andrei/telemt
1
0
Fork 0
mirror of https://github.com/telemt/telemt.git synced 2026-06-19 02:00:08 +07:00
Code Issues Packages Projects Releases Wiki Activity
1,624 Commits 2 Branches 96 Tags
a79aaee1667a4037b1b2b687960097e199d1693d
Commit Graph

224 Commits

Author SHA1 Message Date
Aleksei K 2a0fcd6e35 Align ServerHello cipher and opaque ALPN behavior in TLS-F 2026-05-28 16:11:25 +03:00
Alexey d4adf0ef9a ME: Bound writer queue waits under backpressure 2026-05-25 00:28:29 +03:00
Alexey dc8951eae8 Reduce MR + ME Routing hot-path contention 2026-05-22 20:19:09 +03:00
Alexey 9abaf9006c Prioritize Cancellation in MP select paths 2026-05-22 16:47:54 +03:00
Alexey 885258b85e Prioritize Relay Flow Cancellation over Buffered Writes 2026-05-21 20:35:25 +03:00
Alexey 98c985091c Decomposing hot-path modules into focused submodules 
Signed-off-by: Alexey <247128645+axkurcom@users.noreply.github.com>
 2026-05-21 18:03:55 +03:00
Alexey c02c7fbe43 Reducing hot-path allocs + duplicate telemetry touchs 
Signed-off-by: Alexey <247128645+axkurcom@users.noreply.github.com>
 2026-05-20 17:07:54 +03:00
Alexey 8379b48f69 Fix hot-path replay bounds and ME control allocations 
Signed-off-by: Alexey <247128645+axkurcom@users.noreply.github.com>
 2026-05-20 14:05:22 +03:00
Alexey 914f141715 Exclusive Mask + Startup Speed-up 
Signed-off-by: Alexey <247128645+axkurcom@users.noreply.github.com>
 2026-05-19 22:17:59 +03:00
Alexey 57b2aa0453 Rustfmt 2026-05-10 14:14:52 +03:00
Alexey 10c7cb2e0c Middle Relay Cancellation Errors 2026-05-10 14:12:15 +03:00
Alexey 900b574fb8 Harden ME Writer Cancellation paths 2026-05-10 14:09:10 +03:00
Alexey beed6b4679 Middle Wait Deadlines + Tighten Session Release State 2026-05-10 13:58:02 +03:00
Alexey eef2a38c75 Type Route Cutovers + Reduce IP Tracker cleanup pressure 2026-05-10 13:55:01 +03:00
Alexey 6cb72b3b6c Explicit Reasons of Session Fallback Cleanup + ME Close 2026-05-10 13:50:36 +03:00
Alexey e10c070dc1 Observability + Cancellation for Middle Quota + Traffic Waits 2026-05-10 13:38:11 +03:00
Alexey 3f9ac87daf Bounded Rate Bursts + Cancel ME Waits 2026-05-10 13:33:54 +03:00
Alexey 844a912b38 Expose Quota Contention + Cleanup fallback metrics 2026-05-10 13:30:59 +03:00
Alexey ba1d9be5d4 Hardened Relays and API Security paths 2026-05-10 13:22:54 +03:00
Alexey b2aa9b8c9e Hardened API & Management-plane Admission 
- bound API and metrics connection handling
- default metrics listener to localhost
- reject untrusted PROXY protocol peers before parsing headers
- cap API request body size and PROXY v2 payload allocation
- validate route usernames and TLS domains consistently
 2026-05-09 20:50:23 +03:00
Alexey 658a565cb3 Merge pull request #770 from konstpic/feat/user-source-deny-list 
feat(access): add per-user source IP deny list checks
 2026-05-07 11:56:54 +03:00
Alexey e0f251ad82 TLS Domains masking fixes 2026-05-06 20:29:24 +03:00
Konstantin Pichugin b859fb95c3 feat(access): add per-user source IP deny list checks 
Add access.user_source_deny and enforce it in TLS and MTProto handshake paths after successful authentication to fail closed for blocked source IPs.
 2026-05-06 19:11:18 +03:00
Alexey 8b62965978 Stabilize unknown-DC symlink race test setup 2026-04-30 11:11:04 +03:00
Alexey d46bda9880 Preserve synchronous IP cleanup queue contract + Rustfmt 2026-04-30 11:05:18 +03:00
Alexey c3de07db6a Shard TLS full-cert budget tracking + Bound user-labeled metrics export cardinality 2026-04-30 11:01:10 +03:00
Alexey 61f9af7ffc Reduce Lock-free IP-Tracker Cleanup backlog 2026-04-30 10:51:04 +03:00
Alexey 9412f089c0 Restore active IP observability for users without unique-IP limits 2026-04-25 15:49:28 +03:00
Alexey 37c916056a Rustfmt 2026-04-25 14:35:35 +03:00
Alexey 2f2fe9d5d3 Bound relay queues by bytes 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
Signed-off-by: Alexey <247128645+axkurcom@users.noreply.github.com>
 2026-04-25 13:54:20 +03:00
Alexey 27b5d576c0 Bound hot-path pressure in ME Relay + Handshake 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
Signed-off-by: Alexey <247128645+axkurcom@users.noreply.github.com>
 2026-04-25 12:16:26 +03:00
Alexey e78592ef9b Avoid IP tracking when unique-IP limits are disabled and cap beobachten memory 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
Signed-off-by: Alexey <247128645+axkurcom@users.noreply.github.com>
 2026-04-25 12:00:46 +03:00
Alexey 033ebf5038 Relays Tests Fixes 2026-04-24 15:51:19 +03:00
Alexey 8960fad8cd Сlassified Bad Connections and Handshake Failures in API 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-04-24 10:56:30 +03:00
Alexey 67357310f7 TLS 1.2/1.3 Correctness + Full ServerHello + Rustfmt 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-04-23 21:29:18 +03:00
Alexey db8d333ed6 Noisy-network peer Close Errors Classification 2026-04-21 15:35:11 +03:00
Alexey 4ce6b14bd8 Rustfmt 2026-04-21 13:31:24 +03:00
Alexey db114f09c3 Sync tests with code 2026-04-21 13:30:11 +03:00
Alexey 09310ff284 Unlimited mask_relay_max_bytes 2026-04-21 11:30:58 +03:00
lie-must-die dd27206104 Implement test for unknown SNI reject policy 
Add test for unknown SNI rejection policy emitting TLS alert.
 2026-04-19 12:44:39 +03:00
lie-must-die f11c7880e6 Enhance unknown SNI action handling in handshake 
Updated handling of unknown SNI actions in TLS handshake process. Added support for RejectHandshake action and adjusted delay application logic.
 2026-04-19 12:43:54 +03:00
Alexey 17a966b822 Rustfmt 2026-04-17 10:48:01 +03:00
Alexey f36f2eae24 Evaluating hard-idle timeout after read timeout 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-04-15 15:20:38 +03:00
Alexey 497ec6aa84 Small frames as idle activity 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-04-15 13:38:30 +03:00
Alexey 21ca1014ae Drafting Traffic Control 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-04-15 13:14:45 +03:00
Alexey 696316f919 Rustfmt 2026-04-15 01:39:47 +03:00
Alexey d7a0319696 Server.Listeners + Upstream V4/V6 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-04-15 01:32:49 +03:00
Alexey 13f86062f4 BINDTODEVICE for Direct Upstreams by #683 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-04-14 18:32:06 +03:00
Batmaev 26c40092f3 rm hardcoded mask timeouts 2026-04-12 10:46:18 +03:00
sintanial ddeda8d914 feat: add configurable RST-on-close mode for client sockets 
Add `rst_on_close` config option (off/errors/always) to control
SO_LINGER(0) behaviour on accepted TCP connections.

- `off` (default): normal FIN on all closes, no behaviour change.
- `errors`: SO_LINGER(0) set on accept, cleared after successful
  handshake auth. Pre-handshake failures (scanners, DPI probes,
  timeouts) send RST instead of FIN, eliminating FIN-WAIT-1 and
  orphan socket accumulation. Authenticated relay sessions still
  close gracefully with FIN.
- `always`: SO_LINGER(0) on accept, never cleared — all closes
  send RST regardless of handshake outcome.
 2026-04-10 05:01:38 +03:00