Merge pull request #692 from ne4sp/patch-1

FIx XRAY_DOUBLE_HOP.md files.
Merge pull request #709 from groozchique/main
2026-04-17 02:24:10 +03:00 · 2026-04-16 18:39:36 +03:00 · 2026-04-16 16:12:48 +03:00 · 2026-04-16 09:40:55 +03:00 · 2026-04-15 11:31:35 +03:00 · 2026-04-15 10:29:37 +03:00
6 changed files with 67 additions and 49 deletions
--- a/README.md
+++ b/README.md
@@ -1,6 +1,6 @@
 # Telemt - MTProxy on Rust + Tokio

-![Latest Release](https://img.shields.io/github/v/release/telemt/telemt?color=neon) ![Stars](https://img.shields.io/github/stars/telemt/telemt?style=social) ![Forks](https://img.shields.io/github/forks/telemt/telemt?style=social) [![Telegram](https://img.shields.io/badge/Telegram-Chat-24a1de?logo=telegram&logoColor=24a1de)](https://t.me/telemtrs)
+[![Latest Release](https://img.shields.io/github/v/release/telemt/telemt?color=neon)](https://github.com/telemt/telemt/releases/latest) [![Stars](https://img.shields.io/github/stars/telemt/telemt?style=social)](https://github.com/telemt/telemt/stargazers) [![Forks](https://img.shields.io/github/forks/telemt/telemt?style=social)](https://github.com/telemt/telemt/network/members) [![Telegram](https://img.shields.io/badge/Telegram-Chat-24a1de?logo=telegram&logoColor=24a1de)](https://t.me/telemtrs)

 [🇷🇺 README на русском](https://github.com/telemt/telemt/blob/main/README.ru.md)

--- a/README.ru.md
+++ b/README.ru.md
@@ -1,6 +1,6 @@
 # Telemt — MTProxy на Rust + Tokio

-![Latest Release](https://img.shields.io/github/v/release/telemt/telemt?color=neon) ![Stars](https://img.shields.io/github/stars/telemt/telemt?style=social) ![Forks](https://img.shields.io/github/forks/telemt/telemt?style=social) [![Telegram](https://img.shields.io/badge/Telegram-Chat-24a1de?logo=telegram&logoColor=24a1de)](https://t.me/telemtrs)
+[![Latest Release](https://img.shields.io/github/v/release/telemt/telemt?color=neon)](https://github.com/telemt/telemt/releases/latest) [![Stars](https://img.shields.io/github/stars/telemt/telemt?style=social)](https://github.com/telemt/telemt/stargazers) [![Forks](https://img.shields.io/github/forks/telemt/telemt?style=social)](https://github.com/telemt/telemt/network/members) [![Telegram](https://img.shields.io/badge/Telegram-Chat-24a1de?logo=telegram&logoColor=24a1de)](https://t.me/telemtrs)

 ***Решает проблемы раньше, чем другие узнают об их существовании***

--- a/docs/Config_params/CONFIG_PARAMS.en.md
+++ b/docs/Config_params/CONFIG_PARAMS.en.md
@@ -2268,40 +2268,39 @@ Note: This section also accepts the legacy alias `[server.admin_api]` (same sche

 | Key | Type | Default |
 | --- | ---- | ------- |
-| [`tls_domain`](#cfg-censorship-tls_domain) | `String` | `"petrovich.ru"` |
-| [`tls_domains`](#cfg-censorship-tls_domains) | `String[]` | `[]` |
-| [`unknown_sni_action`](#cfg-censorship-unknown_sni_action) | `"drop"`, `"mask"`, `"accept"` | `"drop"` |
-| [`tls_fetch_scope`](#cfg-censorship-tls_fetch_scope) | `String` | `""` |
-| [`tls_fetch`](#cfg-censorship-tls_fetch) | `Table` | built-in defaults |
-| [`mask`](#cfg-censorship-mask) | `bool` | `true` |
-| [`mask_host`](#cfg-censorship-mask_host) | `String` | — |
-| [`mask_port`](#cfg-censorship-mask_port) | `u16` | `443` |
-| [`mask_unix_sock`](#cfg-censorship-mask_unix_sock) | `String` | — |
-| [`fake_cert_len`](#cfg-censorship-fake_cert_len) | `usize` | `2048` |
-| [`tls_emulation`](#cfg-censorship-tls_emulation) | `bool` | `true` |
-| [`tls_front_dir`](#cfg-censorship-tls_front_dir) | `String` | `"tlsfront"` |
-| [`server_hello_delay_min_ms`](#cfg-censorship-server_hello_delay_min_ms) | `u64` | `0` |
-| [`server_hello_delay_max_ms`](#cfg-censorship-server_hello_delay_max_ms) | `u64` | `0` |
-| [`tls_new_session_tickets`](#cfg-censorship-tls_new_session_tickets) | `u8` | `0` |
-| [`tls_full_cert_ttl_secs`](#cfg-censorship-tls_full_cert_ttl_secs) | `u64` | `90` |
-| [`alpn_enforce`](#cfg-censorship-alpn_enforce) | `bool` | `true` |
-| [`mask_proxy_protocol`](#cfg-censorship-mask_proxy_protocol) | `u8` | `0` |
-| [`mask_shape_hardening`](#cfg-censorship-mask_shape_hardening) | `bool` | `true` |
-| [`mask_shape_hardening_aggressive_mode`](#cfg-censorship-mask_shape_hardening_aggressive_mode) | `bool` | `false` |
-| [`mask_shape_bucket_floor_bytes`](#cfg-censorship-mask_shape_bucket_floor_bytes) | `usize` | `512` |
-| [`mask_shape_bucket_cap_bytes`](#cfg-censorship-mask_shape_bucket_cap_bytes) | `usize` | `4096` |
-| [`mask_shape_above_cap_blur`](#cfg-censorship-mask_shape_above_cap_blur) | `bool` | `false` |
-| [`mask_shape_above_cap_blur_max_bytes`](#cfg-censorship-mask_shape_above_cap_blur_max_bytes) | `usize` | `512` |
-| [`mask_relay_max_bytes`](#cfg-censorship-mask_relay_max_bytes) | `usize` | `5242880` |
-| [`mask_relay_timeout_ms`](#cfg-censorship-mask_relay_timeout_ms) | `u64` | `60_000` |
-| [`mask_relay_idle_timeout_ms`](#cfg-censorship-mask_relay_idle_timeout_ms) | `u64` | `5_000` |
-| [`mask_classifier_prefetch_timeout_ms`](#cfg-censorship-mask_classifier_prefetch_timeout_ms) | `u64` | `5` |
-| [`mask_timing_normalization_enabled`](#cfg-censorship-mask_timing_normalization_enabled) | `bool` | `false` |
-| [`mask_timing_normalization_floor_ms`](#cfg-censorship-mask_timing_normalization_floor_ms) | `u64` | `0` |
-| [`mask_timing_normalization_ceiling_ms`](#cfg-censorship-mask_timing_normalization_ceiling_ms) | `u64` | `0` |
+| [`tls_domain`](#tls_domain) | `String` | `"petrovich.ru"` |
+| [`tls_domains`](#tls_domains) | `String[]` | `[]` |
+| [`unknown_sni_action`](#unknown_sni_action) | `"drop"`, `"mask"`, `"accept"` | `"drop"` |
+| [`tls_fetch_scope`](#tls_fetch_scope) | `String` | `""` |
+| [`tls_fetch`](#tls_fetch) | `Table` | built-in defaults |
+| [`mask`](#mask) | `bool` | `true` |
+| [`mask_host`](#mask_host) | `String` | — |
+| [`mask_port`](#mask_port) | `u16` | `443` |
+| [`mask_unix_sock`](#mask_unix_sock) | `String` | — |
+| [`fake_cert_len`](#fake_cert_len) | `usize` | `2048` |
+| [`tls_emulation`](#tls_emulation) | `bool` | `true` |
+| [`tls_front_dir`](#tls_front_dir) | `String` | `"tlsfront"` |
+| [`server_hello_delay_min_ms`](#server_hello_delay_min_ms) | `u64` | `0` |
+| [`server_hello_delay_max_ms`](#server_hello_delay_max_ms) | `u64` | `0` |
+| [`tls_new_session_tickets`](#tls_new_session_tickets) | `u8` | `0` |
+| [`tls_full_cert_ttl_secs`](#tls_full_cert_ttl_secs) | `u64` | `90` |
+| [`alpn_enforce`](#alpn_enforce) | `bool` | `true` |
+| [`mask_proxy_protocol`](#mask_proxy_protocol) | `u8` | `0` |
+| [`mask_shape_hardening`](#mask_shape_hardening) | `bool` | `true` |
+| [`mask_shape_hardening_aggressive_mode`](#mask_shape_hardening_aggressive_mode) | `bool` | `false` |
+| [`mask_shape_bucket_floor_bytes`](#mask_shape_bucket_floor_bytes) | `usize` | `512` |
+| [`mask_shape_bucket_cap_bytes`](#mask_shape_bucket_cap_bytes) | `usize` | `4096` |
+| [`mask_shape_above_cap_blur`](#mask_shape_above_cap_blur) | `bool` | `false` |
+| [`mask_shape_above_cap_blur_max_bytes`](#mask_shape_above_cap_blur_max_bytes) | `usize` | `512` |
+| [`mask_relay_max_bytes`](#mask_relay_max_bytes) | `usize` | `5242880` |
+| [`mask_relay_timeout_ms`](#mask_relay_timeout_ms) | `u64` | `60_000` |
+| [`mask_relay_idle_timeout_ms`](#mask_relay_idle_timeout_ms) | `u64` | `5_000` |
+| [`mask_classifier_prefetch_timeout_ms`](#mask_classifier_prefetch_timeout_ms) | `u64` | `5` |
+| [`mask_timing_normalization_enabled`](#mask_timing_normalization_enabled) | `bool` | `false` |
+| [`mask_timing_normalization_floor_ms`](#mask_timing_normalization_floor_ms) | `u64` | `0` |
+| [`mask_timing_normalization_ceiling_ms`](#mask_timing_normalization_ceiling_ms) | `u64` | `0` |

-## "cfg-censorship-tls_domain"
- `tls_domain`
+## tls_domain
  - **Constraints / validation**: Must be a non-empty domain name. Must not contain spaces or `/`.
  - **Description**: Primary domain used for Fake-TLS masking / fronting profile and as the default SNI domain presented to clients. 
    This value becomes part of generated `ee` links, and changing it invalidates previously generated links.
@@ -2542,8 +2541,7 @@ Note: This section also accepts the legacy alias `[server.admin_api]` (same sche
    [censorship]
    mask_relay_max_bytes = 5242880
    ```
-## "cfg-censorship-mask_relay_timeout_ms"
- `mask_relay_timeout_ms`
+## mask_relay_timeout_ms
  - **Constraints / validation**: Should be `>= mask_relay_idle_timeout_ms`.
  - **Description**: Wall-clock cap for the full masking relay on non-MTProto fallback paths. Raise when the mask target is a long-lived service (e.g. WebSocket). Default: 60 000 ms (1 minute).
  - **Example**:
@@ -2552,8 +2550,7 @@ Note: This section also accepts the legacy alias `[server.admin_api]` (same sche
    [censorship]
    mask_relay_timeout_ms = 60000
    ```
-## "cfg-censorship-mask_relay_idle_timeout_ms"
- `mask_relay_idle_timeout_ms`
+## mask_relay_idle_timeout_ms
  - **Constraints / validation**: Should be `<= mask_relay_timeout_ms`.
  - **Description**: Per-read idle timeout on masking relay and drain paths. Limits resource consumption by slow-loris attacks and port scanners. A read call stalling beyond this value is treated as an abandoned connection. Default: 5 000 ms (5 s).
  - **Example**:
@@ -2562,8 +2559,7 @@ Note: This section also accepts the legacy alias `[server.admin_api]` (same sche
    [censorship]
    mask_relay_idle_timeout_ms = 5000
    ```
-## "cfg-censorship-mask_classifier_prefetch_timeout_ms"
- `mask_classifier_prefetch_timeout_ms`
+## mask_classifier_prefetch_timeout_ms
  - **Constraints / validation**: Must be within `[5, 50]` (milliseconds).
  - **Description**: Timeout budget (ms) for extending fragmented initial classifier window on masking fallback.
  - **Example**:
--- a/docs/Config_params/CONFIG_PARAMS.ru.md
+++ b/docs/Config_params/CONFIG_PARAMS.ru.md
@@ -2299,6 +2299,8 @@
 | [`mask_shape_above_cap_blur`](#mask_shape_above_cap_blur) | `bool` | `false` |
 | [`mask_shape_above_cap_blur_max_bytes`](#mask_shape_above_cap_blur_max_bytes) | `usize` | `512` |
 | [`mask_relay_max_bytes`](#mask_relay_max_bytes) | `usize` | `5242880` |
+| [`mask_relay_timeout_ms`](mask_relay_timeout_ms) | `u64` | `60_000` |
+| [`mask_relay_idle_timeout_ms`](mask_relay_idle_timeout_ms) | `u64` | `5_000` |
 | [`mask_classifier_prefetch_timeout_ms`](#mask_classifier_prefetch_timeout_ms) | `u64` | `5` |
 | [`mask_timing_normalization_enabled`](#mask_timing_normalization_enabled) | `bool` | `false` |
 | [`mask_timing_normalization_floor_ms`](#mask_timing_normalization_floor_ms) | `u64` | `0` |
@@ -2544,6 +2546,26 @@
    [censorship]
    mask_relay_max_bytes = 5242880
    ```
+
+## mask_relay_timeout_ms
+  - **Constraints / validation**: Должно быть больше или равно  `mask_relay_idle_timeout_ms`.
+  - **Description**: Жёсткий лимит по реальному времени (wall-clock) для полного маскирующего проксирования на fallback-путях без MTProto. Увеличивайте значение, если целевой сервис маскирования является долгоживущим (например, WebSocket-соединение). Значение по умолчанию: 60 000 мс (1 минута).
+  - **Example**:
+
+    ```toml
+    [censorship]
+    mask_relay_timeout_ms = 60000
+    ```
+## mask_relay_idle_timeout_ms
+  - **Constraints / validation**: Должно быть меньше или равно `mask_relay_timeout_ms`.
+  - **Description**: Тайм-аут простоя на каждую операцию чтения (per-read idle timeout) в маскирующем прокси и drain-пайплайнах. Ограничивает потребление ресурсов при атаках типа slow-loris и сканировании портов. Если операция чтения блокируется дольше заданного времени, соединение считается заброшенным и закрывается. Значение по умолчанию: 5 000 мс (5 с).
+  - **Example**:
+
+    ```toml
+    [censorship]
+    mask_relay_idle_timeout_ms = 5000
+    ```
+
 ## mask_classifier_prefetch_timeout_ms
  - **Ограничения / валидация**: Должно быть в пределах `[5, 50]` (миллисекунд).
  - **Описание**: Лимит времени ожидания (в миллисекундах) для расширения первых входящих данных в режиме fallback-маскировки.
--- a/docs/Setup_examples/XRAY_DOUBLE_HOP.en.md
+++ b/docs/Setup_examples/XRAY_DOUBLE_HOP.en.md
@@ -37,13 +37,13 @@ xray x25519
 ```
 3. **Short ID (Reality identifier):**
 ```bash
-openssl rand -hex 16
-# Save the output (e.g.: 0123456789abcdef0123456789abcdef) — this is <SHORT_ID>
+openssl rand -hex 8
+# Save the output (e.g.: abc123def456) — this is <SHORT_ID>
 ```
 4. **Random Path (for xhttp):**
 ```bash
-openssl rand -hex 8
-# Save the output (e.g., abc123def456) to replace <YOUR_RANDOM_PATH> in configs
+openssl rand -hex 16
+# Save the output (e.g., 0123456789abcdef0123456789abcdef) to replace <YOUR_RANDOM_PATH> in configs
 ```

 ---
--- a/docs/Setup_examples/XRAY_DOUBLE_HOP.ru.md
+++ b/docs/Setup_examples/XRAY_DOUBLE_HOP.ru.md
@@ -37,13 +37,13 @@ xray x25519
 ```
 3. **Short ID (идентификатор Reality):**
 ```bash
-openssl rand -hex 16
-# Сохраните вывод (например: 0123456789abcdef0123456789abcdef) — это <SHORT_ID>
+openssl rand -hex 8
+# Сохраните вывод (например: abc123def456) — это <SHORT_ID>
 ```
 4. **Random Path (путь для xhttp):**
 ```bash
-openssl rand -hex 8
-# Сохраните вывод (например, abc123def456), чтобы заменить <YOUR_RANDOM_PATH> в конфигах
+openssl rand -hex 16
+# Сохраните вывод (например, 0123456789abcdef0123456789abcdef), чтобы заменить <YOUR_RANDOM_PATH> в конфигах
 ```

 ---
Author	SHA1	Message	Date
Alexey	7494cb3092	Merge pull request #692 from ne4sp/patch-1 FIx XRAY_DOUBLE_HOP.md files.	2026-04-16 18:39:36 +03:00
Alexey	d25aa5a1e9	Merge pull request #709 from groozchique/main [docs] add hyperlinks to README	2026-04-16 16:12:48 +03:00
Nick Parfyonov	f1b7b9aa08	[docs] add hyperlinks to README	2026-04-16 09:40:55 +03:00
Alexey	982bfd20b9	Merge pull request #707 from TWRoman/main [docs] Updates in CONFIG_PARAMS based on lastest commits	2026-04-15 11:31:35 +03:00
Roman	0bcc3bf935	Update CONFIG_PARAMS.en.md	2026-04-15 10:29:37 +03:00
TWRoman	f7913721e2	Updates in CONFIG_PARAMS based on lastest commits	2026-04-15 10:25:31 +03:00
ne4sp	3f69b54f5d	Update XRAY_DOUBLE_HOP.ru.md	2026-04-12 16:15:52 +03:00
ne4sp	62a90e05a0	Update XRAY_DOUBLE_HOP.en.md	2026-04-12 15:59:59 +03:00
ne4sp	1b3d2d8bc5	Update XRAY_DOUBLE_HOP.ru.md При инициализации xray на сервере не запускался из-за длинного shortID.	2026-04-12 15:45:01 +03:00