9dd029ae52
Fix all compilation errors and suppress all warnings across workspace
2026-06-13 02:30:57 +03:00
8749f12026
Fix CLI setup permissions, enforce global debug tracing, and fix GUI silent startup crash
2026-06-13 01:25:54 +03:00
2b0d85b530
Remove built-in DNS server and owndns features
2026-06-10 22:52:35 +03:00
6bf7b06b43
Remove stealth_port entirely and integrate fallback into UoT HTTP handler
2026-06-10 02:26:13 +03:00
d0b79bd4b5
feat: implement built-in DNS server, adblock and dns leak prevention
2026-06-07 19:55:42 +03:00
332c714b61
Refactor: Phase 1 and 2 - Async architecture, JNI fixes, SmolTCP data races, and Tunnel optimizations
2026-06-03 02:06:06 +03:00
ae8f5f28ca
Fix UDP IPv4-mapped IPv6 address matching bug and completely remove tun2socks
2026-05-30 21:14:29 +03:00
b9a95708c9
fix(xhttp): rewrite RealityStream buffering to prevent packet drops and data loss
2026-05-30 01:10:29 +03:00
cecd2756a0
fix(client/mobile): resolve fdsan crash and mobile network proxy issues, add auto config UI
2026-05-30 00:54:46 +03:00
ec333470aa
fix(reality): fix TLS 1.3 handshake causing 1KB DPI cutoff on mobile
...
The core bug: server sent 5 TLS records in server_hello but client only
read the first one (ServerHello), then passed remaining bytes (CCS + fake
records) into RealityStream. RealityStream saw 0x14 (CCS) != 0x17 and
immediately returned an error, killing the connection.
Changes:
- reality.rs: append ChangeCipherSpec after ClientHello (RFC 8446 D.4)
export REALITY_SERVER_HANDSHAKE_RECORDS=5 constant
- xhttp.rs: drain all 5 server handshake records before creating RealityStream
- uot.rs: rebuild server_hello as proper 5-record TLS 1.3 flight:
ServerHello + CCS + fake EE (108B) + fake Cert (812B) + fake Fin (52B)
drain client CCS from raw stream before wrapping in RealityStream
2026-05-29 16:21:59 +03:00
ede54d3d0d
feat: implement custom Reality protocol with ChaCha20Poly1305 and X25519
2026-05-29 15:00:17 +03:00
ffa54cb5d7
feat: implement optional WSS framing for DPI bypass & extract framing logic
2026-05-29 13:59:59 +03:00
bc0f739cee
chore: reduce client and server logging verbosity for outbound datagrams and relays
2026-05-29 00:37:08 +03:00
57d5715eb8
Fix E0728: cannot await inside or_else closure in relay.rs
2026-05-28 19:39:07 +03:00
2ac66bec42
Fix Speedtest disconnects and Discord WebRTC
2026-05-28 19:25:06 +03:00
cbb0093dd5
Fix UDP over XHTTP and intercept 10.1.0.1 for panel.ostp
2026-05-28 19:13:39 +03:00
af19c52ac9
Fix Windows TUN NLA delays, UI timer, and Android UDP DNS resolution
2026-05-28 18:19:01 +03:00
7f0afab42a
Fix STUN bug, improve DNS in TUN, fix config gen, add GHA for clients
2026-05-28 14:39:42 +03:00
e60324ef1a
feat: enforce internal DNS on client and restore DNS interception on server
...
- Flutter: Hide 'DNS Server' field and force '10.1.0.1' if connection link contains owndns=true
- Flutter: Remove 'Use Provider DNS' toggle to eliminate client-side choice
- Server (relay.rs): Intercept DNS queries targeting '10.1.0.1:53' and process them via internal DnsServer if DNS is enabled
- Server (api.rs): Continue appending owndns=true to subscription links to enforce internal DNS logic on clients
2026-05-28 13:18:56 +03:00
2c46750687
fix: remove DNS interception on server, fix TUN routing on Windows and Linux
...
- ostp-server/relay.rs: remove DNS port 53 interception — DNS queries
now pass through to the actual DNS server as regular TCP connections
- ostp-client/native_handler.rs (Windows): add explicit gateway/32 route
via real interface BEFORE setting default route via TUN to prevent loop
- ostp-client/native_handler.rs (Linux): properly detect real gateway and
add default route via TUN with metric 10 after server IP exclusion
- Remove redundant extra DNS host routes from Windows setup script
2026-05-28 12:30:06 +03:00
03e113fccf
fix(server): return API token support for Relay servers sync
2026-05-28 01:28:29 +03:00
987e42d619
fix: make handle_subscribe future Send by scoping RwLockReadGuard
2026-05-27 23:38:32 +03:00
b7eb06609f
fix: Persist DNS configuration to config.json
2026-05-27 22:49:28 +03:00
f69f194923
feat: Built-in DNS Server with AdBlock and DoH proxy
2026-05-27 22:23:06 +03:00
36a325997c
fix(server): generate correct public IP for client configs instead of 0.0.0.0
2026-05-27 18:17:11 +03:00
8ab49b84e9
feat: migrate TUN tunnel to native in-process smoltcp and refactor Android JNI layer
2026-05-27 00:17:19 +03:00
51875dba87
perf: increase backpressure limit to 16384 and reduce retransmit tick to 10ms for multi-gigabit speeds
2026-05-26 23:21:33 +03:00
25232a1c3a
fix: use proper axum 0.8 wildcard syntax to fix runtime panic
2026-05-26 22:27:13 +03:00
3189b06484
fix: redirect exact webpath to trailing slash and fix empty webpath static handler prefix
2026-05-26 22:17:27 +03:00
7f499d6263
feat: embed web panel via rust-embed with login page and custom webpath
2026-05-26 21:30:49 +03:00
abcb8999ce
fix: integrate BBR cwnd for bufferbloat and relax mobile timeouts
2026-05-26 20:54:30 +03:00
9c59cabfc7
fix: ostp --update uses correct install URL; api returns name in user list
2026-05-26 20:24:33 +03:00
097a67e214
Fix axum duplicate route panic on server startup
2026-05-26 19:55:55 +03:00
cba7be4b75
Implement config management API, token generation, and update wiki
2026-05-26 19:33:45 +03:00
d79b6f2384
feat: relay node system with HMAC pre-validation and key sync from upstream API
2026-05-26 16:29:23 +03:00
743ede0602
Fix duplicate rustls CryptoProvider panic
2026-05-25 22:32:55 +03:00
9e50984549
Fix linux format args, proxy config fields, and unused warnings
2026-05-24 23:03:50 +03:00
3e511f1fc5
Implement XTLS-Reality masquerade for UoT/TCP and fix MTU/config settings
2026-05-24 22:49:51 +03:00
1cff291fdd
fix: noise-read in UoT handshake (single attempt, 4s timeout); add TCP rate limiter against bots
2026-05-21 15:15:56 +03:00
09b6f202d0
fix: UoT always uses plain TCP (remove broken TLS branch for port 443)
2026-05-21 14:59:48 +03:00
cc3b0b689d
fix: UoT server logs warn level, fix duplicate mux config, fix i686 CI with cross
2026-05-21 14:45:29 +03:00
834c244f94
feat: disguise UoT handshake as WebSocket to bypass DPI and proxies
2026-05-21 14:11:50 +03:00
960382e93b
fix: revert UoT POST back to GET for direct DPI bypass without proxy
2026-05-21 14:05:43 +03:00
1bc63c4094
feat: add X-Ostp-Server validation to UoT handshake
2026-05-21 13:15:49 +03:00
92fc73756f
fix: use POST and Content-Length in UoT to prevent nginx chunked encoding
2026-05-21 13:06:06 +03:00
a81625d721
fix: correctly handle payload buffering during http handshake in uot
2026-05-21 12:43:47 +03:00
81293a9071
feat: indicate protocol in connection log
2026-05-21 02:24:53 +03:00
ceb760e4ce
feat: implement server-side UoT and MTU tuning
2026-05-21 02:23:49 +03:00
3a4b5a8c63
chore: fix cargo clippy warnings
...
- Boxed HandshakeState in NoiseSession to reduce enum variant sizes
- Used is_ok() instead of let Ok(_) pattern
- Applied automatic clippy fixes for minor warnings
2026-05-17 22:22:39 +03:00
73f84a951a
feat: wire-level 0-RTT Resume frame, subscription API, adaptive pacing integration
...
Wire protocol:
- FrameKind::Resume (7) for 0-RTT session resumption
- Protocol handles Resume as early data delivery (zero round-trip)
Management API:
- GET /api/subscribe/{key} — returns client config JSON (sub-store compatible)
- Accept: text/plain returns ostp:// share link
- No Bearer token required — key itself is authentication
- ApiState extended with server_host/server_port for link generation
Graceful shutdown:
- Already implemented via wait_for_shutdown_signal() + tokio::select!
- Server drains in-flight frames before exit
35 tests pass, 0 failures, 0 warnings.
2026-05-17 21:42:01 +03:00
ospab