diff --git a/luci-app-passwall/luasrc/passwall/util_xray.lua b/luci-app-passwall/luasrc/passwall/util_xray.lua index e5e977318..8514b3c12 100644 --- a/luci-app-passwall/luasrc/passwall/util_xray.lua +++ b/luci-app-passwall/luasrc/passwall/util_xray.lua @@ -42,9 +42,11 @@ function gen_outbound(flag, node, tag, proxy_table) local proxy = 0 local proxy_tag = "nil" + local fragment = nil if proxy_table ~= nil and type(proxy_table) == "table" then proxy = proxy_table.proxy or 0 proxy_tag = proxy_table.tag or "nil" + fragment = proxy_table.fragment or nil end if node.type == "Xray" then @@ -133,6 +135,7 @@ function gen_outbound(flag, node, tag, proxy_table) mark = 255, tcpMptcp = (node.tcpMptcp == "1") and true or nil, tcpNoDelay = (node.tcpNoDelay == "1") and true or nil, + dialerProxy = fragment and "fragment" or nil }, network = node.transport, security = node.stream_security, @@ -646,7 +649,7 @@ function gen_config(var) end if is_new_blc_node then local blc_node = uci:get_all(appname, blc_node_id) - local outbound = gen_outbound(flag, blc_node, blc_node_tag) + local outbound = gen_outbound(flag, blc_node, blc_node_tag, { fragment = xray_settings.fragment == "1" or nil }) if outbound then table.insert(outbounds, outbound) valid_nodes[#valid_nodes + 1] = blc_node_tag @@ -718,7 +721,7 @@ function gen_config(var) preproxy_enabled = false end elseif preproxy_node and api.is_normal_node(preproxy_node) then - local preproxy_outbound = gen_outbound(flag, preproxy_node, preproxy_tag) + local preproxy_outbound = gen_outbound(flag, preproxy_node, preproxy_tag, { fragment = xray_settings.fragment == "1" or nil }) if preproxy_outbound then table.insert(outbounds, preproxy_outbound) else @@ -820,7 +823,14 @@ function gen_config(var) }) end end - local _outbound = gen_outbound(flag, _node, rule_name, { proxy = proxy and 1 or 0, tag = proxy and preproxy_tag or nil }) + local proxy_table = { + proxy = proxy and 1 or 0, + tag = proxy and preproxy_tag or nil + } + if xray_settings.fragment == "1" and not proxy_table.tag then + proxy_table.fragment = true + end + local _outbound = gen_outbound(flag, _node, rule_name, proxy_table) if _outbound then table.insert(outbounds, _outbound) if proxy then preproxy_used = true end @@ -991,7 +1001,7 @@ function gen_config(var) sys.call("touch /tmp/etc/passwall/iface/" .. node.iface) end else - outbound = gen_outbound(flag, node) + outbound = gen_outbound(flag, node, nil, { fragment = xray_settings.fragment == "1" or nil }) end if outbound then table.insert(outbounds, outbound) end routing = { @@ -1232,7 +1242,7 @@ function gen_config(var) } } - if xray_settings.fragment and true then + if xray_settings.fragment == "1" then table.insert(outbounds, { protocol = "freedom", tag = "fragment", @@ -1246,7 +1256,8 @@ function gen_config(var) }, streamSettings = { sockopt = { - mark = 255 + mark = 255, + tcpNoDelay = true } } }) diff --git a/luci-app-passwall/po/zh-cn/passwall.po b/luci-app-passwall/po/zh-cn/passwall.po index 4a2455abb..8faf781d2 100644 --- a/luci-app-passwall/po/zh-cn/passwall.po +++ b/luci-app-passwall/po/zh-cn/passwall.po @@ -1539,3 +1539,27 @@ msgstr "禁用 TLS 记录的自适应大小调整" msgid "Enable Multipath TCP, need to be enabled in both server and client configuration." msgstr "启用 Multipath TCP,需在服务端和客户端配置中同时启用。" + +msgid "Fragment" +msgstr "分片" + +msgid "TCP fragments, which can deceive the censorship system in some cases, such as bypassing SNI blacklists." +msgstr "TCP 分片,在某些情况下可以欺骗审查系统,比如绕过 SNI 黑名单。" + +msgid "Fragment Packets" +msgstr "分片方式" + +msgid " \"1-3\" is for segmentation at TCP layer, applying to the beginning 1 to 3 data writes by the client. \"tlshello\" is for TLS client hello packet fragmentation." +msgstr " \"1-3\" 是 TCP 的流切片,应用于客户端第 1 至第 3 次写数据。\"tlshello\" 是 TLS 握手包切片。" + +msgid "Fragment Length" +msgstr "分片包长" + +msgid "Fragmented packet length (byte)" +msgstr "分片包长 (byte)" + +msgid "Fragment Interval" +msgstr "分片间隔" + +msgid "Fragmentation interval (ms)" +msgstr "分片间隔(ms)"