rms/telemt
1
0
Fork 0
mirror of https://github.com/telemt/telemt.git synced 2026-05-17 00:16:20 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
01b0c5c6ce38c2caef1450144a990827cc970861
telemt/Cargo.toml

101 lines
2.0 KiB
TOML
Raw Normal View History

1.0.0 Tschuss Status Quo - Hallo, Zukunft!
2025-12-30 05:08:05 +03:00
[package]
name = "telemt"
Rustfmt
2026-05-10 14:14:52 +03:00
version = "3.4.11"
Added cargo.toml
2026-03-20 01:06:00 +04:00
edition = "2024"
1.0.0 Tschuss Status Quo - Hallo, Zukunft!
2025-12-30 05:08:05 +03:00
Security hardening, concurrency fixes, and expanded test coverage This commit introduces a comprehensive set of improvements to enhance the security, reliability, and configurability of the proxy server, specifically targeting adversarial resilience and high-load concurrency. Security & Cryptography: - Zeroize MTProto cryptographic key material (`dec_key`, `enc_key`) immediately after use to prevent memory leakage on early returns. - Move TLS handshake replay tracking after full policy/ALPN validation to prevent cache poisoning by unauthenticated probes. - Add `proxy_protocol_trusted_cidrs` configuration to restrict PROXY protocol headers to trusted networks, rejecting spoofed IPs. Adversarial Resilience & DoS Mitigation: - Implement "Tiny Frame Debt" tracking in the middle-relay to prevent CPU exhaustion from malicious 0-byte or 1-byte frame floods. - Add `mask_relay_max_bytes` to strictly bound unauthenticated fallback connections, preventing the proxy from being abused as an open relay. - Add a 5ms prefetch window (`mask_classifier_prefetch_timeout_ms`) to correctly assemble and classify fragmented HTTP/1.1 and HTTP/2 probes (e.g., `PRI * HTTP/2.0`) before routing them to masking heuristics. - Prevent recursive masking loops (FD exhaustion) by verifying the mask target is not the proxy's own listener via local interface enumeration. Concurrency & Reliability: - Eliminate executor waker storms during quota lock contention by replacing the spin-waker task with inline `Sleep` and exponential backoff. - Roll back user quota reservations (`rollback_me2c_quota_reservation`) if a network write fails, preventing Head-of-Line (HoL) blocking from permanently burning data quotas. - Recover gracefully from idle-registry `Mutex` poisoning instead of panicking, ensuring isolated thread failures do not break the proxy. - Fix `auth_probe_scan_start_offset` modulo logic to ensure bounds safety. Testing: - Add extensive adversarial, timing, fuzzing, and invariant test suites for both the client and handshake modules.
2026-03-22 23:06:26 +04:00
[features]
redteam_offline_expected_fail = []
1.0.0 Tschuss Status Quo - Hallo, Zukunft!
2025-12-30 05:08:05 +03:00
[dependencies]
# C
libc = "0.2"
# Async runtime
Zeroize for key + log refactor + fix tests - Fixed tests that failed to compile due to mismatched generic parameters of HandshakeResult: - Changed `HandshakeResult<i32>` to `HandshakeResult<i32, (), ()>` - Changed `HandshakeResult::BadClient` to `HandshakeResult::BadClient { reader: (), writer: () }` - Added Zeroize for all structures holding key material: - AesCbc – key and IV are zeroized on drop - SecureRandomInner – PRNG output buffer is zeroized on drop; local key copy in constructor is zeroized immediately after being passed to the cipher - ObfuscationParams – all four key‑material fields are zeroized on drop - HandshakeSuccess – all four key‑material fields are zeroized on drop - Added protocol‑requirement documentation for legacy hashes (CodeQL suppression) in hash.rs (MD5/SHA‑1) - Added documentation for zeroize limitations of AesCtr (opaque cipher state) in aes.rs - Implemented silent‑mode logging and refactored initialization: - Added LogLevel enum to config and CLI flags --silent / --log-level - Added parse_cli() to handle --silent, --log-level, --help - Restructured main.rs initialization order: CLI → config load → determine log level → init tracing - Errors before tracing initialization are printed via eprintln! - Proxy links (tg://) are printed via println! – always visible regardless of log level - Configuration summary and operational messages are logged via info! (suppressed in silent mode) - Connection processing errors are lowered to debug! (hidden in silent mode) - Warning about default tls_domain moved to main (after tracing init) Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
2026-02-07 19:49:41 +03:00
tokio = { version = "1.42", features = ["full", "tracing"] }
Fixed critical ME Problems
2026-02-17 03:40:39 +03:00
tokio-util = { version = "0.7", features = ["full"] }
1.0.0 Tschuss Status Quo - Hallo, Zukunft!
2025-12-30 05:08:05 +03:00
# Crypto
aes = "0.8"
ctr = "0.9"
cbc = "0.1"
sha2 = "0.10"
sha1 = "0.10"
md-5 = "0.10"
hmac = "0.12"
Zeroize for key + log refactor + fix tests - Fixed tests that failed to compile due to mismatched generic parameters of HandshakeResult: - Changed `HandshakeResult<i32>` to `HandshakeResult<i32, (), ()>` - Changed `HandshakeResult::BadClient` to `HandshakeResult::BadClient { reader: (), writer: () }` - Added Zeroize for all structures holding key material: - AesCbc – key and IV are zeroized on drop - SecureRandomInner – PRNG output buffer is zeroized on drop; local key copy in constructor is zeroized immediately after being passed to the cipher - ObfuscationParams – all four key‑material fields are zeroized on drop - HandshakeSuccess – all four key‑material fields are zeroized on drop - Added protocol‑requirement documentation for legacy hashes (CodeQL suppression) in hash.rs (MD5/SHA‑1) - Added documentation for zeroize limitations of AesCtr (opaque cipher state) in aes.rs - Implemented silent‑mode logging and refactored initialization: - Added LogLevel enum to config and CLI flags --silent / --log-level - Added parse_cli() to handle --silent, --log-level, --help - Restructured main.rs initialization order: CLI → config load → determine log level → init tracing - Errors before tracing initialization are printed via eprintln! - Proxy links (tg://) are printed via println! – always visible regardless of log level - Configuration summary and operational messages are logged via info! (suppressed in silent mode) - Connection processing errors are lowered to debug! (hidden in silent mode) - Warning about default tls_domain moved to main (after tracing init) Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
2026-02-07 19:49:41 +03:00
crc32fast = "1.4"
Update Cargo.toml
2026-02-23 02:32:13 +03:00
crc32c = "0.6"
Zeroize for key + log refactor + fix tests - Fixed tests that failed to compile due to mismatched generic parameters of HandshakeResult: - Changed `HandshakeResult<i32>` to `HandshakeResult<i32, (), ()>` - Changed `HandshakeResult::BadClient` to `HandshakeResult::BadClient { reader: (), writer: () }` - Added Zeroize for all structures holding key material: - AesCbc – key and IV are zeroized on drop - SecureRandomInner – PRNG output buffer is zeroized on drop; local key copy in constructor is zeroized immediately after being passed to the cipher - ObfuscationParams – all four key‑material fields are zeroized on drop - HandshakeSuccess – all four key‑material fields are zeroized on drop - Added protocol‑requirement documentation for legacy hashes (CodeQL suppression) in hash.rs (MD5/SHA‑1) - Added documentation for zeroize limitations of AesCtr (opaque cipher state) in aes.rs - Implemented silent‑mode logging and refactored initialization: - Added LogLevel enum to config and CLI flags --silent / --log-level - Added parse_cli() to handle --silent, --log-level, --help - Restructured main.rs initialization order: CLI → config load → determine log level → init tracing - Errors before tracing initialization are printed via eprintln! - Proxy links (tg://) are printed via println! – always visible regardless of log level - Configuration summary and operational messages are logged via info! (suppressed in silent mode) - Connection processing errors are lowered to debug! (hidden in silent mode) - Warning about default tls_domain moved to main (after tracing init) Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
2026-02-07 19:49:41 +03:00
zeroize = { version = "1.8", features = ["derive"] }
ci: add security policy, cargo-deny configuration, and audit workflow - Add deny.toml with license/advisory policy for cargo-deny - Add security.yml GitHub Actions workflow for automated audit - Update rust.yml with hardened clippy lint enforcement - Update Cargo.toml/Cargo.lock with audit-related dependency additions - Fix clippy lint placement in config.toml (Clippy lints must not live in rustflags) Part of PR-SEC-1: no Rust source changes, establishes CI gates for all subsequent PRs.
2026-03-15 00:02:03 +04:00
subtle = "2.6"
security: harden handshake/masking flows and add adversarial regressions - forward valid-TLS/invalid-MTProto clients to mask backend in both client paths\n- harden TLS validation against timing and clock edge cases\n- move replay tracking behind successful authentication to avoid cache pollution\n- tighten secret decoding and key-material handling paths\n- add dedicated security test modules for tls/client/handshake/masking\n- include production-path regression for ClientHandler fallback behavior
2026-03-16 20:04:41 +04:00
static_assertions = "1.1"
1.0.0 Tschuss Status Quo - Hallo, Zukunft!
2025-12-30 05:08:05 +03:00
# Network
Update dependencies and refactor random number generation - Bump versions of several dependencies in Cargo.toml for improved functionality and security, including: - socket2 to 0.6 - nix to 0.31 - toml to 1.0 - x509-parser to 0.18 - dashmap to 6.1 - rand to 0.10 - reqwest to 0.13 - notify to 8.2 - ipnetwork to 0.21 - webpki-roots to 1.0 - criterion to 0.8 - Introduce `OnceLock` for secure random number generation in multiple modules to ensure thread safety and reduce overhead. - Refactor random number generation calls to use the new `RngExt` trait methods for consistency and clarity. - Add new PNG files for architectural documentation.
2026-03-21 15:43:07 +04:00
socket2 = { version = "0.6", features = ["all"] }
Add Unix daemon mode with PID file and privilege dropping Implement core daemon infrastructure for running telemt as a background service on Unix platforms (Linux, FreeBSD, etc.): - Add src/daemon module with classic double-fork daemonization - Implement flock-based PID file management to prevent duplicate instances - Add privilege dropping (setuid/setgid) after socket binding - New CLI flags: --daemon, --foreground, --pid-file, --run-as-user, --run-as-group, --working-dir Daemonization occurs before tokio runtime starts to ensure clean fork. PID file uses exclusive locking to detect already-running instances. Privilege dropping happens after bind_listeners() to allow binding to privileged ports (< 1024) before switching to unprivileged user. Signed-off-by: Vladimir Krivopalov <argenet@yandex.ru>
2026-03-20 20:31:47 +02:00
nix = { version = "0.31", default-features = false, features = [
"net",
"user",
"process",
"fs",
"signal",
] }
Add Shadowsocks upstream support
2026-03-18 12:36:44 +03:00
shadowsocks = { version = "1.24", features = ["aead-cipher-2022"] }
1.0.0 Tschuss Status Quo - Hallo, Zukunft!
2025-12-30 05:08:05 +03:00
Zeroize for key + log refactor + fix tests - Fixed tests that failed to compile due to mismatched generic parameters of HandshakeResult: - Changed `HandshakeResult<i32>` to `HandshakeResult<i32, (), ()>` - Changed `HandshakeResult::BadClient` to `HandshakeResult::BadClient { reader: (), writer: () }` - Added Zeroize for all structures holding key material: - AesCbc – key and IV are zeroized on drop - SecureRandomInner – PRNG output buffer is zeroized on drop; local key copy in constructor is zeroized immediately after being passed to the cipher - ObfuscationParams – all four key‑material fields are zeroized on drop - HandshakeSuccess – all four key‑material fields are zeroized on drop - Added protocol‑requirement documentation for legacy hashes (CodeQL suppression) in hash.rs (MD5/SHA‑1) - Added documentation for zeroize limitations of AesCtr (opaque cipher state) in aes.rs - Implemented silent‑mode logging and refactored initialization: - Added LogLevel enum to config and CLI flags --silent / --log-level - Added parse_cli() to handle --silent, --log-level, --help - Restructured main.rs initialization order: CLI → config load → determine log level → init tracing - Errors before tracing initialization are printed via eprintln! - Proxy links (tg://) are printed via println! – always visible regardless of log level - Configuration summary and operational messages are logged via info! (suppressed in silent mode) - Connection processing errors are lowered to debug! (hidden in silent mode) - Warning about default tls_domain moved to main (after tracing init) Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
2026-02-07 19:49:41 +03:00
# Serialization
1.0.0 Tschuss Status Quo - Hallo, Zukunft!
2025-12-30 05:08:05 +03:00
serde = { version = "1.0", features = ["derive"] }
serde_json = "1.0"
Update dependencies and refactor random number generation - Bump versions of several dependencies in Cargo.toml for improved functionality and security, including: - socket2 to 0.6 - nix to 0.31 - toml to 1.0 - x509-parser to 0.18 - dashmap to 6.1 - rand to 0.10 - reqwest to 0.13 - notify to 8.2 - ipnetwork to 0.21 - webpki-roots to 1.0 - criterion to 0.8 - Introduce `OnceLock` for secure random number generation in multiple modules to ensure thread safety and reduce overhead. - Refactor random number generation calls to use the new `RngExt` trait methods for consistency and clarity. - Add new PNG files for architectural documentation.
2026-03-21 15:43:07 +04:00
toml = "1.0"
x509-parser = "0.18"
1.0.0 Tschuss Status Quo - Hallo, Zukunft!
2025-12-30 05:08:05 +03:00
# Utils
Zeroize for key + log refactor + fix tests - Fixed tests that failed to compile due to mismatched generic parameters of HandshakeResult: - Changed `HandshakeResult<i32>` to `HandshakeResult<i32, (), ()>` - Changed `HandshakeResult::BadClient` to `HandshakeResult::BadClient { reader: (), writer: () }` - Added Zeroize for all structures holding key material: - AesCbc – key and IV are zeroized on drop - SecureRandomInner – PRNG output buffer is zeroized on drop; local key copy in constructor is zeroized immediately after being passed to the cipher - ObfuscationParams – all four key‑material fields are zeroized on drop - HandshakeSuccess – all four key‑material fields are zeroized on drop - Added protocol‑requirement documentation for legacy hashes (CodeQL suppression) in hash.rs (MD5/SHA‑1) - Added documentation for zeroize limitations of AesCtr (opaque cipher state) in aes.rs - Implemented silent‑mode logging and refactored initialization: - Added LogLevel enum to config and CLI flags --silent / --log-level - Added parse_cli() to handle --silent, --log-level, --help - Restructured main.rs initialization order: CLI → config load → determine log level → init tracing - Errors before tracing initialization are printed via eprintln! - Proxy links (tg://) are printed via println! – always visible regardless of log level - Configuration summary and operational messages are logged via info! (suppressed in silent mode) - Connection processing errors are lowered to debug! (hidden in silent mode) - Warning about default tls_domain moved to main (after tracing init) Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
2026-02-07 19:49:41 +03:00
bytes = "1.9"
thiserror = "2.0"
1.0.0 Tschuss Status Quo - Hallo, Zukunft!
2025-12-30 05:08:05 +03:00
tracing = "0.1"
tracing-subscriber = { version = "0.3", features = ["env-filter"] }
Add multi-destination logging: syslog and file support Implement logging infrastructure for non-systemd platforms: - Add src/logging.rs with syslog and file logging support - New CLI flags: --syslog, --log-file, --log-file-daily - Syslog uses libc directly with LOG_DAEMON facility - File logging via tracing-appender with optional daily rotation Update service scripts: - OpenRC and FreeBSD rc.d now use --syslog by default - Ensures logs are captured on platforms without journald Default (stderr) behavior unchanged for systemd compatibility. Log destination is selected at startup based on CLI flags. Signed-off-by: Vladimir Krivopalov <argenet@yandex.ru>
2026-03-20 22:26:42 +02:00
tracing-appender = "0.2"
1.0.0 Tschuss Status Quo - Hallo, Zukunft!
2025-12-30 05:08:05 +03:00
parking_lot = "0.12"
Update dependencies and refactor random number generation - Bump versions of several dependencies in Cargo.toml for improved functionality and security, including: - socket2 to 0.6 - nix to 0.31 - toml to 1.0 - x509-parser to 0.18 - dashmap to 6.1 - rand to 0.10 - reqwest to 0.13 - notify to 8.2 - ipnetwork to 0.21 - webpki-roots to 1.0 - criterion to 0.8 - Introduce `OnceLock` for secure random number generation in multiple modules to ensure thread safety and reduce overhead. - Refactor random number generation calls to use the new `RngExt` trait methods for consistency and clarity. - Add new PNG files for architectural documentation.
2026-03-21 15:43:07 +04:00
dashmap = "6.1"
Cargo.toml + Cargo.lock Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
2026-03-20 00:45:04 +03:00
arc-swap = "1.7"
Bump lru from 0.12.5 to 0.16.3 Bumps [lru](https://github.com/jeromefroe/lru-rs) from 0.12.5 to 0.16.3. - [Changelog](https://github.com/jeromefroe/lru-rs/blob/master/CHANGELOG.md) - [Commits](https://github.com/jeromefroe/lru-rs/compare/0.12.5...0.16.3) --- updated-dependencies: - dependency-name: lru dependency-version: 0.16.3 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
2026-02-13 00:31:52 +00:00
lru = "0.16"
Update dependencies and refactor random number generation - Bump versions of several dependencies in Cargo.toml for improved functionality and security, including: - socket2 to 0.6 - nix to 0.31 - toml to 1.0 - x509-parser to 0.18 - dashmap to 6.1 - rand to 0.10 - reqwest to 0.13 - notify to 8.2 - ipnetwork to 0.21 - webpki-roots to 1.0 - criterion to 0.8 - Introduce `OnceLock` for secure random number generation in multiple modules to ensure thread safety and reduce overhead. - Refactor random number generation calls to use the new `RngExt` trait methods for consistency and clarity. - Add new PNG files for architectural documentation.
2026-03-21 15:43:07 +04:00
rand = "0.10"
1.0.0 Tschuss Status Quo - Hallo, Zukunft!
2025-12-30 05:08:05 +03:00
chrono = { version = "0.4", features = ["serde"] }
hex = "0.4"
Zeroize for key + log refactor + fix tests - Fixed tests that failed to compile due to mismatched generic parameters of HandshakeResult: - Changed `HandshakeResult<i32>` to `HandshakeResult<i32, (), ()>` - Changed `HandshakeResult::BadClient` to `HandshakeResult::BadClient { reader: (), writer: () }` - Added Zeroize for all structures holding key material: - AesCbc – key and IV are zeroized on drop - SecureRandomInner – PRNG output buffer is zeroized on drop; local key copy in constructor is zeroized immediately after being passed to the cipher - ObfuscationParams – all four key‑material fields are zeroized on drop - HandshakeSuccess – all four key‑material fields are zeroized on drop - Added protocol‑requirement documentation for legacy hashes (CodeQL suppression) in hash.rs (MD5/SHA‑1) - Added documentation for zeroize limitations of AesCtr (opaque cipher state) in aes.rs - Implemented silent‑mode logging and refactored initialization: - Added LogLevel enum to config and CLI flags --silent / --log-level - Added parse_cli() to handle --silent, --log-level, --help - Restructured main.rs initialization order: CLI → config load → determine log level → init tracing - Errors before tracing initialization are printed via eprintln! - Proxy links (tg://) are printed via println! – always visible regardless of log level - Configuration summary and operational messages are logged via info! (suppressed in silent mode) - Connection processing errors are lowered to debug! (hidden in silent mode) - Warning about default tls_domain moved to main (after tracing init) Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
2026-02-07 19:49:41 +03:00
base64 = "0.22"
1.0.0 Tschuss Status Quo - Hallo, Zukunft!
2025-12-30 05:08:05 +03:00
url = "2.5"
Zeroize for key + log refactor + fix tests - Fixed tests that failed to compile due to mismatched generic parameters of HandshakeResult: - Changed `HandshakeResult<i32>` to `HandshakeResult<i32, (), ()>` - Changed `HandshakeResult::BadClient` to `HandshakeResult::BadClient { reader: (), writer: () }` - Added Zeroize for all structures holding key material: - AesCbc – key and IV are zeroized on drop - SecureRandomInner – PRNG output buffer is zeroized on drop; local key copy in constructor is zeroized immediately after being passed to the cipher - ObfuscationParams – all four key‑material fields are zeroized on drop - HandshakeSuccess – all four key‑material fields are zeroized on drop - Added protocol‑requirement documentation for legacy hashes (CodeQL suppression) in hash.rs (MD5/SHA‑1) - Added documentation for zeroize limitations of AesCtr (opaque cipher state) in aes.rs - Implemented silent‑mode logging and refactored initialization: - Added LogLevel enum to config and CLI flags --silent / --log-level - Added parse_cli() to handle --silent, --log-level, --help - Restructured main.rs initialization order: CLI → config load → determine log level → init tracing - Errors before tracing initialization are printed via eprintln! - Proxy links (tg://) are printed via println! – always visible regardless of log level - Configuration summary and operational messages are logged via info! (suppressed in silent mode) - Connection processing errors are lowered to debug! (hidden in silent mode) - Warning about default tls_domain moved to main (after tracing init) Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
2026-02-07 19:49:41 +03:00
regex = "1.11"
ET + SM + Crypto Fixes
2026-01-01 23:34:04 +03:00
crossbeam-queue = "0.3"
Num_bigint + Num_traits Fix
2026-02-15 14:15:56 +03:00
num-bigint = "0.4"
num-traits = "0.2"
Refactor and enhance security in proxy and handshake modules - Updated `direct_relay_security_tests.rs` to ensure sanitized paths are correctly validated against resolved paths. - Added tests for symlink handling in `unknown_dc_log_path_revalidation` to prevent symlink target escape vulnerabilities. - Modified `handshake.rs` to use a more robust hashing strategy for eviction offsets, improving the eviction logic in `auth_probe_record_failure_with_state`. - Introduced new tests in `handshake_security_tests.rs` to validate eviction logic under various conditions, ensuring low fail streak entries are prioritized for eviction. - Simplified `route_mode.rs` by removing unnecessary atomic mode tracking, streamlining the transition logic in `RouteRuntimeController`. - Enhanced `route_mode_security_tests.rs` with comprehensive tests for mode transitions and their effects on session states, ensuring consistency under concurrent modifications. - Cleaned up `emulator.rs` by removing unused ALPN extension handling, improving code clarity and maintainability.
2026-03-18 01:40:38 +04:00
x25519-dalek = "2"
TLS-F: build fixes Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
2026-02-20 13:14:09 +03:00
anyhow = "1.0"
1.0.0 Tschuss Status Quo - Hallo, Zukunft!
2025-12-30 05:08:05 +03:00
# HTTP
Update dependencies and refactor random number generation - Bump versions of several dependencies in Cargo.toml for improved functionality and security, including: - socket2 to 0.6 - nix to 0.31 - toml to 1.0 - x509-parser to 0.18 - dashmap to 6.1 - rand to 0.10 - reqwest to 0.13 - notify to 8.2 - ipnetwork to 0.21 - webpki-roots to 1.0 - criterion to 0.8 - Introduce `OnceLock` for secure random number generation in multiple modules to ensure thread safety and reduce overhead. - Refactor random number generation calls to use the new `RngExt` trait methods for consistency and clarity. - Add new PNG files for architectural documentation.
2026-03-21 15:43:07 +04:00
reqwest = { version = "0.13", features = ["rustls"], default-features = false }
notify = "8.2"
ipnetwork = { version = "0.21", features = ["serde"] }
Add Prometheus /metrics HTTP endpoint Wire up unused metrics_port/metrics_whitelist config into working HTTP server exposing proxy stats in Prometheus text format.
2026-02-17 01:11:01 +03:00
hyper = { version = "1", features = ["server", "http1"] }
hyper-util = { version = "0.1", features = ["tokio", "server-auto"] }
http-body-util = "0.1"
Improved perf for ME Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
2026-02-17 04:16:16 +03:00
httpdate = "1.0"
Add Unix daemon mode with PID file and privilege dropping Implement core daemon infrastructure for running telemt as a background service on Unix platforms (Linux, FreeBSD, etc.): - Add src/daemon module with classic double-fork daemonization - Implement flock-based PID file management to prevent duplicate instances - Add privilege dropping (setuid/setgid) after socket binding - New CLI flags: --daemon, --foreground, --pid-file, --run-as-user, --run-as-group, --working-dir Daemonization occurs before tokio runtime starts to ensure clean fork. PID file uses exclusive locking to detect already-running instances. Privilege dropping happens after bind_listeners() to allow binding to privileged ports (< 1024) before switching to unprivileged user. Signed-off-by: Vladimir Krivopalov <argenet@yandex.ru>
2026-03-20 20:31:47 +02:00
tokio-rustls = { version = "0.26", default-features = false, features = [
"tls12",
] }
rustls = { version = "0.23", default-features = false, features = [
"std",
"tls12",
"ring",
] }
Update dependencies and refactor random number generation - Bump versions of several dependencies in Cargo.toml for improved functionality and security, including: - socket2 to 0.6 - nix to 0.31 - toml to 1.0 - x509-parser to 0.18 - dashmap to 6.1 - rand to 0.10 - reqwest to 0.13 - notify to 8.2 - ipnetwork to 0.21 - webpki-roots to 1.0 - criterion to 0.8 - Introduce `OnceLock` for secure random number generation in multiple modules to ensure thread safety and reduce overhead. - Refactor random number generation calls to use the new `RngExt` trait methods for consistency and clarity. - Add new PNG files for architectural documentation.
2026-03-21 15:43:07 +04:00
webpki-roots = "1.0"
1.0.0 Tschuss Status Quo - Hallo, Zukunft!
2025-12-30 05:08:05 +03:00
[dev-dependencies]
tokio-test = "0.4"
Update dependencies and refactor random number generation - Bump versions of several dependencies in Cargo.toml for improved functionality and security, including: - socket2 to 0.6 - nix to 0.31 - toml to 1.0 - x509-parser to 0.18 - dashmap to 6.1 - rand to 0.10 - reqwest to 0.13 - notify to 8.2 - ipnetwork to 0.21 - webpki-roots to 1.0 - criterion to 0.8 - Introduce `OnceLock` for secure random number generation in multiple modules to ensure thread safety and reduce overhead. - Refactor random number generation calls to use the new `RngExt` trait methods for consistency and clarity. - Add new PNG files for architectural documentation.
2026-03-21 15:43:07 +04:00
criterion = "0.8"
1.0.0 Tschuss Status Quo - Hallo, Zukunft!
2025-12-30 05:08:05 +03:00
proptest = "1.4"
Zeroize for key + log refactor + fix tests - Fixed tests that failed to compile due to mismatched generic parameters of HandshakeResult: - Changed `HandshakeResult<i32>` to `HandshakeResult<i32, (), ()>` - Changed `HandshakeResult::BadClient` to `HandshakeResult::BadClient { reader: (), writer: () }` - Added Zeroize for all structures holding key material: - AesCbc – key and IV are zeroized on drop - SecureRandomInner – PRNG output buffer is zeroized on drop; local key copy in constructor is zeroized immediately after being passed to the cipher - ObfuscationParams – all four key‑material fields are zeroized on drop - HandshakeSuccess – all four key‑material fields are zeroized on drop - Added protocol‑requirement documentation for legacy hashes (CodeQL suppression) in hash.rs (MD5/SHA‑1) - Added documentation for zeroize limitations of AesCtr (opaque cipher state) in aes.rs - Implemented silent‑mode logging and refactored initialization: - Added LogLevel enum to config and CLI flags --silent / --log-level - Added parse_cli() to handle --silent, --log-level, --help - Restructured main.rs initialization order: CLI → config load → determine log level → init tracing - Errors before tracing initialization are printed via eprintln! - Proxy links (tg://) are printed via println! – always visible regardless of log level - Configuration summary and operational messages are logged via info! (suppressed in silent mode) - Connection processing errors are lowered to debug! (hidden in silent mode) - Warning about default tls_domain moved to main (after tracing init) Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
2026-02-07 19:49:41 +03:00
futures = "0.3"
1.0.0 Tschuss Status Quo - Hallo, Zukunft!
2025-12-30 05:08:05 +03:00
[[bench]]
name = "crypto_bench"
Update Cargo.toml
2026-02-15 13:20:19 +03:00
harness = false
Add Rust coding conventions and self-explanatory commenting guidelines; update dependencies and version in Cargo files; enhance OpenBSD support in installation and documentation; improve TCP socket configuration and testing
2026-03-11 20:49:51 +04:00
[profile.release]
Update release profile settings for better optimization
2026-03-24 14:01:49 +03:00
lto = "fat"
codegen-units = 1
Reference in New Issue Copy Permalink