Merge remote-tracking branch 'origin/master' into stable

.github/workflows/ci.yaml

@@ -2,6 +2,18 @@
 
 name: CI
 
+permissions:
+  actions: read
+  checks: read
+  contents: read
+  deployments: read
+  issues: read
+  discussions: read
+  pull-requests: read
+  repository-projects: read
+  security-events: read
+  statuses: read
+
 on:
   push:
     tags:
@@ -71,12 +83,12 @@ jobs:
       - name: Run linter
         uses: golangci/golangci-lint-action@v2
         with:
-          version: v1.42.0
+          version: v1.42.1
 
   docker:
     name: Docker
     runs-on: ubuntu-latest
-    timeout-minutes: 15
+    timeout-minutes: 20
     steps:
       - name: Checkout
         uses: actions/checkout@v2

.github/workflows/codeql-analysis.yml

@@ -11,6 +11,14 @@
 #
 name: "CodeQL"
 
+# https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#permissions
+# https://github.com/github/codeql-action/issues/572
+permissions:
+  actions: read
+  contents: read
+  pull-requests: read
+  security-events: write
+
 on:
   push:
     branches: 

Makefile

@@ -2,7 +2,7 @@ ROOT_DIR     := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
 IMAGE_NAME   := mtg
 APP_NAME     := $(IMAGE_NAME)
 
-GOLANGCI_LINT_VERSION := v1.42.0
+GOLANGCI_LINT_VERSION := v1.42.1
 
 VERSION_GO         := $(shell go version)
 VERSION_DATE       := $(shell date -Ru)
@@ -83,15 +83,15 @@ install-tools-lint: .bin
 
 .PHONY: install-tools-godoc
 install-tools-godoc: .bin
-	@$(GOTOOL) go get -u golang.org/x/tools/cmd/godoc
+	@$(GOTOOL) go install golang.org/x/tools/cmd/godoc@latest
 
 .PHONY: install-tools-gofumpt
 install-tools-gofumpt: .bin
-	@$(GOTOOL) go get -u mvdan.cc/gofumpt
+	@$(GOTOOL) go install mvdan.cc/gofumpt@latest
 
 .PHONY: goreleaser
 install-tools-goreleaser: .bin
-	@$(GOTOOL) go get -u github.com/goreleaser/goreleaser
+	@$(GOTOOL) go install github.com/goreleaser/goreleaser@latest
 
 .PHONY: update-deps
 update-deps:

example.config.toml

@@ -56,6 +56,19 @@ domain-fronting-port = 443
 # time range of this parameter.
 tolerate-time-skewness = "5s"
 
+# Telegram has a concept of DC. You can think about DC as a number of a cluster
+# with a certain purpose. Some clusters serve media, some - messages, some rule
+# channels and so on. But sometimes unknown DC number is requested by client.
+# It could be a bug or some global reconfiguration of the Telegram.
+#
+# By default, proxy rejects such requests. But it is also possible to fallback
+# this request to any DC. Telegram works in a way that any DC is able to serve
+# any request but sacrificing a latency.
+#
+# If this setting is disabled (default), mtg will reject a connection.
+# Otherwise, chose a new DC.
+allow-fallback-on-unknown-dc = false
+
 # network defines different network-related settings
 [network]
 # please be aware that mtg needs to do some external requests. For

go.mod

@@ -5,28 +5,28 @@ go 1.17
 require (
 	github.com/OneOfOne/xxhash v1.2.8
 	github.com/alecthomas/kong v0.2.17
-	github.com/alecthomas/units v0.0.0-20210208195552-ff826a37aa15
+	github.com/alecthomas/units v0.0.0-20210927113745-59d0afb8317a
 	github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5
 	github.com/babolivier/go-doh-client v0.0.0-20201028162107-a76cff4cb8b6
 	github.com/d4l3k/messagediff v1.2.1 // indirect
 	github.com/golang/protobuf v1.5.2 // indirect
 	github.com/gotd/td v0.34.0
 	github.com/jarcoal/httpmock v1.0.8
-	github.com/kentik/patricia v0.0.0-20201202224819-f9447a6e25f1
+	github.com/kentik/patricia v0.0.0-20210909164817-21603333b70e
 	github.com/mccutchen/go-httpbin v1.1.1
 	github.com/panjf2000/ants/v2 v2.4.6
-	github.com/pelletier/go-toml v1.9.3
+	github.com/pelletier/go-toml v1.9.4
 	github.com/prometheus/client_golang v1.11.0
-	github.com/prometheus/common v0.30.0 // indirect
+	github.com/prometheus/common v0.31.1 // indirect
 	github.com/prometheus/procfs v0.7.3 // indirect
-	github.com/rs/zerolog v1.24.0
+	github.com/rs/zerolog v1.25.0
 	github.com/smira/go-statsd v1.3.2
 	github.com/stretchr/objx v0.3.0 // indirect
 	github.com/stretchr/testify v1.7.0
 	github.com/tylertreat/BoomFilters v0.0.0-20210315201527-1a82519a3e43
-	golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97
-	golang.org/x/net v0.0.0-20210726213435-c6fcb2dbf985
-	golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c
+	golang.org/x/crypto v0.0.0-20210921155107-089bfa567519
+	golang.org/x/net v0.0.0-20211005001312-d4b1ae081e3b
+	golang.org/x/sys v0.0.0-20211004093028-2c5d950f24ef
 	google.golang.org/protobuf v1.27.1 // indirect
 )
 

go.sum

@@ -44,8 +44,8 @@ github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuy
 github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
 github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
 github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho=
-github.com/alecthomas/units v0.0.0-20210208195552-ff826a37aa15 h1:AUNCr9CiJuwrRYS3XieqF+Z9B9gNxo/eANAJCF2eiN4=
-github.com/alecthomas/units v0.0.0-20210208195552-ff826a37aa15/go.mod h1:OMCwj8VM1Kc9e19TLln2VL61YJF0x1XFtfdL4JdbSyE=
+github.com/alecthomas/units v0.0.0-20210927113745-59d0afb8317a h1:E/8AP5dFtMhl5KPJz66Kt9G0n+7Sn41Fy1wv9/jHOrc=
+github.com/alecthomas/units v0.0.0-20210927113745-59d0afb8317a/go.mod h1:OMCwj8VM1Kc9e19TLln2VL61YJF0x1XFtfdL4JdbSyE=
 github.com/andres-erbsen/clock v0.0.0-20160526145045-9e14626cd129/go.mod h1:rFgpPQZYZ8vdbc+48xibu8ALc3yeyd64IhHS+PU6Yyg=
 github.com/andybalholm/cascadia v1.1.0/go.mod h1:GsXiBklL0woXo1j/WYWtSYYC4ouU9PqHO0sqidkEA4Y=
 github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio=
@@ -169,8 +169,8 @@ github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7V
 github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM=
 github.com/k0kubun/colorstring v0.0.0-20150214042306-9440f1994b88/go.mod h1:3w7q1U84EfirKl04SVQ/s7nPm1ZPhiXd34z40TNz36k=
 github.com/k0kubun/pp v2.4.0+incompatible/go.mod h1:GWse8YhT0p8pT4ir3ZgBbfZild3tgzSScAn6HmfYukg=
-github.com/kentik/patricia v0.0.0-20201202224819-f9447a6e25f1 h1:D7qhJP3R49ZjUzpzKQ6B2H3lgejPs6DTO5gRomhhOpE=
-github.com/kentik/patricia v0.0.0-20201202224819-f9447a6e25f1/go.mod h1:2OfLA+0esiUJpwMjrH39pEk79cb8MvGTBS9YlZpejJ4=
+github.com/kentik/patricia v0.0.0-20210909164817-21603333b70e h1:1wAVuGu1c+lsdaOPQN+9xoP9+gaIMJV6H0ehGc+K5iA=
+github.com/kentik/patricia v0.0.0-20210909164817-21603333b70e/go.mod h1:2OfLA+0esiUJpwMjrH39pEk79cb8MvGTBS9YlZpejJ4=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
@@ -195,8 +195,8 @@ github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRW
 github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
 github.com/panjf2000/ants/v2 v2.4.6 h1:drmj9mcygn2gawZ155dRbo+NfXEfAssjZNU1qoIb4gQ=
 github.com/panjf2000/ants/v2 v2.4.6/go.mod h1:f6F0NZVFsGCp5A7QW/Zj/m92atWwOkY0OIhFxRNFr4A=
-github.com/pelletier/go-toml v1.9.3 h1:zeC5b1GviRUyKYd6OJPvBU/mcVDVoL1OhT17FCt5dSQ=
-github.com/pelletier/go-toml v1.9.3/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c=
+github.com/pelletier/go-toml v1.9.4 h1:tjENF6MfZAg8e4ZmZTeWaWiT2vXtsoO6+iuOjFhECwM=
+github.com/pelletier/go-toml v1.9.4/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c=
 github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA=
 github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
@@ -217,8 +217,8 @@ github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6T
 github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
 github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo=
 github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc=
-github.com/prometheus/common v0.30.0 h1:JEkYlQnpzrzQFxi6gnukFPdQ+ac82oRhzMcIduJu/Ug=
-github.com/prometheus/common v0.30.0/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls=
+github.com/prometheus/common v0.31.1 h1:d18hG4PkHnNAKNMOmFuXFaiY8Us0nird/2m60uS1AMs=
+github.com/prometheus/common v0.31.1/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls=
 github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
 github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
 github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU=
@@ -229,8 +229,8 @@ github.com/quasilyte/go-ruleguard/dsl v0.3.2/go.mod h1:KeCP03KrjuSO0H1kTuZQCWlQP
 github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
 github.com/rogpeppe/go-internal v1.8.0/go.mod h1:WmiCO8CzOY8rg0OYDC4/i/2WRWAB6poM+XZ2dLUbcbE=
 github.com/rs/xid v1.3.0/go.mod h1:trrq9SKmegXys3aeAKXMUTdJsYXVwGY3RLcfgqegfbg=
-github.com/rs/zerolog v1.24.0 h1:76ivFxmVSRs1u2wUwJVg5VZDYQgeH1JpoS6ndgr9Wy8=
-github.com/rs/zerolog v1.24.0/go.mod h1:7KHcEGe0QZPOm2IE4Kpb5rTh6n1h2hIgS5OOnu1rUaI=
+github.com/rs/zerolog v1.25.0 h1:Rj7XygbUHKUlDPcVdoLyR91fJBsduXj5fRxyqIQj/II=
+github.com/rs/zerolog v1.25.0/go.mod h1:7KHcEGe0QZPOm2IE4Kpb5rTh6n1h2hIgS5OOnu1rUaI=
 github.com/sebdah/goldie/v2 v2.5.3/go.mod h1:oZ9fp0+se1eapSRjfYbsV/0Hqhbuu3bJVvKI/NNtssI=
 github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo=
 github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM=
@@ -277,8 +277,8 @@ golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8U
 golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97 h1:/UOmuWzQfxxo9UtlXMwuQU8CMgg1eZXqTRwkSQJWKOI=
-golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
+golang.org/x/crypto v0.0.0-20210921155107-089bfa567519 h1:7I4JAnoQBe7ZtJcBaYHi5UtiO8tQHbUSXxL+pnGRANg=
+golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
@@ -345,8 +345,8 @@ golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwY
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
 golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.0.0-20210726213435-c6fcb2dbf985 h1:4CSI6oo7cOjJKajidEljs9h+uP0rRZBPPPhcCbj5mw8=
-golang.org/x/net v0.0.0-20210726213435-c6fcb2dbf985/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
+golang.org/x/net v0.0.0-20211005001312-d4b1ae081e3b h1:SXy8Ld8oKlcogOvUAh0J5Pm5RKzgYBMMxLxt6n5XW50=
+golang.org/x/net v0.0.0-20211005001312-d4b1ae081e3b/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -405,8 +405,8 @@ golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c h1:F1jZWGFhYfh0Ci55sIpILtKKK8p3i2/krTr0H1rg74I=
-golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20211004093028-2c5d950f24ef h1:fPxZ3Umkct3LZ8gK9nbk+DWDJ9fstZa2grBn+lWVKPs=
+golang.org/x/sys v0.0.0-20211004093028-2c5d950f24ef/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=

internal/cli/run_proxy.go

@@ -156,7 +156,7 @@ func makeEventStream(conf *config.Config, logger mtglib.Logger) (mtglib.EventStr
 func runProxy(conf *config.Config, version string) error {
 	logger := makeLogger(conf)
 
-	logger.BindStr("configuration", conf.String()).Debug("configuration")
+	logger.BindJSON("configuration", conf.String()).Debug("configuration")
 
 	ntw, err := makeNetwork(conf, version)
 	if err != nil {
@@ -184,6 +184,8 @@ func runProxy(conf *config.Config, version string) error {
 		BufferSize:         conf.TCPBuffer.Get(mtglib.DefaultBufferSize),
 		DomainFrontingPort: conf.DomainFrontingPort.Get(mtglib.DefaultDomainFrontingPort),
 		PreferIP:           conf.PreferIP.Get(mtglib.DefaultPreferIP),
+
+		AllowFallbackOnUnknownDC: conf.AllowFallbackOnUnknownDC.Get(false),
 	}
 
 	proxy, err := mtglib.NewProxy(opts)

internal/cli/simple_run.go

@@ -71,6 +71,7 @@ func (s *SimpleRun) Run(cli *CLI, version string) error { // nolint: cyclop
 	}
 
 	conf.Debug.Value = s.Debug
+	conf.AllowFallbackOnUnknownDC.Value = true
 	conf.Defense.AntiReplay.Enabled.Value = true
 
 	if err := conf.Validate(); err != nil {

internal/config/config.go

@@ -9,15 +9,16 @@ import (
 )
 
 type Config struct {
-	Debug                TypeBool        `json:"debug"`
-	Secret               mtglib.Secret   `json:"secret"`
-	BindTo               TypeHostPort    `json:"bindTo"`
-	TCPBuffer            TypeBytes       `json:"tcpBuffer"`
-	PreferIP             TypePreferIP    `json:"preferIp"`
-	DomainFrontingPort   TypePort        `json:"domainFrontingPort"`
-	TolerateTimeSkewness TypeDuration    `json:"tolerateTimeSkewness"`
-	Concurrency          TypeConcurrency `json:"concurrency"`
-	Defense              struct {
+	Debug                    TypeBool        `json:"debug"`
+	AllowFallbackOnUnknownDC TypeBool        `json:"allowFallbackOnUnknownDc"`
+	Secret                   mtglib.Secret   `json:"secret"`
+	BindTo                   TypeHostPort    `json:"bindTo"`
+	TCPBuffer                TypeBytes       `json:"tcpBuffer"`
+	PreferIP                 TypePreferIP    `json:"preferIp"`
+	DomainFrontingPort       TypePort        `json:"domainFrontingPort"`
+	TolerateTimeSkewness     TypeDuration    `json:"tolerateTimeSkewness"`
+	Concurrency              TypeConcurrency `json:"concurrency"`
+	Defense                  struct {
 		AntiReplay struct {
 			Enabled   TypeBool      `json:"enabled"`
 			MaxSize   TypeBytes     `json:"maxSize"`

internal/config/parse.go

@@ -9,15 +9,16 @@ import (
 )
 
 type tomlConfig struct {
-	Debug                bool   `toml:"debug" json:"debug,omitempty"`
-	Secret               string `toml:"secret" json:"secret"`
-	BindTo               string `toml:"bind-to" json:"bindTo"`
-	TCPBuffer            string `toml:"tcp-buffer" json:"tcpBuffer,omitempty"`
-	PreferIP             string `toml:"prefer-ip" json:"preferIp,omitempty"`
-	DomainFrontingPort   uint   `toml:"domain-fronting-port" json:"domainFrontingPort,omitempty"`
-	TolerateTimeSkewness string `toml:"tolerate-time-skewness" json:"tolerateTimeSkewness,omitempty"`
-	Concurrency          uint   `toml:"concurrency" json:"concurrency,omitempty"`
-	Defense              struct {
+	Debug                    bool   `toml:"debug" json:"debug,omitempty"`
+	AllowFallbackOnUnknownDC bool   `toml:"allow-fallback-on-unknown-dc" json:"allowFallbackOnUnknownDc,omitempty"`
+	Secret                   string `toml:"secret" json:"secret"`
+	BindTo                   string `toml:"bind-to" json:"bindTo"`
+	TCPBuffer                string `toml:"tcp-buffer" json:"tcpBuffer,omitempty"`
+	PreferIP                 string `toml:"prefer-ip" json:"preferIp,omitempty"`
+	DomainFrontingPort       uint   `toml:"domain-fronting-port" json:"domainFrontingPort,omitempty"`
+	TolerateTimeSkewness     string `toml:"tolerate-time-skewness" json:"tolerateTimeSkewness,omitempty"`
+	Concurrency              uint   `toml:"concurrency" json:"concurrency,omitempty"`
+	Defense                  struct {
 		AntiReplay struct {
 			Enabled   bool    `toml:"enabled" json:"enabled,omitempty"`
 			MaxSize   string  `toml:"max-size" json:"maxSize,omitempty"`

internal/utils/rlimit.go

@@ -1,3 +1,4 @@
+//go:build !windows
 // +build !windows
 
 package utils

internal/utils/rlimit_windows.go

@@ -1,3 +1,4 @@
+//go:build windows
 // +build windows
 
 package utils

internal/utils/root_context.go

@@ -1,3 +1,4 @@
+//go:build !windows
 // +build !windows
 
 package utils

internal/utils/root_context_windows.go

@@ -1,3 +1,4 @@
+//go:build windows
 // +build windows
 
 package utils

ipblocklist/firehol.go

@@ -121,7 +121,7 @@ func (f *Firehol) Run(updateEach time.Duration) {
 func (f *Firehol) containsIPv4(addr net.IP) bool {
 	ip := patricia.NewIPv4AddressFromBytes(addr, 32) // nolint: gomnd
 
-	if ok, _, err := f.treeV4.FindDeepestTag(ip); ok && err == nil {
+	if ok, _ := f.treeV4.FindDeepestTag(ip); ok {
 		return true
 	}
 
@@ -131,7 +131,7 @@ func (f *Firehol) containsIPv4(addr net.IP) bool {
 func (f *Firehol) containsIPv6(addr net.IP) bool {
 	ip := patricia.NewIPv6Address(addr, 128) // nolint: gomnd
 
-	if ok, _, err := f.treeV6.FindDeepestTag(ip); ok && err == nil {
+	if ok, _ := f.treeV6.FindDeepestTag(ip); ok {
 		return true
 	}
 
@@ -267,9 +267,7 @@ func (f *Firehol) updateTrees(mutex sync.Locker,
 			return fmt.Errorf("cannot parse a line: %w", err)
 		}
 
-		if err := f.updateAddToTrees(ip, cidr, mutex, v4tree, v6tree); err != nil {
-			return fmt.Errorf("cannot add a node to the tree: %w", err)
-		}
+		f.updateAddToTrees(ip, cidr, mutex, v4tree, v6tree)
 	}
 
 	if scanner.Err() != nil {
@@ -302,25 +300,15 @@ func (f *Firehol) updateParseLine(text string) (net.IP, uint, error) {
 
 func (f *Firehol) updateAddToTrees(ip net.IP, cidr uint,
 	mutex sync.Locker,
-	v4tree *bool_tree.TreeV4, v6tree *bool_tree.TreeV6) error {
+	v4tree *bool_tree.TreeV4, v6tree *bool_tree.TreeV6) {
 	mutex.Lock()
 	defer mutex.Unlock()
 
 	if ip.To4() != nil {
-		addr := patricia.NewIPv4AddressFromBytes(ip, cidr)
-
-		if _, _, err := v4tree.Set(addr, true); err != nil {
-			return err // nolint: wrapcheck
-		}
+		v4tree.Set(patricia.NewIPv4AddressFromBytes(ip, cidr), true)
 	} else {
-		addr := patricia.NewIPv6Address(ip, cidr)
-
-		if _, _, err := v6tree.Set(addr, true); err != nil {
-			return err // nolint: wrapcheck
-		}
+		v6tree.Set(patricia.NewIPv6Address(ip, cidr), true)
 	}
-
-	return nil
 }
 
 // NewFirehol creates a new instance of FireHOL IP blocklist.

logger/noop.go

@@ -7,6 +7,7 @@ type noopLogger struct{}
 func (n noopLogger) Named(_ string) mtglib.Logger          { return n }
 func (n noopLogger) BindInt(_ string, _ int) mtglib.Logger { return n }
 func (n noopLogger) BindStr(_, _ string) mtglib.Logger     { return n }
+func (n noopLogger) BindJSON(_, _ string) mtglib.Logger    { return n }
 func (n noopLogger) Printf(_ string, _ ...interface{})     {}
 func (n noopLogger) Info(_ string)                         {}
 func (n noopLogger) Warning(_ string)                      {}

logger/zerolog.go

@@ -15,6 +15,7 @@ const (
 	zeroLogContextVarTypeUnknown zeroLogContextVarType = iota
 	zeroLogContextVarTypeStr
 	zeroLogContextVarTypeInt
+	zeroLogContextVarTypeJSON
 )
 
 type zeroLogContext struct {
@@ -66,6 +67,17 @@ func (z *zeroLogContext) BindStr(name, value string) mtglib.Logger {
 	}
 }
 
+func (z *zeroLogContext) BindJSON(name, value string) mtglib.Logger {
+	return &zeroLogContext{
+		name:       z.name,
+		log:        z.log,
+		ctxVarType: zeroLogContextVarTypeJSON,
+		ctxVarName: name,
+		ctxVarStr:  value,
+		parent:     z,
+	}
+}
+
 func (z *zeroLogContext) Printf(format string, args ...interface{}) {
 	z.Debug(fmt.Sprintf(format, args...))
 }
@@ -110,6 +122,8 @@ func (z *zeroLogContext) attachCtx(evt *zerolog.Event) {
 		evt.Str(z.ctxVarName, z.ctxVarStr)
 	case zeroLogContextVarTypeInt:
 		evt.Int(z.ctxVarName, z.ctxVarInt)
+	case zeroLogContextVarTypeJSON:
+		evt.RawJSON(z.ctxVarName, []byte(z.ctxVarStr))
 	case zeroLogContextVarTypeUnknown:
 	}
 }

mtglib/init.go

@@ -245,6 +245,9 @@ type Logger interface {
 	// BindStr binds new string parameter to a new logger instance.
 	BindStr(name, value string) Logger
 
+	// BindJSON binds a new JSON-encoded string to a new logger instance.
+	BindJSON(name, value string) Logger
+
 	// Printf is to support log.Logger behavior.
 	Printf(format string, args ...interface{})
 

mtglib/init_internal_test.go

@@ -11,6 +11,7 @@ type NoopLogger struct{}
 func (n NoopLogger) Named(_ string) Logger             { return n }
 func (n NoopLogger) BindInt(_ string, _ int) Logger    { return n }
 func (n NoopLogger) BindStr(_, _ string) Logger        { return n }
+func (n NoopLogger) BindJSON(_, _ string) Logger       { return n }
 func (n NoopLogger) Printf(_ string, _ ...interface{}) {}
 func (n NoopLogger) Info(_ string)                     {}
 func (n NoopLogger) Warning(_ string)                  {}

mtglib/internal/telegram/address_pool.go

@@ -7,6 +7,14 @@ type addressPool struct {
 	v6 [][]tgAddr
 }
 
+func (a addressPool) isValidDC(dc int) bool {
+	return dc > 0 && dc <= len(a.v4) && dc <= len(a.v6)
+}
+
+func (a addressPool) getRandomDC() int {
+	return 1 + rand.Intn(len(a.v4))
+}
+
 func (a addressPool) getV4(dc int) []tgAddr {
 	return a.get(a.v4, dc-1)
 }

mtglib/internal/telegram/telegram.go

@@ -42,6 +42,14 @@ func (t Telegram) Dial(ctx context.Context, dc int) (net.Conn, error) {
 	return nil, fmt.Errorf("cannot dial to %d dc: %w", dc, err)
 }
 
+func (t Telegram) IsKnownDC(dc int) bool {
+	return t.pool.isValidDC(dc)
+}
+
+func (t Telegram) GetFallbackDC() int {
+	return t.pool.getRandomDC()
+}
+
 func New(dialer Dialer, ipPreference string, useTestDCs bool) (*Telegram, error) {
 	var pref preferIP
 

mtglib/internal/telegram/telegram_internal_test.go

@@ -44,6 +44,7 @@ func (suite *TelegramTestSuite) TestUnknownDC() {
 		suite.T().Run(strconv.Itoa(value), func(t *testing.T) {
 			_, err := suite.t.Dial(context.Background(), value)
 			assert.Error(t, err)
+			assert.False(t, suite.t.IsKnownDC(value))
 		})
 	}
 }
@@ -71,6 +72,7 @@ func (suite *TelegramTestSuite) TestDialToCorrectIPs() {
 
 			_, err := suite.t.Dial(context.Background(), idx)
 			assert.True(t, errors.Is(err, io.EOF))
+			assert.True(t, suite.t.IsKnownDC(idx))
 		})
 	}
 }
@@ -135,6 +137,22 @@ func (suite *TelegramTestSuite) TestUnknownPreferIP() {
 	suite.Error(err)
 }
 
+func (suite *TelegramTestSuite) TestFallbackDC() {
+	dcs := make([]int, 10)
+
+	for i := 0; i < len(dcs); i++ {
+		dcs[i] = suite.t.GetFallbackDC()
+	}
+
+	for _, v := range dcs {
+		value := v
+
+		suite.T().Run(strconv.Itoa(value), func(t *testing.T) {
+			assert.True(t, suite.t.IsKnownDC(value))
+		})
+	}
+}
+
 func TestTelegram(t *testing.T) {
 	t.Parallel()
 	suite.Run(t, &TelegramTestSuite{})

mtglib/proxy.go

@@ -23,11 +23,12 @@ type Proxy struct {
 	ctxCancel       context.CancelFunc
 	streamWaitGroup sync.WaitGroup
 
-	tolerateTimeSkewness time.Duration
-	bufferSize           int
-	domainFrontingPort   int
-	workerPool           *ants.PoolWithFunc
-	telegram             *telegram.Telegram
+	allowFallbackOnUnknownDC bool
+	tolerateTimeSkewness     time.Duration
+	bufferSize               int
+	domainFrontingPort       int
+	workerPool               *ants.PoolWithFunc
+	telegram                 *telegram.Telegram
 
 	secret          Secret
 	network         Network
@@ -207,7 +208,16 @@ func (p *Proxy) doObfuscated2Handshake(ctx *streamContext) error {
 }
 
 func (p *Proxy) doTelegramCall(ctx *streamContext) error {
-	conn, err := p.telegram.Dial(ctx, ctx.dc)
+	dc := ctx.dc
+
+	if p.allowFallbackOnUnknownDC && !p.telegram.IsKnownDC(dc) {
+		dc = p.telegram.GetFallbackDC()
+		ctx.logger = ctx.logger.BindInt("fallback_dc", dc)
+
+		ctx.logger.Warning("unknown DC, fallbacks")
+	}
+
+	conn, err := p.telegram.Dial(ctx, dc)
 	if err != nil {
 		return fmt.Errorf("cannot dial to Telegram: %w", err)
 	}
@@ -276,18 +286,19 @@ func NewProxy(opts ProxyOpts) (*Proxy, error) {
 
 	ctx, cancel := context.WithCancel(context.Background())
 	proxy := &Proxy{
-		ctx:                  ctx,
-		ctxCancel:            cancel,
-		secret:               opts.Secret,
-		network:              opts.Network,
-		antiReplayCache:      opts.AntiReplayCache,
-		ipBlocklist:          opts.IPBlocklist,
-		eventStream:          opts.EventStream,
-		logger:               opts.getLogger("proxy"),
-		domainFrontingPort:   opts.getDomainFrontingPort(),
-		tolerateTimeSkewness: opts.getTolerateTimeSkewness(),
-		bufferSize:           opts.getBufferSize(),
-		telegram:             tg,
+		ctx:                      ctx,
+		ctxCancel:                cancel,
+		secret:                   opts.Secret,
+		network:                  opts.Network,
+		antiReplayCache:          opts.AntiReplayCache,
+		ipBlocklist:              opts.IPBlocklist,
+		eventStream:              opts.EventStream,
+		logger:                   opts.getLogger("proxy"),
+		domainFrontingPort:       opts.getDomainFrontingPort(),
+		tolerateTimeSkewness:     opts.getTolerateTimeSkewness(),
+		bufferSize:               opts.getBufferSize(),
+		allowFallbackOnUnknownDC: opts.AllowFallbackOnUnknownDC,
+		telegram:                 tg,
 	}
 
 	pool, err := ants.NewPoolWithFunc(opts.getConcurrency(),

mtglib/proxy_opts.go

@@ -90,6 +90,16 @@ type ProxyOpts struct {
 	// This is an optional setting.
 	DomainFrontingPort uint
 
+	// AllowFallbackOnUnknownDC defines how proxy behaves if unknown DC was
+	// requested. If this setting is set to false, then such connection
+	// will be rejected. Otherwise, proxy will chose any DC.
+	//
+	// Telegram is designed in a way that any DC can serve any request,
+	// the problem is a latency.
+	//
+	// This is an optional setting.
+	AllowFallbackOnUnknownDC bool
+
 	// UseTestDCs defines if we have to connect to production or to staging
 	// DCs of Telegram.
 	//

network/sockopts.go

@@ -3,8 +3,6 @@ package network
 import (
 	"fmt"
 	"net"
-
-	"golang.org/x/sys/unix"
 )
 
 // SetClientSocketOptions tunes a TCP socket that represents a connection to
@@ -50,22 +48,12 @@ func setCommonSocketOptions(conn *net.TCPConn, bufferSize int) error {
 
 	rawConn, err := conn.SyscallConn()
 	if err != nil {
-		return fmt.Errorf("cannot get underlying raw connection")
+		return fmt.Errorf("cannot get underlying raw connection: %w", err)
 	}
 
-	rawConn.Control(func(fd uintptr) { // nolint: errcheck
-		err = unix.SetsockoptInt(int(fd), unix.SOL_SOCKET, unix.SO_REUSEADDR, 1)
-		if err != nil {
-			err = fmt.Errorf("cannot set SO_REUSEADDR: %w", err)
-
-			return
-		}
-
-		err = unix.SetsockoptInt(int(fd), unix.SOL_SOCKET, unix.SO_REUSEPORT, 1)
-		if err != nil {
-			err = fmt.Errorf("cannot set SO_REUSEPORT: %w", err)
-		}
-	})
+	if err := setSocketReuseAddrPort(rawConn, bufferSize); err != nil {
+		return fmt.Errorf("cannot setup SO_REUSEADDR/PORT: %w", err)
+	}
 
 	return nil
 }

network/sockopts_unix.go

@@ -0,0 +1,31 @@
+//go:build !windows
+// +build !windows
+
+package network
+
+import (
+	"fmt"
+	"syscall"
+
+	"golang.org/x/sys/unix"
+)
+
+func setSocketReuseAddrPort(conn syscall.RawConn, bufferSize int) error {
+	var err error
+
+	conn.Control(func(fd uintptr) { // nolint: errcheck
+		err = unix.SetsockoptInt(int(fd), unix.SOL_SOCKET, unix.SO_REUSEADDR, 1)
+		if err != nil {
+			err = fmt.Errorf("cannot set SO_REUSEADDR: %w", err)
+
+			return
+		}
+
+		err = unix.SetsockoptInt(int(fd), unix.SOL_SOCKET, unix.SO_REUSEPORT, 1)
+		if err != nil {
+			err = fmt.Errorf("cannot set SO_REUSEPORT: %w", err)
+		}
+	})
+
+	return err
+}

network/sockopts_windows.go

@@ -0,0 +1,10 @@
+//go:build windows
+// +build windows
+
+package network
+
+import "syscall"
+
+func setSocketReuseAddrPort(conn syscall.RawConn, bufferSize int) error {
+	return nil
+}