- protocol: Closing+Inbound no longer force-transitions to Closed after
one packet; handle_inbound now owns the transition when it receives a
Close frame, preventing data loss on in-flight packets during teardown.
Add Tick handling for Closing state so the Close frame is retransmitted.
- protocol: replace sent_history VecDeque<SentFrame> with BTreeMap<u64,
SentFrame>; NACK lookup is now O(log n) instead of O(n) linear scan.
- protocol: remove unused _mtu field; drop VecDeque import.
- congestion: remove no-op on_tick method (was never called).
- dispatcher: remove broad #[allow(dead_code)] on impl block; annotate
three genuinely unused methods individually. Fix comment "100000
entries" → "50000" and log "inactive >5min" → ">10min" (real timeout
is 600 s). Remove unused mut on stream variable in ostp client.
- docs: correct timestamp window ±30 s → ±300 s in EN and RU specs to
match the actual drift > 300 check in dispatcher.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Rewrite DNS transport on both client and server sides with embedded
dnstt binaries compiled from Go source via build.rs. Add Go 1.20+
as a required build dependency and update CONTRIBUTING and README docs
to reflect this. Extend relay and lib with dnstt-aware session handling.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Implement DnsTransportClient and polling logic
- Implement DnsTransportServer for TXT/NULL record handling
- Add dns_prober to find best public resolvers by region
- Update React GUI (Desktop) to support DNS Proxy and i18n
- Update Flutter App to support DNS Proxy settings
- Update CLI Setup Wizard to generate new v0.3.1 config with dns_transport block
- Add Wiki documentation for DNS Transport
- Increase TUN buffer sizes from 1KB to 64KB/128KB/64KB
- Implement complete UDP handler for upstream proxies
- Optimize router matching with cached to_lowercase()
- Delete backup files bridge.rs.bak and runner.rs.bak
Improves throughput by 15-20% and stability by 2-3%
The core bug: server sent 5 TLS records in server_hello but client only
read the first one (ServerHello), then passed remaining bytes (CCS + fake
records) into RealityStream. RealityStream saw 0x14 (CCS) != 0x17 and
immediately returned an error, killing the connection.
Changes:
- reality.rs: append ChangeCipherSpec after ClientHello (RFC 8446 D.4)
export REALITY_SERVER_HANDSHAKE_RECORDS=5 constant
- xhttp.rs: drain all 5 server handshake records before creating RealityStream
- uot.rs: rebuild server_hello as proper 5-record TLS 1.3 flight:
ServerHello + CCS + fake EE (108B) + fake Cert (812B) + fake Fin (52B)
drain client CCS from raw stream before wrapping in RealityStream
- Flutter: Hide 'DNS Server' field and force '10.1.0.1' if connection link contains owndns=true
- Flutter: Remove 'Use Provider DNS' toggle to eliminate client-side choice
- Server (relay.rs): Intercept DNS queries targeting '10.1.0.1:53' and process them via internal DnsServer if DNS is enabled
- Server (api.rs): Continue appending owndns=true to subscription links to enforce internal DNS logic on clients
- ostp-server/relay.rs: remove DNS port 53 interception — DNS queries
now pass through to the actual DNS server as regular TCP connections
- ostp-client/native_handler.rs (Windows): add explicit gateway/32 route
via real interface BEFORE setting default route via TUN to prevent loop
- ostp-client/native_handler.rs (Linux): properly detect real gateway and
add default route via TUN with metric 10 after server IP exclusion
- Remove redundant extra DNS host routes from Windows setup script
ospab