Skip to content

Comments

fix(client): Generate unique tunnel IDs for each protocol configuration#2

Merged
dviejokfs merged 9 commits intomainfrom
feat/fix-connectivity-issues
Feb 7, 2026
Merged

fix(client): Generate unique tunnel IDs for each protocol configuration#2
dviejokfs merged 9 commits intomainfrom
feat/fix-connectivity-issues

Conversation

@dviejokfs
Copy link
Contributor

@dviejokfs dviejokfs commented Feb 7, 2026

Pull Request

Title

fix(client): Generate unique tunnel IDs for each protocol configuration

Description

Problem

When creating multiple TLS tunnels with the same JWT token, only one tunnel would appear in the UI. This was because the localup_id was generated solely from the auth token, causing all tunnels with the same token to get the same ID. Since tunnels are stored in a HashMap keyed by localup_id, subsequent tunnels would overwrite previous ones.

Root Cause

The function generate_localup_id_from_token() only hashed the auth token:

// Before: Same token → Same localup_id (overwrites other tunnels)
fn generate_localup_id_from_token(token: &str) -> String {
    token.hash(&mut hasher);
    // ...
}

Solution

Renamed and updated the function to generate_localup_id_from_token_and_protocols() which now includes ALL protocol parameters in the hash:

Protocol Parameters included in hash
HTTP local_port, subdomain, custom_domain
HTTPS local_port, subdomain, custom_domain
TCP local_port, remote_port
TLS local_port, sni_hostnames[], http_port

This ensures:

  • ✅ Different TLS tunnels with different SNI hostnames get unique IDs
  • ✅ Different HTTP tunnels with different subdomains get unique IDs
  • ✅ Different TCP tunnels with different ports get unique IDs
  • ✅ Same token + same protocol config = same ID (reconnection support preserved)

Changes

  • crates/localup-client/src/localup.rs:

    • Renamed generate_localup_id_from_token()generate_localup_id_from_token_and_protocols()
    • Added hashing of all protocol parameters (local_port, subdomain, sni_hostnames, etc.)
    • Added 11 unit tests to verify unique ID generation for all parameter combinations

  • crates/localup-proto/src/messages.rs:

    • Fixed clippy warning: replaced manual impl Default with #[derive(Default)] for HttpAuthConfig

  • crates/localup-cert/src/acme.rs:

    • Removed unused error import

Testing

Added 11 unit tests covering:

  • Same token + same protocol → same ID
  • Same token + different subdomain → different IDs
  • Same token + different SNI hostnames → different IDs
  • Same token + different local_port → different IDs
  • Same token + different remote_port → different IDs
  • Same token + different http_port → different IDs
  • Different tokens + same protocol → different IDs
  • UUID format validation
  • Multiple SNI patterns (order matters)

All tests pass:

running 11 tests
test localup::tests::test_generate_localup_id_* ... ok
test result: ok. 11 passed; 0 failed

Breaking Changes

None. The change is backward compatible:

  • Existing tunnels will get new IDs on next connection (expected behavior)
  • Reconnection with same token + same config still gets the same ID

@dviejokfs
Increase buffer size and adjust read timeout for improved performance…
6311e10 
… in TunnelConnection

- Updated the temporary buffer size from 8KB to 64KB to enhance performance when handling large responses.
- Changed the read timeout from 100ms to 5 seconds to provide a more reasonable waiting period for data, reducing unnecessary timeouts and improving reliability in reading responses.

These changes optimize the handling of network responses, ensuring better performance and user experience in the application.
@dviejokfs
Enhance IP filtering logging and adjust QUIC connection timeouts
c4d5fc1 
- Improved logging for denied connections by including the peer IP and allowed IP filter in the warning message.
- Reduced the keep-alive interval from 5 seconds to 3 seconds for quicker disconnect detection.
- Decreased the max idle timeout from 30 seconds to 10 seconds to facilitate faster detection of dead connections.

These changes enhance monitoring of connection attempts and optimize connection management in the QUIC configuration.
@dviejokfs
feat(tls): Add support for multiple SNI patterns including wildcards
1cceb55 
This change enables TLS tunnels to register multiple SNI hostnames/patterns
for routing, including wildcard domains like *.local-abc123.myapp.dev.

Key changes:
- Protocol::Tls now uses sni_patterns: Vec<String> instead of single pattern
- ProtocolConfig::Tls uses sni_hostnames: Vec<String>
- CLI --custom-domain accepts multiple values for TLS tunnels
- Control handler registers/unregisters multiple SNI routes per tunnel
- .localup.yml config supports sni_hostnames array for TLS tunnels

This is useful for desktop applications that manage their own TLS
certificates and need to route traffic for multiple domains through
a single tunnel connection.

Tests added:
- Config serialization/deserialization with multiple SNI patterns
- Protocol message tests for Vec<String> patterns
- Router tests for multiple pattern registration/unregistration
- Project config tests for YAML parsing with multiple hostnames
@dviejokfs
fix(tls): Register wildcard SNI patterns using wildcard route registry
e9d235b 
Wildcard patterns like *.example.com were being registered as exact
matches, which prevented proper pattern matching when looking up routes.

Now wildcard patterns are detected using WildcardPattern::is_wildcard_pattern()
and registered using register_wildcard() for proper fallback matching.
Unregistration also uses unregister_wildcard() for wildcard patterns.
@dviejokfs
feat(logging): Enhance TLS endpoint logging with SNI pattern details
7aa3620 
- Add detailed logging for TLS endpoints showing SNI pattern count
- Log individual endpoints with their public URLs
- Fix clippy warning for redundant local variable in test
@dviejokfs
feat(tls): Add TLS/SNI passthrough support with metrics tracking
9139c8e 
- Introduced a new relay-tls target in the Makefile for starting a TLS/SNI passthrough relay.
- Enhanced TlsServer to track connection metrics, including bytes received and sent, and store them in a database.
- Added support for generating TLS certificates and starting TLS echo and HTTPS test servers.
- Updated Cargo.toml to include new dependencies for database and metrics tracking.
- Improved logging for TLS connections, including detailed information on connection status and metrics.
@dviejokfs
feat(http): Add HTTP passthrough support for TLS tunnels
dd0eba1 
- Introduced new configuration options for HTTP passthrough in the CLI, allowing users to specify an HTTP backend port for TLS tunnels.
- Enhanced the Makefile with new targets for starting HTTP passthrough servers alongside existing TLS functionality.
- Implemented an HTTP passthrough server that routes requests based on the Host header, preserving the original request/response flow.
- Updated the localup CLI to handle HTTP passthrough configurations, including command-line arguments for HTTP redirect and passthrough addresses.
- Added integration tests to verify the correct behavior of HTTP passthrough functionality and ensure compatibility with existing tunnel configurations.
@dviejokfs
refactor(tls): Update SNI hostname handling in ProtocolConfig
6f31e3e
@dviejokfs
refactor(localup): Enhance localup_id generation to include protocol …
522939e 
…configurations

- Updated the localup_id generation function to incorporate protocol configurations, ensuring unique IDs for different tunnel setups.
- Refactored related functions and added tests to validate the new behavior, ensuring consistent ID generation based on token and protocol parameters.
- Cleaned up unused imports in related files for better code clarity.
@dviejokfs dviejokfs merged commit 22bb352 into main Feb 7, 2026
1 of 2 checks passed
@dviejokfs dviejokfs deleted the feat/fix-connectivity-issues branch February 7, 2026 07:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@dviejokfs