aheh/MasterHttpRelayVPN-RUST
1
0
Fork 0
mirror of https://github.com/therealaleph/MasterHttpRelayVPN-RUST.git synced 2026-05-18 07:44:47 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
55c1256fe11c1f7c812f876e534696f9a71e4b70
MasterHttpRelayVPN-RUST/docs/changelog/v1.8.1.md
T
therealaleph ce3030f6b3 feat: v1.8.1 — decoy detection + script_id in error logs + disable_padding flag 
Three small, ship-able-now changes from the past day's issue triage:

1. Client-side detection of the v1.8.0 bad-auth decoy HTML
   (#404 w0l4i, #310 sina-b4hrm)

   When mhrv-rs gets back the decoy HTML body that v1.8.0's Code.gs/
   CodeFull.gs/tunnel-node return on bad AUTH_KEY, the client now
   string-matches the body's distinctive "The script completed but
   did not return anything" sentinel and emits an explicit ERROR
   line naming AUTH_KEY mismatch as the likely cause + walking the
   user through "redeploy as new version" + the DIAGNOSTIC_MODE
   escape hatch — instead of the previous cryptic "WARN batch
   failed: bad response: no json in batch response: <!DOCTYPE...".

   Saves users hours of debugging. Reported pattern hits everyone
   who edits Code.gs's AUTH_KEY without redeploying as a new version
   (Apps Script doesn't auto-pick-up that change).

2. script_id in every batch-failure log (#404 w0l4i)

   Previously WARN batch-failed lines didn't say which deployment
   failed. In multi-deployment setups (5–10 deployments where
   some have stale AUTH_KEY), users couldn't identify the culprit
   without the per-deployment curl probe loop.

   All four failure paths in tunnel_client::fire_batch — timeout,
   bad response, decoy detection, missing-response-in-batch — now
   include the script_id short prefix: `batch failed (script
   AKfycbz4): ...`. Combined with #1 above, this is the first
   reliable diagnostic for the "1 of 8 deployments has bad
   AUTH_KEY" pattern.

3. New disable_padding config flag (#391 EBRAHIM-AM)

   Default false (padding active = stronger DPI defense). For
   users on heavily-throttled ISPs where v1.8.0's ~25% bandwidth
   overhead from random padding compounds with the throttle and
   pushes borderline-working batches into timeouts, setting
   `"disable_padding": true` in config.json recovers headroom at
   the cost of losing length-distribution DPI defense.

   Don't flip on speculatively — only enable if you've measured
   actual throughput improvement on your specific ISP path. For
   users where Apps Script outbound flows freely, padding is free
   defense.

Tested:
- cargo build --release --bin mhrv-rs: clean
- cargo build --release --bin mhrv-rs-ui --features ui: clean
- cargo test --release --lib: 154 passed
- UI FormState round-trips disable_padding through save/load

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-28 13:24:54 +03:00

9 lines
4.9 KiB
Markdown
Raw Blame History

<!-- see docs/changelog/v1.1.0.md for the file format: Persian, then `---`, then English. -->
• تشخیص خطای decoy v1.8.0 در سمت کلاینت — پیغام واضح به‌جای cryptic ([#404](https://github.com/therealaleph/MasterHttpRelayVPN-RUST/issues/404)، [#310](https://github.com/therealaleph/MasterHttpRelayVPN-RUST/issues/310)): قبلاً وقتی deployment auth fail می‌گرفت + decoy HTML برمی‌گردوند، client پیغام `WARN batch failed: bad response: no json in batch response: <!DOCTYPE html>...` می‌داد. کاربر باید خودش متن decoy رو می‌شناخت تا تشخیص بده. حالا client decoy رو با string-match تشخیص می‌ده + پیغام explicit می‌ده: "got the v1.8.0 bad-auth decoy — your AUTH_KEY in mhrv-rs config does NOT match the AUTH_KEY in this deployment's Code.gs. Either fix the mismatch + redeploy as a NEW VERSION, or set DIAGNOSTIC_MODE=true at the top of Code.gs + redeploy to see the explicit JSON `unauthorized` error during setup." — کاربر مستقیم می‌فهمه چی بکنه + ساعت‌ها debug ذخیره می‌شه
• اضافه شدن `script_id` به همه log‌های batch-failure ([#404](https://github.com/therealaleph/MasterHttpRelayVPN-RUST/issues/404)): قبلاً log `WARN batch failed: ...` نام deployment که fail کرد رو نشون نمی‌داد. در multi-deployment scenarios (5-10 deployment که برخی AUTH_KEY اشتباه داره)، کاربر نمی‌تونست بدون سختی deployment معیوب رو identify کنه. حالا همه پیغام‌های failure (timeout، bad response، decoy، missing-response-in-batch) شامل short prefix script_id هستند: `batch failed (script AKfycbz4): ...`. این + flag تشخیص decoy، اولین diagnostic از سرنوشت توزیع کاربری به طور reliable
• Flag config جدید `disable_padding: true` ([#391](https://github.com/therealaleph/MasterHttpRelayVPN-RUST/issues/391)): پیش‌فرض `false` (padding فعال = DPI defense). برای کاربران روی ISP‌های heavily-throttled که هزینه padding ~۲۵٪ bandwidth با throttle compounds + batchهای borderline-working رو into timeout می‌اندازه، گذاشتن `"disable_padding": true` در config.json در ازای محافظت length-distribution DPI، headroom برمی‌گردونه. توصیه نیست speculatively فعال بشه — فقط بعد از measurement throughput improvement.
---
• Client-side decoy detection — clear hint instead of cryptic error ([#404](https://github.com/therealaleph/MasterHttpRelayVPN-RUST/issues/404), [#310](https://github.com/therealaleph/MasterHttpRelayVPN-RUST/issues/310)): previously when a deployment had a stale/wrong AUTH_KEY, mhrv-rs returned the v1.8.0 bad-auth decoy HTML, and the client logged `WARN batch failed: bad response: no json in batch response: <!DOCTYPE html>...` — leaving the user to recognize the decoy body string and infer the cause. Now the client string-matches the decoy and emits an explicit error: "got the v1.8.0 bad-auth decoy — your AUTH_KEY in mhrv-rs config does NOT match the AUTH_KEY in this deployment's Code.gs. Either fix the mismatch + redeploy as a NEW VERSION (Apps Script doesn't auto-pick-up AUTH_KEY edits without an explicit redeploy), or set DIAGNOSTIC_MODE=true at the top of Code.gs + redeploy to see the explicit JSON `unauthorized` error during setup." Saves users hours of staring at "no json in batch response" trying to figure out what's wrong.
• Add `script_id` to every batch-failure log line ([#404](https://github.com/therealaleph/MasterHttpRelayVPN-RUST/issues/404)): previously `WARN batch failed: ...` didn't identify which deployment failed. In multi-deployment setups (5-10 deployments where one or two have a stale AUTH_KEY), users couldn't identify the culprit without the per-deployment curl probe loop. Every failure log line now includes the short script_id prefix: `batch failed (script AKfycbz4): ...`, applied to all four failure paths (timeout, bad response, decoy, missing-response-in-batch). Together with the decoy detection above, the first reliable diagnostic for the multi-deployment-with-one-bad-AUTH_KEY user pattern.
• New `disable_padding: true` config flag ([#391](https://github.com/therealaleph/MasterHttpRelayVPN-RUST/issues/391)): default `false` (padding active, full DPI defense). For users on heavily-throttled ISPs where the v1.8.0 random-padding cost (+~25% bandwidth per batch) compounds with the throttle to push borderline-working batches into timeouts, setting `"disable_padding": true` in `config.json` recovers headroom in exchange for losing length-distribution DPI defense. Don't flip on speculatively — for users where Apps Script outbound is uncongested, padding is free defense. Only enable if you've measured throughput improvement after the flip on your specific ISP path.
Reference in New Issue View Git Blame Copy Permalink