🎄 Sync 2024-02-20 09:17

luci-app-passwall2/Makefile

@@ -5,7 +5,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=luci-app-passwall2
-PKG_VERSION:=1.25-5
+PKG_VERSION:=1.26-1
 PKG_RELEASE:=
 
 PKG_CONFIG_DEPENDS:= \

luci-app-passwall2/luasrc/model/cbi/passwall2/client/other.lua

@@ -141,9 +141,25 @@ if has_xray then
 	s_xray.anonymous = true
 	s_xray.addremove = false
 
+	o = s_xray:option(Flag, "fragment", translate("Fragment"), translate("TCP fragments, which can deceive the censorship system in some cases, such as bypassing SNI blacklists."))
+	o.default = 0
+	
+	o = s_xray:option(ListValue, "fragment_packets", translate("Fragment Packets"), translate(" \"1-3\" is for segmentation at TCP layer, applying to the beginning 1 to 3 data writes by the client. \"tlshello\" is for TLS client hello packet fragmentation."))
+	o.default = "tlshello"
+	o:value("1-3", "1-3")
+	o:value("tlshello", "tlshello")
+	o:depends("fragment", true)
+	
+	o = s_xray:option(Value, "fragment_length", translate("Fragment Length"), translate("Fragmented packet length (byte)"))
+	o.default = "10-20"
+	o:depends("fragment", true)
+	
+	o = s_xray:option(Value, "fragment_interval", translate("Fragment Interval"), translate("Fragmentation interval (ms)"))
+	o.default = "10-20"
+	o:depends("fragment", true)
+	
 	o = s_xray:option(Flag, "sniffing", translate("Sniffing"), translate("When using the shunt, must be enabled, otherwise the shunt will invalid."))
 	o.default = 1
-	o.rmempty = false
 
 	o = s_xray:option(Flag, "route_only", translate("Sniffing Route Only"))
 	o.default = 0

luci-app-passwall2/luasrc/passwall2/util_xray.lua

@@ -43,9 +43,11 @@ function gen_outbound(flag, node, tag, proxy_table)
 
 		local proxy = 0
 		local proxy_tag = "nil"
+		local fragment = nil
 		if proxy_table ~= nil and type(proxy_table) == "table" then
 			proxy = proxy_table.proxy or 0
 			proxy_tag = proxy_table.tag or "nil"
+			fragment = proxy_table.fragment or nil
 		end
 
 		if node.type == "Xray" then
@@ -130,6 +132,7 @@ function gen_outbound(flag, node, tag, proxy_table)
 					mark = 255,
 					tcpMptcp = (node.tcpMptcp == "1") and true or nil,
 					tcpNoDelay = (node.tcpNoDelay == "1") and true or nil,
+					dialerProxy = fragment and "fragment" or nil
 				},
 				network = node.transport,
 				security = node.stream_security,
@@ -639,7 +642,7 @@ function gen_config(var)
 			end
 			if is_new_blc_node then
 				local blc_node = uci:get_all(appname, blc_node_id)
-				local outbound = gen_outbound(flag, blc_node, blc_node_tag)
+				local outbound = gen_outbound(flag, blc_node, blc_node_tag, { fragment = xray_settings.fragment == "1" or nil })
 				if outbound then
 					table.insert(outbounds, outbound)
 					valid_nodes[#valid_nodes + 1] = blc_node_tag
@@ -717,7 +720,7 @@ function gen_config(var)
 					preproxy_enabled = false
 				end
 			elseif preproxy_node and api.is_normal_node(preproxy_node) then
-				local preproxy_outbound = gen_outbound(flag, preproxy_node, preproxy_tag)
+				local preproxy_outbound = gen_outbound(flag, preproxy_node, preproxy_tag, { fragment = xray_settings.fragment == "1" or nil })
 				if preproxy_outbound then
 					table.insert(outbounds, preproxy_outbound)
 				else
@@ -819,7 +822,14 @@ function gen_config(var)
 									})
 								end
 							end
-							local _outbound = gen_outbound(flag, _node, rule_name, { proxy = proxy and 1 or 0, tag = proxy and preproxy_tag or nil })
+							local proxy_table = {
+								proxy = proxy and 1 or 0,
+								tag = proxy and preproxy_tag or nil
+							}
+							if xray_settings.fragment == "1" and not proxy_table.tag then
+								proxy_table.fragment = true
+							end
+							local _outbound = gen_outbound(flag, _node, rule_name, proxy_table)
 							if _outbound then
 								table.insert(outbounds, _outbound)
 								if proxy then preproxy_used = true end
@@ -998,7 +1008,7 @@ function gen_config(var)
 					sys.call("touch /tmp/etc/passwall2/iface/" .. node.iface)
 				end
 			else
-				outbound = gen_outbound(flag, node)
+				outbound = gen_outbound(flag, node, nil, { fragment = xray_settings.fragment == "1" or nil })
 			end
 			if outbound then table.insert(outbounds, outbound) end
 			routing = {
@@ -1340,6 +1350,28 @@ function gen_config(var)
 				-- }
 			}
 		}
+		
+		if xray_settings.fragment == "1" then
+			table.insert(outbounds, {
+				protocol = "freedom",
+				tag = "fragment",
+				settings = {
+					domainStrategy = (direct_dns_query_strategy and direct_dns_query_strategy ~= "") and direct_dns_query_strategy or "UseIP",
+					fragments = {
+						packets = (xray_settings.fragment_packets and xray_settings.fragment_packets ~= "") and xray_settings.fragment_packets,
+						length = (xray_settings.fragment_length and xray_settings.fragment_length ~= "") and xray_settings.fragment_length,
+						interval = (xray_settings.fragment_interval and xray_settings.fragment_interval ~= "") and xray_settings.fragment_interval
+					}
+				},
+				streamSettings = {
+					sockopt = {
+						mark = 255,
+						tcpNoDelay = true
+					}
+				}
+			})		
+		end
+		
 		table.insert(outbounds, {
 			protocol = "freedom",
 			tag = "direct",

luci-app-passwall2/po/zh-cn/passwall2.po

@@ -1449,3 +1449,27 @@ msgstr "禁用 TLS 记录的自适应大小调整"
 
 msgid "Enable Multipath TCP, need to be enabled in both server and client configuration."
 msgstr "启用 Multipath TCP，需在服务端和客户端配置中同时启用。"
+
+msgid "Fragment"
+msgstr "分片"
+
+msgid "TCP fragments, which can deceive the censorship system in some cases, such as bypassing SNI blacklists."
+msgstr "TCP 分片，在某些情况下可以欺骗审查系统，比如绕过 SNI 黑名单。"
+
+msgid "Fragment Packets"
+msgstr "分片方式"
+
+msgid " \"1-3\" is for segmentation at TCP layer, applying to the beginning 1 to 3 data writes by the client. \"tlshello\" is for TLS client hello packet fragmentation."
+msgstr " \"1-3\" 是 TCP 的流切片，应用于客户端第 1 至第 3 次写数据。\"tlshello\" 是 TLS 握手包切片。"
+
+msgid "Fragment Length"
+msgstr "分片包长"
+
+msgid "Fragmented packet length (byte)"
+msgstr "分片包长 (byte)"
+
+msgid "Fragment Interval"
+msgstr "分片间隔"
+
+msgid "Fragmentation interval (ms)"
+msgstr "分片间隔（ms）"