Smux added - Dynamic parallel tunnel instead of fixed one

Author: AmiRCandy

README.md

@@ -15,9 +15,10 @@
 | Control channel | Spoofed ICMP Echo Request/Reply (looks like ping traffic) |
 | Reliable delivery | Selective Repeat ARQ with per-packet retransmission |
 | Congestion control | TCP-like AIMD: slow-start, congestion avoidance, fast retransmit, RTT estimation (RFC 6298) |
+| Stream multiplexing | SMUX-style framed multiplexing of many proxy streams over shared transport lanes |
 | SOCKS5 proxy | Local proxy on port 1080 – route any app through the tunnel |
 | Whitelist validation | Packets from unknown IPs are silently dropped |
-| Multiple tunnels | Configurable number of parallel independent tunnels |
+| Dynamic parallel tunnels | Runtime scales active lanes from 1 up to `tunnel_count` as concurrent streams increase |
 | Pre-shared key | Optional PSK for packet authentication |
 
 ## Prerequisites
@@ -79,7 +80,7 @@ After starting the client, configure your applications (browser, curl, etc.) to
 | `allowed_peers` | both | Extra IPs to whitelist |
 | `interface` | both | Network interface (e.g. `eth0`) |
 | `socks5_port` | client | Local SOCKS5 proxy port (default `1080`) |
-| `tunnel_count` | both | Number of parallel tunnels (default `4`) |
+| `tunnel_count` | both | Max dynamic parallel lanes used by smux transport (default `4`) |
 | `mtu` | both | Max payload bytes per packet (default `1380`) |
 | `initial_cwnd` | both | Initial congestion window in packets (default `10`) |
 
@@ -131,7 +132,7 @@ Refer to `config/client.toml` and `config/server.toml` for complete configuratio
 
 ## Performance Tips
 
-- Increase `tunnel_count` for higher parallelism on fast links.
+- Increase `tunnel_count` to allow more dynamic parallel transport lanes on busy links.
 - Tune `mtu` to match path MTU (`tracepath` helps).
 - Raise `initial_cwnd` (e.g. `30`) on low-latency links to reduce slow-start
   ramp-up time.

src/bin/client.rs

@@ -14,6 +14,7 @@ use clap::Parser;
 
 use candy_spoof::config::Config;
 use candy_spoof::raw_socket::{RawReceiver, RawSender};
+use candy_spoof::smux::SmuxClient;
 use candy_spoof::socks5::run_socks5;
 use candy_spoof::tunnel::{PeerAddr, TunnelManager};
 
@@ -67,6 +68,7 @@ async fn main() -> Result<()> {
         is_server:   false,
     };
     let manager = TunnelManager::new(sender, peer_addr, cfg.clone());
+    let smux = SmuxClient::new(cfg.clone(), manager.clone()).await?;
 
     // ── Background task: process incoming packets ─────────────────────────────
     let mgr2 = manager.clone();
@@ -98,7 +100,7 @@ async fn main() -> Result<()> {
     });
 
     // ── Foreground: SOCKS5 proxy ──────────────────────────────────────────────
-    run_socks5(cfg, manager).await?;
+    run_socks5(cfg, smux).await?;
 
     Ok(())
 }

src/bin/server.rs

@@ -9,14 +9,12 @@
 use std::sync::Arc;
 use std::time::Duration;
 
-use anyhow::{Context, Result};
-use bytes::Bytes;
+use anyhow::Result;
 use clap::Parser;
-use tokio::io::{AsyncReadExt, AsyncWriteExt};
-use tokio::net::TcpStream;
 
 use candy_spoof::config::Config;
 use candy_spoof::raw_socket::{RawReceiver, RawSender};
+use candy_spoof::smux::SmuxServer;
 use candy_spoof::tunnel::{PeerAddr, TunnelManager};
 
 #[derive(Parser, Debug)]
@@ -62,6 +60,7 @@ async fn main() -> Result<()> {
         is_server:   true,
     };
     let manager = TunnelManager::new(sender, peer_addr, cfg.clone());
+    let smux = SmuxServer::new(cfg.clone(), manager.clone()).await?;
 
     // ── Periodic housekeeping ────────────────────────────────────────────────
     let mgr_tick = manager.clone();
@@ -93,10 +92,9 @@ async fn main() -> Result<()> {
         {
             Ok(Some((syn_pkt, src_ip))) => {
                 // New tunnel request – accept it and spawn a session handler.
-                let mgr2 = manager.clone();
-                let cfg2 = cfg.clone();
+                let smux2 = smux.clone();
                 tokio::spawn(async move {
-                    if let Err(e) = handle_new_tunnel(syn_pkt, src_ip, mgr2, cfg2).await {
+                    if let Err(e) = smux2.attach_syn(syn_pkt, src_ip).await {
                         log::warn!("session error: {}", e);
                     }
                 });
@@ -108,94 +106,3 @@ async fn main() -> Result<()> {
 
     Ok(())
 }
-
-// ── New-tunnel handler ────────────────────────────────────────────────────────
-
-/// Accept a SYN, wait for the first DATA packet containing the CONNECT
-/// destination, open a TCP connection to that destination, and relay data.
-async fn handle_new_tunnel(
-    syn:     candy_spoof::packet::CandyPacket,
-    src_ip:  std::net::Ipv4Addr,
-    manager: TunnelManager,
-    cfg:     Arc<Config>,
-) -> Result<()> {
-    let (tunnel_id, mut app_rx, net_tx) = manager
-        .accept_syn(syn, src_ip)
-        .await
-        .context("accept_syn")?;
-
-    // First message from the client is the CONNECT destination.
-    let first_msg = tokio::time::timeout(Duration::from_secs(15), app_rx.recv())
-        .await
-        .context("timeout waiting for CONNECT meta")?
-        .context("tunnel closed before CONNECT meta")?;
-
-    let meta = String::from_utf8_lossy(&first_msg);
-    let (target_host, target_port) = parse_connect_meta(&meta)?;
-
-    log::info!(
-        "tunnel {} forwarding to {}:{}",
-        tunnel_id,
-        target_host,
-        target_port
-    );
-
-    // Open TCP connection to the target.
-    let target_addr = format!("{}:{}", target_host, target_port);
-    let tcp_stream = TcpStream::connect(&target_addr)
-        .await
-        .with_context(|| format!("connect to {}", target_addr))?;
-
-    let (mut tcp_r, mut tcp_w) = tcp_stream.into_split();
-    let mtu = cfg.mtu;
-
-    // Tunnel → TCP
-    let t_to_tcp = tokio::spawn(async move {
-        loop {
-            match app_rx.recv().await {
-                Some(data) => {
-                    if tcp_w.write_all(&data).await.is_err() { break; }
-                }
-                None => break,
-            }
-        }
-    });
-
-    // TCP → tunnel
-    let net_tx2 = net_tx;
-    let tcp_to_t = tokio::spawn(async move {
-        let mut buf = vec![0u8; mtu];
-        loop {
-            match tcp_r.read(&mut buf).await {
-                Ok(0) | Err(_) => break,
-                Ok(n) => {
-                    let chunk = Bytes::copy_from_slice(&buf[..n]);
-                    if net_tx2.send(chunk).await.is_err() { break; }
-                }
-            }
-        }
-    });
-
-    tokio::select! {
-        _ = t_to_tcp => {}
-        _ = tcp_to_t => {}
-    }
-
-    manager.close_tunnel(tunnel_id).await;
-    Ok(())
-}
-
-fn parse_connect_meta(meta: &str) -> Result<(String, u16)> {
-    // Expected format: "CONNECT host:port"
-    let rest = meta
-        .strip_prefix("CONNECT ")
-        .context("missing CONNECT prefix in meta")?;
-    let (host, port_str) = rest
-        .rsplit_once(':')
-        .context("missing ':' in CONNECT meta")?;
-    let port = port_str
-        .trim()
-        .parse::<u16>()
-        .context("invalid port in CONNECT meta")?;
-    Ok((host.to_string(), port))
-}

src/config.rs

@@ -38,7 +38,10 @@ pub struct Config {
     #[serde(default)]
     pub allowed_peers: Vec<Ipv4Addr>,
 
-    /// Number of independent parallel tunnels to maintain.
+    /// Maximum number of parallel smux transport tunnels.
+    ///
+    /// Runtime dynamically scales active lanes from 1 up to this value based
+    /// on concurrent stream count.
     #[serde(default = "default_tunnel_count")]
     pub tunnel_count: usize,
 

src/lib.rs

@@ -5,3 +5,4 @@ pub mod congestion;
 pub mod raw_socket;
 pub mod tunnel;
 pub mod socks5;
+pub mod smux;