ei
Loading Heatmap…

ei pushed to master at ei/finfollow

  • 9905f0c32d Switched to selected mailbox folder, customize target email subject and sender

7 hours ago

ei pushed to master at ei/finfollow

  • e6fc2d68db allow new period format from xlm title

1 week ago

ei synced new reference sni-router-two-service-pointer to ei/mtg from mirror

2 weeks ago

ei synced commits to master at ei/mtg from mirror

  • d095108334 Merge pull request #542 from 9seconds/multiple-ip-detectors
  • feb5a0a6a7 Merge pull request #557 from 9seconds/sni-graceful-degradation Fix SNI check failing when one IP family is undetectable
  • 8cf62d7375 Fix SNI check failing when one IP family is undetectable runSNICheck wired each family's getIP failure through a shared context.WithCancelCause, so a single family's detection failure (for example tcp6 on an IPv4-only-egress server) made the whole check return an error even when the other family was detected and matched. Both callers treat that error as fatal, so a server that is fine on IPv4 failed the SNI check outright -- the exact audience of #529. Mirror the graceful per-family handling access.go already uses: discard the per-family getIP error and report an undetectable family through an empty OurIP4/OurIP6, which both callers already surface via their "cannot detect public IP address" branch. The error return is now reserved for genuine DNS-resolution failure. Removing the shared cancel also makes the two families independent, so a fast-failing family can no longer abort the other family's in-flight detection. Add a regression test that drives the real runSNICheck over a loopback DNS fake and an IPv4-only-egress network fake.
  • 2145159f01 Resolve URLs by using multiple services This PR has an intention of resolving URLs by using multiple endpoints that identify an IP address of the service. This is handy if one service is blocked for some reason. The detection mechanism follows this logic: 1. It tries to access all services in parallel 2. If service respond with some error (like, no route to host for IPv6), then we accurately collect those errors and return a merged one 3. In case of the first IP resolved, we immediately return it. Also, this PR refactors how access and SNI check are performed.
  • Compare 4 commits »

3 weeks ago

ei synced new reference log-time-format to ei/mtg from mirror

3 weeks ago

ei synced and deleted reference multiple-ip-detectors at ei/mtg from mirror

3 weeks ago

ei synced commits to multiple-ip-detectors at ei/mtg from mirror

  • feb5a0a6a7 Merge pull request #557 from 9seconds/sni-graceful-degradation Fix SNI check failing when one IP family is undetectable
  • 8cf62d7375 Fix SNI check failing when one IP family is undetectable runSNICheck wired each family's getIP failure through a shared context.WithCancelCause, so a single family's detection failure (for example tcp6 on an IPv4-only-egress server) made the whole check return an error even when the other family was detected and matched. Both callers treat that error as fatal, so a server that is fine on IPv4 failed the SNI check outright -- the exact audience of #529. Mirror the graceful per-family handling access.go already uses: discard the per-family getIP error and report an undetectable family through an empty OurIP4/OurIP6, which both callers already surface via their "cannot detect public IP address" branch. The error return is now reserved for genuine DNS-resolution failure. Removing the shared cancel also makes the two families independent, so a fast-failing family can no longer abort the other family's in-flight detection. Add a regression test that drives the real runSNICheck over a loopback DNS fake and an IPv4-only-egress network fake.
  • Compare 2 commits »

3 weeks ago

ei synced and deleted reference sni-graceful-degradation at ei/mtg from mirror

3 weeks ago

ei synced new reference sni-graceful-degradation to ei/mtg from mirror

4 weeks ago

ei pushed to master at ei/finfollow

4 weeks ago

ei pushed to master at ei/finfollow

4 weeks ago

ei synced new reference doctor-tls-cert-check to ei/mtg from mirror

1 month ago

ei synced commits to master at ei/mtg from mirror

1 month ago

ei synced and deleted reference upgrade-go at ei/mtg from mirror

1 month ago

ei synced new reference upgrade-go to ei/mtg from mirror

1 month ago

ei synced new reference multiple-ip-detectors to ei/mtg from mirror

1 month ago

ei synced commits to master at ei/mtg from mirror

1 month ago

ei synced commits to master at ei/mtg from mirror

  • 6a939eef6a Merge pull request #528 from 9seconds/refactor/consolidate-sni-check internal/cli: consolidate duplicated SNI-DNS check
  • 2d7c71657c Merge pull request #522 from 9seconds/sni-router-host-mode-real-ips sni-router: host-net HAProxy to preserve real client IPs
  • dca19dcf57 Merge pull request #496 from dolonet/doctor/rpc-probe doctor: deepen DC verification with MTProto handshake probe
  • 9593becc2a internal/cli: consolidate duplicated SNI-DNS check `doctor`'s checkSecretHost and the proxy-startup warnSNIMismatch each carried their own copy of the same logic: resolve the secret hostname, determine the server's public IPv4/IPv6 (config first, getIP fallback), and compare the two sets. Extract that data-gathering into runSNICheck (internal/cli/sni_check.go), returning an sniCheckResult. The success decision stays with each caller because the rules genuinely differ — `doctor` reports OK when any family matches, while the startup warning requires every detected family to match — so only the gathering is shared, not the verdict. No behavior change: both callers produce byte-identical output and the same return values as before.
  • eaff7007fd doctor: deepen DC verification with MTProto handshake probe Closes #494. After a successful TCP connect, run an unauthenticated req_pq_multi -> resPQ exchange via mtglib/dcprobe. This rejects generic listeners that happen to bind 443 but cannot speak MTProto. Output now shows "(rpc <rtt>)" on success; on failure the wrapped error distinguishes "tcp connect to ...: ..." from "rpc handshake to ...: ...". The probe runs by default — an opt-in flag would defeat the purpose, since the existing TCP-only check is what motivated the issue.
  • Compare 9 commits »

1 month ago

ei synced and deleted reference sni-router-host-mode-real-ips at ei/mtg from mirror

1 month ago

ei synced and deleted reference refactor/consolidate-sni-check at ei/mtg from mirror

1 month ago