diff --git a/luci-app-passwall/luasrc/model/cbi/passwall/client/type/sing-box.lua b/luci-app-passwall/luasrc/model/cbi/passwall/client/type/sing-box.lua index d6e7f1199..f8d9d1e9e 100644 --- a/luci-app-passwall/luasrc/model/cbi/passwall/client/type/sing-box.lua +++ b/luci-app-passwall/luasrc/model/cbi/passwall/client/type/sing-box.lua @@ -378,6 +378,27 @@ o:depends({ [option_name("protocol")] = "hysteria"}) o:depends({ [option_name("protocol")] = "tuic" }) o:depends({ [option_name("protocol")] = "hysteria2" }) +if singbox_tags:find("with_ech") then + o = s:option(Flag, option_name("ech"), translate("ECH")) + o.default = "0" + o:depends({ [option_name("tls")] = true, [option_name("flow")] = "", [option_name("reality")] = false }) + o:depends({ [option_name("protocol")] = "tuic" }) + o:depends({ [option_name("protocol")] = "hysteria" }) + o:depends({ [option_name("protocol")] = "hysteria2" }) + + o = s:option(Value, option_name("ech_config"), translate("ECH Config")) + o.default = "" + o:depends({ [option_name("ech")] = true }) + + o = s:option(Flag, option_name("pq_signature_schemes_enabled"), translate("PQ signature schemes")) + o.default = "0" + o:depends({ [option_name("ech")] = true }) + + o = s:option(Flag, option_name("dynamic_record_sizing_disabled"), translate("Disable adaptive sizing of TLS records")) + o.default = "0" + o:depends({ [option_name("ech")] = true }) +end + if singbox_tags:find("with_utls") then o = s:option(Flag, option_name("utls"), translate("uTLS")) o.default = "0" @@ -533,11 +554,8 @@ o:depends({ [option_name("mux")] = true }) o = s:option(Flag, option_name("shadowtls"), "ShadowTLS") o.default = 0 -o:depends({ [option_name("protocol")] = "vmess" }) -o:depends({ [option_name("protocol")] = "vless" }) -o:depends({ [option_name("protocol")] = "socks" }) -o:depends({ [option_name("protocol")] = "trojan" }) -o:depends({ [option_name("protocol")] = "shadowsocks" }) +o:depends({ [option_name("protocol")] = "vmess", [option_name("tls")] = false }) +o:depends({ [option_name("protocol")] = "shadowsocks", [option_name("tls")] = false }) o = s:option(ListValue, option_name("shadowtls_version"), "ShadowTLS " .. translate("Version")) o.default = "1" diff --git a/luci-app-passwall/luasrc/model/cbi/passwall/server/type/sing-box.lua b/luci-app-passwall/luasrc/model/cbi/passwall/server/type/sing-box.lua index 95681cb64..48e683235 100644 --- a/luci-app-passwall/luasrc/model/cbi/passwall/server/type/sing-box.lua +++ b/luci-app-passwall/luasrc/model/cbi/passwall/server/type/sing-box.lua @@ -284,6 +284,28 @@ o.validate = function(self, value, t) return nil end +if singbox_tags:find("with_ech") then + o = s:option(Flag, option_name("ech"), translate("ECH")) + o.default = "0" + o:depends({ [option_name("tls")] = true, [option_name("flow")] = "", [option_name("reality")] = false }) + o:depends({ [option_name("protocol")] = "naive" }) + o:depends({ [option_name("protocol")] = "hysteria" }) + o:depends({ [option_name("protocol")] = "tuic" }) + o:depends({ [option_name("protocol")] = "hysteria2" }) + + o = s:option(Value, option_name("ech_key"), translate("ECH Key")) + o.default = "" + o:depends({ [option_name("ech")] = true }) + + o = s:option(Flag, option_name("pq_signature_schemes_enabled"), translate("PQ signature schemes")) + o.default = "0" + o:depends({ [option_name("ech")] = true }) + + o = s:option(Flag, option_name("dynamic_record_sizing_disabled"), translate("Disable adaptive sizing of TLS records")) + o.default = "0" + o:depends({ [option_name("ech")] = true }) +end + o = s:option(ListValue, option_name("transport"), translate("Transport")) o:value("tcp", "TCP") o:value("http", "HTTP") diff --git a/luci-app-passwall/luasrc/passwall/util_sing-box.lua b/luci-app-passwall/luasrc/passwall/util_sing-box.lua index b67375fe8..1dbb25f84 100644 --- a/luci-app-passwall/luasrc/passwall/util_sing-box.lua +++ b/luci-app-passwall/luasrc/passwall/util_sing-box.lua @@ -93,6 +93,12 @@ function gen_outbound(flag, node, tag, proxy_table) alpn = alpn, --支持的应用层协议协商列表,按优先顺序排列。如果两个对等点都支持 ALPN,则选择的协议将是此列表中的一个,如果没有相互支持的协议则连接将失败。 --min_version = "1.2", --max_version = "1.3", + ech = { + enabled = (node.ech == "1") and true or false, + config = (node.ech_config and node.ech_config:gsub("\\n","\n")) and node.ech_config:gsub("\\n","\n") or nil, + pq_signature_schemes_enabled = node.pq_signature_schemes_enabled and true or false, + dynamic_record_sizing_disabled = node.dynamic_record_sizing_disabled and true or false + }, utls = { enabled = (node.utls == "1" or node.reality == "1") and true or false, fingerprint = node.fingerprint or "chrome" @@ -282,7 +288,13 @@ function gen_outbound(flag, node, tag, proxy_table) insecure = (node.tls_allowInsecure == "1") and true or false, alpn = (node.hysteria_alpn and node.hysteria_alpn ~= "") and { node.hysteria_alpn - } or nil + } or nil, + ech = { + enabled = (node.ech == "1") and true or false, + config = (node.ech_config and node.ech_config:gsub("\\n","\n")) and node.ech_config:gsub("\\n","\n") or nil, + pq_signature_schemes_enabled = node.pq_signature_schemes_enabled and true or false, + dynamic_record_sizing_disabled = node.dynamic_record_sizing_disabled and true or false + } } } end @@ -311,7 +323,13 @@ function gen_outbound(flag, node, tag, proxy_table) alpn = (node.tuic_alpn and node.tuic_alpn ~= "") and { node.tuic_alpn } or nil, - }, + ech = { + enabled = (node.ech == "1") and true or false, + config = (node.ech_config and node.ech_config:gsub("\\n","\n")) and node.ech_config:gsub("\\n","\n") or nil, + pq_signature_schemes_enabled = node.pq_signature_schemes_enabled and true or false, + dynamic_record_sizing_disabled = node.dynamic_record_sizing_disabled and true or false + } + } } end @@ -328,7 +346,13 @@ function gen_outbound(flag, node, tag, proxy_table) enabled = true, server_name = node.tls_serverName, insecure = (node.tls_allowInsecure == "1") and true or false, - }, + ech = { + enabled = (node.ech == "1") and true or false, + config = (node.ech_config and node.ech_config:gsub("\\n","\n")) and node.ech_config:gsub("\\n","\n") or nil, + pq_signature_schemes_enabled = node.pq_signature_schemes_enabled and true or false, + dynamic_record_sizing_disabled = node.dynamic_record_sizing_disabled and true or false + } + } } end @@ -369,6 +393,15 @@ function gen_config_server(node) } end + if node.tls == "1" and node.ech == "1" then + tls.ech = { + enabled = true, + key = (node.ech_key and node.ech_key:gsub("\\n","\n")) and node.ech_key:gsub("\\n","\n") or nil, + pq_signature_schemes_enabled = (node.pq_signature_schemes_enabled == "1") and true or false, + dynamic_record_sizing_disabled = (node.dynamic_record_sizing_disabled == "1") and true or false, + } + end + local v2ray_transport = nil if node.transport == "http" then diff --git a/luci-app-passwall/po/zh-cn/passwall.po b/luci-app-passwall/po/zh-cn/passwall.po index 22f723c48..3a4ea132a 100644 --- a/luci-app-passwall/po/zh-cn/passwall.po +++ b/luci-app-passwall/po/zh-cn/passwall.po @@ -1512,3 +1512,15 @@ msgstr "协议参数。 如果启用会随机浪费流量。" msgid "Protocol parameter. Enable length block encryption." msgstr "协议参数。启用长度块加密。" + +msgid "ECH Config" +msgstr "ECH 密钥" + +msgid "ECH Key" +msgstr "ECH 配置" + +msgid "PQ signature schemes" +msgstr "后量子对等证书签名方案" + +msgid "Disable adaptive sizing of TLS records" +msgstr "禁用 TLS 记录的自适应大小调整"