andrei/telemt
1
0
Fork 0
mirror of https://github.com/telemt/telemt.git synced 2026-06-19 02:00:08 +07:00
Code Issues Packages Projects Releases Wiki Activity
1,689 Commits 2 Branches 96 Tags
c36eb8180845ab971c6f25b17e03414438e23873
Commit Graph

243 Commits

Author SHA1 Message Date
Alexey c36eb81808 Fix for TLS-F, ALPN и SNI/ALPN helpers 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-06-11 19:17:06 +03:00
Alexey 0f8aca56d9 Fix fallback test record iterator lifetime 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-06-11 17:56:21 +03:00
Alexey 4e66933a35 Fix TLS masking test ClientHello fixtures and tail write ordering 2026-06-11 17:51:05 +03:00
Alexey 7cf00db242 Update client_masking_budget_security_tests.rs 2026-06-11 17:32:26 +03:00
Alexey 8bc1ac06d6 Update client_masking_budget_security_tests.rs 2026-06-11 17:31:23 +03:00
Alexey 59cfcf05d3 Update client_masking_blackhat_campaign_tests.rs 2026-06-11 17:23:35 +03:00
Alexey fcbedf66ea Update client_masking_blackhat_campaign_tests.rs 2026-06-11 17:21:54 +03:00
Alexey 1edd63bfb1 Rustfmt + Bump 2026-06-11 16:36:33 +03:00
Alexey 3d0560d583 Select ServerHello key share from TLS Fetcher Profile 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-06-11 14:43:03 +03:00
Alexey 62af515504 Generate Valid X25519MLKEM768 ServerHello key shares 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-06-11 14:14:09 +03:00
Alexey c4b58ad374 Hardened TLS-F ServerHello selection 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-06-11 13:07:40 +03:00
Alexey db7ff8737c Add dynamic SNI mask target mode 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-06-11 10:36:37 +03:00
Alexey cd2bb9c8cd Alles muss man selber machen 
Co-Authored-By: Mikhail I. Izmestev <355023+izmmisha@users.noreply.github.com>
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
Co-Authored-By: Dietmar Schreiber <376736+dginorg@users.noreply.github.com>
 2026-06-11 10:13:17 +03:00
Alexey 7d543aeb67 Fixes for Adversarial Timing Profile Latency-flake by #761 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-06-05 12:59:50 +03:00
Alexey 89a885c25f Reset Interface Cache in Masking timing test 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-06-05 12:51:54 +03:00
Alexey 34b48325fd JA3+JA4 Pitfall in API + Beobachten 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-06-02 08:17:56 +03:00
Alexey 462215b53c Dual-stack fixes for Upstreams by #798 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-06-01 19:50:26 +03:00
Alexey 2264980926 User Disabler in API by #814 + Consistent Listeners in API by #800 2026-05-31 11:17:18 +03:00
Aleksei K a77aedfd7a Atomically claim pressure eviction budget in MR 2026-05-29 13:17:47 +03:00
Aleksei K 2a0fcd6e35 Align ServerHello cipher and opaque ALPN behavior in TLS-F 2026-05-28 16:11:25 +03:00
Alexey d4adf0ef9a ME: Bound writer queue waits under backpressure 2026-05-25 00:28:29 +03:00
Alexey dc8951eae8 Reduce MR + ME Routing hot-path contention 2026-05-22 20:19:09 +03:00
Alexey 9abaf9006c Prioritize Cancellation in MP select paths 2026-05-22 16:47:54 +03:00
Alexey 885258b85e Prioritize Relay Flow Cancellation over Buffered Writes 2026-05-21 20:35:25 +03:00
Alexey 98c985091c Decomposing hot-path modules into focused submodules 
Signed-off-by: Alexey <247128645+axkurcom@users.noreply.github.com>
 2026-05-21 18:03:55 +03:00
Alexey c02c7fbe43 Reducing hot-path allocs + duplicate telemetry touchs 
Signed-off-by: Alexey <247128645+axkurcom@users.noreply.github.com>
 2026-05-20 17:07:54 +03:00
Alexey 8379b48f69 Fix hot-path replay bounds and ME control allocations 
Signed-off-by: Alexey <247128645+axkurcom@users.noreply.github.com>
 2026-05-20 14:05:22 +03:00
Alexey 914f141715 Exclusive Mask + Startup Speed-up 
Signed-off-by: Alexey <247128645+axkurcom@users.noreply.github.com>
 2026-05-19 22:17:59 +03:00
Alexey 57b2aa0453 Rustfmt 2026-05-10 14:14:52 +03:00
Alexey 10c7cb2e0c Middle Relay Cancellation Errors 2026-05-10 14:12:15 +03:00
Alexey 900b574fb8 Harden ME Writer Cancellation paths 2026-05-10 14:09:10 +03:00
Alexey beed6b4679 Middle Wait Deadlines + Tighten Session Release State 2026-05-10 13:58:02 +03:00
Alexey eef2a38c75 Type Route Cutovers + Reduce IP Tracker cleanup pressure 2026-05-10 13:55:01 +03:00
Alexey 6cb72b3b6c Explicit Reasons of Session Fallback Cleanup + ME Close 2026-05-10 13:50:36 +03:00
Alexey e10c070dc1 Observability + Cancellation for Middle Quota + Traffic Waits 2026-05-10 13:38:11 +03:00
Alexey 3f9ac87daf Bounded Rate Bursts + Cancel ME Waits 2026-05-10 13:33:54 +03:00
Alexey 844a912b38 Expose Quota Contention + Cleanup fallback metrics 2026-05-10 13:30:59 +03:00
Alexey ba1d9be5d4 Hardened Relays and API Security paths 2026-05-10 13:22:54 +03:00
Alexey b2aa9b8c9e Hardened API & Management-plane Admission 
- bound API and metrics connection handling
- default metrics listener to localhost
- reject untrusted PROXY protocol peers before parsing headers
- cap API request body size and PROXY v2 payload allocation
- validate route usernames and TLS domains consistently
 2026-05-09 20:50:23 +03:00
Alexey 658a565cb3 Merge pull request #770 from konstpic/feat/user-source-deny-list 
feat(access): add per-user source IP deny list checks
 2026-05-07 11:56:54 +03:00
Alexey e0f251ad82 TLS Domains masking fixes 2026-05-06 20:29:24 +03:00
Konstantin Pichugin b859fb95c3 feat(access): add per-user source IP deny list checks 
Add access.user_source_deny and enforce it in TLS and MTProto handshake paths after successful authentication to fail closed for blocked source IPs.
 2026-05-06 19:11:18 +03:00
Alexey 8b62965978 Stabilize unknown-DC symlink race test setup 2026-04-30 11:11:04 +03:00
Alexey d46bda9880 Preserve synchronous IP cleanup queue contract + Rustfmt 2026-04-30 11:05:18 +03:00
Alexey c3de07db6a Shard TLS full-cert budget tracking + Bound user-labeled metrics export cardinality 2026-04-30 11:01:10 +03:00
Alexey 61f9af7ffc Reduce Lock-free IP-Tracker Cleanup backlog 2026-04-30 10:51:04 +03:00
Alexey 9412f089c0 Restore active IP observability for users without unique-IP limits 2026-04-25 15:49:28 +03:00
Alexey 37c916056a Rustfmt 2026-04-25 14:35:35 +03:00
Alexey 2f2fe9d5d3 Bound relay queues by bytes 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
Signed-off-by: Alexey <247128645+axkurcom@users.noreply.github.com>
 2026-04-25 13:54:20 +03:00
Alexey 27b5d576c0 Bound hot-path pressure in ME Relay + Handshake 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
Signed-off-by: Alexey <247128645+axkurcom@users.noreply.github.com>
 2026-04-25 12:16:26 +03:00