v1.6.0: end-to-end UDP support in Full Tunnel mode

Ships PR #183. SOCKS5 UDP ASSOCIATE → tunnel-mux udp_open/udp_data ops
→ tunnel-node UDP sessions → real UDP egress. QUIC/HTTP3, DNS, and
STUN now traverse the tunnel instead of falling back to TCP or
leaking outside it.

- 256-session-per-associate cap with FIFO eviction
- 9 KB datagram size guard (DNS/STUN tiny, QUIC max ~1452, leaves
  IPv6 PMTUD headroom without burning Apps Script quota on rogue
  traffic)
- Source-IP pinned to the control TCP peer; port locked to first
  parseable datagram (malformed datagrams from the right IP no
  longer DoS the legitimate flow)
- Event-driven UDP drain reusing v1.5.0's long-poll knobs

Backward compat: TunnelResponse.pkts is `Option<Vec<String>>` with
serde default; v1.5.0 clients hitting v1.6.0 tunnel-nodes ignore
the new field; v1.6.0 clients hitting v1.5.0 tunnel-nodes get
UNSUPPORTED_OP on udp_open and the existing fallback path takes
over (TCP-only). Apps Script CodeFull.gs is opaque to the new ops
— no redeploy needed; just doc-comment update.

98 lib tests + 22 tunnel-node tests pass (was 92 + 17 before).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

Cargo.lock

@@ -2186,7 +2186,7 @@ dependencies = [
 
 [[package]]
 name = "mhrv-rs"
-version = "1.5.0"
+version = "1.6.0"
 dependencies = [
  "base64 0.22.1",
  "bytes",

Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "mhrv-rs"
-version = "1.5.0"
+version = "1.6.0"
 edition = "2021"
 description = "Rust port of MasterHttpRelayVPN -- DPI bypass via Google Apps Script relay with domain fronting"
 license = "MIT"

android/app/build.gradle.kts

@@ -14,8 +14,8 @@ android {
         applicationId = "com.therealaleph.mhrv"
         minSdk = 24 // Android 7.0 — covers 99%+ of live devices.
         targetSdk = 34
-        versionCode = 138
-        versionName = "1.5.0"
+        versionCode = 139
+        versionName = "1.6.0"
 
         // Ship all four mainstream Android ABIs:
         //   - arm64-v8a      — 95%+ of real-world Android phones since 2019

docs/changelog/v1.6.0.md

@@ -0,0 +1,4 @@
+<!-- see docs/changelog/v1.1.0.md for the file format: Persian, then `---`, then English. -->
+• پشتیبانی کامل UDP در حالت Full Tunnel ([#183](https://github.com/therealaleph/MasterHttpRelayVPN-RUST/pull/183)): SOCKS5 `UDP ASSOCIATE` کلاینت → opهای جدید `udp_open` و `udp_data` در tunnel-mux → سشن‌های UDP در tunnel-node. حالا QUIC/HTTP3، DNS، و STUN از داخل تونل عبور می‌کنن، نه از طریق fallback به TCP یا leak خارج تونل. سقف ۲۵۶ سشن UDP در هر `UDP ASSOCIATE`، سقف ۹ کیلوبایت برای datagram، source-IP pinning به peer کنترل، long-poll مبتنی بر event برای drain (با همون knobهای ACTIVE_DRAIN_DEADLINE / LONGPOLL_DEADLINE که در v1.5.0 معرفی شدن). افزودن backward-compatible: tunnel-nodeهای قدیمی‌تر با `UNSUPPORTED_OP` پاسخ میدن و کلاینت به مسیر TCP-only برمی‌گرده. CodeFull.gs بدون نیاز به redeploy — opها به‌صورت opaque عبور می‌کنن
+---
+• End-to-end UDP support in Full Tunnel mode ([#183](https://github.com/therealaleph/MasterHttpRelayVPN-RUST/pull/183)): SOCKS5 client `UDP ASSOCIATE` → new `udp_open` / `udp_data` ops on the tunnel mux → UDP sessions on the tunnel-node. QUIC/HTTP3, DNS, and STUN now traverse the tunnel instead of falling back to TCP or leaking outside it. 256 UDP sessions per `UDP ASSOCIATE` cap with FIFO eviction, 9 KB datagram size guard, source-IP pinning to the control TCP peer, event-driven drain reusing the v1.5.0 long-poll knobs. Wire-additive: older tunnel-nodes return `UNSUPPORTED_OP` and clients fall back to TCP-only. `CodeFull.gs` doesn't need re-deploy — the new ops pass through opaquely. 98 lib tests + 22 tunnel-node tests pass (was 92 + 17; 6 new SOCKS5 UDP parser tests + 5 new UDP session lifecycle tests including a mixed TCP/UDP batch regression test)