From 016fdada68dcf8ce5b53c9a71c3075ab116ed8f1 Mon Sep 17 00:00:00 2001 From: Alexey <247128645+axkurcom@users.noreply.github.com> Date: Wed, 31 Dec 2025 04:39:49 +0300 Subject: [PATCH 01/11] Update README.md --- README.md | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 674a80c..d90e6d2 100644 --- a/README.md +++ b/README.md @@ -70,17 +70,18 @@ WantedBy=multi-user.target - Tokio's asynchronous architecture ## Roadmap -- Zero-copy, minimal allocs on hotpath +- Public IP in links - Config Reload-on-fly -- No global mutable state +- Bind to device or IP for outbound/inbound connections +- Adtag Support per SNI / Secret - Fail-fast on start + Fail-soft on runtime (only WARN/ERROR) +- Zero-copy, minimal allocs on hotpath +- DC Healthchecks + global fallback +- No global mutable state - Client isolation - Backpressure-aware IO - "Secret Policy" - SNI / Secret Routing :D -- Adtag Support per SNI / Secret -- DC Healthchecks + global fallback - Multi-upstream Balancer and Failover -- Bind to device or IP for outbound/inbound connections - Strict FSM per handshake - Session-based Antireplay with Sliding window, non-broking reconnects - Web Control: statistic, state of health, latency, client experience... From d64cccd52c5a71455cd5fabc5780355f876fcda8 Mon Sep 17 00:00:00 2001 From: Alexey <247128645+axkurcom@users.noreply.github.com> Date: Wed, 31 Dec 2025 04:45:28 +0300 Subject: [PATCH 02/11] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index d90e6d2..a9181b7 100644 --- a/README.md +++ b/README.md @@ -78,7 +78,7 @@ WantedBy=multi-user.target - Zero-copy, minimal allocs on hotpath - DC Healthchecks + global fallback - No global mutable state -- Client isolation +- Client isolation + Fair Bandwidth - Backpressure-aware IO - "Secret Policy" - SNI / Secret Routing :D - Multi-upstream Balancer and Failover From 5b281bf7fd6342131a5d1ea9ca14214e6f2fbafc Mon Sep 17 00:00:00 2001 From: Alexey <247128645+axkurcom@users.noreply.github.com> Date: Wed, 31 Dec 2025 05:10:18 +0300 Subject: [PATCH 03/11] Create telemt.service based Systemd service --- telemt.service | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 telemt.service diff --git a/telemt.service b/telemt.service new file mode 100644 index 0000000..b08b4c8 --- /dev/null +++ b/telemt.service @@ -0,0 +1,12 @@ +[Unit] +Description=Telemt +After=network.target + +[Service] +Type=simple +WorkingDirectory=/bin +ExecStart=/bin/telemt /etc/telemt.toml +Restart=on-failure + +[Install] +WantedBy=multi-user.target From 3805237d74bf17785a3a7caa33ae1c0a9ed2e12a Mon Sep 17 00:00:00 2001 From: Alexey <247128645+axkurcom@users.noreply.github.com> Date: Wed, 31 Dec 2025 05:28:32 +0300 Subject: [PATCH 04/11] Update README.md --- README.md | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/README.md b/README.md index a9181b7..c5a4615 100644 --- a/README.md +++ b/README.md @@ -62,6 +62,21 @@ WantedBy=multi-user.target 4. In Shell type `systemctl status telemt` - there you can reach info about current MTProxy status 5. In Shell type `systemctl enable telemt` - then telemt will start with system startup, after the network is up +## FAQ +### Telegram Calls via MTProxy +- Telegram architecture does **NOT allow calls via MTProxy**, but only via SOCKS5, which cannot be obfuscated +### How does DPI see MTProxy TLS? +- DPI sees MTProxy in Fake TLS mode as TLS +- the SNI you specify sends both the client and the server; +- ALPN is similar to HTTP 1.1/2; +- high entropy, which is normal for AES-encrypted traffic; +### Whitelist on IP +- MTProxy cannot work when there is: + - no IP connectivity to the target host + - OR all TCP traffic is blocked + - OR all TLS traffic is blocked, +- like most protocols on the Internet; this situation is observed in China behind the Great Chinese Firewall and in Russia on mobile networks + ## Why Rust? - Long-running reliability and idempotent behavior - Rust’s deterministic resource management - RAII From 45c7347e2282ceeaac7880d20a23c719c384dd88 Mon Sep 17 00:00:00 2001 From: Alexey <247128645+axkurcom@users.noreply.github.com> Date: Wed, 31 Dec 2025 05:29:09 +0300 Subject: [PATCH 05/11] Update README.md --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index c5a4615..0f633f0 100644 --- a/README.md +++ b/README.md @@ -75,7 +75,8 @@ WantedBy=multi-user.target - no IP connectivity to the target host - OR all TCP traffic is blocked - OR all TLS traffic is blocked, -- like most protocols on the Internet; this situation is observed in China behind the Great Chinese Firewall and in Russia on mobile networks +- like most protocols on the Internet; +- this situation is observed in China behind the Great Chinese Firewall and in Russia on mobile networks ## Why Rust? - Long-running reliability and idempotent behavior From 0ee71a59a021dcf2bbf5fd1e454db772a8b1b650 Mon Sep 17 00:00:00 2001 From: Alexey <247128645+axkurcom@users.noreply.github.com> Date: Wed, 31 Dec 2025 05:44:48 +0300 Subject: [PATCH 06/11] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 0f633f0..37f9bd3 100644 --- a/README.md +++ b/README.md @@ -66,7 +66,7 @@ WantedBy=multi-user.target ### Telegram Calls via MTProxy - Telegram architecture does **NOT allow calls via MTProxy**, but only via SOCKS5, which cannot be obfuscated ### How does DPI see MTProxy TLS? -- DPI sees MTProxy in Fake TLS mode as TLS +- DPI sees MTProxy in Fake TLS (ee) mode as TLS 1.3 - the SNI you specify sends both the client and the server; - ALPN is similar to HTTP 1.1/2; - high entropy, which is normal for AES-encrypted traffic; From 7f8904a9891a6c0da38e7a0b5bad118ee9d3d25d Mon Sep 17 00:00:00 2001 From: Alexey <247128645+axkurcom@users.noreply.github.com> Date: Wed, 31 Dec 2025 05:48:17 +0300 Subject: [PATCH 07/11] Update README.md --- README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/README.md b/README.md index 37f9bd3..3537f94 100644 --- a/README.md +++ b/README.md @@ -8,6 +8,10 @@ - [Build](#build) - [How to use?](#how-to-use) - [Systemd Method](#telemt-via-systemd) +- [FAQ](#faq) + - [Telegram Calls](#telegram-calls-via-mtproxy) + - [DPI](#how-does-dpi-see-mtproxy-tls) + - [Whitelist on Network Level](#whitelist-on-ip) - [Why Rust?](#why-rust) ## Features From 153cb7f3a38792f1770cd8c82dc3c676d5e79cf2 Mon Sep 17 00:00:00 2001 From: Alexey <247128645+axkurcom@users.noreply.github.com> Date: Wed, 31 Dec 2025 05:54:45 +0300 Subject: [PATCH 08/11] Create rust.yml --- .github/workflows/rust.yml | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 .github/workflows/rust.yml diff --git a/.github/workflows/rust.yml b/.github/workflows/rust.yml new file mode 100644 index 0000000..9fd45e0 --- /dev/null +++ b/.github/workflows/rust.yml @@ -0,0 +1,22 @@ +name: Rust + +on: + push: + branches: [ "main" ] + pull_request: + branches: [ "main" ] + +env: + CARGO_TERM_COLOR: always + +jobs: + build: + + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v4 + - name: Build + run: cargo build --verbose + - name: Run tests + run: cargo test --verbose From 06f34e55cdd422b5c54fdd00f836dada87c5c27a Mon Sep 17 00:00:00 2001 From: Alexey <247128645+axkurcom@users.noreply.github.com> Date: Wed, 31 Dec 2025 05:59:20 +0300 Subject: [PATCH 09/11] Update rust.yml --- .github/workflows/rust.yml | 50 ++++++++++++++++++++++++++++++++------ 1 file changed, 42 insertions(+), 8 deletions(-) diff --git a/.github/workflows/rust.yml b/.github/workflows/rust.yml index 9fd45e0..d1ca63b 100644 --- a/.github/workflows/rust.yml +++ b/.github/workflows/rust.yml @@ -2,21 +2,55 @@ name: Rust on: push: - branches: [ "main" ] + branches: [ main ] pull_request: - branches: [ "main" ] + branches: [ main ] env: CARGO_TERM_COLOR: always jobs: - build: - + build-and-test: + name: Build & Test runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 - - name: Build - run: cargo build --verbose - - name: Run tests + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Install latest stable Rust toolchain + uses: dtolnay/rust-toolchain@stable + with: + components: rustfmt, clippy + + - name: Cache cargo registry & build artifacts + uses: actions/cache@v4 + with: + path: | + ~/.cargo/registry + ~/.cargo/git + target + key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }} + restore-keys: | + ${{ runner.os }}-cargo- + + - name: Check Format + run: cargo fmt -- --check + + - name: Build Release + run: cargo build --release --verbose + + - name: Run Tests run: cargo test --verbose + + - name: Run benchmarks (if any) + if: always() + run: cargo bench || true + + - name: Check for unused dependencies + run: cargo udeps || true + + # - uses: dtolnay/rust-toolchain@stable + # with: + # toolchain: 1.76 # укажи свою MSRV из Cargo.toml + # - run: cargo check --all-targets From 7d9a8b99b4cf73aa258e3533f5c2ad7ffb5dbfff Mon Sep 17 00:00:00 2001 From: Alexey <247128645+axkurcom@users.noreply.github.com> Date: Wed, 31 Dec 2025 06:01:59 +0300 Subject: [PATCH 10/11] Update rust.yml --- .github/workflows/rust.yml | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/.github/workflows/rust.yml b/.github/workflows/rust.yml index d1ca63b..f4250c9 100644 --- a/.github/workflows/rust.yml +++ b/.github/workflows/rust.yml @@ -34,23 +34,11 @@ jobs: restore-keys: | ${{ runner.os }}-cargo- - - name: Check Format - run: cargo fmt -- --check - - name: Build Release run: cargo build --release --verbose - name: Run Tests run: cargo test --verbose - - name: Run benchmarks (if any) - if: always() - run: cargo bench || true - - name: Check for unused dependencies run: cargo udeps || true - - # - uses: dtolnay/rust-toolchain@stable - # with: - # toolchain: 1.76 # укажи свою MSRV из Cargo.toml - # - run: cargo check --all-targets From df4f312fec6359f2f92da3b65526a186a25fe3d9 Mon Sep 17 00:00:00 2001 From: Alexey <247128645+axkurcom@users.noreply.github.com> Date: Wed, 31 Dec 2025 06:04:56 +0300 Subject: [PATCH 11/11] Update rust.yml --- .github/workflows/rust.yml | 3 --- 1 file changed, 3 deletions(-) diff --git a/.github/workflows/rust.yml b/.github/workflows/rust.yml index f4250c9..347df8d 100644 --- a/.github/workflows/rust.yml +++ b/.github/workflows/rust.yml @@ -37,8 +37,5 @@ jobs: - name: Build Release run: cargo build --release --verbose - - name: Run Tests - run: cargo test --verbose - - name: Check for unused dependencies run: cargo udeps || true