fix: propagate client transport tag to DC in direct mode (#64)

The proxy always sent 0xeeeeeeee (intermediate, no padding) in the
obfuscated2 init to Telegram DCs, regardless of what the client used.
When clients use 0xdddddddd (random padding) — which ALL clients do
(both dd-prefix and ee-prefix modes) — the DC received padded messages
but expected non-padded, causing parse errors and silent failures.

Fix: store the client's transport tag in extra_int3 and propagate it
through direct_connect_to_dc to tcp_direct_dc_connected, which now
uses it in the DC-bound init instead of the hardcoded 0xeeeeeeee.

Closes #64

Author: dvershinin

.github/workflows/test.yml

@@ -173,12 +173,12 @@ jobs:
 
         # Obfuscated2 direct-mode proxy (no proxy-secret/proxy-multi.conf needed)
         ./mtproto-proxy -u nobody -p 8888 -H 8443 -S $SECRET \
-          --http-stats --direct -M 0 -v 2>obfs2.log &
+          --http-stats --direct -M 0 -v -v -v 2>obfs2.log &
         echo "Started obfs2 direct-mode proxy on port 8443"
 
         # Fake-TLS direct-mode proxy
         ./mtproto-proxy -u nobody -p 9888 -H 9443 -S $SECRET \
-          --http-stats --direct -D ya.ru -M 0 -v 2>faketls.log &
+          --http-stats --direct -D ya.ru -M 0 -v -v -v 2>faketls.log &
         echo "Started fake-TLS direct-mode proxy on port 9443"
 
         # Wait for both proxies to be ready

net/net-tcp-rpc-ext-server.c

@@ -319,8 +319,12 @@ static int tcp_direct_dc_connected (connection_job_t C) {
     *(unsigned *)(init + 4) == 0x00000000
   );
 
-  /* Set protocol tag (intermediate transport) and target DC */
-  *(unsigned *)(init + 56) = 0xeeeeeeee;
+  /* Set protocol tag matching the client's transport and target DC */
+  unsigned client_tag = (unsigned)D->extra_int3;
+  if (!client_tag) {
+    client_tag = 0xeeeeeeee;  /* fallback: intermediate */
+  }
+  *(unsigned *)(init + 56) = client_tag;
   *(short *)(init + 60) = (short)target_dc;
 
   /* Derive AES keys -- NO secret mixing (DCs don't know proxy secret).
@@ -415,8 +419,9 @@ static int direct_connect_to_dc (connection_job_t C, int target_dc) {
     return 0;
   }
 
-  /* Store target DC in the DC connection for the connected callback */
+  /* Store target DC and client transport tag for the connected callback */
   TCP_RPC_DATA(EJ)->extra_int4 = target_dc;
+  TCP_RPC_DATA(EJ)->extra_int3 = TCP_RPC_DATA(C)->extra_int3;  /* client transport tag */
 
   /* Switch client to direct relay mode (keeps existing AES crypto) */
   if (c->flags & C_IS_TLS) {
@@ -1608,6 +1613,7 @@ int tcp_rpcs_compact_parse_execute (connection_job_t C) {
           int target = *(short *)(random_header + 60);
           D->extra_int4 = target;
           D->extra_int2 = secret_id + 1;
+          D->extra_int3 = (int)tag;  /* client transport tag for direct mode */
           vkprintf (1, "tcp opportunistic encryption mode detected, tag = %08x, target=%d, secret [%s]\n", tag, target, ext_secret_label[secret_id]);
           ok = 1;
           break;