2025-12-30 05:08:05 +03:00
|
|
|
//! Client Handler
|
|
|
|
|
|
|
|
|
|
use std::net::SocketAddr;
|
|
|
|
|
use std::sync::Arc;
|
|
|
|
|
use std::time::Duration;
|
|
|
|
|
use tokio::net::TcpStream;
|
|
|
|
|
use tokio::io::{AsyncRead, AsyncWrite, AsyncReadExt, AsyncWriteExt};
|
|
|
|
|
use tokio::time::timeout;
|
|
|
|
|
use tracing::{debug, info, warn, error, trace};
|
|
|
|
|
|
|
|
|
|
use crate::config::ProxyConfig;
|
|
|
|
|
use crate::error::{ProxyError, Result, HandshakeResult};
|
|
|
|
|
use crate::protocol::constants::*;
|
|
|
|
|
use crate::protocol::tls;
|
|
|
|
|
use crate::stats::{Stats, ReplayChecker};
|
2026-01-07 17:22:10 +03:00
|
|
|
use crate::transport::{configure_client_socket, UpstreamManager};
|
2026-01-20 01:20:02 +03:00
|
|
|
use crate::stream::{CryptoReader, CryptoWriter, FakeTlsReader, FakeTlsWriter, BufferPool};
|
2026-02-07 18:26:44 +03:00
|
|
|
use crate::crypto::{AesCtr, SecureRandom};
|
2025-12-30 05:08:05 +03:00
|
|
|
|
2026-01-20 02:08:23 +03:00
|
|
|
use crate::proxy::handshake::{
|
2025-12-30 05:08:05 +03:00
|
|
|
handle_tls_handshake, handle_mtproto_handshake,
|
|
|
|
|
HandshakeSuccess, generate_tg_nonce, encrypt_tg_nonce,
|
|
|
|
|
};
|
2026-01-20 02:08:23 +03:00
|
|
|
use crate::proxy::relay::relay_bidirectional;
|
|
|
|
|
use crate::proxy::masking::handle_bad_client;
|
2025-12-30 05:08:05 +03:00
|
|
|
|
2026-01-07 17:22:10 +03:00
|
|
|
pub struct ClientHandler;
|
|
|
|
|
|
|
|
|
|
pub struct RunningClientHandler {
|
|
|
|
|
stream: TcpStream,
|
|
|
|
|
peer: SocketAddr,
|
2025-12-30 05:08:05 +03:00
|
|
|
config: Arc<ProxyConfig>,
|
|
|
|
|
stats: Arc<Stats>,
|
|
|
|
|
replay_checker: Arc<ReplayChecker>,
|
2026-01-07 17:22:10 +03:00
|
|
|
upstream_manager: Arc<UpstreamManager>,
|
2026-01-20 01:20:02 +03:00
|
|
|
buffer_pool: Arc<BufferPool>,
|
2026-02-07 18:26:44 +03:00
|
|
|
rng: Arc<SecureRandom>,
|
2025-12-30 05:08:05 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
impl ClientHandler {
|
|
|
|
|
pub fn new(
|
2026-01-07 17:22:10 +03:00
|
|
|
stream: TcpStream,
|
|
|
|
|
peer: SocketAddr,
|
2025-12-30 05:08:05 +03:00
|
|
|
config: Arc<ProxyConfig>,
|
|
|
|
|
stats: Arc<Stats>,
|
2026-01-07 17:22:10 +03:00
|
|
|
upstream_manager: Arc<UpstreamManager>,
|
2026-01-20 01:20:02 +03:00
|
|
|
replay_checker: Arc<ReplayChecker>,
|
|
|
|
|
buffer_pool: Arc<BufferPool>,
|
2026-02-07 18:26:44 +03:00
|
|
|
rng: Arc<SecureRandom>,
|
2026-01-07 17:22:10 +03:00
|
|
|
) -> RunningClientHandler {
|
|
|
|
|
RunningClientHandler {
|
2026-02-07 20:24:12 +03:00
|
|
|
stream, peer, config, stats, replay_checker,
|
|
|
|
|
upstream_manager, buffer_pool, rng,
|
2025-12-30 05:08:05 +03:00
|
|
|
}
|
|
|
|
|
}
|
2026-01-07 17:22:10 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
impl RunningClientHandler {
|
|
|
|
|
pub async fn run(mut self) -> Result<()> {
|
2025-12-30 05:08:05 +03:00
|
|
|
self.stats.increment_connects_all();
|
|
|
|
|
|
2026-01-07 17:22:10 +03:00
|
|
|
let peer = self.peer;
|
2025-12-30 05:08:05 +03:00
|
|
|
debug!(peer = %peer, "New connection");
|
|
|
|
|
|
|
|
|
|
if let Err(e) = configure_client_socket(
|
2026-01-07 17:22:10 +03:00
|
|
|
&self.stream,
|
2026-01-20 01:20:02 +03:00
|
|
|
self.config.timeouts.client_keepalive,
|
|
|
|
|
self.config.timeouts.client_ack,
|
2025-12-30 05:08:05 +03:00
|
|
|
) {
|
|
|
|
|
debug!(peer = %peer, error = %e, "Failed to configure client socket");
|
|
|
|
|
}
|
|
|
|
|
|
2026-01-20 01:20:02 +03:00
|
|
|
let handshake_timeout = Duration::from_secs(self.config.timeouts.client_handshake);
|
2026-01-07 17:22:10 +03:00
|
|
|
let stats = self.stats.clone();
|
|
|
|
|
|
2026-02-07 20:24:12 +03:00
|
|
|
let result = timeout(handshake_timeout, self.do_handshake()).await;
|
2025-12-30 05:08:05 +03:00
|
|
|
|
|
|
|
|
match result {
|
|
|
|
|
Ok(Ok(())) => {
|
|
|
|
|
debug!(peer = %peer, "Connection handled successfully");
|
2026-01-07 17:22:10 +03:00
|
|
|
Ok(())
|
2025-12-30 05:08:05 +03:00
|
|
|
}
|
|
|
|
|
Ok(Err(e)) => {
|
|
|
|
|
debug!(peer = %peer, error = %e, "Handshake failed");
|
2026-01-07 17:22:10 +03:00
|
|
|
Err(e)
|
2025-12-30 05:08:05 +03:00
|
|
|
}
|
|
|
|
|
Err(_) => {
|
2026-01-07 17:22:10 +03:00
|
|
|
stats.increment_handshake_timeouts();
|
2025-12-30 05:08:05 +03:00
|
|
|
debug!(peer = %peer, "Handshake timeout");
|
2026-01-07 17:22:10 +03:00
|
|
|
Err(ProxyError::TgHandshakeTimeout)
|
2025-12-30 05:08:05 +03:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2026-01-07 17:22:10 +03:00
|
|
|
async fn do_handshake(mut self) -> Result<()> {
|
2025-12-30 05:08:05 +03:00
|
|
|
let mut first_bytes = [0u8; 5];
|
2026-01-07 17:22:10 +03:00
|
|
|
self.stream.read_exact(&mut first_bytes).await?;
|
2025-12-30 05:08:05 +03:00
|
|
|
|
|
|
|
|
let is_tls = tls::is_tls_handshake(&first_bytes[..3]);
|
2026-01-07 17:22:10 +03:00
|
|
|
let peer = self.peer;
|
2025-12-30 05:08:05 +03:00
|
|
|
|
2026-02-07 20:24:12 +03:00
|
|
|
debug!(peer = %peer, is_tls = is_tls, "Handshake type detected");
|
2025-12-30 05:08:05 +03:00
|
|
|
|
|
|
|
|
if is_tls {
|
2026-01-07 17:22:10 +03:00
|
|
|
self.handle_tls_client(first_bytes).await
|
2025-12-30 05:08:05 +03:00
|
|
|
} else {
|
2026-01-07 17:22:10 +03:00
|
|
|
self.handle_direct_client(first_bytes).await
|
2025-12-30 05:08:05 +03:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2026-02-07 20:24:12 +03:00
|
|
|
async fn handle_tls_client(mut self, first_bytes: [u8; 5]) -> Result<()> {
|
2026-01-07 17:22:10 +03:00
|
|
|
let peer = self.peer;
|
|
|
|
|
|
2025-12-30 05:08:05 +03:00
|
|
|
let tls_len = u16::from_be_bytes([first_bytes[3], first_bytes[4]]) as usize;
|
|
|
|
|
|
|
|
|
|
debug!(peer = %peer, tls_len = tls_len, "Reading TLS handshake");
|
|
|
|
|
|
|
|
|
|
if tls_len < 512 {
|
|
|
|
|
debug!(peer = %peer, tls_len = tls_len, "TLS handshake too short");
|
|
|
|
|
self.stats.increment_connects_bad();
|
2026-01-20 01:20:02 +03:00
|
|
|
let (reader, writer) = self.stream.into_split();
|
|
|
|
|
handle_bad_client(reader, writer, &first_bytes, &self.config).await;
|
2025-12-30 05:08:05 +03:00
|
|
|
return Ok(());
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
let mut handshake = vec![0u8; 5 + tls_len];
|
|
|
|
|
handshake[..5].copy_from_slice(&first_bytes);
|
2026-01-07 17:22:10 +03:00
|
|
|
self.stream.read_exact(&mut handshake[5..]).await?;
|
|
|
|
|
|
|
|
|
|
let config = self.config.clone();
|
|
|
|
|
let replay_checker = self.replay_checker.clone();
|
|
|
|
|
let stats = self.stats.clone();
|
2026-01-20 01:20:02 +03:00
|
|
|
let buffer_pool = self.buffer_pool.clone();
|
2025-12-30 05:08:05 +03:00
|
|
|
|
2026-01-07 17:22:10 +03:00
|
|
|
let (read_half, write_half) = self.stream.into_split();
|
2025-12-30 05:08:05 +03:00
|
|
|
|
|
|
|
|
let (mut tls_reader, tls_writer, _tls_user) = match handle_tls_handshake(
|
2026-02-07 20:24:12 +03:00
|
|
|
&handshake, read_half, write_half, peer,
|
|
|
|
|
&config, &replay_checker, &self.rng,
|
2025-12-30 05:08:05 +03:00
|
|
|
).await {
|
|
|
|
|
HandshakeResult::Success(result) => result,
|
2026-01-20 01:20:02 +03:00
|
|
|
HandshakeResult::BadClient { reader, writer } => {
|
2026-01-07 17:22:10 +03:00
|
|
|
stats.increment_connects_bad();
|
2026-01-20 01:20:02 +03:00
|
|
|
handle_bad_client(reader, writer, &handshake, &config).await;
|
2025-12-30 05:08:05 +03:00
|
|
|
return Ok(());
|
|
|
|
|
}
|
|
|
|
|
HandshakeResult::Error(e) => return Err(e),
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
debug!(peer = %peer, "Reading MTProto handshake through TLS");
|
|
|
|
|
let mtproto_data = tls_reader.read_exact(HANDSHAKE_LEN).await?;
|
|
|
|
|
let mtproto_handshake: [u8; HANDSHAKE_LEN] = mtproto_data[..].try_into()
|
|
|
|
|
.map_err(|_| ProxyError::InvalidHandshake("Short MTProto handshake".into()))?;
|
|
|
|
|
|
|
|
|
|
let (crypto_reader, crypto_writer, success) = match handle_mtproto_handshake(
|
2026-02-07 20:24:12 +03:00
|
|
|
&mtproto_handshake, tls_reader, tls_writer, peer,
|
|
|
|
|
&config, &replay_checker, true,
|
2025-12-30 05:08:05 +03:00
|
|
|
).await {
|
|
|
|
|
HandshakeResult::Success(result) => result,
|
2026-02-07 20:24:12 +03:00
|
|
|
HandshakeResult::BadClient { reader: _, writer: _ } => {
|
2026-01-07 17:22:10 +03:00
|
|
|
stats.increment_connects_bad();
|
2026-02-07 20:24:12 +03:00
|
|
|
debug!(peer = %peer, "Valid TLS but invalid MTProto handshake");
|
2025-12-30 05:08:05 +03:00
|
|
|
return Ok(());
|
|
|
|
|
}
|
|
|
|
|
HandshakeResult::Error(e) => return Err(e),
|
|
|
|
|
};
|
|
|
|
|
|
2026-01-07 17:22:10 +03:00
|
|
|
Self::handle_authenticated_static(
|
2026-02-07 20:24:12 +03:00
|
|
|
crypto_reader, crypto_writer, success,
|
|
|
|
|
self.upstream_manager, self.stats, self.config,
|
|
|
|
|
buffer_pool, self.rng,
|
2026-01-07 17:22:10 +03:00
|
|
|
).await
|
2025-12-30 05:08:05 +03:00
|
|
|
}
|
|
|
|
|
|
2026-02-07 20:24:12 +03:00
|
|
|
async fn handle_direct_client(mut self, first_bytes: [u8; 5]) -> Result<()> {
|
2026-01-07 17:22:10 +03:00
|
|
|
let peer = self.peer;
|
|
|
|
|
|
2026-01-20 01:20:02 +03:00
|
|
|
if !self.config.general.modes.classic && !self.config.general.modes.secure {
|
2025-12-30 05:08:05 +03:00
|
|
|
debug!(peer = %peer, "Non-TLS modes disabled");
|
|
|
|
|
self.stats.increment_connects_bad();
|
2026-01-20 01:20:02 +03:00
|
|
|
let (reader, writer) = self.stream.into_split();
|
|
|
|
|
handle_bad_client(reader, writer, &first_bytes, &self.config).await;
|
2025-12-30 05:08:05 +03:00
|
|
|
return Ok(());
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
let mut handshake = [0u8; HANDSHAKE_LEN];
|
|
|
|
|
handshake[..5].copy_from_slice(&first_bytes);
|
2026-01-07 17:22:10 +03:00
|
|
|
self.stream.read_exact(&mut handshake[5..]).await?;
|
|
|
|
|
|
|
|
|
|
let config = self.config.clone();
|
|
|
|
|
let replay_checker = self.replay_checker.clone();
|
|
|
|
|
let stats = self.stats.clone();
|
2026-01-20 01:20:02 +03:00
|
|
|
let buffer_pool = self.buffer_pool.clone();
|
2025-12-30 05:08:05 +03:00
|
|
|
|
2026-01-07 17:22:10 +03:00
|
|
|
let (read_half, write_half) = self.stream.into_split();
|
2025-12-30 05:08:05 +03:00
|
|
|
|
|
|
|
|
let (crypto_reader, crypto_writer, success) = match handle_mtproto_handshake(
|
2026-02-07 20:24:12 +03:00
|
|
|
&handshake, read_half, write_half, peer,
|
|
|
|
|
&config, &replay_checker, false,
|
2025-12-30 05:08:05 +03:00
|
|
|
).await {
|
|
|
|
|
HandshakeResult::Success(result) => result,
|
2026-01-20 01:20:02 +03:00
|
|
|
HandshakeResult::BadClient { reader, writer } => {
|
2026-01-07 17:22:10 +03:00
|
|
|
stats.increment_connects_bad();
|
2026-01-20 01:20:02 +03:00
|
|
|
handle_bad_client(reader, writer, &handshake, &config).await;
|
2025-12-30 05:08:05 +03:00
|
|
|
return Ok(());
|
|
|
|
|
}
|
|
|
|
|
HandshakeResult::Error(e) => return Err(e),
|
|
|
|
|
};
|
|
|
|
|
|
2026-01-07 17:22:10 +03:00
|
|
|
Self::handle_authenticated_static(
|
2026-02-07 20:24:12 +03:00
|
|
|
crypto_reader, crypto_writer, success,
|
|
|
|
|
self.upstream_manager, self.stats, self.config,
|
|
|
|
|
buffer_pool, self.rng,
|
2026-01-07 17:22:10 +03:00
|
|
|
).await
|
2025-12-30 05:08:05 +03:00
|
|
|
}
|
|
|
|
|
|
2026-01-07 17:22:10 +03:00
|
|
|
async fn handle_authenticated_static<R, W>(
|
2025-12-30 05:08:05 +03:00
|
|
|
client_reader: CryptoReader<R>,
|
|
|
|
|
client_writer: CryptoWriter<W>,
|
|
|
|
|
success: HandshakeSuccess,
|
2026-01-07 17:22:10 +03:00
|
|
|
upstream_manager: Arc<UpstreamManager>,
|
|
|
|
|
stats: Arc<Stats>,
|
|
|
|
|
config: Arc<ProxyConfig>,
|
2026-01-20 01:20:02 +03:00
|
|
|
buffer_pool: Arc<BufferPool>,
|
2026-02-07 18:26:44 +03:00
|
|
|
rng: Arc<SecureRandom>,
|
2025-12-30 05:08:05 +03:00
|
|
|
) -> Result<()>
|
|
|
|
|
where
|
|
|
|
|
R: AsyncRead + Unpin + Send + 'static,
|
|
|
|
|
W: AsyncWrite + Unpin + Send + 'static,
|
|
|
|
|
{
|
|
|
|
|
let user = &success.user;
|
|
|
|
|
|
2026-01-07 17:22:10 +03:00
|
|
|
if let Err(e) = Self::check_user_limits_static(user, &config, &stats) {
|
2025-12-30 05:08:05 +03:00
|
|
|
warn!(user = %user, error = %e, "User limit exceeded");
|
|
|
|
|
return Err(e);
|
|
|
|
|
}
|
|
|
|
|
|
2026-01-07 17:22:10 +03:00
|
|
|
let dc_addr = Self::get_dc_addr_static(success.dc_idx, &config)?;
|
2025-12-30 05:08:05 +03:00
|
|
|
|
|
|
|
|
info!(
|
|
|
|
|
user = %user,
|
|
|
|
|
peer = %success.peer,
|
|
|
|
|
dc = success.dc_idx,
|
|
|
|
|
dc_addr = %dc_addr,
|
|
|
|
|
proto = ?success.proto_tag,
|
|
|
|
|
"Connecting to Telegram"
|
|
|
|
|
);
|
|
|
|
|
|
2026-02-07 20:24:12 +03:00
|
|
|
// Pass dc_idx for latency-based upstream selection
|
|
|
|
|
let tg_stream = upstream_manager.connect(dc_addr, Some(success.dc_idx)).await?;
|
2025-12-30 05:08:05 +03:00
|
|
|
|
2026-02-07 20:24:12 +03:00
|
|
|
debug!(peer = %success.peer, dc_addr = %dc_addr, "Connected, performing TG handshake");
|
2025-12-30 05:08:05 +03:00
|
|
|
|
2026-01-07 17:22:10 +03:00
|
|
|
let (tg_reader, tg_writer) = Self::do_tg_handshake_static(
|
2026-02-07 20:24:12 +03:00
|
|
|
tg_stream, &success, &config, rng.as_ref(),
|
2025-12-30 05:08:05 +03:00
|
|
|
).await?;
|
|
|
|
|
|
2026-02-07 20:24:12 +03:00
|
|
|
debug!(peer = %success.peer, "TG handshake complete, starting relay");
|
2025-12-30 05:08:05 +03:00
|
|
|
|
2026-01-07 17:22:10 +03:00
|
|
|
stats.increment_user_connects(user);
|
|
|
|
|
stats.increment_user_curr_connects(user);
|
2025-12-30 05:08:05 +03:00
|
|
|
|
|
|
|
|
let relay_result = relay_bidirectional(
|
2026-02-07 20:24:12 +03:00
|
|
|
client_reader, client_writer,
|
|
|
|
|
tg_reader, tg_writer,
|
|
|
|
|
user, Arc::clone(&stats), buffer_pool,
|
2025-12-30 05:08:05 +03:00
|
|
|
).await;
|
|
|
|
|
|
2026-01-07 17:22:10 +03:00
|
|
|
stats.decrement_user_curr_connects(user);
|
2025-12-30 05:08:05 +03:00
|
|
|
|
|
|
|
|
match &relay_result {
|
2026-02-07 20:24:12 +03:00
|
|
|
Ok(()) => debug!(user = %user, "Relay completed"),
|
|
|
|
|
Err(e) => debug!(user = %user, error = %e, "Relay ended with error"),
|
2025-12-30 05:08:05 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
relay_result
|
|
|
|
|
}
|
|
|
|
|
|
2026-01-07 17:22:10 +03:00
|
|
|
fn check_user_limits_static(user: &str, config: &ProxyConfig, stats: &Stats) -> Result<()> {
|
2026-01-20 01:20:02 +03:00
|
|
|
if let Some(expiration) = config.access.user_expirations.get(user) {
|
2025-12-30 05:08:05 +03:00
|
|
|
if chrono::Utc::now() > *expiration {
|
|
|
|
|
return Err(ProxyError::UserExpired { user: user.to_string() });
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2026-01-20 01:20:02 +03:00
|
|
|
if let Some(limit) = config.access.user_max_tcp_conns.get(user) {
|
2026-02-07 20:24:12 +03:00
|
|
|
if stats.get_user_curr_connects(user) >= *limit as u64 {
|
2025-12-30 05:08:05 +03:00
|
|
|
return Err(ProxyError::ConnectionLimitExceeded { user: user.to_string() });
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2026-01-20 01:20:02 +03:00
|
|
|
if let Some(quota) = config.access.user_data_quota.get(user) {
|
2026-02-07 20:24:12 +03:00
|
|
|
if stats.get_user_total_octets(user) >= *quota {
|
2025-12-30 05:08:05 +03:00
|
|
|
return Err(ProxyError::DataQuotaExceeded { user: user.to_string() });
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
Ok(())
|
|
|
|
|
}
|
|
|
|
|
|
2026-02-12 18:25:41 +03:00
|
|
|
/// Resolve DC index to a target address.
|
|
|
|
|
///
|
|
|
|
|
/// Matches the C implementation's behavior exactly:
|
|
|
|
|
///
|
|
|
|
|
/// 1. Look up DC in known clusters (standard DCs ±1..±5)
|
|
|
|
|
/// 2. If not found and `force=1` → fall back to `default_cluster`
|
|
|
|
|
///
|
|
|
|
|
/// In the C code:
|
|
|
|
|
/// - `proxy-multi.conf` is downloaded from Telegram, contains only DC ±1..±5
|
|
|
|
|
/// - `default 2;` directive sets the default cluster
|
|
|
|
|
/// - `mf_cluster_lookup(CurConf, target_dc, 1)` returns default_cluster
|
|
|
|
|
/// for any unknown DC (like CDN DC 203)
|
|
|
|
|
///
|
|
|
|
|
/// So DC 203, DC 101, DC -300, etc. all route to the default DC (2).
|
|
|
|
|
/// There is NO modular arithmetic in the C implementation.
|
2026-01-07 17:22:10 +03:00
|
|
|
fn get_dc_addr_static(dc_idx: i16, config: &ProxyConfig) -> Result<SocketAddr> {
|
2026-01-20 01:20:02 +03:00
|
|
|
let datacenters = if config.general.prefer_ipv6 {
|
2025-12-30 05:08:05 +03:00
|
|
|
&*TG_DATACENTERS_V6
|
|
|
|
|
} else {
|
|
|
|
|
&*TG_DATACENTERS_V4
|
|
|
|
|
};
|
2026-02-12 18:25:41 +03:00
|
|
|
|
|
|
|
|
let num_dcs = datacenters.len(); // 5
|
|
|
|
|
|
|
|
|
|
// === Step 1: Check dc_overrides (like C's `proxy_for <dc> <ip>:<port>`) ===
|
|
|
|
|
let dc_key = dc_idx.to_string();
|
|
|
|
|
if let Some(addr_str) = config.dc_overrides.get(&dc_key) {
|
|
|
|
|
match addr_str.parse::<SocketAddr>() {
|
|
|
|
|
Ok(addr) => {
|
|
|
|
|
debug!(dc_idx = dc_idx, addr = %addr, "Using DC override from config");
|
|
|
|
|
return Ok(addr);
|
|
|
|
|
}
|
|
|
|
|
Err(_) => {
|
|
|
|
|
warn!(dc_idx = dc_idx, addr_str = %addr_str,
|
|
|
|
|
"Invalid DC override address in config, ignoring");
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// === Step 2: Standard DCs ±1..±5 — direct lookup ===
|
|
|
|
|
let abs_dc = dc_idx.unsigned_abs() as usize;
|
|
|
|
|
if abs_dc >= 1 && abs_dc <= num_dcs {
|
|
|
|
|
return Ok(SocketAddr::new(datacenters[abs_dc - 1], TG_DATACENTER_PORT));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// === Step 3: Unknown DC — fall back to default_cluster ===
|
|
|
|
|
// Exactly like C's `mf_cluster_lookup(CurConf, target_dc, force=1)`
|
|
|
|
|
// which returns `MC->default_cluster` when the DC is not found.
|
|
|
|
|
// Telegram's proxy-multi.conf uses `default 2;`
|
|
|
|
|
let default_dc = config.default_dc.unwrap_or(2) as usize;
|
|
|
|
|
let fallback_idx = if default_dc >= 1 && default_dc <= num_dcs {
|
|
|
|
|
default_dc - 1
|
|
|
|
|
} else {
|
|
|
|
|
1 // DC 2 (index 1) — matches Telegram's `default 2;`
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
info!(
|
|
|
|
|
original_dc = dc_idx,
|
|
|
|
|
fallback_dc = (fallback_idx + 1) as u16,
|
|
|
|
|
fallback_addr = %datacenters[fallback_idx],
|
2026-02-12 18:38:05 +03:00
|
|
|
"Special DC ---> default_cluster"
|
2026-02-12 18:25:41 +03:00
|
|
|
);
|
|
|
|
|
|
|
|
|
|
Ok(SocketAddr::new(datacenters[fallback_idx], TG_DATACENTER_PORT))
|
2025-12-30 05:08:05 +03:00
|
|
|
}
|
|
|
|
|
|
2026-01-07 17:22:10 +03:00
|
|
|
async fn do_tg_handshake_static(
|
2025-12-30 05:08:05 +03:00
|
|
|
mut stream: TcpStream,
|
|
|
|
|
success: &HandshakeSuccess,
|
2026-01-07 17:22:10 +03:00
|
|
|
config: &ProxyConfig,
|
2026-02-07 18:26:44 +03:00
|
|
|
rng: &SecureRandom,
|
2025-12-30 05:08:05 +03:00
|
|
|
) -> Result<(CryptoReader<tokio::net::tcp::OwnedReadHalf>, CryptoWriter<tokio::net::tcp::OwnedWriteHalf>)> {
|
|
|
|
|
let (nonce, tg_enc_key, tg_enc_iv, tg_dec_key, tg_dec_iv) = generate_tg_nonce(
|
|
|
|
|
success.proto_tag,
|
2026-02-13 03:51:36 +03:00
|
|
|
success.dc_idx,
|
2026-02-07 20:24:12 +03:00
|
|
|
&success.dec_key,
|
2025-12-30 05:08:05 +03:00
|
|
|
success.dec_iv,
|
2026-02-07 18:26:44 +03:00
|
|
|
rng,
|
2026-01-20 01:20:02 +03:00
|
|
|
config.general.fast_mode,
|
2025-12-30 05:08:05 +03:00
|
|
|
);
|
|
|
|
|
|
|
|
|
|
let encrypted_nonce = encrypt_tg_nonce(&nonce);
|
|
|
|
|
|
|
|
|
|
debug!(
|
|
|
|
|
peer = %success.peer,
|
|
|
|
|
nonce_head = %hex::encode(&nonce[..16]),
|
|
|
|
|
"Sending nonce to Telegram"
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
stream.write_all(&encrypted_nonce).await?;
|
|
|
|
|
stream.flush().await?;
|
|
|
|
|
|
|
|
|
|
let (read_half, write_half) = stream.into_split();
|
|
|
|
|
|
|
|
|
|
let decryptor = AesCtr::new(&tg_dec_key, tg_dec_iv);
|
|
|
|
|
let encryptor = AesCtr::new(&tg_enc_key, tg_enc_iv);
|
|
|
|
|
|
2026-02-07 20:24:12 +03:00
|
|
|
Ok((
|
|
|
|
|
CryptoReader::new(read_half, decryptor),
|
|
|
|
|
CryptoWriter::new(write_half, encryptor),
|
|
|
|
|
))
|
2025-12-30 05:08:05 +03:00
|
|
|
}
|
|
|
|
|
}
|
