feat: add TLS fragmentation (#825)

2025-07-04 15:27:55 +07:00 · 2025-05-31 22:50:07 +08:00
parent bc7e46422f
commit 3a846ff293
5 changed files with 24 additions and 10 deletions
--- a/component/outbound/dialer/dialer.go
+++ b/component/outbound/dialer/dialer.go
@ -66,11 +66,15 @@ type AliveDialerSetSet map[*AliveDialerSet]int
 func NewGlobalOption(global *config.Global, log *logrus.Logger) *GlobalOption {
 	return &GlobalOption{
 		ExtraOption: D.ExtraOption{
-			AllowInsecure:     global.AllowInsecure,
-			TlsImplementation: global.TlsImplementation,
-			UtlsImitate:       global.UtlsImitate,
-			BandwidthMaxTx:    global.BandwidthMaxTx,
-			BandwidthMaxRx:    global.BandwidthMaxRx},
+			AllowInsecure:       global.AllowInsecure,
+			TlsImplementation:   global.TlsImplementation,
+			UtlsImitate:         global.UtlsImitate,
+			BandwidthMaxTx:      global.BandwidthMaxTx,
+			BandwidthMaxRx:      global.BandwidthMaxRx,
+			TlsFragment:         global.TlsFragment,
+			TlsFragmentLength:   global.TlsFragmentLength,
+			TlsFragmentInterval: global.TlsFragmentInterval,
+		},
 		Log:               log,
 		TcpCheckOptionRaw: TcpCheckOptionRaw{Raw: global.TcpCheckUrl, Log: log, ResolverNetwork: common.MagicNetwork("udp", global.SoMarkFromDae, global.Mptcp), Method: global.TcpCheckHttpMethod},
 		CheckDnsOptionRaw: CheckDnsOptionRaw{Raw: global.UdpCheckDns, ResolverNetwork: common.MagicNetwork("udp", global.SoMarkFromDae, global.Mptcp), Somark: global.SoMarkFromDae},
--- a/config/config.go
+++ b/config/config.go
@ -41,6 +41,9 @@ type Global struct {
 	SniffingTimeout        time.Duration `mapstructure:"sniffing_timeout" default:"100ms"`
 	TlsImplementation      string        `mapstructure:"tls_implementation" default:"tls"`
 	UtlsImitate            string        `mapstructure:"utls_imitate" default:"chrome_auto"`
+	TlsFragment            bool          `mapstructure:"tls_fragment" default:"false"`
+	TlsFragmentLength      string        `mapstructure:"tls_fragment_length" default:"50-100"`
+	TlsFragmentInterval    string        `mapstructure:"tls_fragment_interval" default:"10-20"`
 	PprofPort              uint16        `mapstructure:"pprof_port" default:"0"`
 	Mptcp                  bool          `mapstructure:"mptcp" default:"false"`
 	FallbackResolver       string        `mapstructure:"fallback_resolver" default:"8.8.8.8:53"`
--- a/example.dae
+++ b/example.dae
@ -98,6 +98,15 @@ global {
    # See more: https://github.com/daeuniverse/dae/blob/331fa23c16/component/outbound/transport/tls/utls.go#L17
    utls_imitate: chrome_auto

+    # TLS fragmentation support. If is true, dae will send Client Hello in fragments to bypass SNI blocking.
+    tls_fragment: false
+
+    # TLS fragment packet length range, in bytes. The length of each fragment is randomly generated from this range.
+    tls_fragment_length: '50-100'
+
+    # TLS fragment packet length, in milliseconds. Each fragment interval is randomly generated from this range.
+    tls_fragment_interval: '10-20'
+
    # Multipath TCP (MPTCP) support. If is true, dae will try to use MPTCP to connect all nodes, but it will only take
    # effects when the node supports MPTCP. It can use for load balance and failover to multiple interfaces and IPs.
    mptcp: false
--- a/go.mod
+++ b/go.mod
@ -10,7 +10,7 @@ require (
 	github.com/bits-and-blooms/bloom/v3 v3.7.0
 	github.com/cilium/ebpf v0.15.0
 	github.com/daeuniverse/dae-config-dist/go/dae_config v0.0.0-20230604120805-1c27619b592d
-	github.com/daeuniverse/outbound v0.0.0-20250501130119-88bbdbc0a58d
+	github.com/daeuniverse/outbound v0.0.0-20250531131212-a58b4c6b39b2
 	github.com/daeuniverse/quic-go v0.0.0-20250210145620-2083199a7851
 	github.com/fsnotify/fsnotify v1.7.0
 	github.com/json-iterator/go v1.1.12
--- a/go.sum
+++ b/go.sum
@ -26,10 +26,8 @@ github.com/cloudflare/circl v1.3.9/go.mod h1:PDRU+oXvdD7KCtgKxW95M5Z8BpSCJXQORiZ
 github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
 github.com/daeuniverse/dae-config-dist/go/dae_config v0.0.0-20230604120805-1c27619b592d h1:hnC39MjR7xt5kZjrKlef7DXKFDkiX8MIcDXYC/6Jf9Q=
 github.com/daeuniverse/dae-config-dist/go/dae_config v0.0.0-20230604120805-1c27619b592d/go.mod h1:VGWGgv7pCP5WGyHGUyb9+nq/gW0yBm+i/GfCNATOJ1M=
-github.com/daeuniverse/outbound v0.0.0-20250219135309-c607702d1c85 h1:g+V4WLWTZLXRCHmjgXH8W9kgYf+6QBPOS4q7plcHMFk=
-github.com/daeuniverse/outbound v0.0.0-20250219135309-c607702d1c85/go.mod h1:fywFXIIfFeyG+oMat6h7MExY99CNtERbhrH0DYSr/6g=
-github.com/daeuniverse/outbound v0.0.0-20250501130119-88bbdbc0a58d h1:R0/jTwBAlzZifO3ME7ubvPPK1GQdr55Zi09YZxKTDCs=
-github.com/daeuniverse/outbound v0.0.0-20250501130119-88bbdbc0a58d/go.mod h1:fywFXIIfFeyG+oMat6h7MExY99CNtERbhrH0DYSr/6g=
+github.com/daeuniverse/outbound v0.0.0-20250531131212-a58b4c6b39b2 h1:NUUI9tKUM+KZUUC51w0wu9Ci4myFaoTsTSA7sJS0rtc=
+github.com/daeuniverse/outbound v0.0.0-20250531131212-a58b4c6b39b2/go.mod h1:fywFXIIfFeyG+oMat6h7MExY99CNtERbhrH0DYSr/6g=
 github.com/daeuniverse/quic-go v0.0.0-20250210145620-2083199a7851 h1:AK4qfFw5CcHdOJcEpZj443NqskjhTvc+2cLOB5Cvrmk=
 github.com/daeuniverse/quic-go v0.0.0-20250210145620-2083199a7851/go.mod h1:hykVjD1wT/nAFcAkagZpziNAnXLwJOOpn0Ozohtgmsw=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=