ad_tag: Option<String>,
+
+    /// Path to proxy-secret binary file (auto-downloaded if absent).
+    /// Infrastructure secret from https://core.telegram.org/getProxySecret.
+    #[serde(default)]
+    pub proxy_secret_path: Option<String>,
+
+    /// Public IP override for middle-proxy NAT environments.
+    /// When set, this IP is used in ME key derivation and RPC_PROXY_REQ "our_addr".
+    #[serde(default)]
+    pub middle_proxy_nat_ip: Option<IpAddr>,
+
+    /// Enable STUN-based NAT probing to discover public IP:port for ME KDF.
+    #[serde(default)]
+    pub middle_proxy_nat_probe: bool,
+
+    /// Optional STUN server address (host:port) for NAT probing.
+    #[serde(default)]
+    pub middle_proxy_nat_stun: Option<String>,
+
+    /// Optional list of STUN servers for NAT probing fallback.
+    #[serde(default)]
+    pub middle_proxy_nat_stun_servers: Vec<String>,
+
+    /// Desired size of active Middle-Proxy writer pool.
+    #[serde(default = "default_pool_size")]
+    pub middle_proxy_pool_size: usize,
+
+    /// Number of warm standby ME connections kept pre-initialized.
+    #[serde(default)]
+    pub middle_proxy_warm_standby: usize,
+
+    /// Enable ME keepalive padding frames.
+    #[serde(default = "default_true")]
+    pub me_keepalive_enabled: bool,
+
+    /// Keepalive interval in seconds.
+    #[serde(default = "default_keepalive_interval")]
+    pub me_keepalive_interval_secs: u64,
+
+    /// Keepalive jitter in seconds.
+    #[serde(default = "default_keepalive_jitter")]
+    pub me_keepalive_jitter_secs: u64,
+
+    /// Keepalive payload randomized (4 bytes); otherwise zeros.
+    #[serde(default = "default_true")]
+    pub me_keepalive_payload_random: bool,
+
+    /// Max pending ciphertext buffer per client writer (bytes).
+    /// Controls FakeTLS backpressure vs throughput.
+    #[serde(default = "default_crypto_pending_buffer")]
+    pub crypto_pending_buffer: usize,
+
+    /// Maximum allowed client MTProto frame size (bytes).
+    #[serde(default = "default_max_client_frame")]
+    pub max_client_frame: usize,
+
+    /// Enable staggered warmup of extra ME writers.
+    #[serde(default = "default_true")]
+    pub me_warmup_stagger_enabled: bool,
+
+    /// Base delay between warmup connections in ms.
+    #[serde(default = "default_warmup_step_delay_ms")]
+    pub me_warmup_step_delay_ms: u64,
+
+    /// Jitter for warmup delay in ms.
+    #[serde(default = "default_warmup_step_jitter_ms")]
+    pub me_warmup_step_jitter_ms: u64,
+
+    /// Max concurrent reconnect attempts per DC.
+    #[serde(default)]
+    pub me_reconnect_max_concurrent_per_dc: u32,
+
+    /// Base backoff in ms for reconnect.
+    #[serde(default = "default_reconnect_backoff_base_ms")]
+    pub me_reconnect_backoff_base_ms: u64,
+
+    /// Cap backoff in ms for reconnect.
+    #[serde(default = "default_reconnect_backoff_cap_ms")]
+    pub me_reconnect_backoff_cap_ms: u64,
+
+    /// Fast retry attempts before backoff.
+    #[serde(default)]
+    pub me_reconnect_fast_retry_count: u32,
+
+    /// Ignore STUN/interface IP mismatch (keep using Middle Proxy even if NAT detected).
+    #[serde(default)]
+    pub stun_iface_mismatch_ignore: bool,
+
+    /// Log unknown (non-standard) DC requests to a file (default: unknown-dc.txt). Set to null to disable.
+    #[serde(default = "default_unknown_dc_log_path")]
+    pub unknown_dc_log_path: Option<String>,
+
+    #[serde(default)]
+    pub log_level: LogLevel,
+
+    /// Disable colored output in logs (useful for files/systemd).
+    #[serde(default)]
+    pub disable_colors: bool,
+
+    /// [general.links] — proxy link generation overrides.
+    #[serde(default)]
+    pub links: LinksConfig,
+
+    /// Minimum TLS record size when fast_mode coalescing is enabled (0 = disabled).
+    #[serde(default = "default_fast_mode_min_tls_record")]
+    pub fast_mode_min_tls_record: usize,
+
+    /// Automatically reload proxy-secret every N seconds.
+    #[serde(default = "default_proxy_secret_reload_secs")]
+    pub proxy_secret_auto_reload_secs: u64,
+
+    /// Automatically reload proxy-multi.conf every N seconds.
+    #[serde(default = "default_proxy_config_reload_secs")]
+    pub proxy_config_auto_reload_secs: u64,
+
+    /// Enable NTP drift check at startup.
+    #[serde(default = "default_ntp_check")]
+    pub ntp_check: bool,
+
+    /// NTP servers for drift check.
+    #[serde(default = "default_ntp_servers")]
+    pub ntp_servers: Vec<String>,
+
+    /// Enable auto-degradation from ME to Direct-DC.
+    #[serde(default = "default_true")]
+    pub auto_degradation_enabled: bool,
+
+    /// Minimum unavailable ME DC groups before degrading.
+    #[serde(default = "default_degradation_min_unavailable_dc_groups")]
+    pub degradation_min_unavailable_dc_groups: u8,
+}
+
+impl Default for GeneralConfig {
+    fn default() -> Self {
+        Self {
+            modes: ProxyModes::default(),
+            prefer_ipv6: false,
+            fast_mode: true,
+            use_middle_proxy: false,
+            ad_tag: None,
+            proxy_secret_path: None,
+            middle_proxy_nat_ip: None,
+            middle_proxy_nat_probe: false,
+            middle_proxy_nat_stun: None,
+            middle_proxy_nat_stun_servers: Vec::new(),
+            middle_proxy_pool_size: default_pool_size(),
+            middle_proxy_warm_standby: 8,
+            me_keepalive_enabled: true,
+            me_keepalive_interval_secs: default_keepalive_interval(),
+            me_keepalive_jitter_secs: default_keepalive_jitter(),
+            me_keepalive_payload_random: true,
+            me_warmup_stagger_enabled: true,
+            me_warmup_step_delay_ms: default_warmup_step_delay_ms(),
+            me_warmup_step_jitter_ms: default_warmup_step_jitter_ms(),
+            me_reconnect_max_concurrent_per_dc: 4,
+            me_reconnect_backoff_base_ms: default_reconnect_backoff_base_ms(),
+            me_reconnect_backoff_cap_ms: default_reconnect_backoff_cap_ms(),
+            me_reconnect_fast_retry_count: 8,
+            stun_iface_mismatch_ignore: false,
+            unknown_dc_log_path: default_unknown_dc_log_path(),
+            log_level: LogLevel::Normal,
+            disable_colors: false,
+            links: LinksConfig::default(),
+            crypto_pending_buffer: default_crypto_pending_buffer(),
+            max_client_frame: default_max_client_frame(),
+            fast_mode_min_tls_record: default_fast_mode_min_tls_record(),
+            proxy_secret_auto_reload_secs: default_proxy_secret_reload_secs(),
+            proxy_config_auto_reload_secs: default_proxy_config_reload_secs(),
+            ntp_check: default_ntp_check(),
+            ntp_servers: default_ntp_servers(),
+            auto_degradation_enabled: true,
+            degradation_min_unavailable_dc_groups: default_degradation_min_unavailable_dc_groups(),
+        }
+    }
+}
+
+/// `[general.links]` — proxy link generation settings.
+#[derive(Debug, Clone, Serialize, Deserialize, Default)]
+pub struct LinksConfig {
+    /// List of usernames whose tg:// links to display at startup.
+    /// `"*"` = all users, `["alice", "bob"]` = specific users.
+    #[serde(default)]
+    pub show: ShowLink,
+
+    /// Public hostname/IP for tg:// link generation (overrides detected IP).
+    #[serde(default)]
+    pub public_host: Option<String>,
+
+    /// Public port for tg:// link generation (overrides server.port).
+    #[serde(default)]
+    pub public_port: Option<u16>,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize)]
+pub struct ServerConfig {
+    #[serde(default = "default_port")]
+    pub port: u16,
+
+    #[serde(default)]
+    pub listen_addr_ipv4: Option<String>,
+
+    #[serde(default)]
+    pub listen_addr_ipv6: Option<String>,
+
+    #[serde(default)]
+    pub listen_unix_sock: Option<String>,
+
+    /// Unix socket file permissions (octal, e.g. "0666" or "0777").
+    /// Applied via chmod after bind. Default: no change (inherits umask).
+    #[serde(default)]
+    pub listen_unix_sock_perm: Option<String>,
+
+    /// Enable TCP listening. Default: true when no unix socket, false when
+    /// listen_unix_sock is set. Set explicitly to override auto-detection.
+    #[serde(default)]
+    pub listen_tcp: Option<bool>,
+
+    /// Accept HAProxy PROXY protocol headers on incoming connections.
+    /// When enabled, real client IPs are extracted from PROXY v1/v2 headers.
+    #[serde(default)]
+    pub proxy_protocol: bool,
+
+    #[serde(default)]
+    pub metrics_port: Option<u16>,
+
+    #[serde(default = "default_metrics_whitelist")]
+    pub metrics_whitelist: Vec<IpNetwork>,
+
+    #[serde(default)]
+    pub listeners: Vec<ListenerConfig>,
+}
+
+impl Default for ServerConfig {
+    fn default() -> Self {
+        Self {
+            port: default_port(),
+            listen_addr_ipv4: Some(default_listen_addr()),
+            listen_addr_ipv6: Some("::".to_string()),
+            listen_unix_sock: None,
+            listen_unix_sock_perm: None,
+            listen_tcp: None,
+            proxy_protocol: false,
+            metrics_port: None,
+            metrics_whitelist: default_metrics_whitelist(),
+            listeners: Vec::new(),
+        }
+    }
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize)]
+pub struct TimeoutsConfig {
+    #[serde(default = "default_handshake_timeout")]
+    pub client_handshake: u64,
+
+    #[serde(default = "default_connect_timeout")]
+    pub tg_connect: u64,
+
+    #[serde(default = "default_keepalive")]
+    pub client_keepalive: u64,
+
+    #[serde(default = "default_ack_timeout")]
+    pub client_ack: u64,
+
+    /// Number of quick ME reconnect attempts for single-address DC.
+    #[serde(default = "default_me_one_retry")]
+    pub me_one_retry: u8,
+
+    /// Timeout per quick attempt in milliseconds for single-address DC.
+    #[serde(default = "default_me_one_timeout")]
+    pub me_one_timeout_ms: u64,
+}
+
+impl Default for TimeoutsConfig {
+    fn default() -> Self {
+        Self {
+            client_handshake: default_handshake_timeout(),
+            tg_connect: default_connect_timeout(),
+            client_keepalive: default_keepalive(),
+            client_ack: default_ack_timeout(),
+            me_one_retry: default_me_one_retry(),
+            me_one_timeout_ms: default_me_one_timeout(),
+        }
+    }
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize)]
+pub struct AntiCensorshipConfig {
+    #[serde(default = "default_tls_domain")]
+    pub tls_domain: String,
+
+    /// Additional TLS domains for generating multiple proxy links.
+    #[serde(default)]
+    pub tls_domains: Vec<String>,
+
+    #[serde(default = "default_true")]
+    pub mask: bool,
+
+    #[serde(default)]
+    pub mask_host: Option<String>,
+
+    #[serde(default = "default_mask_port")]
+    pub mask_port: u16,
+
+    #[serde(default)]
+    pub mask_unix_sock: Option<String>,
+
+    #[serde(default = "default_fake_cert_len")]
+    pub fake_cert_len: usize,
+
+    /// Enable TLS certificate emulation using cached real certificates.
+    #[serde(default)]
+    pub tls_emulation: bool,
+
+    /// Directory to store TLS front cache (on disk).
+    #[serde(default = "default_tls_front_dir")]
+    pub tls_front_dir: String,
+
+    /// Minimum server_hello delay in milliseconds (anti-fingerprint).
+    #[serde(default = "default_server_hello_delay_min_ms")]
+    pub server_hello_delay_min_ms: u64,
+
+    /// Maximum server_hello delay in milliseconds.
+    #[serde(default = "default_server_hello_delay_max_ms")]
+    pub server_hello_delay_max_ms: u64,
+
+    /// Number of NewSessionTicket messages to emit post-handshake.
+    #[serde(default = "default_tls_new_session_tickets")]
+    pub tls_new_session_tickets: u8,
+
+    /// Enforce ALPN echo of client preference.
+    #[serde(default = "default_alpn_enforce")]
+    pub alpn_enforce: bool,
+}
+
+impl Default for AntiCensorshipConfig {
+    fn default() -> Self {
+        Self {
+            tls_domain: default_tls_domain(),
+            tls_domains: Vec::new(),
+            mask: true,
+            mask_host: None,
+            mask_port: default_mask_port(),
+            mask_unix_sock: None,
+            fake_cert_len: default_fake_cert_len(),
+            tls_emulation: false,
+            tls_front_dir: default_tls_front_dir(),
+            server_hello_delay_min_ms: default_server_hello_delay_min_ms(),
+            server_hello_delay_max_ms: default_server_hello_delay_max_ms(),
+            tls_new_session_tickets: default_tls_new_session_tickets(),
+            alpn_enforce: default_alpn_enforce(),
+        }
+    }
+}
+
+#[derive(Debug, Clone, PartialEq, Serialize, Deserialize)]
+pub struct AccessConfig {
+    #[serde(default)]
+    pub users: HashMap<String, String>,
+
+    #[serde(default)]
+    pub user_max_tcp_conns: HashMap<String, usize>,
+
+    #[serde(default)]
+    pub user_expirations: HashMap<String, DateTime<Utc>>,
+
+    #[serde(default)]
+    pub user_data_quota: HashMap<String, u64>,
+
+    #[serde(default)]
+    pub user_max_unique_ips: HashMap<String, usize>,
+
+    #[serde(default = "default_replay_check_len")]
+    pub replay_check_len: usize,
+
+    #[serde(default = "default_replay_window_secs")]
+    pub replay_window_secs: u64,
+
+    #[serde(default)]
+    pub ignore_time_skew: bool,
+}
+
+impl Default for AccessConfig {
+    fn default() -> Self {
+        let mut users = HashMap::new();
+        users.insert(
+            "default".to_string(),
+            "00000000000000000000000000000000".to_string(),
+        );
+        Self {
+            users,
+            user_max_tcp_conns: HashMap::new(),
+            user_expirations: HashMap::new(),
+            user_data_quota: HashMap::new(),
+            user_max_unique_ips: HashMap::new(),
+            replay_check_len: default_replay_check_len(),
+            replay_window_secs: default_replay_window_secs(),
+            ignore_time_skew: false,
+        }
+    }
+}
+
+// ============= Aux Structures =============
+
+#[derive(Debug, Clone, Serialize, Deserialize, PartialEq)]
+#[serde(tag = "type", rename_all = "lowercase")]
+pub enum UpstreamType {
+    Direct {
+        #[serde(default)]
+        interface: Option<String>,
+        #[serde(default)]
+        bind_addresses: Option<Vec<String>>,
+    },
+    Socks4 {
+        address: String,
+        #[serde(default)]
+        interface: Option<String>,
+        #[serde(default)]
+        user_id: Option<String>,
+    },
+    Socks5 {
+        address: String,
+        #[serde(default)]
+        interface: Option<String>,
+        #[serde(default)]
+        username: Option<String>,
+        #[serde(default)]
+        password: Option<String>,
+    },
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize)]
+pub struct UpstreamConfig {
+    #[serde(flatten)]
+    pub upstream_type: UpstreamType,
+    #[serde(default = "default_weight")]
+    pub weight: u16,
+    #[serde(default = "default_true")]
+    pub enabled: bool,
+    #[serde(default)]
+    pub scopes: String,
+    #[serde(skip)]
+    pub selected_scope: String,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize)]
+pub struct ListenerConfig {
+    pub ip: IpAddr,
+    /// IP address or hostname to announce in proxy links.
+    /// Takes precedence over `announce_ip` if both are set.
+    #[serde(default)]
+    pub announce: Option<String>,
+    /// Deprecated: Use `announce` instead. IP address to announce in proxy links.
+    /// Migrated to `announce` automatically if `announce` is not set.
+    #[serde(default)]
+    pub announce_ip: Option<IpAddr>,
+    /// Per-listener PROXY protocol override. When set, overrides global server.proxy_protocol.
+    #[serde(default)]
+    pub proxy_protocol: Option<bool>,
+    /// Allow multiple telemt instances to listen on the same IP:port (SO_REUSEPORT).
+    /// Default is false for safety.
+    #[serde(default)]
+    pub reuse_allow: bool,
+}
+
+// ============= ShowLink =============
+
+/// Controls which users' proxy links are displayed at startup.
+///
+/// In TOML, this can be:
+/// - `show_link = "*"`          — show links for all users
+/// - `show_link = ["a", "b"]`   — show links for specific users
+/// - omitted                    — show no links (default)
+#[derive(Debug, Clone)]
+pub enum ShowLink {
+    /// Don't show any links (default when omitted).
+    None,
+    /// Show links for all configured users.
+    All,
+    /// Show links for specific users.
+    Specific(Vec<String>),
+}
+
+impl Default for ShowLink {
+    fn default() -> Self {
+        ShowLink::None
+    }
+}
+
+impl ShowLink {
+    /// Returns true if no links should be shown.
+    pub fn is_empty(&self) -> bool {
+        matches!(self, ShowLink::None) || matches!(self, ShowLink::Specific(v) if v.is_empty())
+    }
+
+    /// Resolve the list of user names to display, given all configured users.
+    pub fn resolve_users<'a>(&'a self, all_users: &'a HashMap<String, String>) -> Vec<&'a String> {
+        match self {
+            ShowLink::None => vec![],
+            ShowLink::All => {
+                let mut names: Vec<&String> = all_users.keys().collect();
+                names.sort();
+                names
+            }
+            ShowLink::Specific(names) => names.iter().collect(),
+        }
+    }
+}
+
+impl Serialize for ShowLink {
+    fn serialize<S: serde::Serializer>(&self, serializer: S) -> std::result::Result<S::Ok, S::Error> {
+        match self {
+            ShowLink::None => Vec::<String>::new().serialize(serializer),
+            ShowLink::All => serializer.serialize_str("*"),
+            ShowLink::Specific(v) => v.serialize(serializer),
+        }
+    }
+}
+
+impl<'de> Deserialize<'de> for ShowLink {
+    fn deserialize<D: serde::Deserializer<'de>>(deserializer: D) -> std::result::Result<Self, D::Error> {
+        use serde::de;
+
+        struct ShowLinkVisitor;
+
+        impl<'de> de::Visitor<'de> for ShowLinkVisitor {
+            type Value = ShowLink;
+
+            fn expecting(&self, formatter: &mut std::fmt::Formatter) -> std::fmt::Result {
+                formatter.write_str(r#""*" or an array of user names"#)
+            }
+
+            fn visit_str<E: de::Error>(self, v: &str) -> std::result::Result<ShowLink, E> {
+                if v == "*" {
+                    Ok(ShowLink::All)
+                } else {
+                    Err(de::Error::invalid_value(
+                        de::Unexpected::Str(v),
+                        &r#""*""#,
+                    ))
+                }
+            }
+
+            fn visit_seq<A: de::SeqAccess<'de>>(self, mut seq: A) -> std::result::Result<ShowLink, A::Error> {
+                let mut names = Vec::new();
+                while let Some(name) = seq.next_element::<String>()? {
+                    names.push(name);
+                }
+                if names.is_empty() {
+                    Ok(ShowLink::None)
+                } else {
+                    Ok(ShowLink::Specific(names))
+                }
+            }
+        }
+
+        deserializer.deserialize_any(ShowLinkVisitor)
+    }
+}

src/crypto/aes.rs

@@ -1,9 +1,19 @@
 //! AES encryption implementations
 //!
 //! Provides AES-256-CTR and AES-256-CBC modes for MTProto encryption.
+//!
+//! ## Zeroize policy
+//!
+//! - `AesCbc` stores raw key/IV bytes and zeroizes them on drop.
+//! - `AesCtr` wraps an opaque `Aes256Ctr` cipher from the `ctr` crate.
+//!   The expanded key schedule lives inside that type and cannot be
+//!   zeroized from outside. Callers that hold raw key material (e.g.
+//!   `HandshakeSuccess`, `ObfuscationParams`) are responsible for
+//!   zeroizing their own copies.
 
 use aes::Aes256;
 use ctr::{Ctr128BE, cipher::{KeyIvInit, StreamCipher}};
+use zeroize::Zeroize;
 use crate::error::{ProxyError, Result};
 
 type Aes256Ctr = Ctr128BE<Aes256>;
@@ -12,7 +22,12 @@ type Aes256Ctr = Ctr128BE<Aes256>;
 
 /// AES-256-CTR encryptor/decryptor
 /// 
-/// CTR mode is symmetric - encryption and decryption are the same operation.
+/// CTR mode is symmetric — encryption and decryption are the same operation.
+///
+/// **Zeroize note:** The inner `Aes256Ctr` cipher state (expanded key schedule
+/// + counter) is opaque and cannot be zeroized. If you need to protect key
+/// material, zeroize the `[u8; 32]` key and `u128` IV at the call site
+/// before dropping them.
 pub struct AesCtr {
     cipher: Aes256Ctr,
 }
@@ -62,14 +77,23 @@ impl AesCtr {
 
 /// AES-256-CBC cipher with proper chaining
 ///
-/// Unlike CTR mode, CBC is NOT symmetric - encryption and decryption
+/// Unlike CTR mode, CBC is NOT symmetric — encryption and decryption
 /// are different operations. This implementation handles CBC chaining
 /// correctly across multiple blocks.
+///
+/// Key and IV are zeroized on drop.
 pub struct AesCbc {
     key: [u8; 32],
     iv: [u8; 16],
 }
 
+impl Drop for AesCbc {
+    fn drop(&mut self) {
+        self.key.zeroize();
+        self.iv.zeroize();
+    }
+}
+
 impl AesCbc {
     /// AES block size
     const BLOCK_SIZE: usize = 16;
@@ -141,17 +165,9 @@ impl AesCbc {
         
         for chunk in data.chunks(Self::BLOCK_SIZE) {
             let plaintext: [u8; 16] = chunk.try_into().unwrap();
-            
-            // XOR plaintext with previous ciphertext (or IV for first block)
             let xored = Self::xor_blocks(&plaintext, &prev_ciphertext);
-            
-            // Encrypt the XORed block
             let ciphertext = self.encrypt_block(&xored, &key_schedule);
-            
-            // Save for next iteration
             prev_ciphertext = ciphertext;
-            
-            // Append to result
             result.extend_from_slice(&ciphertext);
         }
         
@@ -180,17 +196,9 @@ impl AesCbc {
         
         for chunk in data.chunks(Self::BLOCK_SIZE) {
             let ciphertext: [u8; 16] = chunk.try_into().unwrap();
-            
-            // Decrypt the block
             let decrypted = self.decrypt_block(&ciphertext, &key_schedule);
-            
-            // XOR with previous ciphertext (or IV for first block)
             let plaintext = Self::xor_blocks(&decrypted, &prev_ciphertext);
-            
-            // Save current ciphertext for next iteration
             prev_ciphertext = ciphertext;
-            
-            // Append to result
             result.extend_from_slice(&plaintext);
         }
         
@@ -217,16 +225,13 @@ impl AesCbc {
         for i in (0..data.len()).step_by(Self::BLOCK_SIZE) {
             let block = &mut data[i..i + Self::BLOCK_SIZE];
             
-            // XOR with previous ciphertext
             for j in 0..Self::BLOCK_SIZE {
                 block[j] ^= prev_ciphertext[j];
             }
             
-            // Encrypt in-place
             let block_array: &mut [u8; 16] = block.try_into().unwrap();
             *block_array = self.encrypt_block(block_array, &key_schedule);
             
-            // Save for next iteration
             prev_ciphertext = *block_array;
         }
         
@@ -248,26 +253,20 @@ impl AesCbc {
         use aes::cipher::KeyInit;
         let key_schedule = aes::Aes256::new((&self.key).into());
         
-        // For in-place decryption, we need to save ciphertext blocks
-        // before we overwrite them
         let mut prev_ciphertext = self.iv;
         
         for i in (0..data.len()).step_by(Self::BLOCK_SIZE) {
             let block = &mut data[i..i + Self::BLOCK_SIZE];
             
-            // Save current ciphertext before modifying
             let current_ciphertext: [u8; 16] = block.try_into().unwrap();
             
-            // Decrypt in-place
             let block_array: &mut [u8; 16] = block.try_into().unwrap();
             *block_array = self.decrypt_block(block_array, &key_schedule);
             
-            // XOR with previous ciphertext
             for j in 0..Self::BLOCK_SIZE {
                 block[j] ^= prev_ciphertext[j];
             }
             
-            // Save for next iteration
             prev_ciphertext = current_ciphertext;
         }
         
@@ -347,10 +346,8 @@ mod tests {
         let mut cipher = AesCtr::new(&key, iv);
         cipher.apply(&mut data);
         
-        // Encrypted should be different
         assert_ne!(&data[..], original);
         
-        // Decrypt with fresh cipher
         let mut cipher = AesCtr::new(&key, iv);
         cipher.apply(&mut data);
         
@@ -364,7 +361,7 @@ mod tests {
         let key = [0u8; 32];
         let iv = [0u8; 16];
         
-        let original = [0u8; 32]; // 2 blocks
+        let original = [0u8; 32];
         
         let cipher = AesCbc::new(key, iv);
         let encrypted = cipher.encrypt(&original).unwrap();
@@ -375,31 +372,25 @@ mod tests {
     
     #[test]
     fn test_aes_cbc_chaining_works() {
-        // This is the key test - verify CBC chaining is correct
         let key = [0x42u8; 32];
         let iv = [0x00u8; 16];
         
-        // Two IDENTICAL plaintext blocks
         let plaintext = [0xAAu8; 32];
         
         let cipher = AesCbc::new(key, iv);
         let ciphertext = cipher.encrypt(&plaintext).unwrap();
         
-        // With proper CBC, identical plaintext blocks produce DIFFERENT ciphertext
         let block1 = &ciphertext[0..16];
         let block2 = &ciphertext[16..32];
         
         assert_ne!(
             block1, block2,
-            "CBC chaining broken: identical plaintext blocks produced identical ciphertext. \
-             This indicates ECB mode, not CBC!"
+            "CBC chaining broken: identical plaintext blocks produced identical ciphertext"
         );
     }
     
     #[test]
     fn test_aes_cbc_known_vector() {
-        // Test with known NIST test vector
-        // AES-256-CBC with zero key and zero IV
         let key = [0u8; 32];
         let iv = [0u8; 16];
         let plaintext = [0u8; 16];
@@ -407,11 +398,9 @@ mod tests {
         let cipher = AesCbc::new(key, iv);
         let ciphertext = cipher.encrypt(&plaintext).unwrap();
         
-        // Decrypt and verify roundtrip
         let decrypted = cipher.decrypt(&ciphertext).unwrap();
         assert_eq!(plaintext.as_slice(), decrypted.as_slice());
         
-        // Ciphertext should not be all zeros
         assert_ne!(ciphertext.as_slice(), plaintext.as_slice());
     }
     
@@ -420,7 +409,6 @@ mod tests {
         let key = [0x12u8; 32];
         let iv = [0x34u8; 16];
         
-        // 5 blocks = 80 bytes
         let plaintext: Vec<u8> = (0..80).collect();
         
         let cipher = AesCbc::new(key, iv);
@@ -435,7 +423,7 @@ mod tests {
         let key = [0x12u8; 32];
         let iv = [0x34u8; 16];
         
-        let original = [0x56u8; 48]; // 3 blocks
+        let original = [0x56u8; 48];
         let mut buffer = original;
         
         let cipher = AesCbc::new(key, iv);
@@ -462,41 +450,33 @@ mod tests {
     fn test_aes_cbc_unaligned_error() {
         let cipher = AesCbc::new([0u8; 32], [0u8; 16]);
         
-        // 15 bytes - not aligned to block size
         let result = cipher.encrypt(&[0u8; 15]);
         assert!(result.is_err());
         
-        // 17 bytes - not aligned
         let result = cipher.encrypt(&[0u8; 17]);
         assert!(result.is_err());
     }
     
     #[test]
     fn test_aes_cbc_avalanche_effect() {
-        // Changing one bit in plaintext should change entire ciphertext block
-        // and all subsequent blocks (due to chaining)
         let key = [0xAB; 32];
         let iv = [0xCD; 16];
         
-        let mut plaintext1 = [0u8; 32];
+        let plaintext1 = [0u8; 32];
         let mut plaintext2 = [0u8; 32];
-        plaintext2[0] = 0x01; // Single bit difference in first block
+        plaintext2[0] = 0x01;
         
         let cipher = AesCbc::new(key, iv);
         
         let ciphertext1 = cipher.encrypt(&plaintext1).unwrap();
         let ciphertext2 = cipher.encrypt(&plaintext2).unwrap();
         
-        // First blocks should be different
         assert_ne!(&ciphertext1[0..16], &ciphertext2[0..16]);
-        
-        // Second blocks should ALSO be different (chaining effect)
         assert_ne!(&ciphertext1[16..32], &ciphertext2[16..32]);
     }
     
     #[test]
     fn test_aes_cbc_iv_matters() {
-        // Same plaintext with different IVs should produce different ciphertext
         let key = [0x55; 32];
         let plaintext = [0x77u8; 16];
         
@@ -511,7 +491,6 @@ mod tests {
     
     #[test]
     fn test_aes_cbc_deterministic() {
-        // Same key, IV, plaintext should always produce same ciphertext
         let key = [0x99; 32];
         let iv = [0x88; 16];
         let plaintext = [0x77u8; 32];
@@ -524,6 +503,23 @@ mod tests {
         assert_eq!(ciphertext1, ciphertext2);
     }
     
+    // ============= Zeroize Tests =============
+    
+    #[test]
+    fn test_aes_cbc_zeroize_on_drop() {
+        let key = [0xAA; 32];
+        let iv = [0xBB; 16];
+        
+        let cipher = AesCbc::new(key, iv);
+        // Verify key/iv are set
+        assert_eq!(cipher.key, [0xAA; 32]);
+        assert_eq!(cipher.iv, [0xBB; 16]);
+        
+        drop(cipher);
+        // After drop, key/iv are zeroized (can't observe directly,
+        // but the Drop impl runs without panic)
+    }
+    
     // ============= Error Handling Tests =============
     
     #[test]

src/crypto/hash.rs

@@ -1,3 +1,16 @@
+//! Cryptographic hash functions
+//!
+//! ## Protocol-required algorithms
+//!
+//! This module exposes MD5 and SHA-1 alongside SHA-256. These weaker
+//! hash functions are **required by the Telegram Middle Proxy protocol**
+//! (`derive_middleproxy_keys`) and cannot be replaced without breaking
+//! compatibility. They are NOT used for any security-sensitive purpose
+//! outside of that specific key derivation scheme mandated by Telegram.
+//!
+//! Static analysis tools (CodeQL, cargo-audit) may flag them — the
+//! usages are intentional and protocol-mandated.
+
 use hmac::{Hmac, Mac};
 use sha2::Sha256;
 use md5::Md5;
@@ -21,14 +34,16 @@ pub fn sha256_hmac(key: &[u8], data: &[u8]) -> [u8; 32] {
     mac.finalize().into_bytes().into()
 }
 
-/// SHA-1
+/// SHA-1 — **protocol-required** by Telegram Middle Proxy key derivation.
+/// Not used for general-purpose hashing.
 pub fn sha1(data: &[u8]) -> [u8; 20] {
     let mut hasher = Sha1::new();
     hasher.update(data);
     hasher.finalize().into()
 }
 
-/// MD5
+/// MD5 — **protocol-required** by Telegram Middle Proxy key derivation.
+/// Not used for general-purpose hashing.
 pub fn md5(data: &[u8]) -> [u8; 16] {
     let mut hasher = Md5::new();
     hasher.update(data);
@@ -40,8 +55,16 @@ pub fn crc32(data: &[u8]) -> u32 {
     crc32fast::hash(data)
 }
 
-/// Middle Proxy Keygen
-pub fn derive_middleproxy_keys(
+/// CRC32C (Castagnoli)
+pub fn crc32c(data: &[u8]) -> u32 {
+    crc32c::crc32c(data)
+}
+
+/// Build the exact prekey buffer used by Telegram Middle Proxy KDF.
+///
+/// Returned buffer layout (IPv4):
+/// nonce_srv | nonce_clt | clt_ts | srv_ip | clt_port | purpose | clt_ip | srv_port | secret | nonce_srv | [clt_v6 | srv_v6] | nonce_clt
+pub fn build_middleproxy_prekey(
     nonce_srv: &[u8; 16],
     nonce_clt: &[u8; 16],
     clt_ts: &[u8; 4],
@@ -53,7 +76,7 @@ pub fn derive_middleproxy_keys(
     secret: &[u8],
     clt_ipv6: Option<&[u8; 16]>,
     srv_ipv6: Option<&[u8; 16]>,
-) -> ([u8; 32], [u8; 16]) {
+) -> Vec<u8> {
     const EMPTY_IP: [u8; 4] = [0, 0, 0, 0];
 
     let srv_ip = srv_ip.unwrap_or(&EMPTY_IP);
@@ -77,6 +100,40 @@ pub fn derive_middleproxy_keys(
     }
 
     s.extend_from_slice(nonce_clt);
+    s
+}
+
+/// Middle Proxy key derivation
+///
+/// Uses MD5 + SHA-1 as mandated by the Telegram Middle Proxy protocol.
+/// These algorithms are NOT replaceable here — changing them would break
+/// interoperability with Telegram's middle proxy infrastructure.
+pub fn derive_middleproxy_keys(
+    nonce_srv: &[u8; 16],
+    nonce_clt: &[u8; 16],
+    clt_ts: &[u8; 4],
+    srv_ip: Option<&[u8]>,
+    clt_port: &[u8; 2],
+    purpose: &[u8],
+    clt_ip: Option<&[u8]>,
+    srv_port: &[u8; 2],
+    secret: &[u8],
+    clt_ipv6: Option<&[u8; 16]>,
+    srv_ipv6: Option<&[u8; 16]>,
+) -> ([u8; 32], [u8; 16]) {
+    let s = build_middleproxy_prekey(
+        nonce_srv,
+        nonce_clt,
+        clt_ts,
+        srv_ip,
+        clt_port,
+        purpose,
+        clt_ip,
+        srv_port,
+        secret,
+        clt_ipv6,
+        srv_ipv6,
+    );
 
     let md5_1 = md5(&s[1..]);
     let sha1_sum = sha1(&s);
@@ -88,3 +145,39 @@ pub fn derive_middleproxy_keys(
     
     (key, md5_2)
 }
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    #[test]
+    fn middleproxy_prekey_sha_is_stable() {
+        let nonce_srv = [0x11u8; 16];
+        let nonce_clt = [0x22u8; 16];
+        let clt_ts = 0x44332211u32.to_le_bytes();
+        let srv_ip = Some([149u8, 154, 175, 50].as_ref());
+        let clt_ip = Some([10u8, 0, 0, 1].as_ref());
+        let clt_port = 0x1f90u16.to_le_bytes(); // 8080
+        let srv_port = 0x22b8u16.to_le_bytes(); // 8888
+        let secret = vec![0x55u8; 128];
+
+        let prekey = build_middleproxy_prekey(
+            &nonce_srv,
+            &nonce_clt,
+            &clt_ts,
+            srv_ip,
+            &clt_port,
+            b"CLIENT",
+            clt_ip,
+            &srv_port,
+            &secret,
+            None,
+            None,
+        );
+        let digest = sha256(&prekey);
+        assert_eq!(
+            hex::encode(digest),
+            "934f5facdafd65a44d5c2df90d2f35ddc81faaaeb337949dfeef817c8a7c1e00"
+        );
+    }
+}

src/crypto/mod.rs

@@ -5,5 +5,8 @@ pub mod hash;
 pub mod random;
 
 pub use aes::{AesCtr, AesCbc};
-pub use hash::{sha256, sha256_hmac, sha1, md5, crc32};
-pub use random::{SecureRandom, SECURE_RANDOM};
+pub use hash::{
+    build_middleproxy_prekey, crc32, crc32c, derive_middleproxy_keys, md5, sha1, sha256,
+    sha256_hmac,
+};
+pub use random::SecureRandom;

src/crypto/random.rs

@@ -3,53 +3,78 @@
 use rand::{Rng, RngCore, SeedableRng};
 use rand::rngs::StdRng;
 use parking_lot::Mutex;
+use zeroize::Zeroize;
 use crate::crypto::AesCtr;
-use once_cell::sync::Lazy;
-
-/// Global secure random instance
-pub static SECURE_RANDOM: Lazy<SecureRandom> = Lazy::new(SecureRandom::new);
 
 /// Cryptographically secure PRNG with AES-CTR
 pub struct SecureRandom {
     inner: Mutex<SecureRandomInner>,
 }
 
+unsafe impl Send for SecureRandom {}
+unsafe impl Sync for SecureRandom {}
+
 struct SecureRandomInner {
     rng: StdRng,
     cipher: AesCtr,
     buffer: Vec<u8>,
 }
 
+impl Drop for SecureRandomInner {
+    fn drop(&mut self) {
+        self.buffer.zeroize();
+    }
+}
+
 impl SecureRandom {
     pub fn new() -> Self {
-        let mut rng = StdRng::from_entropy();
+        let mut seed_source = rand::rng();
+        let mut rng = StdRng::from_rng(&mut seed_source);
         
         let mut key = [0u8; 32];
         rng.fill_bytes(&mut key);
-        let iv: u128 = rng.gen();
+        let iv: u128 = rng.random();
+        
+        let cipher = AesCtr::new(&key, iv);
+        
+        // Zeroize local key copy — cipher already consumed it
+        key.zeroize();
         
         Self {
             inner: Mutex::new(SecureRandomInner {
                 rng,
-                cipher: AesCtr::new(&key, iv),
+                cipher,
                 buffer: Vec::with_capacity(1024),
             }),
         }
     }
     
-    /// Generate random bytes
-    pub fn bytes(&self, len: usize) -> Vec<u8> {
+    /// Fill a caller-provided buffer with random bytes.
+    pub fn fill(&self, out: &mut [u8]) {
         let mut inner = self.inner.lock();
         const CHUNK_SIZE: usize = 512;
 
-        while inner.buffer.len() < len {
+        let mut written = 0usize;
+        while written < out.len() {
+            if inner.buffer.is_empty() {
                 let mut chunk = vec![0u8; CHUNK_SIZE];
                 inner.rng.fill_bytes(&mut chunk);
                 inner.cipher.apply(&mut chunk);
                 inner.buffer.extend_from_slice(&chunk);
             }
 
-        inner.buffer.drain(..len).collect()
+            let take = (out.len() - written).min(inner.buffer.len());
+            out[written..written + take].copy_from_slice(&inner.buffer[..take]);
+            inner.buffer.drain(..take);
+            written += take;
+        }
+    }
+
+    /// Generate random bytes
+    pub fn bytes(&self, len: usize) -> Vec<u8> {
+        let mut out = vec![0u8; len];
+        self.fill(&mut out);
+        out
     }
     
     /// Generate random number in range [0, max)
@@ -78,7 +103,6 @@ impl SecureRandom {
             result |= (b as u64) << (i * 8);
         }
         
-        // Mask extra bits
         if k < 64 {
             result &= (1u64 << k) - 1;
         }
@@ -107,13 +131,13 @@ impl SecureRandom {
     /// Generate random u32
     pub fn u32(&self) -> u32 {
         let mut inner = self.inner.lock();
-        inner.rng.gen()
+        inner.rng.random()
     }
     
     /// Generate random u64
     pub fn u64(&self) -> u64 {
         let mut inner = self.inner.lock();
-        inner.rng.gen()
+        inner.rng.random()
     }
 }
 
@@ -162,12 +186,10 @@ mod tests {
     fn test_bits() {
         let rng = SecureRandom::new();
         
-        // Single bit should be 0 or 1
         for _ in 0..100 {
             assert!(rng.bits(1) <= 1);
         }
         
-        // 8 bits should be 0-255
         for _ in 0..100 {
             assert!(rng.bits(8) <= 255);
         }
@@ -185,10 +207,8 @@ mod tests {
             }
         }
         
-        // Should have seen all items
         assert_eq!(seen.len(), 5);
         
-        // Empty slice should return None
         let empty: Vec<i32> = vec![];
         assert!(rng.choose(&empty).is_none());
     }
@@ -201,12 +221,10 @@ mod tests {
         let mut shuffled = original.clone();
         rng.shuffle(&mut shuffled);
         
-        // Should contain same elements
         let mut sorted = shuffled.clone();
         sorted.sort();
         assert_eq!(sorted, original);
         
-        // Should be different order (with very high probability)
         assert_ne!(shuffled, original);
     }
 }

src/error.rs

@@ -118,16 +118,13 @@ pub trait Recoverable {
 impl Recoverable for StreamError {
     fn is_recoverable(&self) -> bool {
         match self {
-            // Partial operations can be retried
             Self::PartialRead { .. } | Self::PartialWrite { .. } => true,
-            // I/O errors depend on kind
             Self::Io(e) => matches!(
                 e.kind(),
                 std::io::ErrorKind::WouldBlock 
                 | std::io::ErrorKind::Interrupted
                 | std::io::ErrorKind::TimedOut
             ),
-            // These are not recoverable
             Self::Poisoned { .. } 
             | Self::BufferOverflow { .. }
             | Self::InvalidFrame { .. }
@@ -137,13 +134,9 @@ impl Recoverable for StreamError {
     
     fn can_continue(&self) -> bool {
         match self {
-            // Poisoned stream cannot be used
             Self::Poisoned { .. } => false,
-            // EOF means stream is done
             Self::UnexpectedEof => false,
-            // Buffer overflow is fatal
             Self::BufferOverflow { .. } => false,
-            // Others might allow continuation
             _ => true,
         }
     }
@@ -297,16 +290,16 @@ pub type StreamResult<T> = std::result::Result<T, StreamError>;
 
 /// Result with optional bad client handling
 #[derive(Debug)]
-pub enum HandshakeResult<T> {
+pub enum HandshakeResult<T, R, W> {
     /// Handshake succeeded
     Success(T),
-    /// Client failed validation, needs masking
-    BadClient,
+    /// Client failed validation, needs masking. Returns ownership of streams.
+    BadClient { reader: R, writer: W },
     /// Error occurred
     Error(ProxyError),
 }
 
-impl<T> HandshakeResult<T> {
+impl<T, R, W> HandshakeResult<T, R, W> {
     /// Check if successful
     pub fn is_success(&self) -> bool {
         matches!(self, HandshakeResult::Success(_))
@@ -314,49 +307,32 @@ impl<T> HandshakeResult<T> {
     
     /// Check if bad client
     pub fn is_bad_client(&self) -> bool {
-        matches!(self, HandshakeResult::BadClient)
-    }
-    
-    /// Convert to Result, treating BadClient as error
-    pub fn into_result(self) -> Result<T> {
-        match self {
-            HandshakeResult::Success(v) => Ok(v),
-            HandshakeResult::BadClient => Err(ProxyError::InvalidHandshake("Bad client".into())),
-            HandshakeResult::Error(e) => Err(e),
-        }
+        matches!(self, HandshakeResult::BadClient { .. })
     }
     
     /// Map the success value
-    pub fn map<U, F: FnOnce(T) -> U>(self, f: F) -> HandshakeResult<U> {
+    pub fn map<U, F: FnOnce(T) -> U>(self, f: F) -> HandshakeResult<U, R, W> {
         match self {
             HandshakeResult::Success(v) => HandshakeResult::Success(f(v)),
-            HandshakeResult::BadClient => HandshakeResult::BadClient,
+            HandshakeResult::BadClient { reader, writer } => HandshakeResult::BadClient { reader, writer },
             HandshakeResult::Error(e) => HandshakeResult::Error(e),
         }
     }
-    
-    /// Convert success to Option
-    pub fn ok(self) -> Option<T> {
-        match self {
-            HandshakeResult::Success(v) => Some(v),
-            _ => None,
-        }
-    }
 }
 
-impl<T> From<ProxyError> for HandshakeResult<T> {
+impl<T, R, W> From<ProxyError> for HandshakeResult<T, R, W> {
     fn from(err: ProxyError) -> Self {
         HandshakeResult::Error(err)
     }
 }
 
-impl<T> From<std::io::Error> for HandshakeResult<T> {
+impl<T, R, W> From<std::io::Error> for HandshakeResult<T, R, W> {
     fn from(err: std::io::Error) -> Self {
         HandshakeResult::Error(ProxyError::Io(err))
     }
 }
 
-impl<T> From<StreamError> for HandshakeResult<T> {
+impl<T, R, W> From<StreamError> for HandshakeResult<T, R, W> {
     fn from(err: StreamError) -> Self {
         HandshakeResult::Error(ProxyError::Stream(err))
     }
@@ -400,18 +376,18 @@ mod tests {
     
     #[test]
     fn test_handshake_result() {
-        let success: HandshakeResult<i32> = HandshakeResult::Success(42);
+        let success: HandshakeResult<i32, (), ()> = HandshakeResult::Success(42);
         assert!(success.is_success());
         assert!(!success.is_bad_client());
         
-        let bad: HandshakeResult<i32> = HandshakeResult::BadClient;
+        let bad: HandshakeResult<i32, (), ()> = HandshakeResult::BadClient { reader: (), writer: () };
         assert!(!bad.is_success());
         assert!(bad.is_bad_client());
     }
     
     #[test]
     fn test_handshake_result_map() {
-        let success: HandshakeResult<i32> = HandshakeResult::Success(42);
+        let success: HandshakeResult<i32, (), ()> = HandshakeResult::Success(42);
         let mapped = success.map(|x| x * 2);
         
         match mapped {

src/ip_tracker.rs

@@ -0,0 +1,462 @@
+// src/ip_tracker.rs
+// Модуль для отслеживания и ограничения уникальных IP-адресов пользователей
+
+use std::collections::{HashMap, HashSet};
+use std::net::IpAddr;
+use std::sync::Arc;
+use tokio::sync::RwLock;
+
+/// Трекер уникальных IP-адресов для каждого пользователя MTProxy
+/// 
+/// Предоставляет thread-safe механизм для:
+/// - Отслеживания активных IP-адресов каждого пользователя
+/// - Ограничения количества уникальных IP на пользователя
+/// - Автоматической очистки при отключении клиентов
+#[derive(Debug, Clone)]
+pub struct UserIpTracker {
+    /// Маппинг: Имя пользователя -> Множество активных IP-адресов
+    active_ips: Arc<RwLock<HashMap<String, HashSet<IpAddr>>>>,
+    
+    /// Маппинг: Имя пользователя -> Максимально разрешенное количество уникальных IP
+    max_ips: Arc<RwLock<HashMap<String, usize>>>,
+}
+
+impl UserIpTracker {
+    /// Создать новый пустой трекер
+    pub fn new() -> Self {
+        Self {
+            active_ips: Arc::new(RwLock::new(HashMap::new())),
+            max_ips: Arc::new(RwLock::new(HashMap::new())),
+        }
+    }
+
+    /// Установить лимит уникальных IP для конкретного пользователя
+    /// 
+    /// # Arguments
+    /// * `username` - Имя пользователя
+    /// * `max_ips` - Максимальное количество одновременно активных IP-адресов
+    pub async fn set_user_limit(&self, username: &str, max_ips: usize) {
+        let mut limits = self.max_ips.write().await;
+        limits.insert(username.to_string(), max_ips);
+    }
+
+    /// Загрузить лимиты из конфигурации
+    /// 
+    /// # Arguments
+    /// * `limits` - HashMap с лимитами из config.toml
+    pub async fn load_limits(&self, limits: &HashMap<String, usize>) {
+        let mut max_ips = self.max_ips.write().await;
+        for (user, limit) in limits {
+            max_ips.insert(user.clone(), *limit);
+        }
+    }
+
+    /// Проверить, может ли пользователь подключиться с данного IP-адреса
+    /// и добавить IP в список активных, если проверка успешна
+    /// 
+    /// # Arguments
+    /// * `username` - Имя пользователя
+    /// * `ip` - IP-адрес клиента
+    /// 
+    /// # Returns
+    /// * `Ok(())` - Подключение разрешено, IP добавлен в активные
+    /// * `Err(String)` - Подключение отклонено с описанием причины
+    pub async fn check_and_add(&self, username: &str, ip: IpAddr) -> Result<(), String> {
+        // Получаем лимит для пользователя
+        let max_ips = self.max_ips.read().await;
+        let limit = match max_ips.get(username) {
+            Some(limit) => *limit,
+            None => {
+                // Если лимит не задан - разрешаем безлимитный доступ
+                drop(max_ips);
+                let mut active_ips = self.active_ips.write().await;
+                let user_ips = active_ips
+                    .entry(username.to_string())
+                    .or_insert_with(HashSet::new);
+                user_ips.insert(ip);
+                return Ok(());
+            }
+        };
+        drop(max_ips);
+
+        // Проверяем и обновляем активные IP
+        let mut active_ips = self.active_ips.write().await;
+        let user_ips = active_ips
+            .entry(username.to_string())
+            .or_insert_with(HashSet::new);
+
+        // Если IP уже есть в списке - это повторное подключение, разрешаем
+        if user_ips.contains(&ip) {
+            return Ok(());
+        }
+
+        // Проверяем, не превышен ли лимит
+        if user_ips.len() >= limit {
+            return Err(format!(
+                "IP limit reached for user '{}': {}/{} unique IPs already connected",
+                username,
+                user_ips.len(),
+                limit
+            ));
+        }
+
+        // Лимит не превышен - добавляем новый IP
+        user_ips.insert(ip);
+        Ok(())
+    }
+
+    /// Удалить IP-адрес из списка активных при отключении клиента
+    /// 
+    /// # Arguments
+    /// * `username` - Имя пользователя
+    /// * `ip` - IP-адрес отключившегося клиента
+    pub async fn remove_ip(&self, username: &str, ip: IpAddr) {
+        let mut active_ips = self.active_ips.write().await;
+        
+        if let Some(user_ips) = active_ips.get_mut(username) {
+            user_ips.remove(&ip);
+            
+            // Если у пользователя не осталось активных IP - удаляем запись
+            // для экономии памяти
+            if user_ips.is_empty() {
+                active_ips.remove(username);
+            }
+        }
+    }
+
+    /// Получить текущее количество активных IP-адресов для пользователя
+    /// 
+    /// # Arguments
+    /// * `username` - Имя пользователя
+    /// 
+    /// # Returns
+    /// Количество уникальных активных IP-адресов
+    pub async fn get_active_ip_count(&self, username: &str) -> usize {
+        let active_ips = self.active_ips.read().await;
+        active_ips
+            .get(username)
+            .map(|ips| ips.len())
+            .unwrap_or(0)
+    }
+
+    /// Получить список всех активных IP-адресов для пользователя
+    /// 
+    /// # Arguments
+    /// * `username` - Имя пользователя
+    /// 
+    /// # Returns
+    /// Вектор с активными IP-адресами
+    pub async fn get_active_ips(&self, username: &str) -> Vec<IpAddr> {
+        let active_ips = self.active_ips.read().await;
+        active_ips
+            .get(username)
+            .map(|ips| ips.iter().copied().collect())
+            .unwrap_or_else(Vec::new)
+    }
+
+    /// Получить статистику по всем пользователям
+    /// 
+    /// # Returns
+    /// Вектор кортежей: (имя_пользователя, количество_активных_IP, лимит)
+    pub async fn get_stats(&self) -> Vec<(String, usize, usize)> {
+        let active_ips = self.active_ips.read().await;
+        let max_ips = self.max_ips.read().await;
+
+        let mut stats = Vec::new();
+        
+        // Собираем статистику по пользователям с активными подключениями
+        for (username, user_ips) in active_ips.iter() {
+            let limit = max_ips.get(username).copied().unwrap_or(0);
+            stats.push((username.clone(), user_ips.len(), limit));
+        }
+        
+        stats.sort_by(|a, b| a.0.cmp(&b.0)); // Сортируем по имени пользователя
+        stats
+    }
+
+    /// Очистить все активные IP для пользователя (при необходимости)
+    /// 
+    /// # Arguments
+    /// * `username` - Имя пользователя
+    pub async fn clear_user_ips(&self, username: &str) {
+        let mut active_ips = self.active_ips.write().await;
+        active_ips.remove(username);
+    }
+
+    /// Очистить всю статистику (использовать с осторожностью!)
+    pub async fn clear_all(&self) {
+        let mut active_ips = self.active_ips.write().await;
+        active_ips.clear();
+    }
+
+    /// Проверить, подключен ли пользователь с данного IP
+    /// 
+    /// # Arguments
+    /// * `username` - Имя пользователя
+    /// * `ip` - IP-адрес для проверки
+    /// 
+    /// # Returns
+    /// `true` если IP активен, `false` если нет
+    pub async fn is_ip_active(&self, username: &str, ip: IpAddr) -> bool {
+        let active_ips = self.active_ips.read().await;
+        active_ips
+            .get(username)
+            .map(|ips| ips.contains(&ip))
+            .unwrap_or(false)
+    }
+
+    /// Получить лимит для пользователя
+    /// 
+    /// # Arguments
+    /// * `username` - Имя пользователя
+    /// 
+    /// # Returns
+    /// Лимит IP-адресов или None, если лимит не установлен
+    pub async fn get_user_limit(&self, username: &str) -> Option<usize> {
+        let max_ips = self.max_ips.read().await;
+        max_ips.get(username).copied()
+    }
+
+    /// Форматировать статистику в читаемый текст
+    /// 
+    /// # Returns
+    /// Строка со статистикой для логов или мониторинга
+    pub async fn format_stats(&self) -> String {
+        let stats = self.get_stats().await;
+        
+        if stats.is_empty() {
+            return String::from("No active users");
+        }
+        
+        let mut output = String::from("User IP Statistics:\n");
+        output.push_str("==================\n");
+        
+        for (username, active_count, limit) in stats {
+            output.push_str(&format!(
+                "User: {:<20} Active IPs: {}/{}\n",
+                username,
+                active_count,
+                if limit > 0 { limit.to_string() } else { "unlimited".to_string() }
+            ));
+            
+            let ips = self.get_active_ips(&username).await;
+            for ip in ips {
+                output.push_str(&format!("  └─ {}\n", ip));
+            }
+        }
+        
+        output
+    }
+}
+
+impl Default for UserIpTracker {
+    fn default() -> Self {
+        Self::new()
+    }
+}
+
+// ============================================================================
+// ТЕСТЫ
+// ============================================================================
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+    use std::net::{IpAddr, Ipv4Addr, Ipv6Addr};
+
+    fn test_ipv4(oct1: u8, oct2: u8, oct3: u8, oct4: u8) -> IpAddr {
+        IpAddr::V4(Ipv4Addr::new(oct1, oct2, oct3, oct4))
+    }
+
+    fn test_ipv6() -> IpAddr {
+        IpAddr::V6(Ipv6Addr::new(0x2001, 0xdb8, 0, 0, 0, 0, 0, 1))
+    }
+
+    #[tokio::test]
+    async fn test_basic_ip_limit() {
+        let tracker = UserIpTracker::new();
+        tracker.set_user_limit("test_user", 2).await;
+
+        let ip1 = test_ipv4(192, 168, 1, 1);
+        let ip2 = test_ipv4(192, 168, 1, 2);
+        let ip3 = test_ipv4(192, 168, 1, 3);
+
+        // Первые два IP должны быть приняты
+        assert!(tracker.check_and_add("test_user", ip1).await.is_ok());
+        assert!(tracker.check_and_add("test_user", ip2).await.is_ok());
+
+        // Третий IP должен быть отклонен
+        assert!(tracker.check_and_add("test_user", ip3).await.is_err());
+
+        // Проверяем счетчик
+        assert_eq!(tracker.get_active_ip_count("test_user").await, 2);
+    }
+
+    #[tokio::test]
+    async fn test_reconnection_from_same_ip() {
+        let tracker = UserIpTracker::new();
+        tracker.set_user_limit("test_user", 2).await;
+
+        let ip1 = test_ipv4(192, 168, 1, 1);
+
+        // Первое подключение
+        assert!(tracker.check_and_add("test_user", ip1).await.is_ok());
+        
+        // Повторное подключение с того же IP должно пройти
+        assert!(tracker.check_and_add("test_user", ip1).await.is_ok());
+        
+        // Счетчик не должен увеличиться
+        assert_eq!(tracker.get_active_ip_count("test_user").await, 1);
+    }
+
+    #[tokio::test]
+    async fn test_ip_removal() {
+        let tracker = UserIpTracker::new();
+        tracker.set_user_limit("test_user", 2).await;
+
+        let ip1 = test_ipv4(192, 168, 1, 1);
+        let ip2 = test_ipv4(192, 168, 1, 2);
+        let ip3 = test_ipv4(192, 168, 1, 3);
+
+        // Добавляем два IP
+        assert!(tracker.check_and_add("test_user", ip1).await.is_ok());
+        assert!(tracker.check_and_add("test_user", ip2).await.is_ok());
+        
+        // Третий не должен пройти
+        assert!(tracker.check_and_add("test_user", ip3).await.is_err());
+
+        // Удаляем первый IP
+        tracker.remove_ip("test_user", ip1).await;
+        
+        // Теперь третий должен пройти
+        assert!(tracker.check_and_add("test_user", ip3).await.is_ok());
+        
+        assert_eq!(tracker.get_active_ip_count("test_user").await, 2);
+    }
+
+    #[tokio::test]
+    async fn test_no_limit() {
+        let tracker = UserIpTracker::new();
+        // Не устанавливаем лимит для test_user
+
+        let ip1 = test_ipv4(192, 168, 1, 1);
+        let ip2 = test_ipv4(192, 168, 1, 2);
+        let ip3 = test_ipv4(192, 168, 1, 3);
+
+        // Без лимита все IP должны проходить
+        assert!(tracker.check_and_add("test_user", ip1).await.is_ok());
+        assert!(tracker.check_and_add("test_user", ip2).await.is_ok());
+        assert!(tracker.check_and_add("test_user", ip3).await.is_ok());
+        
+        assert_eq!(tracker.get_active_ip_count("test_user").await, 3);
+    }
+
+    #[tokio::test]
+    async fn test_multiple_users() {
+        let tracker = UserIpTracker::new();
+        tracker.set_user_limit("user1", 2).await;
+        tracker.set_user_limit("user2", 1).await;
+
+        let ip1 = test_ipv4(192, 168, 1, 1);
+        let ip2 = test_ipv4(192, 168, 1, 2);
+
+        // user1 может использовать 2 IP
+        assert!(tracker.check_and_add("user1", ip1).await.is_ok());
+        assert!(tracker.check_and_add("user1", ip2).await.is_ok());
+
+        // user2 может использовать только 1 IP
+        assert!(tracker.check_and_add("user2", ip1).await.is_ok());
+        assert!(tracker.check_and_add("user2", ip2).await.is_err());
+    }
+
+    #[tokio::test]
+    async fn test_ipv6_support() {
+        let tracker = UserIpTracker::new();
+        tracker.set_user_limit("test_user", 2).await;
+
+        let ipv4 = test_ipv4(192, 168, 1, 1);
+        let ipv6 = test_ipv6();
+
+        // Должны работать оба типа адресов
+        assert!(tracker.check_and_add("test_user", ipv4).await.is_ok());
+        assert!(tracker.check_and_add("test_user", ipv6).await.is_ok());
+        
+        assert_eq!(tracker.get_active_ip_count("test_user").await, 2);
+    }
+
+    #[tokio::test]
+    async fn test_get_active_ips() {
+        let tracker = UserIpTracker::new();
+        tracker.set_user_limit("test_user", 3).await;
+
+        let ip1 = test_ipv4(192, 168, 1, 1);
+        let ip2 = test_ipv4(192, 168, 1, 2);
+
+        tracker.check_and_add("test_user", ip1).await.unwrap();
+        tracker.check_and_add("test_user", ip2).await.unwrap();
+
+        let active_ips = tracker.get_active_ips("test_user").await;
+        assert_eq!(active_ips.len(), 2);
+        assert!(active_ips.contains(&ip1));
+        assert!(active_ips.contains(&ip2));
+    }
+
+    #[tokio::test]
+    async fn test_stats() {
+        let tracker = UserIpTracker::new();
+        tracker.set_user_limit("user1", 3).await;
+        tracker.set_user_limit("user2", 2).await;
+
+        let ip1 = test_ipv4(192, 168, 1, 1);
+        let ip2 = test_ipv4(192, 168, 1, 2);
+
+        tracker.check_and_add("user1", ip1).await.unwrap();
+        tracker.check_and_add("user2", ip2).await.unwrap();
+
+        let stats = tracker.get_stats().await;
+        assert_eq!(stats.len(), 2);
+        
+        // Проверяем наличие обоих пользователей в статистике
+        assert!(stats.iter().any(|(name, _, _)| name == "user1"));
+        assert!(stats.iter().any(|(name, _, _)| name == "user2"));
+    }
+
+    #[tokio::test]
+    async fn test_clear_user_ips() {
+        let tracker = UserIpTracker::new();
+        let ip1 = test_ipv4(192, 168, 1, 1);
+        
+        tracker.check_and_add("test_user", ip1).await.unwrap();
+        assert_eq!(tracker.get_active_ip_count("test_user").await, 1);
+        
+        tracker.clear_user_ips("test_user").await;
+        assert_eq!(tracker.get_active_ip_count("test_user").await, 0);
+    }
+
+    #[tokio::test]
+    async fn test_is_ip_active() {
+        let tracker = UserIpTracker::new();
+        let ip1 = test_ipv4(192, 168, 1, 1);
+        let ip2 = test_ipv4(192, 168, 1, 2);
+        
+        tracker.check_and_add("test_user", ip1).await.unwrap();
+        
+        assert!(tracker.is_ip_active("test_user", ip1).await);
+        assert!(!tracker.is_ip_active("test_user", ip2).await);
+    }
+
+    #[tokio::test]
+    async fn test_load_limits_from_config() {
+        let tracker = UserIpTracker::new();
+        
+        let mut config_limits = HashMap::new();
+        config_limits.insert("user1".to_string(), 5);
+        config_limits.insert("user2".to_string(), 3);
+        
+        tracker.load_limits(&config_limits).await;
+        
+        assert_eq!(tracker.get_user_limit("user1").await, Some(5));
+        assert_eq!(tracker.get_user_limit("user2").await, Some(3));
+        assert_eq!(tracker.get_user_limit("user3").await, None);
+    }
+}

src/metrics.rs

@@ -0,0 +1,245 @@
+use std::convert::Infallible;
+use std::net::SocketAddr;
+use std::sync::Arc;
+
+use http_body_util::{Full, BodyExt};
+use hyper::body::Bytes;
+use hyper::server::conn::http1;
+use hyper::service::service_fn;
+use hyper::{Request, Response, StatusCode};
+use ipnetwork::IpNetwork;
+use tokio::net::TcpListener;
+use tracing::{info, warn, debug};
+
+use crate::stats::Stats;
+
+pub async fn serve(port: u16, stats: Arc<Stats>, whitelist: Vec<IpNetwork>) {
+    let addr = SocketAddr::from(([0, 0, 0, 0], port));
+    let listener = match TcpListener::bind(addr).await {
+        Ok(l) => l,
+        Err(e) => {
+            warn!(error = %e, "Failed to bind metrics on {}", addr);
+            return;
+        }
+    };
+    info!("Metrics endpoint: http://{}/metrics", addr);
+
+    loop {
+        let (stream, peer) = match listener.accept().await {
+            Ok(v) => v,
+            Err(e) => {
+                warn!(error = %e, "Metrics accept error");
+                continue;
+            }
+        };
+
+        if !whitelist.is_empty() && !whitelist.iter().any(|net| net.contains(peer.ip())) {
+            debug!(peer = %peer, "Metrics request denied by whitelist");
+            continue;
+        }
+
+        let stats = stats.clone();
+        tokio::spawn(async move {
+            let svc = service_fn(move |req| {
+                let stats = stats.clone();
+                async move { handle(req, &stats) }
+            });
+            if let Err(e) = http1::Builder::new()
+                .serve_connection(hyper_util::rt::TokioIo::new(stream), svc)
+                .await
+            {
+                debug!(error = %e, "Metrics connection error");
+            }
+        });
+    }
+}
+
+fn handle<B>(req: Request<B>, stats: &Stats) -> Result<Response<Full<Bytes>>, Infallible> {
+    if req.uri().path() != "/metrics" {
+        let resp = Response::builder()
+            .status(StatusCode::NOT_FOUND)
+            .body(Full::new(Bytes::from("Not Found\n")))
+            .unwrap();
+        return Ok(resp);
+    }
+
+    let body = render_metrics(stats);
+    let resp = Response::builder()
+        .status(StatusCode::OK)
+        .header("content-type", "text/plain; version=0.0.4; charset=utf-8")
+        .body(Full::new(Bytes::from(body)))
+        .unwrap();
+    Ok(resp)
+}
+
+fn render_metrics(stats: &Stats) -> String {
+    use std::fmt::Write;
+    let mut out = String::with_capacity(4096);
+
+    let _ = writeln!(out, "# HELP telemt_uptime_seconds Proxy uptime");
+    let _ = writeln!(out, "# TYPE telemt_uptime_seconds gauge");
+    let _ = writeln!(out, "telemt_uptime_seconds {:.1}", stats.uptime_secs());
+
+    let _ = writeln!(out, "# HELP telemt_connections_total Total accepted connections");
+    let _ = writeln!(out, "# TYPE telemt_connections_total counter");
+    let _ = writeln!(out, "telemt_connections_total {}", stats.get_connects_all());
+
+    let _ = writeln!(out, "# HELP telemt_connections_bad_total Bad/rejected connections");
+    let _ = writeln!(out, "# TYPE telemt_connections_bad_total counter");
+    let _ = writeln!(out, "telemt_connections_bad_total {}", stats.get_connects_bad());
+
+    let _ = writeln!(out, "# HELP telemt_handshake_timeouts_total Handshake timeouts");
+    let _ = writeln!(out, "# TYPE telemt_handshake_timeouts_total counter");
+    let _ = writeln!(out, "telemt_handshake_timeouts_total {}", stats.get_handshake_timeouts());
+
+    let _ = writeln!(out, "# HELP telemt_me_keepalive_sent_total ME keepalive frames sent");
+    let _ = writeln!(out, "# TYPE telemt_me_keepalive_sent_total counter");
+    let _ = writeln!(out, "telemt_me_keepalive_sent_total {}", stats.get_me_keepalive_sent());
+
+    let _ = writeln!(out, "# HELP telemt_me_keepalive_failed_total ME keepalive send failures");
+    let _ = writeln!(out, "# TYPE telemt_me_keepalive_failed_total counter");
+    let _ = writeln!(out, "telemt_me_keepalive_failed_total {}", stats.get_me_keepalive_failed());
+
+    let _ = writeln!(out, "# HELP telemt_me_keepalive_pong_total ME keepalive pong replies");
+    let _ = writeln!(out, "# TYPE telemt_me_keepalive_pong_total counter");
+    let _ = writeln!(out, "telemt_me_keepalive_pong_total {}", stats.get_me_keepalive_pong());
+
+    let _ = writeln!(out, "# HELP telemt_me_keepalive_timeout_total ME keepalive ping timeouts");
+    let _ = writeln!(out, "# TYPE telemt_me_keepalive_timeout_total counter");
+    let _ = writeln!(out, "telemt_me_keepalive_timeout_total {}", stats.get_me_keepalive_timeout());
+
+    let _ = writeln!(out, "# HELP telemt_me_reconnect_attempts_total ME reconnect attempts");
+    let _ = writeln!(out, "# TYPE telemt_me_reconnect_attempts_total counter");
+    let _ = writeln!(out, "telemt_me_reconnect_attempts_total {}", stats.get_me_reconnect_attempts());
+
+    let _ = writeln!(out, "# HELP telemt_me_reconnect_success_total ME reconnect successes");
+    let _ = writeln!(out, "# TYPE telemt_me_reconnect_success_total counter");
+    let _ = writeln!(out, "telemt_me_reconnect_success_total {}", stats.get_me_reconnect_success());
+
+    let _ = writeln!(out, "# HELP telemt_me_crc_mismatch_total ME CRC mismatches");
+    let _ = writeln!(out, "# TYPE telemt_me_crc_mismatch_total counter");
+    let _ = writeln!(out, "telemt_me_crc_mismatch_total {}", stats.get_me_crc_mismatch());
+
+    let _ = writeln!(out, "# HELP telemt_me_seq_mismatch_total ME sequence mismatches");
+    let _ = writeln!(out, "# TYPE telemt_me_seq_mismatch_total counter");
+    let _ = writeln!(out, "telemt_me_seq_mismatch_total {}", stats.get_me_seq_mismatch());
+
+    let _ = writeln!(out, "# HELP telemt_me_route_drop_no_conn_total ME route drops: no conn");
+    let _ = writeln!(out, "# TYPE telemt_me_route_drop_no_conn_total counter");
+    let _ = writeln!(out, "telemt_me_route_drop_no_conn_total {}", stats.get_me_route_drop_no_conn());
+
+    let _ = writeln!(out, "# HELP telemt_me_route_drop_channel_closed_total ME route drops: channel closed");
+    let _ = writeln!(out, "# TYPE telemt_me_route_drop_channel_closed_total counter");
+    let _ = writeln!(out, "telemt_me_route_drop_channel_closed_total {}", stats.get_me_route_drop_channel_closed());
+
+    let _ = writeln!(out, "# HELP telemt_me_route_drop_queue_full_total ME route drops: queue full");
+    let _ = writeln!(out, "# TYPE telemt_me_route_drop_queue_full_total counter");
+    let _ = writeln!(out, "telemt_me_route_drop_queue_full_total {}", stats.get_me_route_drop_queue_full());
+
+    let _ = writeln!(out, "# HELP telemt_secure_padding_invalid_total Invalid secure frame lengths");
+    let _ = writeln!(out, "# TYPE telemt_secure_padding_invalid_total counter");
+    let _ = writeln!(out, "telemt_secure_padding_invalid_total {}", stats.get_secure_padding_invalid());
+
+    let _ = writeln!(out, "# HELP telemt_user_connections_total Per-user total connections");
+    let _ = writeln!(out, "# TYPE telemt_user_connections_total counter");
+    let _ = writeln!(out, "# HELP telemt_user_connections_current Per-user active connections");
+    let _ = writeln!(out, "# TYPE telemt_user_connections_current gauge");
+    let _ = writeln!(out, "# HELP telemt_user_octets_from_client Per-user bytes received");
+    let _ = writeln!(out, "# TYPE telemt_user_octets_from_client counter");
+    let _ = writeln!(out, "# HELP telemt_user_octets_to_client Per-user bytes sent");
+    let _ = writeln!(out, "# TYPE telemt_user_octets_to_client counter");
+    let _ = writeln!(out, "# HELP telemt_user_msgs_from_client Per-user messages received");
+    let _ = writeln!(out, "# TYPE telemt_user_msgs_from_client counter");
+    let _ = writeln!(out, "# HELP telemt_user_msgs_to_client Per-user messages sent");
+    let _ = writeln!(out, "# TYPE telemt_user_msgs_to_client counter");
+
+    for entry in stats.iter_user_stats() {
+        let user = entry.key();
+        let s = entry.value();
+        let _ = writeln!(out, "telemt_user_connections_total{{user=\"{}\"}} {}", user, s.connects.load(std::sync::atomic::Ordering::Relaxed));
+        let _ = writeln!(out, "telemt_user_connections_current{{user=\"{}\"}} {}", user, s.curr_connects.load(std::sync::atomic::Ordering::Relaxed));
+        let _ = writeln!(out, "telemt_user_octets_from_client{{user=\"{}\"}} {}", user, s.octets_from_client.load(std::sync::atomic::Ordering::Relaxed));
+        let _ = writeln!(out, "telemt_user_octets_to_client{{user=\"{}\"}} {}", user, s.octets_to_client.load(std::sync::atomic::Ordering::Relaxed));
+        let _ = writeln!(out, "telemt_user_msgs_from_client{{user=\"{}\"}} {}", user, s.msgs_from_client.load(std::sync::atomic::Ordering::Relaxed));
+        let _ = writeln!(out, "telemt_user_msgs_to_client{{user=\"{}\"}} {}", user, s.msgs_to_client.load(std::sync::atomic::Ordering::Relaxed));
+    }
+
+    out
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    #[test]
+    fn test_render_metrics_format() {
+        let stats = Arc::new(Stats::new());
+        stats.increment_connects_all();
+        stats.increment_connects_all();
+        stats.increment_connects_bad();
+        stats.increment_handshake_timeouts();
+        stats.increment_user_connects("alice");
+        stats.increment_user_curr_connects("alice");
+        stats.add_user_octets_from("alice", 1024);
+        stats.add_user_octets_to("alice", 2048);
+        stats.increment_user_msgs_from("alice");
+        stats.increment_user_msgs_to("alice");
+        stats.increment_user_msgs_to("alice");
+
+        let output = render_metrics(&stats);
+
+        assert!(output.contains("telemt_connections_total 2"));
+        assert!(output.contains("telemt_connections_bad_total 1"));
+        assert!(output.contains("telemt_handshake_timeouts_total 1"));
+        assert!(output.contains("telemt_user_connections_total{user=\"alice\"} 1"));
+        assert!(output.contains("telemt_user_connections_current{user=\"alice\"} 1"));
+        assert!(output.contains("telemt_user_octets_from_client{user=\"alice\"} 1024"));
+        assert!(output.contains("telemt_user_octets_to_client{user=\"alice\"} 2048"));
+        assert!(output.contains("telemt_user_msgs_from_client{user=\"alice\"} 1"));
+        assert!(output.contains("telemt_user_msgs_to_client{user=\"alice\"} 2"));
+    }
+
+    #[test]
+    fn test_render_empty_stats() {
+        let stats = Stats::new();
+        let output = render_metrics(&stats);
+        assert!(output.contains("telemt_connections_total 0"));
+        assert!(output.contains("telemt_connections_bad_total 0"));
+        assert!(output.contains("telemt_handshake_timeouts_total 0"));
+        assert!(!output.contains("user="));
+    }
+
+    #[test]
+    fn test_render_has_type_annotations() {
+        let stats = Stats::new();
+        let output = render_metrics(&stats);
+        assert!(output.contains("# TYPE telemt_uptime_seconds gauge"));
+        assert!(output.contains("# TYPE telemt_connections_total counter"));
+        assert!(output.contains("# TYPE telemt_connections_bad_total counter"));
+        assert!(output.contains("# TYPE telemt_handshake_timeouts_total counter"));
+    }
+
+    #[tokio::test]
+    async fn test_endpoint_integration() {
+        let stats = Arc::new(Stats::new());
+        stats.increment_connects_all();
+        stats.increment_connects_all();
+        stats.increment_connects_all();
+
+        let req = Request::builder()
+            .uri("/metrics")
+            .body(())
+            .unwrap();
+        let resp = handle(req, &stats).unwrap();
+        assert_eq!(resp.status(), StatusCode::OK);
+        let body = resp.into_body().collect().await.unwrap().to_bytes();
+        assert!(std::str::from_utf8(body.as_ref()).unwrap().contains("telemt_connections_total 3"));
+
+        let req404 = Request::builder()
+            .uri("/other")
+            .body(())
+            .unwrap();
+        let resp404 = handle(req404, &stats).unwrap();
+        assert_eq!(resp404.status(), StatusCode::NOT_FOUND);
+    }
+}

src/network/mod.rs

@@ -0,0 +1,4 @@
+pub mod probe;
+pub mod stun;
+
+pub use stun::IpFamily;

src/network/probe.rs

@@ -0,0 +1,231 @@
+use std::net::{IpAddr, Ipv4Addr, Ipv6Addr, SocketAddr, UdpSocket};
+
+use tracing::{info, warn};
+
+use crate::config::NetworkConfig;
+use crate::error::Result;
+use crate::network::stun::{stun_probe_dual, DualStunResult, IpFamily};
+
+#[derive(Debug, Clone, Default)]
+pub struct NetworkProbe {
+    pub detected_ipv4: Option<Ipv4Addr>,
+    pub detected_ipv6: Option<Ipv6Addr>,
+    pub reflected_ipv4: Option<SocketAddr>,
+    pub reflected_ipv6: Option<SocketAddr>,
+    pub ipv4_is_bogon: bool,
+    pub ipv6_is_bogon: bool,
+    pub ipv4_nat_detected: bool,
+    pub ipv6_nat_detected: bool,
+    pub ipv4_usable: bool,
+    pub ipv6_usable: bool,
+}
+
+#[derive(Debug, Clone, Default)]
+pub struct NetworkDecision {
+    pub ipv4_dc: bool,
+    pub ipv6_dc: bool,
+    pub ipv4_me: bool,
+    pub ipv6_me: bool,
+    pub effective_prefer: u8,
+    pub effective_multipath: bool,
+}
+
+impl NetworkDecision {
+    pub fn prefer_ipv6(&self) -> bool {
+        self.effective_prefer == 6
+    }
+
+    pub fn me_families(&self) -> Vec<IpFamily> {
+        let mut res = Vec::new();
+        if self.ipv4_me {
+            res.push(IpFamily::V4);
+        }
+        if self.ipv6_me {
+            res.push(IpFamily::V6);
+        }
+        res
+    }
+}
+
+pub async fn run_probe(config: &NetworkConfig, stun_addr: Option<String>, nat_probe: bool) -> Result<NetworkProbe> {
+    let mut probe = NetworkProbe::default();
+
+    probe.detected_ipv4 = detect_local_ip_v4();
+    probe.detected_ipv6 = detect_local_ip_v6();
+
+    probe.ipv4_is_bogon = probe.detected_ipv4.map(is_bogon_v4).unwrap_or(false);
+    probe.ipv6_is_bogon = probe.detected_ipv6.map(is_bogon_v6).unwrap_or(false);
+
+    let stun_server = stun_addr.unwrap_or_else(|| "stun.l.google.com:19302".to_string());
+    let stun_res = if nat_probe {
+        match stun_probe_dual(&stun_server).await {
+            Ok(res) => res,
+            Err(e) => {
+                warn!(error = %e, "STUN probe failed, continuing without reflection");
+                DualStunResult::default()
+            }
+        }
+    } else {
+        DualStunResult::default()
+    };
+    probe.reflected_ipv4 = stun_res.v4.map(|r| r.reflected_addr);
+    probe.reflected_ipv6 = stun_res.v6.map(|r| r.reflected_addr);
+
+    probe.ipv4_nat_detected = match (probe.detected_ipv4, probe.reflected_ipv4) {
+        (Some(det), Some(reflected)) => det != reflected.ip(),
+        _ => false,
+    };
+    probe.ipv6_nat_detected = match (probe.detected_ipv6, probe.reflected_ipv6) {
+        (Some(det), Some(reflected)) => det != reflected.ip(),
+        _ => false,
+    };
+
+    probe.ipv4_usable = config.ipv4
+        && probe.detected_ipv4.is_some()
+        && (!probe.ipv4_is_bogon || probe.reflected_ipv4.map(|r| !is_bogon(r.ip())).unwrap_or(false));
+
+    let ipv6_enabled = config.ipv6.unwrap_or(probe.detected_ipv6.is_some());
+    probe.ipv6_usable = ipv6_enabled
+        && probe.detected_ipv6.is_some()
+        && (!probe.ipv6_is_bogon || probe.reflected_ipv6.map(|r| !is_bogon(r.ip())).unwrap_or(false));
+
+    Ok(probe)
+}
+
+pub fn decide_network_capabilities(config: &NetworkConfig, probe: &NetworkProbe) -> NetworkDecision {
+    let mut decision = NetworkDecision::default();
+
+    decision.ipv4_dc = config.ipv4 && probe.detected_ipv4.is_some();
+    decision.ipv6_dc = config.ipv6.unwrap_or(probe.detected_ipv6.is_some()) && probe.detected_ipv6.is_some();
+
+    decision.ipv4_me = config.ipv4
+        && probe.detected_ipv4.is_some()
+        && (!probe.ipv4_is_bogon || probe.reflected_ipv4.is_some());
+
+    let ipv6_enabled = config.ipv6.unwrap_or(probe.detected_ipv6.is_some());
+    decision.ipv6_me = ipv6_enabled
+        && probe.detected_ipv6.is_some()
+        && (!probe.ipv6_is_bogon || probe.reflected_ipv6.is_some());
+
+    decision.effective_prefer = match config.prefer {
+        6 if decision.ipv6_me || decision.ipv6_dc => 6,
+        4 if decision.ipv4_me || decision.ipv4_dc => 4,
+        6 => {
+            warn!("prefer=6 requested but IPv6 unavailable; falling back to IPv4");
+            4
+        }
+        _ => 4,
+    };
+
+    let me_families = decision.ipv4_me as u8 + decision.ipv6_me as u8;
+    decision.effective_multipath = config.multipath && me_families >= 2;
+
+    decision
+}
+
+fn detect_local_ip_v4() -> Option<Ipv4Addr> {
+    let socket = UdpSocket::bind("0.0.0.0:0").ok()?;
+    socket.connect("8.8.8.8:80").ok()?;
+    match socket.local_addr().ok()?.ip() {
+        IpAddr::V4(v4) => Some(v4),
+        _ => None,
+    }
+}
+
+fn detect_local_ip_v6() -> Option<Ipv6Addr> {
+    let socket = UdpSocket::bind("[::]:0").ok()?;
+    socket.connect("[2001:4860:4860::8888]:80").ok()?;
+    match socket.local_addr().ok()?.ip() {
+        IpAddr::V6(v6) => Some(v6),
+        _ => None,
+    }
+}
+
+pub fn is_bogon(ip: IpAddr) -> bool {
+    match ip {
+        IpAddr::V4(v4) => is_bogon_v4(v4),
+        IpAddr::V6(v6) => is_bogon_v6(v6),
+    }
+}
+
+pub fn is_bogon_v4(ip: Ipv4Addr) -> bool {
+    let octets = ip.octets();
+    if ip.is_private() || ip.is_loopback() || ip.is_link_local() {
+        return true;
+    }
+    if octets[0] == 0 {
+        return true;
+    }
+    if octets[0] == 100 && (octets[1] & 0xC0) == 64 {
+        return true;
+    }
+    if octets[0] == 192 && octets[1] == 0 && octets[2] == 0 {
+        return true;
+    }
+    if octets[0] == 192 && octets[1] == 0 && octets[2] == 2 {
+        return true;
+    }
+    if octets[0] == 198 && (octets[1] & 0xFE) == 18 {
+        return true;
+    }
+    if octets[0] == 198 && octets[1] == 51 && octets[2] == 100 {
+        return true;
+    }
+    if octets[0] == 203 && octets[1] == 0 && octets[2] == 113 {
+        return true;
+    }
+    if ip.is_multicast() {
+        return true;
+    }
+    if octets[0] >= 240 {
+        return true;
+    }
+    if ip.is_broadcast() {
+        return true;
+    }
+    false
+}
+
+pub fn is_bogon_v6(ip: Ipv6Addr) -> bool {
+    if ip.is_unspecified() || ip.is_loopback() || ip.is_unique_local() {
+        return true;
+    }
+    let segs = ip.segments();
+    if (segs[0] & 0xFFC0) == 0xFE80 {
+        return true;
+    }
+    if segs[0..5] == [0, 0, 0, 0, 0] && segs[5] == 0xFFFF {
+        return true;
+    }
+    if segs[0] == 0x0100 && segs[1..4] == [0, 0, 0] {
+        return true;
+    }
+    if segs[0] == 0x2001 && segs[1] == 0x0db8 {
+        return true;
+    }
+    if segs[0] == 0x2002 {
+        return true;
+    }
+    if ip.is_multicast() {
+        return true;
+    }
+    false
+}
+
+pub fn log_probe_result(probe: &NetworkProbe, decision: &NetworkDecision) {
+    info!(
+        ipv4 = probe.detected_ipv4.as_ref().map(|v| v.to_string()).unwrap_or_else(|| "-".into()),
+        ipv6 = probe.detected_ipv6.as_ref().map(|v| v.to_string()).unwrap_or_else(|| "-".into()),
+        reflected_v4 = probe.reflected_ipv4.as_ref().map(|v| v.ip().to_string()).unwrap_or_else(|| "-".into()),
+        reflected_v6 = probe.reflected_ipv6.as_ref().map(|v| v.ip().to_string()).unwrap_or_else(|| "-".into()),
+        ipv4_bogon = probe.ipv4_is_bogon,
+        ipv6_bogon = probe.ipv6_is_bogon,
+        ipv4_me = decision.ipv4_me,
+        ipv6_me = decision.ipv6_me,
+        ipv4_dc = decision.ipv4_dc,
+        ipv6_dc = decision.ipv6_dc,
+        prefer = decision.effective_prefer,
+        multipath = decision.effective_multipath,
+        "Network capabilities resolved"
+    );
+}

src/network/stun.rs

@@ -0,0 +1,210 @@
+use std::net::{IpAddr, Ipv4Addr, Ipv6Addr, SocketAddr};
+
+use tokio::net::{lookup_host, UdpSocket};
+use tokio::time::{timeout, Duration, sleep};
+
+use crate::error::{ProxyError, Result};
+
+#[derive(Debug, Clone, Copy, PartialEq, Eq, Hash)]
+pub enum IpFamily {
+    V4,
+    V6,
+}
+
+#[derive(Debug, Clone, Copy)]
+pub struct StunProbeResult {
+    pub local_addr: SocketAddr,
+    pub reflected_addr: SocketAddr,
+    pub family: IpFamily,
+}
+
+#[derive(Debug, Default, Clone)]
+pub struct DualStunResult {
+    pub v4: Option<StunProbeResult>,
+    pub v6: Option<StunProbeResult>,
+}
+
+pub async fn stun_probe_dual(stun_addr: &str) -> Result<DualStunResult> {
+    let (v4, v6) = tokio::join!(
+        stun_probe_family(stun_addr, IpFamily::V4),
+        stun_probe_family(stun_addr, IpFamily::V6),
+    );
+
+    Ok(DualStunResult {
+        v4: v4?,
+        v6: v6?,
+    })
+}
+
+pub async fn stun_probe_family(stun_addr: &str, family: IpFamily) -> Result<Option<StunProbeResult>> {
+    use rand::RngCore;
+
+    let bind_addr = match family {
+        IpFamily::V4 => "0.0.0.0:0",
+        IpFamily::V6 => "[::]:0",
+    };
+
+    let socket = UdpSocket::bind(bind_addr)
+        .await
+        .map_err(|e| ProxyError::Proxy(format!("STUN bind failed: {e}")))?;
+
+    let target_addr = resolve_stun_addr(stun_addr, family).await?;
+    if let Some(addr) = target_addr {
+        match socket.connect(addr).await {
+            Ok(()) => {}
+            Err(e) if family == IpFamily::V6 && matches!(
+                e.kind(),
+                std::io::ErrorKind::NetworkUnreachable
+                | std::io::ErrorKind::HostUnreachable
+                | std::io::ErrorKind::Unsupported
+                | std::io::ErrorKind::NetworkDown
+            ) => return Ok(None),
+            Err(e) => return Err(ProxyError::Proxy(format!("STUN connect failed: {e}"))),
+        }
+    } else {
+        return Ok(None);
+    }
+
+    let mut req = [0u8; 20];
+    req[0..2].copy_from_slice(&0x0001u16.to_be_bytes()); // Binding Request
+    req[2..4].copy_from_slice(&0u16.to_be_bytes()); // length
+    req[4..8].copy_from_slice(&0x2112A442u32.to_be_bytes()); // magic cookie
+    rand::rng().fill_bytes(&mut req[8..20]); // transaction ID
+
+    let mut buf = [0u8; 256];
+    let mut attempt = 0;
+    let mut backoff = Duration::from_secs(1);
+    loop {
+        socket
+            .send(&req)
+            .await
+            .map_err(|e| ProxyError::Proxy(format!("STUN send failed: {e}")))?;
+
+        let recv_res = timeout(Duration::from_secs(3), socket.recv(&mut buf)).await;
+        let n = match recv_res {
+            Ok(Ok(n)) => n,
+            Ok(Err(e)) => return Err(ProxyError::Proxy(format!("STUN recv failed: {e}"))),
+            Err(_) => {
+                attempt += 1;
+                if attempt >= 3 {
+                    return Ok(None);
+                }
+                sleep(backoff).await;
+                backoff *= 2;
+                continue;
+            }
+        };
+
+        if n < 20 {
+            return Ok(None);
+        }
+
+        let magic = 0x2112A442u32.to_be_bytes();
+        let txid = &req[8..20];
+    let mut idx = 20;
+    while idx + 4 <= n {
+        let atype = u16::from_be_bytes(buf[idx..idx + 2].try_into().unwrap());
+        let alen = u16::from_be_bytes(buf[idx + 2..idx + 4].try_into().unwrap()) as usize;
+        idx += 4;
+        if idx + alen > n {
+            break;
+        }
+
+        match atype {
+            0x0020 /* XOR-MAPPED-ADDRESS */ | 0x0001 /* MAPPED-ADDRESS */ => {
+                if alen < 8 {
+                    break;
+                }
+                let family_byte = buf[idx + 1];
+                let port_bytes = [buf[idx + 2], buf[idx + 3]];
+                let len_check = match family_byte {
+                    0x01 => 4,
+                    0x02 => 16,
+                    _ => 0,
+                };
+                if len_check == 0 || alen < 4 + len_check {
+                    break;
+                }
+
+                let raw_ip = &buf[idx + 4..idx + 4 + len_check];
+                let mut port = u16::from_be_bytes(port_bytes);
+
+                let reflected_ip = if atype == 0x0020 {
+                    port ^= ((magic[0] as u16) << 8) | magic[1] as u16;
+                    match family_byte {
+                        0x01 => {
+                            let ip = [
+                                raw_ip[0] ^ magic[0],
+                                raw_ip[1] ^ magic[1],
+                                raw_ip[2] ^ magic[2],
+                                raw_ip[3] ^ magic[3],
+                            ];
+                            IpAddr::V4(Ipv4Addr::new(ip[0], ip[1], ip[2], ip[3]))
+                        }
+                        0x02 => {
+                            let mut ip = [0u8; 16];
+                            let xor_key = [magic.as_slice(), txid].concat();
+                            for (i, b) in raw_ip.iter().enumerate().take(16) {
+                                ip[i] = *b ^ xor_key[i];
+                            }
+                            IpAddr::V6(Ipv6Addr::from(ip))
+                        }
+                        _ => {
+                            idx += (alen + 3) & !3;
+                            continue;
+                        }
+                    }
+                } else {
+                    match family_byte {
+                        0x01 => IpAddr::V4(Ipv4Addr::new(raw_ip[0], raw_ip[1], raw_ip[2], raw_ip[3])),
+                        0x02 => IpAddr::V6(Ipv6Addr::from(<[u8; 16]>::try_from(raw_ip).unwrap())),
+                        _ => {
+                            idx += (alen + 3) & !3;
+                            continue;
+                        }
+                    }
+                };
+
+                let reflected_addr = SocketAddr::new(reflected_ip, port);
+                let local_addr = socket
+                    .local_addr()
+                    .map_err(|e| ProxyError::Proxy(format!("STUN local_addr failed: {e}")))?;
+
+                return Ok(Some(StunProbeResult {
+                    local_addr,
+                    reflected_addr,
+                    family,
+                }));
+            }
+            _ => {}
+        }
+
+        idx += (alen + 3) & !3;
+    }
+
+    }
+
+    Ok(None)
+}
+
+async fn resolve_stun_addr(stun_addr: &str, family: IpFamily) -> Result<Option<SocketAddr>> {
+    if let Ok(addr) = stun_addr.parse::<SocketAddr>() {
+        return Ok(match (addr.is_ipv4(), family) {
+            (true, IpFamily::V4) | (false, IpFamily::V6) => Some(addr),
+            _ => None,
+        });
+    }
+
+    let addrs = lookup_host(stun_addr)
+        .await
+        .map_err(|e| ProxyError::Proxy(format!("STUN resolve failed: {e}")))?;
+
+    let target = addrs
+        .filter(|a| match (a.is_ipv4(), family) {
+            (true, IpFamily::V4) => true,
+            (false, IpFamily::V6) => true,
+            _ => false,
+        })
+        .next();
+    Ok(target)
+}

src/protocol/constants.rs

@@ -1,13 +1,15 @@
 //! Protocol constants and datacenter addresses
 
 use std::net::{IpAddr, Ipv4Addr, Ipv6Addr};
-use once_cell::sync::Lazy;
+
+use crate::crypto::SecureRandom;
+use std::sync::LazyLock;
 
 // ============= Telegram Datacenters =============
 
 pub const TG_DATACENTER_PORT: u16 = 443;
 
-pub static TG_DATACENTERS_V4: Lazy<Vec<IpAddr>> = Lazy::new(|| {
+pub static TG_DATACENTERS_V4: LazyLock<Vec<IpAddr>> = LazyLock::new(|| {
     vec![
         IpAddr::V4(Ipv4Addr::new(149, 154, 175, 50)),
         IpAddr::V4(Ipv4Addr::new(149, 154, 167, 51)),
@@ -17,7 +19,7 @@ pub static TG_DATACENTERS_V4: Lazy<Vec<IpAddr>> = Lazy::new(|| {
     ]
 });
 
-pub static TG_DATACENTERS_V6: Lazy<Vec<IpAddr>> = Lazy::new(|| {
+pub static TG_DATACENTERS_V6: LazyLock<Vec<IpAddr>> = LazyLock::new(|| {
     vec![
         IpAddr::V6("2001:b28:f23d:f001::a".parse().unwrap()),
         IpAddr::V6("2001:67c:04e8:f002::a".parse().unwrap()),
@@ -29,8 +31,8 @@ pub static TG_DATACENTERS_V6: Lazy<Vec<IpAddr>> = Lazy::new(|| {
 
 // ============= Middle Proxies (for advertising) =============
 
-pub static TG_MIDDLE_PROXIES_V4: Lazy<std::collections::HashMap<i32, Vec<(IpAddr, u16)>>> = 
-    Lazy::new(|| {
+pub static TG_MIDDLE_PROXIES_V4: LazyLock<std::collections::HashMap<i32, Vec<(IpAddr, u16)>>> = 
+    LazyLock::new(|| {
         let mut m = std::collections::HashMap::new();
         m.insert(1, vec![(IpAddr::V4(Ipv4Addr::new(149, 154, 175, 50)), 8888)]);
         m.insert(-1, vec![(IpAddr::V4(Ipv4Addr::new(149, 154, 175, 50)), 8888)]);
@@ -45,8 +47,8 @@ pub static TG_MIDDLE_PROXIES_V4: Lazy<std::collections::HashMap<i32, Vec<(IpAddr
         m
     });
 
-pub static TG_MIDDLE_PROXIES_V6: Lazy<std::collections::HashMap<i32, Vec<(IpAddr, u16)>>> = 
-    Lazy::new(|| {
+pub static TG_MIDDLE_PROXIES_V6: LazyLock<std::collections::HashMap<i32, Vec<(IpAddr, u16)>>> = 
+    LazyLock::new(|| {
         let mut m = std::collections::HashMap::new();
         m.insert(1, vec![(IpAddr::V6("2001:b28:f23d:f001::d".parse().unwrap()), 8888)]);
         m.insert(-1, vec![(IpAddr::V6("2001:b28:f23d:f001::d".parse().unwrap()), 8888)]);
@@ -151,7 +153,32 @@ pub const TLS_RECORD_ALERT: u8 = 0x15;
 /// Maximum TLS record size
 pub const MAX_TLS_RECORD_SIZE: usize = 16384;
 /// Maximum TLS chunk size (with overhead)
-pub const MAX_TLS_CHUNK_SIZE: usize = 16384 + 24;
+/// RFC 8446 §5.2 allows up to 16384 + 256 bytes of ciphertext
+pub const MAX_TLS_CHUNK_SIZE: usize = 16384 + 256;
+
+/// Secure Intermediate payload is expected to be 4-byte aligned.
+pub fn is_valid_secure_payload_len(data_len: usize) -> bool {
+    data_len % 4 == 0
+}
+
+/// Compute Secure Intermediate payload length from wire length.
+/// Secure mode strips up to 3 random tail bytes by truncating to 4-byte boundary.
+pub fn secure_payload_len_from_wire_len(wire_len: usize) -> Option<usize> {
+    if wire_len < 4 {
+        return None;
+    }
+    Some(wire_len - (wire_len % 4))
+}
+
+/// Generate padding length for Secure Intermediate protocol.
+/// Data must be 4-byte aligned; padding is 1..=3 so total is never divisible by 4.
+pub fn secure_padding_len(data_len: usize, rng: &SecureRandom) -> usize {
+    debug_assert!(
+        is_valid_secure_payload_len(data_len),
+        "Secure payload must be 4-byte aligned, got {data_len}"
+    );
+    (rng.range(3) + 1) as usize
+}
 
 // ============= Timeouts =============
 
@@ -167,7 +194,8 @@ pub const DEFAULT_ACK_TIMEOUT_SECS: u64 = 300;
 // ============= Buffer Sizes =============
 
 /// Default buffer size
-pub const DEFAULT_BUFFER_SIZE: usize = 65536;
+pub const DEFAULT_BUFFER_SIZE: usize = 16384;
+
 /// Small buffer size for bad client handling
 pub const SMALL_BUFFER_SIZE: usize = 8192;
 
@@ -201,6 +229,17 @@ pub static RESERVED_NONCE_CONTINUES: &[[u8; 4]] = &[
 // ============= RPC Constants (for Middle Proxy) =============
 
 /// RPC Proxy Request
+
+/// RPC Flags (from Erlang mtp_rpc.erl)
+pub const RPC_FLAG_NOT_ENCRYPTED: u32 = 0x2;
+pub const RPC_FLAG_HAS_AD_TAG: u32    = 0x8;
+pub const RPC_FLAG_MAGIC: u32          = 0x1000;
+pub const RPC_FLAG_EXTMODE2: u32       = 0x20000;
+pub const RPC_FLAG_PAD: u32            = 0x8000000;
+pub const RPC_FLAG_INTERMEDIATE: u32   = 0x20000000;
+pub const RPC_FLAG_ABRIDGED: u32       = 0x40000000;
+pub const RPC_FLAG_QUICKACK: u32       = 0x80000000;
+
 pub const RPC_PROXY_REQ: [u8; 4] = [0xee, 0xf1, 0xce, 0x36];
 /// RPC Proxy Answer
 pub const RPC_PROXY_ANS: [u8; 4] = [0x0d, 0xda, 0x03, 0x44];
@@ -227,7 +266,60 @@ pub mod rpc_flags {
     pub const FLAG_QUICKACK: u32 = 0x80000000;
 }
 
-#[cfg(test)]
+
+    // ============= Middle-End Proxy Servers =============
+    pub const ME_PROXY_PORT: u16 = 8888;
+    
+    pub static TG_MIDDLE_PROXIES_FLAT_V4: LazyLock<Vec<(IpAddr, u16)>> = LazyLock::new(|| {
+        vec![
+            (IpAddr::V4(Ipv4Addr::new(149, 154, 175, 50)), 8888),
+            (IpAddr::V4(Ipv4Addr::new(149, 154, 161, 144)), 8888),
+            (IpAddr::V4(Ipv4Addr::new(149, 154, 175, 100)), 8888),
+            (IpAddr::V4(Ipv4Addr::new(91, 108, 4, 136)), 8888),
+            (IpAddr::V4(Ipv4Addr::new(91, 108, 56, 183)), 8888),
+        ]
+    });
+    
+    // ============= RPC Constants (u32 native endian) =============
+    // From mtproto-common.h + net-tcp-rpc-common.h + mtproto-proxy.c
+    
+    pub const RPC_NONCE_U32: u32           = 0x7acb87aa;
+    pub const RPC_HANDSHAKE_U32: u32       = 0x7682eef5;
+    pub const RPC_HANDSHAKE_ERROR_U32: u32 = 0x6a27beda;
+    pub const TL_PROXY_TAG_U32: u32        = 0xdb1e26ae;  // mtproto-proxy.c:121
+    
+    // mtproto-common.h
+    pub const RPC_PROXY_REQ_U32: u32       = 0x36cef1ee;
+    pub const RPC_PROXY_ANS_U32: u32       = 0x4403da0d;
+    pub const RPC_CLOSE_CONN_U32: u32      = 0x1fcf425d;
+    pub const RPC_CLOSE_EXT_U32: u32       = 0x5eb634a2;
+    pub const RPC_SIMPLE_ACK_U32: u32      = 0x3bac409b;
+    pub const RPC_PING_U32: u32            = 0x5730a2df;
+    pub const RPC_PONG_U32: u32            = 0x8430eaa7;
+    
+    pub const RPC_CRYPTO_NONE_U32: u32 = 0;
+    pub const RPC_CRYPTO_AES_U32: u32  = 1;
+    
+    pub mod proxy_flags {
+        pub const FLAG_HAS_AD_TAG: u32    = 1;
+        pub const FLAG_NOT_ENCRYPTED: u32 = 0x2;
+        pub const FLAG_HAS_AD_TAG2: u32   = 0x8;
+        pub const FLAG_MAGIC: u32         = 0x1000;
+        pub const FLAG_EXTMODE2: u32      = 0x20000;
+        pub const FLAG_PAD: u32           = 0x8000000;
+        pub const FLAG_INTERMEDIATE: u32  = 0x20000000;
+        pub const FLAG_ABRIDGED: u32      = 0x40000000;
+        pub const FLAG_QUICKACK: u32      = 0x80000000;
+    }
+
+    pub mod rpc_crypto_flags {
+        pub const USE_CRC32C: u32 = 0x800;
+    }
+    
+    pub const ME_CONNECT_TIMEOUT_SECS: u64 = 5;
+    pub const ME_HANDSHAKE_TIMEOUT_SECS: u64 = 10;
+    
+    #[cfg(test)]
 mod tests {
     use super::*;
     
@@ -258,4 +350,43 @@ mod tests {
         assert_eq!(TG_DATACENTERS_V4.len(), 5);
         assert_eq!(TG_DATACENTERS_V6.len(), 5);
     }
+
+    #[test]
+    fn secure_padding_never_produces_aligned_total() {
+        let rng = SecureRandom::new();
+        for data_len in (0..1000).step_by(4) {
+            for _ in 0..100 {
+                let padding = secure_padding_len(data_len, &rng);
+                assert!(
+                    padding <= 3,
+                    "padding out of range: data_len={data_len}, padding={padding}"
+                );
+                assert_ne!(
+                    (data_len + padding) % 4,
+                    0,
+                    "invariant violated: data_len={data_len}, padding={padding}, total={}",
+                    data_len + padding
+                );
+            }
+        }
+    }
+
+    #[test]
+    fn secure_wire_len_roundtrip_for_aligned_payload() {
+        for payload_len in (4..4096).step_by(4) {
+            for padding in 0..=3usize {
+                let wire_len = payload_len + padding;
+                let recovered = secure_payload_len_from_wire_len(wire_len);
+                assert_eq!(recovered, Some(payload_len));
+            }
+        }
+    }
+
+    #[test]
+    fn secure_wire_len_rejects_too_short_frames() {
+        assert_eq!(secure_payload_len_from_wire_len(0), None);
+        assert_eq!(secure_payload_len_from_wire_len(1), None);
+        assert_eq!(secure_payload_len_from_wire_len(2), None);
+        assert_eq!(secure_payload_len_from_wire_len(3), None);
+    }
 }

src/protocol/obfuscation.rs

@@ -1,10 +1,13 @@
 //! MTProto Obfuscation
 
+use zeroize::Zeroize;
 use crate::crypto::{sha256, AesCtr};
 use crate::error::Result;
 use super::constants::*;
 
 /// Obfuscation parameters from handshake
+///
+/// Key material is zeroized on drop.
 #[derive(Debug, Clone)]
 pub struct ObfuscationParams {
     /// Key for decrypting client -> proxy traffic
@@ -21,25 +24,31 @@ pub struct ObfuscationParams {
     pub dc_idx: i16,
 }
 
+impl Drop for ObfuscationParams {
+    fn drop(&mut self) {
+        self.decrypt_key.zeroize();
+        self.decrypt_iv.zeroize();
+        self.encrypt_key.zeroize();
+        self.encrypt_iv.zeroize();
+    }
+}
+
 impl ObfuscationParams {
     /// Parse obfuscation parameters from handshake bytes
     /// Returns None if handshake doesn't match any user secret
     pub fn from_handshake(
         handshake: &[u8; HANDSHAKE_LEN],
-        secrets: &[(String, Vec<u8>)], // (username, secret_bytes)
+        secrets: &[(String, Vec<u8>)],
     ) -> Option<(Self, String)> {
-        // Extract prekey and IV for decryption
         let dec_prekey_iv = &handshake[SKIP_LEN..SKIP_LEN + PREKEY_LEN + IV_LEN];
         let dec_prekey = &dec_prekey_iv[..PREKEY_LEN];
         let dec_iv_bytes = &dec_prekey_iv[PREKEY_LEN..];
         
-        // Reversed for encryption direction
         let enc_prekey_iv: Vec<u8> = dec_prekey_iv.iter().rev().copied().collect();
         let enc_prekey = &enc_prekey_iv[..PREKEY_LEN];
         let enc_iv_bytes = &enc_prekey_iv[PREKEY_LEN..];
         
         for (username, secret) in secrets {
-            // Derive decryption key
             let mut dec_key_input = Vec::with_capacity(PREKEY_LEN + secret.len());
             dec_key_input.extend_from_slice(dec_prekey);
             dec_key_input.extend_from_slice(secret);
@@ -47,26 +56,22 @@ impl ObfuscationParams {
             
             let decrypt_iv = u128::from_be_bytes(dec_iv_bytes.try_into().unwrap());
             
-            // Create decryptor and decrypt handshake
             let mut decryptor = AesCtr::new(&decrypt_key, decrypt_iv);
             let decrypted = decryptor.decrypt(handshake);
             
-            // Check protocol tag
             let tag_bytes: [u8; 4] = decrypted[PROTO_TAG_POS..PROTO_TAG_POS + 4]
                 .try_into()
                 .unwrap();
             
             let proto_tag = match ProtoTag::from_bytes(tag_bytes) {
                 Some(tag) => tag,
-                None => continue, // Try next secret
+                None => continue,
             };
             
-            // Extract DC index
             let dc_idx = i16::from_le_bytes(
                 decrypted[DC_IDX_POS..DC_IDX_POS + 2].try_into().unwrap()
             );
             
-            // Derive encryption key
             let mut enc_key_input = Vec::with_capacity(PREKEY_LEN + secret.len());
             enc_key_input.extend_from_slice(enc_prekey);
             enc_key_input.extend_from_slice(secret);
@@ -123,18 +128,15 @@ pub fn generate_nonce<R: FnMut(usize) -> Vec<u8>>(mut random_bytes: R) -> [u8; H
 
 /// Check if nonce is valid (not matching reserved patterns)
 pub fn is_valid_nonce(nonce: &[u8; HANDSHAKE_LEN]) -> bool {
-    // Check first byte
     if RESERVED_NONCE_FIRST_BYTES.contains(&nonce[0]) {
         return false;
     }
     
-    // Check first 4 bytes
     let first_four: [u8; 4] = nonce[..4].try_into().unwrap();
     if RESERVED_NONCE_BEGINNINGS.contains(&first_four) {
         return false;
     }
     
-    // Check bytes 4-7
     let continue_four: [u8; 4] = nonce[4..8].try_into().unwrap();
     if RESERVED_NONCE_CONTINUES.contains(&continue_four) {
         return false;
@@ -147,12 +149,10 @@ pub fn is_valid_nonce(nonce: &[u8; HANDSHAKE_LEN]) -> bool {
 pub fn prepare_tg_nonce(
     nonce: &mut [u8; HANDSHAKE_LEN],
     proto_tag: ProtoTag,
-    enc_key_iv: Option<&[u8]>, // For fast mode
+    enc_key_iv: Option<&[u8]>,
 ) {
-    // Set protocol tag
     nonce[PROTO_TAG_POS..PROTO_TAG_POS + 4].copy_from_slice(&proto_tag.to_bytes());
     
-    // For fast mode, copy the reversed enc_key_iv
     if let Some(key_iv) = enc_key_iv {
         let reversed: Vec<u8> = key_iv.iter().rev().copied().collect();
         nonce[SKIP_LEN..SKIP_LEN + KEY_LEN + IV_LEN].copy_from_slice(&reversed);
@@ -160,15 +160,19 @@ pub fn prepare_tg_nonce(
 }
 
 /// Encrypt the outgoing nonce for Telegram
+/// Legacy helper — **do not use**.
+/// WARNING: logic diverges from Python/C reference (SHA256 of 48 bytes, IV from head).
+/// Kept only to avoid breaking external callers; prefer `encrypt_tg_nonce_with_ciphers`.
+#[deprecated(
+    note = "Incorrect MTProto obfuscation KDF; use proxy::handshake::encrypt_tg_nonce_with_ciphers"
+)]
 pub fn encrypt_nonce(nonce: &[u8; HANDSHAKE_LEN]) -> Vec<u8> {
-    // Derive encryption key from the nonce itself
     let key_iv = &nonce[SKIP_LEN..SKIP_LEN + KEY_LEN + IV_LEN];
     let enc_key = sha256(key_iv);
     let enc_iv = u128::from_be_bytes(key_iv[..IV_LEN].try_into().unwrap());
     
     let mut encryptor = AesCtr::new(&enc_key, enc_iv);
     
-    // Only encrypt from PROTO_TAG_POS onwards
     let mut result = nonce.to_vec();
     let encrypted_part = encryptor.encrypt(&nonce[PROTO_TAG_POS..]);
     result[PROTO_TAG_POS..].copy_from_slice(&encrypted_part);
@@ -182,22 +186,18 @@ mod tests {
     
     #[test]
     fn test_is_valid_nonce() {
-        // Valid nonce
         let mut valid = [0x42u8; HANDSHAKE_LEN];
         valid[4..8].copy_from_slice(&[1, 2, 3, 4]);
         assert!(is_valid_nonce(&valid));
         
-        // Invalid: starts with 0xef
         let mut invalid = [0x00u8; HANDSHAKE_LEN];
         invalid[0] = 0xef;
         assert!(!is_valid_nonce(&invalid));
         
-        // Invalid: starts with HEAD
         let mut invalid = [0x00u8; HANDSHAKE_LEN];
         invalid[..4].copy_from_slice(b"HEAD");
         assert!(!is_valid_nonce(&invalid));
         
-        // Invalid: bytes 4-7 are zeros
         let mut invalid = [0x42u8; HANDSHAKE_LEN];
         invalid[4..8].copy_from_slice(&[0, 0, 0, 0]);
         assert!(!is_valid_nonce(&invalid));

src/protocol/tls.rs

@@ -4,10 +4,12 @@
 //! for domain fronting. The handshake looks like valid TLS 1.3 but
 //! actually carries MTProto authentication data.
 
-use crate::crypto::{sha256_hmac, random::SECURE_RANDOM};
+use crate::crypto::{sha256_hmac, SecureRandom};
 use crate::error::{ProxyError, Result};
 use super::constants::*;
 use std::time::{SystemTime, UNIX_EPOCH};
+use num_bigint::BigUint;
+use num_traits::One;
 
 // ============= Public Constants =============
 
@@ -30,6 +32,7 @@ pub const TIME_SKEW_MAX: i64 = 10 * 60;  // 10 minutes after
 mod extension_type {
     pub const KEY_SHARE: u16 = 0x0033;
     pub const SUPPORTED_VERSIONS: u16 = 0x002b;
+    pub const ALPN: u16 = 0x0010;
 }
 
 /// TLS Cipher Suites
@@ -60,6 +63,7 @@ pub struct TlsValidation {
 // ============= TLS Extension Builder =============
 
 /// Builder for TLS extensions with correct length calculation
+#[derive(Clone)]
 struct TlsExtensionBuilder {
     extensions: Vec<u8>,
 }
@@ -107,6 +111,27 @@ impl TlsExtensionBuilder {
         self
     }
 
+    /// Add ALPN extension with a single selected protocol.
+    fn add_alpn(&mut self, proto: &[u8]) -> &mut Self {
+        // Extension type: ALPN (0x0010)
+        self.extensions.extend_from_slice(&extension_type::ALPN.to_be_bytes());
+
+        // ALPN extension format:
+        // extension_data length (2 bytes)
+        //   protocols length (2 bytes)
+        //     protocol name length (1 byte)
+        //     protocol name bytes
+        let proto_len = proto.len() as u8;
+        let list_len: u16 = 1 + proto_len as u16;
+        let ext_len: u16 = 2 + list_len;
+
+        self.extensions.extend_from_slice(&ext_len.to_be_bytes());
+        self.extensions.extend_from_slice(&list_len.to_be_bytes());
+        self.extensions.push(proto_len);
+        self.extensions.extend_from_slice(proto);
+        self
+    }
+    
     /// Build final extensions with length prefix
     fn build(self) -> Vec<u8> {
         let mut result = Vec::with_capacity(2 + self.extensions.len());
@@ -142,6 +167,8 @@ struct ServerHelloBuilder {
     compression: u8,
     /// Extensions
     extensions: TlsExtensionBuilder,
+    /// Selected ALPN protocol (if any)
+    alpn: Option<Vec<u8>>,
 }
 
 impl ServerHelloBuilder {
@@ -152,6 +179,7 @@ impl ServerHelloBuilder {
             cipher_suite: cipher_suite::TLS_AES_128_GCM_SHA256,
             compression: 0x00,
             extensions: TlsExtensionBuilder::new(),
+            alpn: None,
         }
     }
     
@@ -166,9 +194,18 @@ impl ServerHelloBuilder {
         self
     }
 
+    fn with_alpn(mut self, proto: Option<Vec<u8>>) -> Self {
+        self.alpn = proto;
+        self
+    }
+    
     /// Build ServerHello message (without record header)
     fn build_message(&self) -> Vec<u8> {
-        let extensions = self.extensions.extensions.clone();
+        let mut ext_builder = self.extensions.clone();
+        if let Some(ref alpn) = self.alpn {
+            ext_builder.add_alpn(alpn);
+        }
+        let extensions = ext_builder.extensions.clone();
         let extensions_len = extensions.len() as u16;
         
         // Calculate total length
@@ -311,13 +348,27 @@ pub fn validate_tls_handshake(
     None
 }
 
+fn curve25519_prime() -> BigUint {
+    (BigUint::one() << 255) - BigUint::from(19u32)
+}
+
 /// Generate a fake X25519 public key for TLS
 ///
-/// This generates random bytes that look like a valid X25519 public key.
-/// Since we're not doing real TLS, the actual cryptographic properties don't matter.
-pub fn gen_fake_x25519_key() -> [u8; 32] {
-    let bytes = SECURE_RANDOM.bytes(32);
-    bytes.try_into().unwrap()
+/// Produces a quadratic residue mod p = 2^255 - 19 by computing n² mod p,
+/// which matches Python/C behavior and avoids DPI fingerprinting.
+pub fn gen_fake_x25519_key(rng: &SecureRandom) -> [u8; 32] {
+    let mut n_bytes = [0u8; 32];
+    n_bytes.copy_from_slice(&rng.bytes(32));
+
+    let n = BigUint::from_bytes_le(&n_bytes);
+    let p = curve25519_prime();
+    let pk = (&n * &n) % &p;
+
+    let mut out = pk.to_bytes_le();
+    out.resize(32, 0);
+    let mut result = [0u8; 32];
+    result.copy_from_slice(&out[..32]);
+    result
 }
 
 /// Build TLS ServerHello response
@@ -333,13 +384,20 @@ pub fn build_server_hello(
     client_digest: &[u8; TLS_DIGEST_LEN],
     session_id: &[u8],
     fake_cert_len: usize,
+    rng: &SecureRandom,
+    alpn: Option<Vec<u8>>,
+    new_session_tickets: u8,
 ) -> Vec<u8> {
-    let x25519_key = gen_fake_x25519_key();
+    const MIN_APP_DATA: usize = 64;
+    const MAX_APP_DATA: usize = 16640; // RFC 8446 §5.2 upper bound
+    let fake_cert_len = fake_cert_len.max(MIN_APP_DATA).min(MAX_APP_DATA);
+    let x25519_key = gen_fake_x25519_key(rng);
     
     // Build ServerHello
     let server_hello = ServerHelloBuilder::new(session_id.to_vec())
         .with_x25519_key(&x25519_key)
         .with_tls13_version()
+        .with_alpn(alpn)
         .build_record();
     
     // Build Change Cipher Spec record
@@ -351,20 +409,40 @@ pub fn build_server_hello(
     ];
     
     // Build fake certificate (Application Data record)
-    let fake_cert = SECURE_RANDOM.bytes(fake_cert_len);
+    let fake_cert = rng.bytes(fake_cert_len);
     let mut app_data_record = Vec::with_capacity(5 + fake_cert_len);
     app_data_record.push(TLS_RECORD_APPLICATION);
     app_data_record.extend_from_slice(&TLS_VERSION);
     app_data_record.extend_from_slice(&(fake_cert_len as u16).to_be_bytes());
+    // Fill ApplicationData with fully random bytes of desired length to avoid
+    // deterministic DPI fingerprints (fixed inner content type markers).
     app_data_record.extend_from_slice(&fake_cert);
     
+    // Build optional NewSessionTicket records (TLS 1.3 handshake messages are encrypted;
+    // here we mimic with opaque ApplicationData records of plausible size).
+    let mut tickets = Vec::new();
+    if new_session_tickets > 0 {
+        for _ in 0..new_session_tickets {
+            let ticket_len: usize = rng.range(48) + 48; // 48-95 bytes
+            let mut record = Vec::with_capacity(5 + ticket_len);
+            record.push(TLS_RECORD_APPLICATION);
+            record.extend_from_slice(&TLS_VERSION);
+            record.extend_from_slice(&(ticket_len as u16).to_be_bytes());
+            record.extend_from_slice(&rng.bytes(ticket_len));
+            tickets.push(record);
+        }
+    }
+
     // Combine all records
     let mut response = Vec::with_capacity(
-        server_hello.len() + change_cipher_spec.len() + app_data_record.len()
+        server_hello.len() + change_cipher_spec.len() + app_data_record.len() + tickets.iter().map(|r| r.len()).sum::<usize>()
     );
     response.extend_from_slice(&server_hello);
     response.extend_from_slice(&change_cipher_spec);
     response.extend_from_slice(&app_data_record);
+    for t in &tickets {
+        response.extend_from_slice(t);
+    }
     
     // Compute HMAC for the response
     let mut hmac_input = Vec::with_capacity(TLS_DIGEST_LEN + response.len());
@@ -380,6 +458,131 @@ pub fn build_server_hello(
     response
 }
 
+/// Extract SNI (server_name) from a TLS ClientHello.
+pub fn extract_sni_from_client_hello(handshake: &[u8]) -> Option<String> {
+    if handshake.len() < 43 || handshake[0] != TLS_RECORD_HANDSHAKE {
+        return None;
+    }
+
+    let mut pos = 5; // after record header
+    if handshake.get(pos).copied()? != 0x01 {
+        return None; // not ClientHello
+    }
+
+    // Handshake length bytes
+    pos += 4; // type + len (3)
+
+    // version (2) + random (32)
+    pos += 2 + 32;
+    if pos + 1 > handshake.len() {
+        return None;
+    }
+
+    let session_id_len = *handshake.get(pos)? as usize;
+    pos += 1 + session_id_len;
+    if pos + 2 > handshake.len() {
+        return None;
+    }
+
+    let cipher_suites_len = u16::from_be_bytes([handshake[pos], handshake[pos + 1]]) as usize;
+    pos += 2 + cipher_suites_len;
+    if pos + 1 > handshake.len() {
+        return None;
+    }
+
+    let comp_len = *handshake.get(pos)? as usize;
+    pos += 1 + comp_len;
+    if pos + 2 > handshake.len() {
+        return None;
+    }
+
+    let ext_len = u16::from_be_bytes([handshake[pos], handshake[pos + 1]]) as usize;
+    pos += 2;
+    let ext_end = pos + ext_len;
+    if ext_end > handshake.len() {
+        return None;
+    }
+
+    while pos + 4 <= ext_end {
+        let etype = u16::from_be_bytes([handshake[pos], handshake[pos + 1]]);
+        let elen = u16::from_be_bytes([handshake[pos + 2], handshake[pos + 3]]) as usize;
+        pos += 4;
+        if pos + elen > ext_end {
+            break;
+        }
+        if etype == 0x0000 && elen >= 5 {
+            // server_name extension
+            let list_len = u16::from_be_bytes([handshake[pos], handshake[pos + 1]]) as usize;
+            let mut sn_pos = pos + 2;
+            let sn_end = std::cmp::min(sn_pos + list_len, pos + elen);
+            while sn_pos + 3 <= sn_end {
+                let name_type = handshake[sn_pos];
+                let name_len = u16::from_be_bytes([handshake[sn_pos + 1], handshake[sn_pos + 2]]) as usize;
+                sn_pos += 3;
+                if sn_pos + name_len > sn_end {
+                    break;
+                }
+                if name_type == 0 && name_len > 0 {
+                    if let Ok(host) = std::str::from_utf8(&handshake[sn_pos..sn_pos + name_len]) {
+                        return Some(host.to_string());
+                    }
+                }
+                sn_pos += name_len;
+            }
+        }
+        pos += elen;
+    }
+
+    None
+}
+
+/// Extract ALPN protocol list from ClientHello, return in offered order.
+pub fn extract_alpn_from_client_hello(handshake: &[u8]) -> Vec<Vec<u8>> {
+    let mut pos = 5; // after record header
+    if handshake.get(pos) != Some(&0x01) {
+        return Vec::new();
+    }
+    pos += 4; // type + len
+    pos += 2 + 32; // version + random
+    if pos >= handshake.len() { return Vec::new(); }
+    let session_id_len = *handshake.get(pos).unwrap_or(&0) as usize;
+    pos += 1 + session_id_len;
+    if pos + 2 > handshake.len() { return Vec::new(); }
+    let cipher_len = u16::from_be_bytes([handshake[pos], handshake[pos+1]]) as usize;
+    pos += 2 + cipher_len;
+    if pos >= handshake.len() { return Vec::new(); }
+    let comp_len = *handshake.get(pos).unwrap_or(&0) as usize;
+    pos += 1 + comp_len;
+    if pos + 2 > handshake.len() { return Vec::new(); }
+    let ext_len = u16::from_be_bytes([handshake[pos], handshake[pos+1]]) as usize;
+    pos += 2;
+    let ext_end = pos + ext_len;
+    if ext_end > handshake.len() { return Vec::new(); }
+    let mut out = Vec::new();
+    while pos + 4 <= ext_end {
+        let etype = u16::from_be_bytes([handshake[pos], handshake[pos+1]]);
+        let elen = u16::from_be_bytes([handshake[pos+2], handshake[pos+3]]) as usize;
+        pos += 4;
+        if pos + elen > ext_end { break; }
+        if etype == extension_type::ALPN && elen >= 3 {
+            let list_len = u16::from_be_bytes([handshake[pos], handshake[pos+1]]) as usize;
+            let mut lp = pos + 2;
+            let list_end = (pos + 2).saturating_add(list_len).min(pos + elen);
+            while lp + 1 <= list_end {
+                let plen = handshake[lp] as usize;
+                lp += 1;
+                if lp + plen > list_end { break; }
+                out.push(handshake[lp..lp+plen].to_vec());
+                lp += plen;
+            }
+            break;
+        }
+        pos += elen;
+    }
+    out
+}
+
+
 /// Check if bytes look like a TLS ClientHello
 pub fn is_tls_handshake(first_bytes: &[u8]) -> bool {
     if first_bytes.len() < 3 {
@@ -489,14 +692,26 @@ mod tests {
     
     #[test]
     fn test_gen_fake_x25519_key() {
-        let key1 = gen_fake_x25519_key();
-        let key2 = gen_fake_x25519_key();
+        let rng = SecureRandom::new();
+        let key1 = gen_fake_x25519_key(&rng);
+        let key2 = gen_fake_x25519_key(&rng);
         
         assert_eq!(key1.len(), 32);
         assert_eq!(key2.len(), 32);
         assert_ne!(key1, key2); // Should be random
     }
 
+    #[test]
+    fn test_fake_x25519_key_is_quadratic_residue() {
+        let rng = SecureRandom::new();
+        let key = gen_fake_x25519_key(&rng);
+        let p = curve25519_prime();
+        let k_num = BigUint::from_bytes_le(&key);
+        let exponent = (&p - BigUint::one()) >> 1;
+        let legendre = k_num.modpow(&exponent, &p);
+        assert_eq!(legendre, BigUint::one());
+    }
+    
     #[test]
     fn test_tls_extension_builder() {
         let key = [0x42u8; 32];
@@ -545,7 +760,8 @@ mod tests {
         let client_digest = [0x42u8; 32];
         let session_id = vec![0xAA; 32];
         
-        let response = build_server_hello(secret, &client_digest, &session_id, 2048);
+        let rng = SecureRandom::new();
+        let response = build_server_hello(secret, &client_digest, &session_id, 2048, &rng, None, 0);
         
         // Should have at least 3 records
         assert!(response.len() > 100);
@@ -577,8 +793,9 @@ mod tests {
         let client_digest = [0x42u8; 32];
         let session_id = vec![0xAA; 32];
         
-        let response1 = build_server_hello(secret, &client_digest, &session_id, 1024);
-        let response2 = build_server_hello(secret, &client_digest, &session_id, 1024);
+        let rng = SecureRandom::new();
+        let response1 = build_server_hello(secret, &client_digest, &session_id, 1024, &rng, None, 0);
+        let response2 = build_server_hello(secret, &client_digest, &session_id, 1024, &rng, None, 0);
         
         // Digest position should have non-zero data
         let digest1 = &response1[TLS_DIGEST_POS..TLS_DIGEST_POS + TLS_DIGEST_LEN];
@@ -637,4 +854,101 @@ mod tests {
         // Should return None (no match) but not panic
         assert!(result.is_none());
     }
+
+    fn build_client_hello_with_exts(exts: Vec<(u16, Vec<u8>)>, host: &str) -> Vec<u8> {
+        let mut body = Vec::new();
+        body.extend_from_slice(&TLS_VERSION); // legacy version
+        body.extend_from_slice(&[0u8; 32]); // random
+        body.push(0); // session id len
+        body.extend_from_slice(&2u16.to_be_bytes()); // cipher suites len
+        body.extend_from_slice(&[0x13, 0x01]); // TLS_AES_128_GCM_SHA256
+        body.push(1); // compression len
+        body.push(0); // null compression
+
+        // Build SNI extension
+        let host_bytes = host.as_bytes();
+        let mut sni_ext = Vec::new();
+        sni_ext.extend_from_slice(&(host_bytes.len() as u16 + 3).to_be_bytes());
+        sni_ext.push(0);
+        sni_ext.extend_from_slice(&(host_bytes.len() as u16).to_be_bytes());
+        sni_ext.extend_from_slice(host_bytes);
+
+        let mut ext_blob = Vec::new();
+        for (typ, data) in exts {
+            ext_blob.extend_from_slice(&typ.to_be_bytes());
+            ext_blob.extend_from_slice(&(data.len() as u16).to_be_bytes());
+            ext_blob.extend_from_slice(&data);
+        }
+        // SNI last
+        ext_blob.extend_from_slice(&0x0000u16.to_be_bytes());
+        ext_blob.extend_from_slice(&(sni_ext.len() as u16).to_be_bytes());
+        ext_blob.extend_from_slice(&sni_ext);
+
+        body.extend_from_slice(&(ext_blob.len() as u16).to_be_bytes());
+        body.extend_from_slice(&ext_blob);
+
+        let mut handshake = Vec::new();
+        handshake.push(0x01); // ClientHello
+        let len_bytes = (body.len() as u32).to_be_bytes();
+        handshake.extend_from_slice(&len_bytes[1..4]);
+        handshake.extend_from_slice(&body);
+
+        let mut record = Vec::new();
+        record.push(TLS_RECORD_HANDSHAKE);
+        record.extend_from_slice(&[0x03, 0x01]);
+        record.extend_from_slice(&(handshake.len() as u16).to_be_bytes());
+        record.extend_from_slice(&handshake);
+        record
+    }
+
+    #[test]
+    fn test_extract_sni_with_grease_extension() {
+        // GREASE type 0x0a0a with zero length before SNI
+        let ch = build_client_hello_with_exts(vec![(0x0a0a, Vec::new())], "example.com");
+        let sni = extract_sni_from_client_hello(&ch);
+        assert_eq!(sni.as_deref(), Some("example.com"));
+    }
+
+    #[test]
+    fn test_extract_sni_tolerates_empty_unknown_extension() {
+        let ch = build_client_hello_with_exts(vec![(0x1234, Vec::new())], "test.local");
+        let sni = extract_sni_from_client_hello(&ch);
+        assert_eq!(sni.as_deref(), Some("test.local"));
+    }
+
+    #[test]
+    fn test_extract_alpn_single() {
+        let mut alpn_data = Vec::new();
+        // list length = 3 (1 length byte + "h2")
+        alpn_data.extend_from_slice(&3u16.to_be_bytes());
+        alpn_data.push(2);
+        alpn_data.extend_from_slice(b"h2");
+        let ch = build_client_hello_with_exts(vec![(0x0010, alpn_data)], "alpn.test");
+        let alpn = extract_alpn_from_client_hello(&ch);
+        let alpn_str: Vec<String> = alpn
+            .iter()
+            .map(|p| std::str::from_utf8(p).unwrap().to_string())
+            .collect();
+        assert_eq!(alpn_str, vec!["h2"]);
+    }
+
+    #[test]
+    fn test_extract_alpn_multiple() {
+        let mut alpn_data = Vec::new();
+        // list length = 11 (sum of per-proto lengths including length bytes)
+        alpn_data.extend_from_slice(&11u16.to_be_bytes());
+        alpn_data.push(2);
+        alpn_data.extend_from_slice(b"h2");
+        alpn_data.push(4);
+        alpn_data.extend_from_slice(b"spdy");
+        alpn_data.push(2);
+        alpn_data.extend_from_slice(b"h3");
+        let ch = build_client_hello_with_exts(vec![(0x0010, alpn_data)], "alpn.test");
+        let alpn = extract_alpn_from_client_hello(&ch);
+        let alpn_str: Vec<String> = alpn
+            .iter()
+            .map(|p| std::str::from_utf8(p).unwrap().to_string())
+            .collect();
+        assert_eq!(alpn_str, vec!["h2", "spdy", "h3"]);
+    }
 }

src/proxy/client.rs

@@ -1,33 +1,223 @@
 //! Client Handler
 
+use std::future::Future;
 use std::net::SocketAddr;
+use std::pin::Pin;
 use std::sync::Arc;
 use std::time::Duration;
+use tokio::io::{AsyncRead, AsyncReadExt, AsyncWrite};
 use tokio::net::TcpStream;
-use tokio::io::{AsyncRead, AsyncWrite, AsyncReadExt, AsyncWriteExt};
 use tokio::time::timeout;
-use tracing::{debug, info, warn, error, trace};
+use tracing::{debug, warn};
+
+/// Post-handshake future (relay phase, runs outside handshake timeout)
+type PostHandshakeFuture = Pin<Box<dyn Future<Output = Result<()>> + Send>>;
+
+/// Result of the handshake phase
+enum HandshakeOutcome {
+    /// Handshake succeeded, relay work to do (outside timeout)
+    NeedsRelay(PostHandshakeFuture),
+    /// Already fully handled (bad client masking, etc.)
+    Handled,
+}
 
 use crate::config::ProxyConfig;
-use crate::error::{ProxyError, Result, HandshakeResult};
+use crate::crypto::SecureRandom;
+use crate::error::{HandshakeResult, ProxyError, Result};
+use crate::ip_tracker::UserIpTracker;
 use crate::protocol::constants::*;
 use crate::protocol::tls;
-use crate::stats::{Stats, ReplayChecker};
-use crate::transport::{configure_client_socket, UpstreamManager};
-use crate::stream::{CryptoReader, CryptoWriter, FakeTlsReader, FakeTlsWriter};
-use crate::crypto::AesCtr;
+use crate::stats::{ReplayChecker, Stats};
+use crate::stream::{BufferPool, CryptoReader, CryptoWriter};
+use crate::transport::middle_proxy::MePool;
+use crate::transport::{UpstreamManager, configure_client_socket, parse_proxy_protocol};
+use crate::transport::socket::normalize_ip;
+use crate::tls_front::TlsFrontCache;
 
-use super::handshake::{
-    handle_tls_handshake, handle_mtproto_handshake, 
-    HandshakeSuccess, generate_tg_nonce, encrypt_tg_nonce,
-};
-use super::relay::relay_bidirectional;
-use super::masking::handle_bad_client;
+use crate::proxy::direct_relay::handle_via_direct;
+use crate::proxy::handshake::{HandshakeSuccess, handle_mtproto_handshake, handle_tls_handshake};
+use crate::proxy::masking::handle_bad_client;
+use crate::proxy::middle_relay::handle_via_middle_proxy;
+
+pub async fn handle_client_stream<S>(
+    mut stream: S,
+    peer: SocketAddr,
+    config: Arc<ProxyConfig>,
+    stats: Arc<Stats>,
+    upstream_manager: Arc<UpstreamManager>,
+    replay_checker: Arc<ReplayChecker>,
+    buffer_pool: Arc<BufferPool>,
+    rng: Arc<SecureRandom>,
+    me_pool: Option<Arc<MePool>>,
+    tls_cache: Option<Arc<TlsFrontCache>>,
+    ip_tracker: Arc<UserIpTracker>,
+    proxy_protocol_enabled: bool,
+) -> Result<()>
+where
+    S: AsyncRead + AsyncWrite + Unpin + Send + 'static,
+{
+    stats.increment_connects_all();
+    let mut real_peer = normalize_ip(peer);
+
+    if proxy_protocol_enabled {
+        match parse_proxy_protocol(&mut stream, peer).await {
+            Ok(info) => {
+                debug!(
+                    peer = %peer,
+                    client = %info.src_addr,
+                    version = info.version,
+                    "PROXY protocol header parsed"
+                );
+                real_peer = normalize_ip(info.src_addr);
+            }
+            Err(e) => {
+                stats.increment_connects_bad();
+                warn!(peer = %peer, error = %e, "Invalid PROXY protocol header");
+                return Err(e);
+            }
+        }
+    }
+
+    debug!(peer = %real_peer, "New connection (generic stream)");
+
+    let handshake_timeout = Duration::from_secs(config.timeouts.client_handshake);
+    let stats_for_timeout = stats.clone();
+
+    // For non-TCP streams, use a synthetic local address
+    let local_addr: SocketAddr = format!("0.0.0.0:{}", config.server.port)
+        .parse()
+        .unwrap_or_else(|_| "0.0.0.0:443".parse().unwrap());
+
+    // Phase 1: handshake (with timeout)
+    let outcome = match timeout(handshake_timeout, async {
+        let mut first_bytes = [0u8; 5];
+        stream.read_exact(&mut first_bytes).await?;
+
+        let is_tls = tls::is_tls_handshake(&first_bytes[..3]);
+        debug!(peer = %real_peer, is_tls = is_tls, "Handshake type detected");
+
+        if is_tls {
+            let tls_len = u16::from_be_bytes([first_bytes[3], first_bytes[4]]) as usize;
+
+            if tls_len < 512 {
+                debug!(peer = %real_peer, tls_len = tls_len, "TLS handshake too short");
+                stats.increment_connects_bad();
+                let (reader, writer) = tokio::io::split(stream);
+                handle_bad_client(reader, writer, &first_bytes, &config).await;
+                return Ok(HandshakeOutcome::Handled);
+            }
+
+            let mut handshake = vec![0u8; 5 + tls_len];
+            handshake[..5].copy_from_slice(&first_bytes);
+            stream.read_exact(&mut handshake[5..]).await?;
+
+            let (read_half, write_half) = tokio::io::split(stream);
+
+            let (mut tls_reader, tls_writer, _tls_user) = match handle_tls_handshake(
+                &handshake, read_half, write_half, real_peer,
+                &config, &replay_checker, &rng, tls_cache.clone(),
+            ).await {
+                HandshakeResult::Success(result) => result,
+                HandshakeResult::BadClient { reader, writer } => {
+                    stats.increment_connects_bad();
+                    handle_bad_client(reader, writer, &handshake, &config).await;
+                    return Ok(HandshakeOutcome::Handled);
+                }
+                HandshakeResult::Error(e) => return Err(e),
+            };
+
+            debug!(peer = %peer, "Reading MTProto handshake through TLS");
+            let mtproto_data = tls_reader.read_exact(HANDSHAKE_LEN).await?;
+            let mtproto_handshake: [u8; HANDSHAKE_LEN] = mtproto_data[..].try_into()
+                .map_err(|_| ProxyError::InvalidHandshake("Short MTProto handshake".into()))?;
+
+            let (crypto_reader, crypto_writer, success) = match handle_mtproto_handshake(
+                &mtproto_handshake, tls_reader, tls_writer, real_peer,
+                &config, &replay_checker, true,
+            ).await {
+                HandshakeResult::Success(result) => result,
+                HandshakeResult::BadClient { reader: _, writer: _ } => {
+                    stats.increment_connects_bad();
+                    debug!(peer = %peer, "Valid TLS but invalid MTProto handshake");
+                    return Ok(HandshakeOutcome::Handled);
+                }
+                HandshakeResult::Error(e) => return Err(e),
+            };
+
+            Ok(HandshakeOutcome::NeedsRelay(Box::pin(
+                RunningClientHandler::handle_authenticated_static(
+                    crypto_reader, crypto_writer, success,
+                    upstream_manager, stats, config, buffer_pool, rng, me_pool,
+                    local_addr, real_peer, ip_tracker.clone(),
+                ),
+            )))
+        } else {
+            if !config.general.modes.classic && !config.general.modes.secure {
+                debug!(peer = %real_peer, "Non-TLS modes disabled");
+                stats.increment_connects_bad();
+                let (reader, writer) = tokio::io::split(stream);
+                handle_bad_client(reader, writer, &first_bytes, &config).await;
+                return Ok(HandshakeOutcome::Handled);
+            }
+
+            let mut handshake = [0u8; HANDSHAKE_LEN];
+            handshake[..5].copy_from_slice(&first_bytes);
+            stream.read_exact(&mut handshake[5..]).await?;
+
+            let (read_half, write_half) = tokio::io::split(stream);
+
+            let (crypto_reader, crypto_writer, success) = match handle_mtproto_handshake(
+                &handshake, read_half, write_half, real_peer,
+                &config, &replay_checker, false,
+            ).await {
+                HandshakeResult::Success(result) => result,
+                HandshakeResult::BadClient { reader, writer } => {
+                    stats.increment_connects_bad();
+                    handle_bad_client(reader, writer, &handshake, &config).await;
+                    return Ok(HandshakeOutcome::Handled);
+                }
+                HandshakeResult::Error(e) => return Err(e),
+            };
+
+            Ok(HandshakeOutcome::NeedsRelay(Box::pin(
+                RunningClientHandler::handle_authenticated_static(
+                    crypto_reader,
+                    crypto_writer,
+                    success,
+                    upstream_manager,
+                    stats,
+                    config,
+                    buffer_pool,
+                    rng,
+                    me_pool,
+                    local_addr,
+                    real_peer,
+                    ip_tracker.clone(),
+                )
+            )))
+        }
+    }).await {
+        Ok(Ok(outcome)) => outcome,
+        Ok(Err(e)) => {
+            debug!(peer = %peer, error = %e, "Handshake failed");
+            return Err(e);
+        }
+        Err(_) => {
+            stats_for_timeout.increment_handshake_timeouts();
+            debug!(peer = %peer, "Handshake timeout");
+            return Err(ProxyError::TgHandshakeTimeout);
+        }
+    };
+
+    // Phase 2: relay (WITHOUT handshake timeout — relay has its own activity timeouts)
+    match outcome {
+        HandshakeOutcome::NeedsRelay(fut) => fut.await,
+        HandshakeOutcome::Handled => Ok(()),
+    }
+}
 
-/// Client connection handler (builder struct)
 pub struct ClientHandler;
 
-/// Running client handler with stream and context
 pub struct RunningClientHandler {
     stream: TcpStream,
     peer: SocketAddr,
@@ -35,22 +225,29 @@ pub struct RunningClientHandler {
     stats: Arc<Stats>,
     replay_checker: Arc<ReplayChecker>,
     upstream_manager: Arc<UpstreamManager>,
+    buffer_pool: Arc<BufferPool>,
+    rng: Arc<SecureRandom>,
+    me_pool: Option<Arc<MePool>>,
+    tls_cache: Option<Arc<TlsFrontCache>>,
+    ip_tracker: Arc<UserIpTracker>,
+    proxy_protocol_enabled: bool,
 }
 
 impl ClientHandler {
-    /// Create new client handler instance
     pub fn new(
         stream: TcpStream,
         peer: SocketAddr,
         config: Arc<ProxyConfig>,
         stats: Arc<Stats>,
         upstream_manager: Arc<UpstreamManager>,
+        replay_checker: Arc<ReplayChecker>,
+        buffer_pool: Arc<BufferPool>,
+        rng: Arc<SecureRandom>,
+        me_pool: Option<Arc<MePool>>,
+        tls_cache: Option<Arc<TlsFrontCache>>,
+        ip_tracker: Arc<UserIpTracker>,
+        proxy_protocol_enabled: bool,
     ) -> RunningClientHandler {
-        // Note: ReplayChecker should be shared globally for proper replay protection
-        // Creating it per-connection disables replay protection across connections
-        // TODO: Pass Arc<ReplayChecker> from main.rs
-        let replay_checker = Arc::new(ReplayChecker::new(config.replay_check_len));
-        
         RunningClientHandler {
             stream,
             peer,
@@ -58,65 +255,85 @@ impl ClientHandler {
             stats,
             replay_checker,
             upstream_manager,
+            buffer_pool,
+            rng,
+            me_pool,
+            tls_cache,
+            ip_tracker,
+            proxy_protocol_enabled,
         }
     }
 }
 
 impl RunningClientHandler {
-    /// Run the client handler
     pub async fn run(mut self) -> Result<()> {
         self.stats.increment_connects_all();
 
+        self.peer = normalize_ip(self.peer);
         let peer = self.peer;
+        let ip_tracker = self.ip_tracker.clone();
         debug!(peer = %peer, "New connection");
 
-        // Configure socket
         if let Err(e) = configure_client_socket(
             &self.stream,
-            self.config.client_keepalive,
-            self.config.client_ack_timeout,
+            self.config.timeouts.client_keepalive,
+            self.config.timeouts.client_ack,
         ) {
             debug!(peer = %peer, error = %e, "Failed to configure client socket");
         }
 
-        // Perform handshake with timeout
-        let handshake_timeout = Duration::from_secs(self.config.client_handshake_timeout);
-        
-        // Clone stats for error handling block
+        let handshake_timeout = Duration::from_secs(self.config.timeouts.client_handshake);
         let stats = self.stats.clone();
 
-        let result = timeout(
-            handshake_timeout,
-            self.do_handshake()
-        ).await;
-        
-        match result {
-            Ok(Ok(())) => {
-                debug!(peer = %peer, "Connection handled successfully");
-                Ok(())
-            }
+        // Phase 1: handshake (with timeout)
+        let outcome = match timeout(handshake_timeout, self.do_handshake()).await {
+            Ok(Ok(outcome)) => outcome,
             Ok(Err(e)) => {
                 debug!(peer = %peer, error = %e, "Handshake failed");
-                Err(e)
+                return Err(e);
             }
             Err(_) => {
                 stats.increment_handshake_timeouts();
                 debug!(peer = %peer, "Handshake timeout");
-                Err(ProxyError::TgHandshakeTimeout)
+                return Err(ProxyError::TgHandshakeTimeout);
+            }
+        };
+
+        // Phase 2: relay (WITHOUT handshake timeout — relay has its own activity timeouts)
+        match outcome {
+            HandshakeOutcome::NeedsRelay(fut) => fut.await,
+            HandshakeOutcome::Handled => Ok(()),
+        }
+    }
+
+    async fn do_handshake(mut self) -> Result<HandshakeOutcome> {
+        if self.proxy_protocol_enabled {
+            match parse_proxy_protocol(&mut self.stream, self.peer).await {
+                Ok(info) => {
+                    debug!(
+                        peer = %self.peer,
+                        client = %info.src_addr,
+                        version = info.version,
+                        "PROXY protocol header parsed"
+                    );
+                    self.peer = normalize_ip(info.src_addr);
+                }
+                Err(e) => {
+                    self.stats.increment_connects_bad();
+                    warn!(peer = %self.peer, error = %e, "Invalid PROXY protocol header");
+                    return Err(e);
                 }
             }
         }
 
-    /// Perform handshake and relay
-    async fn do_handshake(mut self) -> Result<()> {
-        // Read first bytes to determine handshake type
         let mut first_bytes = [0u8; 5];
         self.stream.read_exact(&mut first_bytes).await?;
 
         let is_tls = tls::is_tls_handshake(&first_bytes[..3]);
         let peer = self.peer;
+        let ip_tracker = self.ip_tracker.clone();
 
-        debug!(peer = %peer, is_tls = is_tls, first_bytes = %hex::encode(&first_bytes), "Handshake type detected");
+        debug!(peer = %peer, is_tls = is_tls, "Handshake type detected");
 
         if is_tls {
             self.handle_tls_client(first_bytes).await
@@ -125,14 +342,10 @@ impl RunningClientHandler {
         }
     }
 
-    /// Handle TLS-wrapped client
-    async fn handle_tls_client(
-        mut self,
-        first_bytes: [u8; 5],
-    ) -> Result<()> {
+    async fn handle_tls_client(mut self, first_bytes: [u8; 5]) -> Result<HandshakeOutcome> {
         let peer = self.peer;
+        let ip_tracker = self.ip_tracker.clone();
 
-        // Read TLS handshake length
         let tls_len = u16::from_be_bytes([first_bytes[3], first_bytes[4]]) as usize;
 
         debug!(peer = %peer, tls_len = tls_len, "Reading TLS handshake");
@@ -140,24 +353,23 @@ impl RunningClientHandler {
         if tls_len < 512 {
             debug!(peer = %peer, tls_len = tls_len, "TLS handshake too short");
             self.stats.increment_connects_bad();
-            handle_bad_client(self.stream, &first_bytes, &self.config).await;
-            return Ok(());
+            let (reader, writer) = self.stream.into_split();
+            handle_bad_client(reader, writer, &first_bytes, &self.config).await;
+            return Ok(HandshakeOutcome::Handled);
         }
 
-        // Read full TLS handshake
         let mut handshake = vec![0u8; 5 + tls_len];
         handshake[..5].copy_from_slice(&first_bytes);
         self.stream.read_exact(&mut handshake[5..]).await?;
 
-        // Extract fields before consuming self.stream
         let config = self.config.clone();
         let replay_checker = self.replay_checker.clone();
         let stats = self.stats.clone();
+        let buffer_pool = self.buffer_pool.clone();
 
-        // Split stream for reading/writing
+        let local_addr = self.stream.local_addr().map_err(ProxyError::Io)?;
         let (read_half, write_half) = self.stream.into_split();
 
-        // Handle TLS handshake
         let (mut tls_reader, tls_writer, _tls_user) = match handle_tls_handshake(
             &handshake,
             read_half,
@@ -165,22 +377,26 @@ impl RunningClientHandler {
             peer,
             &config,
             &replay_checker,
-        ).await {
+            &self.rng,
+            self.tls_cache.clone(),
+        )
+        .await
+        {
             HandshakeResult::Success(result) => result,
-            HandshakeResult::BadClient => {
+            HandshakeResult::BadClient { reader, writer } => {
                 stats.increment_connects_bad();
-                return Ok(());
+                handle_bad_client(reader, writer, &handshake, &config).await;
+                return Ok(HandshakeOutcome::Handled);
             }
             HandshakeResult::Error(e) => return Err(e),
         };
 
-        // Read MTProto handshake through TLS
         debug!(peer = %peer, "Reading MTProto handshake through TLS");
         let mtproto_data = tls_reader.read_exact(HANDSHAKE_LEN).await?;
-        let mtproto_handshake: [u8; HANDSHAKE_LEN] = mtproto_data[..].try_into()
+        let mtproto_handshake: [u8; HANDSHAKE_LEN] = mtproto_data[..]
+            .try_into()
             .map_err(|_| ProxyError::InvalidHandshake("Short MTProto handshake".into()))?;
 
-        // Handle MTProto handshake
         let (crypto_reader, crypto_writer, success) = match handle_mtproto_handshake(
             &mtproto_handshake,
             tls_reader,
@@ -189,61 +405,63 @@ impl RunningClientHandler {
             &config,
             &replay_checker,
             true,
-        ).await {
+        )
+        .await
+        {
             HandshakeResult::Success(result) => result,
-            HandshakeResult::BadClient => {
+            HandshakeResult::BadClient {
+                reader: _,
+                writer: _,
+            } => {
                 stats.increment_connects_bad();
-                return Ok(());
+                debug!(peer = %peer, "Valid TLS but invalid MTProto handshake");
+                return Ok(HandshakeOutcome::Handled);
             }
             HandshakeResult::Error(e) => return Err(e),
         };
 
-        // Handle authenticated client
-        // We can't use self.handle_authenticated_inner because self is partially moved
-        // So we call it as an associated function or method on a new struct, 
-        // or just inline the logic / use a static method.
-        // Since handle_authenticated_inner needs self.upstream_manager and self.stats, 
-        // we should pass them explicitly.
-        
+        Ok(HandshakeOutcome::NeedsRelay(Box::pin(
             Self::handle_authenticated_static(
                 crypto_reader,
                 crypto_writer,
                 success,
                 self.upstream_manager,
                 self.stats,
-            self.config
-        ).await
+                self.config,
+                buffer_pool,
+                self.rng,
+                self.me_pool,
+                local_addr,
+                peer,
+                self.ip_tracker,
+            ),
+        )))
     }
 
-    /// Handle direct (non-TLS) client
-    async fn handle_direct_client(
-        mut self,
-        first_bytes: [u8; 5],
-    ) -> Result<()> {
+    async fn handle_direct_client(mut self, first_bytes: [u8; 5]) -> Result<HandshakeOutcome> {
         let peer = self.peer;
+        let ip_tracker = self.ip_tracker.clone();
 
-        // Check if non-TLS modes are enabled
-        if !self.config.modes.classic && !self.config.modes.secure {
+        if !self.config.general.modes.classic && !self.config.general.modes.secure {
             debug!(peer = %peer, "Non-TLS modes disabled");
             self.stats.increment_connects_bad();
-            handle_bad_client(self.stream, &first_bytes, &self.config).await;
-            return Ok(());
+            let (reader, writer) = self.stream.into_split();
+            handle_bad_client(reader, writer, &first_bytes, &self.config).await;
+            return Ok(HandshakeOutcome::Handled);
         }
 
-        // Read rest of handshake
         let mut handshake = [0u8; HANDSHAKE_LEN];
         handshake[..5].copy_from_slice(&first_bytes);
         self.stream.read_exact(&mut handshake[5..]).await?;
 
-        // Extract fields
         let config = self.config.clone();
         let replay_checker = self.replay_checker.clone();
         let stats = self.stats.clone();
+        let buffer_pool = self.buffer_pool.clone();
 
-        // Split stream
+        let local_addr = self.stream.local_addr().map_err(ProxyError::Io)?;
         let (read_half, write_half) = self.stream.into_split();
 
-        // Handle MTProto handshake
         let (crypto_reader, crypto_writer, success) = match handle_mtproto_handshake(
             &handshake,
             read_half,
@@ -252,26 +470,40 @@ impl RunningClientHandler {
             &config,
             &replay_checker,
             false,
-        ).await {
+        )
+        .await
+        {
             HandshakeResult::Success(result) => result,
-            HandshakeResult::BadClient => {
+            HandshakeResult::BadClient { reader, writer } => {
                 stats.increment_connects_bad();
-                return Ok(());
+                handle_bad_client(reader, writer, &handshake, &config).await;
+                return Ok(HandshakeOutcome::Handled);
             }
             HandshakeResult::Error(e) => return Err(e),
         };
 
+        Ok(HandshakeOutcome::NeedsRelay(Box::pin(
             Self::handle_authenticated_static(
                 crypto_reader,
                 crypto_writer,
                 success,
                 self.upstream_manager,
                 self.stats,
-            self.config
-        ).await
+                self.config,
+                buffer_pool,
+                self.rng,
+                self.me_pool,
+                local_addr,
+                peer,
+                self.ip_tracker,
+            ),
+        )))
     }
 
-    /// Static version of handle_authenticated_inner to avoid ownership issues
+    /// Main dispatch after successful handshake.
+    /// Two modes:
+    ///   - Direct: TCP relay to TG DC (existing behavior)  
+    ///   - Middle Proxy: RPC multiplex through ME pool (new — supports CDN DCs)
     async fn handle_authenticated_static<R, W>(
         client_reader: CryptoReader<R>,
         client_writer: CryptoWriter<W>,
@@ -279,6 +511,12 @@ impl RunningClientHandler {
         upstream_manager: Arc<UpstreamManager>,
         stats: Arc<Stats>,
         config: Arc<ProxyConfig>,
+        buffer_pool: Arc<BufferPool>,
+        rng: Arc<SecureRandom>,
+        me_pool: Option<Arc<MePool>>,
+        local_addr: SocketAddr,
+        peer_addr: SocketAddr,
+        ip_tracker: Arc<UserIpTracker>,
     ) -> Result<()>
     where
         R: AsyncRead + Unpin + Send + 'static,
@@ -286,148 +524,113 @@ impl RunningClientHandler {
     {
         let user = &success.user;
 
-        // Check user limits
-        if let Err(e) = Self::check_user_limits_static(user, &config, &stats) {
+        if let Err(e) = Self::check_user_limits_static(user, &config, &stats, peer_addr, &ip_tracker).await {
             warn!(user = %user, error = %e, "User limit exceeded");
             return Err(e);
         }
 
-        // Get datacenter address
-        let dc_addr = Self::get_dc_addr_static(success.dc_idx, &config)?;
+        // IP Cleanup Guard: автоматически удаляет IP при выходе из scope
+        struct IpCleanupGuard {
+            tracker: Arc<UserIpTracker>,
+            user: String,
+            ip: std::net::IpAddr,
+        }
         
-        info!(
-            user = %user,
-            peer = %success.peer,
-            dc = success.dc_idx,
-            dc_addr = %dc_addr,
-            proto = ?success.proto_tag,
-            fast_mode = config.fast_mode,
-            "Connecting to Telegram"
-        );
+        impl Drop for IpCleanupGuard {
+            fn drop(&mut self) {
+                let tracker = self.tracker.clone();
+                let user = self.user.clone();
+                let ip = self.ip;
+                tokio::spawn(async move {
+                    tracker.remove_ip(&user, ip).await;
+                    debug!(user = %user, ip = %ip, "IP cleaned up on disconnect");
+                });
+            }
+        }
         
-        // Connect to Telegram via UpstreamManager
-        let tg_stream = upstream_manager.connect(dc_addr).await?;
+        let _cleanup = IpCleanupGuard {
+            tracker: ip_tracker,
+            user: user.clone(),
+            ip: peer_addr.ip(),
+        };
 
-        debug!(peer = %success.peer, dc_addr = %dc_addr, "Connected to Telegram, performing handshake");
-        
-        // Perform Telegram handshake and get crypto streams
-        let (tg_reader, tg_writer) = Self::do_tg_handshake_static(
-            tg_stream, 
-            &success,
-            &config,
-        ).await?;
-        
-        debug!(peer = %success.peer, "Telegram handshake complete, starting relay");
-        
-        // Update stats
-        stats.increment_user_connects(user);
-        stats.increment_user_curr_connects(user);
-        
-        // Relay traffic
-        let relay_result = relay_bidirectional(
+        // Decide: middle proxy or direct
+        if config.general.use_middle_proxy {
+            if let Some(ref pool) = me_pool {
+                return handle_via_middle_proxy(
                     client_reader,
                     client_writer,
-            tg_reader,
-            tg_writer,
-            user,
-            Arc::clone(&stats),
-        ).await;
-        
-        // Update stats
-        stats.decrement_user_curr_connects(user);
-        
-        match &relay_result {
-            Ok(()) => debug!(user = %user, peer = %success.peer, "Relay completed normally"),
-            Err(e) => debug!(user = %user, peer = %success.peer, error = %e, "Relay ended with error"),
+                    success,
+                    pool.clone(),
+                    stats,
+                    config,
+                    buffer_pool,
+                    local_addr,
+                    rng,
+                )
+                .await;
+            }
+            warn!("use_middle_proxy=true but MePool not initialized, falling back to direct");
         }
 
-        relay_result
+        // Direct mode (original behavior)
+        handle_via_direct(
+            client_reader,
+            client_writer,
+            success,
+            upstream_manager,
+            stats,
+            config,
+            buffer_pool,
+            rng,
+        )
+        .await
     }
 
-    /// Check user limits (static version)
-    fn check_user_limits_static(user: &str, config: &ProxyConfig, stats: &Stats) -> Result<()> {
-        // Check expiration
-        if let Some(expiration) = config.user_expirations.get(user) {
+    async fn check_user_limits_static(
+        user: &str, 
+        config: &ProxyConfig, 
+        stats: &Stats,
+        peer_addr: SocketAddr,
+        ip_tracker: &UserIpTracker,
+    ) -> Result<()> {
+        if let Some(expiration) = config.access.user_expirations.get(user) {
             if chrono::Utc::now() > *expiration {
-                return Err(ProxyError::UserExpired { user: user.to_string() });
+                return Err(ProxyError::UserExpired {
+                    user: user.to_string(),
+                });
             }
         }
 
-        // Check connection limit
-        if let Some(limit) = config.user_max_tcp_conns.get(user) {
-            let current = stats.get_user_curr_connects(user);
-            if current >= *limit as u64 {
-                return Err(ProxyError::ConnectionLimitExceeded { user: user.to_string() });
+        // IP limit check
+        if let Err(reason) = ip_tracker.check_and_add(user, peer_addr.ip()).await {
+            warn!(
+                user = %user, 
+                ip = %peer_addr.ip(),
+                reason = %reason,
+                "IP limit exceeded"
+            );
+            return Err(ProxyError::ConnectionLimitExceeded {
+                user: user.to_string(),
+            });
+        }
+
+        if let Some(limit) = config.access.user_max_tcp_conns.get(user) {
+            if stats.get_user_curr_connects(user) >= *limit as u64 {
+                return Err(ProxyError::ConnectionLimitExceeded {
+                    user: user.to_string(),
+                });
             }
         }
 
-        // Check data quota
-        if let Some(quota) = config.user_data_quota.get(user) {
-            let used = stats.get_user_total_octets(user);
-            if used >= *quota {
-                return Err(ProxyError::DataQuotaExceeded { user: user.to_string() });
+        if let Some(quota) = config.access.user_data_quota.get(user) {
+            if stats.get_user_total_octets(user) >= *quota {
+                return Err(ProxyError::DataQuotaExceeded {
+                    user: user.to_string(),
+                });
             }
         }
 
         Ok(())
     }
-    
-    /// Get datacenter address by index (static version)
-    fn get_dc_addr_static(dc_idx: i16, config: &ProxyConfig) -> Result<SocketAddr> {
-        let idx = (dc_idx.abs() - 1) as usize;
-        
-        let datacenters = if config.prefer_ipv6 {
-            &*TG_DATACENTERS_V6
-        } else {
-            &*TG_DATACENTERS_V4
-        };
-        
-        datacenters.get(idx)
-            .map(|ip| SocketAddr::new(*ip, TG_DATACENTER_PORT))
-            .ok_or_else(|| ProxyError::InvalidHandshake(
-                format!("Invalid DC index: {}", dc_idx)
-            ))
-    }
-    
-    /// Perform handshake with Telegram server (static version)
-    async fn do_tg_handshake_static(
-        mut stream: TcpStream,
-        success: &HandshakeSuccess,
-        config: &ProxyConfig,
-    ) -> Result<(CryptoReader<tokio::net::tcp::OwnedReadHalf>, CryptoWriter<tokio::net::tcp::OwnedWriteHalf>)> {
-        // Generate nonce with keys for TG
-        let (nonce, tg_enc_key, tg_enc_iv, tg_dec_key, tg_dec_iv) = generate_tg_nonce(
-            success.proto_tag,
-            &success.dec_key,  // Client's dec key
-            success.dec_iv,
-            config.fast_mode,
-        );
-        
-        // Encrypt nonce
-        let encrypted_nonce = encrypt_tg_nonce(&nonce);
-        
-        debug!(
-            peer = %success.peer,
-            nonce_head = %hex::encode(&nonce[..16]),
-            encrypted_head = %hex::encode(&encrypted_nonce[..16]),
-            "Sending nonce to Telegram"
-        );
-        
-        // Send to Telegram
-        stream.write_all(&encrypted_nonce).await?;
-        stream.flush().await?;
-        
-        debug!(peer = %success.peer, "Nonce sent to Telegram");
-        
-        // Split stream and wrap with crypto
-        let (read_half, write_half) = stream.into_split();
-        
-        let decryptor = AesCtr::new(&tg_dec_key, tg_dec_iv);
-        let encryptor = AesCtr::new(&tg_enc_key, tg_enc_iv);
-        
-        let tg_reader = CryptoReader::new(read_half, decryptor);
-        let tg_writer = CryptoWriter::new(write_half, encryptor);
-        
-        Ok((tg_reader, tg_writer))
-    }
 }

src/proxy/direct_relay.rs

@@ -0,0 +1,186 @@
+use std::fs::OpenOptions;
+use std::io::Write;
+use std::net::SocketAddr;
+use std::sync::Arc;
+
+use tokio::io::{AsyncRead, AsyncWrite, AsyncWriteExt};
+use tokio::net::TcpStream;
+use tracing::{debug, info, warn};
+
+use crate::config::ProxyConfig;
+use crate::crypto::SecureRandom;
+use crate::error::Result;
+use crate::protocol::constants::*;
+use crate::proxy::handshake::{HandshakeSuccess, encrypt_tg_nonce_with_ciphers, generate_tg_nonce};
+use crate::proxy::relay::relay_bidirectional;
+use crate::stats::Stats;
+use crate::stream::{BufferPool, CryptoReader, CryptoWriter};
+use crate::transport::UpstreamManager;
+
+pub(crate) async fn handle_via_direct<R, W>(
+    client_reader: CryptoReader<R>,
+    client_writer: CryptoWriter<W>,
+    success: HandshakeSuccess,
+    upstream_manager: Arc<UpstreamManager>,
+    stats: Arc<Stats>,
+    config: Arc<ProxyConfig>,
+    buffer_pool: Arc<BufferPool>,
+    rng: Arc<SecureRandom>,
+) -> Result<()>
+where
+    R: AsyncRead + Unpin + Send + 'static,
+    W: AsyncWrite + Unpin + Send + 'static,
+{
+    let user = &success.user;
+    let dc_addr = get_dc_addr_static(success.dc_idx, &config)?;
+
+    info!(
+        user = %user,
+        peer = %success.peer,
+        dc = success.dc_idx,
+        dc_addr = %dc_addr,
+        proto = ?success.proto_tag,
+        mode = "direct",
+        "Connecting to Telegram DC"
+    );
+
+    let tg_stream = upstream_manager
+        .connect(dc_addr, Some(success.dc_idx), user.strip_prefix("scope_").filter(|s| !s.is_empty()))
+        .await?;
+
+    debug!(peer = %success.peer, dc_addr = %dc_addr, "Connected, performing TG handshake");
+
+    let (tg_reader, tg_writer) =
+        do_tg_handshake_static(tg_stream, &success, &config, rng.as_ref()).await?;
+
+    debug!(peer = %success.peer, "TG handshake complete, starting relay");
+
+    stats.increment_user_connects(user);
+    stats.increment_user_curr_connects(user);
+
+    let relay_result = relay_bidirectional(
+        client_reader,
+        client_writer,
+        tg_reader,
+        tg_writer,
+        user,
+        Arc::clone(&stats),
+        buffer_pool,
+    )
+    .await;
+
+    stats.decrement_user_curr_connects(user);
+
+    match &relay_result {
+        Ok(()) => debug!(user = %user, "Direct relay completed"),
+        Err(e) => debug!(user = %user, error = %e, "Direct relay ended with error"),
+    }
+
+    relay_result
+}
+
+fn get_dc_addr_static(dc_idx: i16, config: &ProxyConfig) -> Result<SocketAddr> {
+    let prefer_v6 = config.network.prefer == 6 && config.network.ipv6.unwrap_or(true);
+    let datacenters = if prefer_v6 {
+        &*TG_DATACENTERS_V6
+    } else {
+        &*TG_DATACENTERS_V4
+    };
+
+    let num_dcs = datacenters.len();
+
+    let dc_key = dc_idx.to_string();
+    if let Some(addrs) = config.dc_overrides.get(&dc_key) {
+        let mut parsed = Vec::new();
+        for addr_str in addrs {
+            match addr_str.parse::<SocketAddr>() {
+                Ok(addr) => parsed.push(addr),
+                Err(_) => warn!(dc_idx = dc_idx, addr_str = %addr_str, "Invalid DC override address in config, ignoring"),
+            }
+        }
+
+        if let Some(addr) = parsed
+            .iter()
+            .find(|a| a.is_ipv6() == prefer_v6)
+            .or_else(|| parsed.first())
+            .copied()
+        {
+            debug!(dc_idx = dc_idx, addr = %addr, count = parsed.len(), "Using DC override from config");
+            return Ok(addr);
+        }
+    }
+
+    let abs_dc = dc_idx.unsigned_abs() as usize;
+    if abs_dc >= 1 && abs_dc <= num_dcs {
+        return Ok(SocketAddr::new(datacenters[abs_dc - 1], TG_DATACENTER_PORT));
+    }
+
+    // Unknown DC requested by client without override: log and fall back.
+    if !config.dc_overrides.contains_key(&dc_key) {
+        warn!(dc_idx = dc_idx, "Requested non-standard DC with no override; falling back to default cluster");
+        if let Some(path) = &config.general.unknown_dc_log_path {
+            if let Ok(mut file) = OpenOptions::new().create(true).append(true).open(path) {
+                let _ = writeln!(file, "dc_idx={dc_idx}");
+            }
+        }
+    }
+
+    let default_dc = config.default_dc.unwrap_or(2) as usize;
+    let fallback_idx = if default_dc >= 1 && default_dc <= num_dcs {
+        default_dc - 1
+    } else {
+        1
+    };
+
+    info!(
+        original_dc = dc_idx,
+        fallback_dc = (fallback_idx + 1) as u16,
+        fallback_addr = %datacenters[fallback_idx],
+        "Special DC ---> default_cluster"
+    );
+
+    Ok(SocketAddr::new(
+        datacenters[fallback_idx],
+        TG_DATACENTER_PORT,
+    ))
+}
+
+async fn do_tg_handshake_static(
+    mut stream: TcpStream,
+    success: &HandshakeSuccess,
+    config: &ProxyConfig,
+    rng: &SecureRandom,
+) -> Result<(
+    CryptoReader<tokio::net::tcp::OwnedReadHalf>,
+    CryptoWriter<tokio::net::tcp::OwnedWriteHalf>,
+)> {
+    let (nonce, _tg_enc_key, _tg_enc_iv, _tg_dec_key, _tg_dec_iv) = generate_tg_nonce(
+        success.proto_tag,
+        success.dc_idx,
+        &success.dec_key,
+        success.dec_iv,
+        &success.enc_key,
+        success.enc_iv,
+        rng,
+        config.general.fast_mode,
+    );
+
+    let (encrypted_nonce, tg_encryptor, tg_decryptor) = encrypt_tg_nonce_with_ciphers(&nonce);
+
+    debug!(
+        peer = %success.peer,
+        nonce_head = %hex::encode(&nonce[..16]),
+        "Sending nonce to Telegram"
+    );
+
+    stream.write_all(&encrypted_nonce).await?;
+    stream.flush().await?;
+
+    let (read_half, write_half) = stream.into_split();
+
+    let max_pending = config.general.crypto_pending_buffer;
+    Ok((
+        CryptoReader::new(read_half, tg_decryptor),
+        CryptoWriter::new(write_half, tg_encryptor, max_pending),
+    ))
+}

src/proxy/handshake.rs

@@ -1,19 +1,25 @@
-//! MTProto Handshake Magics
+//! MTProto Handshake
 
 use std::net::SocketAddr;
+use std::sync::Arc;
 use tokio::io::{AsyncRead, AsyncWrite, AsyncWriteExt};
 use tracing::{debug, warn, trace, info};
+use zeroize::Zeroize;
 
-use crate::crypto::{sha256, AesCtr};
-use crate::crypto::random::SECURE_RANDOM;
+use crate::crypto::{sha256, AesCtr, SecureRandom};
+use rand::Rng;
 use crate::protocol::constants::*;
 use crate::protocol::tls;
 use crate::stream::{FakeTlsReader, FakeTlsWriter, CryptoReader, CryptoWriter};
 use crate::error::{ProxyError, HandshakeResult};
 use crate::stats::ReplayChecker;
 use crate::config::ProxyConfig;
+use crate::tls_front::{TlsFrontCache, emulator};
 
 /// Result of successful handshake
+///
+/// Key material (`dec_key`, `dec_iv`, `enc_key`, `enc_iv`) is
+/// zeroized on drop.
 #[derive(Debug, Clone)]
 pub struct HandshakeSuccess {
     /// Authenticated user name
@@ -34,6 +40,15 @@ pub struct HandshakeSuccess {
     pub is_tls: bool,
 }
 
+impl Drop for HandshakeSuccess {
+    fn drop(&mut self) {
+        self.dec_key.zeroize();
+        self.dec_iv.zeroize();
+        self.enc_key.zeroize();
+        self.enc_iv.zeroize();
+    }
+}
+
 /// Handle fake TLS handshake
 pub async fn handle_tls_handshake<R, W>(
     handshake: &[u8],
@@ -42,78 +57,134 @@ pub async fn handle_tls_handshake<R, W>(
     peer: SocketAddr,
     config: &ProxyConfig,
     replay_checker: &ReplayChecker,
-) -> HandshakeResult<(FakeTlsReader<R>, FakeTlsWriter<W>, String)>
+    rng: &SecureRandom,
+    tls_cache: Option<Arc<TlsFrontCache>>,
+) -> HandshakeResult<(FakeTlsReader<R>, FakeTlsWriter<W>, String), R, W>
 where
     R: AsyncRead + Unpin,
     W: AsyncWrite + Unpin,
 {
     debug!(peer = %peer, handshake_len = handshake.len(), "Processing TLS handshake");
 
-    // Check minimum length
     if handshake.len() < tls::TLS_DIGEST_POS + tls::TLS_DIGEST_LEN + 1 {
         debug!(peer = %peer, "TLS handshake too short");
-        return HandshakeResult::BadClient;
+        return HandshakeResult::BadClient { reader, writer };
     }
 
-    // Extract digest for replay check
     let digest = &handshake[tls::TLS_DIGEST_POS..tls::TLS_DIGEST_POS + tls::TLS_DIGEST_LEN];
     let digest_half = &digest[..tls::TLS_DIGEST_HALF_LEN];
 
-    // Check for replay
-    if replay_checker.check_tls_digest(digest_half) {
-        warn!(peer = %peer, "TLS replay attack detected");
-        return HandshakeResult::BadClient;
+    if replay_checker.check_and_add_tls_digest(digest_half) {
+        warn!(peer = %peer, "TLS replay attack detected (duplicate digest)");
+        return HandshakeResult::BadClient { reader, writer };
     }
 
-    // Build secrets list
-    let secrets: Vec<(String, Vec<u8>)> = config.users.iter()
+    let secrets: Vec<(String, Vec<u8>)> = config.access.users.iter()
         .filter_map(|(name, hex)| {
             hex::decode(hex).ok().map(|bytes| (name.clone(), bytes))
         })
         .collect();
 
-    debug!(peer = %peer, num_users = secrets.len(), "Validating TLS handshake against users");
-    
-    // Validate handshake
     let validation = match tls::validate_tls_handshake(
         handshake,
         &secrets,
-        config.ignore_time_skew,
+        config.access.ignore_time_skew,
     ) {
         Some(v) => v,
         None => {
-            debug!(peer = %peer, "TLS handshake validation failed - no matching user");
-            return HandshakeResult::BadClient;
+            debug!(
+                peer = %peer, 
+                ignore_time_skew = config.access.ignore_time_skew,
+                "TLS handshake validation failed - no matching user or time skew"
+            );
+            return HandshakeResult::BadClient { reader, writer };
         }
     };
 
-    // Get secret for response
     let secret = match secrets.iter().find(|(name, _)| *name == validation.user) {
         Some((_, s)) => s,
-        None => return HandshakeResult::BadClient,
+        None => return HandshakeResult::BadClient { reader, writer },
     };
 
-    // Build and send response
-    let response = tls::build_server_hello(
+    let cached = if config.censorship.tls_emulation {
+        if let Some(cache) = tls_cache.as_ref() {
+            if let Some(sni) = tls::extract_sni_from_client_hello(handshake) {
+                Some(cache.get(&sni).await)
+            } else {
+                Some(cache.get(&config.censorship.tls_domain).await)
+            }
+        } else {
+            None
+        }
+    } else {
+        None
+    };
+
+    let alpn_list = if config.censorship.alpn_enforce {
+        tls::extract_alpn_from_client_hello(handshake)
+    } else {
+        Vec::new()
+    };
+    let selected_alpn = if config.censorship.alpn_enforce {
+        if alpn_list.iter().any(|p| p == b"h2") {
+            Some(b"h2".to_vec())
+        } else if alpn_list.iter().any(|p| p == b"http/1.1") {
+            Some(b"http/1.1".to_vec())
+        } else {
+            None
+        }
+    } else {
+        None
+    };
+
+    let response = if let Some(cached_entry) = cached {
+        emulator::build_emulated_server_hello(
             secret,
             &validation.digest,
             &validation.session_id,
-        config.fake_cert_len,
-    );
+            &cached_entry,
+            rng,
+            selected_alpn.clone(),
+            config.censorship.tls_new_session_tickets,
+        )
+    } else {
+        tls::build_server_hello(
+            secret,
+            &validation.digest,
+            &validation.session_id,
+            config.censorship.fake_cert_len,
+            rng,
+            selected_alpn.clone(),
+            config.censorship.tls_new_session_tickets,
+        )
+    };
+
+    // Optional anti-fingerprint delay before sending ServerHello.
+    if config.censorship.server_hello_delay_max_ms > 0 {
+        let min = config.censorship.server_hello_delay_min_ms;
+        let max = config.censorship.server_hello_delay_max_ms.max(min);
+        let delay_ms = if max == min {
+            max
+        } else {
+            rand::rng().random_range(min..=max)
+        };
+        if delay_ms > 0 {
+            tokio::time::sleep(std::time::Duration::from_millis(delay_ms)).await;
+        }
+    }
 
     debug!(peer = %peer, response_len = response.len(), "Sending TLS ServerHello");
 
     if let Err(e) = writer.write_all(&response).await {
+        warn!(peer = %peer, error = %e, "Failed to write TLS ServerHello");
         return HandshakeResult::Error(ProxyError::Io(e));
     }
 
     if let Err(e) = writer.flush().await {
+        warn!(peer = %peer, error = %e, "Failed to flush TLS ServerHello");
         return HandshakeResult::Error(ProxyError::Io(e));
     }
 
-    // Record for replay protection
-    replay_checker.add_tls_digest(digest_half);
-    
     info!(
         peer = %peer,
         user = %validation.user,
@@ -136,39 +207,28 @@ pub async fn handle_mtproto_handshake<R, W>(
     config: &ProxyConfig,
     replay_checker: &ReplayChecker,
     is_tls: bool,
-) -> HandshakeResult<(CryptoReader<R>, CryptoWriter<W>, HandshakeSuccess)>
+) -> HandshakeResult<(CryptoReader<R>, CryptoWriter<W>, HandshakeSuccess), R, W>
 where
     R: AsyncRead + Unpin + Send,
     W: AsyncWrite + Unpin + Send,
 {
     trace!(peer = %peer, handshake = ?hex::encode(handshake), "MTProto handshake bytes");
 
-    // Extract prekey and IV
     let dec_prekey_iv = &handshake[SKIP_LEN..SKIP_LEN + PREKEY_LEN + IV_LEN];
 
-    debug!(
-        peer = %peer,
-        dec_prekey_iv = %hex::encode(dec_prekey_iv),
-        "Extracted prekey+IV from handshake"
-    );
-    
-    // Check for replay
-    if replay_checker.check_handshake(dec_prekey_iv) {
+    if replay_checker.check_and_add_handshake(dec_prekey_iv) {
         warn!(peer = %peer, "MTProto replay attack detected");
-        return HandshakeResult::BadClient;
+        return HandshakeResult::BadClient { reader, writer };
     }
 
-    // Reversed for encryption direction
     let enc_prekey_iv: Vec<u8> = dec_prekey_iv.iter().rev().copied().collect();
 
-    // Try each user's secret
-    for (user, secret_hex) in &config.users {
+    for (user, secret_hex) in &config.access.users {
         let secret = match hex::decode(secret_hex) {
             Ok(s) => s,
             Err(_) => continue,
         };
 
-        // Derive decryption key
         let dec_prekey = &dec_prekey_iv[..PREKEY_LEN];
         let dec_iv_bytes = &dec_prekey_iv[PREKEY_LEN..];
 
@@ -179,38 +239,27 @@ where
 
         let dec_iv = u128::from_be_bytes(dec_iv_bytes.try_into().unwrap());
 
-        // Decrypt handshake to check protocol tag
         let mut decryptor = AesCtr::new(&dec_key, dec_iv);
         let decrypted = decryptor.decrypt(handshake);
 
-        trace!(
-            peer = %peer,
-            user = %user,
-            decrypted_tail = %hex::encode(&decrypted[PROTO_TAG_POS..]),
-            "Decrypted handshake tail"
-        );
-        
-        // Check protocol tag
         let tag_bytes: [u8; 4] = decrypted[PROTO_TAG_POS..PROTO_TAG_POS + 4]
             .try_into()
             .unwrap();
 
         let proto_tag = match ProtoTag::from_bytes(tag_bytes) {
             Some(tag) => tag,
-            None => {
-                trace!(peer = %peer, user = %user, tag = %hex::encode(tag_bytes), "Invalid proto tag");
-                continue;
-            }
+            None => continue,
         };
 
-        debug!(peer = %peer, user = %user, proto = ?proto_tag, "Found valid proto tag");
-        
-        // Check if mode is enabled
         let mode_ok = match proto_tag {
             ProtoTag::Secure => {
-                if is_tls { config.modes.tls } else { config.modes.secure }
+                if is_tls {
+                    config.general.modes.tls || config.general.modes.secure
+                } else {
+                    config.general.modes.secure || config.general.modes.tls
                 }
-            ProtoTag::Intermediate | ProtoTag::Abridged => config.modes.classic,
+            }
+            ProtoTag::Intermediate | ProtoTag::Abridged => config.general.modes.classic,
         };
 
         if !mode_ok {
@@ -218,12 +267,10 @@ where
             continue;
         }
 
-        // Extract DC index
         let dc_idx = i16::from_le_bytes(
             decrypted[DC_IDX_POS..DC_IDX_POS + 2].try_into().unwrap()
         );
 
-        // Derive encryption key
         let enc_prekey = &enc_prekey_iv[..PREKEY_LEN];
         let enc_iv_bytes = &enc_prekey_iv[PREKEY_LEN..];
 
@@ -234,11 +281,6 @@ where
 
         let enc_iv = u128::from_be_bytes(enc_iv_bytes.try_into().unwrap());
 
-        // Record for replay protection
-        replay_checker.add_handshake(dec_prekey_iv);
-        
-        // Create new cipher instances
-        let decryptor = AesCtr::new(&dec_key, dec_iv);
         let encryptor = AesCtr::new(&enc_key, enc_iv);
 
         let success = HandshakeSuccess {
@@ -262,64 +304,53 @@ where
             "MTProto handshake successful"
         );
 
+        let max_pending = config.general.crypto_pending_buffer;
         return HandshakeResult::Success((
             CryptoReader::new(reader, decryptor),
-            CryptoWriter::new(writer, encryptor),
+            CryptoWriter::new(writer, encryptor, max_pending),
             success,
         ));
     }
 
     debug!(peer = %peer, "MTProto handshake: no matching user found");
-    HandshakeResult::BadClient
+    HandshakeResult::BadClient { reader, writer }
 }
 
 /// Generate nonce for Telegram connection
-/// 
-/// In FAST MODE: we use the same keys for TG as for client, but reversed.
-/// This means: client's enc_key becomes TG's dec_key and vice versa.
 pub fn generate_tg_nonce(
     proto_tag: ProtoTag, 
-    client_dec_key: &[u8; 32],
-    client_dec_iv: u128,
+    dc_idx: i16,
+    _client_dec_key: &[u8; 32],
+    _client_dec_iv: u128,
+    client_enc_key: &[u8; 32],
+    client_enc_iv: u128,
+    rng: &SecureRandom,
     fast_mode: bool,
 ) -> ([u8; HANDSHAKE_LEN], [u8; 32], u128, [u8; 32], u128) {
     loop {
-        let bytes = SECURE_RANDOM.bytes(HANDSHAKE_LEN);
+        let bytes = rng.bytes(HANDSHAKE_LEN);
         let mut nonce: [u8; HANDSHAKE_LEN] = bytes.try_into().unwrap();
 
-        // Check reserved patterns
-        if RESERVED_NONCE_FIRST_BYTES.contains(&nonce[0]) {
-            continue;
-        }
+        if RESERVED_NONCE_FIRST_BYTES.contains(&nonce[0]) { continue; }
 
         let first_four: [u8; 4] = nonce[..4].try_into().unwrap();
-        if RESERVED_NONCE_BEGINNINGS.contains(&first_four) {
-            continue;
-        }
+        if RESERVED_NONCE_BEGINNINGS.contains(&first_four) { continue; }
 
         let continue_four: [u8; 4] = nonce[4..8].try_into().unwrap();
-        if RESERVED_NONCE_CONTINUES.contains(&continue_four) {
-            continue;
-        }
+        if RESERVED_NONCE_CONTINUES.contains(&continue_four) { continue; }
 
-        // Set protocol tag
         nonce[PROTO_TAG_POS..PROTO_TAG_POS + 4].copy_from_slice(&proto_tag.to_bytes());
+        // CRITICAL: write dc_idx so upstream DC knows where to route
+        nonce[DC_IDX_POS..DC_IDX_POS + 2].copy_from_slice(&dc_idx.to_le_bytes());
 
-        // Fast mode: copy client's dec_key+iv (this becomes TG's enc direction)
-        // In fast mode, we make TG use the same keys as client but swapped:
-        // - What we decrypt FROM TG = what we encrypt TO client (so no re-encryption needed)
-        // - What we encrypt TO TG = what we decrypt FROM client
         if fast_mode {
-            // Put client's dec_key + dec_iv into nonce[8:56]
-            // This will be used by TG for encryption TO us
-            nonce[SKIP_LEN..SKIP_LEN + KEY_LEN].copy_from_slice(client_dec_key);
-            nonce[SKIP_LEN + KEY_LEN..SKIP_LEN + KEY_LEN + IV_LEN]
-                .copy_from_slice(&client_dec_iv.to_be_bytes());
+            let mut key_iv = Vec::with_capacity(KEY_LEN + IV_LEN);
+            key_iv.extend_from_slice(client_enc_key);
+            key_iv.extend_from_slice(&client_enc_iv.to_be_bytes());
+            key_iv.reverse(); // Python/C behavior: reversed enc_key+enc_iv in nonce
+            nonce[SKIP_LEN..SKIP_LEN + KEY_LEN + IV_LEN].copy_from_slice(&key_iv);
         }
 
-        // Now compute what keys WE will use for TG connection
-        // enc_key_iv = nonce[8:56] (for encrypting TO TG)
-        // dec_key_iv = nonce[8:56] reversed (for decrypting FROM TG)
         let enc_key_iv = &nonce[SKIP_LEN..SKIP_LEN + KEY_LEN + IV_LEN];
         let dec_key_iv: Vec<u8> = enc_key_iv.iter().rev().copied().collect();
 
@@ -329,45 +360,36 @@ pub fn generate_tg_nonce(
         let tg_dec_key: [u8; 32] = dec_key_iv[..KEY_LEN].try_into().unwrap();
         let tg_dec_iv = u128::from_be_bytes(dec_key_iv[KEY_LEN..].try_into().unwrap());
 
-        debug!(
-            fast_mode = fast_mode,
-            tg_enc_key = %hex::encode(&tg_enc_key[..8]),
-            tg_dec_key = %hex::encode(&tg_dec_key[..8]),
-            "Generated TG nonce"
-        );
-        
         return (nonce, tg_enc_key, tg_enc_iv, tg_dec_key, tg_dec_iv);
     }
 }
 
-/// Encrypt nonce for sending to Telegram
-/// 
-/// Only the part from PROTO_TAG_POS onwards is encrypted.
-/// The encryption key is derived from enc_key_iv in the nonce itself.
-pub fn encrypt_tg_nonce(nonce: &[u8; HANDSHAKE_LEN]) -> Vec<u8> {
-    // enc_key_iv is at nonce[8:56]
+/// Encrypt nonce for sending to Telegram and return cipher objects with correct counter state
+pub fn encrypt_tg_nonce_with_ciphers(nonce: &[u8; HANDSHAKE_LEN]) -> (Vec<u8>, AesCtr, AesCtr) {
     let enc_key_iv = &nonce[SKIP_LEN..SKIP_LEN + KEY_LEN + IV_LEN];
+    let dec_key_iv: Vec<u8> = enc_key_iv.iter().rev().copied().collect();
 
-    // Key for encrypting is just the first 32 bytes of enc_key_iv
-    let key: [u8; 32] = enc_key_iv[..KEY_LEN].try_into().unwrap();
-    let iv = u128::from_be_bytes(enc_key_iv[KEY_LEN..].try_into().unwrap());
+    let enc_key: [u8; 32] = enc_key_iv[..KEY_LEN].try_into().unwrap();
+    let enc_iv = u128::from_be_bytes(enc_key_iv[KEY_LEN..].try_into().unwrap());
 
-    let mut encryptor = AesCtr::new(&key, iv);
+    let dec_key: [u8; 32] = dec_key_iv[..KEY_LEN].try_into().unwrap();
+    let dec_iv = u128::from_be_bytes(dec_key_iv[KEY_LEN..].try_into().unwrap());
 
-    // Encrypt the entire nonce first, then take only the encrypted tail
-    let encrypted_full = encryptor.encrypt(nonce);
+    let mut encryptor = AesCtr::new(&enc_key, enc_iv);
+    let encrypted_full = encryptor.encrypt(nonce);  // counter: 0 → 4
 
-    // Result: unencrypted head + encrypted tail
     let mut result = nonce[..PROTO_TAG_POS].to_vec();
     result.extend_from_slice(&encrypted_full[PROTO_TAG_POS..]);
 
-    trace!(
-        original = %hex::encode(&nonce[PROTO_TAG_POS..]),
-        encrypted = %hex::encode(&result[PROTO_TAG_POS..]),
-        "Encrypted nonce tail"
-    );
+    let decryptor = AesCtr::new(&dec_key, dec_iv);
 
-    result
+    (result, encryptor, decryptor)
+}
+
+/// Encrypt nonce for sending to Telegram (legacy function for compatibility)
+pub fn encrypt_tg_nonce(nonce: &[u8; HANDSHAKE_LEN]) -> Vec<u8> {
+    let (encrypted, _, _) = encrypt_tg_nonce_with_ciphers(nonce);
+    encrypted
 }
 
 #[cfg(test)]
@@ -378,14 +400,24 @@ mod tests {
     fn test_generate_tg_nonce() {
         let client_dec_key = [0x42u8; 32];
         let client_dec_iv = 12345u128;
+        let client_enc_key = [0x24u8; 32];
+        let client_enc_iv = 54321u128;
 
-        let (nonce, tg_enc_key, tg_enc_iv, tg_dec_key, tg_dec_iv) = 
-            generate_tg_nonce(ProtoTag::Secure, &client_dec_key, client_dec_iv, false);
+        let rng = SecureRandom::new();
+        let (nonce, _tg_enc_key, _tg_enc_iv, _tg_dec_key, _tg_dec_iv) = 
+            generate_tg_nonce(
+                ProtoTag::Secure,
+                2,
+                &client_dec_key,
+                client_dec_iv,
+                &client_enc_key,
+                client_enc_iv,
+                &rng,
+                false,
+            );
 
-        // Check length
         assert_eq!(nonce.len(), HANDSHAKE_LEN);
 
-        // Check proto tag is set
         let tag_bytes: [u8; 4] = nonce[PROTO_TAG_POS..PROTO_TAG_POS + 4].try_into().unwrap();
         assert_eq!(ProtoTag::from_bytes(tag_bytes), Some(ProtoTag::Secure));
     }
@@ -394,18 +426,47 @@ mod tests {
     fn test_encrypt_tg_nonce() {
         let client_dec_key = [0x42u8; 32];
         let client_dec_iv = 12345u128;
+        let client_enc_key = [0x24u8; 32];
+        let client_enc_iv = 54321u128;
 
+        let rng = SecureRandom::new();
         let (nonce, _, _, _, _) = 
-            generate_tg_nonce(ProtoTag::Secure, &client_dec_key, client_dec_iv, false);
+            generate_tg_nonce(
+                ProtoTag::Secure,
+                2,
+                &client_dec_key,
+                client_dec_iv,
+                &client_enc_key,
+                client_enc_iv,
+                &rng,
+                false,
+            );
 
         let encrypted = encrypt_tg_nonce(&nonce);
 
         assert_eq!(encrypted.len(), HANDSHAKE_LEN);
-        
-        // First PROTO_TAG_POS bytes should be unchanged
         assert_eq!(&encrypted[..PROTO_TAG_POS], &nonce[..PROTO_TAG_POS]);
-        
-        // Rest should be different (encrypted)
         assert_ne!(&encrypted[PROTO_TAG_POS..], &nonce[PROTO_TAG_POS..]);
     }
+
+    #[test]
+    fn test_handshake_success_zeroize_on_drop() {
+        let success = HandshakeSuccess {
+            user: "test".to_string(),
+            dc_idx: 2,
+            proto_tag: ProtoTag::Secure,
+            dec_key: [0xAA; 32],
+            dec_iv: 0xBBBBBBBB,
+            enc_key: [0xCC; 32],
+            enc_iv: 0xDDDDDDDD,
+            peer: "127.0.0.1:1234".parse().unwrap(),
+            is_tls: true,
+        };
+
+        assert_eq!(success.dec_key, [0xAA; 32]);
+        assert_eq!(success.enc_key, [0xCC; 32]);
+
+        drop(success);
+        // Drop impl zeroizes key material without panic
+    }
 }

src/proxy/masking.rs

@@ -1,72 +1,156 @@
 //! Masking - forward unrecognized traffic to mask host
 
+use std::str;
 use std::time::Duration;
 use tokio::net::TcpStream;
-use tokio::io::{AsyncReadExt, AsyncWriteExt};
+#[cfg(unix)]
+use tokio::net::UnixStream;
+use tokio::io::{AsyncRead, AsyncWrite, AsyncReadExt, AsyncWriteExt};
 use tokio::time::timeout;
 use tracing::debug;
 use crate::config::ProxyConfig;
-use crate::transport::set_linger_zero;
 
 const MASK_TIMEOUT: Duration = Duration::from_secs(5);
+/// Maximum duration for the entire masking relay.
+/// Limits resource consumption from slow-loris attacks and port scanners.
+const MASK_RELAY_TIMEOUT: Duration = Duration::from_secs(60);
 const MASK_BUFFER_SIZE: usize = 8192;
 
+/// Detect client type based on initial data
+fn detect_client_type(data: &[u8]) -> &'static str {
+    // Check for HTTP request
+    if data.len() > 4 {
+        if data.starts_with(b"GET ") || data.starts_with(b"POST") ||
+           data.starts_with(b"HEAD") || data.starts_with(b"PUT ") ||
+           data.starts_with(b"DELETE") || data.starts_with(b"OPTIONS") {
+            return "HTTP";
+        }
+    }
+
+    // Check for TLS ClientHello (0x16 = handshake, 0x03 0x01-0x03 = TLS version)
+    if data.len() > 3 && data[0] == 0x16 && data[1] == 0x03 {
+        return "TLS-scanner";
+    }
+
+    // Check for SSH
+    if data.starts_with(b"SSH-") {
+        return "SSH";
+    }
+
+    // Port scanner (very short data)
+    if data.len() < 10 {
+        return "port-scanner";
+    }
+
+    "unknown"
+}
+
 /// Handle a bad client by forwarding to mask host
-pub async fn handle_bad_client(
-    client: TcpStream,
+pub async fn handle_bad_client<R, W>(
+    reader: R,
+    writer: W,
     initial_data: &[u8],
     config: &ProxyConfig,
-) {
-    if !config.mask {
+)
+where
+    R: AsyncRead + Unpin + Send + 'static,
+    W: AsyncWrite + Unpin + Send + 'static,
+{
+    if !config.censorship.mask {
         // Masking disabled, just consume data
-        consume_client_data(client).await;
+        consume_client_data(reader).await;
         return;
     }
 
-    let mask_host = config.mask_host.as_deref()
-        .unwrap_or(&config.tls_domain);
-    let mask_port = config.mask_port;
+    let client_type = detect_client_type(initial_data);
+
+    // Connect via Unix socket or TCP
+    #[cfg(unix)]
+    if let Some(ref sock_path) = config.censorship.mask_unix_sock {
+        debug!(
+            client_type = client_type,
+            sock = %sock_path,
+            data_len = initial_data.len(),
+            "Forwarding bad client to mask unix socket"
+        );
+
+        let connect_result = timeout(MASK_TIMEOUT, UnixStream::connect(sock_path)).await;
+        match connect_result {
+            Ok(Ok(stream)) => {
+                let (mask_read, mask_write) = stream.into_split();
+                if timeout(MASK_RELAY_TIMEOUT, relay_to_mask(reader, writer, mask_read, mask_write, initial_data)).await.is_err() {
+                    debug!("Mask relay timed out (unix socket)");
+                }
+            }
+            Ok(Err(e)) => {
+                debug!(error = %e, "Failed to connect to mask unix socket");
+                consume_client_data(reader).await;
+            }
+            Err(_) => {
+                debug!("Timeout connecting to mask unix socket");
+                consume_client_data(reader).await;
+            }
+        }
+        return;
+    }
+
+    let mask_host = config.censorship.mask_host.as_deref()
+        .unwrap_or(&config.censorship.tls_domain);
+    let mask_port = config.censorship.mask_port;
 
     debug!(
+        client_type = client_type,
         host = %mask_host,
         port = mask_port,
+        data_len = initial_data.len(),
         "Forwarding bad client to mask host"
     );
 
     // Connect to mask host
     let mask_addr = format!("{}:{}", mask_host, mask_port);
-    let connect_result = timeout(
-        MASK_TIMEOUT,
-        TcpStream::connect(&mask_addr)
-    ).await;
-    
-    let mut mask_stream = match connect_result {
-        Ok(Ok(s)) => s,
+    let connect_result = timeout(MASK_TIMEOUT, TcpStream::connect(&mask_addr)).await;
+    match connect_result {
+        Ok(Ok(stream)) => {
+            let (mask_read, mask_write) = stream.into_split();
+            if timeout(MASK_RELAY_TIMEOUT, relay_to_mask(reader, writer, mask_read, mask_write, initial_data)).await.is_err() {
+                debug!("Mask relay timed out");
+            }
+        }
         Ok(Err(e)) => {
             debug!(error = %e, "Failed to connect to mask host");
-            consume_client_data(client).await;
-            return;
+            consume_client_data(reader).await;
         }
         Err(_) => {
             debug!("Timeout connecting to mask host");
-            consume_client_data(client).await;
-            return;
+            consume_client_data(reader).await;
         }
-    };
+    }
+}
 
+/// Relay traffic between client and mask backend
+async fn relay_to_mask<R, W, MR, MW>(
+    mut reader: R,
+    mut writer: W,
+    mut mask_read: MR,
+    mut mask_write: MW,
+    initial_data: &[u8],
+)
+where
+    R: AsyncRead + Unpin + Send + 'static,
+    W: AsyncWrite + Unpin + Send + 'static,
+    MR: AsyncRead + Unpin + Send + 'static,
+    MW: AsyncWrite + Unpin + Send + 'static,
+{
     // Send initial data to mask host
-    if mask_stream.write_all(initial_data).await.is_err() {
+    if mask_write.write_all(initial_data).await.is_err() {
         return;
     }
 
     // Relay traffic
-    let (mut client_read, mut client_write) = client.into_split();
-    let (mut mask_read, mut mask_write) = mask_stream.into_split();
-    
     let c2m = tokio::spawn(async move {
         let mut buf = vec![0u8; MASK_BUFFER_SIZE];
         loop {
-            match client_read.read(&mut buf).await {
+            match reader.read(&mut buf).await {
                 Ok(0) | Err(_) => {
                     let _ = mask_write.shutdown().await;
                     break;
@@ -85,11 +169,11 @@ pub async fn handle_bad_client(
         loop {
             match mask_read.read(&mut buf).await {
                 Ok(0) | Err(_) => {
-                    let _ = client_write.shutdown().await;
+                    let _ = writer.shutdown().await;
                     break;
                 }
                 Ok(n) => {
-                    if client_write.write_all(&buf[..n]).await.is_err() {
+                    if writer.write_all(&buf[..n]).await.is_err() {
                         break;
                     }
                 }
@@ -105,9 +189,9 @@ pub async fn handle_bad_client(
 }
 
 /// Just consume all data from client without responding
-async fn consume_client_data(mut client: TcpStream) {
+async fn consume_client_data<R: AsyncRead + Unpin>(mut reader: R) {
     let mut buf = vec![0u8; MASK_BUFFER_SIZE];
-    while let Ok(n) = client.read(&mut buf).await {
+    while let Ok(n) = reader.read(&mut buf).await {
         if n == 0 {
             break;
         }

src/proxy/middle_relay.rs

@@ -0,0 +1,482 @@
+use std::net::SocketAddr;
+use std::sync::Arc;
+
+use tokio::io::{AsyncRead, AsyncReadExt, AsyncWrite, AsyncWriteExt};
+use tokio::sync::{mpsc, oneshot};
+use tracing::{debug, info, trace, warn};
+
+use crate::config::ProxyConfig;
+use crate::crypto::SecureRandom;
+use crate::error::{ProxyError, Result};
+use crate::protocol::constants::{*, secure_padding_len};
+use crate::proxy::handshake::HandshakeSuccess;
+use crate::stats::Stats;
+use crate::stream::{BufferPool, CryptoReader, CryptoWriter};
+use crate::transport::middle_proxy::{MePool, MeResponse, proto_flags_for_tag};
+
+enum C2MeCommand {
+    Data { payload: Vec<u8>, flags: u32 },
+    Close,
+}
+
+pub(crate) async fn handle_via_middle_proxy<R, W>(
+    mut crypto_reader: CryptoReader<R>,
+    crypto_writer: CryptoWriter<W>,
+    success: HandshakeSuccess,
+    me_pool: Arc<MePool>,
+    stats: Arc<Stats>,
+    config: Arc<ProxyConfig>,
+    _buffer_pool: Arc<BufferPool>,
+    local_addr: SocketAddr,
+    rng: Arc<SecureRandom>,
+) -> Result<()>
+where
+    R: AsyncRead + Unpin + Send + 'static,
+    W: AsyncWrite + Unpin + Send + 'static,
+{
+    let user = success.user.clone();
+    let peer = success.peer;
+    let proto_tag = success.proto_tag;
+
+    info!(
+        user = %user,
+        peer = %peer,
+        dc = success.dc_idx,
+        proto = ?proto_tag,
+        mode = "middle_proxy",
+        "Routing via Middle-End"
+    );
+
+    let (conn_id, me_rx) = me_pool.registry().register().await;
+
+    stats.increment_user_connects(&user);
+    stats.increment_user_curr_connects(&user);
+
+    let proto_flags = proto_flags_for_tag(proto_tag, me_pool.has_proxy_tag());
+    debug!(
+        user = %user,
+        conn_id,
+        proto_flags = format_args!("0x{:08x}", proto_flags),
+        "ME relay started"
+    );
+
+    let translated_local_addr = me_pool.translate_our_addr(local_addr);
+
+    let frame_limit = config.general.max_client_frame;
+
+    let (c2me_tx, mut c2me_rx) = mpsc::channel::<C2MeCommand>(1024);
+    let me_pool_c2me = me_pool.clone();
+    let c2me_sender = tokio::spawn(async move {
+        while let Some(cmd) = c2me_rx.recv().await {
+            match cmd {
+                C2MeCommand::Data { payload, flags } => {
+                    me_pool_c2me.send_proxy_req(
+                        conn_id,
+                        success.dc_idx,
+                        peer,
+                        translated_local_addr,
+                        &payload,
+                        flags,
+                    ).await?;
+                }
+                C2MeCommand::Close => {
+                    let _ = me_pool_c2me.send_close(conn_id).await;
+                    return Ok(());
+                }
+            }
+        }
+        Ok(())
+    });
+
+    let (stop_tx, mut stop_rx) = oneshot::channel::<()>();
+    let mut me_rx_task = me_rx;
+    let stats_clone = stats.clone();
+    let rng_clone = rng.clone();
+    let user_clone = user.clone();
+    let me_writer = tokio::spawn(async move {
+        let mut writer = crypto_writer;
+        let mut frame_buf = Vec::with_capacity(16 * 1024);
+        loop {
+            tokio::select! {
+                msg = me_rx_task.recv() => {
+                    match msg {
+                        Some(MeResponse::Data { flags, data }) => {
+                            trace!(conn_id, bytes = data.len(), flags, "ME->C data");
+                            stats_clone.add_user_octets_to(&user_clone, data.len() as u64);
+                            write_client_payload(
+                                &mut writer,
+                                proto_tag,
+                                flags,
+                                &data,
+                                rng_clone.as_ref(),
+                                &mut frame_buf,
+                            )
+                            .await?;
+
+                            // Drain all immediately queued ME responses and flush once.
+                            while let Ok(next) = me_rx_task.try_recv() {
+                                match next {
+                                    MeResponse::Data { flags, data } => {
+                                        trace!(conn_id, bytes = data.len(), flags, "ME->C data (batched)");
+                                        stats_clone.add_user_octets_to(&user_clone, data.len() as u64);
+                                        write_client_payload(
+                                            &mut writer,
+                                            proto_tag,
+                                            flags,
+                                            &data,
+                                            rng_clone.as_ref(),
+                                            &mut frame_buf,
+                                        ).await?;
+                                    }
+                                    MeResponse::Ack(confirm) => {
+                                        trace!(conn_id, confirm, "ME->C quickack (batched)");
+                                        write_client_ack(&mut writer, proto_tag, confirm).await?;
+                                    }
+                                    MeResponse::Close => {
+                                        debug!(conn_id, "ME sent close (batched)");
+                                        let _ = writer.flush().await;
+                                        return Ok(());
+                                    }
+                                }
+                            }
+
+                            writer.flush().await.map_err(ProxyError::Io)?;
+                        }
+                        Some(MeResponse::Ack(confirm)) => {
+                            trace!(conn_id, confirm, "ME->C quickack");
+                            write_client_ack(&mut writer, proto_tag, confirm).await?;
+                        }
+                        Some(MeResponse::Close) => {
+                            debug!(conn_id, "ME sent close");
+                            let _ = writer.flush().await;
+                            return Ok(());
+                        }
+                        None => {
+                            debug!(conn_id, "ME channel closed");
+                            return Err(ProxyError::Proxy("ME connection lost".into()));
+                        }
+                    }
+                }
+                _ = &mut stop_rx => {
+                    debug!(conn_id, "ME writer stop signal");
+                    return Ok(());
+                }
+            }
+        }
+    });
+
+    let mut main_result: Result<()> = Ok(());
+    let mut client_closed = false;
+    let mut frame_counter: u64 = 0;
+    loop {
+        match read_client_payload(
+            &mut crypto_reader,
+            proto_tag,
+            frame_limit,
+            &user,
+            &mut frame_counter,
+            &stats,
+        ).await {
+            Ok(Some((payload, quickack))) => {
+                trace!(conn_id, bytes = payload.len(), "C->ME frame");
+                stats.add_user_octets_from(&user, payload.len() as u64);
+                let mut flags = proto_flags;
+                if quickack {
+                    flags |= RPC_FLAG_QUICKACK;
+                }
+                if payload.len() >= 8 && payload[..8].iter().all(|b| *b == 0) {
+                    flags |= RPC_FLAG_NOT_ENCRYPTED;
+                }
+                // Keep client read loop lightweight: route heavy ME send path via a dedicated task.
+                if c2me_tx
+                    .send(C2MeCommand::Data { payload, flags })
+                    .await
+                    .is_err()
+                {
+                    main_result = Err(ProxyError::Proxy("ME sender channel closed".into()));
+                    break;
+                }
+            }
+            Ok(None) => {
+                debug!(conn_id, "Client EOF");
+                client_closed = true;
+                let _ = c2me_tx.send(C2MeCommand::Close).await;
+                break;
+            }
+            Err(e) => {
+                main_result = Err(e);
+                break;
+            }
+        }
+    }
+
+    drop(c2me_tx);
+    let c2me_result = c2me_sender
+        .await
+        .unwrap_or_else(|e| Err(ProxyError::Proxy(format!("ME sender join error: {e}"))));
+
+    let _ = stop_tx.send(());
+    let mut writer_result = me_writer
+        .await
+        .unwrap_or_else(|e| Err(ProxyError::Proxy(format!("ME writer join error: {e}"))));
+
+    // When client closes, but ME channel stopped as unregistered - it isnt error
+    if client_closed {
+        if matches!(
+            writer_result,
+            Err(ProxyError::Proxy(ref msg)) if msg == "ME connection lost"
+        ) {
+            writer_result = Ok(());
+        }
+    }
+
+    let result = match (main_result, c2me_result, writer_result) {
+        (Ok(()), Ok(()), Ok(())) => Ok(()),
+        (Err(e), _, _) => Err(e),
+        (_, Err(e), _) => Err(e),
+        (_, _, Err(e)) => Err(e),
+    };
+
+    debug!(user = %user, conn_id, "ME relay cleanup");
+    me_pool.registry().unregister(conn_id).await;
+    stats.decrement_user_curr_connects(&user);
+    result
+}
+
+async fn read_client_payload<R>(
+    client_reader: &mut CryptoReader<R>,
+    proto_tag: ProtoTag,
+    max_frame: usize,
+    user: &str,
+    frame_counter: &mut u64,
+    stats: &Stats,
+) -> Result<Option<(Vec<u8>, bool)>>
+where
+    R: AsyncRead + Unpin + Send + 'static,
+{
+    loop {
+        let (len, quickack, raw_len_bytes) = match proto_tag {
+            ProtoTag::Abridged => {
+                let mut first = [0u8; 1];
+                match client_reader.read_exact(&mut first).await {
+                    Ok(_) => {}
+                    Err(e) if e.kind() == std::io::ErrorKind::UnexpectedEof => return Ok(None),
+                    Err(e) => return Err(ProxyError::Io(e)),
+                }
+
+                let quickack = (first[0] & 0x80) != 0;
+                let len_words = if (first[0] & 0x7f) == 0x7f {
+                    let mut ext = [0u8; 3];
+                    client_reader
+                        .read_exact(&mut ext)
+                        .await
+                        .map_err(ProxyError::Io)?;
+                    u32::from_le_bytes([ext[0], ext[1], ext[2], 0]) as usize
+                } else {
+                    (first[0] & 0x7f) as usize
+                };
+
+                let len = len_words
+                    .checked_mul(4)
+                    .ok_or_else(|| ProxyError::Proxy("Abridged frame length overflow".into()))?;
+                (len, quickack, None)
+            }
+            ProtoTag::Intermediate | ProtoTag::Secure => {
+                let mut len_buf = [0u8; 4];
+                match client_reader.read_exact(&mut len_buf).await {
+                    Ok(_) => {}
+                    Err(e) if e.kind() == std::io::ErrorKind::UnexpectedEof => return Ok(None),
+                    Err(e) => return Err(ProxyError::Io(e)),
+                }
+                let quickack = (len_buf[3] & 0x80) != 0;
+                (
+                    (u32::from_le_bytes(len_buf) & 0x7fff_ffff) as usize,
+                    quickack,
+                    Some(len_buf),
+                )
+            }
+        };
+
+        if len == 0 {
+            continue;
+        }
+        if len < 4 && proto_tag != ProtoTag::Abridged {
+            warn!(
+                user = %user,
+                len,
+                proto = ?proto_tag,
+                "Frame too small — corrupt or probe"
+            );
+            return Err(ProxyError::Proxy(format!("Frame too small: {len}")));
+        }
+
+        if len > max_frame {
+            let len_buf = raw_len_bytes.unwrap_or((len as u32).to_le_bytes());
+            let looks_like_tls = raw_len_bytes
+                .map(|b| b[0] == 0x16 && b[1] == 0x03)
+                .unwrap_or(false);
+            let looks_like_http = raw_len_bytes
+                .map(|b| matches!(b[0], b'G' | b'P' | b'H' | b'C' | b'D'))
+                .unwrap_or(false);
+            warn!(
+                user = %user,
+                raw_len = len,
+                raw_len_hex = format_args!("0x{:08x}", len),
+                raw_bytes = format_args!(
+                    "{:02x} {:02x} {:02x} {:02x}",
+                    len_buf[0], len_buf[1], len_buf[2], len_buf[3]
+                ),
+                proto = ?proto_tag,
+                tls_like = looks_like_tls,
+                http_like = looks_like_http,
+                frames_ok = *frame_counter,
+                "Frame too large — crypto desync forensics"
+            );
+            return Err(ProxyError::Proxy(format!(
+                "Frame too large: {len} (max {max_frame}), frames_ok={}",
+                *frame_counter
+            )));
+        }
+
+        let secure_payload_len = if proto_tag == ProtoTag::Secure {
+            match secure_payload_len_from_wire_len(len) {
+                Some(payload_len) => payload_len,
+                None => {
+                    stats.increment_secure_padding_invalid();
+                    return Err(ProxyError::Proxy(format!(
+                        "Invalid secure frame length: {len}"
+                    )));
+                }
+            }
+        } else {
+            len
+        };
+
+        let mut payload = vec![0u8; len];
+        client_reader
+            .read_exact(&mut payload)
+            .await
+            .map_err(ProxyError::Io)?;
+
+        // Secure Intermediate: strip validated trailing padding bytes.
+        if proto_tag == ProtoTag::Secure {
+            payload.truncate(secure_payload_len);
+        }
+        *frame_counter += 1;
+        return Ok(Some((payload, quickack)));
+    }
+}
+
+async fn write_client_payload<W>(
+    client_writer: &mut CryptoWriter<W>,
+    proto_tag: ProtoTag,
+    flags: u32,
+    data: &[u8],
+    rng: &SecureRandom,
+    frame_buf: &mut Vec<u8>,
+) -> Result<()>
+where
+    W: AsyncWrite + Unpin + Send + 'static,
+{
+    let quickack = (flags & RPC_FLAG_QUICKACK) != 0;
+
+    match proto_tag {
+        ProtoTag::Abridged => {
+            if data.len() % 4 != 0 {
+                return Err(ProxyError::Proxy(format!(
+                    "Abridged payload must be 4-byte aligned, got {}",
+                    data.len()
+                )));
+            }
+
+            let len_words = data.len() / 4;
+            if len_words < 0x7f {
+                let mut first = len_words as u8;
+                if quickack {
+                    first |= 0x80;
+                }
+                frame_buf.clear();
+                frame_buf.reserve(1 + data.len());
+                frame_buf.push(first);
+                frame_buf.extend_from_slice(data);
+                client_writer
+                    .write_all(&frame_buf)
+                    .await
+                    .map_err(ProxyError::Io)?;
+            } else if len_words < (1 << 24) {
+                let mut first = 0x7fu8;
+                if quickack {
+                    first |= 0x80;
+                }
+                let lw = (len_words as u32).to_le_bytes();
+                frame_buf.clear();
+                frame_buf.reserve(4 + data.len());
+                frame_buf.extend_from_slice(&[first, lw[0], lw[1], lw[2]]);
+                frame_buf.extend_from_slice(data);
+                client_writer
+                    .write_all(&frame_buf)
+                    .await
+                    .map_err(ProxyError::Io)?;
+            } else {
+                return Err(ProxyError::Proxy(format!(
+                    "Abridged frame too large: {}",
+                    data.len()
+                )));
+            }
+        }
+        ProtoTag::Intermediate | ProtoTag::Secure => {
+            let padding_len = if proto_tag == ProtoTag::Secure {
+                if !is_valid_secure_payload_len(data.len()) {
+                    return Err(ProxyError::Proxy(format!(
+                        "Secure payload must be 4-byte aligned, got {}",
+                        data.len()
+                    )));
+                }
+                secure_padding_len(data.len(), rng)
+            } else {
+                0
+            };
+            let mut len_val = (data.len() + padding_len) as u32;
+            if quickack {
+                len_val |= 0x8000_0000;
+            }
+            let total = 4 + data.len() + padding_len;
+            frame_buf.clear();
+            frame_buf.reserve(total);
+            frame_buf.extend_from_slice(&len_val.to_le_bytes());
+            frame_buf.extend_from_slice(data);
+            if padding_len > 0 {
+                let start = frame_buf.len();
+                frame_buf.resize(start + padding_len, 0);
+                rng.fill(&mut frame_buf[start..]);
+            }
+            client_writer
+                .write_all(&frame_buf)
+                .await
+                .map_err(ProxyError::Io)?;
+        }
+    }
+
+    Ok(())
+}
+
+async fn write_client_ack<W>(
+    client_writer: &mut CryptoWriter<W>,
+    proto_tag: ProtoTag,
+    confirm: u32,
+) -> Result<()>
+where
+    W: AsyncWrite + Unpin + Send + 'static,
+{
+    let bytes = if proto_tag == ProtoTag::Abridged {
+        confirm.to_be_bytes()
+    } else {
+        confirm.to_le_bytes()
+    };
+    client_writer
+        .write_all(&bytes)
+        .await
+        .map_err(ProxyError::Io)?;
+    // ACK should remain low-latency.
+    client_writer.flush().await.map_err(ProxyError::Io)
+}

src/proxy/mod.rs

@@ -1,11 +1,13 @@
 //! Proxy Defs
 
-pub mod handshake;
 pub mod client;
-pub mod relay;
+pub mod direct_relay;
+pub mod handshake;
 pub mod masking;
+pub mod middle_relay;
+pub mod relay;
 
-pub use handshake::*;
 pub use client::ClientHandler;
-pub use relay::*;
+pub use handshake::*;
 pub use masking::*;
+pub use relay::*;

src/proxy/relay.rs

@@ -1,22 +1,320 @@
-//! Bidirectional Relay
+//! Bidirectional Relay — poll-based, no head-of-line blocking
+//!
+//! ## What changed and why
+//!
+//! Previous implementation used a single-task `select! { biased; ... }` loop
+//! where each branch called `write_all()`. This caused head-of-line blocking:
+//! while `write_all()` waited for a slow writer (e.g. client on 3G downloading
+//! media), the entire loop was blocked — the other direction couldn't make progress.
+//!
+//! Symptoms observed in production:
+//! - Media loading at ~8 KB/s despite fast server connection
+//! - Stop-and-go pattern with 50–500ms gaps between chunks
+//! - `biased` select starving S→C direction
+//! - Some users unable to load media at all
+//!
+//! ## New architecture
+//!
+//! Uses `tokio::io::copy_bidirectional` which polls both directions concurrently
+//! in a single task via non-blocking `poll_read` / `poll_write` calls:
+//!
+//! Old (select! + write_all — BLOCKING):
+//!
+//!   loop {
+//!       select! {
+//!           biased;
+//!           data = client.read()  => { server.write_all(data).await; }  ← BLOCKS here
+//!           data = server.read()  => { client.write_all(data).await; }  ← can't run
+//!       }
+//!   }
+//!
+//! New (copy_bidirectional — CONCURRENT):
+//!
+//!   poll(cx) {
+//!       // Both directions polled in the same poll cycle
+//!       C→S: poll_read(client) → poll_write(server)   // non-blocking
+//!       S→C: poll_read(server) → poll_write(client)   // non-blocking
+//!       // If one writer is Pending, the other direction still progresses
+//!   }
+//!
+//! Benefits:
+//! - No head-of-line blocking: slow client download doesn't block uploads
+//! - No biased starvation: fair polling of both directions
+//! - Proper flush: `copy_bidirectional` calls `poll_flush` when reader stalls,
+//!   so CryptoWriter's pending ciphertext is always drained (fixes "stuck at 95%")
+//! - No deadlock risk: old write_all could deadlock when both TCP buffers filled;
+//!   poll-based approach lets TCP flow control work correctly
+//!
+//! Stats tracking:
+//! - `StatsIo` wraps client side, intercepts `poll_read` / `poll_write`
+//! - `poll_read` on client = C→S (client sending) → `octets_from`, `msgs_from`
+//! - `poll_write` on client = S→C (to client)     → `octets_to`, `msgs_to`
+//! - `SharedCounters` (atomics) let the watchdog read stats without locking
 
+use std::io;
+use std::pin::Pin;
 use std::sync::Arc;
-use tokio::io::{AsyncRead, AsyncWrite, AsyncReadExt, AsyncWriteExt};
+use std::sync::atomic::{AtomicU64, Ordering};
+use std::task::{Context, Poll};
+use std::time::Duration;
+use tokio::io::{AsyncRead, AsyncWrite, AsyncWriteExt, ReadBuf, copy_bidirectional};
+use tokio::time::Instant;
 use tracing::{debug, trace, warn};
 use crate::error::Result;
 use crate::stats::Stats;
-use std::sync::atomic::{AtomicU64, Ordering};
+use crate::stream::BufferPool;
 
-const BUFFER_SIZE: usize = 65536;
+// ============= Constants =============
 
-/// Relay data bidirectionally between client and server
+/// Activity timeout for iOS compatibility.
+///
+/// iOS keeps Telegram connections alive in background for up to 30 minutes.
+/// Closing earlier causes unnecessary reconnects and handshake overhead.
+const ACTIVITY_TIMEOUT: Duration = Duration::from_secs(1800);
+
+/// Watchdog check interval — also used for periodic rate logging.
+///
+/// 10 seconds gives responsive timeout detection (±10s accuracy)
+/// without measurable overhead from atomic reads.
+const WATCHDOG_INTERVAL: Duration = Duration::from_secs(10);
+
+// ============= CombinedStream =============
+
+/// Combines separate read and write halves into a single bidirectional stream.
+///
+/// `copy_bidirectional` requires `AsyncRead + AsyncWrite` on each side,
+/// but the handshake layer produces split reader/writer pairs
+/// (e.g. `CryptoReader<FakeTlsReader<OwnedReadHalf>>` + `CryptoWriter<...>`).
+///
+/// This wrapper reunifies them with zero overhead — each trait method
+/// delegates directly to the corresponding half. No buffering, no copies.
+///
+/// Safety: `poll_read` only touches `reader`, `poll_write` only touches `writer`,
+/// so there's no aliasing even though both are called on the same `&mut self`.
+struct CombinedStream<R, W> {
+    reader: R,
+    writer: W,
+}
+
+impl<R, W> CombinedStream<R, W> {
+    fn new(reader: R, writer: W) -> Self {
+        Self { reader, writer }
+    }
+}
+
+impl<R: AsyncRead + Unpin, W: Unpin> AsyncRead for CombinedStream<R, W> {
+    #[inline]
+    fn poll_read(
+        self: Pin<&mut Self>,
+        cx: &mut Context<'_>,
+        buf: &mut ReadBuf<'_>,
+    ) -> Poll<io::Result<()>> {
+        Pin::new(&mut self.get_mut().reader).poll_read(cx, buf)
+    }
+}
+
+impl<R: Unpin, W: AsyncWrite + Unpin> AsyncWrite for CombinedStream<R, W> {
+    #[inline]
+    fn poll_write(
+        self: Pin<&mut Self>,
+        cx: &mut Context<'_>,
+        buf: &[u8],
+    ) -> Poll<io::Result<usize>> {
+        Pin::new(&mut self.get_mut().writer).poll_write(cx, buf)
+    }
+
+    #[inline]
+    fn poll_flush(self: Pin<&mut Self>, cx: &mut Context<'_>) -> Poll<io::Result<()>> {
+        Pin::new(&mut self.get_mut().writer).poll_flush(cx)
+    }
+
+    #[inline]
+    fn poll_shutdown(self: Pin<&mut Self>, cx: &mut Context<'_>) -> Poll<io::Result<()>> {
+        Pin::new(&mut self.get_mut().writer).poll_shutdown(cx)
+    }
+}
+
+// ============= SharedCounters =============
+
+/// Atomic counters shared between the relay (via StatsIo) and the watchdog task.
+///
+/// Using `Relaxed` ordering is sufficient because:
+/// - Counters are monotonically increasing (no ABA problem)
+/// - Slight staleness in watchdog reads is harmless (±10s check interval anyway)
+/// - No ordering dependencies between different counters
+struct SharedCounters {
+    /// Bytes read from client (C→S direction)
+    c2s_bytes: AtomicU64,
+    /// Bytes written to client (S→C direction)
+    s2c_bytes: AtomicU64,
+    /// Number of poll_read completions (≈ C→S chunks)
+    c2s_ops: AtomicU64,
+    /// Number of poll_write completions (≈ S→C chunks)
+    s2c_ops: AtomicU64,
+    /// Milliseconds since relay epoch of last I/O activity
+    last_activity_ms: AtomicU64,
+}
+
+impl SharedCounters {
+    fn new() -> Self {
+        Self {
+            c2s_bytes: AtomicU64::new(0),
+            s2c_bytes: AtomicU64::new(0),
+            c2s_ops: AtomicU64::new(0),
+            s2c_ops: AtomicU64::new(0),
+            last_activity_ms: AtomicU64::new(0),
+        }
+    }
+
+    /// Record activity at this instant.
+    #[inline]
+    fn touch(&self, now: Instant, epoch: Instant) {
+        let ms = now.duration_since(epoch).as_millis() as u64;
+        self.last_activity_ms.store(ms, Ordering::Relaxed);
+    }
+
+    /// How long since last recorded activity.
+    fn idle_duration(&self, now: Instant, epoch: Instant) -> Duration {
+        let last_ms = self.last_activity_ms.load(Ordering::Relaxed);
+        let now_ms = now.duration_since(epoch).as_millis() as u64;
+        Duration::from_millis(now_ms.saturating_sub(last_ms))
+    }
+}
+
+// ============= StatsIo =============
+
+/// Transparent I/O wrapper that tracks per-user statistics and activity.
+///
+/// Wraps the **client** side of the relay. Direction mapping:
+///
+/// | poll method  | direction | stats updated                        |
+/// |-------------|-----------|--------------------------------------|
+/// | `poll_read`  | C→S       | `octets_from`, `msgs_from`, counters |
+/// | `poll_write` | S→C       | `octets_to`, `msgs_to`, counters     |
+///
+/// Both update the shared activity timestamp for the watchdog.
+///
+/// Note on message counts: the original code counted one `read()`/`write_all()`
+/// as one "message". Here we count `poll_read`/`poll_write` completions instead.
+/// Byte counts are identical; op counts may differ slightly due to different
+/// internal buffering in `copy_bidirectional`. This is fine for monitoring.
+struct StatsIo<S> {
+    inner: S,
+    counters: Arc<SharedCounters>,
+    stats: Arc<Stats>,
+    user: String,
+    epoch: Instant,
+}
+
+impl<S> StatsIo<S> {
+    fn new(
+        inner: S,
+        counters: Arc<SharedCounters>,
+        stats: Arc<Stats>,
+        user: String,
+        epoch: Instant,
+    ) -> Self {
+        // Mark initial activity so the watchdog doesn't fire before data flows
+        counters.touch(Instant::now(), epoch);
+        Self { inner, counters, stats, user, epoch }
+    }
+}
+
+impl<S: AsyncRead + Unpin> AsyncRead for StatsIo<S> {
+    fn poll_read(
+        self: Pin<&mut Self>,
+        cx: &mut Context<'_>,
+        buf: &mut ReadBuf<'_>,
+    ) -> Poll<io::Result<()>> {
+        let this = self.get_mut();
+        let before = buf.filled().len();
+
+        match Pin::new(&mut this.inner).poll_read(cx, buf) {
+            Poll::Ready(Ok(())) => {
+                let n = buf.filled().len() - before;
+                if n > 0 {
+                    // C→S: client sent data
+                    this.counters.c2s_bytes.fetch_add(n as u64, Ordering::Relaxed);
+                    this.counters.c2s_ops.fetch_add(1, Ordering::Relaxed);
+                    this.counters.touch(Instant::now(), this.epoch);
+
+                    this.stats.add_user_octets_from(&this.user, n as u64);
+                    this.stats.increment_user_msgs_from(&this.user);
+
+                    trace!(user = %this.user, bytes = n, "C->S");
+                }
+                Poll::Ready(Ok(()))
+            }
+            other => other,
+        }
+    }
+}
+
+impl<S: AsyncWrite + Unpin> AsyncWrite for StatsIo<S> {
+    fn poll_write(
+        self: Pin<&mut Self>,
+        cx: &mut Context<'_>,
+        buf: &[u8],
+    ) -> Poll<io::Result<usize>> {
+        let this = self.get_mut();
+
+        match Pin::new(&mut this.inner).poll_write(cx, buf) {
+            Poll::Ready(Ok(n)) => {
+                if n > 0 {
+                    // S→C: data written to client
+                    this.counters.s2c_bytes.fetch_add(n as u64, Ordering::Relaxed);
+                    this.counters.s2c_ops.fetch_add(1, Ordering::Relaxed);
+                    this.counters.touch(Instant::now(), this.epoch);
+
+                    this.stats.add_user_octets_to(&this.user, n as u64);
+                    this.stats.increment_user_msgs_to(&this.user);
+
+                    trace!(user = %this.user, bytes = n, "S->C");
+                }
+                Poll::Ready(Ok(n))
+            }
+            other => other,
+        }
+    }
+
+    #[inline]
+    fn poll_flush(self: Pin<&mut Self>, cx: &mut Context<'_>) -> Poll<io::Result<()>> {
+        Pin::new(&mut self.get_mut().inner).poll_flush(cx)
+    }
+
+    #[inline]
+    fn poll_shutdown(self: Pin<&mut Self>, cx: &mut Context<'_>) -> Poll<io::Result<()>> {
+        Pin::new(&mut self.get_mut().inner).poll_shutdown(cx)
+    }
+}
+
+// ============= Relay =============
+
+/// Relay data bidirectionally between client and server.
+///
+/// Uses `tokio::io::copy_bidirectional` for concurrent, non-blocking data transfer.
+///
+/// ## API compatibility
+///
+/// Signature is identical to the previous implementation. The `_buffer_pool`
+/// parameter is retained for call-site compatibility — `copy_bidirectional`
+/// manages its own internal buffers (8 KB per direction).
+///
+/// ## Guarantees preserved
+///
+/// - Activity timeout: 30 minutes of inactivity → clean shutdown
+/// - Per-user stats: bytes and ops counted per direction
+/// - Periodic rate logging: every 10 seconds when active
+/// - Clean shutdown: both write sides are shut down on exit
+/// - Error propagation: I/O errors are returned as `ProxyError::Io`
 pub async fn relay_bidirectional<CR, CW, SR, SW>(
-    mut client_reader: CR,
-    mut client_writer: CW,
-    mut server_reader: SR,
-    mut server_writer: SW,
+    client_reader: CR,
+    client_writer: CW,
+    server_reader: SR,
+    server_writer: SW,
     user: &str,
     stats: Arc<Stats>,
+    _buffer_pool: Arc<BufferPool>,
 ) -> Result<()>
 where
     CR: AsyncRead + Unpin + Send + 'static,
@@ -24,139 +322,145 @@ where
     SR: AsyncRead + Unpin + Send + 'static,
     SW: AsyncWrite + Unpin + Send + 'static,
 {
-    let user_c2s = user.to_string();
-    let user_s2c = user.to_string();
+    let epoch = Instant::now();
+    let counters = Arc::new(SharedCounters::new());
+    let user_owned = user.to_string();
 
-    // Используем Arc::clone вместо stats.clone()
-    let stats_c2s = Arc::clone(&stats);
-    let stats_s2c = Arc::clone(&stats);
+    // ── Combine split halves into bidirectional streams ──────────────
+    let client_combined = CombinedStream::new(client_reader, client_writer);
+    let mut server = CombinedStream::new(server_reader, server_writer);
 
-    let c2s_bytes = Arc::new(AtomicU64::new(0));
-    let s2c_bytes = Arc::new(AtomicU64::new(0));
-    let c2s_bytes_clone = Arc::clone(&c2s_bytes);
-    let s2c_bytes_clone = Arc::clone(&s2c_bytes);
+    // Wrap client with stats/activity tracking
+    let mut client = StatsIo::new(
+        client_combined,
+        Arc::clone(&counters),
+        Arc::clone(&stats),
+        user_owned.clone(),
+        epoch,
+    );
 
-    // Client -> Server task
-    let c2s = tokio::spawn(async move {
-        let mut buf = vec![0u8; BUFFER_SIZE];
-        let mut total_bytes = 0u64;
-        let mut msg_count = 0u64;
+    // ── Watchdog: activity timeout + periodic rate logging ──────────
+    let wd_counters = Arc::clone(&counters);
+    let wd_user = user_owned.clone();
+
+    let watchdog = async {
+        let mut prev_c2s: u64 = 0;
+        let mut prev_s2c: u64 = 0;
 
         loop {
-            match client_reader.read(&mut buf).await {
-                Ok(0) => {
+            tokio::time::sleep(WATCHDOG_INTERVAL).await;
+
+            let now = Instant::now();
+            let idle = wd_counters.idle_duration(now, epoch);
+
+            // ── Activity timeout ────────────────────────────────────
+            if idle >= ACTIVITY_TIMEOUT {
+                let c2s = wd_counters.c2s_bytes.load(Ordering::Relaxed);
+                let s2c = wd_counters.s2c_bytes.load(Ordering::Relaxed);
+                warn!(
+                    user = %wd_user,
+                    c2s_bytes = c2s,
+                    s2c_bytes = s2c,
+                    idle_secs = idle.as_secs(),
+                    "Activity timeout"
+                );
+                return; // Causes select! to cancel copy_bidirectional
+            }
+
+            // ── Periodic rate logging ───────────────────────────────
+            let c2s = wd_counters.c2s_bytes.load(Ordering::Relaxed);
+            let s2c = wd_counters.s2c_bytes.load(Ordering::Relaxed);
+            let c2s_delta = c2s - prev_c2s;
+            let s2c_delta = s2c - prev_s2c;
+
+            if c2s_delta > 0 || s2c_delta > 0 {
+                let secs = WATCHDOG_INTERVAL.as_secs_f64();
                 debug!(
-                        user = %user_c2s, 
-                        total_bytes = total_bytes,
-                        msgs = msg_count,
-                        "Client closed connection (C->S)"
+                    user = %wd_user,
+                    c2s_kbps = (c2s_delta as f64 / secs / 1024.0) as u64,
+                    s2c_kbps = (s2c_delta as f64 / secs / 1024.0) as u64,
+                    c2s_total = c2s,
+                    s2c_total = s2c,
+                    "Relay active"
                 );
-                    let _ = server_writer.shutdown().await;
-                    break;
             }
-                Ok(n) => {
-                    total_bytes += n as u64;
-                    msg_count += 1;
-                    c2s_bytes_clone.store(total_bytes, Ordering::Relaxed);
 
-                    stats_c2s.add_user_octets_from(&user_c2s, n as u64);
-                    stats_c2s.increment_user_msgs_from(&user_c2s);
+            prev_c2s = c2s;
+            prev_s2c = s2c;
+        }
+    };
 
-                    trace!(
-                        user = %user_c2s,
-                        bytes = n,
-                        total = total_bytes,
-                        data_preview = %hex::encode(&buf[..n.min(32)]),
-                        "C->S data"
-                    );
+    // ── Run bidirectional copy + watchdog concurrently ───────────────
+    //
+    // copy_bidirectional polls both directions in the same poll() call:
+    //   C→S: poll_read(client/StatsIo) → poll_write(server)
+    //   S→C: poll_read(server)         → poll_write(client/StatsIo)
+    //
+    // When one direction's writer returns Pending, the other direction
+    // continues — no head-of-line blocking.
+    //
+    // When the watchdog fires, select! drops the copy future,
+    // releasing the &mut borrows on client and server.
+    let copy_result = tokio::select! {
+        result = copy_bidirectional(&mut client, &mut server) => Some(result),
+        _ = watchdog => None, // Activity timeout — cancel relay
+    };
 
-                    if let Err(e) = server_writer.write_all(&buf[..n]).await {
-                        debug!(user = %user_c2s, error = %e, "Failed to write to server");
-                        break;
-                    }
-                    if let Err(e) = server_writer.flush().await {
-                        debug!(user = %user_c2s, error = %e, "Failed to flush to server");
-                        break;
-                    }
-                }
-                Err(e) => {
-                    debug!(user = %user_c2s, error = %e, total_bytes = total_bytes, "Client read error");
-                    break;
-                }
-            }
-        }
-    });
+    // ── Clean shutdown ──────────────────────────────────────────────
+    // After select!, the losing future is dropped, borrows released.
+    // Shut down both write sides for clean TCP FIN.
+    let _ = client.shutdown().await;
+    let _ = server.shutdown().await;
 
-    // Server -> Client task
-    let s2c = tokio::spawn(async move {
-        let mut buf = vec![0u8; BUFFER_SIZE];
-        let mut total_bytes = 0u64;
-        let mut msg_count = 0u64;
+    // ── Final logging ───────────────────────────────────────────────
+    let c2s_ops = counters.c2s_ops.load(Ordering::Relaxed);
+    let s2c_ops = counters.s2c_ops.load(Ordering::Relaxed);
+    let duration = epoch.elapsed();
 
-        loop {
-            match server_reader.read(&mut buf).await {
-                Ok(0) => {
+    match copy_result {
+        Some(Ok((c2s, s2c))) => {
+            // Normal completion — one side closed the connection
             debug!(
-                        user = %user_s2c,
-                        total_bytes = total_bytes,
-                        msgs = msg_count,
-                        "Server closed connection (S->C)"
-                    );
-                    let _ = client_writer.shutdown().await;
-                    break;
-                }
-                Ok(n) => {
-                    total_bytes += n as u64;
-                    msg_count += 1;
-                    s2c_bytes_clone.store(total_bytes, Ordering::Relaxed);
-                    
-                    stats_s2c.add_user_octets_to(&user_s2c, n as u64);
-                    stats_s2c.increment_user_msgs_to(&user_s2c);
-                    
-                    trace!(
-                        user = %user_s2c,
-                        bytes = n,
-                        total = total_bytes,
-                        data_preview = %hex::encode(&buf[..n.min(32)]),
-                        "S->C data"
-                    );
-                    
-                    if let Err(e) = client_writer.write_all(&buf[..n]).await {
-                        debug!(user = %user_s2c, error = %e, "Failed to write to client");
-                        break;
-                    }
-                    if let Err(e) = client_writer.flush().await {
-                        debug!(user = %user_s2c, error = %e, "Failed to flush to client");
-                        break;
-                    }
-                }
-                Err(e) => {
-                    debug!(user = %user_s2c, error = %e, total_bytes = total_bytes, "Server read error");
-                    break;
-                }
-            }
-        }
-    });
-    
-    // Wait for either direction to complete
-    tokio::select! {
-        result = c2s => {
-            if let Err(e) = result {
-                warn!(error = %e, "C->S task panicked");
-            }
-        }
-        result = s2c => {
-            if let Err(e) = result {
-                warn!(error = %e, "S->C task panicked");
-            }
-        }
-    }
-    
-    debug!(
-        c2s_bytes = c2s_bytes.load(Ordering::Relaxed),
-        s2c_bytes = s2c_bytes.load(Ordering::Relaxed),
+                user = %user_owned,
+                c2s_bytes = c2s,
+                s2c_bytes = s2c,
+                c2s_msgs = c2s_ops,
+                s2c_msgs = s2c_ops,
+                duration_secs = duration.as_secs(),
                 "Relay finished"
             );
-    
             Ok(())
+        }
+        Some(Err(e)) => {
+            // I/O error in one of the directions
+            let c2s = counters.c2s_bytes.load(Ordering::Relaxed);
+            let s2c = counters.s2c_bytes.load(Ordering::Relaxed);
+            debug!(
+                user = %user_owned,
+                c2s_bytes = c2s,
+                s2c_bytes = s2c,
+                c2s_msgs = c2s_ops,
+                s2c_msgs = s2c_ops,
+                duration_secs = duration.as_secs(),
+                error = %e,
+                "Relay error"
+            );
+            Err(e.into())
+        }
+        None => {
+            // Activity timeout (watchdog fired)
+            let c2s = counters.c2s_bytes.load(Ordering::Relaxed);
+            let s2c = counters.s2c_bytes.load(Ordering::Relaxed);
+            debug!(
+                user = %user_owned,
+                c2s_bytes = c2s,
+                s2c_bytes = s2c,
+                c2s_msgs = c2s_ops,
+                s2c_msgs = s2c_ops,
+                duration_secs = duration.as_secs(),
+                "Relay finished (activity timeout)"
+            );
+            Ok(())
+        }
+    }
 }

src/stats/mod.rs

@@ -1,29 +1,40 @@
-//! Statistics
+//! Statistics and replay protection
 
 use std::sync::atomic::{AtomicU64, Ordering};
 use std::sync::Arc;
-use std::time::Instant;
+use std::time::{Instant, Duration};
 use dashmap::DashMap;
-use parking_lot::RwLock;
+use parking_lot::Mutex;
 use lru::LruCache;
 use std::num::NonZeroUsize;
+use std::hash::{Hash, Hasher};
+use std::collections::hash_map::DefaultHasher;
+use std::collections::VecDeque;
+use tracing::debug;
+
+// ============= Stats =============
 
-/// Thread-safe statistics
 #[derive(Default)]
 pub struct Stats {
-    // Global counters
     connects_all: AtomicU64,
     connects_bad: AtomicU64,
     handshake_timeouts: AtomicU64,
-    
-    // Per-user stats
+    me_keepalive_sent: AtomicU64,
+    me_keepalive_failed: AtomicU64,
+    me_keepalive_pong: AtomicU64,
+    me_keepalive_timeout: AtomicU64,
+    me_reconnect_attempts: AtomicU64,
+    me_reconnect_success: AtomicU64,
+    me_crc_mismatch: AtomicU64,
+    me_seq_mismatch: AtomicU64,
+    me_route_drop_no_conn: AtomicU64,
+    me_route_drop_channel_closed: AtomicU64,
+    me_route_drop_queue_full: AtomicU64,
+    secure_padding_invalid: AtomicU64,
     user_stats: DashMap<String, UserStats>,
-    
-    // Start time
-    start_time: RwLock<Option<Instant>>,
+    start_time: parking_lot::RwLock<Option<Instant>>,
 }
 
-/// Per-user statistics
 #[derive(Default)]
 pub struct UserStats {
     pub connects: AtomicU64,
@@ -41,92 +52,110 @@ impl Stats {
         stats
     }
     
-    // Global stats
-    pub fn increment_connects_all(&self) {
-        self.connects_all.fetch_add(1, Ordering::Relaxed);
+    pub fn increment_connects_all(&self) { self.connects_all.fetch_add(1, Ordering::Relaxed); }
+    pub fn increment_connects_bad(&self) { self.connects_bad.fetch_add(1, Ordering::Relaxed); }
+    pub fn increment_handshake_timeouts(&self) { self.handshake_timeouts.fetch_add(1, Ordering::Relaxed); }
+    pub fn increment_me_keepalive_sent(&self) { self.me_keepalive_sent.fetch_add(1, Ordering::Relaxed); }
+    pub fn increment_me_keepalive_failed(&self) { self.me_keepalive_failed.fetch_add(1, Ordering::Relaxed); }
+    pub fn increment_me_keepalive_pong(&self) { self.me_keepalive_pong.fetch_add(1, Ordering::Relaxed); }
+    pub fn increment_me_keepalive_timeout(&self) { self.me_keepalive_timeout.fetch_add(1, Ordering::Relaxed); }
+    pub fn increment_me_keepalive_timeout_by(&self, value: u64) {
+        self.me_keepalive_timeout.fetch_add(value, Ordering::Relaxed);
+    }
+    pub fn increment_me_reconnect_attempt(&self) { self.me_reconnect_attempts.fetch_add(1, Ordering::Relaxed); }
+    pub fn increment_me_reconnect_success(&self) { self.me_reconnect_success.fetch_add(1, Ordering::Relaxed); }
+    pub fn increment_me_crc_mismatch(&self) { self.me_crc_mismatch.fetch_add(1, Ordering::Relaxed); }
+    pub fn increment_me_seq_mismatch(&self) { self.me_seq_mismatch.fetch_add(1, Ordering::Relaxed); }
+    pub fn increment_me_route_drop_no_conn(&self) { self.me_route_drop_no_conn.fetch_add(1, Ordering::Relaxed); }
+    pub fn increment_me_route_drop_channel_closed(&self) {
+        self.me_route_drop_channel_closed.fetch_add(1, Ordering::Relaxed);
+    }
+    pub fn increment_me_route_drop_queue_full(&self) {
+        self.me_route_drop_queue_full.fetch_add(1, Ordering::Relaxed);
+    }
+    pub fn increment_secure_padding_invalid(&self) {
+        self.secure_padding_invalid.fetch_add(1, Ordering::Relaxed);
+    }
+    pub fn get_connects_all(&self) -> u64 { self.connects_all.load(Ordering::Relaxed) }
+    pub fn get_connects_bad(&self) -> u64 { self.connects_bad.load(Ordering::Relaxed) }
+    pub fn get_me_keepalive_sent(&self) -> u64 { self.me_keepalive_sent.load(Ordering::Relaxed) }
+    pub fn get_me_keepalive_failed(&self) -> u64 { self.me_keepalive_failed.load(Ordering::Relaxed) }
+    pub fn get_me_keepalive_pong(&self) -> u64 { self.me_keepalive_pong.load(Ordering::Relaxed) }
+    pub fn get_me_keepalive_timeout(&self) -> u64 { self.me_keepalive_timeout.load(Ordering::Relaxed) }
+    pub fn get_me_reconnect_attempts(&self) -> u64 { self.me_reconnect_attempts.load(Ordering::Relaxed) }
+    pub fn get_me_reconnect_success(&self) -> u64 { self.me_reconnect_success.load(Ordering::Relaxed) }
+    pub fn get_me_crc_mismatch(&self) -> u64 { self.me_crc_mismatch.load(Ordering::Relaxed) }
+    pub fn get_me_seq_mismatch(&self) -> u64 { self.me_seq_mismatch.load(Ordering::Relaxed) }
+    pub fn get_me_route_drop_no_conn(&self) -> u64 { self.me_route_drop_no_conn.load(Ordering::Relaxed) }
+    pub fn get_me_route_drop_channel_closed(&self) -> u64 {
+        self.me_route_drop_channel_closed.load(Ordering::Relaxed)
+    }
+    pub fn get_me_route_drop_queue_full(&self) -> u64 {
+        self.me_route_drop_queue_full.load(Ordering::Relaxed)
+    }
+    pub fn get_secure_padding_invalid(&self) -> u64 {
+        self.secure_padding_invalid.load(Ordering::Relaxed)
     }
     
-    pub fn increment_connects_bad(&self) {
-        self.connects_bad.fetch_add(1, Ordering::Relaxed);
-    }
-    
-    pub fn increment_handshake_timeouts(&self) {
-        self.handshake_timeouts.fetch_add(1, Ordering::Relaxed);
-    }
-    
-    pub fn get_connects_all(&self) -> u64 {
-        self.connects_all.load(Ordering::Relaxed)
-    }
-    
-    pub fn get_connects_bad(&self) -> u64 {
-        self.connects_bad.load(Ordering::Relaxed)
-    }
-    
-    // User stats
     pub fn increment_user_connects(&self, user: &str) {
-        self.user_stats
-            .entry(user.to_string())
-            .or_default()
-            .connects
-            .fetch_add(1, Ordering::Relaxed);
+        self.user_stats.entry(user.to_string()).or_default()
+            .connects.fetch_add(1, Ordering::Relaxed);
     }
     
     pub fn increment_user_curr_connects(&self, user: &str) {
-        self.user_stats
-            .entry(user.to_string())
-            .or_default()
-            .curr_connects
-            .fetch_add(1, Ordering::Relaxed);
+        self.user_stats.entry(user.to_string()).or_default()
+            .curr_connects.fetch_add(1, Ordering::Relaxed);
     }
     
     pub fn decrement_user_curr_connects(&self, user: &str) {
         if let Some(stats) = self.user_stats.get(user) {
-            stats.curr_connects.fetch_sub(1, Ordering::Relaxed);
+            let counter = &stats.curr_connects;
+            let mut current = counter.load(Ordering::Relaxed);
+            loop {
+                if current == 0 {
+                    break;
+                }
+                match counter.compare_exchange_weak(
+                    current,
+                    current - 1,
+                    Ordering::Relaxed,
+                    Ordering::Relaxed,
+                ) {
+                    Ok(_) => break,
+                    Err(actual) => current = actual,
+                }
+            }
         }
     }
     
     pub fn get_user_curr_connects(&self, user: &str) -> u64 {
-        self.user_stats
-            .get(user)
+        self.user_stats.get(user)
             .map(|s| s.curr_connects.load(Ordering::Relaxed))
             .unwrap_or(0)
     }
     
     pub fn add_user_octets_from(&self, user: &str, bytes: u64) {
-        self.user_stats
-            .entry(user.to_string())
-            .or_default()
-            .octets_from_client
-            .fetch_add(bytes, Ordering::Relaxed);
+        self.user_stats.entry(user.to_string()).or_default()
+            .octets_from_client.fetch_add(bytes, Ordering::Relaxed);
     }
     
     pub fn add_user_octets_to(&self, user: &str, bytes: u64) {
-        self.user_stats
-            .entry(user.to_string())
-            .or_default()
-            .octets_to_client
-            .fetch_add(bytes, Ordering::Relaxed);
+        self.user_stats.entry(user.to_string()).or_default()
+            .octets_to_client.fetch_add(bytes, Ordering::Relaxed);
     }
     
     pub fn increment_user_msgs_from(&self, user: &str) {
-        self.user_stats
-            .entry(user.to_string())
-            .or_default()
-            .msgs_from_client
-            .fetch_add(1, Ordering::Relaxed);
+        self.user_stats.entry(user.to_string()).or_default()
+            .msgs_from_client.fetch_add(1, Ordering::Relaxed);
     }
     
     pub fn increment_user_msgs_to(&self, user: &str) {
-        self.user_stats
-            .entry(user.to_string())
-            .or_default()
-            .msgs_to_client
-            .fetch_add(1, Ordering::Relaxed);
+        self.user_stats.entry(user.to_string()).or_default()
+            .msgs_to_client.fetch_add(1, Ordering::Relaxed);
     }
     
     pub fn get_user_total_octets(&self, user: &str) -> u64 {
-        self.user_stats
-            .get(user)
+        self.user_stats.get(user)
             .map(|s| {
                 s.octets_from_client.load(Ordering::Relaxed) +
                 s.octets_to_client.load(Ordering::Relaxed)
@@ -134,6 +163,12 @@ impl Stats {
             .unwrap_or(0)
     }
     
+    pub fn get_handshake_timeouts(&self) -> u64 { self.handshake_timeouts.load(Ordering::Relaxed) }
+
+    pub fn iter_user_stats(&self) -> dashmap::iter::Iter<'_, String, UserStats> {
+        self.user_stats.iter()
+    }
+
     pub fn uptime_secs(&self) -> f64 {
         self.start_time.read()
             .map(|t| t.elapsed().as_secs_f64())
@@ -141,37 +176,222 @@ impl Stats {
     }
 }
 
-// Arc<Stats> Hightech Stats :D
+// ============= Replay Checker =============
 
-/// Replay attack checker using LRU cache
 pub struct ReplayChecker {
-    handshakes: RwLock<LruCache<Vec<u8>, ()>>,
-    tls_digests: RwLock<LruCache<Vec<u8>, ()>>,
+    shards: Vec<Mutex<ReplayShard>>,
+    shard_mask: usize,
+    window: Duration,
+    checks: AtomicU64,
+    hits: AtomicU64,
+    additions: AtomicU64,
+    cleanups: AtomicU64,
+}
+
+struct ReplayEntry {
+    seen_at: Instant,
+    seq: u64,
+}
+
+struct ReplayShard {
+    cache: LruCache<Box<[u8]>, ReplayEntry>,
+    queue: VecDeque<(Instant, Box<[u8]>, u64)>,
+    seq_counter: u64,
+}
+
+impl ReplayShard {
+    fn new(cap: NonZeroUsize) -> Self {
+        Self {
+            cache: LruCache::new(cap),
+            queue: VecDeque::with_capacity(cap.get()),
+            seq_counter: 0,
+        }
+    }
+    
+    fn next_seq(&mut self) -> u64 {
+        self.seq_counter += 1;
+        self.seq_counter
+    }
+
+    fn cleanup(&mut self, now: Instant, window: Duration) {
+        if window.is_zero() {
+            return;
+        }
+        let cutoff = now.checked_sub(window).unwrap_or(now);
+        
+        while let Some((ts, _, _)) = self.queue.front() {
+            if *ts >= cutoff {
+                break;
+            }
+            let (_, key, queue_seq) = self.queue.pop_front().unwrap();
+            
+            // Use key.as_ref() to get &[u8] — avoids Borrow<Q> ambiguity
+            // between Borrow<[u8]> and Borrow<Box<[u8]>>
+            if let Some(entry) = self.cache.peek(key.as_ref()) {
+                if entry.seq == queue_seq {
+                    self.cache.pop(key.as_ref());
+                }
+            }
+        }
+    }
+    
+    fn check(&mut self, key: &[u8], now: Instant, window: Duration) -> bool {
+        self.cleanup(now, window);
+        // key is &[u8], resolves Q=[u8] via Box<[u8]>: Borrow<[u8]>
+        self.cache.get(key).is_some()
+    }
+    
+    fn add(&mut self, key: &[u8], now: Instant, window: Duration) {
+        self.cleanup(now, window);
+        
+        let seq = self.next_seq();
+        let boxed_key: Box<[u8]> = key.into();
+        
+        self.cache.put(boxed_key.clone(), ReplayEntry { seen_at: now, seq });
+        self.queue.push_back((now, boxed_key, seq));
+    }
+    
+    fn len(&self) -> usize {
+        self.cache.len()
+    }
 }
 
 impl ReplayChecker {
-    pub fn new(capacity: usize) -> Self {
-        let cap = NonZeroUsize::new(capacity.max(1)).unwrap();
+    pub fn new(total_capacity: usize, window: Duration) -> Self {
+        let num_shards = 64;
+        let shard_capacity = (total_capacity / num_shards).max(1);
+        let cap = NonZeroUsize::new(shard_capacity).unwrap();
+
+        let mut shards = Vec::with_capacity(num_shards);
+        for _ in 0..num_shards {
+            shards.push(Mutex::new(ReplayShard::new(cap)));
+        }
+
         Self {
-            handshakes: RwLock::new(LruCache::new(cap)),
-            tls_digests: RwLock::new(LruCache::new(cap)),
+            shards,
+            shard_mask: num_shards - 1,
+            window,
+            checks: AtomicU64::new(0),
+            hits: AtomicU64::new(0),
+            additions: AtomicU64::new(0),
+            cleanups: AtomicU64::new(0),
         }
     }
 
-    pub fn check_handshake(&self, data: &[u8]) -> bool {
-        self.handshakes.read().contains(&data.to_vec())
+    fn get_shard_idx(&self, key: &[u8]) -> usize {
+        let mut hasher = DefaultHasher::new();
+        key.hash(&mut hasher);
+        (hasher.finish() as usize) & self.shard_mask
     }
 
-    pub fn add_handshake(&self, data: &[u8]) {
-        self.handshakes.write().put(data.to_vec(), ());
+    fn check_and_add_internal(&self, data: &[u8]) -> bool {
+        self.checks.fetch_add(1, Ordering::Relaxed);
+        let idx = self.get_shard_idx(data);
+        let mut shard = self.shards[idx].lock();
+        let now = Instant::now();
+        let found = shard.check(data, now, self.window);
+        if found {
+            self.hits.fetch_add(1, Ordering::Relaxed);
+        } else {
+            shard.add(data, now, self.window);
+            self.additions.fetch_add(1, Ordering::Relaxed);
+        }
+        found
     }
 
-    pub fn check_tls_digest(&self, data: &[u8]) -> bool {
-        self.tls_digests.read().contains(&data.to_vec())
+    fn add_only(&self, data: &[u8]) {
+        self.additions.fetch_add(1, Ordering::Relaxed);
+        let idx = self.get_shard_idx(data);
+        let mut shard = self.shards[idx].lock();
+        shard.add(data, Instant::now(), self.window);
     }
 
-    pub fn add_tls_digest(&self, data: &[u8]) {
-        self.tls_digests.write().put(data.to_vec(), ());
+    pub fn check_and_add_handshake(&self, data: &[u8]) -> bool {
+        self.check_and_add_internal(data)
+    }
+
+    pub fn check_and_add_tls_digest(&self, data: &[u8]) -> bool {
+        self.check_and_add_internal(data)
+    }
+
+    // Compatibility helpers (non-atomic split operations) — prefer check_and_add_*.
+    pub fn check_handshake(&self, data: &[u8]) -> bool { self.check_and_add_handshake(data) }
+    pub fn add_handshake(&self, data: &[u8]) { self.add_only(data) }
+    pub fn check_tls_digest(&self, data: &[u8]) -> bool { self.check_and_add_tls_digest(data) }
+    pub fn add_tls_digest(&self, data: &[u8]) { self.add_only(data) }
+    
+    pub fn stats(&self) -> ReplayStats {
+        let mut total_entries = 0;
+        let mut total_queue_len = 0;
+        for shard in &self.shards {
+            let s = shard.lock();
+            total_entries += s.cache.len();
+            total_queue_len += s.queue.len();
+        }
+        
+        ReplayStats {
+            total_entries,
+            total_queue_len,
+            total_checks: self.checks.load(Ordering::Relaxed),
+            total_hits: self.hits.load(Ordering::Relaxed),
+            total_additions: self.additions.load(Ordering::Relaxed),
+            total_cleanups: self.cleanups.load(Ordering::Relaxed),
+            num_shards: self.shards.len(),
+            window_secs: self.window.as_secs(),
+        }
+    }
+    
+    pub async fn run_periodic_cleanup(&self) {
+        let interval = if self.window.as_secs() > 60 {
+            Duration::from_secs(30)
+        } else {
+            Duration::from_secs(self.window.as_secs().max(1) / 2)
+        };
+        
+        loop {
+            tokio::time::sleep(interval).await;
+            
+            let now = Instant::now();
+            let mut cleaned = 0usize;
+            
+            for shard_mutex in &self.shards {
+                let mut shard = shard_mutex.lock();
+                let before = shard.len();
+                shard.cleanup(now, self.window);
+                let after = shard.len();
+                cleaned += before.saturating_sub(after);
+            }
+            
+            self.cleanups.fetch_add(1, Ordering::Relaxed);
+            
+            if cleaned > 0 {
+                debug!(cleaned = cleaned, "Replay checker: periodic cleanup");
+            }
+        }
+    }
+}
+
+#[derive(Debug, Clone)]
+pub struct ReplayStats {
+    pub total_entries: usize,
+    pub total_queue_len: usize,
+    pub total_checks: u64,
+    pub total_hits: u64,
+    pub total_additions: u64,
+    pub total_cleanups: u64,
+    pub num_shards: usize,
+    pub window_secs: u64,
+}
+
+impl ReplayStats {
+    pub fn hit_rate(&self) -> f64 {
+        if self.total_checks == 0 { 0.0 }
+        else { (self.total_hits as f64 / self.total_checks as f64) * 100.0 }
+    }
+    
+    pub fn ghost_ratio(&self) -> f64 {
+        if self.total_entries == 0 { 0.0 }
+        else { self.total_queue_len as f64 / self.total_entries as f64 }
     }
 }
 
@@ -182,42 +402,59 @@ mod tests {
     #[test]
     fn test_stats_shared_counters() {
         let stats = Arc::new(Stats::new());
-        
-        // Симулируем использование из разных "задач"
-        let stats1 = Arc::clone(&stats);
-        let stats2 = Arc::clone(&stats);
-        
-        stats1.increment_connects_all();
-        stats2.increment_connects_all();
-        stats1.increment_connects_all();
-        
-        // Все инкременты должны быть видны
+        stats.increment_connects_all();
+        stats.increment_connects_all();
+        stats.increment_connects_all();
         assert_eq!(stats.get_connects_all(), 3);
     }
     
     #[test]
-    fn test_user_stats_shared() {
-        let stats = Arc::new(Stats::new());
-        
-        let stats1 = Arc::clone(&stats);
-        let stats2 = Arc::clone(&stats);
-        
-        stats1.add_user_octets_from("user1", 100);
-        stats2.add_user_octets_from("user1", 200);
-        stats1.add_user_octets_to("user1", 50);
-        
-        assert_eq!(stats.get_user_total_octets("user1"), 350);
+    fn test_replay_checker_basic() {
+        let checker = ReplayChecker::new(100, Duration::from_secs(60));
+        assert!(!checker.check_handshake(b"test1")); // first time, inserts
+        assert!(checker.check_handshake(b"test1"));  // duplicate
+        assert!(!checker.check_handshake(b"test2")); // new key inserts
     }
     
     #[test]
-    fn test_concurrent_user_connects() {
-        let stats = Arc::new(Stats::new());
+    fn test_replay_checker_duplicate_add() {
+        let checker = ReplayChecker::new(100, Duration::from_secs(60));
+        checker.add_handshake(b"dup");
+        checker.add_handshake(b"dup");
+        assert!(checker.check_handshake(b"dup"));
+    }
     
-        stats.increment_user_curr_connects("user1");
-        stats.increment_user_curr_connects("user1");
-        assert_eq!(stats.get_user_curr_connects("user1"), 2);
+    #[test]
+    fn test_replay_checker_expiration() {
+        let checker = ReplayChecker::new(100, Duration::from_millis(50));
+        assert!(!checker.check_handshake(b"expire"));
+        assert!(checker.check_handshake(b"expire"));
+        std::thread::sleep(Duration::from_millis(100));
+        assert!(!checker.check_handshake(b"expire"));
+    }
     
-        stats.decrement_user_curr_connects("user1");
-        assert_eq!(stats.get_user_curr_connects("user1"), 1);
+    #[test]
+    fn test_replay_checker_stats() {
+        let checker = ReplayChecker::new(100, Duration::from_secs(60));
+        assert!(!checker.check_handshake(b"k1"));
+        assert!(!checker.check_handshake(b"k2"));
+        assert!(checker.check_handshake(b"k1"));
+        assert!(!checker.check_handshake(b"k3"));
+        let stats = checker.stats();
+        assert_eq!(stats.total_additions, 3);
+        assert_eq!(stats.total_checks, 4);
+        assert_eq!(stats.total_hits, 1);
+    }
+    
+    #[test]
+    fn test_replay_checker_many_keys() {
+        let checker = ReplayChecker::new(10_000, Duration::from_secs(60));
+        for i in 0..500u32 {
+            checker.add_only(&i.to_le_bytes());
+        }
+        for i in 0..500u32 {
+            assert!(checker.check_handshake(&i.to_le_bytes()));
+        }
+        assert_eq!(checker.stats().total_entries, 500);
     }
 }

src/stream/buffer_pool.rs

@@ -11,8 +11,9 @@ use std::sync::Arc;
 
 // ============= Configuration =============
 
-/// Default buffer size (64KB - good for MTProto)
-pub const DEFAULT_BUFFER_SIZE: usize = 64 * 1024;
+/// Default buffer size
+/// CHANGED: Reduced from 64KB to 16KB to match TLS record size and prevent bufferbloat.
+pub const DEFAULT_BUFFER_SIZE: usize = 16 * 1024;
 
 /// Default maximum number of pooled buffers
 pub const DEFAULT_MAX_BUFFERS: usize = 1024;
@@ -380,9 +381,14 @@ mod tests {
         // Add a buffer to pool
         pool.preallocate(1);
         
-        // Now try_get should succeed
-        assert!(pool.try_get().is_some());
+        // Now try_get should succeed once while the buffer is held
+        let buf = pool.try_get();
+        assert!(buf.is_some());
+        // While buffer is held, pool is empty
         assert!(pool.try_get().is_none());
+        // Drop buffer -> returns to pool, should be obtainable again
+        drop(buf);
+        assert!(pool.try_get().is_some());
     }
     
     #[test]

src/stream/frame.rs

@@ -5,8 +5,10 @@
 
 use bytes::{Bytes, BytesMut};
 use std::io::Result;
+use std::sync::Arc;
 
 use crate::protocol::constants::ProtoTag;
+use crate::crypto::SecureRandom;
 
 // ============= Frame Types =============
 
@@ -147,11 +149,11 @@ pub trait FrameCodec: Send + Sync {
 // ============= Codec Factory =============
 
 /// Create a frame codec for the given protocol tag
-pub fn create_codec(proto_tag: ProtoTag) -> Box<dyn FrameCodec> {
+pub fn create_codec(proto_tag: ProtoTag, rng: Arc<SecureRandom>) -> Box<dyn FrameCodec> {
     match proto_tag {
         ProtoTag::Abridged => Box::new(crate::stream::frame_codec::AbridgedCodec::new()),
         ProtoTag::Intermediate => Box::new(crate::stream::frame_codec::IntermediateCodec::new()),
-        ProtoTag::Secure => Box::new(crate::stream::frame_codec::SecureCodec::new()),
+        ProtoTag::Secure => Box::new(crate::stream::frame_codec::SecureCodec::new(rng)),
     }
 }
 

src/stream/frame_codec.rs

@@ -5,9 +5,13 @@
 
 use bytes::{Bytes, BytesMut, BufMut};
 use std::io::{self, Error, ErrorKind};
+use std::sync::Arc;
 use tokio_util::codec::{Decoder, Encoder};
 
-use crate::protocol::constants::ProtoTag;
+use crate::protocol::constants::{
+    ProtoTag, is_valid_secure_payload_len, secure_padding_len, secure_payload_len_from_wire_len,
+};
+use crate::crypto::SecureRandom;
 use super::frame::{Frame, FrameMeta, FrameCodec as FrameCodecTrait};
 
 // ============= Unified Codec =============
@@ -21,14 +25,17 @@ pub struct FrameCodec {
     proto_tag: ProtoTag,
     /// Maximum allowed frame size
     max_frame_size: usize,
+    /// RNG for secure padding
+    rng: Arc<SecureRandom>,
 }
 
 impl FrameCodec {
     /// Create a new codec for the given protocol
-    pub fn new(proto_tag: ProtoTag) -> Self {
+    pub fn new(proto_tag: ProtoTag, rng: Arc<SecureRandom>) -> Self {
         Self {
             proto_tag,
             max_frame_size: 16 * 1024 * 1024, // 16MB default
+            rng,
         }
     }
     
@@ -64,7 +71,7 @@ impl Encoder<Frame> for FrameCodec {
         match self.proto_tag {
             ProtoTag::Abridged => encode_abridged(&frame, dst),
             ProtoTag::Intermediate => encode_intermediate(&frame, dst),
-            ProtoTag::Secure => encode_secure(&frame, dst),
+            ProtoTag::Secure => encode_secure(&frame, dst, &self.rng),
         }
     }
 }
@@ -269,13 +276,13 @@ fn decode_secure(src: &mut BytesMut, max_size: usize) -> io::Result<Option<Frame
         return Ok(None);
     }
     
-    // Calculate padding (indicated by length not divisible by 4)
-    let padding_len = len % 4;
-    let data_len = if padding_len != 0 {
-        len - padding_len
-    } else {
-        len
-    };
+    let data_len = secure_payload_len_from_wire_len(len).ok_or_else(|| {
+        Error::new(
+            ErrorKind::InvalidData,
+            format!("invalid secure frame length: {len}"),
+        )
+    })?;
+    let padding_len = len - data_len;
     
     meta.padding_len = padding_len as u8;
     
@@ -288,9 +295,7 @@ fn decode_secure(src: &mut BytesMut, max_size: usize) -> io::Result<Option<Frame
     Ok(Some(Frame::with_meta(data, meta)))
 }
 
-fn encode_secure(frame: &Frame, dst: &mut BytesMut) -> io::Result<()> {
-    use crate::crypto::random::SECURE_RANDOM;
-    
+fn encode_secure(frame: &Frame, dst: &mut BytesMut, rng: &SecureRandom) -> io::Result<()> {
     let data = &frame.data;
     
     // Simple ACK: just send data
@@ -300,14 +305,15 @@ fn encode_secure(frame: &Frame, dst: &mut BytesMut) -> io::Result<()> {
         return Ok(());
     }
     
-    // Generate padding to make length not divisible by 4
-    let padding_len = if data.len() % 4 == 0 {
-        // Add 1-3 bytes to make it non-aligned
-        (SECURE_RANDOM.range(3) + 1) as usize
-    } else {
-        // Already non-aligned, can add 0-3
-        SECURE_RANDOM.range(4) as usize
-    };
+    if !is_valid_secure_payload_len(data.len()) {
+        return Err(Error::new(
+            ErrorKind::InvalidData,
+            format!("secure payload must be 4-byte aligned, got {}", data.len()),
+        ));
+    }
+
+    // Generate padding that keeps total length non-divisible by 4.
+    let padding_len = secure_padding_len(data.len(), rng);
     
     let total_len = data.len() + padding_len;
     dst.reserve(4 + total_len);
@@ -321,7 +327,7 @@ fn encode_secure(frame: &Frame, dst: &mut BytesMut) -> io::Result<()> {
     dst.extend_from_slice(data);
     
     if padding_len > 0 {
-        let padding = SECURE_RANDOM.bytes(padding_len);
+        let padding = rng.bytes(padding_len);
         dst.extend_from_slice(&padding);
     }
     
@@ -445,19 +451,21 @@ impl FrameCodecTrait for IntermediateCodec {
 /// Secure Intermediate protocol codec
 pub struct SecureCodec {
     max_frame_size: usize,
+    rng: Arc<SecureRandom>,
 }
 
 impl SecureCodec {
-    pub fn new() -> Self {
+    pub fn new(rng: Arc<SecureRandom>) -> Self {
         Self {
             max_frame_size: 16 * 1024 * 1024,
+            rng,
         }
     }
 }
 
 impl Default for SecureCodec {
     fn default() -> Self {
-        Self::new()
+        Self::new(Arc::new(SecureRandom::new()))
     }
 }
 
@@ -474,7 +482,7 @@ impl Encoder<Frame> for SecureCodec {
     type Error = io::Error;
     
     fn encode(&mut self, frame: Frame, dst: &mut BytesMut) -> Result<(), Self::Error> {
-        encode_secure(&frame, dst)
+        encode_secure(&frame, dst, &self.rng)
     }
 }
 
@@ -485,7 +493,7 @@ impl FrameCodecTrait for SecureCodec {
     
     fn encode(&self, frame: &Frame, dst: &mut BytesMut) -> io::Result<usize> {
         let before = dst.len();
-        encode_secure(frame, dst)?;
+        encode_secure(frame, dst, &self.rng)?;
         Ok(dst.len() - before)
     }
     
@@ -506,6 +514,8 @@ mod tests {
     use tokio_util::codec::{FramedRead, FramedWrite};
     use tokio::io::duplex;
     use futures::{SinkExt, StreamExt};
+    use crate::crypto::SecureRandom;
+    use std::sync::Arc;
     
     #[tokio::test]
     async fn test_framed_abridged() {
@@ -541,8 +551,8 @@ mod tests {
     async fn test_framed_secure() {
         let (client, server) = duplex(4096);
         
-        let mut writer = FramedWrite::new(client, SecureCodec::new());
-        let mut reader = FramedRead::new(server, SecureCodec::new());
+        let mut writer = FramedWrite::new(client, SecureCodec::new(Arc::new(SecureRandom::new())));
+        let mut reader = FramedRead::new(server, SecureCodec::new(Arc::new(SecureRandom::new())));
         
         let original = Bytes::from_static(&[1, 2, 3, 4, 5, 6, 7, 8]);
         let frame = Frame::new(original.clone());
@@ -557,8 +567,8 @@ mod tests {
         for proto_tag in [ProtoTag::Abridged, ProtoTag::Intermediate, ProtoTag::Secure] {
             let (client, server) = duplex(4096);
             
-            let mut writer = FramedWrite::new(client, FrameCodec::new(proto_tag));
-            let mut reader = FramedRead::new(server, FrameCodec::new(proto_tag));
+            let mut writer = FramedWrite::new(client, FrameCodec::new(proto_tag, Arc::new(SecureRandom::new())));
+            let mut reader = FramedRead::new(server, FrameCodec::new(proto_tag, Arc::new(SecureRandom::new())));
             
             // Use 4-byte aligned data for abridged compatibility
             let original = Bytes::from_static(&[1, 2, 3, 4, 5, 6, 7, 8]);
@@ -607,7 +617,7 @@ mod tests {
     
     #[test]
     fn test_frame_too_large() {
-        let mut codec = FrameCodec::new(ProtoTag::Intermediate)
+        let mut codec = FrameCodec::new(ProtoTag::Intermediate, Arc::new(SecureRandom::new()))
             .with_max_frame_size(100);
         
         // Create a "frame" that claims to be very large

src/stream/frame_stream.rs

@@ -4,8 +4,8 @@ use bytes::{Bytes, BytesMut};
 use std::io::{Error, ErrorKind, Result};
 use tokio::io::{AsyncRead, AsyncWrite, AsyncReadExt, AsyncWriteExt};
 use crate::protocol::constants::*;
-use crate::crypto::crc32;
-use crate::crypto::random::SECURE_RANDOM;
+use crate::crypto::{crc32, SecureRandom};
+use std::sync::Arc;
 use super::traits::{FrameMeta, LayeredStream};
 
 // ============= Abridged (Compact) Frame =============
@@ -232,11 +232,13 @@ impl<R: AsyncRead + Unpin> SecureIntermediateFrameReader<R> {
         let mut data = vec![0u8; len];
         self.upstream.read_exact(&mut data).await?;
         
-        // Strip padding (not aligned to 4)
-        if len % 4 != 0 {
-            let actual_len = len - (len % 4);
-            data.truncate(actual_len);
-        }
+        let payload_len = secure_payload_len_from_wire_len(len).ok_or_else(|| {
+            Error::new(
+                ErrorKind::InvalidData,
+                format!("Invalid secure frame length: {len}"),
+            )
+        })?;
+        data.truncate(payload_len);
         
         Ok((Bytes::from(data), meta))
     }
@@ -251,11 +253,12 @@ impl<R> LayeredStream<R> for SecureIntermediateFrameReader<R> {
 /// Writer for secure intermediate MTProto framing
 pub struct SecureIntermediateFrameWriter<W> {
     upstream: W,
+    rng: Arc<SecureRandom>,
 }
 
 impl<W> SecureIntermediateFrameWriter<W> {
-    pub fn new(upstream: W) -> Self {
-        Self { upstream }
+    pub fn new(upstream: W, rng: Arc<SecureRandom>) -> Self {
+        Self { upstream, rng }
     }
 }
 
@@ -266,9 +269,16 @@ impl<W: AsyncWrite + Unpin> SecureIntermediateFrameWriter<W> {
             return Ok(());
         }
         
-        // Add random padding (0-3 bytes)
-        let padding_len = SECURE_RANDOM.range(4);
-        let padding = SECURE_RANDOM.bytes(padding_len);
+        if !is_valid_secure_payload_len(data.len()) {
+            return Err(Error::new(
+                ErrorKind::InvalidData,
+                format!("Secure payload must be 4-byte aligned, got {}", data.len()),
+            ));
+        }
+
+        // Add padding so total length is never divisible by 4 (MTProto Secure)
+        let padding_len = secure_padding_len(data.len(), &self.rng);
+        let padding = self.rng.bytes(padding_len);
         
         let total_len = data.len() + padding_len;
         let len_bytes = (total_len as u32).to_le_bytes();
@@ -454,11 +464,11 @@ pub enum FrameWriterKind<W> {
 }
 
 impl<W: AsyncWrite + Unpin> FrameWriterKind<W> {
-    pub fn new(upstream: W, proto_tag: ProtoTag) -> Self {
+    pub fn new(upstream: W, proto_tag: ProtoTag, rng: Arc<SecureRandom>) -> Self {
         match proto_tag {
             ProtoTag::Abridged => FrameWriterKind::Abridged(AbridgedFrameWriter::new(upstream)),
             ProtoTag::Intermediate => FrameWriterKind::Intermediate(IntermediateFrameWriter::new(upstream)),
-            ProtoTag::Secure => FrameWriterKind::SecureIntermediate(SecureIntermediateFrameWriter::new(upstream)),
+            ProtoTag::Secure => FrameWriterKind::SecureIntermediate(SecureIntermediateFrameWriter::new(upstream, rng)),
         }
     }
     
@@ -483,6 +493,8 @@ impl<W: AsyncWrite + Unpin> FrameWriterKind<W> {
 mod tests {
     use super::*;
     use tokio::io::duplex;
+    use std::sync::Arc;
+    use crate::crypto::SecureRandom;
     
     #[tokio::test]
     async fn test_abridged_roundtrip() {
@@ -539,7 +551,7 @@ mod tests {
     async fn test_secure_intermediate_padding() {
         let (client, server) = duplex(1024);
         
-        let mut writer = SecureIntermediateFrameWriter::new(client);
+        let mut writer = SecureIntermediateFrameWriter::new(client, Arc::new(SecureRandom::new()));
         let mut reader = SecureIntermediateFrameReader::new(server);
         
         let data = vec![1u8, 2, 3, 4, 5, 6, 7, 8];
@@ -547,9 +559,7 @@ mod tests {
         writer.flush().await.unwrap();
         
         let (received, _meta) = reader.read_frame().await.unwrap();
-        // Received should have padding stripped to align to 4
-        let expected_len = (data.len() / 4) * 4;
-        assert_eq!(received.len(), expected_len);
+        assert_eq!(received.len(), data.len());
     }
     
     #[tokio::test]
@@ -572,7 +582,7 @@ mod tests {
     async fn test_frame_reader_kind() {
         let (client, server) = duplex(1024);
         
-        let mut writer = FrameWriterKind::new(client, ProtoTag::Intermediate);
+        let mut writer = FrameWriterKind::new(client, ProtoTag::Intermediate, Arc::new(SecureRandom::new()));
         let mut reader = FrameReaderKind::new(server, ProtoTag::Intermediate);
         
         let data = vec![1u8, 2, 3, 4];

src/stream/tls_stream.rs

@@ -1,44 +1,68 @@
 //! Fake TLS 1.3 stream wrappers
 //!
-//! This module provides stateful async stream wrappers that handle
-//! TLS record framing with proper partial read/write handling.
+//! This module provides stateful async stream wrappers that handle TLS record
+//! framing with proper partial read/write handling.
 //!
-//! These are "fake" TLS streams - they wrap data in valid TLS 1.3
-//! Application Data records but don't perform actual TLS encryption.
-//! The actual encryption is handled by the crypto layer underneath.
+//! These are "fake" TLS streams:
+//! - We wrap raw bytes into syntactically valid TLS 1.3 records (Application Data).
+//! - We DO NOT perform real TLS handshake/encryption.
+//! - Real crypto for MTProto is handled by the crypto layer underneath.
+//!
+//! Why do we need this?
+//! Telegram MTProto proxy "FakeTLS" mode uses a TLS-looking outer layer for
+//! domain fronting / traffic camouflage. iOS Telegram clients are known to
+//! produce slightly different TLS record sizing patterns than Android/Desktop,
+//! including records that exceed 16384 payload bytes by a small overhead.
 //!
 //! Key design principles:
 //! - Explicit state machines for all async operations
 //! - Never lose data on partial reads
 //! - Atomic TLS record formation for writes
 //! - Proper handling of all TLS record types
+//!
+//! Important nuance (Telegram FakeTLS):
+//! - The TLS spec limits "plaintext fragments" to 2^14 (16384) bytes.
+//! - However, the on-the-wire record length can exceed 16384 because TLS 1.3
+//!   uses AEAD and can include tag/overhead/padding.
+//! - Telegram FakeTLS clients (notably iOS) may send Application Data records
+//!   with length up to 16384 + 256 bytes (RFC 8446 §5.2). We accept that as
+//!   MAX_TLS_CHUNK_SIZE.
+//!
+//! If you reject those (e.g. validate length <= 16384), you will see errors like:
+//!   "TLS record too large: 16408 bytes"
+//! and uploads from iOS will break (media/file sending), while small traffic
+//! may still work.
 
-use bytes::{Bytes, BytesMut, BufMut};
+use bytes::{Bytes, BytesMut};
 use std::io::{self, Error, ErrorKind, Result};
 use std::pin::Pin;
 use std::task::{Context, Poll};
 use tokio::io::{AsyncRead, AsyncWrite, AsyncReadExt, AsyncWriteExt, ReadBuf};
 
 use crate::protocol::constants::{
-    TLS_VERSION, TLS_RECORD_APPLICATION, TLS_RECORD_CHANGE_CIPHER,
-    TLS_RECORD_HANDSHAKE, TLS_RECORD_ALERT, MAX_TLS_RECORD_SIZE,
+    TLS_VERSION,
+    TLS_RECORD_APPLICATION, TLS_RECORD_CHANGE_CIPHER,
+    TLS_RECORD_HANDSHAKE, TLS_RECORD_ALERT,
+    MAX_TLS_CHUNK_SIZE,
 };
 use super::state::{StreamState, HeaderBuffer, YieldBuffer, WriteBuffer};
 
 // ============= Constants =============
 
-/// TLS record header size
+/// TLS record header size (type + version + length)
 const TLS_HEADER_SIZE: usize = 5;
 
-/// Maximum TLS record payload size (16KB as per TLS spec)
-const MAX_TLS_PAYLOAD: usize = 16384;
+/// Maximum TLS fragment size we emit for Application Data.
+/// Real TLS 1.3 allows up to 16384 + 256 bytes of ciphertext (incl. tag).
+const MAX_TLS_PAYLOAD: usize = 16384 + 256;
 
-/// Maximum pending write buffer
+/// Maximum pending write buffer for one record remainder.
+/// Note: we never queue unlimited amount of data here; state holds at most one record.
 const MAX_PENDING_WRITE: usize = 64 * 1024;
 
 // ============= TLS Record Types =============
 
-/// Parsed TLS record header
+/// Parsed TLS record header (5 bytes)
 #[derive(Debug, Clone, Copy)]
 struct TlsRecordHeader {
     /// Record type (0x17 = Application Data, 0x14 = Change Cipher, etc.)
@@ -50,22 +74,27 @@ struct TlsRecordHeader {
 }
 
 impl TlsRecordHeader {
-    /// Parse header from 5 bytes
+    /// Parse header from exactly 5 bytes.
+    ///
+    /// This currently never returns None, but is kept as Option to allow future
+    /// stricter parsing rules without changing callers.
     fn parse(header: &[u8; 5]) -> Option<Self> {
         let record_type = header[0];
         let version = [header[1], header[2]];
         let length = u16::from_be_bytes([header[3], header[4]]);
-        
-        Some(Self {
-            record_type,
-            version,
-            length,
-        })
+        Some(Self { record_type, version, length })
     }
 
-    /// Validate the header
+    /// Validate the header.
+    ///
+    /// Nuances:
+    /// - We accept TLS 1.0 header version for ClientHello-like records (0x03 0x01),
+    ///   and TLS 1.2/1.3 style version bytes for the rest (we use TLS_VERSION = 0x03 0x03).
+    /// - For Application Data, Telegram FakeTLS may send payload length up to
+    ///   MAX_TLS_CHUNK_SIZE (16384 + 256).
+    /// - For other record types we keep stricter bounds to avoid memory abuse.
     fn validate(&self) -> Result<()> {
-        // Check version (accept TLS 1.0 for ClientHello, TLS 1.2/1.3 for others)
+        // Version: accept TLS 1.0 header (ClientHello quirk) and TLS_VERSION (0x0303).
         if self.version != [0x03, 0x01] && self.version != TLS_VERSION {
             return Err(Error::new(
                 ErrorKind::InvalidData,
@@ -73,27 +102,36 @@ impl TlsRecordHeader {
             ));
         }
 
-        // Check length
-        if self.length as usize > MAX_TLS_RECORD_SIZE {
+        let len = self.length as usize;
+
+        // Length checks depend on record type.
+        // Telegram FakeTLS: ApplicationData length may be 16384 + 256.
+        match self.record_type {
+            TLS_RECORD_APPLICATION => {
+                if len > MAX_TLS_CHUNK_SIZE {
                     return Err(Error::new(
                         ErrorKind::InvalidData,
-                format!("TLS record too large: {} bytes", self.length),
+                        format!("TLS record too large: {} bytes (max {})", len, MAX_TLS_CHUNK_SIZE),
                     ));
                 }
+            }
+
+            // ChangeCipherSpec/Alert/Handshake should never be that large for our usage
+            // (post-handshake we don't expect Handshake at all).
+            // Keep strict to reduce attack surface.
+            _ => {
+                if len > MAX_TLS_PAYLOAD {
+                    return Err(Error::new(
+                        ErrorKind::InvalidData,
+                        format!("TLS control record too large: {} bytes (max {})", len, MAX_TLS_PAYLOAD),
+                    ));
+                }
+            }
+        }
 
         Ok(())
     }
 
-    /// Check if this is an application data record
-    fn is_application_data(&self) -> bool {
-        self.record_type == TLS_RECORD_APPLICATION
-    }
-    
-    /// Check if this is a change cipher spec record (should be skipped)
-    fn is_change_cipher_spec(&self) -> bool {
-        self.record_type == TLS_RECORD_CHANGE_CIPHER
-    }
-    
     /// Build header bytes
     fn to_bytes(&self) -> [u8; 5] {
         [
@@ -120,25 +158,20 @@ enum TlsReaderState {
         header: HeaderBuffer<TLS_HEADER_SIZE>,
     },
 
-    /// Reading the TLS record body
+    /// Reading the TLS record body (payload)
     ReadingBody {
-        /// Parsed record type
         record_type: u8,
-        /// Total body length
         length: usize,
-        /// Buffer for body data
         buffer: BytesMut,
     },
 
-    /// Have decrypted data ready to yield to caller
+    /// Have buffered data ready to yield to caller
     Yielding {
-        /// Buffer containing data to yield
         buffer: YieldBuffer,
     },
 
     /// Stream encountered an error and cannot be used
     Poisoned {
-        /// The error that caused poisoning
         error: Option<io::Error>,
     },
 }
@@ -165,12 +198,13 @@ impl StreamState for TlsReaderState {
 
 // ============= FakeTlsReader =============
 
-/// Reader that unwraps TLS 1.3 records with proper state machine
+/// Reader that unwraps TLS records (FakeTLS).
 ///
-/// This reader handles partial reads correctly by maintaining internal state
-/// and never losing any data that has been read from upstream.
+/// This wrapper is responsible ONLY for TLS record framing and skipping
+/// non-data records (like CCS). It does not decrypt TLS: payload bytes are passed
+/// as-is to upper layers (crypto stream).
 ///
-/// # State Machine
+/// State machine overview:
 ///
 /// ┌──────────┐                    ┌───────────────┐
 /// │   Idle   │ -----------------> │ ReadingHeader │
@@ -178,103 +212,69 @@ impl StreamState for TlsReaderState {
 ///      ▲                                  │
 ///      │                           header complete
 ///      │                                  │
-///      │                                  │
+///      │                                  ▼
 ///      │                          ┌───────────────┐
 ///      │        skip record       │  ReadingBody  │
 ///      │ <-------- (CCS) -------- │               │
 ///      │                          └───────┬───────┘
 ///      │                                  │
 ///      │                              body complete
-///      │      drained                     │
-///      │ <-----------------┐              │
-///      │                   │      ┌───────────────┐
-///      │                   └----- │   Yielding    │
+///      │                                  ▼
+///      │                          ┌───────────────┐
+///      │                          │   Yielding    │
 ///      │                          └───────────────┘
 ///      │
-///      │    errors /w any state
-///      │
+///      │    errors / w any state
+///      ▼
 /// ┌───────────────────────────────────────────────┐
 /// │                    Poisoned                   │
 /// └───────────────────────────────────────────────┘
 ///
+/// NOTE: We must correctly handle partial reads from upstream:
+/// - do not assume header arrives in one poll
+/// - do not assume body arrives in one poll
+/// - never lose already-read bytes
 pub struct FakeTlsReader<R> {
-    /// Upstream reader
     upstream: R,
-    /// Current state
     state: TlsReaderState,
 }
 
 impl<R> FakeTlsReader<R> {
-    /// Create new fake TLS reader
     pub fn new(upstream: R) -> Self {
-        Self {
-            upstream,
-            state: TlsReaderState::Idle,
-        }
+        Self { upstream, state: TlsReaderState::Idle }
     }
 
-    /// Get reference to upstream
-    pub fn get_ref(&self) -> &R {
-        &self.upstream
-    }
+    pub fn get_ref(&self) -> &R { &self.upstream }
+    pub fn get_mut(&mut self) -> &mut R { &mut self.upstream }
+    pub fn into_inner(self) -> R { self.upstream }
 
-    /// Get mutable reference to upstream
-    pub fn get_mut(&mut self) -> &mut R {
-        &mut self.upstream
-    }
+    pub fn is_poisoned(&self) -> bool { self.state.is_poisoned() }
+    pub fn state_name(&self) -> &'static str { self.state.state_name() }
 
-    /// Consume and return upstream
-    pub fn into_inner(self) -> R {
-        self.upstream
-    }
-    
-    /// Check if stream is in poisoned state
-    pub fn is_poisoned(&self) -> bool {
-        self.state.is_poisoned()
-    }
-    
-    /// Get current state name (for debugging)
-    pub fn state_name(&self) -> &'static str {
-        self.state.state_name()
-    }
-    
-    /// Transition to poisoned state
     fn poison(&mut self, error: io::Error) {
         self.state = TlsReaderState::Poisoned { error: Some(error) };
     }
 
-    /// Take error from poisoned state
     fn take_poison_error(&mut self) -> io::Error {
         match &mut self.state {
-            TlsReaderState::Poisoned { error } => {
-                error.take().unwrap_or_else(|| {
+            TlsReaderState::Poisoned { error } => error.take().unwrap_or_else(|| {
                 io::Error::new(ErrorKind::Other, "stream previously poisoned")
-                })
-            }
+            }),
             _ => io::Error::new(ErrorKind::Other, "stream not poisoned"),
         }
     }
 }
 
-/// Result of polling for header completion
 enum HeaderPollResult {
-    /// Need more data
     Pending,
-    /// EOF at record boundary (clean close)
     Eof,
-    /// Header complete, parsed successfully
     Complete(TlsRecordHeader),
-    /// Error occurred
     Error(io::Error),
 }
 
-/// Result of polling for body completion
 enum BodyPollResult {
-    /// Need more data
     Pending,
-    /// Body complete
     Complete(Bytes),
-    /// Error occurred
     Error(io::Error),
 }
 
@@ -291,7 +291,7 @@ impl<R: AsyncRead + Unpin> AsyncRead for FakeTlsReader<R> {
             let state = std::mem::replace(&mut this.state, TlsReaderState::Idle);
 
             match state {
-                // Poisoned state - return error
+                // Poisoned state: always return the stored error
                 TlsReaderState::Poisoned { error } => {
                     this.state = TlsReaderState::Poisoned { error: None };
                     let err = error.unwrap_or_else(|| {
@@ -300,20 +300,18 @@ impl<R: AsyncRead + Unpin> AsyncRead for FakeTlsReader<R> {
                     return Poll::Ready(Err(err));
                 }
 
-                // Have buffered data to yield
+                // Yield buffered plaintext to caller
                 TlsReaderState::Yielding { mut buffer } => {
                     if buf.remaining() == 0 {
                         this.state = TlsReaderState::Yielding { buffer };
                         return Poll::Ready(Ok(()));
                     }
 
-                    // Copy as much as possible to output
                     let to_copy = buffer.remaining().min(buf.remaining());
                     let dst = buf.initialize_unfilled_to(to_copy);
                     let copied = buffer.copy_to(dst);
                     buf.advance(copied);
 
-                    // If buffer is drained, transition to Idle
                     if buffer.is_empty() {
                         this.state = TlsReaderState::Idle;
                     } else {
@@ -323,23 +321,21 @@ impl<R: AsyncRead + Unpin> AsyncRead for FakeTlsReader<R> {
                     return Poll::Ready(Ok(()));
                 }
 
-                // Ready to read a new TLS record
+                // Start reading new record
                 TlsReaderState::Idle => {
                     if buf.remaining() == 0 {
                         this.state = TlsReaderState::Idle;
                         return Poll::Ready(Ok(()));
                     }
 
-                    // Start reading header
                     this.state = TlsReaderState::ReadingHeader {
                         header: HeaderBuffer::new(),
                     };
-                    // Continue to ReadingHeader
+                    // loop continues and will handle ReadingHeader
                 }
 
-                // Reading TLS record header
+                // Read TLS header (5 bytes)
                 TlsReaderState::ReadingHeader { mut header } => {
-                    // Poll to fill header
                     let result = poll_read_header(&mut this.upstream, cx, &mut header);
 
                     match result {
@@ -348,6 +344,7 @@ impl<R: AsyncRead + Unpin> AsyncRead for FakeTlsReader<R> {
                             return Poll::Pending;
                         }
                         HeaderPollResult::Eof => {
+                            // Clean EOF at record boundary
                             this.state = TlsReaderState::Idle;
                             return Poll::Ready(Ok(()));
                         }
@@ -356,15 +353,12 @@ impl<R: AsyncRead + Unpin> AsyncRead for FakeTlsReader<R> {
                             return Poll::Ready(Err(e));
                         }
                         HeaderPollResult::Complete(parsed) => {
-                            // Validate header
                             if let Err(e) = parsed.validate() {
                                 this.poison(Error::new(e.kind(), e.to_string()));
                                 return Poll::Ready(Err(e));
                             }
 
                             let length = parsed.length as usize;
-                            
-                            // Transition to reading body
                             this.state = TlsReaderState::ReadingBody {
                                 record_type: parsed.record_type,
                                 length,
@@ -374,7 +368,7 @@ impl<R: AsyncRead + Unpin> AsyncRead for FakeTlsReader<R> {
                     }
                 }
 
-                // Reading TLS record body
+                // Read TLS payload
                 TlsReaderState::ReadingBody { record_type, length, mut buffer } => {
                     let result = poll_read_body(&mut this.upstream, cx, &mut buffer, length);
 
@@ -388,15 +382,15 @@ impl<R: AsyncRead + Unpin> AsyncRead for FakeTlsReader<R> {
                             return Poll::Ready(Err(e));
                         }
                         BodyPollResult::Complete(data) => {
-                            // Handle different record types
                             match record_type {
                                 TLS_RECORD_CHANGE_CIPHER => {
-                                    // Skip Change Cipher Spec, read next record
+                                    // CCS is expected in some clients, ignore it.
                                     this.state = TlsReaderState::Idle;
                                     continue;
                                 }
+
                                 TLS_RECORD_APPLICATION => {
-                                    // Application data - yield to caller
+                                    // This is what we actually want.
                                     if data.is_empty() {
                                         this.state = TlsReaderState::Idle;
                                         continue;
@@ -405,25 +399,26 @@ impl<R: AsyncRead + Unpin> AsyncRead for FakeTlsReader<R> {
                                     this.state = TlsReaderState::Yielding {
                                         buffer: YieldBuffer::new(data),
                                     };
-                                    // Continue to yield
+                                    // loop continues and will yield immediately
                                 }
+
                                 TLS_RECORD_ALERT => {
-                                    // TLS Alert - treat as EOF
+                                    // Treat TLS alert as EOF-like termination.
                                     this.state = TlsReaderState::Idle;
                                     return Poll::Ready(Ok(()));
                                 }
+
                                 TLS_RECORD_HANDSHAKE => {
-                                    let err = Error::new(
-                                        ErrorKind::InvalidData,
-                                        "unexpected TLS handshake record"
-                                    );
+                                    // After FakeTLS handshake is done, we do not expect any Handshake records.
+                                    let err = Error::new(ErrorKind::InvalidData, "unexpected TLS handshake record");
                                     this.poison(Error::new(err.kind(), err.to_string()));
                                     return Poll::Ready(Err(err));
                                 }
+
                                 _ => {
                                     let err = Error::new(
                                         ErrorKind::InvalidData,
-                                        format!("unknown TLS record type: 0x{:02x}", record_type)
+                                        format!("unknown TLS record type: 0x{:02x}", record_type),
                                     );
                                     this.poison(Error::new(err.kind(), err.to_string()));
                                     return Poll::Ready(Err(err));
@@ -459,8 +454,10 @@ fn poll_read_header<R: AsyncRead + Unpin>(
                     } else {
                         return HeaderPollResult::Error(Error::new(
                             ErrorKind::UnexpectedEof,
-                            format!("unexpected EOF in TLS header (got {} of 5 bytes)", 
-                                header.as_slice().len())
+                            format!(
+                                "unexpected EOF in TLS header (got {} of 5 bytes)",
+                                header.as_slice().len()
+                            ),
                         ));
                     }
                 }
@@ -469,14 +466,10 @@ fn poll_read_header<R: AsyncRead + Unpin>(
         }
     }
 
-    // Parse header
     let header_bytes = *header.as_array();
     match TlsRecordHeader::parse(&header_bytes) {
         Some(h) => HeaderPollResult::Complete(h),
-        None => HeaderPollResult::Error(Error::new(
-            ErrorKind::InvalidData,
-            "failed to parse TLS header"
-        )),
+        None => HeaderPollResult::Error(Error::new(ErrorKind::InvalidData, "failed to parse TLS header")),
     }
 }
 
@@ -487,10 +480,12 @@ fn poll_read_body<R: AsyncRead + Unpin>(
     buffer: &mut BytesMut,
     target_len: usize,
 ) -> BodyPollResult {
+    // NOTE: This implementation uses a temporary Vec to avoid tricky borrow/lifetime
+    // issues with BytesMut spare capacity and ReadBuf across polls.
+    // It's safe and correct; optimization is possible if needed.
     while buffer.len() < target_len {
         let remaining = target_len - buffer.len();
 
-        // Read into a temporary buffer
         let mut temp = vec![0u8; remaining.min(8192)];
         let mut read_buf = ReadBuf::new(&mut temp);
 
@@ -502,8 +497,11 @@ fn poll_read_body<R: AsyncRead + Unpin>(
                 if n == 0 {
                     return BodyPollResult::Error(Error::new(
                         ErrorKind::UnexpectedEof,
-                        format!("unexpected EOF in TLS body (got {} of {} bytes)",
-                            buffer.len(), target_len)
+                        format!(
+                            "unexpected EOF in TLS body (got {} of {} bytes)",
+                            buffer.len(),
+                            target_len
+                        ),
                     ));
                 }
                 buffer.extend_from_slice(&temp[..n]);
@@ -515,10 +513,9 @@ fn poll_read_body<R: AsyncRead + Unpin>(
 }
 
 impl<R: AsyncRead + Unpin> FakeTlsReader<R> {
-    /// Read exactly n bytes through TLS layer
+    /// Read exactly n bytes through TLS layer.
     ///
-    /// This is a convenience method that accumulates data across
-    /// multiple TLS records until exactly n bytes are available.
+    /// This accumulates data across multiple TLS ApplicationData records.
     pub async fn read_exact(&mut self, n: usize) -> Result<Bytes> {
         if self.is_poisoned() {
             return Err(self.take_poison_error());
@@ -533,7 +530,7 @@ impl<R: AsyncRead + Unpin> FakeTlsReader<R> {
             if read == 0 {
                 return Err(Error::new(
                     ErrorKind::UnexpectedEof,
-                    format!("expected {} bytes, got {}", n, result.len())
+                    format!("expected {} bytes, got {}", n, result.len()),
                 ));
             }
 
@@ -546,23 +543,19 @@ impl<R: AsyncRead + Unpin> FakeTlsReader<R> {
 
 // ============= FakeTlsWriter State =============
 
-/// State machine states for FakeTlsWriter
 #[derive(Debug)]
 enum TlsWriterState {
     /// Ready to accept new data
     Idle,
 
-    /// Writing a complete TLS record
+    /// Writing a complete TLS record (header + body), possibly partially
     WritingRecord {
-        /// Complete record (header + body) to write
         record: WriteBuffer,
-        /// Original payload size (for return value calculation)
         payload_size: usize,
     },
 
     /// Stream encountered an error and cannot be used
     Poisoned {
-        /// The error that caused poisoning
         error: Option<io::Error>,
     },
 }
@@ -587,94 +580,46 @@ impl StreamState for TlsWriterState {
 
 // ============= FakeTlsWriter =============
 
-/// Writer that wraps data in TLS 1.3 records with proper state machine
+/// Writer that wraps bytes into TLS 1.3 Application Data records.
 ///
-/// This writer handles partial writes correctly by:
-/// - Building complete TLS records before writing
-/// - Maintaining internal state for partial record writes
-/// - Never splitting a record mid-write to upstream
-///
-/// # State Machine
-///
-/// ┌──────────┐     write      ┌─────────────────┐
-/// │   Idle   │ -------------> │  WritingRecord  │
-/// │          │ <------------- │                 │
-/// └──────────┘    complete    └─────────────────┘
-///      │                              │
-///      │          < errors >          │ 
-///      │                              │
-/// ┌─────────────────────────────────────────────┐
-/// │                Poisoned                     │
-/// └─────────────────────────────────────────────┘
-///
-/// # Record Formation
-///
-/// Data is chunked into records of at most MAX_TLS_PAYLOAD bytes.
-/// Each record has a 5-byte header prepended.
+/// We chunk outgoing data into records of <= 16384 payload bytes (MAX_TLS_PAYLOAD).
+/// We do not try to mimic AEAD overhead on the wire; Telegram clients accept it.
+/// If you want to be more camouflage-accurate later, you could add optional padding
+/// to produce records sized closer to MAX_TLS_CHUNK_SIZE.
 pub struct FakeTlsWriter<W> {
-    /// Upstream writer
     upstream: W,
-    /// Current state
     state: TlsWriterState,
 }
 
 impl<W> FakeTlsWriter<W> {
-    /// Create new fake TLS writer
     pub fn new(upstream: W) -> Self {
-        Self {
-            upstream,
-            state: TlsWriterState::Idle,
-        }
+        Self { upstream, state: TlsWriterState::Idle }
     }
 
-    /// Get reference to upstream
-    pub fn get_ref(&self) -> &W {
-        &self.upstream
-    }
+    pub fn get_ref(&self) -> &W { &self.upstream }
+    pub fn get_mut(&mut self) -> &mut W { &mut self.upstream }
+    pub fn into_inner(self) -> W { self.upstream }
 
-    /// Get mutable reference to upstream
-    pub fn get_mut(&mut self) -> &mut W {
-        &mut self.upstream
-    }
+    pub fn is_poisoned(&self) -> bool { self.state.is_poisoned() }
+    pub fn state_name(&self) -> &'static str { self.state.state_name() }
 
-    /// Consume and return upstream
-    pub fn into_inner(self) -> W {
-        self.upstream
-    }
-    
-    /// Check if stream is in poisoned state
-    pub fn is_poisoned(&self) -> bool {
-        self.state.is_poisoned()
-    }
-    
-    /// Get current state name (for debugging)
-    pub fn state_name(&self) -> &'static str {
-        self.state.state_name()
-    }
-    
-    /// Check if there's a pending record to write
     pub fn has_pending(&self) -> bool {
         matches!(&self.state, TlsWriterState::WritingRecord { record, .. } if !record.is_empty())
     }
 
-    /// Transition to poisoned state
     fn poison(&mut self, error: io::Error) {
         self.state = TlsWriterState::Poisoned { error: Some(error) };
     }
 
-    /// Take error from poisoned state
     fn take_poison_error(&mut self) -> io::Error {
         match &mut self.state {
-            TlsWriterState::Poisoned { error } => {
-                error.take().unwrap_or_else(|| {
+            TlsWriterState::Poisoned { error } => error.take().unwrap_or_else(|| {
                 io::Error::new(ErrorKind::Other, "stream previously poisoned")
-                })
-            }
+            }),
             _ => io::Error::new(ErrorKind::Other, "stream not poisoned"),
         }
     }
 
-    /// Build a TLS Application Data record
     fn build_record(data: &[u8]) -> BytesMut {
         let header = TlsRecordHeader {
             record_type: TLS_RECORD_APPLICATION,
@@ -689,18 +634,13 @@ impl<W> FakeTlsWriter<W> {
     }
 }
 
-/// Result of flushing pending record
 enum FlushResult {
-    /// All data flushed, returns payload size
     Complete(usize),
-    /// Need to wait for upstream
     Pending,
-    /// Error occurred
     Error(io::Error),
 }
 
 impl<W: AsyncWrite + Unpin> FakeTlsWriter<W> {
-    /// Try to flush pending record to upstream (standalone logic)
     fn poll_flush_record_inner(
         upstream: &mut W,
         cx: &mut Context<'_>,
@@ -710,19 +650,14 @@ impl<W: AsyncWrite + Unpin> FakeTlsWriter<W> {
             let data = record.pending();
             match Pin::new(&mut *upstream).poll_write(cx, data) {
                 Poll::Pending => return FlushResult::Pending,
-                
                 Poll::Ready(Err(e)) => return FlushResult::Error(e),
-                
                 Poll::Ready(Ok(0)) => {
                     return FlushResult::Error(Error::new(
                         ErrorKind::WriteZero,
-                        "upstream returned 0 bytes written"
+                        "upstream returned 0 bytes written",
                     ));
                 }
-                
-                Poll::Ready(Ok(n)) => {
-                    record.advance(n);
-                }
+                Poll::Ready(Ok(n)) => record.advance(n),
             }
         }
 
@@ -738,7 +673,7 @@ impl<W: AsyncWrite + Unpin> AsyncWrite for FakeTlsWriter<W> {
     ) -> Poll<Result<usize>> {
         let this = self.get_mut();
 
-        // Take ownership of state
+        // Take ownership of state to avoid borrow conflicts.
         let state = std::mem::replace(&mut this.state, TlsWriterState::Idle);
 
         match state {
@@ -751,7 +686,7 @@ impl<W: AsyncWrite + Unpin> AsyncWrite for FakeTlsWriter<W> {
             }
 
             TlsWriterState::WritingRecord { mut record, payload_size } => {
-                // Continue flushing existing record
+                // Finish writing previous record before accepting new bytes.
                 match Self::poll_flush_record_inner(&mut this.upstream, cx, &mut record) {
                     FlushResult::Pending => {
                         this.state = TlsWriterState::WritingRecord { record, payload_size };
@@ -763,7 +698,7 @@ impl<W: AsyncWrite + Unpin> AsyncWrite for FakeTlsWriter<W> {
                     }
                     FlushResult::Complete(_) => {
                         this.state = TlsWriterState::Idle;
-                        // Fall through to handle new write
+                        // continue to accept new buf below
                     }
                 }
             }
@@ -782,19 +717,18 @@ impl<W: AsyncWrite + Unpin> AsyncWrite for FakeTlsWriter<W> {
         let chunk_size = buf.len().min(MAX_TLS_PAYLOAD);
         let chunk = &buf[..chunk_size];
 
-        // Build the complete record
+        // Build the complete record (header + payload)
         let record_data = Self::build_record(chunk);
 
-        // Try to write directly first
         match Pin::new(&mut this.upstream).poll_write(cx, &record_data) {
             Poll::Ready(Ok(n)) if n == record_data.len() => {
-                // Complete record written
                 Poll::Ready(Ok(chunk_size))
             }
 
             Poll::Ready(Ok(n)) => {
-                // Partial write - buffer the rest
+                // Partial write of the record: store remainder.
                 let mut write_buffer = WriteBuffer::with_max_size(MAX_PENDING_WRITE);
+                // record_data length is <= 16389, fits MAX_PENDING_WRITE
                 let _ = write_buffer.extend(&record_data[n..]);
 
                 this.state = TlsWriterState::WritingRecord {
@@ -802,7 +736,7 @@ impl<W: AsyncWrite + Unpin> AsyncWrite for FakeTlsWriter<W> {
                     payload_size: chunk_size,
                 };
 
-                // We've accepted chunk_size bytes from caller
+                // We have accepted chunk_size bytes from caller.
                 Poll::Ready(Ok(chunk_size))
             }
 
@@ -812,7 +746,7 @@ impl<W: AsyncWrite + Unpin> AsyncWrite for FakeTlsWriter<W> {
             }
 
             Poll::Pending => {
-                // Buffer the entire record
+                // Buffer entire record and report success for this chunk.
                 let mut write_buffer = WriteBuffer::with_max_size(MAX_PENDING_WRITE);
                 let _ = write_buffer.extend(&record_data);
 
@@ -821,10 +755,6 @@ impl<W: AsyncWrite + Unpin> AsyncWrite for FakeTlsWriter<W> {
                     payload_size: chunk_size,
                 };
 
-                // Wake to try again
-                cx.waker().wake_by_ref();
-                
-                // We've accepted chunk_size bytes from caller
                 Poll::Ready(Ok(chunk_size))
             }
         }
@@ -833,7 +763,6 @@ impl<W: AsyncWrite + Unpin> AsyncWrite for FakeTlsWriter<W> {
     fn poll_flush(self: Pin<&mut Self>, cx: &mut Context<'_>) -> Poll<Result<()>> {
         let this = self.get_mut();
 
-        // Take ownership of state
         let state = std::mem::replace(&mut this.state, TlsWriterState::Idle);
 
         match state {
@@ -866,48 +795,33 @@ impl<W: AsyncWrite + Unpin> AsyncWrite for FakeTlsWriter<W> {
             }
         }
 
-        // Flush upstream
         Pin::new(&mut this.upstream).poll_flush(cx)
     }
 
     fn poll_shutdown(self: Pin<&mut Self>, cx: &mut Context<'_>) -> Poll<Result<()>> {
         let this = self.get_mut();
 
-        // Take ownership of state
         let state = std::mem::replace(&mut this.state, TlsWriterState::Idle);
 
         match state {
-            TlsWriterState::WritingRecord { mut record, payload_size } => {
-                // Try to flush pending (best effort)
-                match Self::poll_flush_record_inner(&mut this.upstream, cx, &mut record) {
-                    FlushResult::Pending => {
-                        // Can't complete flush, continue with shutdown anyway
+            TlsWriterState::WritingRecord { mut record, payload_size: _ } => {
+                // Best-effort flush (do not block shutdown forever).
+                let _ = Self::poll_flush_record_inner(&mut this.upstream, cx, &mut record);
                 this.state = TlsWriterState::Idle;
             }
-                    FlushResult::Error(_) => {
-                        // Ignore errors during shutdown
-                        this.state = TlsWriterState::Idle;
-                    }
-                    FlushResult::Complete(_) => {
-                        this.state = TlsWriterState::Idle;
-                    }
-                }
-            }
             _ => {
                 this.state = TlsWriterState::Idle;
             }
         }
 
-        // Shutdown upstream
         Pin::new(&mut this.upstream).poll_shutdown(cx)
     }
 }
 
 impl<W: AsyncWrite + Unpin> FakeTlsWriter<W> {
-    /// Write all data wrapped in TLS records (async method)
+    /// Write all data wrapped in TLS records.
     ///
-    /// This convenience method handles chunking large data into
-    /// multiple TLS records automatically.
+    /// Convenience method that chunks into <= 16384 records.
     pub async fn write_all_tls(&mut self, data: &[u8]) -> Result<()> {
         let mut written = 0;
         while written < data.len() {
@@ -1002,10 +916,8 @@ mod tests {
         let reader = ChunkedReader::new(&record, 100);
         let mut tls_reader = FakeTlsReader::new(reader);
         
-        let mut buf = vec![0u8; payload.len()];
-        tls_reader.read_exact(&mut buf).await.unwrap();
-        
-        assert_eq!(&buf, payload);
+        let buf = tls_reader.read_exact(payload.len()).await.unwrap();
+        assert_eq!(&buf[..], payload);
     }
     
     #[tokio::test]
@@ -1019,13 +931,11 @@ mod tests {
         let reader = ChunkedReader::new(&data, 100);
         let mut tls_reader = FakeTlsReader::new(reader);
         
-        let mut buf1 = vec![0u8; payload1.len()];
-        tls_reader.read_exact(&mut buf1).await.unwrap();
-        assert_eq!(&buf1, payload1);
+        let buf1 = tls_reader.read_exact(payload1.len()).await.unwrap();
+        assert_eq!(&buf1[..], payload1);
         
-        let mut buf2 = vec![0u8; payload2.len()];
-        tls_reader.read_exact(&mut buf2).await.unwrap();
-        assert_eq!(&buf2, payload2);
+        let buf2 = tls_reader.read_exact(payload2.len()).await.unwrap();
+        assert_eq!(&buf2[..], payload2);
     }
     
     #[tokio::test]
@@ -1037,10 +947,9 @@ mod tests {
         let reader = ChunkedReader::new(&record, 1); // 1 byte at a time!
         let mut tls_reader = FakeTlsReader::new(reader);
         
-        let mut buf = vec![0u8; payload.len()];
-        tls_reader.read_exact(&mut buf).await.unwrap();
+        let buf = tls_reader.read_exact(payload.len()).await.unwrap();
         
-        assert_eq!(&buf, payload);
+        assert_eq!(&buf[..], payload);
     }
     
     #[tokio::test]
@@ -1051,10 +960,9 @@ mod tests {
         let reader = ChunkedReader::new(&record, 7); // Awkward chunk size
         let mut tls_reader = FakeTlsReader::new(reader);
         
-        let mut buf = vec![0u8; payload.len()];
-        tls_reader.read_exact(&mut buf).await.unwrap();
+        let buf = tls_reader.read_exact(payload.len()).await.unwrap();
         
-        assert_eq!(&buf, payload);
+        assert_eq!(&buf[..], payload);
     }
     
     #[tokio::test]
@@ -1067,10 +975,9 @@ mod tests {
         let reader = ChunkedReader::new(&data, 100);
         let mut tls_reader = FakeTlsReader::new(reader);
         
-        let mut buf = vec![0u8; payload.len()];
-        tls_reader.read_exact(&mut buf).await.unwrap();
+        let buf = tls_reader.read_exact(payload.len()).await.unwrap();
         
-        assert_eq!(&buf, payload);
+        assert_eq!(&buf[..], payload);
     }
     
     #[tokio::test]
@@ -1084,10 +991,9 @@ mod tests {
         let reader = ChunkedReader::new(&data, 3); // Small chunks
         let mut tls_reader = FakeTlsReader::new(reader);
         
-        let mut buf = vec![0u8; payload.len()];
-        tls_reader.read_exact(&mut buf).await.unwrap();
+        let buf = tls_reader.read_exact(payload.len()).await.unwrap();
         
-        assert_eq!(&buf, payload);
+        assert_eq!(&buf[..], payload);
     }
     
     #[tokio::test]

src/tls_front/cache.rs

@@ -0,0 +1,163 @@
+use std::collections::HashMap;
+use std::path::{Path, PathBuf};
+use std::sync::Arc;
+use std::time::{SystemTime, Duration};
+
+use tokio::sync::RwLock;
+use tokio::time::sleep;
+use tracing::{debug, warn, info};
+
+use crate::tls_front::types::{CachedTlsData, ParsedServerHello, TlsFetchResult};
+
+/// Lightweight in-memory + optional on-disk cache for TLS fronting data.
+#[derive(Debug)]
+pub struct TlsFrontCache {
+    memory: RwLock<HashMap<String, Arc<CachedTlsData>>>,
+    default: Arc<CachedTlsData>,
+    disk_path: PathBuf,
+}
+
+impl TlsFrontCache {
+    pub fn new(domains: &[String], default_len: usize, disk_path: impl AsRef<Path>) -> Self {
+        let default_template = ParsedServerHello {
+            version: [0x03, 0x03],
+            random: [0u8; 32],
+            session_id: Vec::new(),
+            cipher_suite: [0x13, 0x01],
+            compression: 0,
+            extensions: Vec::new(),
+        };
+
+        let default = Arc::new(CachedTlsData {
+            server_hello_template: default_template,
+            cert_info: None,
+            app_data_records_sizes: vec![default_len],
+            total_app_data_len: default_len,
+            fetched_at: SystemTime::now(),
+            domain: "default".to_string(),
+        });
+
+        let mut map = HashMap::new();
+        for d in domains {
+            map.insert(d.clone(), default.clone());
+        }
+
+        Self {
+            memory: RwLock::new(map),
+            default,
+            disk_path: disk_path.as_ref().to_path_buf(),
+        }
+    }
+
+    pub async fn get(&self, sni: &str) -> Arc<CachedTlsData> {
+        let guard = self.memory.read().await;
+        guard.get(sni).cloned().unwrap_or_else(|| self.default.clone())
+    }
+
+    pub async fn set(&self, domain: &str, data: CachedTlsData) {
+        let mut guard = self.memory.write().await;
+        guard.insert(domain.to_string(), Arc::new(data));
+    }
+
+    pub async fn load_from_disk(&self) {
+        let path = self.disk_path.clone();
+        if tokio::fs::create_dir_all(&path).await.is_err() {
+            return;
+        }
+        let mut loaded = 0usize;
+        if let Ok(mut dir) = tokio::fs::read_dir(&path).await {
+            while let Ok(Some(entry)) = dir.next_entry().await {
+                if let Ok(name) = entry.file_name().into_string() {
+                    if !name.ends_with(".json") {
+                        continue;
+                    }
+                    if let Ok(data) = tokio::fs::read(entry.path()).await {
+                        if let Ok(mut cached) = serde_json::from_slice::<CachedTlsData>(&data) {
+                            if cached.domain.is_empty()
+                                || cached.domain.len() > 255
+                                || !cached.domain.chars().all(|c| c.is_ascii_alphanumeric() || c == '.' || c == '-')
+                            {
+                                warn!(file = %name, "Skipping TLS cache entry with invalid domain");
+                                continue;
+                            }
+                            // fetched_at is skipped during deserialization; approximate with file mtime if available.
+                            if let Ok(meta) = entry.metadata().await {
+                                if let Ok(modified) = meta.modified() {
+                                    cached.fetched_at = modified;
+                                }
+                            }
+                            // Drop entries older than 72h
+                            if let Ok(age) = cached.fetched_at.elapsed() {
+                                if age > Duration::from_secs(72 * 3600) {
+                                    warn!(domain = %cached.domain, "Skipping stale TLS cache entry (>72h)");
+                                    continue;
+                                }
+                            }
+                            let domain = cached.domain.clone();
+                            self.set(&domain, cached).await;
+                            loaded += 1;
+                        }
+                    }
+                }
+            }
+        }
+        if loaded > 0 {
+            info!(count = loaded, "Loaded TLS cache entries from disk");
+        }
+    }
+
+    async fn persist(&self, domain: &str, data: &CachedTlsData) {
+        if tokio::fs::create_dir_all(&self.disk_path).await.is_err() {
+            return;
+        }
+        let fname = format!("{}.json", domain.replace(['/', '\\'], "_"));
+        let path = self.disk_path.join(fname);
+        if let Ok(json) = serde_json::to_vec_pretty(data) {
+            // best-effort write
+            let _ = tokio::fs::write(path, json).await;
+        }
+    }
+
+    /// Spawn background updater that periodically refreshes cached domains using provided fetcher.
+    pub fn spawn_updater<F>(
+        self: Arc<Self>,
+        domains: Vec<String>,
+        interval: Duration,
+        fetcher: F,
+    ) where
+        F: Fn(String) -> tokio::task::JoinHandle<()> + Send + Sync + 'static,
+    {
+        tokio::spawn(async move {
+            loop {
+                for domain in &domains {
+                    fetcher(domain.clone()).await;
+                }
+                sleep(interval).await;
+            }
+        });
+    }
+
+    /// Replace cached entry from a fetch result.
+    pub async fn update_from_fetch(&self, domain: &str, fetched: TlsFetchResult) {
+        let data = CachedTlsData {
+            server_hello_template: fetched.server_hello_parsed,
+            cert_info: fetched.cert_info,
+            app_data_records_sizes: fetched.app_data_records_sizes.clone(),
+            total_app_data_len: fetched.total_app_data_len,
+            fetched_at: SystemTime::now(),
+            domain: domain.to_string(),
+        };
+
+        self.set(domain, data.clone()).await;
+        self.persist(domain, &data).await;
+        debug!(domain = %domain, len = fetched.total_app_data_len, "TLS cache updated");
+    }
+
+    pub fn default_entry(&self) -> Arc<CachedTlsData> {
+        self.default.clone()
+    }
+
+    pub fn disk_path(&self) -> &Path {
+        &self.disk_path
+    }
+}

src/tls_front/emulator.rs

@@ -0,0 +1,160 @@
+use crate::crypto::{sha256_hmac, SecureRandom};
+use crate::protocol::constants::{
+    TLS_RECORD_APPLICATION, TLS_RECORD_CHANGE_CIPHER, TLS_RECORD_HANDSHAKE, TLS_VERSION,
+};
+use crate::protocol::tls::{TLS_DIGEST_LEN, TLS_DIGEST_POS, gen_fake_x25519_key};
+use crate::tls_front::types::CachedTlsData;
+
+const MIN_APP_DATA: usize = 64;
+const MAX_APP_DATA: usize = 16640; // RFC 8446 §5.2 allows up to 2^14 + 256
+
+fn jitter_and_clamp_sizes(sizes: &[usize], rng: &SecureRandom) -> Vec<usize> {
+    sizes
+        .iter()
+        .map(|&size| {
+            let base = size.max(MIN_APP_DATA).min(MAX_APP_DATA);
+            let jitter_range = ((base as f64) * 0.03).round() as i64;
+            if jitter_range == 0 {
+                return base;
+            }
+            let mut rand_bytes = [0u8; 2];
+            rand_bytes.copy_from_slice(&rng.bytes(2));
+            let span = 2 * jitter_range + 1;
+            let delta = (u16::from_le_bytes(rand_bytes) as i64 % span) - jitter_range;
+            let adjusted = (base as i64 + delta).clamp(MIN_APP_DATA as i64, MAX_APP_DATA as i64);
+            adjusted as usize
+        })
+        .collect()
+}
+
+/// Build a ServerHello + CCS + ApplicationData sequence using cached TLS metadata.
+pub fn build_emulated_server_hello(
+    secret: &[u8],
+    client_digest: &[u8; TLS_DIGEST_LEN],
+    session_id: &[u8],
+    cached: &CachedTlsData,
+    rng: &SecureRandom,
+    alpn: Option<Vec<u8>>,
+    new_session_tickets: u8,
+) -> Vec<u8> {
+    // --- ServerHello ---
+    let mut extensions = Vec::new();
+    // KeyShare (x25519)
+    let key = gen_fake_x25519_key(rng);
+    extensions.extend_from_slice(&0x0033u16.to_be_bytes()); // key_share
+    extensions.extend_from_slice(&(2 + 2 + 32u16).to_be_bytes()); // len
+    extensions.extend_from_slice(&0x001du16.to_be_bytes()); // X25519
+    extensions.extend_from_slice(&(32u16).to_be_bytes());
+    extensions.extend_from_slice(&key);
+    // supported_versions (TLS1.3)
+    extensions.extend_from_slice(&0x002bu16.to_be_bytes());
+    extensions.extend_from_slice(&(2u16).to_be_bytes());
+    extensions.extend_from_slice(&0x0304u16.to_be_bytes());
+    if let Some(alpn_proto) = &alpn {
+        extensions.extend_from_slice(&0x0010u16.to_be_bytes());
+        let list_len: u16 = 1 + alpn_proto.len() as u16;
+        let ext_len: u16 = 2 + list_len;
+        extensions.extend_from_slice(&ext_len.to_be_bytes());
+        extensions.extend_from_slice(&list_len.to_be_bytes());
+        extensions.push(alpn_proto.len() as u8);
+        extensions.extend_from_slice(alpn_proto);
+    }
+
+    let extensions_len = extensions.len() as u16;
+
+    let body_len = 2 + // version
+        32 + // random
+        1 + session_id.len() + // session id
+        2 + // cipher
+        1 + // compression
+        2 + extensions.len(); // extensions
+
+    let mut message = Vec::with_capacity(4 + body_len);
+    message.push(0x02); // ServerHello
+    let len_bytes = (body_len as u32).to_be_bytes();
+    message.extend_from_slice(&len_bytes[1..4]);
+    message.extend_from_slice(&cached.server_hello_template.version); // 0x0303
+    message.extend_from_slice(&[0u8; 32]); // random placeholder
+    message.push(session_id.len() as u8);
+    message.extend_from_slice(session_id);
+    let cipher = if cached.server_hello_template.cipher_suite == [0, 0] {
+        [0x13, 0x01]
+    } else {
+        cached.server_hello_template.cipher_suite
+    };
+    message.extend_from_slice(&cipher);
+    message.push(cached.server_hello_template.compression);
+    message.extend_from_slice(&extensions_len.to_be_bytes());
+    message.extend_from_slice(&extensions);
+
+    let mut server_hello = Vec::with_capacity(5 + message.len());
+    server_hello.push(TLS_RECORD_HANDSHAKE);
+    server_hello.extend_from_slice(&TLS_VERSION);
+    server_hello.extend_from_slice(&(message.len() as u16).to_be_bytes());
+    server_hello.extend_from_slice(&message);
+
+    // --- ChangeCipherSpec ---
+    let change_cipher_spec = [
+        TLS_RECORD_CHANGE_CIPHER,
+        TLS_VERSION[0],
+        TLS_VERSION[1],
+        0x00,
+        0x01,
+        0x01,
+    ];
+
+    // --- ApplicationData (fake encrypted records) ---
+    // Use the same number and sizes of ApplicationData records as the cached server.
+    let mut sizes = cached.app_data_records_sizes.clone();
+    if sizes.is_empty() {
+        sizes.push(cached.total_app_data_len.max(1024));
+    }
+    let sizes = jitter_and_clamp_sizes(&sizes, rng);
+
+    let mut app_data = Vec::new();
+    for size in sizes {
+        let mut rec = Vec::with_capacity(5 + size);
+        rec.push(TLS_RECORD_APPLICATION);
+        rec.extend_from_slice(&TLS_VERSION);
+        rec.extend_from_slice(&(size as u16).to_be_bytes());
+        if size > 17 {
+            let body_len = size - 17;
+            rec.extend_from_slice(&rng.bytes(body_len));
+            rec.push(0x16); // inner content type marker (handshake)
+            rec.extend_from_slice(&rng.bytes(16)); // AEAD-like tag
+        } else {
+            rec.extend_from_slice(&rng.bytes(size));
+        }
+        app_data.extend_from_slice(&rec);
+    }
+
+    // --- Combine ---
+    // Optional NewSessionTicket mimic records (opaque ApplicationData for fingerprint).
+    let mut tickets = Vec::new();
+    if new_session_tickets > 0 {
+        for _ in 0..new_session_tickets {
+            let ticket_len: usize = rng.range(48) + 48;
+            let mut rec = Vec::with_capacity(5 + ticket_len);
+            rec.push(TLS_RECORD_APPLICATION);
+            rec.extend_from_slice(&TLS_VERSION);
+            rec.extend_from_slice(&(ticket_len as u16).to_be_bytes());
+            rec.extend_from_slice(&rng.bytes(ticket_len));
+            tickets.extend_from_slice(&rec);
+        }
+    }
+
+    let mut response = Vec::with_capacity(server_hello.len() + change_cipher_spec.len() + app_data.len() + tickets.len());
+    response.extend_from_slice(&server_hello);
+    response.extend_from_slice(&change_cipher_spec);
+    response.extend_from_slice(&app_data);
+    response.extend_from_slice(&tickets);
+
+    // --- HMAC ---
+    let mut hmac_input = Vec::with_capacity(TLS_DIGEST_LEN + response.len());
+    hmac_input.extend_from_slice(client_digest);
+    hmac_input.extend_from_slice(&response);
+    let digest = sha256_hmac(secret, &hmac_input);
+    response[TLS_DIGEST_POS..TLS_DIGEST_POS + TLS_DIGEST_LEN].copy_from_slice(&digest);
+
+    response
+}

src/tls_front/fetcher.rs

@@ -0,0 +1,465 @@
+use std::sync::Arc;
+use std::time::Duration;
+
+use anyhow::{Context, Result, anyhow};
+use tokio::io::{AsyncReadExt, AsyncWriteExt};
+use tokio::net::TcpStream;
+use tokio::time::timeout;
+use tokio_rustls::client::TlsStream;
+use tokio_rustls::TlsConnector;
+use tracing::{debug, warn};
+
+use rustls::client::danger::{HandshakeSignatureValid, ServerCertVerified, ServerCertVerifier};
+use rustls::client::ClientConfig;
+use rustls::pki_types::{CertificateDer, ServerName, UnixTime};
+use rustls::{DigitallySignedStruct, Error as RustlsError};
+
+use x509_parser::prelude::FromDer;
+use x509_parser::certificate::X509Certificate;
+
+use crate::crypto::SecureRandom;
+use crate::protocol::constants::{TLS_RECORD_APPLICATION, TLS_RECORD_HANDSHAKE};
+use crate::tls_front::types::{ParsedServerHello, TlsExtension, TlsFetchResult, ParsedCertificateInfo};
+
+/// No-op verifier: accept any certificate (we only need lengths and metadata).
+#[derive(Debug)]
+struct NoVerify;
+
+impl ServerCertVerifier for NoVerify {
+    fn verify_server_cert(
+        &self,
+        _end_entity: &CertificateDer<'_>,
+        _intermediates: &[CertificateDer<'_>],
+        _server_name: &ServerName<'_>,
+        _ocsp: &[u8],
+        _now: UnixTime,
+    ) -> Result<ServerCertVerified, RustlsError> {
+        Ok(ServerCertVerified::assertion())
+    }
+
+    fn verify_tls12_signature(
+        &self,
+        _message: &[u8],
+        _cert: &CertificateDer<'_>,
+        _dss: &DigitallySignedStruct,
+    ) -> Result<HandshakeSignatureValid, RustlsError> {
+        Ok(HandshakeSignatureValid::assertion())
+    }
+
+    fn verify_tls13_signature(
+        &self,
+        _message: &[u8],
+        _cert: &CertificateDer<'_>,
+        _dss: &DigitallySignedStruct,
+    ) -> Result<HandshakeSignatureValid, RustlsError> {
+        Ok(HandshakeSignatureValid::assertion())
+    }
+
+    fn supported_verify_schemes(&self) -> Vec<rustls::SignatureScheme> {
+        use rustls::SignatureScheme::*;
+        vec![
+            RSA_PKCS1_SHA256,
+            RSA_PSS_SHA256,
+            ECDSA_NISTP256_SHA256,
+            ECDSA_NISTP384_SHA384,
+        ]
+    }
+}
+
+fn build_client_config() -> Arc<ClientConfig> {
+    let root = rustls::RootCertStore::empty();
+
+    let provider = rustls::crypto::ring::default_provider();
+    let mut config = ClientConfig::builder_with_provider(Arc::new(provider))
+        .with_protocol_versions(&[&rustls::version::TLS13, &rustls::version::TLS12])
+        .expect("protocol versions")
+        .with_root_certificates(root)
+        .with_no_client_auth();
+
+    config
+        .dangerous()
+        .set_certificate_verifier(Arc::new(NoVerify));
+
+    Arc::new(config)
+}
+
+fn build_client_hello(sni: &str, rng: &SecureRandom) -> Vec<u8> {
+    // === ClientHello body ===
+    let mut body = Vec::new();
+
+    // Legacy version (TLS 1.0) as in real ClientHello headers
+    body.extend_from_slice(&[0x03, 0x03]);
+
+    // Random
+    body.extend_from_slice(&rng.bytes(32));
+
+    // Session ID: empty
+    body.push(0);
+
+    // Cipher suites (common minimal set, TLS1.3 + a few 1.2 fallbacks)
+    let cipher_suites: [u8; 10] = [
+        0x13, 0x01, // TLS_AES_128_GCM_SHA256
+        0x13, 0x02, // TLS_AES_256_GCM_SHA384
+        0x13, 0x03, // TLS_CHACHA20_POLY1305_SHA256
+        0x00, 0x2f, // TLS_RSA_WITH_AES_128_CBC_SHA (legacy)
+        0x00, 0xff, // RENEGOTIATION_INFO_SCSV
+    ];
+    body.extend_from_slice(&(cipher_suites.len() as u16).to_be_bytes());
+    body.extend_from_slice(&cipher_suites);
+
+    // Compression methods: null only
+    body.push(1);
+    body.push(0);
+
+    // === Extensions ===
+    let mut exts = Vec::new();
+
+    // server_name (SNI)
+    let sni_bytes = sni.as_bytes();
+    let mut sni_ext = Vec::with_capacity(5 + sni_bytes.len());
+    sni_ext.extend_from_slice(&(sni_bytes.len() as u16 + 3).to_be_bytes());
+    sni_ext.push(0); // host_name
+    sni_ext.extend_from_slice(&(sni_bytes.len() as u16).to_be_bytes());
+    sni_ext.extend_from_slice(sni_bytes);
+    exts.extend_from_slice(&0x0000u16.to_be_bytes());
+    exts.extend_from_slice(&(sni_ext.len() as u16).to_be_bytes());
+    exts.extend_from_slice(&sni_ext);
+
+    // supported_groups
+    let groups: [u16; 2] = [0x001d, 0x0017]; // x25519, secp256r1
+    exts.extend_from_slice(&0x000au16.to_be_bytes());
+    exts.extend_from_slice(&((2 + groups.len() * 2) as u16).to_be_bytes());
+    exts.extend_from_slice(&(groups.len() as u16 * 2).to_be_bytes());
+    for g in groups { exts.extend_from_slice(&g.to_be_bytes()); }
+
+    // signature_algorithms
+    let sig_algs: [u16; 4] = [0x0804, 0x0805, 0x0403, 0x0503]; // rsa_pss_rsae_sha256/384, ecdsa_secp256r1_sha256, rsa_pkcs1_sha256
+    exts.extend_from_slice(&0x000du16.to_be_bytes());
+    exts.extend_from_slice(&((2 + sig_algs.len() * 2) as u16).to_be_bytes());
+    exts.extend_from_slice(&(sig_algs.len() as u16 * 2).to_be_bytes());
+    for a in sig_algs { exts.extend_from_slice(&a.to_be_bytes()); }
+
+    // supported_versions (TLS1.3 + TLS1.2)
+    let versions: [u16; 2] = [0x0304, 0x0303];
+    exts.extend_from_slice(&0x002bu16.to_be_bytes());
+    exts.extend_from_slice(&((1 + versions.len() * 2) as u16).to_be_bytes());
+    exts.push((versions.len() * 2) as u8);
+    for v in versions { exts.extend_from_slice(&v.to_be_bytes()); }
+
+    // key_share (x25519)
+    let key = gen_key_share(rng);
+    let mut keyshare = Vec::with_capacity(4 + key.len());
+    keyshare.extend_from_slice(&0x001du16.to_be_bytes()); // group
+    keyshare.extend_from_slice(&(key.len() as u16).to_be_bytes());
+    keyshare.extend_from_slice(&key);
+    exts.extend_from_slice(&0x0033u16.to_be_bytes());
+    exts.extend_from_slice(&((2 + keyshare.len()) as u16).to_be_bytes());
+    exts.extend_from_slice(&(keyshare.len() as u16).to_be_bytes());
+    exts.extend_from_slice(&keyshare);
+
+    // ALPN (http/1.1)
+    let alpn_proto = b"http/1.1";
+    exts.extend_from_slice(&0x0010u16.to_be_bytes());
+    exts.extend_from_slice(&((2 + 1 + alpn_proto.len()) as u16).to_be_bytes());
+    exts.extend_from_slice(&((1 + alpn_proto.len()) as u16).to_be_bytes());
+    exts.push(alpn_proto.len() as u8);
+    exts.extend_from_slice(alpn_proto);
+
+    // padding to reduce recognizability and keep length ~500 bytes
+    const TARGET_EXT_LEN: usize = 180;
+    if exts.len() < TARGET_EXT_LEN {
+        let remaining = TARGET_EXT_LEN - exts.len();
+        if remaining > 4 {
+            let pad_len = remaining - 4; // minus type+len
+            exts.extend_from_slice(&0x0015u16.to_be_bytes()); // padding extension
+            exts.extend_from_slice(&(pad_len as u16).to_be_bytes());
+            exts.resize(exts.len() + pad_len, 0);
+        }
+    }
+
+    // Extensions length prefix
+    body.extend_from_slice(&(exts.len() as u16).to_be_bytes());
+    body.extend_from_slice(&exts);
+
+    // === Handshake wrapper ===
+    let mut handshake = Vec::new();
+    handshake.push(0x01); // ClientHello
+    let len_bytes = (body.len() as u32).to_be_bytes();
+    handshake.extend_from_slice(&len_bytes[1..4]);
+    handshake.extend_from_slice(&body);
+
+    // === Record ===
+    let mut record = Vec::new();
+    record.push(TLS_RECORD_HANDSHAKE);
+    record.extend_from_slice(&[0x03, 0x01]); // legacy record version
+    record.extend_from_slice(&(handshake.len() as u16).to_be_bytes());
+    record.extend_from_slice(&handshake);
+
+    record
+}
+
+fn gen_key_share(rng: &SecureRandom) -> [u8; 32] {
+    let mut key = [0u8; 32];
+    key.copy_from_slice(&rng.bytes(32));
+    key
+}
+
+async fn read_tls_record(stream: &mut TcpStream) -> Result<(u8, Vec<u8>)> {
+    let mut header = [0u8; 5];
+    stream.read_exact(&mut header).await?;
+    let len = u16::from_be_bytes([header[3], header[4]]) as usize;
+    let mut body = vec![0u8; len];
+    stream.read_exact(&mut body).await?;
+    Ok((header[0], body))
+}
+
+fn parse_server_hello(body: &[u8]) -> Option<ParsedServerHello> {
+    if body.len() < 4 || body[0] != 0x02 {
+        return None;
+    }
+
+    let msg_len = u32::from_be_bytes([0, body[1], body[2], body[3]]) as usize;
+    if msg_len + 4 > body.len() {
+        return None;
+    }
+
+    let mut pos = 4;
+    let version = [*body.get(pos)?, *body.get(pos + 1)?];
+    pos += 2;
+
+    let mut random = [0u8; 32];
+    random.copy_from_slice(body.get(pos..pos + 32)?);
+    pos += 32;
+
+    let session_len = *body.get(pos)? as usize;
+    pos += 1;
+    let session_id = body.get(pos..pos + session_len)?.to_vec();
+    pos += session_len;
+
+    let cipher_suite = [*body.get(pos)?, *body.get(pos + 1)?];
+    pos += 2;
+
+    let compression = *body.get(pos)?;
+    pos += 1;
+
+    let ext_len = u16::from_be_bytes([*body.get(pos)?, *body.get(pos + 1)?]) as usize;
+    pos += 2;
+    let ext_end = pos.checked_add(ext_len)?;
+    if ext_end > body.len() {
+        return None;
+    }
+
+    let mut extensions = Vec::new();
+    while pos + 4 <= ext_end {
+        let etype = u16::from_be_bytes([body[pos], body[pos + 1]]);
+        let elen = u16::from_be_bytes([body[pos + 2], body[pos + 3]]) as usize;
+        pos += 4;
+        let data = body.get(pos..pos + elen)?.to_vec();
+        pos += elen;
+        extensions.push(TlsExtension { ext_type: etype, data });
+    }
+
+    Some(ParsedServerHello {
+        version,
+        random,
+        session_id,
+        cipher_suite,
+        compression,
+        extensions,
+    })
+}
+
+fn parse_cert_info(certs: &[CertificateDer<'static>]) -> Option<ParsedCertificateInfo> {
+    let first = certs.first()?;
+    let (_rem, cert) = X509Certificate::from_der(first.as_ref()).ok()?;
+
+    let not_before = Some(cert.validity().not_before.to_datetime().unix_timestamp());
+    let not_after = Some(cert.validity().not_after.to_datetime().unix_timestamp());
+
+    let issuer_cn = cert
+        .issuer()
+        .iter_common_name()
+        .next()
+        .and_then(|cn| cn.as_str().ok())
+        .map(|s| s.to_string());
+
+    let subject_cn = cert
+        .subject()
+        .iter_common_name()
+        .next()
+        .and_then(|cn| cn.as_str().ok())
+        .map(|s| s.to_string());
+
+    let san_names = cert
+        .subject_alternative_name()
+        .ok()
+        .flatten()
+        .map(|san| {
+            san.value
+                .general_names
+                .iter()
+                .filter_map(|gn| match gn {
+                    x509_parser::extensions::GeneralName::DNSName(n) => Some(n.to_string()),
+                    _ => None,
+                })
+                .collect::<Vec<_>>()
+        })
+        .unwrap_or_default();
+
+    Some(ParsedCertificateInfo {
+        not_after_unix: not_after,
+        not_before_unix: not_before,
+        issuer_cn,
+        subject_cn,
+        san_names,
+    })
+}
+
+async fn fetch_via_raw_tls(
+    host: &str,
+    port: u16,
+    sni: &str,
+    connect_timeout: Duration,
+) -> Result<TlsFetchResult> {
+    let addr = format!("{host}:{port}");
+    let mut stream = timeout(connect_timeout, TcpStream::connect(addr)).await??;
+
+    let rng = SecureRandom::new();
+    let client_hello = build_client_hello(sni, &rng);
+    timeout(connect_timeout, async {
+        stream.write_all(&client_hello).await?;
+        stream.flush().await?;
+        Ok::<(), std::io::Error>(())
+    })
+    .await??;
+
+    let mut records = Vec::new();
+    // Read up to 4 records: ServerHello, CCS, and up to two ApplicationData.
+    for _ in 0..4 {
+        match timeout(connect_timeout, read_tls_record(&mut stream)).await {
+            Ok(Ok(rec)) => records.push(rec),
+            Ok(Err(e)) => return Err(e.into()),
+            Err(_) => break,
+        }
+        if records.len() >= 3 && records.iter().any(|(t, _)| *t == TLS_RECORD_APPLICATION) {
+            break;
+        }
+    }
+
+    let mut app_sizes = Vec::new();
+    let mut server_hello = None;
+    for (t, body) in &records {
+        if *t == TLS_RECORD_HANDSHAKE && server_hello.is_none() {
+            server_hello = parse_server_hello(body);
+        } else if *t == TLS_RECORD_APPLICATION {
+            app_sizes.push(body.len());
+        }
+    }
+
+    let parsed = server_hello.ok_or_else(|| anyhow!("ServerHello not received"))?;
+    let total_app_data_len = app_sizes.iter().sum::<usize>().max(1024);
+
+    Ok(TlsFetchResult {
+        server_hello_parsed: parsed,
+        app_data_records_sizes: if app_sizes.is_empty() {
+            vec![total_app_data_len]
+        } else {
+            app_sizes
+        },
+        total_app_data_len,
+        cert_info: None,
+    })
+}
+
+/// Fetch real TLS metadata for the given SNI: negotiated cipher and cert lengths.
+pub async fn fetch_real_tls(
+    host: &str,
+    port: u16,
+    sni: &str,
+    connect_timeout: Duration,
+    upstream: Option<std::sync::Arc<crate::transport::UpstreamManager>>,
+) -> Result<TlsFetchResult> {
+    // Preferred path: raw TLS probe for accurate record sizing
+    match fetch_via_raw_tls(host, port, sni, connect_timeout).await {
+        Ok(res) => return Ok(res),
+        Err(e) => {
+            warn!(sni = %sni, error = %e, "Raw TLS fetch failed, falling back to rustls");
+        }
+    }
+
+    // Fallback: rustls handshake to at least get certificate sizes
+    let stream = if let Some(manager) = upstream {
+        // Resolve host to SocketAddr
+        if let Ok(mut addrs) = tokio::net::lookup_host((host, port)).await {
+            if let Some(addr) = addrs.find(|a| a.is_ipv4()) {
+                match manager.connect(addr, None, None).await {
+                    Ok(s) => s,
+                    Err(e) => {
+                        warn!(sni = %sni, error = %e, "Upstream connect failed, using direct connect");
+                        timeout(connect_timeout, TcpStream::connect((host, port))).await??
+                    }
+                }
+            } else {
+                timeout(connect_timeout, TcpStream::connect((host, port))).await??
+            }
+        } else {
+            timeout(connect_timeout, TcpStream::connect((host, port))).await??
+        }
+    } else {
+        timeout(connect_timeout, TcpStream::connect((host, port))).await??
+    };
+
+    let config = build_client_config();
+    let connector = TlsConnector::from(config);
+
+    let server_name = ServerName::try_from(sni.to_owned())
+        .or_else(|_| ServerName::try_from(host.to_owned()))
+        .map_err(|_| RustlsError::General("invalid SNI".into()))?;
+
+    let tls_stream: TlsStream<TcpStream> = connector.connect(server_name, stream).await?;
+
+    // Extract negotiated parameters and certificates
+    let (_io, session) = tls_stream.get_ref();
+    let cipher_suite = session
+        .negotiated_cipher_suite()
+        .map(|s| u16::from(s.suite()).to_be_bytes())
+        .unwrap_or([0x13, 0x01]);
+
+    let certs: Vec<CertificateDer<'static>> = session
+        .peer_certificates()
+        .map(|slice| slice.to_vec())
+        .unwrap_or_default();
+
+    let total_cert_len: usize = certs.iter().map(|c| c.len()).sum::<usize>().max(1024);
+    let cert_info = parse_cert_info(&certs);
+
+    // Heuristic: split across two records if large to mimic real servers a bit.
+    let app_data_records_sizes = if total_cert_len > 3000 {
+        vec![total_cert_len / 2, total_cert_len - total_cert_len / 2]
+    } else {
+        vec![total_cert_len]
+    };
+
+    let parsed = ParsedServerHello {
+        version: [0x03, 0x03],
+        random: [0u8; 32],
+        session_id: Vec::new(),
+        cipher_suite,
+        compression: 0,
+        extensions: Vec::new(),
+    };
+
+    debug!(
+        sni = %sni,
+        len = total_cert_len,
+        cipher = format!("0x{:04x}", u16::from_be_bytes(cipher_suite)),
+        "Fetched TLS metadata via rustls"
+    );
+
+    Ok(TlsFetchResult {
+        server_hello_parsed: parsed,
+        app_data_records_sizes: app_data_records_sizes.clone(),
+        total_app_data_len: app_data_records_sizes.iter().sum(),
+        cert_info,
+    })
+}

src/tls_front/mod.rs

@@ -0,0 +1,7 @@
+pub mod types;
+pub mod cache;
+pub mod fetcher;
+pub mod emulator;
+
+pub use cache::TlsFrontCache;
+pub use types::{CachedTlsData, TlsFetchResult};

src/tls_front/types.rs

@@ -0,0 +1,55 @@
+use std::time::SystemTime;
+use serde::{Serialize, Deserialize};
+
+/// Parsed representation of an unencrypted TLS ServerHello.
+#[derive(Debug, Clone, Serialize, Deserialize)]
+pub struct ParsedServerHello {
+    pub version: [u8; 2],
+    pub random: [u8; 32],
+    pub session_id: Vec<u8>,
+    pub cipher_suite: [u8; 2],
+    pub compression: u8,
+    pub extensions: Vec<TlsExtension>,
+}
+
+/// Generic TLS extension container.
+#[derive(Debug, Clone, Serialize, Deserialize)]
+pub struct TlsExtension {
+    pub ext_type: u16,
+    pub data: Vec<u8>,
+}
+
+/// Basic certificate metadata (optional, informative).
+#[derive(Debug, Clone, Serialize, Deserialize)]
+pub struct ParsedCertificateInfo {
+    pub not_after_unix: Option<i64>,
+    pub not_before_unix: Option<i64>,
+    pub issuer_cn: Option<String>,
+    pub subject_cn: Option<String>,
+    pub san_names: Vec<String>,
+}
+
+/// Cached data per SNI used by the emulator.
+#[derive(Debug, Clone, Serialize, Deserialize)]
+pub struct CachedTlsData {
+    pub server_hello_template: ParsedServerHello,
+    pub cert_info: Option<ParsedCertificateInfo>,
+    pub app_data_records_sizes: Vec<usize>,
+    pub total_app_data_len: usize,
+    #[serde(default = "now_system_time", skip_serializing, skip_deserializing)]
+    pub fetched_at: SystemTime,
+    pub domain: String,
+}
+
+fn now_system_time() -> SystemTime {
+    SystemTime::now()
+}
+
+/// Result of attempting to fetch real TLS artifacts.
+#[derive(Debug, Clone, Serialize, Deserialize)]
+pub struct TlsFetchResult {
+    pub server_hello_parsed: ParsedServerHello,
+    pub app_data_records_sizes: Vec<usize>,
+    pub total_app_data_len: usize,
+    pub cert_info: Option<ParsedCertificateInfo>,
+}

src/transport/middle_proxy/codec.rs

@@ -0,0 +1,250 @@
+use tokio::io::{AsyncReadExt, AsyncWriteExt};
+
+use crate::crypto::{AesCbc, crc32, crc32c};
+use crate::error::{ProxyError, Result};
+use crate::protocol::constants::*;
+
+/// Commands sent to dedicated writer tasks to avoid mutex contention on TCP writes.
+pub(crate) enum WriterCommand {
+    Data(Vec<u8>),
+    DataAndFlush(Vec<u8>),
+    Close,
+}
+
+#[derive(Debug, Clone, Copy, PartialEq, Eq)]
+pub(crate) enum RpcChecksumMode {
+    Crc32,
+    Crc32c,
+}
+
+impl RpcChecksumMode {
+    pub(crate) fn from_handshake_flags(flags: u32) -> Self {
+        if (flags & rpc_crypto_flags::USE_CRC32C) != 0 {
+            Self::Crc32c
+        } else {
+            Self::Crc32
+        }
+    }
+
+    pub(crate) fn advertised_flags(self) -> u32 {
+        match self {
+            Self::Crc32 => 0,
+            Self::Crc32c => rpc_crypto_flags::USE_CRC32C,
+        }
+    }
+}
+
+pub(crate) fn rpc_crc(mode: RpcChecksumMode, data: &[u8]) -> u32 {
+    match mode {
+        RpcChecksumMode::Crc32 => crc32(data),
+        RpcChecksumMode::Crc32c => crc32c(data),
+    }
+}
+
+pub(crate) fn build_rpc_frame(seq_no: i32, payload: &[u8], crc_mode: RpcChecksumMode) -> Vec<u8> {
+    let total_len = (4 + 4 + payload.len() + 4) as u32;
+    let mut frame = Vec::with_capacity(total_len as usize);
+    frame.extend_from_slice(&total_len.to_le_bytes());
+    frame.extend_from_slice(&seq_no.to_le_bytes());
+    frame.extend_from_slice(payload);
+    let c = rpc_crc(crc_mode, &frame);
+    frame.extend_from_slice(&c.to_le_bytes());
+    frame
+}
+
+pub(crate) async fn read_rpc_frame_plaintext(
+    rd: &mut (impl AsyncReadExt + Unpin),
+) -> Result<(i32, Vec<u8>)> {
+    let mut len_buf = [0u8; 4];
+    rd.read_exact(&mut len_buf).await.map_err(ProxyError::Io)?;
+    let total_len = u32::from_le_bytes(len_buf) as usize;
+
+    if !(12..=(1 << 24)).contains(&total_len) {
+        return Err(ProxyError::InvalidHandshake(format!(
+            "Bad RPC frame length: {total_len}"
+        )));
+    }
+
+    let mut rest = vec![0u8; total_len - 4];
+    rd.read_exact(&mut rest).await.map_err(ProxyError::Io)?;
+
+    let mut full = Vec::with_capacity(total_len);
+    full.extend_from_slice(&len_buf);
+    full.extend_from_slice(&rest);
+
+    let crc_offset = total_len - 4;
+    let expected_crc = u32::from_le_bytes(full[crc_offset..crc_offset + 4].try_into().unwrap());
+    let actual_crc = rpc_crc(RpcChecksumMode::Crc32, &full[..crc_offset]);
+    if expected_crc != actual_crc {
+        return Err(ProxyError::InvalidHandshake(format!(
+            "CRC mismatch: 0x{expected_crc:08x} vs 0x{actual_crc:08x}"
+        )));
+    }
+
+    let seq_no = i32::from_le_bytes(full[4..8].try_into().unwrap());
+    let payload = full[8..crc_offset].to_vec();
+    Ok((seq_no, payload))
+}
+
+pub(crate) fn build_nonce_payload(key_selector: u32, crypto_ts: u32, nonce: &[u8; 16]) -> [u8; 32] {
+    let mut p = [0u8; 32];
+    p[0..4].copy_from_slice(&RPC_NONCE_U32.to_le_bytes());
+    p[4..8].copy_from_slice(&key_selector.to_le_bytes());
+    p[8..12].copy_from_slice(&RPC_CRYPTO_AES_U32.to_le_bytes());
+    p[12..16].copy_from_slice(&crypto_ts.to_le_bytes());
+    p[16..32].copy_from_slice(nonce);
+    p
+}
+
+pub(crate) fn parse_nonce_payload(d: &[u8]) -> Result<(u32, u32, u32, [u8; 16])> {
+    if d.len() < 32 {
+        return Err(ProxyError::InvalidHandshake(format!(
+            "Nonce payload too short: {} bytes",
+            d.len()
+        )));
+    }
+
+    let t = u32::from_le_bytes(d[0..4].try_into().unwrap());
+    if t != RPC_NONCE_U32 {
+        return Err(ProxyError::InvalidHandshake(format!(
+            "Expected RPC_NONCE 0x{RPC_NONCE_U32:08x}, got 0x{t:08x}"
+        )));
+    }
+
+    let key_select = u32::from_le_bytes(d[4..8].try_into().unwrap());
+    let schema = u32::from_le_bytes(d[8..12].try_into().unwrap());
+    let ts = u32::from_le_bytes(d[12..16].try_into().unwrap());
+    let mut nonce = [0u8; 16];
+    nonce.copy_from_slice(&d[16..32]);
+    Ok((key_select, schema, ts, nonce))
+}
+
+pub(crate) fn build_handshake_payload(
+    our_ip: [u8; 4],
+    our_port: u16,
+    peer_ip: [u8; 4],
+    peer_port: u16,
+    flags: u32,
+) -> [u8; 32] {
+    let mut p = [0u8; 32];
+    p[0..4].copy_from_slice(&RPC_HANDSHAKE_U32.to_le_bytes());
+    p[4..8].copy_from_slice(&flags.to_le_bytes());
+
+    // process_id sender_pid
+    p[8..12].copy_from_slice(&our_ip);
+    p[12..14].copy_from_slice(&our_port.to_le_bytes());
+    p[14..16].copy_from_slice(&process_pid16().to_le_bytes());
+    p[16..20].copy_from_slice(&process_utime().to_le_bytes());
+
+    // process_id peer_pid
+    p[20..24].copy_from_slice(&peer_ip);
+    p[24..26].copy_from_slice(&peer_port.to_le_bytes());
+    p[26..28].copy_from_slice(&0u16.to_le_bytes());
+    p[28..32].copy_from_slice(&0u32.to_le_bytes());
+    p
+}
+
+pub(crate) fn parse_handshake_flags(payload: &[u8]) -> Result<u32> {
+    if payload.len() != 32 {
+        return Err(ProxyError::InvalidHandshake(format!(
+            "Bad handshake payload len: {}",
+            payload.len()
+        )));
+    }
+    let hs_type = u32::from_le_bytes(payload[0..4].try_into().unwrap());
+    if hs_type != RPC_HANDSHAKE_U32 {
+        return Err(ProxyError::InvalidHandshake(format!(
+            "Expected HANDSHAKE 0x{RPC_HANDSHAKE_U32:08x}, got 0x{hs_type:08x}"
+        )));
+    }
+    Ok(u32::from_le_bytes(payload[4..8].try_into().unwrap()))
+}
+
+fn process_pid16() -> u16 {
+    (std::process::id() & 0xffff) as u16
+}
+
+fn process_utime() -> u32 {
+    let utime = std::time::SystemTime::now()
+        .duration_since(std::time::UNIX_EPOCH)
+        .unwrap_or_default()
+        .as_secs() as u32;
+    utime
+}
+
+pub(crate) fn cbc_encrypt_padded(
+    key: &[u8; 32],
+    iv: &[u8; 16],
+    plaintext: &[u8],
+) -> Result<(Vec<u8>, [u8; 16])> {
+    let pad = (16 - (plaintext.len() % 16)) % 16;
+    let mut buf = plaintext.to_vec();
+    let pad_pattern: [u8; 4] = [0x04, 0x00, 0x00, 0x00];
+    for i in 0..pad {
+        buf.push(pad_pattern[i % 4]);
+    }
+
+    let cipher = AesCbc::new(*key, *iv);
+    cipher
+        .encrypt_in_place(&mut buf)
+        .map_err(|e| ProxyError::Crypto(format!("CBC encrypt: {e}")))?;
+
+    let mut new_iv = [0u8; 16];
+    if buf.len() >= 16 {
+        new_iv.copy_from_slice(&buf[buf.len() - 16..]);
+    }
+    Ok((buf, new_iv))
+}
+
+pub(crate) fn cbc_decrypt_inplace(
+    key: &[u8; 32],
+    iv: &[u8; 16],
+    data: &mut [u8],
+) -> Result<[u8; 16]> {
+    let mut new_iv = [0u8; 16];
+    if data.len() >= 16 {
+        new_iv.copy_from_slice(&data[data.len() - 16..]);
+    }
+
+    AesCbc::new(*key, *iv)
+        .decrypt_in_place(data)
+        .map_err(|e| ProxyError::Crypto(format!("CBC decrypt: {e}")))?;
+    Ok(new_iv)
+}
+
+pub(crate) struct RpcWriter {
+    pub(crate) writer: tokio::io::WriteHalf<tokio::net::TcpStream>,
+    pub(crate) key: [u8; 32],
+    pub(crate) iv: [u8; 16],
+    pub(crate) seq_no: i32,
+    pub(crate) crc_mode: RpcChecksumMode,
+}
+
+impl RpcWriter {
+    pub(crate) async fn send(&mut self, payload: &[u8]) -> Result<()> {
+        let frame = build_rpc_frame(self.seq_no, payload, self.crc_mode);
+        self.seq_no = self.seq_no.wrapping_add(1);
+
+        let pad = (16 - (frame.len() % 16)) % 16;
+        let mut buf = frame;
+        let pad_pattern: [u8; 4] = [0x04, 0x00, 0x00, 0x00];
+        for i in 0..pad {
+            buf.push(pad_pattern[i % 4]);
+        }
+
+        let cipher = AesCbc::new(self.key, self.iv);
+        cipher
+            .encrypt_in_place(&mut buf)
+            .map_err(|e| ProxyError::Crypto(format!("{e}")))?;
+
+        if buf.len() >= 16 {
+            self.iv.copy_from_slice(&buf[buf.len() - 16..]);
+        }
+        self.writer.write_all(&buf).await.map_err(ProxyError::Io)
+    }
+
+    pub(crate) async fn send_and_flush(&mut self, payload: &[u8]) -> Result<()> {
+        self.send(payload).await?;
+        self.writer.flush().await.map_err(ProxyError::Io)
+    }
+}

src/transport/middle_proxy/config_updater.rs

@@ -0,0 +1,208 @@
+use std::collections::HashMap;
+use std::net::IpAddr;
+use std::sync::Arc;
+use std::time::Duration;
+
+use httpdate;
+use tracing::{debug, info, warn};
+
+use crate::error::Result;
+
+use super::MePool;
+use super::secret::download_proxy_secret;
+use crate::crypto::SecureRandom;
+use std::time::SystemTime;
+
+async fn retry_fetch(url: &str) -> Option<ProxyConfigData> {
+    let delays = [1u64, 5, 15];
+    for (i, d) in delays.iter().enumerate() {
+        match fetch_proxy_config(url).await {
+            Ok(cfg) => return Some(cfg),
+            Err(e) => {
+                if i == delays.len() - 1 {
+                    warn!(error = %e, url, "fetch_proxy_config failed");
+                } else {
+                    debug!(error = %e, url, "fetch_proxy_config retrying");
+                    tokio::time::sleep(Duration::from_secs(*d)).await;
+                }
+            }
+        }
+    }
+    None
+}
+
+#[derive(Debug, Clone, Default)]
+pub struct ProxyConfigData {
+    pub map: HashMap<i32, Vec<(IpAddr, u16)>>,
+    pub default_dc: Option<i32>,
+}
+
+fn parse_host_port(s: &str) -> Option<(IpAddr, u16)> {
+    if let Some(bracket_end) = s.rfind(']') {
+        if s.starts_with('[') && bracket_end + 1 < s.len() && s.as_bytes().get(bracket_end + 1) == Some(&b':') {
+            let host = &s[1..bracket_end];
+            let port_str = &s[bracket_end + 2..];
+            let ip = host.parse::<IpAddr>().ok()?;
+            let port = port_str.parse::<u16>().ok()?;
+            return Some((ip, port));
+        }
+    }
+
+    let idx = s.rfind(':')?;
+    let host = &s[..idx];
+    let port_str = &s[idx + 1..];
+    let ip = host.parse::<IpAddr>().ok()?;
+    let port = port_str.parse::<u16>().ok()?;
+    Some((ip, port))
+}
+
+fn parse_proxy_line(line: &str) -> Option<(i32, IpAddr, u16)> {
+    // Accepts lines like:
+    // proxy_for 4 91.108.4.195:8888;
+    // proxy_for 2 [2001:67c:04e8:f002::d]:80;
+    // proxy_for 2 2001:67c:04e8:f002::d:80;
+    let trimmed = line.trim();
+    if !trimmed.starts_with("proxy_for") {
+        return None;
+    }
+    // Capture everything between dc and trailing ';'
+    let without_prefix = trimmed.trim_start_matches("proxy_for").trim();
+    let mut parts = without_prefix.split_whitespace();
+    let dc_str = parts.next()?;
+    let rest = parts.next()?;
+    let host_port = rest.trim_end_matches(';');
+    let dc = dc_str.parse::<i32>().ok()?;
+    let (ip, port) = parse_host_port(host_port)?;
+    Some((dc, ip, port))
+}
+
+pub async fn fetch_proxy_config(url: &str) -> Result<ProxyConfigData> {
+    let resp = reqwest::get(url)
+        .await
+        .map_err(|e| crate::error::ProxyError::Proxy(format!("fetch_proxy_config GET failed: {e}")))?
+        ;
+
+    if let Some(date) = resp.headers().get(reqwest::header::DATE) {
+        if let Ok(date_str) = date.to_str() {
+            if let Ok(server_time) = httpdate::parse_http_date(date_str) {
+                if let Ok(skew) = SystemTime::now().duration_since(server_time).or_else(|e| {
+                    server_time.duration_since(SystemTime::now()).map_err(|_| e)
+                }) {
+                    let skew_secs = skew.as_secs();
+                    if skew_secs > 60 {
+                        warn!(skew_secs, "Time skew >60s detected from fetch_proxy_config Date header");
+                    } else if skew_secs > 30 {
+                        warn!(skew_secs, "Time skew >30s detected from fetch_proxy_config Date header");
+                    }
+                }
+            }
+        }
+    }
+
+    let text = resp
+        .text()
+        .await
+        .map_err(|e| crate::error::ProxyError::Proxy(format!("fetch_proxy_config read failed: {e}")))?;
+
+    let mut map: HashMap<i32, Vec<(IpAddr, u16)>> = HashMap::new();
+    for line in text.lines() {
+        if let Some((dc, ip, port)) = parse_proxy_line(line) {
+            map.entry(dc).or_default().push((ip, port));
+        }
+    }
+
+    let default_dc = text
+        .lines()
+        .find_map(|l| {
+            let t = l.trim();
+            if let Some(rest) = t.strip_prefix("default") {
+                return rest
+                    .trim()
+                    .trim_end_matches(';')
+                    .parse::<i32>()
+                    .ok();
+            }
+            None
+        });
+
+    Ok(ProxyConfigData { map, default_dc })
+}
+
+pub async fn me_config_updater(pool: Arc<MePool>, rng: Arc<SecureRandom>, interval: Duration) {
+    let mut tick = tokio::time::interval(interval);
+    // skip immediate tick to avoid double-fetch right after startup
+    tick.tick().await;
+    loop {
+        tick.tick().await;
+
+        // Update proxy config v4
+        let cfg_v4 = retry_fetch("https://core.telegram.org/getProxyConfig").await;
+        if let Some(cfg) = cfg_v4 {
+            let changed = pool.update_proxy_maps(cfg.map.clone(), None).await;
+            if let Some(dc) = cfg.default_dc {
+                pool.default_dc.store(dc, std::sync::atomic::Ordering::Relaxed);
+            }
+            if changed {
+                info!("ME config updated (v4), reconciling connections");
+                pool.reconcile_connections(&rng).await;
+            } else {
+                debug!("ME config v4 unchanged");
+            }
+        }
+
+        // Update proxy config v6 (optional)
+        let cfg_v6 = retry_fetch("https://core.telegram.org/getProxyConfigV6").await;
+        if let Some(cfg_v6) = cfg_v6 {
+            let changed = pool.update_proxy_maps(HashMap::new(), Some(cfg_v6.map)).await;
+            if changed {
+                info!("ME config updated (v6), reconciling connections");
+                pool.reconcile_connections(&rng).await;
+            } else {
+                debug!("ME config v6 unchanged");
+            }
+        }
+        pool.reset_stun_state();
+
+        // Update proxy-secret
+        match download_proxy_secret().await {
+            Ok(secret) => {
+                if pool.update_secret(secret).await {
+                    info!("proxy-secret updated and pool reconnect scheduled");
+                }
+            }
+            Err(e) => warn!(error = %e, "proxy-secret update failed"),
+        }
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    #[test]
+    fn parse_ipv6_bracketed() {
+        let line = "proxy_for 2 [2001:67c:04e8:f002::d]:80;";
+        let res = parse_proxy_line(line).unwrap();
+        assert_eq!(res.0, 2);
+        assert_eq!(res.1, "2001:67c:04e8:f002::d".parse::<IpAddr>().unwrap());
+        assert_eq!(res.2, 80);
+    }
+
+    #[test]
+    fn parse_ipv6_plain() {
+        let line = "proxy_for 2 2001:67c:04e8:f002::d:80;";
+        let res = parse_proxy_line(line).unwrap();
+        assert_eq!(res.0, 2);
+        assert_eq!(res.1, "2001:67c:04e8:f002::d".parse::<IpAddr>().unwrap());
+        assert_eq!(res.2, 80);
+    }
+
+    #[test]
+    fn parse_ipv4() {
+        let line = "proxy_for 4 91.108.4.195:8888;";
+        let res = parse_proxy_line(line).unwrap();
+        assert_eq!(res.0, 4);
+        assert_eq!(res.1, "91.108.4.195".parse::<IpAddr>().unwrap());
+        assert_eq!(res.2, 8888);
+    }
+}

src/transport/middle_proxy/handshake.rs

@@ -0,0 +1,466 @@
+use std::net::{IpAddr, SocketAddr};
+use std::time::{Duration, Instant};
+use socket2::{SockRef, TcpKeepalive};
+#[cfg(target_os = "linux")]
+use libc;
+#[cfg(target_os = "linux")]
+use std::os::fd::{AsRawFd, RawFd};
+#[cfg(target_os = "linux")]
+use std::os::raw::c_int;
+
+use bytes::BytesMut;
+use tokio::io::{AsyncReadExt, AsyncWriteExt, ReadHalf, WriteHalf};
+use tokio::net::{TcpStream, TcpSocket};
+use tokio::time::timeout;
+use tracing::{debug, info, warn};
+
+use crate::crypto::{SecureRandom, build_middleproxy_prekey, derive_middleproxy_keys, sha256};
+use crate::error::{ProxyError, Result};
+use crate::network::IpFamily;
+use crate::protocol::constants::{
+    ME_CONNECT_TIMEOUT_SECS, ME_HANDSHAKE_TIMEOUT_SECS, RPC_CRYPTO_AES_U32,
+    RPC_HANDSHAKE_ERROR_U32, rpc_crypto_flags,
+};
+
+use super::codec::{
+    RpcChecksumMode, build_handshake_payload, build_nonce_payload, build_rpc_frame,
+    cbc_decrypt_inplace, cbc_encrypt_padded, parse_handshake_flags, parse_nonce_payload,
+    read_rpc_frame_plaintext, rpc_crc,
+};
+use super::wire::{extract_ip_material, IpMaterial};
+use super::MePool;
+
+/// Result of a successful ME handshake with timings.
+pub(crate) struct HandshakeOutput {
+    pub rd: ReadHalf<TcpStream>,
+    pub wr: WriteHalf<TcpStream>,
+    pub read_key: [u8; 32],
+    pub read_iv: [u8; 16],
+    pub write_key: [u8; 32],
+    pub write_iv: [u8; 16],
+    pub crc_mode: RpcChecksumMode,
+    pub handshake_ms: f64,
+}
+
+impl MePool {
+    /// TCP connect with timeout + return RTT in milliseconds.
+    pub(crate) async fn connect_tcp(&self, addr: SocketAddr) -> Result<(TcpStream, f64)> {
+        let start = Instant::now();
+        let connect_fut = async {
+            if addr.is_ipv6() {
+                if let Some(v6) = self.detected_ipv6 {
+                    match TcpSocket::new_v6() {
+                        Ok(sock) => {
+                            if let Err(e) = sock.bind(SocketAddr::new(IpAddr::V6(v6), 0)) {
+                                debug!(error = %e, bind_ip = %v6, "ME IPv6 bind failed, falling back to default bind");
+                            } else {
+                                match sock.connect(addr).await {
+                                    Ok(stream) => return Ok(stream),
+                                    Err(e) => debug!(error = %e, target = %addr, "ME IPv6 bound connect failed, retrying default connect"),
+                                }
+                            }
+                        }
+                        Err(e) => debug!(error = %e, "ME IPv6 socket creation failed, falling back to default connect"),
+                    }
+                }
+            }
+            TcpStream::connect(addr).await
+        };
+
+        let stream = timeout(Duration::from_secs(ME_CONNECT_TIMEOUT_SECS), connect_fut)
+            .await
+            .map_err(|_| ProxyError::ConnectionTimeout { addr: addr.to_string() })??;
+        let connect_ms = start.elapsed().as_secs_f64() * 1000.0;
+        stream.set_nodelay(true).ok();
+        if let Err(e) = Self::configure_keepalive(&stream) {
+            warn!(error = %e, "ME keepalive setup failed");
+        }
+        #[cfg(target_os = "linux")]
+        if let Err(e) = Self::configure_user_timeout(stream.as_raw_fd()) {
+            warn!(error = %e, "ME TCP_USER_TIMEOUT setup failed");
+        }
+        Ok((stream, connect_ms))
+    }
+
+    fn configure_keepalive(stream: &TcpStream) -> std::io::Result<()> {
+        let sock = SockRef::from(stream);
+        let ka = TcpKeepalive::new()
+            .with_time(Duration::from_secs(30))
+            .with_interval(Duration::from_secs(10))
+            .with_retries(3);
+        sock.set_tcp_keepalive(&ka)?;
+        sock.set_keepalive(true)?;
+        Ok(())
+    }
+
+    #[cfg(target_os = "linux")]
+    fn configure_user_timeout(fd: RawFd) -> std::io::Result<()> {
+        let timeout_ms: c_int = 30_000;
+        let rc = unsafe {
+            libc::setsockopt(
+                fd,
+                libc::IPPROTO_TCP,
+                libc::TCP_USER_TIMEOUT,
+                &timeout_ms as *const _ as *const libc::c_void,
+                std::mem::size_of_val(&timeout_ms) as libc::socklen_t,
+            )
+        };
+        if rc != 0 {
+            return Err(std::io::Error::last_os_error());
+        }
+        Ok(())
+    }
+
+    /// Perform full ME RPC handshake on an established TCP stream.
+    /// Returns cipher keys/ivs and split halves; does not register writer.
+    pub(crate) async fn handshake_only(
+        &self,
+        stream: TcpStream,
+        addr: SocketAddr,
+        rng: &SecureRandom,
+    ) -> Result<HandshakeOutput> {
+        let hs_start = Instant::now();
+
+        let local_addr = stream.local_addr().map_err(ProxyError::Io)?;
+        let peer_addr = stream.peer_addr().map_err(ProxyError::Io)?;
+
+        let _ = self.maybe_detect_nat_ip(local_addr.ip()).await;
+        let family = if local_addr.ip().is_ipv4() {
+            IpFamily::V4
+        } else {
+            IpFamily::V6
+        };
+        let reflected = if self.nat_probe {
+            self.maybe_reflect_public_addr(family).await
+        } else {
+            None
+        };
+
+        let local_addr_nat = self.translate_our_addr_with_reflection(local_addr, reflected);
+        let peer_addr_nat = SocketAddr::new(self.translate_ip_for_nat(peer_addr.ip()), peer_addr.port());
+        let (mut rd, mut wr) = tokio::io::split(stream);
+
+        let my_nonce: [u8; 16] = rng.bytes(16).try_into().unwrap();
+        let crypto_ts = std::time::SystemTime::now()
+            .duration_since(std::time::UNIX_EPOCH)
+            .unwrap_or_default()
+            .as_secs() as u32;
+
+        let ks = self.key_selector().await;
+        let nonce_payload = build_nonce_payload(ks, crypto_ts, &my_nonce);
+        let nonce_frame = build_rpc_frame(-2, &nonce_payload, RpcChecksumMode::Crc32);
+        let dump = hex_dump(&nonce_frame[..nonce_frame.len().min(44)]);
+        debug!(
+            key_selector = format_args!("0x{ks:08x}"),
+            crypto_ts,
+            frame_len = nonce_frame.len(),
+            nonce_frame_hex = %dump,
+            "Sending ME nonce frame"
+        );
+        wr.write_all(&nonce_frame).await.map_err(ProxyError::Io)?;
+        wr.flush().await.map_err(ProxyError::Io)?;
+
+        let (srv_seq, srv_nonce_payload) = timeout(
+            Duration::from_secs(ME_HANDSHAKE_TIMEOUT_SECS),
+            read_rpc_frame_plaintext(&mut rd),
+        )
+        .await
+        .map_err(|_| ProxyError::TgHandshakeTimeout)??;
+
+        if srv_seq != -2 {
+            return Err(ProxyError::InvalidHandshake(format!("Expected seq=-2, got {srv_seq}")));
+        }
+
+        let (srv_key_select, schema, srv_ts, srv_nonce) = parse_nonce_payload(&srv_nonce_payload)?;
+        if schema != RPC_CRYPTO_AES_U32 {
+            warn!(schema = format_args!("0x{schema:08x}"), "Unsupported ME crypto schema");
+            return Err(ProxyError::InvalidHandshake(format!(
+                "Unsupported crypto schema: 0x{schema:x}"
+            )));
+        }
+
+        if srv_key_select != ks {
+            return Err(ProxyError::InvalidHandshake(format!(
+                "Server key_select 0x{srv_key_select:08x} != client 0x{ks:08x}"
+            )));
+        }
+
+        let skew = crypto_ts.abs_diff(srv_ts);
+        if skew > 30 {
+            return Err(ProxyError::InvalidHandshake(format!(
+                "nonce crypto_ts skew too large: client={crypto_ts}, server={srv_ts}, skew={skew}s"
+            )));
+        }
+
+        info!(
+            %local_addr,
+            %local_addr_nat,
+            reflected_ip = reflected.map(|r| r.ip()).as_ref().map(ToString::to_string),
+            %peer_addr,
+            %peer_addr_nat,
+            key_selector = format_args!("0x{ks:08x}"),
+            crypto_schema = format_args!("0x{schema:08x}"),
+            skew_secs = skew,
+            "ME key derivation parameters"
+        );
+
+        let ts_bytes = crypto_ts.to_le_bytes();
+        let server_port_bytes = peer_addr_nat.port().to_le_bytes();
+        let client_port_bytes = local_addr_nat.port().to_le_bytes();
+
+        let server_ip = extract_ip_material(peer_addr_nat);
+        let client_ip = extract_ip_material(local_addr_nat);
+
+        let (srv_ip_opt, clt_ip_opt, clt_v6_opt, srv_v6_opt, hs_our_ip, hs_peer_ip) = match (server_ip, client_ip) {
+            (IpMaterial::V4(mut srv), IpMaterial::V4(mut clt)) => {
+                srv.reverse();
+                clt.reverse();
+                (Some(srv), Some(clt), None, None, clt, srv)
+            }
+            (IpMaterial::V6(srv), IpMaterial::V6(clt)) => {
+                let zero = [0u8; 4];
+                (None, None, Some(clt), Some(srv), zero, zero)
+            }
+            _ => {
+                return Err(ProxyError::InvalidHandshake(
+                    "mixed IPv4/IPv6 endpoints are not supported for ME key derivation".to_string(),
+                ));
+            }
+        };
+
+        let diag_level: u8 = std::env::var("ME_DIAG").ok().and_then(|v| v.parse().ok()).unwrap_or(0);
+
+        let secret: Vec<u8> = self.proxy_secret.read().await.clone();
+
+        let prekey_client = build_middleproxy_prekey(
+            &srv_nonce,
+            &my_nonce,
+            &ts_bytes,
+            srv_ip_opt.as_ref().map(|x| &x[..]),
+            &client_port_bytes,
+            b"CLIENT",
+            clt_ip_opt.as_ref().map(|x| &x[..]),
+            &server_port_bytes,
+            &secret,
+            clt_v6_opt.as_ref(),
+            srv_v6_opt.as_ref(),
+        );
+        let prekey_server = build_middleproxy_prekey(
+            &srv_nonce,
+            &my_nonce,
+            &ts_bytes,
+            srv_ip_opt.as_ref().map(|x| &x[..]),
+            &client_port_bytes,
+            b"SERVER",
+            clt_ip_opt.as_ref().map(|x| &x[..]),
+            &server_port_bytes,
+            &secret,
+            clt_v6_opt.as_ref(),
+            srv_v6_opt.as_ref(),
+        );
+
+        let (wk, wi) = derive_middleproxy_keys(
+            &srv_nonce,
+            &my_nonce,
+            &ts_bytes,
+            srv_ip_opt.as_ref().map(|x| &x[..]),
+            &client_port_bytes,
+            b"CLIENT",
+            clt_ip_opt.as_ref().map(|x| &x[..]),
+            &server_port_bytes,
+            &secret,
+            clt_v6_opt.as_ref(),
+            srv_v6_opt.as_ref(),
+        );
+        let (rk, ri) = derive_middleproxy_keys(
+            &srv_nonce,
+            &my_nonce,
+            &ts_bytes,
+            srv_ip_opt.as_ref().map(|x| &x[..]),
+            &client_port_bytes,
+            b"SERVER",
+            clt_ip_opt.as_ref().map(|x| &x[..]),
+            &server_port_bytes,
+            &secret,
+            clt_v6_opt.as_ref(),
+            srv_v6_opt.as_ref(),
+        );
+
+        let requested_crc_mode = RpcChecksumMode::Crc32c;
+        let hs_payload = build_handshake_payload(
+            hs_our_ip,
+            local_addr.port(),
+            hs_peer_ip,
+            peer_addr.port(),
+            requested_crc_mode.advertised_flags(),
+        );
+        let hs_frame = build_rpc_frame(-1, &hs_payload, RpcChecksumMode::Crc32);
+        if diag_level >= 1 {
+            info!(
+                write_key = %hex_dump(&wk),
+                write_iv = %hex_dump(&wi),
+                read_key = %hex_dump(&rk),
+                read_iv = %hex_dump(&ri),
+                srv_ip = %srv_ip_opt.map(|ip| hex_dump(&ip)).unwrap_or_default(),
+                clt_ip = %clt_ip_opt.map(|ip| hex_dump(&ip)).unwrap_or_default(),
+                srv_port = %hex_dump(&server_port_bytes),
+                clt_port = %hex_dump(&client_port_bytes),
+                crypto_ts = %hex_dump(&ts_bytes),
+                nonce_srv = %hex_dump(&srv_nonce),
+                nonce_clt = %hex_dump(&my_nonce),
+                prekey_sha256_client = %hex_dump(&sha256(&prekey_client)),
+                prekey_sha256_server = %hex_dump(&sha256(&prekey_server)),
+                hs_plain = %hex_dump(&hs_frame),
+                proxy_secret_sha256 = %hex_dump(&sha256(&secret)),
+                "ME diag: derived keys and handshake plaintext"
+            );
+        }
+        if diag_level >= 2 {
+            info!(
+                prekey_client = %hex_dump(&prekey_client),
+                prekey_server = %hex_dump(&prekey_server),
+                "ME diag: full prekey buffers"
+            );
+        }
+
+        let (encrypted_hs, write_iv) = cbc_encrypt_padded(&wk, &wi, &hs_frame)?;
+        if diag_level >= 1 {
+            info!(
+                hs_cipher = %hex_dump(&encrypted_hs),
+                "ME diag: handshake ciphertext"
+            );
+        }
+        wr.write_all(&encrypted_hs).await.map_err(ProxyError::Io)?;
+        wr.flush().await.map_err(ProxyError::Io)?;
+
+        let deadline = Instant::now() + Duration::from_secs(ME_HANDSHAKE_TIMEOUT_SECS);
+        let mut enc_buf = BytesMut::with_capacity(256);
+        let mut dec_buf = BytesMut::with_capacity(256);
+        let mut read_iv = ri;
+        let mut negotiated_crc_mode = RpcChecksumMode::Crc32;
+        let mut handshake_ok = false;
+
+        while Instant::now() < deadline && !handshake_ok {
+            let remaining = deadline - Instant::now();
+            let mut tmp = [0u8; 256];
+            let n = match timeout(remaining, rd.read(&mut tmp)).await {
+                Ok(Ok(0)) => {
+                    return Err(ProxyError::Io(std::io::Error::new(
+                        std::io::ErrorKind::UnexpectedEof,
+                        "ME closed during handshake",
+                    )));
+                }
+                Ok(Ok(n)) => n,
+                Ok(Err(e)) => return Err(ProxyError::Io(e)),
+                Err(_) => return Err(ProxyError::TgHandshakeTimeout),
+            };
+
+            enc_buf.extend_from_slice(&tmp[..n]);
+
+            let blocks = enc_buf.len() / 16 * 16;
+            if blocks > 0 {
+                let mut chunk = vec![0u8; blocks];
+                chunk.copy_from_slice(&enc_buf[..blocks]);
+                read_iv = cbc_decrypt_inplace(&rk, &read_iv, &mut chunk)?;
+                dec_buf.extend_from_slice(&chunk);
+                let _ = enc_buf.split_to(blocks);
+            }
+
+            while dec_buf.len() >= 4 {
+                let fl = u32::from_le_bytes(dec_buf[0..4].try_into().unwrap()) as usize;
+
+                if fl == 4 {
+                    let _ = dec_buf.split_to(4);
+                    continue;
+                }
+                if !(12..=(1 << 24)).contains(&fl) {
+                    return Err(ProxyError::InvalidHandshake(format!(
+                        "Bad HS response frame len: {fl}"
+                    )));
+                }
+                if dec_buf.len() < fl {
+                    break;
+                }
+
+                let frame = dec_buf.split_to(fl);
+                let pe = fl - 4;
+                let ec = u32::from_le_bytes(frame[pe..pe + 4].try_into().unwrap());
+                let ac = rpc_crc(RpcChecksumMode::Crc32, &frame[..pe]);
+                if ec != ac {
+                    return Err(ProxyError::InvalidHandshake(format!(
+                        "HS CRC mismatch: 0x{ec:08x} vs 0x{ac:08x}"
+                    )));
+                }
+
+                let hs_payload = &frame[8..pe];
+                if hs_payload.len() < 4 {
+                    return Err(ProxyError::InvalidHandshake(
+                        "Handshake payload too short".to_string(),
+                    ));
+                }
+                let hs_type = u32::from_le_bytes(hs_payload[0..4].try_into().unwrap());
+                if hs_type == RPC_HANDSHAKE_ERROR_U32 {
+                    let err_code = if hs_payload.len() >= 8 {
+                        i32::from_le_bytes(hs_payload[4..8].try_into().unwrap())
+                    } else {
+                        -1
+                    };
+                    return Err(ProxyError::InvalidHandshake(format!(
+                        "ME rejected handshake (error={err_code})"
+                    )));
+                }
+                let hs_flags = parse_handshake_flags(hs_payload)?;
+                if hs_flags & 0xff != 0 {
+                    return Err(ProxyError::InvalidHandshake(format!(
+                        "Unsupported handshake flags: 0x{hs_flags:08x}"
+                    )));
+                }
+                negotiated_crc_mode = if (hs_flags & requested_crc_mode.advertised_flags()) != 0 {
+                    RpcChecksumMode::from_handshake_flags(hs_flags)
+                } else if (hs_flags & rpc_crypto_flags::USE_CRC32C) != 0 {
+                    return Err(ProxyError::InvalidHandshake(format!(
+                        "Peer negotiated unsupported CRC flags: 0x{hs_flags:08x}"
+                    )));
+                } else {
+                    RpcChecksumMode::Crc32
+                };
+
+                handshake_ok = true;
+                break;
+            }
+        }
+
+        if !handshake_ok {
+            return Err(ProxyError::TgHandshakeTimeout);
+        }
+
+        let handshake_ms = hs_start.elapsed().as_secs_f64() * 1000.0;
+        info!(%addr, "RPC handshake OK");
+
+        Ok(HandshakeOutput {
+            rd,
+            wr,
+            read_key: rk,
+            read_iv,
+            write_key: wk,
+            write_iv,
+            crc_mode: negotiated_crc_mode,
+            handshake_ms,
+        })
+    }
+}
+
+fn hex_dump(data: &[u8]) -> String {
+    const MAX: usize = 64;
+    let mut out = String::with_capacity(data.len() * 2 + 3);
+    for (i, b) in data.iter().take(MAX).enumerate() {
+        if i > 0 {
+            out.push(' ');
+        }
+        out.push_str(&format!("{b:02x}"));
+    }
+    if data.len() > MAX {
+        out.push_str(" …");
+    }
+    out
+}

src/transport/middle_proxy/health.rs

@@ -0,0 +1,144 @@
+use std::collections::{HashMap, HashSet};
+use std::net::SocketAddr;
+use std::sync::Arc;
+use std::time::{Duration, Instant};
+
+use tracing::{debug, info, warn};
+use rand::seq::SliceRandom;
+use rand::Rng;
+
+use crate::crypto::SecureRandom;
+use crate::network::IpFamily;
+
+use super::MePool;
+
+const HEALTH_INTERVAL_SECS: u64 = 1;
+const JITTER_FRAC_NUM: u64 = 2; // jitter up to 50% of backoff
+const MAX_CONCURRENT_PER_DC_DEFAULT: usize = 1;
+
+pub async fn me_health_monitor(pool: Arc<MePool>, rng: Arc<SecureRandom>, _min_connections: usize) {
+    let mut backoff: HashMap<(i32, IpFamily), u64> = HashMap::new();
+    let mut next_attempt: HashMap<(i32, IpFamily), Instant> = HashMap::new();
+    let mut inflight: HashMap<(i32, IpFamily), usize> = HashMap::new();
+    loop {
+        tokio::time::sleep(Duration::from_secs(HEALTH_INTERVAL_SECS)).await;
+        check_family(
+            IpFamily::V4,
+            &pool,
+            &rng,
+            &mut backoff,
+            &mut next_attempt,
+            &mut inflight,
+        )
+        .await;
+        check_family(
+            IpFamily::V6,
+            &pool,
+            &rng,
+            &mut backoff,
+            &mut next_attempt,
+            &mut inflight,
+        )
+        .await;
+    }
+}
+
+async fn check_family(
+    family: IpFamily,
+    pool: &Arc<MePool>,
+    rng: &Arc<SecureRandom>,
+    backoff: &mut HashMap<(i32, IpFamily), u64>,
+    next_attempt: &mut HashMap<(i32, IpFamily), Instant>,
+    inflight: &mut HashMap<(i32, IpFamily), usize>,
+) {
+    let enabled = match family {
+        IpFamily::V4 => pool.decision.ipv4_me,
+        IpFamily::V6 => pool.decision.ipv6_me,
+    };
+    if !enabled {
+        return;
+    }
+
+    let map = match family {
+        IpFamily::V4 => pool.proxy_map_v4.read().await.clone(),
+        IpFamily::V6 => pool.proxy_map_v6.read().await.clone(),
+    };
+    let writer_addrs: HashSet<SocketAddr> = pool
+        .writers
+        .read()
+        .await
+        .iter()
+        .map(|w| w.addr)
+        .collect();
+
+    let entries: Vec<(i32, Vec<SocketAddr>)> = map
+        .iter()
+        .map(|(dc, addrs)| {
+            let list = addrs
+                .iter()
+                .map(|(ip, port)| SocketAddr::new(*ip, *port))
+                .collect::<Vec<_>>();
+            (*dc, list)
+        })
+        .collect();
+
+    for (dc, dc_addrs) in entries {
+        let has_coverage = dc_addrs.iter().any(|a| writer_addrs.contains(a));
+        if has_coverage {
+            continue;
+        }
+
+        let key = (dc, family);
+        let now = Instant::now();
+        if let Some(ts) = next_attempt.get(&key) {
+            if now < *ts {
+                continue;
+            }
+        }
+
+        let max_concurrent = pool.me_reconnect_max_concurrent_per_dc.max(1) as usize;
+        if *inflight.get(&key).unwrap_or(&0) >= max_concurrent {
+            return;
+        }
+        *inflight.entry(key).or_insert(0) += 1;
+
+        let mut shuffled = dc_addrs.clone();
+        shuffled.shuffle(&mut rand::rng());
+        let mut success = false;
+        for addr in shuffled {
+            let res = tokio::time::timeout(pool.me_one_timeout, pool.connect_one(addr, rng.as_ref())).await;
+            match res {
+                Ok(Ok(())) => {
+                    info!(%addr, dc = %dc, ?family, "ME reconnected for DC coverage");
+                    pool.stats.increment_me_reconnect_success();
+                    backoff.insert(key, pool.me_reconnect_backoff_base.as_millis() as u64);
+                    let jitter = pool.me_reconnect_backoff_base.as_millis() as u64 / JITTER_FRAC_NUM;
+                    let wait = pool.me_reconnect_backoff_base
+                        + Duration::from_millis(rand::rng().random_range(0..=jitter.max(1)));
+                    next_attempt.insert(key, now + wait);
+                    success = true;
+                    break;
+                }
+                Ok(Err(e)) => {
+                    pool.stats.increment_me_reconnect_attempt();
+                    debug!(%addr, dc = %dc, error = %e, ?family, "ME reconnect failed")
+                }
+                Err(_) => debug!(%addr, dc = %dc, ?family, "ME reconnect timed out"),
+            }
+        }
+        if !success {
+            pool.stats.increment_me_reconnect_attempt();
+            let curr = *backoff.get(&key).unwrap_or(&(pool.me_reconnect_backoff_base.as_millis() as u64));
+            let next_ms = (curr.saturating_mul(2)).min(pool.me_reconnect_backoff_cap.as_millis() as u64);
+            backoff.insert(key, next_ms);
+            let jitter = next_ms / JITTER_FRAC_NUM;
+            let wait = Duration::from_millis(next_ms)
+                + Duration::from_millis(rand::rng().random_range(0..=jitter.max(1)));
+            next_attempt.insert(key, now + wait);
+            warn!(dc = %dc, backoff_ms = next_ms, ?family, "DC has no ME coverage, scheduled reconnect");
+        }
+        if let Some(v) = inflight.get_mut(&key) {
+            *v = v.saturating_sub(1);
+        }
+    }
+}

src/transport/middle_proxy/mod.rs

@@ -0,0 +1,34 @@
+//! Middle Proxy RPC transport.
+
+mod codec;
+mod handshake;
+mod health;
+mod pool;
+mod pool_nat;
+mod ping;
+mod reader;
+mod registry;
+mod send;
+mod secret;
+mod rotation;
+mod config_updater;
+mod wire;
+
+use bytes::Bytes;
+
+pub use health::me_health_monitor;
+pub use ping::{run_me_ping, format_sample_line, MePingReport, MePingSample, MePingFamily};
+pub use pool::MePool;
+pub use pool_nat::{stun_probe, detect_public_ip};
+pub use registry::ConnRegistry;
+pub use secret::fetch_proxy_secret;
+pub use config_updater::{fetch_proxy_config, me_config_updater};
+pub use rotation::me_rotation_task;
+pub use wire::proto_flags_for_tag;
+
+#[derive(Debug)]
+pub enum MeResponse {
+    Data { flags: u32, data: Bytes },
+    Ack(u32),
+    Close,
+}

src/transport/middle_proxy/ping.rs

@@ -0,0 +1,173 @@
+use std::collections::HashMap;
+use std::net::{IpAddr, SocketAddr};
+use std::sync::Arc;
+
+use crate::crypto::SecureRandom;
+use crate::error::ProxyError;
+
+use super::MePool;
+
+#[derive(Debug, Clone, Copy, PartialEq, Eq)]
+pub enum MePingFamily {
+    V4,
+    V6,
+}
+
+#[derive(Debug, Clone)]
+pub struct MePingSample {
+    pub dc: i32,
+    pub addr: SocketAddr,
+    pub connect_ms: Option<f64>,
+    pub handshake_ms: Option<f64>,
+    pub error: Option<String>,
+    pub family: MePingFamily,
+}
+
+#[derive(Debug, Clone)]
+pub struct MePingReport {
+    pub dc: i32,
+    pub family: MePingFamily,
+    pub samples: Vec<MePingSample>,
+}
+
+pub fn format_sample_line(sample: &MePingSample) -> String {
+    let sign = if sample.dc >= 0 { "+" } else { "-" };
+    let addr = format!("{}:{}", sample.addr.ip(), sample.addr.port());
+
+    match (sample.connect_ms, sample.handshake_ms.as_ref(), sample.error.as_ref()) {
+        (Some(conn), Some(hs), None) => format!(
+            "     {sign} {addr}\tPing: {:.0} ms / RPC: {:.0} ms / OK",
+            conn, hs
+        ),
+        (Some(conn), None, Some(err)) => format!(
+            "     {sign} {addr}\tPing: {:.0} ms / RPC: FAIL ({err})",
+            conn
+        ),
+        (None, _, Some(err)) => format!("     {sign} {addr}\tPing: FAIL ({err})"),
+        (Some(conn), None, None) => format!("     {sign} {addr}\tPing: {:.0} ms / RPC: FAIL", conn),
+        _ => format!("     {sign} {addr}\tPing: FAIL"),
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+    use std::net::{IpAddr, Ipv4Addr, SocketAddr};
+
+    fn sample(base: MePingSample) -> MePingSample {
+        base
+    }
+
+    #[test]
+    fn ok_line_contains_both_timings() {
+        let s = sample(MePingSample {
+            dc: 4,
+            addr: SocketAddr::new(IpAddr::V4(Ipv4Addr::new(1, 2, 3, 4)), 8888),
+            connect_ms: Some(12.3),
+            handshake_ms: Some(34.7),
+            error: None,
+            family: MePingFamily::V4,
+        });
+        let line = format_sample_line(&s);
+        assert!(line.contains("Ping: 12 ms"));
+        assert!(line.contains("RPC: 35 ms"));
+        assert!(line.contains("OK"));
+    }
+
+    #[test]
+    fn error_line_mentions_reason() {
+        let s = sample(MePingSample {
+            dc: -5,
+            addr: SocketAddr::new(IpAddr::V4(Ipv4Addr::new(5, 6, 7, 8)), 80),
+            connect_ms: Some(10.0),
+            handshake_ms: None,
+            error: Some("handshake timeout".to_string()),
+            family: MePingFamily::V4,
+        });
+        let line = format_sample_line(&s);
+        assert!(line.contains("- 5.6.7.8:80"));
+        assert!(line.contains("handshake timeout"));
+    }
+}
+
+pub async fn run_me_ping(pool: &Arc<MePool>, rng: &SecureRandom) -> Vec<MePingReport> {
+    let mut reports = Vec::new();
+
+    let v4_map = if pool.decision.ipv4_me {
+        pool.proxy_map_v4.read().await.clone()
+    } else {
+        HashMap::new()
+    };
+    let v6_map = if pool.decision.ipv6_me {
+        pool.proxy_map_v6.read().await.clone()
+    } else {
+        HashMap::new()
+    };
+
+    let mut grouped: Vec<(MePingFamily, i32, Vec<(IpAddr, u16)>)> = Vec::new();
+    for (dc, addrs) in v4_map {
+        grouped.push((MePingFamily::V4, dc, addrs));
+    }
+    for (dc, addrs) in v6_map {
+        grouped.push((MePingFamily::V6, dc, addrs));
+    }
+
+    for (family, dc, addrs) in grouped {
+        let mut samples = Vec::new();
+        for (ip, port) in addrs {
+            let addr = SocketAddr::new(ip, port);
+            let mut connect_ms = None;
+            let mut handshake_ms = None;
+            let mut error = None;
+
+            match pool.connect_tcp(addr).await {
+                Ok((stream, conn_rtt)) => {
+                    connect_ms = Some(conn_rtt);
+                    match pool.handshake_only(stream, addr, rng).await {
+                        Ok(hs) => {
+                            handshake_ms = Some(hs.handshake_ms);
+                            // drop halves to close
+                            drop(hs.rd);
+                            drop(hs.wr);
+                        }
+                        Err(e) => {
+                            error = Some(short_err(&e));
+                        }
+                    }
+                }
+                Err(e) => {
+                    error = Some(short_err(&e));
+                }
+            }
+
+            samples.push(MePingSample {
+                dc,
+                addr,
+                connect_ms,
+                handshake_ms,
+                error,
+                family,
+            });
+        }
+
+        reports.push(MePingReport {
+            dc,
+            family,
+            samples,
+        });
+    }
+
+    reports
+}
+
+fn short_err(err: &ProxyError) -> String {
+    match err {
+        ProxyError::ConnectionTimeout { .. } => "connect timeout".to_string(),
+        ProxyError::TgHandshakeTimeout => "handshake timeout".to_string(),
+        ProxyError::InvalidHandshake(e) => format!("bad handshake: {e}"),
+        ProxyError::Crypto(e) => format!("crypto: {e}"),
+        ProxyError::Proxy(e) => format!("proxy: {e}"),
+        ProxyError::Io(e) => format!("io: {e}"),
+        _ => format!("{err}"),
+    }
+}

src/transport/middle_proxy/pool.rs

@@ -0,0 +1,679 @@
+use std::collections::HashMap;
+use std::net::{IpAddr, Ipv6Addr, SocketAddr};
+use std::sync::Arc;
+use std::sync::atomic::{AtomicBool, AtomicI32, AtomicU64, AtomicUsize, Ordering};
+use bytes::BytesMut;
+use rand::Rng;
+use rand::seq::SliceRandom;
+use tokio::sync::{Mutex, RwLock, mpsc, Notify};
+use tokio_util::sync::CancellationToken;
+use tracing::{debug, info, warn};
+use std::time::{Duration, Instant};
+
+use crate::crypto::SecureRandom;
+use crate::error::{ProxyError, Result};
+use crate::network::probe::NetworkDecision;
+use crate::network::IpFamily;
+use crate::protocol::constants::*;
+
+use super::ConnRegistry;
+use super::registry::BoundConn;
+use super::codec::{RpcWriter, WriterCommand};
+use super::reader::reader_loop;
+const ME_ACTIVE_PING_SECS: u64 = 25;
+const ME_ACTIVE_PING_JITTER_SECS: i64 = 5;
+
+#[derive(Clone)]
+pub struct MeWriter {
+    pub id: u64,
+    pub addr: SocketAddr,
+    pub tx: mpsc::Sender<WriterCommand>,
+    pub cancel: CancellationToken,
+    pub degraded: Arc<AtomicBool>,
+    pub draining: Arc<AtomicBool>,
+}
+
+pub struct MePool {
+    pub(super) registry: Arc<ConnRegistry>,
+    pub(super) writers: Arc<RwLock<Vec<MeWriter>>>,
+    pub(super) rr: AtomicU64,
+    pub(super) decision: NetworkDecision,
+    pub(super) rng: Arc<SecureRandom>,
+    pub(super) proxy_tag: Option<Vec<u8>>,
+    pub(super) proxy_secret: Arc<RwLock<Vec<u8>>>,
+    pub(super) nat_ip_cfg: Option<IpAddr>,
+    pub(super) nat_ip_detected: Arc<RwLock<Option<IpAddr>>>,
+    pub(super) nat_probe: bool,
+    pub(super) nat_stun: Option<String>,
+    pub(super) nat_stun_servers: Vec<String>,
+    pub(super) detected_ipv6: Option<Ipv6Addr>,
+    pub(super) nat_probe_attempts: std::sync::atomic::AtomicU8,
+    pub(super) nat_probe_disabled: std::sync::atomic::AtomicBool,
+    pub(super) stun_backoff_until: Arc<RwLock<Option<Instant>>>,
+    pub(super) me_one_retry: u8,
+    pub(super) me_one_timeout: Duration,
+    pub(super) me_keepalive_enabled: bool,
+    pub(super) me_keepalive_interval: Duration,
+    pub(super) me_keepalive_jitter: Duration,
+    pub(super) me_keepalive_payload_random: bool,
+    pub(super) me_warmup_stagger_enabled: bool,
+    pub(super) me_warmup_step_delay: Duration,
+    pub(super) me_warmup_step_jitter: Duration,
+    pub(super) me_reconnect_max_concurrent_per_dc: u32,
+    pub(super) me_reconnect_backoff_base: Duration,
+    pub(super) me_reconnect_backoff_cap: Duration,
+    pub(super) me_reconnect_fast_retry_count: u32,
+    pub(super) proxy_map_v4: Arc<RwLock<HashMap<i32, Vec<(IpAddr, u16)>>>>,
+    pub(super) proxy_map_v6: Arc<RwLock<HashMap<i32, Vec<(IpAddr, u16)>>>>,
+    pub(super) default_dc: AtomicI32,
+    pub(super) next_writer_id: AtomicU64,
+    pub(super) ping_tracker: Arc<Mutex<HashMap<i64, (std::time::Instant, u64)>>>,
+    pub(super) rtt_stats: Arc<Mutex<HashMap<u64, (f64, f64)>>>,
+    pub(super) nat_reflection_cache: Arc<Mutex<NatReflectionCache>>,
+    pub(super) writer_available: Arc<Notify>,
+    pub(super) conn_count: AtomicUsize,
+    pub(super) stats: Arc<crate::stats::Stats>,
+    pool_size: usize,
+}
+
+#[derive(Debug, Default)]
+pub struct NatReflectionCache {
+    pub v4: Option<(std::time::Instant, std::net::SocketAddr)>,
+    pub v6: Option<(std::time::Instant, std::net::SocketAddr)>,
+}
+
+impl MePool {
+    pub fn new(
+        proxy_tag: Option<Vec<u8>>,
+        proxy_secret: Vec<u8>,
+        nat_ip: Option<IpAddr>,
+        nat_probe: bool,
+        nat_stun: Option<String>,
+        nat_stun_servers: Vec<String>,
+        detected_ipv6: Option<Ipv6Addr>,
+        me_one_retry: u8,
+        me_one_timeout_ms: u64,
+        proxy_map_v4: HashMap<i32, Vec<(IpAddr, u16)>>,
+        proxy_map_v6: HashMap<i32, Vec<(IpAddr, u16)>>,
+        default_dc: Option<i32>,
+        decision: NetworkDecision,
+        rng: Arc<SecureRandom>,
+        stats: Arc<crate::stats::Stats>,
+        me_keepalive_enabled: bool,
+        me_keepalive_interval_secs: u64,
+        me_keepalive_jitter_secs: u64,
+        me_keepalive_payload_random: bool,
+        me_warmup_stagger_enabled: bool,
+        me_warmup_step_delay_ms: u64,
+        me_warmup_step_jitter_ms: u64,
+        me_reconnect_max_concurrent_per_dc: u32,
+        me_reconnect_backoff_base_ms: u64,
+        me_reconnect_backoff_cap_ms: u64,
+        me_reconnect_fast_retry_count: u32,
+    ) -> Arc<Self> {
+        Arc::new(Self {
+            registry: Arc::new(ConnRegistry::new()),
+            writers: Arc::new(RwLock::new(Vec::new())),
+            rr: AtomicU64::new(0),
+            decision,
+            rng,
+            proxy_tag,
+            proxy_secret: Arc::new(RwLock::new(proxy_secret)),
+            nat_ip_cfg: nat_ip,
+            nat_ip_detected: Arc::new(RwLock::new(None)),
+            nat_probe,
+            nat_stun,
+            nat_stun_servers,
+            detected_ipv6,
+            nat_probe_attempts: std::sync::atomic::AtomicU8::new(0),
+            nat_probe_disabled: std::sync::atomic::AtomicBool::new(false),
+            stun_backoff_until: Arc::new(RwLock::new(None)),
+            me_one_retry,
+            me_one_timeout: Duration::from_millis(me_one_timeout_ms),
+            stats,
+            me_keepalive_enabled,
+            me_keepalive_interval: Duration::from_secs(me_keepalive_interval_secs),
+            me_keepalive_jitter: Duration::from_secs(me_keepalive_jitter_secs),
+            me_keepalive_payload_random,
+            me_warmup_stagger_enabled,
+            me_warmup_step_delay: Duration::from_millis(me_warmup_step_delay_ms),
+            me_warmup_step_jitter: Duration::from_millis(me_warmup_step_jitter_ms),
+            me_reconnect_max_concurrent_per_dc,
+            me_reconnect_backoff_base: Duration::from_millis(me_reconnect_backoff_base_ms),
+            me_reconnect_backoff_cap: Duration::from_millis(me_reconnect_backoff_cap_ms),
+            me_reconnect_fast_retry_count,
+            pool_size: 2,
+            proxy_map_v4: Arc::new(RwLock::new(proxy_map_v4)),
+            proxy_map_v6: Arc::new(RwLock::new(proxy_map_v6)),
+            default_dc: AtomicI32::new(default_dc.unwrap_or(0)),
+            next_writer_id: AtomicU64::new(1),
+            ping_tracker: Arc::new(Mutex::new(HashMap::new())),
+            rtt_stats: Arc::new(Mutex::new(HashMap::new())),
+            nat_reflection_cache: Arc::new(Mutex::new(NatReflectionCache::default())),
+            writer_available: Arc::new(Notify::new()),
+            conn_count: AtomicUsize::new(0),
+        })
+    }
+
+    pub fn has_proxy_tag(&self) -> bool {
+        self.proxy_tag.is_some()
+    }
+
+    pub fn reset_stun_state(&self) {
+        self.nat_probe_attempts.store(0, Ordering::Relaxed);
+        self.nat_probe_disabled.store(false, Ordering::Relaxed);
+    }
+
+    pub fn translate_our_addr(&self, addr: SocketAddr) -> SocketAddr {
+        let ip = self.translate_ip_for_nat(addr.ip());
+        SocketAddr::new(ip, addr.port())
+    }
+
+    pub fn registry(&self) -> &Arc<ConnRegistry> {
+        &self.registry
+    }
+
+    fn writers_arc(&self) -> Arc<RwLock<Vec<MeWriter>>> {
+        self.writers.clone()
+    }
+
+    pub async fn reconcile_connections(self: &Arc<Self>, rng: &SecureRandom) {
+        use std::collections::HashSet;
+        let writers = self.writers.read().await;
+        let current: HashSet<SocketAddr> = writers
+            .iter()
+            .filter(|w| !w.draining.load(Ordering::Relaxed))
+            .map(|w| w.addr)
+            .collect();
+        drop(writers);
+
+        for family in self.family_order() {
+            let map = self.proxy_map_for_family(family).await;
+            for (_dc, addrs) in map.iter() {
+                let dc_addrs: Vec<SocketAddr> = addrs
+                    .iter()
+                    .map(|(ip, port)| SocketAddr::new(*ip, *port))
+                    .collect();
+                if !dc_addrs.iter().any(|a| current.contains(a)) {
+                    let mut shuffled = dc_addrs.clone();
+                    shuffled.shuffle(&mut rand::rng());
+                    for addr in shuffled {
+                        if self.connect_one(addr, rng).await.is_ok() {
+                            break;
+                        }
+                    }
+                }
+            }
+            if !self.decision.effective_multipath && !current.is_empty() {
+                break;
+            }
+        }
+    }
+
+    pub async fn update_proxy_maps(
+        &self,
+        new_v4: HashMap<i32, Vec<(IpAddr, u16)>>,
+        new_v6: Option<HashMap<i32, Vec<(IpAddr, u16)>>>,
+    ) -> bool {
+        let mut changed = false;
+        {
+            let mut guard = self.proxy_map_v4.write().await;
+            if !new_v4.is_empty() && *guard != new_v4 {
+                *guard = new_v4;
+                changed = true;
+            }
+        }
+        if let Some(v6) = new_v6 {
+            let mut guard = self.proxy_map_v6.write().await;
+            if !v6.is_empty() && *guard != v6 {
+                *guard = v6;
+                changed = true;
+            }
+        }
+        // Ensure negative DC entries mirror positives when absent (Telegram convention).
+        {
+            let mut guard = self.proxy_map_v4.write().await;
+            let keys: Vec<i32> = guard.keys().cloned().collect();
+            for k in keys.iter().cloned().filter(|k| *k > 0) {
+                if !guard.contains_key(&-k) {
+                    if let Some(addrs) = guard.get(&k).cloned() {
+                        guard.insert(-k, addrs);
+                    }
+                }
+            }
+        }
+        {
+            let mut guard = self.proxy_map_v6.write().await;
+            let keys: Vec<i32> = guard.keys().cloned().collect();
+            for k in keys.iter().cloned().filter(|k| *k > 0) {
+                if !guard.contains_key(&-k) {
+                    if let Some(addrs) = guard.get(&k).cloned() {
+                        guard.insert(-k, addrs);
+                    }
+                }
+            }
+        }
+        changed
+    }
+
+    pub async fn update_secret(self: &Arc<Self>, new_secret: Vec<u8>) -> bool {
+        if new_secret.len() < 32 {
+            warn!(len = new_secret.len(), "proxy-secret update ignored (too short)");
+            return false;
+        }
+        let mut guard = self.proxy_secret.write().await;
+        if *guard != new_secret {
+            *guard = new_secret;
+            drop(guard);
+            self.reconnect_all().await;
+            return true;
+        }
+        false
+    }
+
+    pub async fn reconnect_all(self: &Arc<Self>) {
+        let ws = self.writers.read().await.clone();
+        for w in ws {
+            if let Ok(()) = self.connect_one(w.addr, self.rng.as_ref()).await {
+                self.mark_writer_draining(w.id).await;
+                tokio::time::sleep(Duration::from_secs(2)).await;
+            }
+        }
+    }
+
+    pub(super) async fn key_selector(&self) -> u32 {
+        let secret = self.proxy_secret.read().await;
+        if secret.len() >= 4 {
+            u32::from_le_bytes([secret[0], secret[1], secret[2], secret[3]])
+        } else {
+            0
+        }
+    }
+
+    pub(super) fn family_order(&self) -> Vec<IpFamily> {
+        let mut order = Vec::new();
+        if self.decision.prefer_ipv6() {
+            if self.decision.ipv6_me {
+                order.push(IpFamily::V6);
+            }
+            if self.decision.ipv4_me {
+                order.push(IpFamily::V4);
+            }
+        } else {
+            if self.decision.ipv4_me {
+                order.push(IpFamily::V4);
+            }
+            if self.decision.ipv6_me {
+                order.push(IpFamily::V6);
+            }
+        }
+        order
+    }
+
+    async fn proxy_map_for_family(&self, family: IpFamily) -> HashMap<i32, Vec<(IpAddr, u16)>> {
+        match family {
+            IpFamily::V4 => self.proxy_map_v4.read().await.clone(),
+            IpFamily::V6 => self.proxy_map_v6.read().await.clone(),
+        }
+    }
+
+    pub async fn init(self: &Arc<Self>, pool_size: usize, rng: &Arc<SecureRandom>) -> Result<()> {
+        let family_order = self.family_order();
+        let ks = self.key_selector().await;
+        info!(
+            me_servers = self.proxy_map_v4.read().await.len(),
+            pool_size,
+            key_selector = format_args!("0x{ks:08x}"),
+            secret_len = self.proxy_secret.read().await.len(),
+            "Initializing ME pool"
+        );
+
+        for family in family_order {
+            let map = self.proxy_map_for_family(family).await;
+            let dc_addrs: Vec<(i32, Vec<(IpAddr, u16)>)> = map
+                .iter()
+                .map(|(dc, addrs)| (*dc, addrs.clone()))
+                .collect();
+
+            // Ensure at least one connection per DC; run DCs in parallel.
+            let mut join = tokio::task::JoinSet::new();
+            let mut dc_failures = 0usize;
+            for (dc, addrs) in dc_addrs.iter().cloned() {
+                if addrs.is_empty() {
+                    continue;
+                }
+                let pool = Arc::clone(self);
+                let rng_clone = Arc::clone(rng);
+                join.spawn(async move {
+                    pool.connect_primary_for_dc(dc, addrs, rng_clone).await
+                });
+            }
+            while let Some(res) = join.join_next().await {
+                if let Ok(false) = res {
+                    dc_failures += 1;
+                }
+            }
+            if dc_failures > 2 {
+                return Err(ProxyError::Proxy("Too many ME DC init failures, falling back to direct".into()));
+            }
+
+        // Additional connections up to pool_size total (round-robin across DCs), staggered to de-phase lifecycles.
+        if self.me_warmup_stagger_enabled {
+            for (dc, addrs) in dc_addrs.iter() {
+                for (ip, port) in addrs {
+                    if self.connection_count() >= pool_size {
+                        break;
+                    }
+                    let addr = SocketAddr::new(*ip, *port);
+                    let jitter = rand::rng().random_range(0..=self.me_warmup_step_jitter.as_millis() as u64);
+                    let delay_ms = self.me_warmup_step_delay.as_millis() as u64 + jitter;
+                    tokio::time::sleep(Duration::from_millis(delay_ms)).await;
+                    if let Err(e) = self.connect_one(addr, rng.as_ref()).await {
+                        debug!(%addr, dc = %dc, error = %e, "Extra ME connect failed (staggered)");
+                    }
+                }
+            }
+        } else {
+            for (dc, addrs) in dc_addrs.iter() {
+                for (ip, port) in addrs {
+                    if self.connection_count() >= pool_size {
+                        break;
+                    }
+                    let addr = SocketAddr::new(*ip, *port);
+                    if let Err(e) = self.connect_one(addr, rng.as_ref()).await {
+                        debug!(%addr, dc = %dc, error = %e, "Extra ME connect failed");
+                    }
+                }
+                if self.connection_count() >= pool_size {
+                    break;
+                }
+            }
+        }
+
+            if !self.decision.effective_multipath && self.connection_count() > 0 {
+                break;
+            }
+        }
+
+        if self.writers.read().await.is_empty() {
+            return Err(ProxyError::Proxy("No ME connections".into()));
+        }
+        Ok(())
+    }
+
+    pub(crate) async fn connect_one(self: &Arc<Self>, addr: SocketAddr, rng: &SecureRandom) -> Result<()> {
+        let secret_len = self.proxy_secret.read().await.len();
+        if secret_len < 32 {
+            return Err(ProxyError::Proxy("proxy-secret too short for ME auth".into()));
+        }
+
+        let (stream, _connect_ms) = self.connect_tcp(addr).await?;
+        let hs = self.handshake_only(stream, addr, rng).await?;
+
+        let writer_id = self.next_writer_id.fetch_add(1, Ordering::Relaxed);
+        let cancel = CancellationToken::new();
+        let degraded = Arc::new(AtomicBool::new(false));
+        let draining = Arc::new(AtomicBool::new(false));
+        let (tx, mut rx) = mpsc::channel::<WriterCommand>(4096);
+        let mut rpc_writer = RpcWriter {
+            writer: hs.wr,
+            key: hs.write_key,
+            iv: hs.write_iv,
+            seq_no: 0,
+            crc_mode: hs.crc_mode,
+        };
+        let cancel_wr = cancel.clone();
+        tokio::spawn(async move {
+            loop {
+                tokio::select! {
+                    cmd = rx.recv() => {
+                        match cmd {
+                            Some(WriterCommand::Data(payload)) => {
+                                if rpc_writer.send(&payload).await.is_err() { break; }
+                            }
+                            Some(WriterCommand::DataAndFlush(payload)) => {
+                                if rpc_writer.send_and_flush(&payload).await.is_err() { break; }
+                            }
+                            Some(WriterCommand::Close) | None => break,
+                        }
+                    }
+                    _ = cancel_wr.cancelled() => break,
+                }
+            }
+        });
+        let writer = MeWriter {
+            id: writer_id,
+            addr,
+            tx: tx.clone(),
+            cancel: cancel.clone(),
+            degraded: degraded.clone(),
+            draining: draining.clone(),
+        };
+        self.writers.write().await.push(writer.clone());
+        self.conn_count.fetch_add(1, Ordering::Relaxed);
+        self.writer_available.notify_one();
+
+        let reg = self.registry.clone();
+        let writers_arc = self.writers_arc();
+        let ping_tracker = self.ping_tracker.clone();
+        let ping_tracker_reader = ping_tracker.clone();
+        let rtt_stats = self.rtt_stats.clone();
+        let stats_reader = self.stats.clone();
+        let stats_ping = self.stats.clone();
+        let pool = Arc::downgrade(self);
+        let cancel_ping = cancel.clone();
+        let tx_ping = tx.clone();
+        let ping_tracker_ping = ping_tracker.clone();
+        let cleanup_done = Arc::new(AtomicBool::new(false));
+        let cleanup_for_reader = cleanup_done.clone();
+        let cleanup_for_ping = cleanup_done.clone();
+        let keepalive_enabled = self.me_keepalive_enabled;
+        let keepalive_interval = self.me_keepalive_interval;
+        let keepalive_jitter = self.me_keepalive_jitter;
+        let cancel_reader_token = cancel.clone();
+        let cancel_ping_token = cancel_ping.clone();
+
+        tokio::spawn(async move {
+            let res = reader_loop(
+                hs.rd,
+                hs.read_key,
+                hs.read_iv,
+                hs.crc_mode,
+                reg.clone(),
+                BytesMut::new(),
+                BytesMut::new(),
+                tx.clone(),
+                ping_tracker_reader,
+                rtt_stats.clone(),
+                stats_reader,
+                writer_id,
+                degraded.clone(),
+                cancel_reader_token.clone(),
+            )
+            .await;
+            if let Some(pool) = pool.upgrade() {
+                if cleanup_for_reader
+                    .compare_exchange(false, true, Ordering::AcqRel, Ordering::Relaxed)
+                    .is_ok()
+                {
+                    pool.remove_writer_and_close_clients(writer_id).await;
+                }
+            }
+            if let Err(e) = res {
+                warn!(error = %e, "ME reader ended");
+            }
+            let mut ws = writers_arc.write().await;
+            ws.retain(|w| w.id != writer_id);
+            info!(remaining = ws.len(), "Dead ME writer removed from pool");
+        });
+
+        let pool_ping = Arc::downgrade(self);
+        tokio::spawn(async move {
+            let mut ping_id: i64 = rand::random::<i64>();
+            // Per-writer jittered start to avoid phase sync.
+            let startup_jitter = if keepalive_enabled {
+                let jitter_cap_ms = keepalive_interval.as_millis() / 2;
+                let effective_jitter_ms = keepalive_jitter.as_millis().min(jitter_cap_ms).max(1);
+                Duration::from_millis(rand::rng().random_range(0..=effective_jitter_ms as u64))
+            } else {
+                let jitter = rand::rng()
+                    .random_range(-ME_ACTIVE_PING_JITTER_SECS..=ME_ACTIVE_PING_JITTER_SECS);
+                let wait = (ME_ACTIVE_PING_SECS as i64 + jitter).max(5) as u64;
+                Duration::from_secs(wait)
+            };
+            tokio::select! {
+                _ = cancel_ping_token.cancelled() => return,
+                _ = tokio::time::sleep(startup_jitter) => {}
+            }
+            loop {
+                let wait = if keepalive_enabled {
+                    let jitter_cap_ms = keepalive_interval.as_millis() / 2;
+                    let effective_jitter_ms = keepalive_jitter.as_millis().min(jitter_cap_ms).max(1);
+                    keepalive_interval
+                        + Duration::from_millis(
+                            rand::rng().random_range(0..=effective_jitter_ms as u64)
+                        )
+                } else {
+                    let jitter = rand::rng()
+                        .random_range(-ME_ACTIVE_PING_JITTER_SECS..=ME_ACTIVE_PING_JITTER_SECS);
+                    let secs = (ME_ACTIVE_PING_SECS as i64 + jitter).max(5) as u64;
+                    Duration::from_secs(secs)
+                };
+                tokio::select! {
+                    _ = cancel_ping_token.cancelled() => {
+                        break;
+                    }
+                    _ = tokio::time::sleep(wait) => {}
+                }
+                let sent_id = ping_id;
+                let mut p = Vec::with_capacity(12);
+                p.extend_from_slice(&RPC_PING_U32.to_le_bytes());
+                p.extend_from_slice(&sent_id.to_le_bytes());
+                {
+                    let mut tracker = ping_tracker_ping.lock().await;
+                    let before = tracker.len();
+                    tracker.retain(|_, (ts, _)| ts.elapsed() < Duration::from_secs(120));
+                    let expired = before.saturating_sub(tracker.len());
+                    if expired > 0 {
+                        stats_ping.increment_me_keepalive_timeout_by(expired as u64);
+                    }
+                    tracker.insert(sent_id, (std::time::Instant::now(), writer_id));
+                }
+                ping_id = ping_id.wrapping_add(1);
+                stats_ping.increment_me_keepalive_sent();
+                if tx_ping.send(WriterCommand::DataAndFlush(p)).await.is_err() {
+                    stats_ping.increment_me_keepalive_failed();
+                    debug!("ME ping failed, removing dead writer");
+                    cancel_ping.cancel();
+                    if let Some(pool) = pool_ping.upgrade() {
+                        if cleanup_for_ping
+                            .compare_exchange(false, true, Ordering::AcqRel, Ordering::Relaxed)
+                            .is_ok()
+                        {
+                            pool.remove_writer_and_close_clients(writer_id).await;
+                        }
+                    }
+                    break;
+                }
+            }
+        });
+
+        Ok(())
+    }
+
+    async fn connect_primary_for_dc(
+        self: Arc<Self>,
+        dc: i32,
+        mut addrs: Vec<(IpAddr, u16)>,
+        rng: Arc<SecureRandom>,
+    ) -> bool {
+        if addrs.is_empty() {
+            return false;
+        }
+        addrs.shuffle(&mut rand::rng());
+        for (ip, port) in addrs {
+            let addr = SocketAddr::new(ip, port);
+            match self.connect_one(addr, rng.as_ref()).await {
+                Ok(()) => {
+                    info!(%addr, dc = %dc, "ME connected");
+                    return true;
+                }
+                Err(e) => warn!(%addr, dc = %dc, error = %e, "ME connect failed, trying next"),
+            }
+        }
+        warn!(dc = %dc, "All ME servers for DC failed at init");
+        false
+    }
+
+    pub(crate) async fn remove_writer_and_close_clients(self: &Arc<Self>, writer_id: u64) {
+        let conns = self.remove_writer_only(writer_id).await;
+        for bound in conns {
+            let _ = self.registry.route(bound.conn_id, super::MeResponse::Close).await;
+            let _ = self.registry.unregister(bound.conn_id).await;
+        }
+    }
+
+    async fn remove_writer_only(&self, writer_id: u64) -> Vec<BoundConn> {
+        let mut close_tx: Option<mpsc::Sender<WriterCommand>> = None;
+        {
+            let mut ws = self.writers.write().await;
+            if let Some(pos) = ws.iter().position(|w| w.id == writer_id) {
+                let w = ws.remove(pos);
+                w.cancel.cancel();
+                close_tx = Some(w.tx.clone());
+                self.conn_count.fetch_sub(1, Ordering::Relaxed);
+            }
+        }
+        if let Some(tx) = close_tx {
+            let _ = tx.send(WriterCommand::Close).await;
+        }
+        self.rtt_stats.lock().await.remove(&writer_id);
+        self.registry.writer_lost(writer_id).await
+    }
+
+    pub(crate) async fn mark_writer_draining(self: &Arc<Self>, writer_id: u64) {
+        {
+            let mut ws = self.writers.write().await;
+            if let Some(w) = ws.iter_mut().find(|w| w.id == writer_id) {
+                w.draining.store(true, Ordering::Relaxed);
+            }
+        }
+
+        let pool = Arc::downgrade(self);
+        tokio::spawn(async move {
+            let deadline = Instant::now() + Duration::from_secs(300);
+            loop {
+                if let Some(p) = pool.upgrade() {
+                    if Instant::now() >= deadline {
+                        warn!(writer_id, "Drain timeout, force-closing");
+                        let _ = p.remove_writer_and_close_clients(writer_id).await;
+                        break;
+                    }
+                    if p.registry.is_writer_empty(writer_id).await {
+                        let _ = p.remove_writer_only(writer_id).await;
+                        break;
+                    }
+                    tokio::time::sleep(Duration::from_secs(1)).await;
+                } else {
+                    break;
+                }
+            }
+        });
+    }
+
+}
+
+fn hex_dump(data: &[u8]) -> String {
+    const MAX: usize = 64;
+    let mut out = String::with_capacity(data.len() * 2 + 3);
+    for (i, b) in data.iter().take(MAX).enumerate() {
+        if i > 0 {
+            out.push(' ');
+        }
+        out.push_str(&format!("{b:02x}"));
+    }
+    if data.len() > MAX {
+        out.push_str(" …");
+    }
+    out
+}

src/transport/middle_proxy/pool_nat.rs

@@ -0,0 +1,192 @@
+use std::net::{IpAddr, Ipv4Addr};
+use std::time::Duration;
+
+use tracing::{info, warn, debug};
+
+use crate::error::{ProxyError, Result};
+use crate::network::probe::is_bogon;
+use crate::network::stun::{stun_probe_dual, IpFamily, StunProbeResult};
+
+use super::MePool;
+use std::time::Instant;
+pub async fn stun_probe(stun_addr: Option<String>) -> Result<crate::network::stun::DualStunResult> {
+    let stun_addr = stun_addr.unwrap_or_else(|| "stun.l.google.com:19302".to_string());
+    stun_probe_dual(&stun_addr).await
+}
+
+pub async fn detect_public_ip() -> Option<IpAddr> {
+    fetch_public_ipv4_with_retry().await.ok().flatten().map(IpAddr::V4)
+}
+
+impl MePool {
+    pub(super) fn translate_ip_for_nat(&self, ip: IpAddr) -> IpAddr {
+        let nat_ip = self
+            .nat_ip_cfg
+            .or_else(|| self.nat_ip_detected.try_read().ok().and_then(|g| (*g).clone()));
+
+        let Some(nat_ip) = nat_ip else {
+            return ip;
+        };
+
+        match (ip, nat_ip) {
+            (IpAddr::V4(src), IpAddr::V4(dst))
+                if is_bogon(IpAddr::V4(src))
+                    || src.is_loopback()
+                    || src.is_unspecified() =>
+            {
+                IpAddr::V4(dst)
+            }
+            (IpAddr::V6(src), IpAddr::V6(dst)) if src.is_loopback() || src.is_unspecified() => {
+                IpAddr::V6(dst)
+            }
+            (orig, _) => orig,
+        }
+    }
+
+    pub(super) fn translate_our_addr_with_reflection(
+        &self,
+        addr: std::net::SocketAddr,
+        reflected: Option<std::net::SocketAddr>,
+    ) -> std::net::SocketAddr {
+        let ip = if let Some(r) = reflected {
+            // Use reflected IP (not port) only when local address is non-public.
+            if is_bogon(addr.ip()) || addr.ip().is_loopback() || addr.ip().is_unspecified() {
+                r.ip()
+            } else {
+                self.translate_ip_for_nat(addr.ip())
+            }
+        } else {
+            self.translate_ip_for_nat(addr.ip())
+        };
+
+        // Keep the kernel-assigned TCP source port; STUN port can differ.
+        std::net::SocketAddr::new(ip, addr.port())
+    }
+
+    pub(super) async fn maybe_detect_nat_ip(&self, local_ip: IpAddr) -> Option<IpAddr> {
+        if self.nat_ip_cfg.is_some() {
+            return self.nat_ip_cfg;
+        }
+
+        if !(is_bogon(local_ip) || local_ip.is_loopback() || local_ip.is_unspecified()) {
+            return None;
+        }
+
+        if let Some(ip) = self.nat_ip_detected.read().await.clone() {
+            return Some(ip);
+        }
+
+        match fetch_public_ipv4_with_retry().await {
+            Ok(Some(ip)) => {
+                {
+                    let mut guard = self.nat_ip_detected.write().await;
+                    *guard = Some(IpAddr::V4(ip));
+                }
+                info!(public_ip = %ip, "Auto-detected public IP for NAT translation");
+                Some(IpAddr::V4(ip))
+            }
+            Ok(None) => None,
+            Err(e) => {
+                warn!(error = %e, "Failed to auto-detect public IP");
+                None
+            }
+        }
+    }
+
+    pub(super) async fn maybe_reflect_public_addr(
+        &self,
+        family: IpFamily,
+    ) -> Option<std::net::SocketAddr> {
+        const STUN_CACHE_TTL: Duration = Duration::from_secs(600);
+        // Backoff window
+        if let Some(until) = *self.stun_backoff_until.read().await {
+            if Instant::now() < until {
+                if let Ok(cache) = self.nat_reflection_cache.try_lock() {
+                    let slot = match family {
+                        IpFamily::V4 => cache.v4,
+                        IpFamily::V6 => cache.v6,
+                    };
+                    return slot.map(|(_, addr)| addr);
+                }
+                return None;
+            }
+        }
+
+        if let Ok(mut cache) = self.nat_reflection_cache.try_lock() {
+            let slot = match family {
+                IpFamily::V4 => &mut cache.v4,
+                IpFamily::V6 => &mut cache.v6,
+            };
+            if let Some((ts, addr)) = slot {
+                if ts.elapsed() < STUN_CACHE_TTL {
+                    return Some(*addr);
+                }
+            }
+        }
+
+        let attempt = self.nat_probe_attempts.fetch_add(1, std::sync::atomic::Ordering::Relaxed);
+        let servers = if !self.nat_stun_servers.is_empty() {
+            self.nat_stun_servers.clone()
+        } else if let Some(s) = &self.nat_stun {
+            vec![s.clone()]
+        } else {
+            vec!["stun.l.google.com:19302".to_string()]
+        };
+
+        for stun_addr in servers {
+            match stun_probe_dual(&stun_addr).await {
+                Ok(res) => {
+                    let picked: Option<StunProbeResult> = match family {
+                        IpFamily::V4 => res.v4,
+                        IpFamily::V6 => res.v6,
+                    };
+                    if let Some(result) = picked {
+                        info!(local = %result.local_addr, reflected = %result.reflected_addr, family = ?family, stun = %stun_addr, "NAT probe: reflected address");
+                        self.nat_probe_attempts.store(0, std::sync::atomic::Ordering::Relaxed);
+                        if let Ok(mut cache) = self.nat_reflection_cache.try_lock() {
+                            let slot = match family {
+                                IpFamily::V4 => &mut cache.v4,
+                                IpFamily::V6 => &mut cache.v6,
+                            };
+                            *slot = Some((Instant::now(), result.reflected_addr));
+                        }
+                        return Some(result.reflected_addr);
+                    }
+                }
+                Err(e) => {
+                    warn!(error = %e, stun = %stun_addr, attempt = attempt + 1, "NAT probe failed, trying next server");
+                }
+            }
+        }
+        let backoff = Duration::from_secs(60 * 2u64.pow((attempt as u32).min(6)));
+        *self.stun_backoff_until.write().await = Some(Instant::now() + backoff);
+        None
+    }
+}
+
+async fn fetch_public_ipv4_with_retry() -> Result<Option<Ipv4Addr>> {
+    let providers = [
+        "https://checkip.amazonaws.com",
+        "http://v4.ident.me",
+        "http://ipv4.icanhazip.com",
+    ];
+    for url in providers {
+        if let Ok(Some(ip)) = fetch_public_ipv4_once(url).await {
+            return Ok(Some(ip));
+        }
+    }
+    Ok(None)
+}
+
+async fn fetch_public_ipv4_once(url: &str) -> Result<Option<Ipv4Addr>> {
+    let res = reqwest::get(url).await.map_err(|e| {
+        ProxyError::Proxy(format!("public IP detection request failed: {e}"))
+    })?;
+
+    let text = res.text().await.map_err(|e| {
+        ProxyError::Proxy(format!("public IP detection read failed: {e}"))
+    })?;
+
+    let ip = text.trim().parse().ok();
+    Ok(ip)
+}

src/transport/middle_proxy/reader.rs

@@ -0,0 +1,207 @@
+use std::collections::HashMap;
+use std::sync::Arc;
+use std::sync::atomic::{AtomicBool, Ordering};
+use std::time::Instant;
+
+use bytes::{Bytes, BytesMut};
+use tokio::io::AsyncReadExt;
+use tokio::net::TcpStream;
+use tokio::sync::{Mutex, mpsc};
+use tokio_util::sync::CancellationToken;
+use tracing::{debug, trace, warn};
+
+use crate::crypto::AesCbc;
+use crate::error::{ProxyError, Result};
+use crate::protocol::constants::*;
+use crate::stats::Stats;
+
+use super::codec::{RpcChecksumMode, WriterCommand, rpc_crc};
+use super::registry::RouteResult;
+use super::{ConnRegistry, MeResponse};
+
+pub(crate) async fn reader_loop(
+    mut rd: tokio::io::ReadHalf<TcpStream>,
+    dk: [u8; 32],
+    mut div: [u8; 16],
+    crc_mode: RpcChecksumMode,
+    reg: Arc<ConnRegistry>,
+    enc_leftover: BytesMut,
+    mut dec: BytesMut,
+    tx: mpsc::Sender<WriterCommand>,
+    ping_tracker: Arc<Mutex<HashMap<i64, (Instant, u64)>>>,
+    rtt_stats: Arc<Mutex<HashMap<u64, (f64, f64)>>>,
+    stats: Arc<Stats>,
+    _writer_id: u64,
+    degraded: Arc<AtomicBool>,
+    cancel: CancellationToken,
+) -> Result<()> {
+    let mut raw = enc_leftover;
+    let mut expected_seq: i32 = 0;
+
+    loop {
+        let mut tmp = [0u8; 16_384];
+        let n = tokio::select! {
+            res = rd.read(&mut tmp) => res.map_err(ProxyError::Io)?,
+            _ = cancel.cancelled() => return Ok(()),
+        };
+        if n == 0 {
+            return Ok(());
+        }
+        raw.extend_from_slice(&tmp[..n]);
+
+        let blocks = raw.len() / 16 * 16;
+        if blocks > 0 {
+            let mut new_iv = [0u8; 16];
+            new_iv.copy_from_slice(&raw[blocks - 16..blocks]);
+
+            let mut chunk = vec![0u8; blocks];
+            chunk.copy_from_slice(&raw[..blocks]);
+            AesCbc::new(dk, div)
+                .decrypt_in_place(&mut chunk)
+                .map_err(|e| ProxyError::Crypto(format!("{e}")))?;
+            div = new_iv;
+            dec.extend_from_slice(&chunk);
+            let _ = raw.split_to(blocks);
+        }
+
+        while dec.len() >= 12 {
+            let fl = u32::from_le_bytes(dec[0..4].try_into().unwrap()) as usize;
+            if fl == 4 {
+                let _ = dec.split_to(4);
+                continue;
+            }
+            if !(12..=(1 << 24)).contains(&fl) {
+                warn!(frame_len = fl, "Invalid RPC frame len");
+                dec.clear();
+                break;
+            }
+            if dec.len() < fl {
+                break;
+            }
+
+            let frame = dec.split_to(fl);
+            let pe = fl - 4;
+            let ec = u32::from_le_bytes(frame[pe..pe + 4].try_into().unwrap());
+            let actual_crc = rpc_crc(crc_mode, &frame[..pe]);
+            if actual_crc != ec {
+                stats.increment_me_crc_mismatch();
+                warn!(
+                    frame_len = fl,
+                    expected_crc = format_args!("0x{ec:08x}"),
+                    actual_crc = format_args!("0x{actual_crc:08x}"),
+                    "CRC mismatch — CBC crypto desync, aborting ME connection"
+                );
+                return Err(ProxyError::Proxy("CRC mismatch (crypto desync)".into()));
+            }
+
+            let seq_no = i32::from_le_bytes(frame[4..8].try_into().unwrap());
+            if seq_no != expected_seq {
+                stats.increment_me_seq_mismatch();
+                warn!(seq_no, expected = expected_seq, "ME RPC seq mismatch");
+                return Err(ProxyError::SeqNoMismatch {
+                    expected: expected_seq,
+                    got: seq_no,
+                });
+            }
+            expected_seq = expected_seq.wrapping_add(1);
+
+            let payload = &frame[8..pe];
+            if payload.len() < 4 {
+                continue;
+            }
+
+            let pt = u32::from_le_bytes(payload[0..4].try_into().unwrap());
+            let body = &payload[4..];
+
+            if pt == RPC_PROXY_ANS_U32 && body.len() >= 12 {
+                let flags = u32::from_le_bytes(body[0..4].try_into().unwrap());
+                let cid = u64::from_le_bytes(body[4..12].try_into().unwrap());
+                let data = Bytes::copy_from_slice(&body[12..]);
+                trace!(cid, flags, len = data.len(), "RPC_PROXY_ANS");
+
+                let routed = reg.route(cid, MeResponse::Data { flags, data }).await;
+                if !matches!(routed, RouteResult::Routed) {
+                    match routed {
+                        RouteResult::NoConn => stats.increment_me_route_drop_no_conn(),
+                        RouteResult::ChannelClosed => stats.increment_me_route_drop_channel_closed(),
+                        RouteResult::QueueFull => stats.increment_me_route_drop_queue_full(),
+                        RouteResult::Routed => {}
+                    }
+                    reg.unregister(cid).await;
+                    send_close_conn(&tx, cid).await;
+                }
+            } else if pt == RPC_SIMPLE_ACK_U32 && body.len() >= 12 {
+                let cid = u64::from_le_bytes(body[0..8].try_into().unwrap());
+                let cfm = u32::from_le_bytes(body[8..12].try_into().unwrap());
+                trace!(cid, cfm, "RPC_SIMPLE_ACK");
+
+                let routed = reg.route(cid, MeResponse::Ack(cfm)).await;
+                if !matches!(routed, RouteResult::Routed) {
+                    match routed {
+                        RouteResult::NoConn => stats.increment_me_route_drop_no_conn(),
+                        RouteResult::ChannelClosed => stats.increment_me_route_drop_channel_closed(),
+                        RouteResult::QueueFull => stats.increment_me_route_drop_queue_full(),
+                        RouteResult::Routed => {}
+                    }
+                    reg.unregister(cid).await;
+                    send_close_conn(&tx, cid).await;
+                }
+            } else if pt == RPC_CLOSE_EXT_U32 && body.len() >= 8 {
+                let cid = u64::from_le_bytes(body[0..8].try_into().unwrap());
+                debug!(cid, "RPC_CLOSE_EXT from ME");
+                reg.route(cid, MeResponse::Close).await;
+                reg.unregister(cid).await;
+            } else if pt == RPC_CLOSE_CONN_U32 && body.len() >= 8 {
+                let cid = u64::from_le_bytes(body[0..8].try_into().unwrap());
+                debug!(cid, "RPC_CLOSE_CONN from ME");
+                reg.route(cid, MeResponse::Close).await;
+                reg.unregister(cid).await;
+            } else if pt == RPC_PING_U32 && body.len() >= 8 {
+                let ping_id = i64::from_le_bytes(body[0..8].try_into().unwrap());
+                trace!(ping_id, "RPC_PING -> RPC_PONG");
+                let mut pong = Vec::with_capacity(12);
+                pong.extend_from_slice(&RPC_PONG_U32.to_le_bytes());
+                pong.extend_from_slice(&ping_id.to_le_bytes());
+                if tx.send(WriterCommand::DataAndFlush(pong)).await.is_err() {
+                    warn!("PONG send failed");
+                    break;
+                }
+            } else if pt == RPC_PONG_U32 && body.len() >= 8 {
+                let ping_id = i64::from_le_bytes(body[0..8].try_into().unwrap());
+                stats.increment_me_keepalive_pong();
+                if let Some((sent, wid)) = {
+                    let mut guard = ping_tracker.lock().await;
+                    guard.remove(&ping_id)
+                } {
+                    let rtt = sent.elapsed().as_secs_f64() * 1000.0;
+                    let mut stats = rtt_stats.lock().await;
+                    let entry = stats.entry(wid).or_insert((rtt, rtt));
+                    entry.1 = entry.1 * 0.8 + rtt * 0.2;
+                    if rtt < entry.0 {
+                        entry.0 = rtt;
+                    } else {
+                        // allow slow baseline drift upward to avoid stale minimum
+                        entry.0 = entry.0 * 0.99 + rtt * 0.01;
+                    }
+                    let degraded_now = entry.1 > entry.0 * 2.0;
+                    degraded.store(degraded_now, Ordering::Relaxed);
+                    trace!(writer_id = wid, rtt_ms = rtt, ema_ms = entry.1, base_ms = entry.0, degraded = degraded_now, "ME RTT sample");
+                }
+            } else {
+                debug!(
+                    rpc_type = format_args!("0x{pt:08x}"),
+                    len = body.len(),
+                    "Unknown RPC"
+                );
+            }
+        }
+    }
+}
+
+async fn send_close_conn(tx: &mpsc::Sender<WriterCommand>, conn_id: u64) {
+    let mut p = Vec::with_capacity(12);
+    p.extend_from_slice(&RPC_CLOSE_CONN_U32.to_le_bytes());
+    p.extend_from_slice(&conn_id.to_le_bytes());
+
+    let _ = tx.send(WriterCommand::DataAndFlush(p)).await;
+}

src/transport/middle_proxy/registry.rs

@@ -0,0 +1,183 @@
+use std::collections::{HashMap, HashSet};
+use std::net::SocketAddr;
+use std::sync::atomic::{AtomicU64, Ordering};
+use std::time::Duration;
+
+use tokio::sync::{mpsc, RwLock};
+use tokio::sync::mpsc::error::TrySendError;
+
+use super::codec::WriterCommand;
+use super::MeResponse;
+
+const ROUTE_CHANNEL_CAPACITY: usize = 4096;
+const ROUTE_BACKPRESSURE_TIMEOUT: Duration = Duration::from_millis(25);
+
+#[derive(Debug, Clone, Copy, PartialEq, Eq)]
+pub enum RouteResult {
+    Routed,
+    NoConn,
+    ChannelClosed,
+    QueueFull,
+}
+
+#[derive(Clone)]
+pub struct ConnMeta {
+    pub target_dc: i16,
+    pub client_addr: SocketAddr,
+    pub our_addr: SocketAddr,
+    pub proto_flags: u32,
+}
+
+#[derive(Clone)]
+pub struct BoundConn {
+    pub conn_id: u64,
+    pub meta: ConnMeta,
+}
+
+#[derive(Clone)]
+pub struct ConnWriter {
+    pub writer_id: u64,
+    pub tx: mpsc::Sender<WriterCommand>,
+}
+
+struct RegistryInner {
+    map: HashMap<u64, mpsc::Sender<MeResponse>>,
+    writers: HashMap<u64, mpsc::Sender<WriterCommand>>,
+    writer_for_conn: HashMap<u64, u64>,
+    conns_for_writer: HashMap<u64, HashSet<u64>>,
+    meta: HashMap<u64, ConnMeta>,
+}
+
+impl RegistryInner {
+    fn new() -> Self {
+        Self {
+            map: HashMap::new(),
+            writers: HashMap::new(),
+            writer_for_conn: HashMap::new(),
+            conns_for_writer: HashMap::new(),
+            meta: HashMap::new(),
+        }
+    }
+}
+
+pub struct ConnRegistry {
+    inner: RwLock<RegistryInner>,
+    next_id: AtomicU64,
+}
+
+impl ConnRegistry {
+    pub fn new() -> Self {
+        let start = rand::random::<u64>() | 1;
+        Self {
+            inner: RwLock::new(RegistryInner::new()),
+            next_id: AtomicU64::new(start),
+        }
+    }
+
+    pub async fn register(&self) -> (u64, mpsc::Receiver<MeResponse>) {
+        let id = self.next_id.fetch_add(1, Ordering::Relaxed);
+        let (tx, rx) = mpsc::channel(ROUTE_CHANNEL_CAPACITY);
+        self.inner.write().await.map.insert(id, tx);
+        (id, rx)
+    }
+
+    /// Unregister connection, returning associated writer_id if any.
+    pub async fn unregister(&self, id: u64) -> Option<u64> {
+        let mut inner = self.inner.write().await;
+        inner.map.remove(&id);
+        inner.meta.remove(&id);
+        if let Some(writer_id) = inner.writer_for_conn.remove(&id) {
+            if let Some(set) = inner.conns_for_writer.get_mut(&writer_id) {
+                set.remove(&id);
+            }
+            return Some(writer_id);
+        }
+        None
+    }
+
+    pub async fn route(&self, id: u64, resp: MeResponse) -> RouteResult {
+        let tx = {
+            let inner = self.inner.read().await;
+            inner.map.get(&id).cloned()
+        };
+
+        let Some(tx) = tx else {
+            return RouteResult::NoConn;
+        };
+
+        match tx.try_send(resp) {
+            Ok(()) => RouteResult::Routed,
+            Err(TrySendError::Closed(_)) => RouteResult::ChannelClosed,
+            Err(TrySendError::Full(resp)) => {
+                // Absorb short bursts without dropping/closing the session immediately.
+                match tokio::time::timeout(ROUTE_BACKPRESSURE_TIMEOUT, tx.send(resp)).await {
+                    Ok(Ok(())) => RouteResult::Routed,
+                    Ok(Err(_)) => RouteResult::ChannelClosed,
+                    Err(_) => RouteResult::QueueFull,
+                }
+            }
+        }
+    }
+
+    pub async fn bind_writer(
+        &self,
+        conn_id: u64,
+        writer_id: u64,
+        tx: mpsc::Sender<WriterCommand>,
+        meta: ConnMeta,
+    ) {
+        let mut inner = self.inner.write().await;
+        inner.meta.entry(conn_id).or_insert(meta);
+        inner.writer_for_conn.insert(conn_id, writer_id);
+        inner.writers.entry(writer_id).or_insert_with(|| tx.clone());
+        inner
+            .conns_for_writer
+            .entry(writer_id)
+            .or_insert_with(HashSet::new)
+            .insert(conn_id);
+    }
+
+    pub async fn get_writer(&self, conn_id: u64) -> Option<ConnWriter> {
+        let inner = self.inner.read().await;
+        let writer_id = inner.writer_for_conn.get(&conn_id).cloned()?;
+        let writer = inner.writers.get(&writer_id).cloned()?;
+        Some(ConnWriter { writer_id, tx: writer })
+    }
+
+    pub async fn writer_lost(&self, writer_id: u64) -> Vec<BoundConn> {
+        let mut inner = self.inner.write().await;
+        inner.writers.remove(&writer_id);
+        let conns = inner
+            .conns_for_writer
+            .remove(&writer_id)
+            .unwrap_or_default()
+            .into_iter()
+            .collect::<Vec<_>>();
+
+        let mut out = Vec::new();
+        for conn_id in conns {
+            inner.writer_for_conn.remove(&conn_id);
+            if let Some(m) = inner.meta.get(&conn_id) {
+                out.push(BoundConn {
+                    conn_id,
+                    meta: m.clone(),
+                });
+            }
+        }
+        out
+    }
+
+    pub async fn get_meta(&self, conn_id: u64) -> Option<ConnMeta> {
+        let inner = self.inner.read().await;
+        inner.meta.get(&conn_id).cloned()
+    }
+
+    pub async fn is_writer_empty(&self, writer_id: u64) -> bool {
+        let inner = self.inner.read().await;
+        inner
+            .conns_for_writer
+            .get(&writer_id)
+            .map(|s| s.is_empty())
+            .unwrap_or(true)
+    }
+}

src/transport/middle_proxy/rotation.rs

@@ -0,0 +1,51 @@
+use std::sync::Arc;
+use std::sync::atomic::Ordering;
+use std::time::Duration;
+
+use tracing::{info, warn};
+
+use crate::crypto::SecureRandom;
+
+use super::MePool;
+
+/// Periodically refresh ME connections to avoid long-lived degradation.
+pub async fn me_rotation_task(pool: Arc<MePool>, rng: Arc<SecureRandom>, interval: Duration) {
+    let interval = interval.max(Duration::from_secs(600));
+    loop {
+        tokio::time::sleep(interval).await;
+
+        let candidate = {
+            let ws = pool.writers.read().await;
+            if ws.is_empty() {
+                None
+            } else {
+                let idx = (pool.rr.load(std::sync::atomic::Ordering::Relaxed) as usize) % ws.len();
+                ws.get(idx).cloned()
+            }
+        };
+
+        let Some(w) = candidate else {
+            continue;
+        };
+
+        info!(addr = %w.addr, writer_id = w.id, "Rotating ME connection");
+        match pool.connect_one(w.addr, rng.as_ref()).await {
+            Ok(()) => {
+                tokio::time::sleep(Duration::from_secs(2)).await;
+                let ws = pool.writers.read().await;
+                let new_alive = ws.iter().any(|nw|
+                    nw.id != w.id && nw.addr == w.addr && !nw.degraded.load(Ordering::Relaxed) && !nw.draining.load(Ordering::Relaxed)
+                );
+                drop(ws);
+                if new_alive {
+                    pool.mark_writer_draining(w.id).await;
+                } else {
+                    warn!(addr = %w.addr, writer_id = w.id, "New writer died, keeping old");
+                }
+            }
+            Err(e) => {
+                warn!(addr = %w.addr, writer_id = w.id, error = %e, "ME rotation connect failed");
+            }
+        }
+    }
+}

src/transport/middle_proxy/secret.rs

@@ -0,0 +1,100 @@
+use std::time::Duration;
+
+use tracing::{debug, info, warn};
+use std::time::SystemTime;
+use httpdate;
+
+use crate::error::{ProxyError, Result};
+
+/// Fetch Telegram proxy-secret binary.
+pub async fn fetch_proxy_secret(cache_path: Option<&str>) -> Result<Vec<u8>> {
+    let cache = cache_path.unwrap_or("proxy-secret");
+
+    // 1) Try fresh download first.
+    match download_proxy_secret().await {
+        Ok(data) => {
+            if let Err(e) = tokio::fs::write(cache, &data).await {
+                warn!(error = %e, "Failed to cache proxy-secret (non-fatal)");
+            } else {
+                debug!(path = cache, len = data.len(), "Cached proxy-secret");
+            }
+            return Ok(data);
+        }
+        Err(download_err) => {
+            warn!(error = %download_err, "Proxy-secret download failed, trying cache/file fallback");
+            // Fall through to cache/file.
+        }
+    }
+
+    // 2) Fallback to cache/file regardless of age; require len>=32.
+    match tokio::fs::read(cache).await {
+        Ok(data) if data.len() >= 32 => {
+            let age_hours = tokio::fs::metadata(cache)
+                .await
+                .ok()
+                .and_then(|m| m.modified().ok())
+                .and_then(|m| std::time::SystemTime::now().duration_since(m).ok())
+                .map(|d| d.as_secs() / 3600);
+            info!(
+                path = cache,
+                len = data.len(),
+                age_hours,
+                "Loaded proxy-secret from cache/file after download failure"
+            );
+            Ok(data)
+        }
+        Ok(data) => Err(ProxyError::Proxy(format!(
+            "Cached proxy-secret too short: {} bytes (need >= 32)",
+            data.len()
+        ))),
+        Err(e) => Err(ProxyError::Proxy(format!(
+            "Failed to read proxy-secret cache after download failure: {e}"
+        ))),
+    }
+}
+
+pub async fn download_proxy_secret() -> Result<Vec<u8>> {
+    let resp = reqwest::get("https://core.telegram.org/getProxySecret")
+        .await
+        .map_err(|e| ProxyError::Proxy(format!("Failed to download proxy-secret: {e}")))?;
+
+    if !resp.status().is_success() {
+        return Err(ProxyError::Proxy(format!(
+            "proxy-secret download HTTP {}",
+            resp.status()
+        )));
+    }
+
+    if let Some(date) = resp.headers().get(reqwest::header::DATE) {
+        if let Ok(date_str) = date.to_str() {
+            if let Ok(server_time) = httpdate::parse_http_date(date_str) {
+                if let Ok(skew) = SystemTime::now().duration_since(server_time).or_else(|e| {
+                    server_time.duration_since(SystemTime::now()).map_err(|_| e)
+                }) {
+                    let skew_secs = skew.as_secs();
+                    if skew_secs > 60 {
+                        warn!(skew_secs, "Time skew >60s detected from proxy-secret Date header");
+                    } else if skew_secs > 30 {
+                        warn!(skew_secs, "Time skew >30s detected from proxy-secret Date header");
+                    }
+                }
+            }
+        }
+    }
+
+    let data = resp
+        .bytes()
+        .await
+        .map_err(|e| ProxyError::Proxy(format!("Read proxy-secret body: {e}")))?
+        .to_vec();
+
+    if data.len() < 32 {
+        return Err(ProxyError::Proxy(format!(
+            "proxy-secret too short: {} bytes (need >= 32)",
+            data.len()
+        )));
+    }
+
+    info!(len = data.len(), "Downloaded proxy-secret OK");
+    Ok(data)
+}

src/transport/middle_proxy/send.rs

@@ -0,0 +1,269 @@
+use std::net::SocketAddr;
+use std::sync::Arc;
+use std::sync::atomic::Ordering;
+use std::time::Duration;
+
+use tracing::{debug, warn};
+
+use crate::error::{ProxyError, Result};
+use crate::network::IpFamily;
+use crate::protocol::constants::RPC_CLOSE_EXT_U32;
+
+use super::MePool;
+use super::codec::WriterCommand;
+use super::wire::build_proxy_req_payload;
+use rand::seq::SliceRandom;
+use super::registry::ConnMeta;
+
+impl MePool {
+    pub async fn send_proxy_req(
+        self: &Arc<Self>,
+        conn_id: u64,
+        target_dc: i16,
+        client_addr: SocketAddr,
+        our_addr: SocketAddr,
+        data: &[u8],
+        proto_flags: u32,
+    ) -> Result<()> {
+        let payload = build_proxy_req_payload(
+            conn_id,
+            client_addr,
+            our_addr,
+            data,
+            self.proxy_tag.as_deref(),
+            proto_flags,
+        );
+        let meta = ConnMeta {
+            target_dc,
+            client_addr,
+            our_addr,
+            proto_flags,
+        };
+        let mut emergency_attempts = 0;
+
+        loop {
+            if let Some(current) = self.registry.get_writer(conn_id).await {
+                let send_res = {
+                    current
+                        .tx
+                        .send(WriterCommand::Data(payload.clone()))
+                        .await
+                };
+                match send_res {
+                    Ok(()) => return Ok(()),
+                    Err(_) => {
+                        warn!(writer_id = current.writer_id, "ME writer channel closed");
+                        self.remove_writer_and_close_clients(current.writer_id).await;
+                        continue;
+                    }
+                }
+            }
+
+            let mut writers_snapshot = {
+                let ws = self.writers.read().await;
+                if ws.is_empty() {
+                    // Create waiter before recovery attempts so notify_one permits are not missed.
+                    let waiter = self.writer_available.notified();
+                    drop(ws);
+                    for family in self.family_order() {
+                        let map = match family {
+                            IpFamily::V4 => self.proxy_map_v4.read().await.clone(),
+                            IpFamily::V6 => self.proxy_map_v6.read().await.clone(),
+                        };
+                        for (_dc, addrs) in map.iter() {
+                            for (ip, port) in addrs {
+                                let addr = SocketAddr::new(*ip, *port);
+                                if self.connect_one(addr, self.rng.as_ref()).await.is_ok() {
+                                    self.writer_available.notify_one();
+                                    break;
+                                }
+                            }
+                        }
+                    }
+                    if !self.writers.read().await.is_empty() {
+                        continue;
+                    }
+                    if tokio::time::timeout(Duration::from_secs(3), waiter).await.is_err() {
+                        if !self.writers.read().await.is_empty() {
+                            continue;
+                        }
+                        return Err(ProxyError::Proxy("All ME connections dead (waited 3s)".into()));
+                    }
+                    continue;
+                }
+                ws.clone()
+            };
+
+            let mut candidate_indices = self.candidate_indices_for_dc(&writers_snapshot, target_dc).await;
+            if candidate_indices.is_empty() {
+                // Emergency connect-on-demand
+                if emergency_attempts >= 3 {
+                    return Err(ProxyError::Proxy("No ME writers available for target DC".into()));
+                }
+                emergency_attempts += 1;
+                for family in self.family_order() {
+                    let map_guard = match family {
+                        IpFamily::V4 => self.proxy_map_v4.read().await,
+                        IpFamily::V6 => self.proxy_map_v6.read().await,
+                    };
+                    if let Some(addrs) = map_guard.get(&(target_dc as i32)) {
+                        let mut shuffled = addrs.clone();
+                        shuffled.shuffle(&mut rand::rng());
+                        drop(map_guard);
+                        for (ip, port) in shuffled {
+                            let addr = SocketAddr::new(ip, port);
+                            if self.connect_one(addr, self.rng.as_ref()).await.is_ok() {
+                                break;
+                            }
+                        }
+                        tokio::time::sleep(Duration::from_millis(100 * emergency_attempts)).await;
+                        let ws2 = self.writers.read().await;
+                        writers_snapshot = ws2.clone();
+                        drop(ws2);
+                        candidate_indices = self.candidate_indices_for_dc(&writers_snapshot, target_dc).await;
+                        if !candidate_indices.is_empty() {
+                            break;
+                        }
+                    }
+                }
+                if candidate_indices.is_empty() {
+                    return Err(ProxyError::Proxy("No ME writers available for target DC".into()));
+                }
+            }
+
+            candidate_indices.sort_by_key(|idx| {
+                let w = &writers_snapshot[*idx];
+                let degraded = w.degraded.load(Ordering::Relaxed);
+                let draining = w.draining.load(Ordering::Relaxed);
+                (draining as usize, degraded as usize)
+            });
+
+            let start = self.rr.fetch_add(1, Ordering::Relaxed) as usize % candidate_indices.len();
+
+            for offset in 0..candidate_indices.len() {
+                let idx = candidate_indices[(start + offset) % candidate_indices.len()];
+                let w = &writers_snapshot[idx];
+                if w.draining.load(Ordering::Relaxed) {
+                    continue;
+                }
+                if w.tx.send(WriterCommand::Data(payload.clone())).await.is_ok() {
+                    self.registry
+                        .bind_writer(conn_id, w.id, w.tx.clone(), meta.clone())
+                        .await;
+                    return Ok(());
+                } else {
+                    warn!(writer_id = w.id, "ME writer channel closed");
+                    self.remove_writer_and_close_clients(w.id).await;
+                    continue;
+                }
+            }
+
+            let w = writers_snapshot[candidate_indices[start]].clone();
+            if w.draining.load(Ordering::Relaxed) {
+                continue;
+            }
+            match w.tx.send(WriterCommand::Data(payload.clone())).await {
+                Ok(()) => {
+                    self.registry
+                        .bind_writer(conn_id, w.id, w.tx.clone(), meta.clone())
+                        .await;
+                    return Ok(());
+                }
+                Err(_) => {
+                    warn!(writer_id = w.id, "ME writer channel closed (blocking)");
+                    self.remove_writer_and_close_clients(w.id).await;
+                }
+            }
+        }
+    }
+
+    pub async fn send_close(self: &Arc<Self>, conn_id: u64) -> Result<()> {
+        if let Some(w) = self.registry.get_writer(conn_id).await {
+            let mut p = Vec::with_capacity(12);
+            p.extend_from_slice(&RPC_CLOSE_EXT_U32.to_le_bytes());
+            p.extend_from_slice(&conn_id.to_le_bytes());
+            if w.tx.send(WriterCommand::DataAndFlush(p)).await.is_err() {
+                debug!("ME close write failed");
+                self.remove_writer_and_close_clients(w.writer_id).await;
+            }
+        } else {
+            debug!(conn_id, "ME close skipped (writer missing)");
+        }
+
+        self.registry.unregister(conn_id).await;
+        Ok(())
+    }
+
+    pub fn connection_count(&self) -> usize {
+        self.conn_count.load(Ordering::Relaxed)
+    }
+    
+    pub(super) async fn candidate_indices_for_dc(
+        &self,
+        writers: &[super::pool::MeWriter],
+        target_dc: i16,
+    ) -> Vec<usize> {
+        let key = target_dc as i32;
+        let mut preferred = Vec::<SocketAddr>::new();
+
+        for family in self.family_order() {
+            let map_guard = match family {
+                IpFamily::V4 => self.proxy_map_v4.read().await,
+                IpFamily::V6 => self.proxy_map_v6.read().await,
+            };
+
+            if let Some(v) = map_guard.get(&key) {
+                preferred.extend(v.iter().map(|(ip, port)| SocketAddr::new(*ip, *port)));
+            }
+            if preferred.is_empty() {
+                let abs = key.abs();
+                if let Some(v) = map_guard.get(&abs) {
+                    preferred.extend(v.iter().map(|(ip, port)| SocketAddr::new(*ip, *port)));
+                }
+            }
+            if preferred.is_empty() {
+                let abs = key.abs();
+                if let Some(v) = map_guard.get(&-abs) {
+                    preferred.extend(v.iter().map(|(ip, port)| SocketAddr::new(*ip, *port)));
+                }
+            }
+            if preferred.is_empty() {
+                let def = self.default_dc.load(Ordering::Relaxed);
+                if def != 0 {
+                    if let Some(v) = map_guard.get(&def) {
+                        preferred.extend(v.iter().map(|(ip, port)| SocketAddr::new(*ip, *port)));
+                    }
+                }
+            }
+
+            drop(map_guard);
+
+            if !preferred.is_empty() && !self.decision.effective_multipath {
+                break;
+            }
+        }
+
+        if preferred.is_empty() {
+            return (0..writers.len())
+                .filter(|i| !writers[*i].draining.load(Ordering::Relaxed))
+                .collect();
+        }
+
+        let mut out = Vec::new();
+        for (idx, w) in writers.iter().enumerate() {
+            if w.draining.load(Ordering::Relaxed) {
+                continue;
+            }
+            if preferred.iter().any(|p| *p == w.addr) {
+                out.push(idx);
+            }
+        }
+        if out.is_empty() {
+            return (0..writers.len())
+                .filter(|i| !writers[*i].draining.load(Ordering::Relaxed))
+                .collect();
+        }
+        out
+    }
+
+}

src/transport/middle_proxy/wire.rs

@@ -0,0 +1,118 @@
+use std::net::{IpAddr, Ipv4Addr, SocketAddr};
+
+use crate::protocol::constants::*;
+
+#[derive(Clone, Copy)]
+pub(crate) enum IpMaterial {
+    V4([u8; 4]),
+    V6([u8; 16]),
+}
+
+pub(crate) fn extract_ip_material(addr: SocketAddr) -> IpMaterial {
+    match addr.ip() {
+        IpAddr::V4(v4) => IpMaterial::V4(v4.octets()),
+        IpAddr::V6(v6) => {
+            if let Some(v4) = v6.to_ipv4_mapped() {
+                IpMaterial::V4(v4.octets())
+            } else {
+                IpMaterial::V6(v6.octets())
+            }
+        }
+    }
+}
+
+fn ipv4_to_mapped_v6_c_compat(ip: Ipv4Addr) -> [u8; 16] {
+    let mut buf = [0u8; 16];
+
+    // Matches tl_store_long(0) + tl_store_int(-0x10000).
+    buf[8..12].copy_from_slice(&(-0x10000i32).to_le_bytes());
+
+    // Matches tl_store_int(htonl(remote_ip_host_order)).
+    buf[12..16].copy_from_slice(&ip.octets());
+
+    buf
+}
+
+fn append_mapped_addr_and_port(buf: &mut Vec<u8>, addr: SocketAddr) {
+    match addr.ip() {
+        IpAddr::V4(v4) => buf.extend_from_slice(&ipv4_to_mapped_v6_c_compat(v4)),
+        IpAddr::V6(v6) => buf.extend_from_slice(&v6.octets()),
+    }
+    buf.extend_from_slice(&(addr.port() as u32).to_le_bytes());
+}
+
+pub(crate) fn build_proxy_req_payload(
+    conn_id: u64,
+    client_addr: SocketAddr,
+    our_addr: SocketAddr,
+    data: &[u8],
+    proxy_tag: Option<&[u8]>,
+    proto_flags: u32,
+) -> Vec<u8> {
+    let mut b = Vec::with_capacity(128 + data.len());
+
+    b.extend_from_slice(&RPC_PROXY_REQ_U32.to_le_bytes());
+    b.extend_from_slice(&proto_flags.to_le_bytes());
+    b.extend_from_slice(&conn_id.to_le_bytes());
+
+    append_mapped_addr_and_port(&mut b, client_addr);
+    append_mapped_addr_and_port(&mut b, our_addr);
+
+    if proto_flags & RPC_FLAG_HAS_AD_TAG != 0 {
+        let extra_start = b.len();
+        b.extend_from_slice(&0u32.to_le_bytes());
+
+        if let Some(tag) = proxy_tag {
+            b.extend_from_slice(&TL_PROXY_TAG_U32.to_le_bytes());
+
+            if tag.len() < 254 {
+                b.push(tag.len() as u8);
+                b.extend_from_slice(tag);
+                let pad = (4 - ((1 + tag.len()) % 4)) % 4;
+                b.extend(std::iter::repeat_n(0u8, pad));
+            } else {
+                b.push(0xfe);
+                let len_bytes = (tag.len() as u32).to_le_bytes();
+                b.extend_from_slice(&len_bytes[..3]);
+                b.extend_from_slice(tag);
+                let pad = (4 - (tag.len() % 4)) % 4;
+                b.extend(std::iter::repeat_n(0u8, pad));
+            }
+        }
+
+        let extra_bytes = (b.len() - extra_start - 4) as u32;
+        b[extra_start..extra_start + 4].copy_from_slice(&extra_bytes.to_le_bytes());
+    }
+
+    b.extend_from_slice(data);
+    b
+}
+
+pub fn proto_flags_for_tag(tag: crate::protocol::constants::ProtoTag, has_proxy_tag: bool) -> u32 {
+    use crate::protocol::constants::ProtoTag;
+
+    let mut flags = RPC_FLAG_MAGIC | RPC_FLAG_EXTMODE2;
+    if has_proxy_tag {
+        flags |= RPC_FLAG_HAS_AD_TAG;
+    }
+
+    match tag {
+        ProtoTag::Abridged => flags | RPC_FLAG_ABRIDGED,
+        ProtoTag::Intermediate => flags | RPC_FLAG_INTERMEDIATE,
+        ProtoTag::Secure => flags | RPC_FLAG_PAD | RPC_FLAG_INTERMEDIATE,
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    #[test]
+    fn test_ipv4_mapped_encoding() {
+        let ip = Ipv4Addr::new(149, 154, 175, 50);
+        let buf = ipv4_to_mapped_v6_c_compat(ip);
+        assert_eq!(&buf[0..10], &[0u8; 10]);
+        assert_eq!(&buf[10..12], &[0xff, 0xff]);
+        assert_eq!(&buf[12..16], &[149, 154, 175, 50]);
+    }
+}

src/transport/mod.rs

@@ -10,4 +10,5 @@ pub use pool::ConnectionPool;
 pub use proxy_protocol::{ProxyProtocolInfo, parse_proxy_protocol};
 pub use socket::*;
 pub use socks::*;
-pub use upstream::UpstreamManager;
+pub use upstream::{DcPingResult, StartupPingResult, UpstreamManager};
+pub mod middle_proxy;

src/transport/pool.rs

@@ -285,12 +285,17 @@ where
 #[cfg(test)]
 mod tests {
     use super::*;
+    use std::io::ErrorKind;
     use tokio::net::TcpListener;
     
     #[tokio::test]
     async fn test_pool_basic() {
         // Start a test server
-        let listener = TcpListener::bind("127.0.0.1:0").await.unwrap();
+        let listener = match TcpListener::bind("127.0.0.1:0").await {
+            Ok(l) => l,
+            Err(e) if e.kind() == ErrorKind::PermissionDenied => return,
+            Err(e) => panic!("bind failed: {e}"),
+        };
         let addr = listener.local_addr().unwrap();
         
         // Accept connections in background
@@ -303,7 +308,11 @@ mod tests {
         let pool = ConnectionPool::new();
         
         // Get a connection
-        let conn1 = pool.get(addr).await.unwrap();
+        let conn1 = match pool.get(addr).await {
+            Ok(c) => c,
+            Err(ProxyError::Io(e)) if e.kind() == ErrorKind::PermissionDenied => return,
+            Err(e) => panic!("connect failed: {e}"),
+        };
         
         // Return it to pool
         pool.put(addr, conn1).await;

src/transport/proxy_protocol.rs

@@ -283,6 +283,58 @@ impl Default for ProxyProtocolV1Builder {
     }
 }
 
+/// Builder for PROXY protocol v2 header
+pub struct ProxyProtocolV2Builder {
+    src: Option<SocketAddr>,
+    dst: Option<SocketAddr>,
+}
+
+impl ProxyProtocolV2Builder {
+    pub fn new() -> Self {
+        Self { src: None, dst: None }
+    }
+
+    pub fn with_addrs(mut self, src: SocketAddr, dst: SocketAddr) -> Self {
+        self.src = Some(src);
+        self.dst = Some(dst);
+        self
+    }
+
+    pub fn build(&self) -> Vec<u8> {
+        let mut header = Vec::new();
+        header.extend_from_slice(PROXY_V2_SIGNATURE);
+        // version 2, PROXY command
+        header.push(0x21);
+
+        match (self.src, self.dst) {
+            (Some(SocketAddr::V4(src)), Some(SocketAddr::V4(dst))) => {
+                header.push(0x11); // INET + STREAM
+                header.extend_from_slice(&(12u16).to_be_bytes());
+                header.extend_from_slice(&src.ip().octets());
+                header.extend_from_slice(&dst.ip().octets());
+                header.extend_from_slice(&src.port().to_be_bytes());
+                header.extend_from_slice(&dst.port().to_be_bytes());
+            }
+            (Some(SocketAddr::V6(src)), Some(SocketAddr::V6(dst))) => {
+                header.push(0x21); // INET6 + STREAM
+                header.extend_from_slice(&(36u16).to_be_bytes());
+                header.extend_from_slice(&src.ip().octets());
+                header.extend_from_slice(&dst.ip().octets());
+                header.extend_from_slice(&src.port().to_be_bytes());
+                header.extend_from_slice(&dst.port().to_be_bytes());
+            }
+            _ => {
+                // LOCAL/UNSPEC: no address information
+                header[12] = 0x20; // version 2, LOCAL command
+                header.push(0x00);
+                header.extend_from_slice(&0u16.to_be_bytes());
+            }
+        }
+
+        header
+    }
+}
+
 #[cfg(test)]
 mod tests {
     use super::*;

src/transport/socket.rs

@@ -1,5 +1,7 @@
 //! TCP Socket Configuration
 
+use std::collections::HashSet;
+use std::fs;
 use std::io::Result;
 use std::net::{SocketAddr, IpAddr};
 use std::time::Duration;
@@ -30,20 +32,13 @@ pub fn configure_tcp_socket(
         socket.set_tcp_keepalive(&keepalive)?;
     }
     
-    // Set buffer sizes
-    set_buffer_sizes(&socket, 65536, 65536)?;
+    // CHANGED: Removed manual buffer size setting (was 256KB).
+    // Allowing the OS kernel to handle TCP window scaling (Autotuning) is critical
+    // for mobile clients to avoid bufferbloat and stalled connections during uploads.
     
     Ok(())
 }
 
-/// Set socket buffer sizes
-fn set_buffer_sizes(socket: &socket2::SockRef, recv: usize, send: usize) -> Result<()> {
-    // These may fail on some systems, so we ignore errors
-    let _ = socket.set_recv_buffer_size(recv);
-    let _ = socket.set_send_buffer_size(send);
-    Ok(())
-}
-
 /// Configure socket for accepting client connections
 pub fn configure_client_socket(
     stream: &TcpStream,
@@ -65,6 +60,8 @@ pub fn configure_client_socket(
     socket.set_tcp_keepalive(&keepalive)?;
     
     // Set TCP user timeout (Linux only)
+    // NOTE: iOS does not support TCP_USER_TIMEOUT - application-level timeout 
+    // is implemented in relay_bidirectional instead
     #[cfg(target_os = "linux")]
     {
         use std::os::unix::io::AsRawFd;
@@ -127,6 +124,38 @@ pub fn get_local_addr(stream: &TcpStream) -> Option<SocketAddr> {
     stream.local_addr().ok()
 }
 
+/// Resolve primary IP address of a network interface by name.
+/// Returns the first address matching the requested family (IPv4/IPv6).
+#[cfg(unix)]
+pub fn resolve_interface_ip(name: &str, want_ipv6: bool) -> Option<IpAddr> {
+    use nix::ifaddrs::getifaddrs;
+
+    if let Ok(addrs) = getifaddrs() {
+        for iface in addrs {
+            if iface.interface_name == name {
+                if let Some(address) = iface.address {
+                    if let Some(v4) = address.as_sockaddr_in() {
+                        if !want_ipv6 {
+                            return Some(IpAddr::V4(v4.ip()));
+                        }
+                    } else if let Some(v6) = address.as_sockaddr_in6() {
+                        if want_ipv6 {
+                            return Some(IpAddr::V6(v6.ip().clone()));
+                        }
+                    }
+                }
+            }
+        }
+    }
+    None
+}
+
+/// Stub for non-Unix platforms: interface name resolution unsupported.
+#[cfg(not(unix))]
+pub fn resolve_interface_ip(_name: &str, _want_ipv6: bool) -> Option<IpAddr> {
+    None
+}
+
 /// Get peer address of a socket
 pub fn get_peer_addr(stream: &TcpStream) -> Option<SocketAddr> {
     stream.peer_addr().ok()
@@ -207,18 +236,159 @@ pub fn create_listener(addr: SocketAddr, options: &ListenOptions) -> Result<Sock
     Ok(socket)
 }
 
+/// Best-effort process list for listeners occupying the same local TCP port.
+#[derive(Debug, Clone)]
+pub struct ListenerProcessInfo {
+    pub pid: u32,
+    pub process: String,
+}
+
+/// Find processes currently listening on the local TCP port of `addr`.
+/// Returns an empty list when unsupported or when no owners can be resolved.
+pub fn find_listener_processes(addr: SocketAddr) -> Vec<ListenerProcessInfo> {
+    #[cfg(target_os = "linux")]
+    {
+        find_listener_processes_linux(addr)
+    }
+    #[cfg(not(target_os = "linux"))]
+    {
+        let _ = addr;
+        Vec::new()
+    }
+}
+
+#[cfg(target_os = "linux")]
+fn find_listener_processes_linux(addr: SocketAddr) -> Vec<ListenerProcessInfo> {
+    let inodes = listening_inodes_for_port(addr);
+    if inodes.is_empty() {
+        return Vec::new();
+    }
+
+    let mut out = Vec::new();
+
+    let proc_entries = match fs::read_dir("/proc") {
+        Ok(entries) => entries,
+        Err(_) => return out,
+    };
+
+    for entry in proc_entries.flatten() {
+        let pid = match entry.file_name().to_string_lossy().parse::<u32>() {
+            Ok(pid) => pid,
+            Err(_) => continue,
+        };
+
+        let fd_dir = entry.path().join("fd");
+        let fd_entries = match fs::read_dir(fd_dir) {
+            Ok(entries) => entries,
+            Err(_) => continue,
+        };
+
+        let mut matched = false;
+        for fd in fd_entries.flatten() {
+            let link_target = match fs::read_link(fd.path()) {
+                Ok(link) => link,
+                Err(_) => continue,
+            };
+
+            let link_str = link_target.to_string_lossy();
+            let Some(rest) = link_str.strip_prefix("socket:[") else {
+                continue;
+            };
+            let Some(inode_str) = rest.strip_suffix(']') else {
+                continue;
+            };
+            let Ok(inode) = inode_str.parse::<u64>() else {
+                continue;
+            };
+
+            if inodes.contains(&inode) {
+                matched = true;
+                break;
+            }
+        }
+
+        if matched {
+            let process = fs::read_to_string(entry.path().join("comm"))
+                .ok()
+                .map(|s| s.trim().to_string())
+                .filter(|s| !s.is_empty())
+                .unwrap_or_else(|| "unknown".to_string());
+            out.push(ListenerProcessInfo { pid, process });
+        }
+    }
+
+    out.sort_by_key(|p| p.pid);
+    out.dedup_by_key(|p| p.pid);
+    out
+}
+
+#[cfg(target_os = "linux")]
+fn listening_inodes_for_port(addr: SocketAddr) -> HashSet<u64> {
+    let path = match addr {
+        SocketAddr::V4(_) => "/proc/net/tcp",
+        SocketAddr::V6(_) => "/proc/net/tcp6",
+    };
+
+    let mut inodes = HashSet::new();
+    let Ok(data) = fs::read_to_string(path) else {
+        return inodes;
+    };
+
+    for line in data.lines().skip(1) {
+        let cols: Vec<&str> = line.split_whitespace().collect();
+        if cols.len() < 10 {
+            continue;
+        }
+
+        // LISTEN state in /proc/net/tcp*
+        if cols[3] != "0A" {
+            continue;
+        }
+
+        let Some(port_hex) = cols[1].split(':').nth(1) else {
+            continue;
+        };
+        let Ok(port) = u16::from_str_radix(port_hex, 16) else {
+            continue;
+        };
+        if port != addr.port() {
+            continue;
+        }
+
+        if let Ok(inode) = cols[9].parse::<u64>() {
+            inodes.insert(inode);
+        }
+    }
+
+    inodes
+}
+
 #[cfg(test)]
 mod tests {
     use super::*;
+    use std::io::ErrorKind;
     use tokio::net::TcpListener;
     
     #[tokio::test]
     async fn test_configure_socket() {
-        let listener = TcpListener::bind("127.0.0.1:0").await.unwrap();
+        let listener = match TcpListener::bind("127.0.0.1:0").await {
+            Ok(l) => l,
+            Err(e) if e.kind() == ErrorKind::PermissionDenied => return,
+            Err(e) => panic!("bind failed: {e}"),
+        };
         let addr = listener.local_addr().unwrap();
         
-        let stream = TcpStream::connect(addr).await.unwrap();
-        configure_tcp_socket(&stream, true, Duration::from_secs(30)).unwrap();
+        let stream = match TcpStream::connect(addr).await {
+            Ok(s) => s,
+            Err(e) if e.kind() == ErrorKind::PermissionDenied => return,
+            Err(e) => panic!("connect failed: {e}"),
+        };
+        if let Err(e) = configure_tcp_socket(&stream, true, Duration::from_secs(30)) {
+            if e.kind() == ErrorKind::PermissionDenied {
+                return;
+            }
+            panic!("configure_tcp_socket failed: {e}");
+        }
     }
     
     #[test]

telemt.service

@@ -7,6 +7,7 @@ Type=simple
 WorkingDirectory=/bin
 ExecStart=/bin/telemt /etc/telemt.toml
 Restart=on-failure
+LimitNOFILE=65536
 
 [Install]
 WantedBy=multi-user.target

tools/dc.py

@@ -0,0 +1,204 @@
+"""Telegram datacenter server checker."""
+
+from __future__ import annotations
+
+import asyncio
+from dataclasses import dataclass, field
+from itertools import groupby
+from operator import attrgetter
+from pathlib import Path
+from typing import TYPE_CHECKING
+
+from telethon import TelegramClient
+from telethon.tl.functions.help import GetConfigRequest
+
+if TYPE_CHECKING:
+    from telethon.tl.types import DcOption
+
+API_ID: int = 123456
+API_HASH: str = ""
+SESSION_NAME: str = "session"
+OUTPUT_FILE: Path = Path("telegram_servers.txt")
+
+_CONSOLE_FLAG_MAP: dict[str, str] = {
+    "IPv6": "IPv6",
+    "MEDIA-ONLY": "🎬 MEDIA-ONLY",
+    "CDN": "📦 CDN",
+    "TCPO": "🔒 TCPO",
+    "STATIC": "📌 STATIC",
+}
+
+
+@dataclass(frozen=True, slots=True)
+class DCServer:
+    """Typed representation of a Telegram DC server.
+
+    Attributes:
+        dc_id: Datacenter identifier.
+        ip: Server IP address.
+        port: Server port.
+        flags: Active flag labels (plain, without emoji).
+    """
+
+    dc_id: int
+    ip: str
+    port: int
+    flags: frozenset[str] = field(default_factory=frozenset)
+
+    @classmethod
+    def from_option(cls, dc: DcOption) -> DCServer:
+        """Create from a Telethon DcOption.
+
+        Args:
+            dc: Raw DcOption object.
+
+        Returns:
+            Parsed DCServer instance.
+        """
+        checks: dict[str, bool] = {
+            "IPv6": dc.ipv6,
+            "MEDIA-ONLY": dc.media_only,
+            "CDN": dc.cdn,
+            "TCPO": dc.tcpo_only,
+            "STATIC": dc.static,
+        }
+        return cls(
+            dc_id=dc.id,
+            ip=dc.ip_address,
+            port=dc.port,
+            flags=frozenset(k for k, v in checks.items() if v),
+        )
+
+    def flags_display(self, *, emoji: bool = False) -> str:
+        """Formatted flags string.
+
+        Args:
+            emoji: Whether to include emoji prefixes.
+
+        Returns:
+            Bracketed flags or '[STANDARD]'.
+        """
+        if not self.flags:
+            return "[STANDARD]"
+        labels = sorted(
+            _CONSOLE_FLAG_MAP[f] if emoji else f for f in self.flags
+        )
+        return f"[{', '.join(labels)}]"
+
+
+class TelegramDCChecker:
+    """Fetches and displays Telegram DC configuration.
+
+    Attributes:
+        _client: Telethon client instance.
+        _servers: Parsed server list.
+    """
+
+    def __init__(self) -> None:
+        """Initialize the checker."""
+        self._client = TelegramClient(SESSION_NAME, API_ID, API_HASH)
+        self._servers: list[DCServer] = []
+
+    async def run(self) -> None:
+        """Connect, fetch config, display and save results."""
+        print("🔄 Подключаемся к Telegram...")  # noqa: T201
+        try:
+            await self._client.start()
+            print("✅ Подключение установлено!\n")  # noqa: T201
+
+            print("📡 Запрашиваем конфигурацию серверов...")  # noqa: T201
+            config = await self._client(GetConfigRequest())
+            self._servers = [DCServer.from_option(dc) for dc in config.dc_options]
+
+            self._print(config)
+            self._save(config)
+        finally:
+            await self._client.disconnect()
+            print("\n👋 Отключились от Telegram")  # noqa: T201
+
+    def _grouped(self) -> dict[int, list[DCServer]]:
+        """Group servers by DC ID.
+
+        Returns:
+            Ordered mapping of DC ID to servers.
+        """
+        ordered = sorted(self._servers, key=attrgetter("dc_id"))
+        return {k: list(g) for k, g in groupby(ordered, key=attrgetter("dc_id"))}
+
+    def _print(self, config: object) -> None:
+        """Print results to stdout in original format.
+
+        Args:
+            config: Raw Telegram config.
+        """
+        sep = "=" * 80
+        dash = "-" * 80
+        total = len(self._servers)
+
+        print(f"📊 Получено серверов: {total}\n")  # noqa: T201
+        print(sep)  # noqa: T201
+
+        for dc_id, servers in self._grouped().items():
+            print(f"\n🌐 DATACENTER {dc_id} ({len(servers)} серверов)")  # noqa: T201
+            print(dash)  # noqa: T201
+            for s in servers:
+                print(f"  {s.ip:45}:{s.port:5} {s.flags_display(emoji=True)}")  # noqa: T201
+
+        ipv4 = total - self._flag_count("IPv6")
+        print(f"\n{sep}")  # noqa: T201
+        print("📈 СТАТИСТИКА:")  # noqa: T201
+        print(sep)  # noqa: T201
+        print(f"  Всего серверов:      {total}")  # noqa: T201
+        print(f"  IPv4 серверы:        {ipv4}")  # noqa: T201
+        print(f"  IPv6 серверы:        {self._flag_count('IPv6')}")  # noqa: T201
+        print(f"  Media-only:          {self._flag_count('MEDIA-ONLY')}")  # noqa: T201
+        print(f"  CDN серверы:         {self._flag_count('CDN')}")  # noqa: T201
+        print(f"  TCPO-only:           {self._flag_count('TCPO')}")  # noqa: T201
+        print(f"  Static:              {self._flag_count('STATIC')}")  # noqa: T201
+
+        print(f"\n{sep}")  # noqa: T201
+        print("ℹ️  ДОПОЛНИТЕЛЬНАЯ ИНФОРМАЦИЯ:")  # noqa: T201
+        print(sep)  # noqa: T201
+        print(f"  Дата конфигурации:   {config.date}")  # noqa: T201  # type: ignore[attr-defined]
+        print(f"  Expires:             {config.expires}")  # noqa: T201  # type: ignore[attr-defined]
+        print(f"  Test mode:           {config.test_mode}")  # noqa: T201  # type: ignore[attr-defined]
+        print(f"  This DC:             {config.this_dc}")  # noqa: T201  # type: ignore[attr-defined]
+
+    def _flag_count(self, flag: str) -> int:
+        """Count servers with a given flag.
+
+        Args:
+            flag: Flag name.
+
+        Returns:
+            Count of matching servers.
+        """
+        return sum(1 for s in self._servers if flag in s.flags)
+
+    def _save(self, config: object) -> None:
+        """Save results to file in original format.
+
+        Args:
+            config: Raw Telegram config.
+        """
+        parts: list[str] = []
+        parts.append("TELEGRAM DATACENTER SERVERS\n")
+        parts.append("=" * 80 + "\n\n")
+
+        for dc_id, servers in self._grouped().items():
+            parts.append(f"\nDATACENTER {dc_id} ({len(servers)} servers)\n")
+            parts.append("-" * 80 + "\n")
+            for s in servers:
+                parts.append(f"  {s.ip}:{s.port} {s.flags_display(emoji=False)}\n")
+
+        parts.append(f"\n\nTotal servers: {len(self._servers)}\n")
+        parts.append(f"Generated: {config.date}\n")  # type: ignore[attr-defined]
+
+        OUTPUT_FILE.write_text("".join(parts), encoding="utf-8")
+
+        print(f"\n💾 Сохраняем результаты в файл {OUTPUT_FILE}...")  # noqa: T201
+        print(f"✅ Результаты сохранены в {OUTPUT_FILE}")  # noqa: T201
+
+
+if __name__ == "__main__":
+    asyncio.run(TelegramDCChecker().run())

tools/grafana-dashboard.json

@@ -0,0 +1,804 @@
+{
+  "apiVersion": "dashboard.grafana.app/v1beta1",
+  "kind": "Dashboard",
+  "metadata": {
+    "annotations": {
+      "grafana.app/folder": "afd9kjusw2jnkb",
+      "grafana.app/saved-from-ui": "Grafana v12.4.0-21693836646 (f059795f04)"
+    },
+    "labels": {},
+    "name": "pi9trh5",
+    "namespace": "default"
+  },
+  "spec": {
+    "annotations": {
+      "list": [
+        {
+          "builtIn": 1,
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "enable": true,
+          "hide": true,
+          "iconColor": "rgba(0, 211, 255, 1)",
+          "name": "Annotations & Alerts",
+          "type": "dashboard"
+        }
+      ]
+    },
+    "editable": true,
+    "fiscalYearStartMonth": 0,
+    "graphTooltip": 0,
+    "links": [],
+    "panels": [
+      {
+        "collapsed": false,
+        "gridPos": {
+          "h": 1,
+          "w": 24,
+          "x": 0,
+          "y": 0
+        },
+        "id": 5,
+        "panels": [],
+        "title": "Common",
+        "type": "row"
+      },
+      {
+        "datasource": {
+          "type": "prometheus",
+          "uid": "${datasource}"
+        },
+        "fieldConfig": {
+          "defaults": {
+            "color": {
+              "mode": "thresholds"
+            },
+            "mappings": [],
+            "thresholds": {
+              "mode": "absolute",
+              "steps": [
+                {
+                  "color": "red",
+                  "value": 0
+                },
+                {
+                  "color": "green",
+                  "value": 300
+                }
+              ]
+            },
+            "unit": "s"
+          },
+          "overrides": []
+        },
+        "gridPos": {
+          "h": 8,
+          "w": 6,
+          "x": 0,
+          "y": 1
+        },
+        "id": 1,
+        "options": {
+          "colorMode": "value",
+          "graphMode": "area",
+          "justifyMode": "auto",
+          "orientation": "auto",
+          "percentChangeColorMode": "standard",
+          "reduceOptions": {
+            "calcs": [
+              "lastNotNull"
+            ],
+            "fields": "",
+            "values": false
+          },
+          "showPercentChange": false,
+          "textMode": "auto",
+          "wideLayout": true
+        },
+        "pluginVersion": "12.4.0-21693836646",
+        "targets": [
+          {
+            "datasource": {
+              "type": "prometheus",
+              "uid": "${datasource}"
+            },
+            "editorMode": "code",
+            "expr": "max(telemt_uptime_seconds) by (service)",
+            "format": "time_series",
+            "legendFormat": "__auto",
+            "range": true,
+            "refId": "A"
+          }
+        ],
+        "title": "uptime",
+        "type": "stat"
+      },
+      {
+        "datasource": {
+          "type": "prometheus",
+          "uid": "${datasource}"
+        },
+        "fieldConfig": {
+          "defaults": {
+            "color": {
+              "mode": "thresholds"
+            },
+            "mappings": [],
+            "thresholds": {
+              "mode": "absolute",
+              "steps": [
+                {
+                  "color": "green",
+                  "value": 0
+                },
+                {
+                  "color": "red",
+                  "value": 80
+                }
+              ]
+            },
+            "unit": "none"
+          },
+          "overrides": []
+        },
+        "gridPos": {
+          "h": 8,
+          "w": 6,
+          "x": 6,
+          "y": 1
+        },
+        "id": 2,
+        "options": {
+          "colorMode": "value",
+          "graphMode": "area",
+          "justifyMode": "auto",
+          "orientation": "auto",
+          "percentChangeColorMode": "standard",
+          "reduceOptions": {
+            "calcs": [
+              "lastNotNull"
+            ],
+            "fields": "",
+            "values": false
+          },
+          "showPercentChange": false,
+          "textMode": "auto",
+          "wideLayout": true
+        },
+        "pluginVersion": "12.4.0-21693836646",
+        "targets": [
+          {
+            "datasource": {
+              "type": "prometheus",
+              "uid": "${datasource}"
+            },
+            "editorMode": "code",
+            "expr": "max(telemt_connections_total) by (service)",
+            "format": "time_series",
+            "legendFormat": "__auto",
+            "range": true,
+            "refId": "A"
+          }
+        ],
+        "title": "connections_total",
+        "type": "stat"
+      },
+      {
+        "datasource": {
+          "type": "prometheus",
+          "uid": "${datasource}"
+        },
+        "fieldConfig": {
+          "defaults": {
+            "color": {
+              "mode": "thresholds"
+            },
+            "mappings": [],
+            "thresholds": {
+              "mode": "absolute",
+              "steps": [
+                {
+                  "color": "green",
+                  "value": 0
+                },
+                {
+                  "color": "red",
+                  "value": 80
+                }
+              ]
+            },
+            "unit": "none"
+          },
+          "overrides": []
+        },
+        "gridPos": {
+          "h": 8,
+          "w": 6,
+          "x": 12,
+          "y": 1
+        },
+        "id": 3,
+        "options": {
+          "colorMode": "value",
+          "graphMode": "area",
+          "justifyMode": "auto",
+          "orientation": "auto",
+          "percentChangeColorMode": "standard",
+          "reduceOptions": {
+            "calcs": [
+              "lastNotNull"
+            ],
+            "fields": "",
+            "values": false
+          },
+          "showPercentChange": false,
+          "textMode": "auto",
+          "wideLayout": true
+        },
+        "pluginVersion": "12.4.0-21693836646",
+        "targets": [
+          {
+            "datasource": {
+              "type": "prometheus",
+              "uid": "${datasource}"
+            },
+            "editorMode": "code",
+            "expr": "max(telemt_connections_bad_total) by (service)",
+            "format": "time_series",
+            "legendFormat": "__auto",
+            "range": true,
+            "refId": "A"
+          }
+        ],
+        "title": "connections_bad",
+        "type": "stat"
+      },
+      {
+        "datasource": {
+          "type": "prometheus",
+          "uid": "${datasource}"
+        },
+        "fieldConfig": {
+          "defaults": {
+            "color": {
+              "mode": "thresholds"
+            },
+            "mappings": [],
+            "thresholds": {
+              "mode": "absolute",
+              "steps": [
+                {
+                  "color": "green",
+                  "value": 0
+                },
+                {
+                  "color": "red",
+                  "value": 80
+                }
+              ]
+            },
+            "unit": "none"
+          },
+          "overrides": []
+        },
+        "gridPos": {
+          "h": 8,
+          "w": 6,
+          "x": 18,
+          "y": 1
+        },
+        "id": 4,
+        "options": {
+          "colorMode": "value",
+          "graphMode": "area",
+          "justifyMode": "auto",
+          "orientation": "auto",
+          "percentChangeColorMode": "standard",
+          "reduceOptions": {
+            "calcs": [
+              "lastNotNull"
+            ],
+            "fields": "",
+            "values": false
+          },
+          "showPercentChange": false,
+          "textMode": "auto",
+          "wideLayout": true
+        },
+        "pluginVersion": "12.4.0-21693836646",
+        "targets": [
+          {
+            "datasource": {
+              "type": "prometheus",
+              "uid": "${datasource}"
+            },
+            "editorMode": "code",
+            "expr": "max(telemt_handshake_timeouts_total) by (service)",
+            "format": "time_series",
+            "legendFormat": "__auto",
+            "range": true,
+            "refId": "A"
+          }
+        ],
+        "title": "handshake_timeouts",
+        "type": "stat"
+      },
+      {
+        "collapsed": false,
+        "gridPos": {
+          "h": 1,
+          "w": 24,
+          "x": 0,
+          "y": 9
+        },
+        "id": 6,
+        "panels": [],
+        "repeat": "user",
+        "title": "$user",
+        "type": "row"
+      },
+      {
+        "datasource": {
+          "type": "prometheus",
+          "uid": "${datasource}"
+        },
+        "fieldConfig": {
+          "defaults": {
+            "color": {
+              "mode": "palette-classic"
+            },
+            "custom": {
+              "axisBorderShow": false,
+              "axisCenteredZero": false,
+              "axisColorMode": "text",
+              "axisLabel": "",
+              "axisPlacement": "auto",
+              "barAlignment": 0,
+              "barWidthFactor": 0.6,
+              "drawStyle": "line",
+              "fillOpacity": 0,
+              "gradientMode": "none",
+              "hideFrom": {
+                "legend": false,
+                "tooltip": false,
+                "viz": false
+              },
+              "insertNulls": false,
+              "lineInterpolation": "linear",
+              "lineWidth": 1,
+              "pointSize": 5,
+              "scaleDistribution": {
+                "type": "linear"
+              },
+              "showPoints": "auto",
+              "showValues": false,
+              "spanNulls": false,
+              "stacking": {
+                "group": "A",
+                "mode": "none"
+              },
+              "thresholdsStyle": {
+                "mode": "off"
+              }
+            },
+            "mappings": [],
+            "thresholds": {
+              "mode": "absolute",
+              "steps": [
+                {
+                  "color": "green",
+                  "value": 0
+                },
+                {
+                  "color": "red",
+                  "value": 80
+                }
+              ]
+            },
+            "unit": "none"
+          },
+          "overrides": []
+        },
+        "gridPos": {
+          "h": 8,
+          "w": 12,
+          "x": 0,
+          "y": 10
+        },
+        "id": 7,
+        "options": {
+          "legend": {
+            "calcs": [],
+            "displayMode": "list",
+            "placement": "bottom",
+            "showLegend": false
+          },
+          "tooltip": {
+            "hideZeros": false,
+            "mode": "single",
+            "sort": "none"
+          }
+        },
+        "pluginVersion": "12.4.0-21693836646",
+        "targets": [
+          {
+            "editorMode": "code",
+            "expr": "sum(telemt_user_connections_total{user=\"$user\"}) by (user)",
+            "format": "time_series",
+            "legendFormat": "{{ user }}",
+            "range": true,
+            "refId": "A"
+          }
+        ],
+        "title": "user_connections",
+        "type": "timeseries"
+      },
+      {
+        "datasource": {
+          "type": "prometheus",
+          "uid": "${datasource}"
+        },
+        "fieldConfig": {
+          "defaults": {
+            "color": {
+              "mode": "palette-classic"
+            },
+            "custom": {
+              "axisBorderShow": false,
+              "axisCenteredZero": false,
+              "axisColorMode": "text",
+              "axisLabel": "",
+              "axisPlacement": "auto",
+              "barAlignment": 0,
+              "barWidthFactor": 0.6,
+              "drawStyle": "line",
+              "fillOpacity": 0,
+              "gradientMode": "none",
+              "hideFrom": {
+                "legend": false,
+                "tooltip": false,
+                "viz": false
+              },
+              "insertNulls": false,
+              "lineInterpolation": "linear",
+              "lineWidth": 1,
+              "pointSize": 5,
+              "scaleDistribution": {
+                "type": "linear"
+              },
+              "showPoints": "auto",
+              "showValues": false,
+              "spanNulls": false,
+              "stacking": {
+                "group": "A",
+                "mode": "none"
+              },
+              "thresholdsStyle": {
+                "mode": "off"
+              }
+            },
+            "mappings": [],
+            "thresholds": {
+              "mode": "absolute",
+              "steps": [
+                {
+                  "color": "green",
+                  "value": 0
+                },
+                {
+                  "color": "red",
+                  "value": 80
+                }
+              ]
+            },
+            "unit": "none"
+          },
+          "overrides": []
+        },
+        "gridPos": {
+          "h": 8,
+          "w": 12,
+          "x": 12,
+          "y": 10
+        },
+        "id": 8,
+        "options": {
+          "legend": {
+            "calcs": [],
+            "displayMode": "list",
+            "placement": "bottom",
+            "showLegend": false
+          },
+          "tooltip": {
+            "hideZeros": false,
+            "mode": "single",
+            "sort": "none"
+          }
+        },
+        "pluginVersion": "12.4.0-21693836646",
+        "targets": [
+          {
+            "editorMode": "code",
+            "expr": "sum(telemt_user_connections_current{user=\"$user\"}) by (user)",
+            "format": "time_series",
+            "legendFormat": "{{ user }}",
+            "range": true,
+            "refId": "A"
+          }
+        ],
+        "title": "user_connections_current",
+        "type": "timeseries"
+      },
+      {
+        "datasource": {
+          "type": "prometheus",
+          "uid": "${datasource}"
+        },
+        "fieldConfig": {
+          "defaults": {
+            "color": {
+              "mode": "palette-classic"
+            },
+            "custom": {
+              "axisBorderShow": false,
+              "axisCenteredZero": false,
+              "axisColorMode": "text",
+              "axisLabel": "",
+              "axisPlacement": "auto",
+              "barAlignment": 0,
+              "barWidthFactor": 0.6,
+              "drawStyle": "line",
+              "fillOpacity": 0,
+              "gradientMode": "none",
+              "hideFrom": {
+                "legend": false,
+                "tooltip": false,
+                "viz": false
+              },
+              "insertNulls": false,
+              "lineInterpolation": "linear",
+              "lineWidth": 1,
+              "pointSize": 5,
+              "scaleDistribution": {
+                "type": "linear"
+              },
+              "showPoints": "auto",
+              "showValues": false,
+              "spanNulls": false,
+              "stacking": {
+                "group": "A",
+                "mode": "none"
+              },
+              "thresholdsStyle": {
+                "mode": "off"
+              }
+            },
+            "mappings": [],
+            "thresholds": {
+              "mode": "absolute",
+              "steps": [
+                {
+                  "color": "green",
+                  "value": 0
+                },
+                {
+                  "color": "red",
+                  "value": 80
+                }
+              ]
+            },
+            "unit": "binBps"
+          },
+          "overrides": []
+        },
+        "gridPos": {
+          "h": 8,
+          "w": 12,
+          "x": 0,
+          "y": 18
+        },
+        "id": 9,
+        "options": {
+          "legend": {
+            "calcs": [],
+            "displayMode": "list",
+            "placement": "bottom",
+            "showLegend": false
+          },
+          "tooltip": {
+            "hideZeros": false,
+            "mode": "single",
+            "sort": "none"
+          }
+        },
+        "pluginVersion": "12.4.0-21693836646",
+        "targets": [
+          {
+            "editorMode": "code",
+            "expr": "- sum(rate(telemt_user_octets_from_client{user=\"$user\"}[$__rate_interval])) by (user)",
+            "format": "time_series",
+            "legendFormat": "{{ user }} TX",
+            "range": true,
+            "refId": "A"
+          },
+          {
+            "datasource": {
+              "type": "prometheus",
+              "uid": "${datasource}"
+            },
+            "editorMode": "code",
+            "expr": "sum(rate(telemt_user_octets_to_client{user=\"$user\"}[$__rate_interval])) by (user)",
+            "format": "time_series",
+            "legendFormat": "{{ user }} RX",
+            "range": true,
+            "refId": "B"
+          }
+        ],
+        "title": "user_octets",
+        "type": "timeseries"
+      },
+      {
+        "datasource": {
+          "type": "prometheus",
+          "uid": "${datasource}"
+        },
+        "fieldConfig": {
+          "defaults": {
+            "color": {
+              "mode": "palette-classic"
+            },
+            "custom": {
+              "axisBorderShow": false,
+              "axisCenteredZero": false,
+              "axisColorMode": "text",
+              "axisLabel": "",
+              "axisPlacement": "auto",
+              "barAlignment": 0,
+              "barWidthFactor": 0.6,
+              "drawStyle": "line",
+              "fillOpacity": 0,
+              "gradientMode": "none",
+              "hideFrom": {
+                "legend": false,
+                "tooltip": false,
+                "viz": false
+              },
+              "insertNulls": false,
+              "lineInterpolation": "linear",
+              "lineWidth": 1,
+              "pointSize": 5,
+              "scaleDistribution": {
+                "type": "linear"
+              },
+              "showPoints": "auto",
+              "showValues": false,
+              "spanNulls": false,
+              "stacking": {
+                "group": "A",
+                "mode": "none"
+              },
+              "thresholdsStyle": {
+                "mode": "off"
+              }
+            },
+            "mappings": [],
+            "thresholds": {
+              "mode": "absolute",
+              "steps": [
+                {
+                  "color": "green",
+                  "value": 0
+                },
+                {
+                  "color": "red",
+                  "value": 80
+                }
+              ]
+            },
+            "unit": "pps"
+          },
+          "overrides": []
+        },
+        "gridPos": {
+          "h": 8,
+          "w": 12,
+          "x": 12,
+          "y": 18
+        },
+        "id": 10,
+        "options": {
+          "legend": {
+            "calcs": [],
+            "displayMode": "list",
+            "placement": "bottom",
+            "showLegend": false
+          },
+          "tooltip": {
+            "hideZeros": false,
+            "mode": "single",
+            "sort": "none"
+          }
+        },
+        "pluginVersion": "12.4.0-21693836646",
+        "targets": [
+          {
+            "editorMode": "code",
+            "expr": "- sum(rate(telemt_user_msgs_from_client{user=\"$user\"}[$__rate_interval])) by (user)",
+            "format": "time_series",
+            "legendFormat": "{{ user }} TX",
+            "range": true,
+            "refId": "A"
+          },
+          {
+            "datasource": {
+              "type": "prometheus",
+              "uid": "${datasource}"
+            },
+            "editorMode": "code",
+            "expr": "sum(rate(telemt_user_msgs_to_client{user=\"$user\"}[$__rate_interval])) by (user)",
+            "format": "time_series",
+            "legendFormat": "{{ user }} RX",
+            "range": true,
+            "refId": "B"
+          }
+        ],
+        "title": "user_msgs",
+        "type": "timeseries"
+      }
+    ],
+    "preload": false,
+    "schemaVersion": 42,
+    "tags": [],
+    "templating": {
+      "list": [
+        {
+          "current": {
+            "text": "docker",
+            "value": "docker"
+          },
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "definition": "label_values(telemt_user_connections_total,user)",
+          "hide": 2,
+          "multi": true,
+          "name": "user",
+          "options": [],
+          "query": {
+            "qryType": 1,
+            "query": "label_values(telemt_user_connections_total,user)",
+            "refId": "VariableQueryEditor-VariableQuery"
+          },
+          "refresh": 1,
+          "regex": "",
+          "regexApplyTo": "value",
+          "sort": 1,
+          "type": "query"
+        },
+        {
+          "current": {
+            "text": "VM long-term",
+            "value": "P7D3016A027385E71"
+          },
+          "name": "datasource",
+          "options": [],
+          "query": "prometheus",
+          "refresh": 1,
+          "regex": "",
+          "type": "datasource"
+        }
+      ]
+    },
+    "time": {
+      "from": "now-6h",
+      "to": "now"
+    },
+    "timepicker": {},
+    "timezone": "browser",
+    "title": "Telemt MtProto proxy",
+    "weekStart": ""
+  }
+}