glm-5.1
7dcf7502b7
Add stealth mode detection that peeks at the first bytes after TLS handshake to determine SSH vs HTTP protocol. SSH connections proceed to russh handler; non-SSH connections receive a fake nginx 404 response, making the server indistinguishable from an ordinary HTTPS site to scanners and DPI systems. - ProtocolDetection enum (Ssh, Http) for protocol classification - detect_protocol() uses BufReader::fill_buf() to peek without consuming bytes - send_fake_nginx_404() writes HTTP/1.1 404 + Server: nginx headers - validate_stealth_config() enforces TLS transport requirement for stealth - 17 unit tests covering SSH banner, HTTP, random data, and edge cases