ospab
/
ostp
mirror of https://github.com/ospab/ostp.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
385 Commits 2 Branches 170 Tags 131 MiB
Commit Graph

105 Commits

Author SHA1 Message Date
ospab 9d8f61fda5 fix: rename WindowsProxyGuard to SystemProxyGuard in bridge.rs 2026-06-02 23:01:45 +03:00
ospab fb0dbf9da1 feat: linux auto-sudo and tauri system tray background mode 2026-06-02 22:58:04 +03:00
ospab 5e4fd2be02 feat(linux): implement SystemProxyGuard with GNOME/KDE support and headless proxy prompt 2026-05-31 21:01:28 +03:00
ospab eef8869731 feat(cli): add --import, --proxy-env, interactive link prompt, and TUN safety guard for Linux 2026-05-31 20:53:54 +03:00
ospab 2fbdd4578d feat: user configured MTU automatically subtracts 48 for overhead compensation 2026-05-30 22:24:08 +03:00
ospab c9fad99144 fix: resolve deadlock, multiplexing backpressure, and LTE fragmentation issues 2026-05-30 22:21:12 +03:00
ospab 8771f17371 fix(client): resolve borrow after move error in bridge.rs and clean up warnings 2026-05-30 22:09:23 +03:00
ospab ad66bccba5 fix(client): send immediate Ping on connection to avoid 60s delay in UI 2026-05-30 22:07:22 +03:00
ospab 37719a3fac fix(client): flush stale proxy_rx messages on background reconnect to prevent UDP burst drops on mobile networks 2026-05-30 21:55:33 +03:00
ospab ae8f5f28ca Fix UDP IPv4-mapped IPv6 address matching bug and completely remove tun2socks 2026-05-30 21:14:29 +03:00
ospab 2a294c5fbc fix(client): make Android TUN read loop resilient to EINTR, don't abort tunnel on transient read errors 2026-05-30 02:35:14 +03:00
ospab 60b5d565e8 fix(client): stabilize UDP sessions - prevent crashes on transient recv errors in udp_nat and proxy 2026-05-30 02:12:15 +03:00
ospab 3a39f19b45 fix(client): fix async closure compilation error in udp_nat.rs 2026-05-30 02:03:56 +03:00
ospab f3f2cf1c17 fix(client): bind SOCKS5 UDP socket to IPv6 properly, and fix 100% CPU spin in Android TUN reader 2026-05-30 02:01:31 +03:00
ospab 3fd53686f8 fix(client): correctly parse ATYP in SOCKS5 UDP ASSOCIATE response to fix DNS/UDP on IPv6 networks 2026-05-30 01:52:25 +03:00
ospab 7e3b2e6633 fix(client): prevent TUN read loop from crashing on invalid IP packets (fixes LTE MTU/CLAT issues) 2026-05-30 01:42:18 +03:00
ospab b9a95708c9 fix(xhttp): rewrite RealityStream buffering to prevent packet drops and data loss 2026-05-30 01:10:29 +03:00
ospab cecd2756a0 fix(client/mobile): resolve fdsan crash and mobile network proxy issues, add auto config UI 2026-05-30 00:54:46 +03:00
ospab af4a16e809 fix(android): protect xhttp TCP socket from VPN routing loop 
When using xhttp (UoT) mode on Android, the underlying TcpStream was
not protected with VpnService.protect(fd). This caused the TCP connection
to be routed back into the TUN interface, creating an infinite routing
loop and failing the connection immediately.

Added Android-specific socket protection to the TcpStream in connect_xhttp.
This fixes xhttp/UoT mode on mobile networks.
 2026-05-29 17:27:50 +03:00
ospab ec333470aa fix(reality): fix TLS 1.3 handshake causing 1KB DPI cutoff on mobile 
The core bug: server sent 5 TLS records in server_hello but client only
read the first one (ServerHello), then passed remaining bytes (CCS + fake
records) into RealityStream. RealityStream saw 0x14 (CCS) != 0x17 and
immediately returned an error, killing the connection.

Changes:
- reality.rs: append ChangeCipherSpec after ClientHello (RFC 8446 D.4)
  export REALITY_SERVER_HANDSHAKE_RECORDS=5 constant
- xhttp.rs: drain all 5 server handshake records before creating RealityStream
- uot.rs: rebuild server_hello as proper 5-record TLS 1.3 flight:
  ServerHello + CCS + fake EE (108B) + fake Cert (812B) + fake Fin (52B)
  drain client CCS from raw stream before wrapping in RealityStream
 2026-05-29 16:21:59 +03:00
ospab ede54d3d0d feat: implement custom Reality protocol with ChaCha20Poly1305 and X25519 2026-05-29 15:00:17 +03:00
ospab ffa54cb5d7 feat: implement optional WSS framing for DPI bypass & extract framing logic 2026-05-29 13:59:59 +03:00
ospab bc0f739cee chore: reduce client and server logging verbosity for outbound datagrams and relays 2026-05-29 00:37:08 +03:00
ospab 4975073e3f feat: implement split-tunneling bypass for TCP/UDP and native UDP NAT 2026-05-29 00:06:11 +03:00
ospab 2ac66bec42 Fix Speedtest disconnects and Discord WebRTC 2026-05-28 19:25:06 +03:00
ospab 7fba4b8aa0 fix(client): prefer IPv6 on Android to support NAT64 mobile networks 2026-05-28 18:51:30 +03:00
ospab af19c52ac9 Fix Windows TUN NLA delays, UI timer, and Android UDP DNS resolution 2026-05-28 18:19:01 +03:00
ospab ac5031fd95 Fix Windows TUN routing loop for SIM modems (0.0.0.0 NextHop) 2026-05-28 16:40:49 +03:00
ospab 1e7f562f81 Fix frontend ignoring tunnel errors & fix blocking wintun routines 2026-05-28 16:32:59 +03:00
ospab 7f0afab42a Fix STUN bug, improve DNS in TUN, fix config gen, add GHA for clients 2026-05-28 14:39:42 +03:00
ospab 2c46750687 fix: remove DNS interception on server, fix TUN routing on Windows and Linux 
- ostp-server/relay.rs: remove DNS port 53 interception — DNS queries
  now pass through to the actual DNS server as regular TCP connections
- ostp-client/native_handler.rs (Windows): add explicit gateway/32 route
  via real interface BEFORE setting default route via TUN to prevent loop
- ostp-client/native_handler.rs (Linux): properly detect real gateway and
  add default route via TUN with metric 10 after server IP exclusion
- Remove redundant extra DNS host routes from Windows setup script
 2026-05-28 12:30:06 +03:00
ospab a20e74154e fix(client): proxy UDP DNS over TCP via local socks5 2026-05-28 01:39:20 +03:00
ospab 839a364cac fix(client): resolve server domain to IP before starting TUN to prevent DNS deadlock on reconnects 2026-05-28 01:09:10 +03:00
ospab f69f194923 feat: Built-in DNS Server with AdBlock and DoH proxy 2026-05-27 22:23:06 +03:00
ospab 36a325997c fix(server): generate correct public IP for client configs instead of 0.0.0.0 2026-05-27 18:17:11 +03:00
ospab 8ab49b84e9 feat: migrate TUN tunnel to native in-process smoltcp and refactor Android JNI layer 2026-05-27 00:17:19 +03:00
ospab 51875dba87 perf: increase backpressure limit to 16384 and reduce retransmit tick to 10ms for multi-gigabit speeds 2026-05-26 23:21:33 +03:00
ospab abcb8999ce fix: integrate BBR cwnd for bufferbloat and relax mobile timeouts 2026-05-26 20:54:30 +03:00
ospab 87540166f6 gui, flutter: use server rtt for ping display 2026-05-25 23:00:52 +03:00
ospab 9e50984549 Fix linux format args, proxy config fields, and unused warnings 2026-05-24 23:03:50 +03:00
ospab 3e511f1fc5 Implement XTLS-Reality masquerade for UoT/TCP and fix MTU/config settings 2026-05-24 22:49:51 +03:00
ospab ef242bf6f4 feat(client): add linux headless warnings for TUN mode and sysproxy instructions 2026-05-21 22:31:02 +03:00
ospab 3ffa057d03 fix(client): fix catastrophic channel loopback in UoT transport that echoed packets locally 2026-05-21 18:24:48 +03:00
ospab 1cff291fdd fix: noise-read in UoT handshake (single attempt, 4s timeout); add TCP rate limiter against bots 2026-05-21 15:15:56 +03:00
ospab 09b6f202d0 fix: UoT always uses plain TCP (remove broken TLS branch for port 443) 2026-05-21 14:59:48 +03:00
ospab 41562707ec fix: UoT uses server port instead of hardcoded 443 when stealth_port not overridden 2026-05-21 14:54:03 +03:00
ospab 3febe79b15 feat: log raw HTTP response on UoT handshake failure 2026-05-21 14:35:45 +03:00
ospab 834c244f94 feat: disguise UoT handshake as WebSocket to bypass DPI and proxies 2026-05-21 14:11:50 +03:00
ospab 960382e93b fix: revert UoT POST back to GET for direct DPI bypass without proxy 2026-05-21 14:05:43 +03:00
ospab 1bc63c4094 feat: add X-Ostp-Server validation to UoT handshake 2026-05-21 13:15:49 +03:00