aheh/MasterHttpRelayVPN-RUST
1
0
Fork 0
mirror of https://github.com/therealaleph/MasterHttpRelayVPN-RUST.git synced 2026-05-18 23:54:48 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
75401acf0c1e27a0e64fd9b05110325f3f21ff99
MasterHttpRelayVPN-RUST/docs/changelog/v1.2.6.md
T
therealaleph 658e72fe0d v1.2.6: rust-cache bin pruning fix + PR #83 scan-sni 
v1.2.4 and v1.2.5 both cut clean tags but CI failed downstream for
different self-hosted reasons:

- v1.2.4 failed on parallel apt-lock race (fixed)
- v1.2.5 failed with "TOML parse error at line 5 column 9" because
  rust-cache v2's default cache-bin=true prunes $CARGO_HOME/bin of
  any binary not installed via `cargo install`. `rustup` itself is
  installed by rustup-init, not cargo install, so it got flagged as
  "unknown" and deleted on cache save. Next job hits the cargo
  symlink that points at a missing rustup, which resolves somehow
  to a very old cargo that can't parse our Cargo.toml.

Fix:
- Set `cache-bin: "false"` on every Swatinem/rust-cache@v2 call.
  We still cache target/ + registry (the big win), just not bin/.
  Binaries are stable across runs on our self-hosted box anyway.
- Reinstalled rustup inside each per-runner CARGO_HOME on the server
  to recover from the broken state.

Also in this release:
- PR #83: new `mhrv-rs scan-sni` subcommand. Pulls Google's
  published IP ranges, does PTR lookups via dns.google on each IP,
  filters to Google-related hostnames, then TLS-probes each
  discovered SNI against the configured google_ip to see which ones
  bypass DPI. Useful for rebuilding a working SNI pool on a new ISP.
  Adds the `url` crate dep.

Same user-facing code as v1.2.4/v1.2.5 (PRs #78, #79, README Android
note) plus PR #83 and the CI fixes on top.
2026-04-23 21:22:17 +03:00

14 lines
3.4 KiB
Markdown
Raw Blame History

<!-- see docs/changelog/v1.1.0.md for the file format: Persian, then `---`, then English. -->
• سخت‌کردن range-parallel: اعتبارسنجی هدر `Content-Range` قبل از دوختن پاسخ‌های ۲۰۶. پاسخ‌های نامعتبر دیگه به صورت ۲۰۰ OK جعلی ترکیب نمی‌شن — probe نامعتبر به GET تکی برمی‌گرده، چانک‌های نامعتبر به پاسخ probe برمی‌گرده (PR #78)
• رد configهایی که HTTP و SOCKS5 رو روی یک پورت تنظیم کرده‌اند قبل از bind failure زمان اجرا. هم در load config و هم در فرم UI چک می‌شه (PR #79)
• یادداشت README درباره محدودیت user-CA اندروید 7+ — اپ‌هایی مثل Telegram / WhatsApp / Instagram به CA ما اعتماد نمی‌کنن، برای اون‌ها از PROXY_ONLY یا upstream_socks5 استفاده کنید (issues #74 #81)
• رفع زیرساخت CI (دور دوم): rust-cache v2 به صورت پیش‌فرض `$CARGO_HOME/bin` رو در پایان هر job pruneمی‌کرد و باینری `rustup` رو (که توسط rustup-init نصب شده، نه `cargo install`) پاک می‌کرد. این باعث می‌شد jobهای بعدی روی symlinkهای شکسته به TOML parse error برخورد کنن. حالا `cache-bin: "false"` تنظیم کردیم و `cargo-ndk` هم به `/usr/local/bin/` منتقل شده
• اسکن SNI خودکار: دستور جدید `mhrv-rs scan-sni` که از رنج IPهای Google با PTR lookup روی dns.google شروع می‌کنه، روی هر IP SNIهای Google-related رو کشف می‌کنه، و هر کدوم رو با TLS handshake علیه `google_ip` تست می‌کنه تا ببینه DPI رو رد می‌کنن یا نه (PR #83)
---
• Range-parallel hardening: validate `Content-Range` before stitching 206 responses. Invalid responses no longer combine into a fake 200 OK — invalid probe falls back to a normal single GET, invalid later chunks fall back to the probe response (PR #78)
• Reject configs that set HTTP and SOCKS5 to the same port before the runtime bind failure. Enforced both at config-load time and in the UI form (PR #79)
• README note on the Android 7+ user-CA trust limit — apps like Telegram / WhatsApp / Instagram don't trust user-installed CAs, use PROXY_ONLY or upstream_socks5 for those (issues #74 #81)
• CI infrastructure fix (round 1): apt-get steps on Linux build jobs gated to GitHub-hosted runners only. On the new self-hosted runners, multiple parallel matrix jobs were racing on `/var/lib/apt/lists/lock` and failing all at once. Packages now pre-installed at runner setup time
• CI infrastructure fix (round 2): rust-cache v2's default bin-pruning was wiping the `rustup` binary at end of each job (since rustup wasn't installed via `cargo install`, rust-cache considered it an "unknown" bin). Next job then hit TOML parse errors from broken cargo symlinks. Set `cache-bin: "false"` and moved `cargo-ndk` to `/usr/local/bin/` out of rust-cache's reach
• New `mhrv-rs scan-sni` subcommand: pulls Google's IP ranges, does PTR lookups via dns.google on each IP to discover Google-related hostnames, then TLS-probes each discovered SNI against the configured `google_ip` to see if it bypasses DPI. Useful for rebuilding a working SNI pool on a new ISP (PR #83)
Reference in New Issue View Git Blame Copy Permalink