andrei/telemt
1
0
Fork 0
mirror of https://github.com/telemt/telemt.git synced 2026-06-21 02:00:09 +07:00
Code Issues Packages Projects Releases Wiki Activity
1,584 Commits 2 Branches 96 Tags
3bd5637e4736196e7764d72bf11ec9e9a8376d39
Commit Graph

215 Commits

Author SHA1 Message Date
Alexey 57b2aa0453 Rustfmt 2026-05-10 14:14:52 +03:00
Alexey 10c7cb2e0c Middle Relay Cancellation Errors 2026-05-10 14:12:15 +03:00
Alexey 900b574fb8 Harden ME Writer Cancellation paths 2026-05-10 14:09:10 +03:00
Alexey beed6b4679 Middle Wait Deadlines + Tighten Session Release State 2026-05-10 13:58:02 +03:00
Alexey eef2a38c75 Type Route Cutovers + Reduce IP Tracker cleanup pressure 2026-05-10 13:55:01 +03:00
Alexey 6cb72b3b6c Explicit Reasons of Session Fallback Cleanup + ME Close 2026-05-10 13:50:36 +03:00
Alexey e10c070dc1 Observability + Cancellation for Middle Quota + Traffic Waits 2026-05-10 13:38:11 +03:00
Alexey 3f9ac87daf Bounded Rate Bursts + Cancel ME Waits 2026-05-10 13:33:54 +03:00
Alexey 844a912b38 Expose Quota Contention + Cleanup fallback metrics 2026-05-10 13:30:59 +03:00
Alexey ba1d9be5d4 Hardened Relays and API Security paths 2026-05-10 13:22:54 +03:00
Alexey b2aa9b8c9e Hardened API & Management-plane Admission 
- bound API and metrics connection handling
- default metrics listener to localhost
- reject untrusted PROXY protocol peers before parsing headers
- cap API request body size and PROXY v2 payload allocation
- validate route usernames and TLS domains consistently
 2026-05-09 20:50:23 +03:00
Alexey 658a565cb3 Merge pull request #770 from konstpic/feat/user-source-deny-list 
feat(access): add per-user source IP deny list checks
 2026-05-07 11:56:54 +03:00
Alexey e0f251ad82 TLS Domains masking fixes 2026-05-06 20:29:24 +03:00
Konstantin Pichugin b859fb95c3 feat(access): add per-user source IP deny list checks 
Add access.user_source_deny and enforce it in TLS and MTProto handshake paths after successful authentication to fail closed for blocked source IPs.
 2026-05-06 19:11:18 +03:00
Alexey 8b62965978 Stabilize unknown-DC symlink race test setup 2026-04-30 11:11:04 +03:00
Alexey d46bda9880 Preserve synchronous IP cleanup queue contract + Rustfmt 2026-04-30 11:05:18 +03:00
Alexey c3de07db6a Shard TLS full-cert budget tracking + Bound user-labeled metrics export cardinality 2026-04-30 11:01:10 +03:00
Alexey 61f9af7ffc Reduce Lock-free IP-Tracker Cleanup backlog 2026-04-30 10:51:04 +03:00
Alexey 9412f089c0 Restore active IP observability for users without unique-IP limits 2026-04-25 15:49:28 +03:00
Alexey 37c916056a Rustfmt 2026-04-25 14:35:35 +03:00
Alexey 2f2fe9d5d3 Bound relay queues by bytes 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
Signed-off-by: Alexey <247128645+axkurcom@users.noreply.github.com>
 2026-04-25 13:54:20 +03:00
Alexey 27b5d576c0 Bound hot-path pressure in ME Relay + Handshake 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
Signed-off-by: Alexey <247128645+axkurcom@users.noreply.github.com>
 2026-04-25 12:16:26 +03:00
Alexey e78592ef9b Avoid IP tracking when unique-IP limits are disabled and cap beobachten memory 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
Signed-off-by: Alexey <247128645+axkurcom@users.noreply.github.com>
 2026-04-25 12:00:46 +03:00
Alexey 033ebf5038 Relays Tests Fixes 2026-04-24 15:51:19 +03:00
Alexey 8960fad8cd Сlassified Bad Connections and Handshake Failures in API 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-04-24 10:56:30 +03:00
Alexey 67357310f7 TLS 1.2/1.3 Correctness + Full ServerHello + Rustfmt 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-04-23 21:29:18 +03:00
Alexey db8d333ed6 Noisy-network peer Close Errors Classification 2026-04-21 15:35:11 +03:00
Alexey 4ce6b14bd8 Rustfmt 2026-04-21 13:31:24 +03:00
Alexey db114f09c3 Sync tests with code 2026-04-21 13:30:11 +03:00
Alexey 09310ff284 Unlimited mask_relay_max_bytes 2026-04-21 11:30:58 +03:00
lie-must-die dd27206104 Implement test for unknown SNI reject policy 
Add test for unknown SNI rejection policy emitting TLS alert.
 2026-04-19 12:44:39 +03:00
lie-must-die f11c7880e6 Enhance unknown SNI action handling in handshake 
Updated handling of unknown SNI actions in TLS handshake process. Added support for RejectHandshake action and adjusted delay application logic.
 2026-04-19 12:43:54 +03:00
Alexey 17a966b822 Rustfmt 2026-04-17 10:48:01 +03:00
Alexey f36f2eae24 Evaluating hard-idle timeout after read timeout 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-04-15 15:20:38 +03:00
Alexey 497ec6aa84 Small frames as idle activity 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-04-15 13:38:30 +03:00
Alexey 21ca1014ae Drafting Traffic Control 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-04-15 13:14:45 +03:00
Alexey 696316f919 Rustfmt 2026-04-15 01:39:47 +03:00
Alexey d7a0319696 Server.Listeners + Upstream V4/V6 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-04-15 01:32:49 +03:00
Alexey 13f86062f4 BINDTODEVICE for Direct Upstreams by #683 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-04-14 18:32:06 +03:00
Batmaev 26c40092f3 rm hardcoded mask timeouts 2026-04-12 10:46:18 +03:00
sintanial ddeda8d914 feat: add configurable RST-on-close mode for client sockets 
Add `rst_on_close` config option (off/errors/always) to control
SO_LINGER(0) behaviour on accepted TCP connections.

- `off` (default): normal FIN on all closes, no behaviour change.
- `errors`: SO_LINGER(0) set on accept, cleared after successful
  handshake auth. Pre-handshake failures (scanners, DPI probes,
  timeouts) send RST instead of FIN, eliminating FIN-WAIT-1 and
  orphan socket accumulation. Authenticated relay sessions still
  close gracefully with FIN.
- `always`: SO_LINGER(0) on accept, never cleared — all closes
  send RST regardless of handshake outcome.
 2026-04-10 05:01:38 +03:00
Alexey 4a77335ba9 Round-bounded Retries + Bounded Retry-Round Constant 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-04-07 19:19:40 +03:00
Alexey 14674bd4e6 Update relay.rs 2026-04-06 19:01:12 +03:00
Alexey a36c7b3f66 Update handshake_security_tests.rs 2026-04-06 17:45:45 +03:00
Alexey d848e4a729 Fixes for test + Rustfmt 2026-04-06 16:12:46 +03:00
Alexey 8d865a980c MRU Search + Runtime user snapshot + Ordered candidate auth + Sticky hints + Overload Budgets 2026-04-06 15:04:15 +03:00
Alexey 13dc1f70bf Accept as unknown_sni_action 2026-04-06 12:03:06 +03:00
Alexey 5f5582865e Rustfmt 2026-04-05 17:23:40 +03:00
Alexey 7f0057acd7 Conntrack Control Method 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-04-04 11:28:32 +03:00
David Osipov 6ea867ce36 Phase 2 implemented with additional guards 2026-04-03 02:08:59 +04:00