Merge remote-tracking branch 'upstream/master' into fix/toml-section-order

# Conflicts:
#	.github/workflows/ci.yaml
#	README.md
#	default.pgo
#	mtglib/internal/tls/fake/client_side.go
#	mtglib/internal/tls/fake/client_side_test.go
#	mtglib/proxy.go
#	mtglib/proxy_opts.go

Dockerfile

 COPY . /app
 
 RUN set -x \
-  && version="$(git describe --exact-match HEAD 2>/dev/null || git describe --tags --always)" \
+  && version="$(git describe --exact-match HEAD 2>/dev/null || git describe --tags --always 2>/dev/null || echo dev)" \
   && go build \
       -trimpath \
       -mod=readonly \

antireplay/stable_bloom_filter_test.go

 }
 
 func (suite *StableBloomFilterTestSuite) TestOp() {
-	filter := antireplay.NewStableBloomFilter(500, 0.001)
+	filter := antireplay.NewStableBloomFilter(100000, 0.001)
 
 	suite.False(filter.SeenBefore([]byte{1, 2, 3}))
 	suite.False(filter.SeenBefore([]byte{4, 5, 6}))

internal/config/config.go

 		Blocklist    ListConfig `json:"blocklist"`
 		Allowlist    ListConfig `json:"allowlist"`
 		Doppelganger struct {
-			URLs            []TypeHttpsURL  `json:"urls"`
-			Repeats         TypeConcurrency `json:"repeats_per_raid"`
-			UpdateEach      TypeDuration    `json:"raid_each"`
-			DRS             TypeBool        `json:"drs"`
+			URLs       []TypeHttpsURL  `json:"urls"`
+			Repeats    TypeConcurrency `json:"repeats_per_raid"`
+			UpdateEach TypeDuration    `json:"raid_each"`
+			DRS        TypeBool        `json:"drs"`
 		} `json:"doppelganger"`
 	} `json:"defense"`
 	Network struct {

internal/config/parse.go

 			UpdateEach          string   `toml:"update-each" json:"updateEach,omitempty"`
 		} `toml:"allowlist" json:"allowlist,omitempty"`
 		Doppelganger struct {
-			URLs            []string `toml:"urls" json:"urls,omitempty"`
-			Repeats         uint     `toml:"repeats-per-raid" json:"repeats_per_raid,omitempty"`
-			UpdateEach      string   `toml:"raid-each" json:"raid_each,omitempty"`
-			DRS             bool     `toml:"drs" json:"drs,omitempty"`
+			URLs       []string `toml:"urls" json:"urls,omitempty"`
+			Repeats    uint     `toml:"repeats-per-raid" json:"repeats_per_raid,omitempty"`
+			UpdateEach string   `toml:"raid-each" json:"raid_each,omitempty"`
+			DRS        bool     `toml:"drs" json:"drs,omitempty"`
 		} `toml:"doppelganger" json:"doppelganger,omitempty"`
 	} `toml:"defense" json:"defense,omitempty"`
 	Network struct {

mtglib/conns.go

 import (
 	"bytes"
 	"context"
+	"errors"
 	"fmt"
 	"io"
 	"net"
+	"sync/atomic"
 	"time"
 
 	"github.com/9seconds/mtg/v2/essentials"
 	}
 }
 
+// idleTracker is a shared idle tracker for a pair of relay connections.
+// Both directions update the same timestamp so that activity in one direction
+// prevents the other (idle) direction from timing out.
+type idleTracker struct {
+	lastActive atomic.Pointer[time.Time]
+	timeout    time.Duration
+}
+
+func newIdleTracker(timeout time.Duration) *idleTracker {
+	t := &idleTracker{timeout: timeout}
+	t.touch()
+
+	return t
+}
+
+func (t *idleTracker) touch() {
+	stamp := time.Now()
+	t.lastActive.Store(&stamp)
+}
+
+func (t *idleTracker) isIdle() bool {
+	return time.Since(*t.lastActive.Load()) >= t.timeout
+}
+
 type connIdleTimeout struct {
 	essentials.Conn
 
-	timeout time.Duration
+	tracker *idleTracker
 }
 
 func (c connIdleTimeout) Read(b []byte) (int, error) {
-	c.SetReadDeadline(time.Now().Add(c.timeout)) //nolint: errcheck
+	var netErr net.Error
+
+	for {
+		c.SetReadDeadline(time.Now().Add(c.tracker.timeout)) //nolint: errcheck
 
-	return c.Conn.Read(b) //nolint: wrapcheck
+		n, err := c.Conn.Read(b)
+
+		switch {
+		case err == nil:
+			c.tracker.touch()
+			return n, nil
+		case errors.As(err, &netErr) && netErr.Timeout() && !c.tracker.isIdle():
+			continue
+		}
+
+		return n, err
+	}
 }
 
 func (c connIdleTimeout) Write(b []byte) (int, error) {
-	c.SetWriteDeadline(time.Now().Add(c.timeout)) //nolint: errcheck
+	c.SetWriteDeadline(time.Now().Add(c.tracker.timeout)) //nolint: errcheck
 
-	return c.Conn.Write(b) //nolint: wrapcheck
+	n, err := c.Conn.Write(b)
+	if n > 0 {
+		c.tracker.touch()
+	}
+
+	return n, err //nolint: wrapcheck
 }

mtglib/conns_internal_test.go

 	"github.com/stretchr/testify/suite"
 )
 
+type netTimeoutError struct{}
+
+func (e netTimeoutError) Error() string   { return "i/o timeout" }
+func (e netTimeoutError) Timeout() bool   { return true }
+func (e netTimeoutError) Temporary() bool { return true }
+
 type ConnRewindBaseConn struct {
 	testlib.EssentialsConnMock
 
 	suite.targetConnMock.AssertExpectations(suite.T())
 }
 
+type IdleTrackerTestSuite struct {
+	suite.Suite
+}
+
+func (suite *IdleTrackerTestSuite) TestNewNotIdle() {
+	tracker := newIdleTracker(time.Second)
+	suite.False(tracker.isIdle())
+}
+
+func (suite *IdleTrackerTestSuite) TestIdleAfterTimeout() {
+	tracker := newIdleTracker(10 * time.Millisecond)
+	time.Sleep(20 * time.Millisecond)
+
+	suite.True(tracker.isIdle())
+}
+
+func (suite *IdleTrackerTestSuite) TestTouchResetsIdle() {
+	tracker := newIdleTracker(50 * time.Millisecond)
+	time.Sleep(30 * time.Millisecond)
+
+	tracker.touch()
+
+	suite.False(tracker.isIdle())
+}
+
+type ConnIdleTimeoutTestSuite struct {
+	suite.Suite
+
+	connMock *testlib.EssentialsConnMock
+	tracker  *idleTracker
+	conn     connIdleTimeout
+}
+
+func (suite *ConnIdleTimeoutTestSuite) SetupTest() {
+	suite.connMock = &testlib.EssentialsConnMock{}
+	suite.tracker = newIdleTracker(time.Second)
+	suite.conn = connIdleTimeout{
+		Conn:    suite.connMock,
+		tracker: suite.tracker,
+	}
+}
+
+func (suite *ConnIdleTimeoutTestSuite) TearDownTest() {
+	suite.connMock.AssertExpectations(suite.T())
+}
+
+func (suite *ConnIdleTimeoutTestSuite) TestReadOk() {
+	suite.connMock.On("SetReadDeadline", mock.Anything).Return(nil)
+	suite.connMock.On("Read", mock.Anything).Once().Return(5, nil)
+
+	n, err := suite.conn.Read(make([]byte, 10))
+	suite.NoError(err)
+	suite.Equal(5, n)
+}
+
+func (suite *ConnIdleTimeoutTestSuite) TestReadNonTimeoutErr() {
+	suite.connMock.On("SetReadDeadline", mock.Anything).Return(nil)
+	suite.connMock.On("Read", mock.Anything).Once().Return(0, io.EOF)
+
+	n, err := suite.conn.Read(make([]byte, 10))
+	suite.True(errors.Is(err, io.EOF))
+	suite.Equal(0, n)
+}
+
+func (suite *ConnIdleTimeoutTestSuite) TestReadTimeoutRetriesWhenNotIdle() {
+	suite.connMock.On("SetReadDeadline", mock.Anything).Return(nil)
+	suite.connMock.On("Read", mock.Anything).Once().Return(0, netTimeoutError{})
+	suite.connMock.On("Read", mock.Anything).Once().Return(5, nil)
+
+	n, err := suite.conn.Read(make([]byte, 10))
+	suite.NoError(err)
+	suite.Equal(5, n)
+}
+
+func (suite *ConnIdleTimeoutTestSuite) TestReadTimeoutClosesWhenIdle() {
+	suite.tracker = newIdleTracker(time.Millisecond)
+	suite.conn = connIdleTimeout{
+		Conn:    suite.connMock,
+		tracker: suite.tracker,
+	}
+
+	time.Sleep(5 * time.Millisecond)
+
+	suite.connMock.On("SetReadDeadline", mock.Anything).Return(nil)
+	suite.connMock.On("Read", mock.Anything).Once().Return(0, netTimeoutError{})
+
+	n, err := suite.conn.Read(make([]byte, 10))
+	suite.Equal(0, n)
+
+	netErr, ok := err.(net.Error) //nolint: errorlint
+	suite.True(ok)
+	suite.True(netErr.Timeout())
+}
+
+func (suite *ConnIdleTimeoutTestSuite) TestSharedTrackerPreventsFalseTimeout() {
+	connMock2 := &testlib.EssentialsConnMock{}
+	conn2 := connIdleTimeout{
+		Conn:    connMock2,
+		tracker: suite.tracker,
+	}
+
+	connMock2.On("SetWriteDeadline", mock.Anything).Return(nil)
+	connMock2.On("Write", mock.Anything).Once().Return(5, nil)
+
+	_, _ = conn2.Write(make([]byte, 5))
+
+	suite.connMock.On("SetReadDeadline", mock.Anything).Return(nil)
+	suite.connMock.On("Read", mock.Anything).Once().Return(0, netTimeoutError{})
+	suite.connMock.On("Read", mock.Anything).Once().Return(3, nil)
+
+	n, err := suite.conn.Read(make([]byte, 10))
+	suite.NoError(err)
+	suite.Equal(3, n)
+
+	connMock2.AssertExpectations(suite.T())
+}
+
+func (suite *ConnIdleTimeoutTestSuite) TestWriteOk() {
+	suite.connMock.On("SetWriteDeadline", mock.Anything).Return(nil)
+	suite.connMock.On("Write", mock.Anything).Once().Return(5, nil)
+
+	n, err := suite.conn.Write(make([]byte, 5))
+	suite.NoError(err)
+	suite.Equal(5, n)
+}
+
+func (suite *ConnIdleTimeoutTestSuite) TestWriteErr() {
+	suite.connMock.On("SetWriteDeadline", mock.Anything).Return(nil)
+	suite.connMock.On("Write", mock.Anything).Once().Return(0, io.EOF)
+
+	n, err := suite.conn.Write(make([]byte, 5))
+	suite.True(errors.Is(err, io.EOF))
+	suite.Equal(0, n)
+}
+
 func TestConnTraffic(t *testing.T) {
 	t.Parallel()
 	suite.Run(t, &ConnTrafficTestSuite{})
 	t.Parallel()
 	suite.Run(t, &ConnProxyProtocolTestSuite{})
 }
+
+func TestIdleTracker(t *testing.T) {
+	t.Parallel()
+	suite.Run(t, &IdleTrackerTestSuite{})
+}
+
+func TestConnIdleTimeout(t *testing.T) {
+	t.Parallel()
+	suite.Run(t, &ConnIdleTimeoutTestSuite{})
+}

mtglib/internal/dc/view.go

 }
 
 func (d dcView) getV4(dc int) []Addr {
-	addrs := d.publicConfigs.getV4(dc)
+	var addrs []Addr
+
 	addrs = append(addrs, defaultDCAddrSet.getV4(dc)...)
+	addrs = append(addrs, d.publicConfigs.getV4(dc)...)
 
 	return addrs
 }
 
 func (d dcView) getV6(dc int) []Addr {
-	addrs := d.publicConfigs.getV6(dc)
+	var addrs []Addr
+
 	addrs = append(addrs, defaultDCAddrSet.getV6(dc)...)
+	addrs = append(addrs, d.publicConfigs.getV6(dc)...)
 
 	return addrs
 }

mtglib/internal/doppel/scout.go

 		client.CloseIdleConnections()
 	}
 
-	if err != nil || len(results.data) == 0 {
+	if err != nil {
 		return ScoutResult{}, err
 	}
 
+	data, writeIndex := results.Snapshot()
+
+	if len(data) == 0 {
+		return ScoutResult{}, nil
+	}
+
 	var result ScoutResult
 
 	// Compute inter-record durations (existing logic).
 	lastTimestamp := time.Time{}
 
-	for i, v := range results.data {
+	for i, v := range data {
 		if v.recordType != tls.TypeApplicationData {
 			continue
 		}
 
 		if lastTimestamp.IsZero() {
 			if i > 0 {
-				lastTimestamp = results.data[i-1].timestamp
+				lastTimestamp = data[i-1].timestamp
 			} else {
 				lastTimestamp = v.timestamp
 			}
 	// Compute cert size: sum of ApplicationData payload between CCS and
 	// the first client Write (which marks the end of server handshake).
 	seenCCS := false
-	boundary := results.writeIndex
+	boundary := writeIndex
 	if boundary < 0 {
-		boundary = len(results.data)
+		boundary = len(data)
 	}
 
-	for i, v := range results.data {
+	for i, v := range data {
 		if i >= boundary {
 			break
 		}

mtglib/internal/doppel/scout_conn_collected.go

 package doppel
 
-import "time"
+import (
+	"slices"
+	"sync"
+	"time"
+)
 
 const (
 	ScoutConnCollectedPreallocSize = 100
 }
 
 type ScoutConnCollected struct {
+	mu         sync.Mutex
 	data       []ScoutConnResult
 	writeIndex int // index at which client first wrote post-handshake data; -1 if not set
 }
 
 func (s *ScoutConnCollected) Add(record byte, payloadLen int) {
+	s.mu.Lock()
 	s.data = append(s.data, ScoutConnResult{
 		timestamp:  time.Now(),
 		recordType: record,
 		payloadLen: payloadLen,
 	})
+	s.mu.Unlock()
 }
 
 // MarkWrite records the current data length as the handshake boundary.
 func (s *ScoutConnCollected) MarkWrite() {
+	s.mu.Lock()
 	if s.writeIndex < 0 {
 		s.writeIndex = len(s.data)
 	}
+	s.mu.Unlock()
+}
+
+// Snapshot returns a copy of the collected data and the write index.
+func (s *ScoutConnCollected) Snapshot() ([]ScoutConnResult, int) {
+	s.mu.Lock()
+	snapshot := slices.Clone(s.data)
+	writeIndex := s.writeIndex
+	s.mu.Unlock()
+
+	return snapshot, writeIndex
 }
 
 func NewScoutConnCollected() *ScoutConnCollected {

mtglib/internal/doppel/scout_conn_collected_test.go

 package doppel
 
 import (
+	"sync"
 	"testing"
 	"time"
 
 	collected := NewScoutConnCollected()
 	collected.Add(tls.TypeApplicationData, 100)
 
-	suite.Len(collected.data, 1)
-	suite.Equal(byte(tls.TypeApplicationData), collected.data[0].recordType)
+	data, _ := collected.Snapshot()
+
+	suite.Len(data, 1)
+	suite.Equal(byte(tls.TypeApplicationData), data[0].recordType)
 }
 
 func (suite *ScoutConnCollectedTestSuite) TestAddTimestampsAreMonotonic() {
 	time.Sleep(time.Microsecond)
 	collected.Add(tls.TypeApplicationData, 100)
 
-	for i := 1; i < len(collected.data); i++ {
-		suite.True(collected.data[i].timestamp.After(collected.data[i-1].timestamp))
+	data, _ := collected.Snapshot()
+
+	for i := 1; i < len(data); i++ {
+		suite.True(data[i].timestamp.After(data[i-1].timestamp))
 	}
 }
 
+func (suite *ScoutConnCollectedTestSuite) TestConcurrentAddSnapshot() {
+	collected := NewScoutConnCollected()
+
+	var wg sync.WaitGroup
+
+	wg.Add(3)
+
+	go func() {
+		defer wg.Done()
+
+		for i := 0; i < 1000; i++ {
+			collected.Add(tls.TypeApplicationData, i)
+		}
+	}()
+
+	go func() {
+		defer wg.Done()
+
+		for i := 0; i < 100; i++ {
+			collected.MarkWrite()
+		}
+	}()
+
+	go func() {
+		defer wg.Done()
+
+		for i := 0; i < 1000; i++ {
+			// call Snapshot concurrently to exercise the lock under -race
+			collected.Snapshot() //nolint:errcheck
+		}
+	}()
+
+	wg.Wait()
+
+	data, writeIndex := collected.Snapshot()
+	suite.Len(data, 1000)
+	suite.GreaterOrEqual(writeIndex, 0)
+}
+
 func TestScoutConnCollected(t *testing.T) {
 	t.Parallel()
 	suite.Run(t, &ScoutConnCollectedTestSuite{})

mtglib/internal/tls/fake/client_side.go

 	"crypto/sha256"
 	"crypto/subtle"
 	"encoding/binary"
+	"errors"
 	"fmt"
 	"io"
 	"net"
 	RandomOffset = 1 + 2 + 2 + 1 + 3 + 2
 
 	sniDNSNamesListType = 0
+
+	// maxContinuationRecords limits the number of continuation TLS records
+	// that reassembleTLSHandshake will read. This prevents resource exhaustion
+	// from adversarial fragmentation.
+	maxContinuationRecords = 10
 )
 
 var (
 	}
 	defer conn.SetReadDeadline(resetDeadline) //nolint: errcheck
 
+	reassembled, err := reassembleTLSHandshake(conn)
+	if err != nil {
+		return nil, fmt.Errorf("cannot reassemble TLS records: %w", err)
+	}
+
 	handshakeCopyBuf := &bytes.Buffer{}
-	reader := io.TeeReader(conn, handshakeCopyBuf)
+	reader := io.TeeReader(reassembled, handshakeCopyBuf)
 
-	reader, err := parseTLSHeader(reader)
-	if err != nil {
-		return nil, fmt.Errorf("cannot parse tls header: %w", err)
+	// Skip the TLS record header (validated during reassembly).
+	// The header still flows through TeeReader into handshakeCopyBuf for HMAC.
+	if _, err = io.CopyN(io.Discard, reader, tls.SizeHeader); err != nil {
+		return nil, fmt.Errorf("cannot skip tls header: %w", err)
 	}
 
 	reader, err = parseHandshakeHeader(reader)
 	return nil, ErrBadDigest
 }
 
-func parseTLSHeader(r io.Reader) (io.Reader, error) {
-	// record_type(1) + version(2) + size(2)
-	//   16 - type is 0x16 (handshake record)
-	//   03 01 - protocol version is "3,1" (also known as TLS 1.0)
-	//   00 f8 - 0xF8 (248) bytes of handshake message follows
-	header := [1 + 2 + 2]byte{}
-
-	if _, err := io.ReadFull(r, header[:]); err != nil {
+// reassembleTLSHandshake reads one or more TLS records from conn,
+// validates the record type and version, and reassembles fragmented
+// handshake payloads into a single TLS record.
+//
+// Per RFC 5246 Section 6.2.1, handshake messages may be fragmented
+// across multiple TLS records. DPI bypass tools like ByeDPI use this
+// to evade censorship.
+//
+// The returned buffer contains the full TLS record (header + payload)
+// so that callers can include the header in HMAC computation.
+func reassembleTLSHandshake(conn io.Reader) (*bytes.Buffer, error) {
+	header := [tls.SizeHeader]byte{}
+
+	if _, err := io.ReadFull(conn, header[:]); err != nil {
 		return nil, fmt.Errorf("cannot read record header: %w", err)
 	}
 
+	length := int64(binary.BigEndian.Uint16(header[3:]))
+	payload := &bytes.Buffer{}
+
+	if _, err := io.CopyN(payload, conn, length); err != nil {
+		return nil, fmt.Errorf("cannot read record payload: %w", err)
+	}
+
 	if header[0] != tls.TypeHandshake {
 		return nil, fmt.Errorf("unexpected record type %#x", header[0])
 	}
 		return nil, fmt.Errorf("unexpected protocol version %#x %#x", header[1], header[2])
 	}
 
-	length := int64(binary.BigEndian.Uint16(header[3:]))
-	buf := &bytes.Buffer{}
+	// Reassemble fragmented payload. continuationCount caps the total
+	// number of continuation records across both phases below.
+	continuationCount := 0
 
-	_, err := io.CopyN(buf, r, length)
+	// Phase 1: read continuation records until we have at least the
+	// 4-byte handshake header (type + uint24 length) to determine the
+	// expected total size.
+	for ; payload.Len() < 4 && continuationCount < maxContinuationRecords; continuationCount++ {
+		prevLen := payload.Len()
 
-	return buf, err
+		if err := readContinuationRecord(conn, payload); err != nil {
+			payload.Truncate(prevLen) // discard partial data on error
+
+			if errors.Is(err, io.EOF) || errors.Is(err, io.ErrUnexpectedEOF) {
+				break // no more records — let downstream parsing handle what we have
+			}
+
+			return nil, err
+		}
+	}
+
+	// Phase 2: we know the expected handshake size — read remaining
+	// continuation records until the payload is complete.
+	if payload.Len() >= 4 {
+		p := payload.Bytes()
+		expectedTotal := 4 + (int(p[1])<<16 | int(p[2])<<8 | int(p[3]))
+
+		if expectedTotal > 0xFFFF {
+			return nil, fmt.Errorf("handshake message too large: %d bytes", expectedTotal)
+		}
+
+		for ; payload.Len() < expectedTotal && continuationCount < maxContinuationRecords; continuationCount++ {
+			if err := readContinuationRecord(conn, payload); err != nil {
+				return nil, err
+			}
+		}
+
+		if payload.Len() < expectedTotal {
+			return nil, fmt.Errorf("cannot reassemble handshake: too many continuation records")
+		}
+
+		payload.Truncate(expectedTotal)
+	}
+
+	if payload.Len() > 0xFFFF {
+		return nil, fmt.Errorf("reassembled payload too large: %d bytes", payload.Len())
+	}
+
+	// Reconstruct a single TLS record with the reassembled payload.
+	result := &bytes.Buffer{}
+	result.Grow(tls.SizeHeader + payload.Len())
+	result.Write(header[:3])
+	binary.Write(result, binary.BigEndian, uint16(payload.Len())) //nolint:errcheck // bytes.Buffer.Write never fails
+	result.Write(payload.Bytes())
+
+	return result, nil
+}
+
+// readContinuationRecord reads the next TLS record header and appends its
+// full payload to dst. It returns an error if the record is not a handshake
+// record.
+func readContinuationRecord(conn io.Reader, dst *bytes.Buffer) error {
+	nextHeader := [tls.SizeHeader]byte{}
+
+	if _, err := io.ReadFull(conn, nextHeader[:]); err != nil {
+		return fmt.Errorf("cannot read continuation record header: %w", err)
+	}
+
+	if nextHeader[0] != tls.TypeHandshake {
+		return fmt.Errorf("unexpected continuation record type %#x", nextHeader[0])
+	}
+
+	if nextHeader[1] != 3 || nextHeader[2] != 1 {
+		return fmt.Errorf("unexpected continuation record version %#x %#x", nextHeader[1], nextHeader[2])
+	}
+
+	nextLength := int64(binary.BigEndian.Uint16(nextHeader[3:]))
+
+	if nextLength == 0 {
+		return fmt.Errorf("zero-length continuation record")
+	}
+
+	if _, err := io.CopyN(dst, conn, nextLength); err != nil {
+		return fmt.Errorf("cannot read continuation record payload: %w", err)
+	}
+
+	return nil
 }
 
 func parseHandshakeHeader(r io.Reader) (io.Reader, error) {

mtglib/internal/tls/fake/client_side_test.go

 	t.Parallel()
 	suite.Run(t, &ReadClientHelloMultiTestSuite{})
 }
+
+// --- Fragmented TLS record tests ---
+
+// fragmentTLSRecord splits a single TLS record into n TLS records by
+// dividing the payload into roughly equal parts. Each part gets its own
+// TLS record header with the same record type and version.
+func fragmentTLSRecord(t testing.TB, full []byte, n int) []byte {
+	t.Helper()
+
+	recordType := full[0]
+	version := full[1:3]
+	payload := full[tls.SizeHeader:]
+
+	chunkSize := len(payload) / n
+	result := &bytes.Buffer{}
+
+	for i := 0; i < n; i++ {
+		start := i * chunkSize
+		end := start + chunkSize
+
+		if i == n-1 {
+			end = len(payload)
+		}
+
+		chunk := payload[start:end]
+		result.WriteByte(recordType)
+		result.Write(version)
+		require.NoError(t, binary.Write(result, binary.BigEndian, uint16(len(chunk))))
+		result.Write(chunk)
+	}
+
+	return result.Bytes()
+}
+
+// splitPayloadAt creates two TLS records from a single record by splitting
+// the payload at the given byte position.
+func splitPayloadAt(t testing.TB, full []byte, pos int) []byte {
+	t.Helper()
+
+	payload := full[tls.SizeHeader:]
+	buf := &bytes.Buffer{}
+
+	buf.WriteByte(tls.TypeHandshake)
+	buf.Write(full[1:3])
+	require.NoError(t, binary.Write(buf, binary.BigEndian, uint16(pos)))
+	buf.Write(payload[:pos])
+
+	buf.WriteByte(tls.TypeHandshake)
+	buf.Write(full[1:3])
+	require.NoError(t, binary.Write(buf, binary.BigEndian, uint16(len(payload)-pos)))
+	buf.Write(payload[pos:])
+
+	return buf.Bytes()
+}
+
+type ParseClientHelloFragmentedTestSuite struct {
+	suite.Suite
+
+	secret   mtglib.Secret
+	snapshot *clientHelloSnapshot
+}
+
+func (s *ParseClientHelloFragmentedTestSuite) SetupSuite() {
+	parsed, err := mtglib.ParseSecret(
+		"ee367a189aee18fa31c190054efd4a8e9573746f726167652e676f6f676c65617069732e636f6d",
+	)
+	require.NoError(s.T(), err)
+
+	s.secret = parsed
+
+	fileData, err := os.ReadFile("testdata/client-hello-ok-19dfe38384b9884b.json")
+	require.NoError(s.T(), err)
+
+	s.snapshot = &clientHelloSnapshot{}
+	require.NoError(s.T(), json.Unmarshal(fileData, s.snapshot))
+}
+
+func (s *ParseClientHelloFragmentedTestSuite) makeConn(data []byte) *parseClientHelloConnMock {
+	readBuf := &bytes.Buffer{}
+	readBuf.Write(data)
+
+	connMock := &parseClientHelloConnMock{
+		readBuf: readBuf,
+	}
+
+	connMock.
+		On("SetReadDeadline", mock.AnythingOfType("time.Time")).
+		Twice().
+		Return(nil)
+
+	return connMock
+}
+
+func (s *ParseClientHelloFragmentedTestSuite) TestReassemblySuccess() {
+	full := s.snapshot.GetFull()
+
+	tests := []struct {
+		name string
+		data []byte
+	}{
+		{"two equal fragments", fragmentTLSRecord(s.T(), full, 2)},
+		{"three equal fragments", fragmentTLSRecord(s.T(), full, 3)},
+		{"single byte first fragment", splitPayloadAt(s.T(), full, 1)},
+		{"three byte first fragment", splitPayloadAt(s.T(), full, 3)},
+	}
+
+	for _, tt := range tests {
+		s.Run(tt.name, func() {
+			connMock := s.makeConn(tt.data)
+			defer connMock.AssertExpectations(s.T())
+
+			hello, err := fake.ReadClientHello(
+				connMock,
+				s.secret.Key[:],
+				s.secret.Host,
+				TolerateTime,
+			)
+			s.Require().NoError(err)
+
+			s.Equal(s.snapshot.GetRandom(), hello.Random[:])
+			s.Equal(s.snapshot.GetSessionID(), hello.SessionID)
+			s.Equal(uint16(s.snapshot.CipherSuite), hello.CipherSuite)
+		})
+	}
+}
+
+func (s *ParseClientHelloFragmentedTestSuite) TestReassemblyErrors() {
+	full := s.snapshot.GetFull()
+	payload := full[tls.SizeHeader:]
+
+	tests := []struct {
+		name      string
+		buildData func() []byte
+		errMsg    string
+	}{
+		{
+			name: "wrong continuation record type",
+			buildData: func() []byte {
+				buf := &bytes.Buffer{}
+				buf.WriteByte(tls.TypeHandshake)
+				buf.Write(full[1:3])
+				require.NoError(s.T(), binary.Write(buf, binary.BigEndian, uint16(10)))
+				buf.Write(payload[:10])
+				// Wrong type: application data instead of handshake
+				buf.WriteByte(tls.TypeApplicationData)
+				buf.Write(full[1:3])
+				require.NoError(s.T(), binary.Write(buf, binary.BigEndian, uint16(len(payload)-10)))
+				buf.Write(payload[10:])
+				return buf.Bytes()
+			},
+			errMsg: "unexpected continuation record type",
+		},
+		{
+			name: "too many continuation records",
+			buildData: func() []byte {
+				// Handshake header claiming 256 bytes, but we only send 1 byte per continuation
+				handshakePayload := []byte{0x01, 0x00, 0x01, 0x00}
+				buf := &bytes.Buffer{}
+				buf.WriteByte(tls.TypeHandshake)
+				buf.Write([]byte{3, 1})
+				require.NoError(s.T(), binary.Write(buf, binary.BigEndian, uint16(len(handshakePayload))))
+				buf.Write(handshakePayload)
+				for range 11 {
+					buf.WriteByte(tls.TypeHandshake)
+					buf.Write([]byte{3, 1})
+					require.NoError(s.T(), binary.Write(buf, binary.BigEndian, uint16(1)))
+					buf.WriteByte(0xAB)
+				}
+				return buf.Bytes()
+			},
+			errMsg: "too many continuation records",
+		},
+		{
+			name: "zero-length continuation record",
+			buildData: func() []byte {
+				buf := &bytes.Buffer{}
+				buf.WriteByte(tls.TypeHandshake)
+				buf.Write(full[1:3])
+				require.NoError(s.T(), binary.Write(buf, binary.BigEndian, uint16(10)))
+				buf.Write(payload[:10])
+				// Valid header but zero-length payload
+				buf.WriteByte(tls.TypeHandshake)
+				buf.Write(full[1:3])
+				require.NoError(s.T(), binary.Write(buf, binary.BigEndian, uint16(0)))
+				return buf.Bytes()
+			},
+			errMsg: "zero-length continuation record",
+		},
+		{
+			name: "wrong continuation record version",
+			buildData: func() []byte {
+				buf := &bytes.Buffer{}
+				buf.WriteByte(tls.TypeHandshake)
+				buf.Write(full[1:3])
+				require.NoError(s.T(), binary.Write(buf, binary.BigEndian, uint16(10)))
+				buf.Write(payload[:10])
+				// Wrong version: 3.3 instead of 3.1
+				buf.WriteByte(tls.TypeHandshake)
+				buf.Write([]byte{3, 3})
+				require.NoError(s.T(), binary.Write(buf, binary.BigEndian, uint16(len(payload)-10)))
+				buf.Write(payload[10:])
+				return buf.Bytes()
+			},
+			errMsg: "unexpected continuation record version",
+		},
+		{
+			name: "handshake message too large",
+			buildData: func() []byte {
+				// Handshake header claiming 0x010000 (65536) bytes — exceeds 0xFFFF limit
+				handshakePayload := []byte{0x01, 0x01, 0x00, 0x00}
+				buf := &bytes.Buffer{}
+				buf.WriteByte(tls.TypeHandshake)
+				buf.Write([]byte{3, 1})
+				require.NoError(s.T(), binary.Write(buf, binary.BigEndian, uint16(len(handshakePayload))))
+				buf.Write(handshakePayload)
+				return buf.Bytes()
+			},
+			errMsg: "handshake message too large",
+		},
+		{
+			name: "truncated continuation record header",
+			buildData: func() []byte {
+				buf := &bytes.Buffer{}
+				buf.WriteByte(tls.TypeHandshake)
+				buf.Write(full[1:3])
+				require.NoError(s.T(), binary.Write(buf, binary.BigEndian, uint16(10)))
+				buf.Write(payload[:10])
+				// Connection ends mid-header (only 2 bytes)
+				buf.WriteByte(tls.TypeHandshake)
+				buf.WriteByte(3)
+				return buf.Bytes()
+			},
+			errMsg: "cannot read continuation record header",
+		},
+		{
+			name: "truncated continuation record payload",
+			buildData: func() []byte {
+				buf := &bytes.Buffer{}
+				buf.WriteByte(tls.TypeHandshake)
+				buf.Write(full[1:3])
+				require.NoError(s.T(), binary.Write(buf, binary.BigEndian, uint16(10)))
+				buf.Write(payload[:10])
+				// Claims 100 bytes but no payload follows
+				buf.WriteByte(tls.TypeHandshake)
+				buf.Write(full[1:3])
+				require.NoError(s.T(), binary.Write(buf, binary.BigEndian, uint16(100)))
+				return buf.Bytes()
+			},
+			errMsg: "cannot read continuation record payload",
+		},
+	}
+
+	for _, tt := range tests {
+		s.Run(tt.name, func() {
+			connMock := s.makeConn(tt.buildData())
+			defer connMock.AssertExpectations(s.T())
+
+			_, err := fake.ReadClientHello(
+				connMock,
+				s.secret.Key[:],
+				s.secret.Host,
+				TolerateTime,
+			)
+			s.ErrorContains(err, tt.errMsg)
+		})
+	}
+}
+
+func TestParseClientHelloFragmented(t *testing.T) {
+	t.Parallel()
+	suite.Run(t, &ParseClientHelloFragmentedTestSuite{})
+}

mtglib/proxy.go

 		return
 	}
 
+	tracker := newIdleTracker(p.idleTimeout)
+
 	relay.Relay(
 		ctx,
 		ctx.logger.Named("relay"),
-		connIdleTimeout{Conn: ctx.telegramConn, timeout: p.idleTimeout},
-		newCountingConn(connIdleTimeout{Conn: ctx.clientConn, timeout: p.idleTimeout}, p.stats, ctx.secretName),
+		connIdleTimeout{Conn: ctx.telegramConn, tracker: tracker},
+		newCountingConn(connIdleTimeout{Conn: ctx.clientConn, tracker: tracker}, p.stats, ctx.secretName),
 	)
 }
 
 		stream:   p.eventStream,
 	}
 
+	tracker := newIdleTracker(p.idleTimeout)
+
 	relay.Relay(
 		ctx,
 		ctx.logger.Named("domain-fronting"),
-		connIdleTimeout{Conn: frontConn, timeout: p.idleTimeout},
-		connIdleTimeout{Conn: conn, timeout: p.idleTimeout},
+		connIdleTimeout{Conn: frontConn, tracker: tracker},
+		connIdleTimeout{Conn: conn, tracker: tracker},
 	)
 }
 

mtglib/proxy_test.go

 	addr := fmt.Sprintf("https://%s/headers", suite.ProxyAddress())
 
 	resp, err := client.Get(addr) //nolint: noctx
-	suite.NoError(err)
+	suite.Require().NoError(err)
 
 	defer resp.Body.Close() //nolint: errcheck