aheh/MasterHttpRelayVPN-RUST
1
0
Fork 0
mirror of https://github.com/therealaleph/MasterHttpRelayVPN-RUST.git synced 2026-05-18 23:54:48 +03:00
Code Issues Packages Projects Releases Wiki Activity

v0.6.1: fix OpenWRT CA install + replace --user-less CI + perf pack artifacts

Browse Source 
v0.6.0's release CI was cancelled before it could produce artifacts.
This is a clean re-cut that also fixes a user-reported bug on OpenWRT.

=== OpenWRT CA install fix ===

User on issue #2 reported that --install-cert fails on an OpenWRT
router with 'install failed on this platform'. Two problems:

1. Misclassification. The old distro detector did a substring-match
   over all of /etc/os-release, and OpenWRT's file contains lines
   like OPENWRT_DEVICE_ARCH=x86_64 and OPENWRT_ARCH=x86_64 — which
   contain the substring 'arch' — so we classified OpenWRT as Arch
   Linux and tried to install into /etc/ca-certificates/trust-source/
   anchors/ (which doesn't exist there) and then run 'trust' (also
   missing). Predictable failure.

2. Even with correct classification, OpenWRT doesn't need the CA on
   the router itself. LAN clients are the ones terminating TLS through
   mhrv-rs's MITM; they're the ones that need to trust our root. The
   router is just forwarding packets. So emitting an error for the
   no-op case is misleading.

Fixes:

- Detect OpenWRT explicitly (/etc/openwrt_release marker file +
  ID=openwrt in os-release).
- Rewrite the fallback os-release parser to look at ID / ID_LIKE
  token-wise instead of substring-matching the whole file. Added
  support for raspbian / rocky / almalinux / endeavouros while we're
  there.
- For OpenWRT: install_linux returns Ok() with a clear message
  explaining that the CA needs to be installed on LAN clients, not
  on the router. No-op success instead of confusing error.
- For unknown distros: the error message now points at the CA file
  path and the two most common anchor dirs so the user can install
  manually.
- Extracted classify_os_release(&str) as a pure function and added
  8 unit tests, including a regression guard with a real OpenWRT 23.05
  os-release file so this specific substring-match bug can't return.

=== v0.6.0 perf pack (same as what cancelled CI was meant to ship) ===

- Connection pool pre-warm on startup (skip handshake on first request)
- Per-connection SNI rotation across known Google-edge subdomains
- Expanded SNI-rewrite suffix list (gstatic, googleusercontent,
  googleapis, ggpht, ytimg, blogspot, blogger)
- Per-site stats tracker + UI drill-down table
- Optional parallel script-ID dispatch (config field parallel_relay)
- TCP_NODELAY audit + fix on SNI-rewrite outbound

All 36 unit tests pass.

Closes-via-fix #2 follow-up.
This commit is contained in:
therealaleph
2026-04-22 02:57:16 +03:00
parent 3f0bbfdab0
commit 0072b3aed9
3 changed files with 155 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Cargo.toml
+1 -1
View File
@@ -1,6 +1,6 @@
[package]
name = "mhrv-rs"
version = "0.6.0"
version = "0.6.1"
edition = "2021"
description = "Rust port of MasterHttpRelayVPN -- DPI bypass via Google Apps Script relay with domain fronting"
license = "MIT"